Files
wolfssl/src
Juliusz Sosinowicz 4a36d16b30 Fix bugs found in crl.c, keys.c, and ssl_certman.c review
crl.c:
- wolfSSL_X509_CRL_dup: add NULL check on input before dereferencing crl->cm
- DupX509_CRL: distinguish empty source CRL list from allocation failure so
  duplicating a CRL with no entries no longer returns MEMORY_E
- wolfSSL_X509_STORE_add_crl: free newly-allocated CRL when wc_LockRwLock_Rd
  fails to avoid leaking it
- InitCRL: propagate wolfSSL_RefInit failure in OPENSSL_ALL +
  WOLFSSL_REFCNT_ERROR_RETURN builds, freeing crlLock (and cond when
  HAVE_CRL_MONITOR is enabled) on the error path

keys.c:
- GetCipherSpec: remove duplicate usingPSK_cipher assignment in
  BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 case
- GetCipherSpec: return UNSUPPORTED_SUITE for unknown cipher suite bytes in
  the TLS13_BYTE, ECDHE_PSK_BYTE, and SM_BYTE switch blocks, matching the
  behavior of the ECC_BYTE, CHACHA_BYTE, and normal suite switches
- SetKeys: fix misleading indentation on the AESCCM and SM4-CCM dec->aes
  NULL-check return statements

ssl_certman.c / internal.h:
- AddTrustedPeer: remove dead code that checked peerCert->permittedNames
  and peerCert->excludedNames immediately after XMEMSET zeroed the struct
- AddTrustedPeer: use cm->heap (matching allocation) instead of NULL when
  freeing cert on the ParseCert failure path
- Extract the body of wolfSSL_CertManagerFree into a new static helper
  DoCertManagerFree that unconditionally disposes of the certificate
  manager, bypassing the reference count check. wolfSSL_CertManagerFree
  now delegates to it after the RefDec check.
- Add caLockInit, tpLockInit, and refInit bitfield members to
  WOLFSSL_CERT_MANAGER that track which sub-resources were successfully
  initialized. DoCertManagerFree consults these flags so that it only
  destroys mutexes and the reference count that were actually set up,
  which makes partial-construction cleanup safe without relying on
  platform-specific behavior of free-on-zeroed-storage.
- wolfSSL_CertManagerNew_ex: set the init flags as each sub-resource is
  initialized, and on failure call DoCertManagerFree directly to free
  exactly the resources that succeeded. Set cm->heap immediately after
  XMEMSET so the forceful free path can use it.
2026-04-14 13:14:21 +00:00
..
2026-04-10 08:50:30 +02:00
2026-03-16 15:14:25 -07:00
2026-02-25 15:46:20 +01:00
2026-03-13 17:03:02 -06:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-03-20 14:39:29 -06:00
2026-02-25 15:19:13 +01:00