From 7aec2a8280920a3380a4cd8ef254974bfb167477 Mon Sep 17 00:00:00 2001
From: Ruby Martin <ruby@wolfssl.com>
Date: Tue, 28 Oct 2025 10:01:10 -0600
Subject: [PATCH 1/2] separate BAD_FUNC_ARG error from ASN_NO_PEM_HEADER

---
 src/x509.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/x509.c b/src/x509.c
index 17a5ac2dd..f5b0196b2 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -12368,7 +12368,14 @@ WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
             return WOLFSSL_FAILURE;
         }
 
-        if ((l = wolfSSL_BIO_get_len(bio)) <= pem_struct_min_sz) {
+        l = wolfSSL_BIO_get_len(bio);
+
+        if (l < 0) {
+            WOLFSSL_ERROR(BAD_FUNC_ARG);
+            return WOLFSSL_FAILURE;
+        }
+
+        if (l <= pem_struct_min_sz) {
             /* No certificate in buffer */
             WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
             return WOLFSSL_FAILURE;

From e546d319c158deef8516d8a4ae09a3477f5862f8 Mon Sep 17 00:00:00 2001
From: Ruby Martin <ruby@wolfssl.com>
Date: Tue, 28 Oct 2025 10:43:20 -0600
Subject: [PATCH 2/2] Fix Coverity INTEGER_OVERFLOW in sp_to_unsigned_bin,
 avoid unsigned underflow

---
 wolfcrypt/src/sp_int.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index 17865c5b2..50f71f6c1 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -18272,7 +18272,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
                 out[j--] = (byte)(d & mask);
                 d >>= 8;
             }
-            mask &= (sp_int_digit)0 - notFull;
+            mask &= (sp_int_digit)(-(int)notFull);
             i += (unsigned int)(1 & mask);
         }
     }