Merged
Conversation
that we extract the r and s parameters, when the der is malformed when the integer values are raw bytes without proper sign-bit handling (those ders are used when signing/veriffing in the xmlsec1's testsuite); - handle 0-byte cipher finalization in aes-cbc, we return -173 when data size = 0 when decrypting, this gets called by xmlsec1 to flush the buffer after decryption is done (not needed for wolfssl, but we return 0 in that case);
- Added v2.6.7 to the openldap workflow
gasbytes
force-pushed
the
xmlsec1
branch
3 times, most recently
from
45546b4 to
96c8dd6
Compare
SparkiDev
reviewed
Nov 18, 2025
| } | ||
|
|
||
| /* Handle 0-byte finalization call, common in cipher APIs for flushing/padding */ | ||
| if (src_size == 0) { |
Contributor
There was a problem hiding this comment.
Please don't use TABs for indenting.
SparkiDev
reviewed
Nov 18, 2025
| if (len & 0x80) { | ||
| /* Long form length */ | ||
| word32 num_bytes = len & 0x7F; | ||
| if (num_bytes > 4 || idx + num_bytes > sig_len) return -1; |
Contributor
There was a problem hiding this comment.
When len is 0x80 then this is indefinite length encoded meaning go look for EOC.
Don't want to support that here.
SparkiDev
reviewed
Nov 18, 2025
| /* Parse r length */ | ||
| if (idx >= sig_len) return -1; | ||
| len = sig_data[idx++]; | ||
| if (len & 0x80) { |
Contributor
There was a problem hiding this comment.
Extract into a function as this code is required in multiple places.
SparkiDev
reviewed
Nov 18, 2025
| } | ||
|
|
||
| /* Skip leading zero byte if present (sign byte) */ | ||
| if (len > 0 && idx < sig_len && sig_data[idx] == 0x00) { |
Contributor
There was a problem hiding this comment.
len must be greater than 0.
- removed accidental Tab in the wolfssl-gnutls-wrapper/src/cipher.c file;
gasbytes
force-pushed
the
xmlsec1
branch
15 times, most recently
from
d290cb2 to
9969003
Compare
being tested on ubuntu 24.04. - Wireshark workflow - Removing master version testing from the libjcat workflow. Uses post quantum by default, not currently supported by gnutls-wolfssl.
SparkiDev
requested changes
Dec 4, 2025
- return -1 on num_bytes = 0 (unsupported);
SparkiDev
approved these changes
Dec 5, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
that we extract the r and s parameters, when the der is malformed when the integer
values are raw bytes without proper sign-bit handling (those ders are
used when signing/veriffing in the xmlsec1's testsuite);
size = 0 when decrypting, this gets called by xmlsec1 to flush the
buffer after decryption is done (not needed for wolfssl, but we return 0 in that case);