mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 15:50:51 +02:00
43aad1e4d7
- Fix SM4 GCM/CCM TLS 1.3 decrypt to read auth tag from input buffer instead of output buffer, consistent with all other AEAD ciphers (src/tls13.c) - Fix SM4_BLOCK_SIZE typo (was SM$_BLOCK_SIZE) in TicketEncDec SM4-GCM decrypt path (src/internal.c) - Fix SM2 certificate signature verification for certs using id-ecPublicKey (ECDSAk) with SM2-with-SM3 signature algorithm. OpenSSL creates SM2 cert signatures without the standard distinguishing identifier in the ZA hash. The SM2k code path already handled this correctly (idSz=0), but the ECDSAk + CTC_SM3wSM2 path was incorrectly using CERT_SIG_ID_SZ (16), causing ASN_SIG_CONFIRM_E (-155) when verifying non-self-signed SM2 certs (wolfcrypt/src/asn.c) - Regenerate expired SM2 test certificates via certs/sm2/gen-sm2-certs.sh They had expired.