Skip to content

20260426-fixes#10324

Merged
dgarske merged 6 commits intowolfSSL:masterfrom
douzzer:20260426-fixes
Apr 27, 2026
Merged

20260426-fixes#10324
dgarske merged 6 commits intowolfSSL:masterfrom
douzzer:20260426-fixes

Conversation

@douzzer
Copy link
Copy Markdown
Contributor

@douzzer douzzer commented Apr 27, 2026

wolfcrypt/src/wc_slhdsa.c:

  • fix smallstackcache memory leaks in sha256 and sha512 contexts -- don't init or copy over a context that's been inited but not freed, and make sure to explicitly free any context that's been inited or copied over.
  • fix uninited-var warnings in slhdsakey_wots_sign(), slhdsakey_xmss_sign(), and slhdsakey_fors_sign() (the uninited-var scenario depends on corrupt arg(s) resulting in zero iterations).

wolfcrypt/test/test.c:

  • fix aes_eax_test() for NO_MALLOC (use WC_*_VAR() to allocate eax context).
  • in slhdsa_test(), gate the profusely verbose TestDumpData() clauses on WC_SLHDSA_VERBOSE_DEBUG.

wolfcrypt/benchmark/benchmark.c: add missing WOLFSSL_USE_SAVE_VECTOR_REGISTERS handling in bench_stats_ops_finish().

wolfcrypt/src/random.c:

  • add workaround in Hash512_df() for gcc compiler bug around AVX512 and object alignment.
  • add missing WC_VERBOSE_RNG clause.

wolfcrypt/src/wc_lms.c: remove redundant gating on WOLFSSL_LMS_SHAKE256 in wc_LmsParamsMap wc_lms_map[].

wolfcrypt/src/wc_port.c: in wc_socket_cloexec(), add necessary but undocumented __USE_GNU gating on call to accept4() (pre-includes can bring in socket.h before the override setting of _GNU_SOURCE at the top). Also enable accept4() for FreeBSD.

detected by and tested with

wolfssl-mult-test.sh ...
pr-check
allcryptonly-no-malloc-no-wolf-memory
all-disable-asm-assert
all-disable-asm-assert-clang
cppcheck-force-source
linuxkm-defaults-all-quantum-safe-fips-dev-clang-tidy
linuxkm-defaults-all-quantum-safe-fips-dev-noasm-clang-tidy
linuxkm-cryptonly-intelasm-fips-dev-dyn-hash-LKCAPI-yes-twc-insmod-kmemleak
linuxkm-benchmarks-asm-insmod
linuxkm-benchmarks-noasm-insmod
linuxkm-benchmarks-fips-insmod
linuxkm-benchmarks-insmod-kmemleak
linuxkm-benchmarks-insmod-ksanitize
cross-s390x-all-asm-fips-dev
cross-m68k-all-asm-fips-dev
clang-tidy-fips-140-3-dev-defaults
clang-tidy-fips-140-3-dev-defaults-no-sha-1
clang-tidy-fips-140-3-dev-all
clang-tidy-fips-140-3-dev-all-crypto-no-sha-1
sp-all-asm-sanitizer
all-noasm-arch-native-O3-sanitizer
all-noasm-arch-native-O3-gcc-latest-sanitizer
all-asm-arch-native-O3-sanitizer-gcc-latest-no-sp-asm
sp-all-asm-smallstack-sanitizer-fips-140-3-dev
sanitize-fips-140-3-dev

douzzer added 6 commits April 27, 2026 11:36
@douzzer
wolfcrypt/src/wc_slhdsa.c:
7035fcf 
* fix smallstackcache memory leaks in sha256 and sha512 contexts -- don't init or copy over a context that's been inited but not freed, and make sure to explicitly free any context that's been inited or copied over.
* fix uninited-var warnings in slhdsakey_wots_sign(), slhdsakey_xmss_sign(), and slhdsakey_fors_sign() (the uninited-var scenario depends on corrupt arg(s) resulting in zero iterations).
@douzzer
wolfcrypt/test/test.c:
beae56f 
* fix aes_eax_test() for NO_MALLOC (use WC_*_VAR() to allocate eax context).
* in slhdsa_test(), gate the profusely verbose TestDumpData() clauses on WC_SLHDSA_VERBOSE_DEBUG.
@douzzer
wolfcrypt/benchmark/benchmark.c: add missing WOLFSSL_USE_SAVE_VECTOR_…
1d80288 
…REGISTERS handling in bench_stats_ops_finish().
@douzzer
wolfcrypt/src/random.c:
ac11279 
* add workaround in Hash512_df() for gcc compiler bug around AVX512 and object alignment.
* add missing WC_VERBOSE_RNG clause.
@douzzer
wolfcrypt/src/wc_lms.c: remove redundant gating on WOLFSSL_LMS_SHAKE2…
3279b36 
…56 in wc_LmsParamsMap wc_lms_map[].
@douzzer
wolfcrypt/src/wc_port.c: in wc_socket_cloexec(), add necessary but un…
66ea4da 
…documented __USE_GNU gating on call to accept4() (pre-includes can bring in socket.h before the override setting of _GNU_SOURCE at the top). Also enable accept4() for FreeBSD.
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10324

Scan targets checked: wolfcrypt-bugs, wolfcrypt-src

Findings: 1
1 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

Comment thread wolfcrypt/src/random.c
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

MemBrowse Memory Report

No memory changes detected for:

@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented Apr 27, 2026

retest this please
(timeout in PRB-linuxkm.txt_0 make check, not reproducible)

@douzzer
Copy link
Copy Markdown
Contributor Author

douzzer commented Apr 27, 2026
edited
Loading

note all workflow failures on this PR are unrelated to this PR -- unmet cmake version dependency in most of them, and unrelated missing runtime dependency in socat (socat[18082] W open("/dev/vsock", ...): No such file or directory in socat subtest #410).

edit: and ./Arduino/sketches: No such file or directory on the Arduino workflows.

@dgarske dgarske merged commit 1c9555c into wolfSSL:master Apr 27, 2026
462 of 486 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@dgarske dgarske dgarske approved these changes

@kaleb-himes kaleb-himes Awaiting requested review from kaleb-himes

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

@SparkiDev SparkiDev Awaiting requested review from SparkiDev

@embhorn embhorn Awaiting requested review from embhorn

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@douzzer @dgarske @wolfSSL-Fenrir-bot @wolfSSL-Bot