Peer review fixes and m33mu improvements

dgarske · dgarske · commit 8a34a17fe114 · 2026-04-09T10:47:37.000-07:00
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -69,7 +69,7 @@ jobs:
               tests/fuzz/corpus/ \
               -dict=tests/fuzz/tpm2.dict \
               -max_len=4096 \
-              -timeout=10 \
+              -timeout=30 \
               -rss_limit_mb=2048 \
               -print_final_stats=1 \
             || FUZZ_RC=$?
diff --git a/src/tpm2_crypto.c b/src/tpm2_crypto.c
@@ -181,6 +181,7 @@ int TPM2_KDFe_ex(
     int hashTypeInt;
     enum wc_HashType hashType;
     wc_HashAlg hash_ctx;
+    int hashInited = 0;
     word32 counter = 0;
     int hLen, copyLen, lLen = 0;
     byte uint32Buf[sizeof(UINT32)];
@@ -210,6 +211,7 @@ int TPM2_KDFe_ex(
     if (ret != 0) {
         return ret;
     }
+    hashInited = 1;
 
     for (pos = 0; pos < keySz; pos += hLen) {
         counter++;
@@ -219,10 +221,12 @@ int TPM2_KDFe_ex(
          * computed independently: H(counter || Z || label || partyU || partyV) */
         if (pos > 0) {
             wc_HashFree(&hash_ctx, hashType);
+            hashInited = 0;
             ret = wc_HashInit(&hash_ctx, hashType);
             if (ret != 0) {
                 break;
             }
+            hashInited = 1;
         }
 
         /* counter (big-endian) */
@@ -259,7 +263,9 @@ int TPM2_KDFe_ex(
         XMEMCPY(key + pos, hash, copyLen);
     }
 
-    wc_HashFree(&hash_ctx, hashType);
+    if (hashInited) {
+        wc_HashFree(&hash_ctx, hashType);
+    }
     TPM2_ForceZero(hash, sizeof(hash));
 
     if (ret == 0) {
diff --git a/src/tpm2_swtpm.c b/src/tpm2_swtpm.c
@@ -58,8 +58,10 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #endif
-#ifdef WOLFTPM_SWTPM_UART
+#ifndef NO_GETENV
 #include <stdlib.h>
+#endif
+#ifdef WOLFTPM_SWTPM_UART
 #include <fcntl.h>
 #include <termios.h>
 #endif
diff --git a/tests/fuzz/fwtpm_fuzz.c b/tests/fuzz/fwtpm_fuzz.c
@@ -29,7 +29,7 @@
  *          CFLAGS="-fsanitize=fuzzer-no-link,address -g" \
  *          LDFLAGS="-fsanitize=fuzzer,address"
  *
- * Run:   ./tests/fuzz/fwtpm_fuzz corpus/ -max_len=4096 -timeout=10
+ * Run:   ./tests/fuzz/fwtpm_fuzz corpus/ -max_len=4096 -timeout=30
  */
 
 #ifdef HAVE_CONFIG_H
diff --git a/tests/fwtpm_check.sh b/tests/fwtpm_check.sh
@@ -56,7 +56,7 @@ check_port_in_use() {
     elif netstat -tln 2>/dev/null | grep -q ":${port} "; then
         return 0
     fi
-    return 1  # no tool available, assume in use to be safe
+    return 1  # no tool available, skip this port
 }
 
 # Pick an available random port (returns port on stdout)

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@`
`29`	`29`	`* CFLAGS="-fsanitize=fuzzer-no-link,address -g" \`
`30`	`30`	`* LDFLAGS="-fsanitize=fuzzer,address"`
`31`	`31`	`*`
`32`		`- * Run: ./tests/fuzz/fwtpm_fuzz corpus/ -max_len=4096 -timeout=10`
	`32`	`+ * Run: ./tests/fuzz/fwtpm_fuzz corpus/ -max_len=4096 -timeout=30`
`33`	`33`	`*/`
`34`	`34`
`35`	`35`	`#ifdef HAVE_CONFIG_H`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ check_port_in_use() {`
`56`	`56`	`elif netstat -tln 2>/dev/null \| grep -q ":${port} "; then`
`57`	`57`	`return 0`
`58`	`58`	`fi`
`59`		`- return 1 # no tool available, assume in use to be safe`
	`59`	`+ return 1 # no tool available, skip this port`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`# Pick an available random port (returns port on stdout)`