From 00c773e1b514caac14d73ea59756bb26a7dceee6 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 18 Feb 2026 15:33:41 -0700 Subject: [PATCH 1/3] remove dead code in MakeSignature() --- wolfcrypt/src/asn.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 658d5b53a9..3be5e33fb0 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -32270,14 +32270,10 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, signCtx.key = rsaKey; signCtx.keyType = RSA_TYPE; } - else if (eccKey) { + else { signCtx.key = eccKey; signCtx.keyType = ECC_TYPE; } - else { - ret = BAD_FUNC_ARG; - goto exit_ms; - } /* Use unified callback path */ ret = MakeSignatureCb(certSignCtx, buf, sz, sig, sigSz, From c17217ce3190deda4d9b153dfe8cfbf65bf688c4 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Thu, 19 Feb 2026 15:43:41 -0700 Subject: [PATCH 2/3] add null check in test_wolfSSL_X509_CRL_sign_large() init revoked --- tests/api.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index 3af30a5542..cc66270c6e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -21141,7 +21141,7 @@ static int test_wolfSSL_X509_CRL_sign_large(void) WOLFSSL_X509_CRL* crl = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_ASN1_TIME asnTime; - WOLFSSL_X509_REVOKED revoked; + WOLFSSL_X509_REVOKED revoked = {0}; XFILE fp = XBADFILE; int i; byte serial[4]; @@ -21166,9 +21166,11 @@ static int test_wolfSSL_X509_CRL_sign_large(void) ExpectIntEQ(wolfSSL_X509_CRL_set_nextUpdate(crl, &asnTime), WOLFSSL_SUCCESS); - revoked.serialNumber = wolfSSL_ASN1_INTEGER_new(); - revoked.serialNumber->data = serial; - revoked.serialNumber->length = (int)sizeof(serial); + ExpectNotNull(revoked.serialNumber = wolfSSL_ASN1_INTEGER_new()); + if (revoked.serialNumber != NULL) { + revoked.serialNumber->data = serial; + revoked.serialNumber->length = (int)sizeof(serial); + } for (i = 1; i <= 1024; i++) { serial[0] = (byte)(i & 0xff); @@ -21189,9 +21191,11 @@ static int test_wolfSSL_X509_CRL_sign_large(void) ExpectIntEQ(wolfSSL_X509_CRL_sign(crl, pkey, wolfSSL_EVP_sha256()), WOLFSSL_SUCCESS); - revoked.serialNumber->data = NULL; - wolfSSL_ASN1_INTEGER_free(revoked.serialNumber); - revoked.serialNumber = NULL; + if (revoked.serialNumber != NULL) { + revoked.serialNumber->data = NULL; + wolfSSL_ASN1_INTEGER_free(revoked.serialNumber); + revoked.serialNumber = NULL; + } wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_CRL_free(crl); From d85387b84c8a2dd9941836ec899aad1ecfbbed61 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Fri, 20 Feb 2026 12:16:20 -0700 Subject: [PATCH 3/3] set s = NULL to prevent use object after free error --- tests/api.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/api.c b/tests/api.c index cc66270c6e..2cdd81c79b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20548,10 +20548,12 @@ static int test_sk_X509(void) ExpectNotNull(s = wolfSSL_sk_X509_new(NULL)); ExpectIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); + s = NULL; ExpectNotNull(s = sk_X509_new_null()); ExpectIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); + s = NULL; ExpectNotNull(s = sk_X509_new_null());