From 2b89b259042bf93441463bacdf1cc43a7061814d Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Fri, 10 Jul 2026 10:56:31 -0600 Subject: [PATCH 1/5] clear dereference before null check in myCryptoDevCb() --- wolfcrypt/test/test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 914cdb2f0c0..bd80e80da39 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -75717,7 +75717,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) use SW */ myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; - if (info == NULL) + if (info == NULL || myCtx == NULL) return BAD_FUNC_ARG; #ifdef DEBUG_WOLFSSL @@ -76010,7 +76010,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } else { ret = 0; - if (myCtx != NULL && myCtx->eccCheckPubExpectZeroPoint) { + if (myCtx->eccCheckPubExpectZeroPoint) { const byte* pub = info->pk.ecc_check_pub.pubKey; word32 curveSz = (word32)k->dp->size; word32 ptSz = 1 + 2 * curveSz; From e406bab4666b5b723811c734520320bc25db4f22 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Mon, 13 Jul 2026 13:08:18 -0600 Subject: [PATCH 2/5] Direct compare paramTo->check_time == 11 to prevent store_truncates_time_t --- tests/api/test_ossl_x509_vp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/api/test_ossl_x509_vp.c b/tests/api/test_ossl_x509_vp.c index 9cc31179af9..c5e0cbbb36c 100644 --- a/tests/api/test_ossl_x509_vp.c +++ b/tests/api/test_ossl_x509_vp.c @@ -170,13 +170,13 @@ int test_wolfSSL_X509_VERIFY_PARAM(void) paramTo->flags = WOLFSSL_USE_CHECK_TIME; paramFrom->check_time = 22; ExpectIntEQ(X509_VERIFY_PARAM_inherit(paramTo, paramFrom), 1); - ExpectIntEQ(paramTo->check_time, 11); + ExpectIntEQ(paramTo->check_time == 11, 1); ExpectIntEQ(paramTo->flags & WOLFSSL_USE_CHECK_TIME, WOLFSSL_USE_CHECK_TIME); paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; ExpectIntEQ(X509_VERIFY_PARAM_inherit(paramTo, paramFrom), 1); - ExpectIntEQ(paramTo->check_time, 22); + ExpectIntEQ(paramTo->check_time == 22, 1); ExpectIntEQ(paramTo->flags & WOLFSSL_USE_CHECK_TIME, 0); /* test for incorrect parameters */ From e9d6701fa509fb47223f0f7bc413bdc4dce0067c Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 14 Jul 2026 10:43:58 -0600 Subject: [PATCH 3/5] Remove dead check --- src/internal.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/internal.c b/src/internal.c index 3765426a327..1f51db6468f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -27241,11 +27241,6 @@ int SendCertificateStatus(WOLFSSL* ssl) else { while (ret == 0 && i < MAX_CHAIN_DEPTH && NULL != (request = ssl->ctx->chainOcspRequest[i])) { - if ((i + 1) >= MAX_CERT_EXTENSIONS) { - ret = MAX_CERT_EXTENSIONS_ERR; - break; - } - request->ssl = ssl; ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, request, &responses[++i], ssl->heap); From 8f750dda718e52cf1803e8a37ff3dc07faab88c8 Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Tue, 14 Jul 2026 11:27:53 -0600 Subject: [PATCH 4/5] limit extLen to MAX_RECORD_SIZE --- tests/api.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/api.c b/tests/api.c index 238ea673976..a2190479d8b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15015,6 +15015,9 @@ static int ech_find_extension(byte* buf, word16* idx_p, word16 extType) if (seekRet < 0) { return seekRet; } + if (extLen > MAX_RECORD_SIZE) { + return BAD_FUNC_ARG; + } idx = extIdx = ((word16)seekRet + *idx_p); while (idx - extIdx < extLen) { From 8cfe16512c89e510549c79be1a0275178814e86a Mon Sep 17 00:00:00 2001 From: Ruby Martin Date: Wed, 15 Jul 2026 10:53:13 -0600 Subject: [PATCH 5/5] initialize uninitialized variables in tests --- tests/api/test_dh.c | 13 +++++++++++++ tests/api/test_ed25519.c | 1 + 2 files changed, 14 insertions(+) diff --git a/tests/api/test_dh.c b/tests/api/test_dh.c index 30a4c8b575b..8a2bd1020d5 100644 --- a/tests/api/test_dh.c +++ b/tests/api/test_dh.c @@ -625,6 +625,9 @@ int test_wc_DhAgree_nonblock(void) int ret; int rounds; + XMEMSET(&aliceKey, 0, sizeof(aliceKey)); + XMEMSET(&bobKey, 0, sizeof(bobKey)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitDhKey(&aliceKey), 0); ExpectIntEQ(wc_InitDhKey(&bobKey), 0); @@ -691,6 +694,8 @@ int test_wc_DhImportExportKeyPair(void) byte privOut[TEST_DH_BUF_SIZE], pubOut[TEST_DH_BUF_SIZE]; word32 privOutSz, pubOutSz; + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitDhKey(&key), 0); ExpectIntEQ(wc_DhSetNamedKey(&key, WC_FFDHE_2048), 0); @@ -770,6 +775,8 @@ int test_wc_DhCheckPubKey(void) word32 privSz = sizeof(priv), pubSz = sizeof(pub); byte tiny[1] = { 0x01 }; + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectNotNull(params = wc_Dh_ffdhe2048_Get()); @@ -838,6 +845,8 @@ int test_wc_DhCheckPrivKey(void) word32 privSz = sizeof(priv), pubSz = sizeof(pub); byte zero[1] = { 0x00 }; + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectNotNull(params = wc_Dh_ffdhe2048_Get()); ExpectIntEQ(wc_InitDhKey(&key), 0); @@ -910,6 +919,8 @@ int test_wc_DhCheckKeyPair(void) byte priv[TEST_DH_BUF_SIZE] = {0}, pub[TEST_DH_BUF_SIZE] = {0}; word32 privSz = sizeof(priv), pubSz = sizeof(pub); + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitDhKey(&key), 0); ExpectIntEQ(wc_DhSetNamedKey(&key, WC_FFDHE_2048), 0); @@ -970,6 +981,8 @@ int test_wc_DhGenerateParams_and_ExportRaw(void) byte gOut[TEST_DH_BUF_SIZE]; word32 pSz, qSz, gSz; + XMEMSET(&dh, 0, sizeof(dh)); + ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_InitDhKey(&dh), 0); diff --git a/tests/api/test_ed25519.c b/tests/api/test_ed25519.c index d9ff72b18e5..f7bc8b41bbd 100644 --- a/tests/api/test_ed25519.c +++ b/tests/api/test_ed25519.c @@ -1034,6 +1034,7 @@ int test_wc_ed25519_verify_streaming(void) XMEMSET(&key, 0, sizeof(key)); XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(sig, 0, sizeof(sig)); ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0);