From d34ee11797e9c02b35daca3c90942dd4e393e0da Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 29 Apr 2026 13:31:37 -0600 Subject: [PATCH 1/3] tests set null on EXPECT_SUCCESS --- tests/api.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index b3193c5ad0..13bc61dfd8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -10621,7 +10621,8 @@ static int test_tls_ext_word16_overflow(void) ExpectIntEQ(TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap), WOLFSSL_SUCCESS); /* TLSX_UseSessionTicket takes ownership on success. */ - ticket = NULL; + if (EXPECT_SUCCESS()) + ticket = NULL; } /* TLSX_GetRequestSize must refuse to encode: 4-byte ext header + @@ -10697,7 +10698,8 @@ static int test_tls_ext_word16_overflow(void) if (EXPECT_SUCCESS() && ticket2 != NULL) { ExpectIntEQ(TLSX_UseSessionTicket(&ssl2->extensions, ticket2, ssl2->heap), WOLFSSL_SUCCESS); - ticket2 = NULL; + if (EXPECT_SUCCESS()) + ticket2 = NULL; } /* Exact boundary: internal sum == 0xFFFD must succeed, and the From fb69662262e6477c1f3bfe07ccd8046e3dae1f62 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 29 Apr 2026 14:13:17 -0600 Subject: [PATCH 2/3] consolidate duplicate shakeType classification, clears logically dead code --- wolfcrypt/src/rsa.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index b3fbb83fe0..6f5ae94abc 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1154,39 +1154,31 @@ static int RsaMGF_SHAKE(enum wc_HashType shakeType, byte* seed, word32 seedSz, return MEMORY_E); #ifdef WOLFSSL_SHAKE128 - if (shakeType == WC_HASH_TYPE_SHAKE128) + if (shakeType == WC_HASH_TYPE_SHAKE128) { ret = wc_InitShake128(shake, heap, INVALID_DEVID); - else -#endif -#ifdef WOLFSSL_SHAKE256 - if (shakeType == WC_HASH_TYPE_SHAKE256) - ret = wc_InitShake256(shake, heap, INVALID_DEVID); - else -#endif - ret = BAD_FUNC_ARG; - - if (ret == 0) { -#ifdef WOLFSSL_SHAKE128 - if (shakeType == WC_HASH_TYPE_SHAKE128) { + if (ret == 0) { ret = wc_Shake128_Update(shake, seed, seedSz); if (ret == 0) ret = wc_Shake128_Final(shake, out, outSz); wc_Shake128_Free(shake); } - else + } + else #endif #ifdef WOLFSSL_SHAKE256 - if (shakeType == WC_HASH_TYPE_SHAKE256) { + if (shakeType == WC_HASH_TYPE_SHAKE256) { + ret = wc_InitShake256(shake, heap, INVALID_DEVID); + if (ret == 0) { ret = wc_Shake256_Update(shake, seed, seedSz); if (ret == 0) ret = wc_Shake256_Final(shake, out, outSz); wc_Shake256_Free(shake); } - else + } + else #endif - { - ret = BAD_FUNC_ARG; - } + { + ret = BAD_FUNC_ARG; } WC_FREE_VAR_EX(shake, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; From 3b00b054b3d76e1f2da506ed243448e70abe4b4b Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 29 Apr 2026 14:19:49 -0600 Subject: [PATCH 3/3] initialize test variable regCiphertext --- tests/api/test_pkcs12.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c index de11cc436a..80f23e76b7 100644 --- a/tests/api/test_pkcs12.c +++ b/tests/api/test_pkcs12.c @@ -434,6 +434,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void) word32 regPkeySz = 0; word32 regCertSz = 0; + XMEMSET(regCiphertext, 0, sizeof(regCiphertext)); /* Derive AES-256 key with the same PBKDF2 that DecryptContent uses */ ExpectIntEQ(wc_PBKDF2(regKey, (const byte*)regPassword, (int)XSTRLEN(regPassword), regSalt, (int)sizeof(regSalt),