F-2554 Missing wc_ecc_free Before free in km_ecdh_init When wc_ecc_set_rng Fails
F-2555 Missing wc_FreeDhKey Before free in km_ffdhe_init When wc_DhSetNamedKey Fails
MAX_ENCODED_SIG_SZ grows to ~50KB once SLH-DSA is enabled, yet it was
used to size PKCS#1/signature scratch and output buffers across the
library, wasting stack and heap even for classic RSA/ECC operations.
- Add MAX_ENCODED_CLASSIC_SIG_SZ for RSA/DSA/ECC DigestInfo buffers that
can never hold a PQC signature.
- Size the certificate/CSR signing output buffer from the signing key at
runtime instead of the worst-case macro.
- Add overridable WOLFSSL_MAX_SIG_SZ for the WOLFSSL_NO_MALLOC buffer.
- Reject a signature type that does not match the signing key.
Extend wc_MakeCert_ex/wc_SignCert_ex/wc_MakeCertReq_ex to issue HSS/LMS and
XMSS/XMSS^MT certificates and PKCS#10 requests, building on the existing
RFC 9802 verification support. New LMS_TYPE/XMSS_TYPE/XMSSMT_TYPE selectors,
wc_{Lms,Xmss}Key_PublicKeyToDer SPKI encoders, runtime signature-buffer
sizing, and sigType/key consistency checks. Generation is ASN.1-template
only, matching where the verification path lives.
Tests generate self-signed roots, CSRs and a CA->ECC-leaf chain in-process
and verify them, replacing the patched Bouncy Castle fixtures (only the stock
RFC 9802-aligned LMS interop anchor is kept).
SSL_CIPHER_get_name returns the internal cipher name (PSK-AES128-GCM-SHA256)
instead of the IANA name when WOLFSSL_CIPHER_INTERNALNAME, NO_ERROR_STRINGS or
WOLFSSL_QT is defined. user_settings_all.h with the compatibility layer enables
WOLFSSL_QT, so the test failed in the 'make user_setting.h (with sed)' job.
Match the expected name to the build configuration, mirroring the existing
pattern used elsewhere in tests/api.c.
RFC 9147 Section 8's 2^48-1 epoch ceiling is a sender-only rule; the same
paragraph says receiving implementations MUST NOT enforce it. The KeyUpdate
receive path was rejecting a peer epoch that crossed 2^48-1, violating that.
Guard only the genuine wrap-to-zero (Section 4.2.1) and let the receiving
epoch advance past 2^48-1. The sender-side gates are unchanged.
uclient-fetch intermittently returns 4 ("connection reset prematurely") instead of 5: with ML-KEM enabled by default the larger ClientHello is sometimes reset by the server before the cert is evaluated. Accept either on all four negative tests as a band-aid.
wolfcrypt/src/wc_port.c: fix several missed refactors to WC_ATOMIC_[U]INT_ARG.
wolfssl/wolfcrypt/wc_port.h:
* harmonize the return type of WOLFSSL_ATOMIC_STORE() (always void).
* fix MSVC WOLFSSL_ATOMIC_LOAD() and _STORE() with correct atomic semantics, and add gating on USE_WINDOWS_API.