diff --git a/examples/endorsement/get_ek_certs.c b/examples/endorsement/get_ek_certs.c index 5762094b..d5789690 100644 --- a/examples/endorsement/get_ek_certs.c +++ b/examples/endorsement/get_ek_certs.c @@ -222,6 +222,7 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[]) #endif wolfTPM2_UnloadHandle(&dev, &endorse.handle); + XMEMSET(&endorse, 0, sizeof(endorse)); } exit: diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 7cf5ae80..b5ff0bdb 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -5881,40 +5881,49 @@ int wolfTPM2_GetKeyTemplate_EK(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID alg, if (alg == TPM_ALG_RSA) { rc = GetKeyTemplateRSA(publicTemplate, nameAlg, objectAttributes, keyBits, 0, TPM_ALG_NULL, TPM_ALG_NULL); + if (rc == 0 && highRange) { /* high range uses 0 unique size */ + publicTemplate->unique.rsa.size = 0; + } } else if (alg == TPM_ALG_ECC) { rc = GetKeyTemplateECC(publicTemplate, nameAlg, objectAttributes, curveID, TPM_ALG_NULL, TPM_ALG_NULL); + if (rc == 0 && highRange) { /* high range uses 0 unique size */ + publicTemplate->unique.ecc.x.size = 0; + publicTemplate->unique.ecc.y.size = 0; + } } else { rc = BAD_FUNC_ARG; /* not yet supported */ } - if (nameAlg == TPM_ALG_SHA256 && !highRange) { - publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY); - XMEMCPY(publicTemplate->authPolicy.buffer, - TPM_20_EK_AUTH_POLICY, publicTemplate->authPolicy.size); - } - else if (nameAlg == TPM_ALG_SHA256) { - publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA256); - XMEMCPY(publicTemplate->authPolicy.buffer, - TPM_20_EK_AUTH_POLICY_SHA256, publicTemplate->authPolicy.size); - } -#ifdef WOLFSSL_SHA384 - else if (nameAlg == TPM_ALG_SHA384) { - publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA384); - XMEMCPY(publicTemplate->authPolicy.buffer, - TPM_20_EK_AUTH_POLICY_SHA384, publicTemplate->authPolicy.size); - } -#endif -#ifdef WOLFSSL_SHA512 - else if (nameAlg == TPM_ALG_SHA512) { - publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA512); - XMEMCPY(publicTemplate->authPolicy.buffer, - TPM_20_EK_AUTH_POLICY_SHA512, publicTemplate->authPolicy.size); + if (rc == 0) { + if (nameAlg == TPM_ALG_SHA256 && !highRange) { + publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY); + XMEMCPY(publicTemplate->authPolicy.buffer, + TPM_20_EK_AUTH_POLICY, publicTemplate->authPolicy.size); + } + else if (nameAlg == TPM_ALG_SHA256) { + publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA256); + XMEMCPY(publicTemplate->authPolicy.buffer, + TPM_20_EK_AUTH_POLICY_SHA256, publicTemplate->authPolicy.size); + } + #ifdef WOLFSSL_SHA384 + else if (nameAlg == TPM_ALG_SHA384) { + publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA384); + XMEMCPY(publicTemplate->authPolicy.buffer, + TPM_20_EK_AUTH_POLICY_SHA384, publicTemplate->authPolicy.size); + } + #endif + #ifdef WOLFSSL_SHA512 + else if (nameAlg == TPM_ALG_SHA512) { + publicTemplate->authPolicy.size = sizeof(TPM_20_EK_AUTH_POLICY_SHA512); + XMEMCPY(publicTemplate->authPolicy.buffer, + TPM_20_EK_AUTH_POLICY_SHA512, publicTemplate->authPolicy.size); + } + #endif } -#endif return rc; }