mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 16:50:48 +02:00
266e07e58d
Zeroization: - Add missing ForceZero on the PRF outputs and WOTS+ chain state that hold secret key material. - Route the WOTS sign leaf through a temp so secret chain values never touch the public signature buffer. - Add SLHDSA_SHAKE_X4_STATE_W so buffer and wipe sizes stay in sync. Leak / alloc-failure fixes: - Fix chain_idx_x4 returning on SAVE_VECTOR_REGISTERS2 failure without freeing state/fixed (memory leak, and the secret was left unzeroized); break to the cleanup path instead. - Guard all function-scope wipes with WC_VAR_OK to avoid a NULL deref when an allocation fails under WOLFSSL_SMALL_STACK.