fwTPM v185: Fix CI

Author: aidangarske

.github/workflows/pqc-examples.yml

@@ -102,19 +102,21 @@ jobs:
           exit $rc
 
       # ----- Tier 5: full run_examples.sh sweep -----
-      - name: Stop fwtpm_server before run_examples.sh re-spawns its own
+      # run_examples.sh does not start its own TPM — it expects one already
+      # listening. Reuse the fwtpm_server started in Tier 2.
+      - name: run_examples.sh full pass (auto-detects v1.85, runs 18-way matrix)
+        env:
+          WOLFSSL_PATH: ${{ github.workspace }}/wolfssl
+        run: ./examples/run_examples.sh
+
+      - name: Stop fwtpm_server
         if: always()
         run: |
           if [ -f /tmp/fwtpm_server.pid ]; then
             kill $(cat /tmp/fwtpm_server.pid) 2>/dev/null || true
             rm -f /tmp/fwtpm_server.pid
           fi
 
-      - name: run_examples.sh full pass (auto-detects v1.85, runs 18-way matrix)
-        env:
-          WOLFSSL_PATH: ${{ github.workspace }}/wolfssl
-        run: ./examples/run_examples.sh
-
       - name: Upload failure logs
         if: failure()
         uses: actions/upload-artifact@v4

.github/workflows/sanitizer.yml

@@ -43,11 +43,12 @@ jobs:
             wolftpm_extra_config: "--enable-v185"
             wolfssl_extra_config: "--enable-dilithium --enable-mlkem --enable-experimental --enable-harden"
 
-          # UBSan-v185: same flags as the classical UBSan lane (no `integer`
-          # sanitizer — pre-existing wolfSSL UB at misc.c:117 in Hash_df).
+          # UBSan-v185: drops `integer` (wolfSSL Hash_df 440<<24) and
+          # `alignment` (wolfSSL dilithium internal sword32 reads from
+          # byte buffers) — both pre-existing wolfSSL UB.
           - name: "UBSan-v185"
             cc: clang
-            cflags: "-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g"
+            cflags: "-fsanitize=undefined -fno-sanitize=alignment -fno-sanitize-recover=all -fno-omit-frame-pointer -g"
             ldflags: "-fsanitize=undefined"
             ubsan_options: "halt_on_error=1:print_stacktrace=1"
             wolftpm_extra_config: "--enable-v185"

src/fwtpm/fwtpm_command.c

@@ -558,7 +558,7 @@ static int FwComputeSessionHmac(FWTPM_Session* sess,
         hmacKeySz += authValueSz;
     }
 
-    FWTPM_ALLOC_VAR(hmac, Hmac);
+    FWTPM_CALLOC_VAR(hmac, Hmac);
 
     rc = wc_HmacInit(hmac, NULL, INVALID_DEVID);
 
@@ -6578,7 +6578,7 @@ static TPM_RC FwCmd_HMAC(FWTPM_CTX* ctx, TPM2_Packet* cmd,
     enum wc_HashType ht;
 
     FWTPM_ALLOC_BUF(dataBuf, FWTPM_MAX_DATA_BUF);
-    FWTPM_ALLOC_VAR(hmac, Hmac);
+    FWTPM_CALLOC_VAR(hmac, Hmac);
 
     if (cmdSize < TPM2_HEADER_SIZE + 4) {
         rc = TPM_RC_COMMAND_SIZE;