Rebased, addressed comments

danielinux · danielinux · commit 918e00c78194 · 2026-03-30T16:30:27.000+02:00
diff --git a/include/hal_otp.h b/include/hal_otp.h
@@ -1,3 +1,26 @@
+/* hal_otp.h
+ *
+ * OTP helper definitions.
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
 #ifndef WOLFBOOT_HAL_OTP_H
 #define WOLFBOOT_HAL_OTP_H
 
diff --git a/src/tpm.c b/src/tpm.c
@@ -1539,16 +1539,19 @@ int wolfBoot_tpm2_clear(void)
 int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
 {
     int rc;
+    size_t auth_sz;
     uint8_t  digest[WOLFBOOT_SHA_DIGEST_SIZE];
     uint32_t digestSz = WOLFBOOT_SHA_DIGEST_SIZE;
     WOLFTPM2_NV nv;
 
     memset(&nv, 0, sizeof(nv));
     nv.handle.hndl = WOLFBOOT_TPM_KEYSTORE_NV_BASE + key_slot;
 #ifdef WOLFBOOT_TPM_KEYSTORE_AUTH
-    nv.handle.auth.size = (UINT16)strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
-    if (nv.handle.auth.size > sizeof(nv.handle.auth.buffer))
+    auth_sz = strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
+    if (auth_sz > (size_t)UINT16_MAX ||
+        auth_sz > sizeof(nv.handle.auth.buffer))
         return BAD_FUNC_ARG;
+    nv.handle.auth.size = (UINT16)auth_sz;
     memcpy(nv.handle.auth.buffer, WOLFBOOT_TPM_KEYSTORE_AUTH,
         nv.handle.auth.size);
 #endif
diff --git a/tools/tpm/rot.c b/tools/tpm/rot.c
@@ -148,8 +148,10 @@ static int TPM2_Boot_SecureROT_Example(TPMI_RH_NV_AUTH authHandle, word32 nvBase
         /* Setup a read/lock structure */
         XMEMSET(&nv, 0, sizeof(nv));
         nv.handle.hndl = handle;
-        if (authBufSz > (int)sizeof(nv.handle.auth.buffer))
-            return BAD_FUNC_ARG;
+        if (authBufSz > (int)sizeof(nv.handle.auth.buffer)) {
+            rc = BAD_FUNC_ARG;
+            goto exit;
+        }
         nv.handle.auth.size = authBufSz;
         XMEMCPY(nv.handle.auth.buffer, authBuf, nv.handle.auth.size);
 
diff --git a/tools/unit-tests/unit-fdt.c b/tools/unit-tests/unit-fdt.c
@@ -1,6 +1,24 @@
 /* unit-fdt.c
  *
  * Unit tests for flattened device tree helpers.
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 #include <check.h>
diff --git a/tools/unit-tests/unit-rot-auth.c b/tools/unit-tests/unit-rot-auth.c
@@ -1,3 +1,26 @@
+/* unit-rot-auth.c
+ *
+ * Unit tests for TPM ROT auth validation.
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
 #include <check.h>
 #include <stdlib.h>
 #include <stdint.h>
@@ -231,7 +254,7 @@ int main(void)
 
     s = rot_auth_suite();
     sr = srunner_create(s);
-    srunner_run_all(sr, CK_ENV);
+    srunner_run_all(sr, CK_NORMAL);
     failures = srunner_ntests_failed(sr);
     srunner_free(sr);
 
diff --git a/tools/unit-tests/unit-tpm-check-rot-auth.c b/tools/unit-tests/unit-tpm-check-rot-auth.c
@@ -1,6 +1,24 @@
 /* unit-tpm-check-rot-auth.c
  *
  * Unit tests for TPM root-of-trust auth validation.
+ *
+ * Copyright (C) 2026 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
 #include <check.h>
