Improved smallstack. Fixed some test cases.

.github/workflows/make-test-swtpm.yml

@@ -183,7 +183,7 @@ jobs:
 # capture logs on failure
     - name: Upload failure logs
       if: failure()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: wolftpm-test-logs
         path: |

IDE/QNX/README.md

@@ -41,9 +41,8 @@ Here is a template:
 
 /* Reduce stack use */
 #define MAX_COMMAND_SIZE    1024
-#define MAX_RESPONSE_SIZE   1024
-#define WOLFTPM2_MAX_BUFFER 1500
-#define MAX_DIGEST_BUFFER   973
+#define MAX_RESPONSE_SIZE   1350
+#define MAX_DIGEST_BUFFER   896
 
 /* Debugging */
 #if 1
@@ -113,7 +112,7 @@ Edit the following QNX BSP files:
 @@ -442,7 +442,7 @@ static void xzynq_setup(xzynq_spi_t *dev, uint32_t device)
      spi_debug1("%s: CONFIG_SPI_REG = 0x%x", __func__, dev->ctrl[id]);
  #endif
- 
+
 -    if(dev->fcs) {
 +    if(dev->fcs || (devlist[id].cfg.mode & SPI_MODE_MAN_CS)) {
          out32(base + XZYNQ_SPI_CR_OFFSET, dev->ctrl[id] | XZYNQ_SPI_CR_MAN_CS);
@@ -122,7 +121,7 @@ Edit the following QNX BSP files:
 @@ -621,7 +621,7 @@ void *xzynq_xfer(void *hdl, uint32_t device, uint8_t *buf, int *len)
          reset = 1;
      }
- 
+
 -    if(!dev->fcs) {
 +    if(!dev->fcs && !(devlist[id].cfg.mode & SPI_MODE_MAN_CS)) {
          xzynq_spi_slave_select(dev, id, 0);
@@ -135,12 +134,12 @@ Edit the following QNX BSP files:
 @@ -72,6 +73,16 @@ int xzynq_cfg(void *hdl, spi_cfg_t *cfg, int cs)
      /* Enable ModeFail generation */
      ctrl |= XZYNQ_SPI_CR_MFAIL_EN;
- 
+
 +    if (cfg->mode & SPI_MODE_MAN_CS)
 +        ctrl |= XZYNQ_SPI_CR_MAN_CS; /* enable manual CS mode */
 +
 +    if (cfg->mode & SPI_MODE_CLEAR_CS) {
-+        /* make sure all chip selects are de-asserted */ 
++        /* make sure all chip selects are de-asserted */
 +        /* set all CS bits high to de-assert */
 +        out32(base + XZYNQ_SPI_CR_OFFSET,
 +            in32(base + XZYNQ_SPI_CR_OFFSET) | XZYNQ_SPI_CR_CS);
@@ -156,7 +155,7 @@ Edit the following QNX BSP files:
  #define	SPI_MODE_IDLE_INSERT	(1 << 16)
 +#define	SPI_MODE_MAN_CS			(1 << 17)   /* Manual Chip select */
 +#define	SPI_MODE_CLEAR_CS		(1 << 18)   /* Clear all chip selects (used with SPI_MODE_MAN_CS) */
- 
+
  #define	SPI_MODE_LOCKED			(1 << 31)	/* The device is locked by another client */
 ```
 

configure.ac

@@ -355,7 +355,7 @@ then
 
     # Reduces max packet and buffer sizes to 1024 bytes
     # RSA KeyGen AES response is 1329 MAX_RESPONSE_SIZE
-    AM_CFLAGS="$AM_CFLAGS -DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1350 -DWOLFTPM2_MAX_BUFFER=1500 -DMAX_DIGEST_BUFFER=973"
+    AM_CFLAGS="$AM_CFLAGS -DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1350 -DMAX_DIGEST_BUFFER=896"
 
     # If parameter encryption is not used then maximum session count is one
     if test "x$ENABLED_WOLFCRYPT" = "xno"

examples/endorsement/get_ek_certs.c

@@ -208,12 +208,13 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[])
                 WOLFSSL_FILETYPE_PEM);
             if (rc == WOLFSSL_SUCCESS) {
                 certSz++;
-                rc = 0;
             }
             else {
-                printf("Warning: Failed to load trusted PEM at index %d\n", i);
+                printf("Warning: Failed to load trusted PEM at index %d. "
+                    "Error %s (rc %d)\n", i, TPM2_GetRCString(rc), rc);
                 /* not fatal, continue loading trusted certs */
             }
+            rc = 0; /* reset return code */
         }
         printf("Loaded %d trusted certificates\n", certSz);
     }

examples/pkcs7/pkcs7.c

@@ -62,7 +62,7 @@
 
 #ifdef ENABLE_PKCS7EX_EXAMPLE
 /* Dummy Function to Get Data */
-#define MY_DATA_CHUNKS  WOLFTPM2_MAX_BUFFER
+#define MY_DATA_CHUNKS  MAX_DIGEST_BUFFER
 #define MY_DATA_TOTAL  (1024 * 1024) + 12 /* odd remainder for test */
 static int GetMyData(byte* buffer, word32 bufSz, word32 offset)
 {

src/tpm2_linux.c

@@ -28,7 +28,6 @@
 #ifdef WOLFTPM_LINUX_DEV
 #include <wolftpm/tpm2_linux.h>
 #include <wolftpm/tpm2_packet.h>
-#include <wolftpm/tpm2_wrap.h> /* Needed only for WOLFTPM2_MAX_BUFFER */
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
@@ -48,11 +47,7 @@
  * partial reads. The only way to receive a complete response is to read
  * the maximum allowed TPM response from the kernel, which is 4K. And most
  * of the ARM systems use older kernels, such as the RPI that uses v4.12
- *
- * The caller knows what the expected outcome of the operation is. Therefore,
- * the response size is limited only by the WOLFTPM2_MAX_BUFFER used to limit
- * the WOLFTPM2_BUFFER in wolfTPM wrappers */
-
+ */
 
 /* Talk to a TPM device exposed by the Linux tpm_tis driver */
 int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)

wolftpm/tpm2_wrap.h

@@ -95,13 +95,9 @@ typedef struct WOLFTPM2_CSR {
 } WOLFTPM2_CSR;
 #endif
 
-#ifndef WOLFTPM2_MAX_BUFFER
-    #define WOLFTPM2_MAX_BUFFER 2048
-#endif
-
 typedef struct WOLFTPM2_BUFFER {
     int size;
-    byte buffer[WOLFTPM2_MAX_BUFFER];
+    byte buffer[MAX_DIGEST_BUFFER];
 } WOLFTPM2_BUFFER;
 
 typedef enum WOLFTPM2_MFG {