From 668602016c4e7144d28c9cca310e1ad6c6afd2f7 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 19 Nov 2025 14:36:04 -0500 Subject: [PATCH 1/2] Allow user to prevent wc_PKCS7_EcdsaVerify from erroring out due to extentions we do not know about --- wolfcrypt/src/pkcs7.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 54cfe00c5d..f2afb05fa8 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4174,6 +4174,14 @@ static int wc_PKCS7_EcdsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz, } InitDecodedCert(dCert, pkcs7->cert[i], pkcs7->certSz[i], pkcs7->heap); + + /* This allows the user to not error out in the case of extensions that + * we are not aware of. */ +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (pkcs7->unknownExtCallback != NULL) + wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback); +#endif + /* not verifying, only using this to extract public key */ ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { From cf8b729baee8761d9d46aa02f78ed5aba556ad32 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 21 Nov 2025 11:59:07 -0500 Subject: [PATCH 2/2] Initialize test variables; avoid false warnings. --- tests/api.c | 14 +++++++------- tests/api/test_ossl_sk.c | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/api.c b/tests/api.c index 30dacdc7b2..11a504e73a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33815,10 +33815,10 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey(void) EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) EVP_PKEY* pkey = NULL; - const unsigned char* p; + const unsigned char* p = NULL; unsigned char *der = NULL; unsigned char *tmp = NULL; - int derLen; + int derLen = 0; p = client_keypub_der_2048; /* Check that key can be successfully decoded. */ @@ -34143,9 +34143,9 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void) { EXPECT_DECLS; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) - WOLFSSL_OCSP_CERTID* certIdGood; - WOLFSSL_OCSP_CERTID* certIdBad; - const unsigned char* rawCertIdPtr; + WOLFSSL_OCSP_CERTID* certIdGood = NULL; + WOLFSSL_OCSP_CERTID* certIdBad = NULL; + const unsigned char* rawCertIdPtr = NULL; const unsigned char rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, @@ -42550,8 +42550,8 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; - int idx; - int ret, err; + int idx = 0; + int ret = 0, err = 0; if (!args) WOLFSSL_RETURN_FROM_THREAD(0); diff --git a/tests/api/test_ossl_sk.c b/tests/api/test_ossl_sk.c index 9cfe8306a6..263f51d2c4 100644 --- a/tests/api/test_ossl_sk.c +++ b/tests/api/test_ossl_sk.c @@ -55,7 +55,7 @@ int test_wolfSSL_sk_push_get_node(void) WOLFSSL_STACK* stack = NULL; WOLFSSL_STACK* node1 = NULL; WOLFSSL_STACK* node2 = NULL; - WOLFSSL_STACK* node; + WOLFSSL_STACK* node = NULL; ExpectNotNull(node1 = wolfSSL_sk_new_node(HEAP_HINT)); ExpectNotNull(node2 = wolfSSL_sk_new_node(HEAP_HINT));