From dc345553dfc21a440a88adb702d53011615b3db1 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Mon, 14 Jul 2025 17:07:58 -0600 Subject: [PATCH 1/5] wrap res assignment in else statement --- wolfcrypt/src/memory.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 17663b3e0..5df4d15fc 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -1376,7 +1376,9 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) WOLFSSL_MSG("Error IO memory was not large enough"); res = NULL; /* return NULL in error case */ } - res = pt->buffer; + else { + res = pt->buffer; + } } else #endif From 42b80878d9d8f8de44af2fcac88396d3f755b690 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 15 Jul 2025 08:50:10 -0600 Subject: [PATCH 2/5] str_len check includes any value less than 0 --- src/ssl_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index f2ffbc6f3..fe5e67c46 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -3549,7 +3549,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, } } - if ((!err) && (str_len != -1)) { + if ((!err) && (str_len >= 0)) { /* Include any characters written for type. */ str_len += type_len; } From 828b9b7024b9292175293303165d01f5d1b0b510 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 15 Jul 2025 13:12:30 -0600 Subject: [PATCH 3/5] remove mac_alg check, mac_alg is always no_mac on subsequent iterations --- src/internal.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index c74bcf36f..b096f7f5e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -28814,10 +28814,6 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list) do { if (*list == '+') { - if (mac_alg != 0) { - ret = 0; - break; - } sig_alg = GetSigAlgFromName(s, (int)(list - s)); if (sig_alg == 0) { ret = 0; From 01fd36b8409b8ecdd965ca98bd1fdf97e7362e84 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 16 Jul 2025 11:11:14 -0600 Subject: [PATCH 4/5] set a->length to 0 if old data is not kept --- src/ssl_asn1.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index fe5e67c46..f60d45036 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -1043,7 +1043,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, int ret = 1; byte* data; byte* oldData = a->intData; - int oldLen = a->length; if (a->isDynamic && (len > (int)a->dataMax)) { oldData = a->data; @@ -1051,7 +1050,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, a->data = a->intData; a->dataMax = (unsigned int)sizeof(a->intData); } - a->length = 0; if ((!a->isDynamic) && (len > (int)a->dataMax)) { /* Create a new buffer to hold large integer value. */ data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); @@ -1068,10 +1066,10 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, if (keepOldData) { if (oldData != a->data) { /* Copy old data into new buffer. */ - XMEMCPY(a->data, oldData, (size_t)oldLen); + XMEMCPY(a->data, oldData, (size_t)a->length); } - /* Restore old length. */ - a->length = oldLen; + } else { + a->length = 0; } if (oldData != a->intData) { /* Dispose of the old dynamic data. */ From 29288640ab9b1cdbb24032142c40b0f8b5f6d0ad Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 22 Jul 2025 10:48:06 -0600 Subject: [PATCH 5/5] add additional check so dead code can be reached --- wolfcrypt/src/ed448.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c index be8582f57..59b411005 100644 --- a/wolfcrypt/src/ed448.c +++ b/wolfcrypt/src/ed448.c @@ -1017,7 +1017,9 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, ret = BAD_FUNC_ARG; } - if ((inLen != ED448_PUB_KEY_SIZE) && (inLen != ED448_PUB_KEY_SIZE + 1)) { + if ((inLen != ED448_PUB_KEY_SIZE) && + (inLen != ED448_PUB_KEY_SIZE + 1) && + (inLen != 2 * ED448_PUB_KEY_SIZE + 1)) { ret = BAD_FUNC_ARG; }