Skip to content

Fix generic bugs, memory leaks, and migrate to wc_ForceZero#274

Open
stenslae wants to merge 1 commit into
wolfSSL:mainfrom
stenslae:pr-generic-fixes
Open

Fix generic bugs, memory leaks, and migrate to wc_ForceZero#274
stenslae wants to merge 1 commit into
wolfSSL:mainfrom
stenslae:pr-generic-fixes

Conversation

@stenslae

@stenslae stenslae commented Jul 15, 2026

Copy link
Copy Markdown
Member

Cleans up general codebase hygiene. Resolves scattered memory leaks, fixes minor bugs in clu_genkey.c and clu_x509_verify.c, and standardizes on wolfCLU_ForceZero to internally use wc_ForceZero.

@stenslae stenslae self-assigned this Jul 15, 2026

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #274

Scan targets checked: wolfclu-bugs, wolfclu-src
Findings: 2
1 finding(s) posted as inline comments (see file-level comments below)

Medium (1)

Fallback definition of DILITHIUM_MAX_BOTH_KEY_PEM_SIZE removed but usages remain

File: src/sign-verify/clu_sign.c:767
Function: wolfCLU_sign_data_dilithium
Category: Logic errors

The PR deletes the #ifndef DILITHIUM_MAX_BOTH_KEY_PEM_SIZE fallback #define that guarded older wolfSSL builds, but DILITHIUM_MAX_BOTH_KEY_PEM_SIZE is still used at clu_sign.c:767 and at the newly-added check clu_verify.c:727. On older wolfSSL builds with HAVE_DILITHIUM but without this constant, both translation units fail to compile.

Recommendation: Re-add the #ifndef DILITHIUM_MAX_BOTH_KEY_PEM_SIZE fallback guard (e.g., in wolfclu/sign-verify/clu_sign.h), or replace both usages with WOLFCLU_MAX_KEY_PEM_DER_SZ.

Referenced code: src/sign-verify/clu_sign.c:767-768 (2 lines)


This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread src/sign-verify/clu_sign.c
Comment thread src/sign-verify/clu_sign.c

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #274

Scan targets checked: wolfclu-bugs, wolfclu-src

No new issues found in the changed files. ✅

@stenslae stenslae assigned wolfSSL-Bot and unassigned stenslae Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants