From 66de1d6cdb81d22f5db895e4bf8c2563c4be320f Mon Sep 17 00:00:00 2001
From: Andrew Hutchings <andrew@wolfssl.com>
Date: Thu, 19 Feb 2026 11:00:26 +0000
Subject: [PATCH 1/3] Fix wolfSSL_CRYPTO_memcmp

This is used by the OpenSSL compatibility layer. If either parameter was
NULL, it would return as a match. We should return a non-match instead.

OpenSSL itself has no safety checks here.
---
 src/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 9972e9f7cd9..be630f01075 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -15671,7 +15671,7 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
 int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size)
 {
     if (!a || !b)
-        return 0;
+        return -1;
     return ConstantCompare((const byte*)a, (const byte*)b, (int)size);
 }
 

From 4551926dad0b505fcf7bced837a0fb78b6b3d6e8 Mon Sep 17 00:00:00 2001
From: Andrew Hutchings <andrew@wolfssl.com>
Date: Thu, 19 Feb 2026 11:40:36 +0000
Subject: [PATCH 2/3] Fix inverted logic in Sphincs and Falcon

---
 wolfcrypt/src/asn.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 3672d27b486..c386ab16232 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -9300,7 +9300,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         if (falcon == NULL)
             return MEMORY_E;
 
-        if (wc_falcon_init(falcon) != 0) {
+        if (wc_falcon_init(falcon) == 0) {
             tmpIdx = 0;
             if (wc_falcon_set_level(falcon, 1) == 0) {
                 if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz)
@@ -9387,7 +9387,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
         if (sphincs == NULL)
             return MEMORY_E;
 
-        if (wc_sphincs_init(sphincs) != 0) {
+        if (wc_sphincs_init(sphincs) == 0) {
             tmpIdx = 0;
             if (wc_sphincs_set_level_and_optim(sphincs, 1, FAST_VARIANT)
                 == 0) {

From 17680a23593758eae2408c20ba36cb527572e7d0 Mon Sep 17 00:00:00 2001
From: Andrew Hutchings <andrew@wolfssl.com>
Date: Thu, 19 Feb 2026 11:42:21 +0000
Subject: [PATCH 3/3] Fix leak in PKCS7 RSA-OAEP

---
 wolfcrypt/src/pkcs7.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 97d15a39371..be7076fc58c 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -10494,7 +10494,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                     DYNAMIC_TYPE_TMP_BUFFER);
         #ifndef WC_NO_RSA_OAEP
                 if (encOID == RSAESOAEPk) {
-                    if (!outKey) {
+                    if (outKey) {
                         XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                     }
                 }
@@ -10510,7 +10510,7 @@ static int wc_PKCS7_DecryptKtri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
             WC_FREE_VAR_EX(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
         #ifndef WC_NO_RSA_OAEP
             if (encOID == RSAESOAEPk) {
-                if (!outKey) {
+                if (outKey) {
                     XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER);
                 }
             }