Fix from review

embhorn · embhorn · commit 7d485dffa1ca · 2026-04-09T15:31:11.000-05:00
diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c
@@ -316,7 +316,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
         sizeof(pkcs12Passwd) - 1, NULL, inKey, inKeySz, inCert, inCertSz,
         &inCa, -1, -1, 2048, 2048, 0, NULL));
 
-    /* Serialize to DER — use int intermediate to avoid word32 truncation
+    /* Serialize to DER - use int intermediate to avoid word32 truncation
      * of negative error codes from wc_i2d_PKCS12(). */
     ExpectIntGE((exportRet = wc_i2d_PKCS12(pkcs12Export, &pkcs12Der, NULL)), 0);
     pkcs12DerSz = (word32)exportRet;
@@ -346,7 +346,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
 
 #endif
 
-    /* Part 2: True regression test — craft a malformed PKCS#12 whose decrypted
+    /* Part 2: True regression test - craft a malformed PKCS#12 whose decrypted
      * SafeBags SEQUENCE claims a length that exceeds the decrypted content
      * bounds (contentSz) but fits within the stale ContentInfo bounds
      * (ci->dataSz). Before the fix, the parser used ci->dataSz, allowing a
@@ -361,7 +361,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
         static const byte regIv[16]  = {0};
 
         /* Malformed SafeBags plaintext (one AES block = 16 bytes).
-         * The outer SEQUENCE claims length 100 — this exceeds the decrypted
+         * The outer SEQUENCE claims length 100 - this exceeds the decrypted
          * content size (16) but fits inside the stale ci->dataSz (127) that
          * the unfixed code used as the parsing bound. */
         static const byte regPlaintext[16] = {
@@ -374,7 +374,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
          * Structure: PFX { version 3, authSafe { DATA { AuthenticatedSafe {
          *   EncryptedData { PBES2(AES-256-CBC, HMAC-SHA256, PBKDF2)
          *     <ciphertext placeholder at offset 154> } } } } }
-         * No MacData — macIter=0 skips MAC verification. */
+         * No MacData - macIter=0 skips MAC verification. */
         byte regDer[170] = {
             0x30, 0x81, 0xA7,                               /* PFX SEQ (167) */
             0x02, 0x01, 0x03,                               /* version 3 */
@@ -416,7 +416,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x80, 0x10,                       /* [0] IMPLICIT CT (16) */
-            /* 16 bytes ciphertext — filled at runtime */
+            /* 16 bytes ciphertext - filled at runtime */
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
         };
@@ -446,7 +446,7 @@ int test_wc_PKCS12_encrypted_content_bounds(void)
         /* Patch ciphertext into the DER template at offset 154 */
         XMEMCPY(regDer + 154, regCiphertext, sizeof(regCiphertext));
 
-        /* Parse the crafted PKCS#12 — d2i should succeed (outer structure
+        /* Parse the crafted PKCS#12 - d2i should succeed (outer structure
          * is valid), but wc_PKCS12_parse must fail because GetSequence
          * rejects SEQUENCE length 100 against contentSz 16. */
         ExpectNotNull(regP12 = wc_PKCS12_new_ex(NULL));
