Remove UTF-8 chars

Get rid of weird character

Fix warning found by CI

Style changes

Addressed 1 and 2.

Author: padelsbach

src/ssl_sess.c

@@ -487,6 +487,12 @@ int wolfSSL_memsave_session_cache(void* mem, int sz)
 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
 {
     int    i;
+    #ifndef SESSION_CACHE_DYNAMIC_MEM
+    #if defined(HAVE_SESSION_TICKET) || \
+       (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))
+    int    j;
+    #endif
+    #endif
     cache_header_t cache_header;
     SessionRow*    row  = (SessionRow*)((byte*)mem + sizeof(cache_header));
 
@@ -523,21 +529,24 @@ int wolfSSL_memrestore_session_cache(const void* mem, int sz)
 
         XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW);
     #ifndef SESSION_CACHE_DYNAMIC_MEM
+    #if defined(HAVE_SESSION_TICKET) || \
+       (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))
         /* Reset pointers to safe values after raw copy */
-        {
-            int j;
-            for (j = 0; j < SESSIONS_PER_ROW; j++) {
-                WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
+        for (j = 0; j < SESSIONS_PER_ROW; j++) {
+            WOLFSSL_SESSION* s = &SessionCache[i].Sessions[j];
     #ifdef HAVE_SESSION_TICKET
-                s->ticket = s->staticTicket;
-                s->ticketLenAlloc = 0;
+            s->ticket = s->staticTicket;
+            s->ticketLenAlloc = 0;
+            if (s->ticketLen > SESSION_TICKET_LEN) {
+                s->ticketLen = SESSION_TICKET_LEN;
+            }
     #endif
     #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
-                s->peer = NULL;
+            s->peer = NULL;
     #endif
-            }
         }
     #endif
+    #endif
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         SESSION_ROW_UNLOCK(&SessionCache[i]);
     #endif
@@ -698,6 +707,8 @@ int wolfSSL_restore_session_cache(const char *fname)
 
         ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file);
     #ifndef SESSION_CACHE_DYNAMIC_MEM
+    #if defined(HAVE_SESSION_TICKET) || \
+       (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))
         /* Reset pointers to safe values after raw copy */
         {
             int j;
@@ -706,13 +717,17 @@ int wolfSSL_restore_session_cache(const char *fname)
     #ifdef HAVE_SESSION_TICKET
                 s->ticket = s->staticTicket;
                 s->ticketLenAlloc = 0;
+                if (s->ticketLen > SESSION_TICKET_LEN) {
+                    s->ticketLen = SESSION_TICKET_LEN;
+                }
     #endif
     #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
                 s->peer = NULL;
     #endif
             }
         }
     #endif
+    #endif
     #ifdef ENABLE_SESSION_CACHE_ROW_LOCK
         SESSION_ROW_UNLOCK(&SessionCache[i]);
     #endif

tests/api.c

@@ -35020,7 +35020,7 @@ static int test_dilithium_hash(void)
     ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0);
 
     ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sizeof(sig), NULL, 0,
-        msg, 0xFFFFFFC0u, &res, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        msg, 0xFFFFFFC0, &res, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     wc_dilithium_free(&key);
     DoExpectIntEQ(wc_FreeRng(&rng), 0);
@@ -35036,11 +35036,11 @@ static int test_pkcs7_padding(void)
     defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
     PKCS7 pkcs7;
     byte key[32];
-    byte plaintext[27]; /* 27 bytes → padded to 32 → padding = 05 05 05 05 05 */
+    byte plaintext[27]; /* 27 bytes -> padded to 32 -> padding = 05 05 05 05 05 */
     byte encoded[4096];
     byte output[256];
     byte modified[4096];
-    int encodedSz;
+    int encodedSz = 0;
     int outSz;
     int ctOff = -1;
     int ctLen = 0;
@@ -35100,15 +35100,15 @@ static int test_pkcs7_padding(void)
         /* Flip byte in penultimate block to corrupt interior padding */
         modified[ctOff + ctLen - 32 + 11] ^= 0x42;
 
-        /* Decrypt modified ciphertext — must fail, not succeed */
+        /* Decrypt modified ciphertext - must fail, not succeed */
         XMEMSET(&pkcs7, 0, sizeof(pkcs7));
         ExpectIntEQ(wc_PKCS7_Init(&pkcs7, NULL, 0), 0);
         pkcs7.encryptionKey   = key;
         pkcs7.encryptionKeySz = sizeof(key);
 
         outSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, modified,
             (word32)encodedSz, output, sizeof(output));
-        /* Must return an error — if it returns plaintext size, padding
+        /* Must return an error - if it returns plaintext size, padding
          * oracle vulnerability exists */
         ExpectIntLT(outSz, 0);
         wc_PKCS7_Free(&pkcs7);

wolfcrypt/src/evp.c

@@ -11877,7 +11877,7 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
-    byte   buff[24] = { 0 };
+    byte   buff[EVP_EXPONENT_PRINT_MAX] = { 0 };
     int    res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32 inOutIdx = 0;
     word32 nSz;             /* size of modulus */
@@ -12021,7 +12021,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
 {
     byte*   pub = NULL;
     word32  pubSz = 0;
-    byte    buff[24] = { 0 };
+    byte    buff[EVP_EXPONENT_PRINT_MAX] = { 0 };
     int     res = WOLFSSL_SUCCESS;
     word32  inOutIdx = 0;
     int     curveId = 0;
@@ -12210,7 +12210,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
-    byte    buff[24] = { 0 };
+    byte    buff[EVP_EXPONENT_PRINT_MAX] = { 0 };
     int     length;
     int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  inOutIdx = 0;
@@ -12417,7 +12417,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
     int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
 {
 
-    byte    buff[24] = { 0 };
+    byte    buff[EVP_EXPONENT_PRINT_MAX] = { 0 };
     int     res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
     word32  length;
     word32  inOutIdx;

wolfcrypt/src/pkcs7.c

@@ -12759,7 +12759,9 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
     byte* encryptedContent = NULL;
     int explicitOctet = 0;
     word32 localIdx = 0;
-    byte   tag = 0;
+    byte tag = 0;
+    byte padCheck = 0;
+    int padIndex;
 
     if (pkcs7 == NULL)
         return BAD_FUNC_ARG;
@@ -13267,18 +13269,16 @@ int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                 ret = BUFFER_E;
                 break;
             }
-            /* Constant-time check all padding bytes */
-            {
-                byte padCheck = 0;
-                int pi;
-                for (pi = encryptedContentSz - padLen;
-                     pi < encryptedContentSz; pi++) {
-                    padCheck |= encryptedContent[pi] ^ padLen;
-                }
-                if (padCheck != 0) {
-                    ret = BUFFER_E;
-                    break;
-                }
+
+            /* Check all padding bytes. Better implementation would be to run
+             * through the entire block. */
+            for (padIndex = encryptedContentSz - padLen;
+                 padIndex < encryptedContentSz; padIndex++) {
+                padCheck |= encryptedContent[padIndex] ^ padLen;
+            }
+            if (padCheck != 0) {
+                ret = BUFFER_E;
+                break;
             }
 
         #ifdef ASN_BER_TO_DER
@@ -15052,6 +15052,8 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
     byte* pkiMsg = in;
     word32 pkiMsgSz = inSz;
     byte  tag = 0;
+    byte padCheck = 0;
+    int padIndex;
 
     if (pkcs7 == NULL ||
             ((pkcs7->encryptionKey == NULL || pkcs7->encryptionKeySz == 0) &&
@@ -15336,20 +15338,18 @@ int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                     XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
                     break;
                 }
-                /* Constant-time check all padding bytes */
-                {
-                    byte padCheck = 0;
-                    int pi;
-                    for (pi = encryptedContentSz - padLen;
-                         pi < encryptedContentSz; pi++) {
-                        padCheck |= encryptedContent[pi] ^ padLen;
-                    }
-                    if (padCheck != 0) {
-                        WOLFSSL_MSG("Bad padding bytes found");
-                        ret = BUFFER_E;
-                        XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
-                        break;
-                    }
+
+                /* Check all padding bytes. Better implementation would be to
+                 * run through the entire block. */
+                for (padIndex = encryptedContentSz - padLen;
+                     padIndex < encryptedContentSz; padIndex++) {
+                     padCheck |= encryptedContent[padIndex] ^ padLen;
+                }
+                if (padCheck != 0) {
+                    WOLFSSL_MSG("Bad padding bytes found");
+                    ret = BUFFER_E;
+                    XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
+                    break;
                 }
 
                 /* copy plaintext to output */

wolfssl/wolfcrypt/types.h

@@ -2423,6 +2423,7 @@ enum Max_ASN {
 
 #endif /* WOLFSSL_CERT_GEN */
 
+#define EVP_EXPONENT_PRINT_MAX 24
 
 #ifdef __cplusplus
     }   /* extern "C" */