Fixes for SM2/3 and FindMultiAttrib

[rlm2002]

Description

Prevent potential heap-buffer-overflow (out of bounds read) when SM2/SM3 is enabled. Reject a certificate with an SM3wSM2 signatureAlgorithm and a public key shorter than 65 bytes, (cert->publicKey + cert->pubKeySize - 65 underflows and CalcHashId_ex reads up to 64 bytes before the key buffer) in ParseCertRelative().

Adds regression test for this issue.

Fixes zd#21890

Adds negative value check to SetAuthKeyIdFromDcert().
Adds defensive i >= 0 check to FindMultiAttrib() to for statement to clear Coverity false positives.

Fixes zd#21938

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10641

Scan targets checked: wolfcrypt-bugs, wolfcrypt-src

No new issues found in the changed files. ✅

[github-actions]

retest this please

[github-actions]

MemBrowse Memory Report

gcc-arm-cortex-m0plus

• FLASH: .text +20 B (+0.0%, 63,495 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m3

• FLASH: .text +16 B (+0.0%, 121,277 B / 262,144 B, total: 46% used)

gcc-arm-cortex-m4-openssl-compat

• FLASH: .text +64 B (+0.0%, 766,316 B / 1,048,576 B, total: 73% used)

gcc-arm-cortex-m4-rsa-only

• FLASH: .text +64 B (+0.0%, 322,680 B / 1,048,576 B, total: 31% used)
  No memory changes detected for:
• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-crypto-only
• gcc-arm-cortex-m4-dtls13
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-pkcs7
• gcc-arm-cortex-m4-pq
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12
• gcc-arm-cortex-m4-tls13
• gcc-arm-cortex-m7
• gcc-arm-cortex-m7-pq
• gcc-arm-cortex-m7-tls13
• linuxkm-pie
• linuxkm-standard
• stm32-sim-stm32h753