Implement an address sanitizer test. Fix some of the configurable limit defaults.

dgarske · dgarske · commit 932499f742e3 · 2025-07-17T15:54:33.000-07:00
diff --git a/.github/workflows/make-test-swtpm.yml b/.github/workflows/make-test-swtpm.yml
@@ -139,6 +139,16 @@ jobs:
     - name: make debug io
       run: make
 
+# build with clang address sanitizer
+    - name: configure clang asan
+      run: ./configure --enable-swtpm CC=clang CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
+    - name: make clang asan
+      run: make
+    - name: make check clang asan
+      run: |
+        make check
+        ASAN_OPTIONS=detect_leaks=1:abort_on_error=1 WOLFSSL_PATH=./wolfssl ./examples/run_examples.sh
+
 # build pedantic
     - name: configure pedantic
       run: ./configure CFLAGS="-Wpedantic"
diff --git a/tests/unit_tests.c b/tests/unit_tests.c
@@ -504,9 +504,9 @@ static void test_wolfTPM2_EccSignVerifyDig(WOLFTPM2_DEV* dev,
     AssertIntEQ(rc, 0);
 
     /* combine R and S at key size (zero pad leading) */
-    XMEMCPY(&sigRs[curveSize-rLen], r, rLen);
+    XMEMMOVE(&sigRs[curveSize-rLen], r, rLen);
     XMEMSET(&sigRs[0], 0, curveSize-rLen);
-    XMEMCPY(&sigRs[curveSize + (curveSize-sLen)], s, sLen);
+    XMEMMOVE(&sigRs[curveSize + (curveSize-sLen)], s, sLen);
     XMEMSET(&sigRs[curveSize], 0, curveSize-sLen);
 
     /* Verify wolfCrypt signature with TPM */
diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h
@@ -172,6 +172,7 @@ typedef int64_t  INT64;
     #define XFREE(p, h, t)    free(p)
     #endif
     #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
     #define XMEMSET(b,c,l)    memset((b),(c),(l))
     #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
     #define XSTRLEN(s1)       strlen((s1))
@@ -428,10 +429,10 @@ typedef int64_t  INT64;
 #define MAX_SYM_BLOCK_SIZE 20
 #endif
 #ifndef MAX_SYM_KEY_BYTES
-#define MAX_SYM_KEY_BYTES 256
+#define MAX_SYM_KEY_BYTES 32
 #endif
 #ifndef LABEL_MAX_BUFFER
-#define LABEL_MAX_BUFFER 128
+#define LABEL_MAX_BUFFER 48
 #endif
 #ifndef MAX_RSA_KEY_BITS
 #define MAX_RSA_KEY_BITS 2048
@@ -444,11 +445,11 @@ typedef int64_t  INT64;
 #define MAX_ECC_KEY_BITS 521
 #endif
 #ifndef MAX_ECC_KEY_BYTES
-#define MAX_ECC_KEY_BYTES (((MAX_ECC_KEY_BITS+7)/8)*2)
+#define MAX_ECC_KEY_BYTES ((MAX_ECC_KEY_BITS+7)/8)
 #endif
 
 #ifndef MAX_AES_KEY_BITS
-#define MAX_AES_KEY_BITS 128
+#define MAX_AES_KEY_BITS 256
 #endif
 #ifndef MAX_AES_BLOCK_SIZE_BYTES
 #define MAX_AES_BLOCK_SIZE_BYTES 16
