Fixes 20260415 - fix finding from static analysis#751
Fixes 20260415 - fix finding from static analysis#751dgarske merged 10 commits intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Addresses multiple static analysis findings and hardens update paths against rollback to older firmware versions, while improving key material handling and TPM policy file output correctness.
Changes:
- Add “no downgrade” enforcement across RAM, disk, and HW-swap boot/update selection logic (when
ALLOW_DOWNGRADEis not defined). - Zeroize sensitive key buffers/structures before freeing (TPM
PolicySignbuffer; LMS key struct). - Write TPM policy output files in binary mode and update unit tests to expect panic/deny behavior for rollback scenarios.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/unit-tests/unit-update-ram.c | Updates RAM update unit tests to expect rollback denial/panic; renames rollback test. |
| tools/unit-tests/unit-update-ram-nofixed.c | Renames and updates “nofixed” RAM test to expect rollback denial/panic. |
| tools/unit-tests/unit-update-disk.c | Adds a disk update test for rollback denial after higher-version failure; adds mock failure injection. |
| tools/tpm/policy_sign.c | Zeroizes PolicySign temp buffer before free; writes policy output in binary mode. |
| tools/tpm/policy_create.c | Writes policy output in binary mode. |
| tools/keytools/keygen.c | Zeroizes LMS key struct after freeing key internals. |
| src/update_ram.c | Blocks selecting a lower-version partition when a higher version exists (unless ALLOW_DOWNGRADE). |
| src/update_flash_hwswap.c | Adds rollback-denial check in HW-swap start path (unless ALLOW_DOWNGRADE). |
| src/update_disk.c | Adds rollback-denial check in disk start path (unless ALLOW_DOWNGRADE). |
| src/libwolfboot.c | Prevents TESTING fallback to a lower version (unless ALLOW_DOWNGRADE). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #751
Scan targets checked: wolfboot-bugs, wolfboot-consttime, wolfboot-defaults, wolfboot-mutation, wolfboot-proptest, wolfboot-src, wolfboot-zeroize
Findings: 4
4 finding(s) posted as inline comments (see file-level comments below)
This review was generated automatically by Fenrir. Findings are non-blocking.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
F/2278 - Zeroize PolicySign key buffer before free (61731ca)
F/2589 - keygen_lms: zero LmsKey after free (91e0b16)
F/2254 - Block rollback fallback in non-flash update paths (1359aac)
F/1896 - tools/tpm: write policy output in binary mode (d4f062a)