Commit Graph

227 Commits

Author SHA1 Message Date
Juliusz Sosinowicz fd91f681e5 Fail closed in CheckOcspRequest when ocspCheckAll and no URL
CheckOcspRequest used to return CERT_GOOD whenever a certificate
lacked an AIA extension and no override URL was configured, with
the rationale 'Cert has no OCSP URL, assuming CERT_GOOD'. That is
a fail-open soft-fail: an operator who turned on
WOLFSSL_OCSP_CHECKALL expecting every certificate in the chain to
be revocation-checked would still silently accept a certificate
that omits its OCSP responder URL, letting a misconfigured (or
attacker-controlled) issuer bypass revocation for non-stapled
flows.

Gate the fail-open path on cm->ocspCheckAll. When the caller has
asked for full-chain OCSP checking, return OCSP_NEED_URL so the
chain is refused. The legacy behavior is preserved when
ocspCheckAll is not set, keeping the soft-fail default for plain
WOLFSSL_OCSP_ENABLE users.

F-3227
2026-05-14 14:07:53 +02:00
Juliusz Sosinowicz 49906319f6 ocsp: address review feedback on PR 10303
- Use KEYID_SIZE for Signer key-hash comparisons since
  Signer.{subject,issuer}KeyHash is sized KEYID_SIZE, not OCSP_DIGEST_SIZE.
- Rename subjectHash/issuerHash to subjectNameHash/issuerNameHash in
  CheckOcspResponder/CheckOcspResponderChain to make the name-vs-key
  hash distinction explicit.
- Expand the Signer.issuerKeyHash field comment to clarify it is the
  subject key hash of the immediate issuer CA.
- Add an imposter-root-ca cert (same DN as root-ca, different RSA key)
  for tests that need to exercise the new CertID issuerKeyHash binding.
2026-05-12 14:36:00 +02:00
Juliusz Sosinowicz 0735a0a7b5 ocsp: bind responder authorization to CertID issuerKeyHash
Addresses ZD21675
2026-05-12 14:36:00 +02:00
Jeremiah Mackey 0e08253b0d fix logic errors in stale code 2026-05-07 02:34:41 +00:00
Mattia Moffa 807214dc55 Avoid unneeded temporary stack buffer; remove redundant check 2026-04-17 19:32:23 +02:00
Colton Willey 58a27848a8 Fix NULL derefs, buffer overflow, and i2d contract in EVP/OCSP/X509
Harden OpenSSL compatibility layer against NULL pointers, negative lengths,
and buffer overflows across EVP, OCSP, and X509 APIs. Fix DSA SignFinal
write-before-check overflow, add missing i2d_OCSP_RESPONSE allocation path,
and fix unaligned keyUsage access.
2026-04-13 20:29:50 -07:00
Daniel Pouzzner 7a6e37d697 Merge pull request #10064 from julek-wolfssl/master
Fixes for wolfclu
2026-04-02 22:54:10 -05:00
Juliusz Sosinowicz 4cf33849b8 Fix multiple bugs in OCSP implementation
- wolfSSL_i2d_OCSP_REQUEST_bio: save/restore pointer before i2d call
  that advances it, preventing BIO_write from wrong offset and heap
  corruption on free
- wolfSSL_d2i_OCSP_RESPONSE: remove (unsigned char) cast that truncated
  pointer advance to 8 bits, breaking responses larger than 255 bytes
- wolfSSL_OCSP_CERTID_dup: deep-copy CertStatus to prevent double-free
  when both original and duplicate are freed
- wolfSSL_i2d_OCSP_RESPONSE: add NULL check on response parameter
- wolfSSL_i2d_OCSP_REQUEST: advance *data pointer per i2d convention
- FreeOCSP: NULL-check ocsp->cm before dereferencing for heap
- Fix WOLFSSL_LEAVE strings to match actual function names in
  wc_CheckCertOcspResponse, GetOcspEntry, GetOcspStatus,
  CheckOcspResponse, CheckOcspRequest

Add test for CERTID dup (double-free confirmed under ASAN without fix)
and pointer advancement assertions for d2i_OCSP_RESPONSE callers.

Reported in: ZD21469
2026-04-02 11:24:25 +02:00
Daniel Pouzzner 21c6568883 Fixes for -Wcast-qual hygiene in wolfCrypt.
.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.

wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:

  Remove incorrect const qualifier on the key argument in

  * wc_SignatureVerifyHash()
  * wc_SignatureVerify()
  * wc_SignatureGenerateHash()
  * wc_SignatureGenerateHash_ex()
  * wc_SignatureGenerate()
  * wc_SignatureGenerate_ex()

  This fixes UB code patterns throughout signature.c.  key is inherently
  accessed readwrite by the underlying low level crypto.  Fortunately, wolfCrypt
  has no APIs/methods to allow actual const MPI key objects, therefore these
  seeming breaking API changes can't actually break any users.

globally:

  * Add const qualifiers to all struct pointer members that are assigned values
    computed from const pointers.

  * Add const qualifiers to intermediate casts for accessors and read-only
    dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
    GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).

  * Add const qualifiers to internal declarations, and remove illegal casts, as
    needed for -Wcast-qual hygiene.

  * Add missing const qualifiers to all casts for argument, operand, and
    assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
    "*data = (const byte*)dataASN->data.ref.data" rather than
    "*data = (byte*)dataASN->data.ref.data".

wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:

  * Add additional lifecycle management for object members that are only sometimes locally allocated:

    DNS_entry.nameStored
    DNS_entry.ipStringStored
    DNS_entry.ridStringStored

wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
   prevents compiler optimizers from reordering operations across the barrier.

wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:

  * In blake2b_init(), blake2b_init_key(), blake2s_init(), and
    blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
    (fixes volatile abuse that triggered -Wcast-qual).

  * Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.

wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:

  Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
2026-04-01 14:12:02 -05:00
Juliusz Sosinowicz 829fbbc702 Fix namespace collision on CRL reasons 2026-04-01 14:00:27 +02:00
Juliusz Sosinowicz 6bb122d29f Address copilot review 2026-03-11 11:08:44 +01:00
Juliusz Sosinowicz 6fc83e292b Address code review 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 9015ae9e17 Return unknown information inside of Basic Responde 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz a795b19db2 Implement copilot suggestions 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00
David Garske 1047aaa881 Merge pull request #9796 from JacobBarthelmeh/copyright
update Copyright year
2026-02-19 08:47:30 -08:00
Andrew Hutchings 4e37d99d07 Fix OCSP key-based responder ID lookup when SM2/SM3 is enabled.
When WOLFSSL_SM2 and WOLFSSL_SM3 are both defined, KEYID_SIZE becomes 32
(WC_SM3_DIGEST_SIZE) but OCSP_RESPONDER_ID_KEY_SZ remains 20 (SHA-1 per
RFC 6960). The guard (int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ in
OcspFindSigner() and OcspRespIdMatch() evaluated to false (32 != 20),
completely disabling key-based OCSP responder ID matching. This caused
OCSP stapling to fail with BAD_CERTIFICATE_STATUS_ERROR (-406) against
any server using a key-based responder ID (e.g. login.live.com).

Fix by comparing only OCSP_RESPONDER_ID_KEY_SZ bytes for the responder
ID match, and zero-padding the 20-byte key hash to KEYID_SIZE before
passing to CA lookup functions that compare the full KEYID_SIZE.
2026-02-18 18:01:33 +00:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
David Garske c2a987595f Add new user_settings.h templates for tls13, dtls13, pq, openssl_compat, baremetal, rsa_only, pkcs7, ca 2026-01-28 11:27:01 -08:00
Anthony Hu 48ebe99372 Validate asn date based on position of Z (#8603) 2025-12-29 16:01:22 -06:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
Juliusz Sosinowicz f9063c406b Enables dynamic TLS cert loading with OCSP
Exposes dynamic TLS certificate loading and OCSP stapling to allow applications to load certs lazily.

The server no longer needs to load the CA to staple OCSP responses.

Adds a certificate setup callback (WOLFSSL_CERT_SETUP_CB)
Adds an OCSP status callback to load OCSP responses directly
Adds `wc_NewOCSP`, `wc_FreeOCSP`, and `wc_CheckCertOcspResponse`
Don't call verify twice on the same error
Send correct alert on status response error
2025-10-03 13:08:11 +02:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
Marco Oliverio 83f5644549 ocsp: Fix OcspEncodeCertID SetAlgoID return check 2025-02-27 19:38:44 +00:00
Marco Oliverio 814f0f8a09 Refactor CERT_ID encoding as per review comments 2025-02-27 12:50:37 +00:00
David Garske 512f928650 Fix cast warnings with g++. 2025-02-26 14:45:23 -08:00
Marco Oliverio 5f05209c77 ocsp: fix wolfSSL_d2i_OCSP_CERTID 2025-02-25 22:22:43 +00:00
Marco Oliverio 3bd4b35657 ocsp: support CERT_ID encoding in i2d_OCSP_CERTID 2025-02-25 15:45:11 +00:00
Marco Oliverio 4016120f37 ocsp: populate digest type in cert_to_id
- Added validation for digest type in `wolfSSL_OCSP_cert_to_id` function.
- Defined `OCSP_DIGEST` based on available hash types.
- Set `hashAlgoOID` in `certId` based on `OCSP_DIGEST`.
- Updated `asn.h` to define `OCSP_DIGEST` and `OCSP_DIGEST_SIZE` based on
  available hash types.
2025-02-25 15:42:44 +00:00
Marco Oliverio 1eecf326fd ocsp: use ocspReponse->heap in OcspFindSigner + minors 2025-02-17 08:59:29 +00:00
Marco Oliverio 851d74fd69 ocsp-resp-refactor: address reviewer's comments 2025-02-17 08:59:29 +00:00
Marco Oliverio 3a3238eb9f ocsp: refactor wolfSSL_OCSP_response_get1_basic
The internal fields of OcspResponse refer to the resp->source buffer.
Copying these fields is complex, so it's better to decode the response again.
2025-02-17 08:58:03 +00:00
Marco Oliverio f526679ad5 ocsp: refactor OCSP response decoding and wolfSSL_OCSP_basic_verify
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
  decoding
2025-02-17 08:58:03 +00:00
Marco Oliverio d7711f04ab openssl compat: skip OCSP response verification in statusCb
This aligns with OpenSSL behavior
2025-02-17 08:58:02 +00:00
Marco Oliverio dedbb2526c ocsp: fix memory leaks in OpenSSL compat layer 2025-02-17 08:58:02 +00:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Daniel Pouzzner 8ecf064314 Merge pull request #8098 from dgarske/x86_notwindows_2
More fixes for building x86 in Visual Studio for non-windows OS
2024-11-05 00:13:13 -06:00
David Garske aad0f6e08d Peer review feedback: Improve workaround for variadic macros and cast warnings. 2024-11-04 11:15:00 -08:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
David Garske 84b5d6613d More fixes for building x86 in Visual Studio for non-windows OS (Watcom C compiler). Followup to PR #7884. Fixes ZD 18465
* Consolidate the USE_WINDOWS_API to a single place.
* Expand the `WOLFSSL_NOT_WINDOWS_API` improvement for intrinsics and word sizes.
* Fix for macro variadic `...` when no variables are used (some compilers like Watcom C have issue with this).
* Fix for Watcom C compiler "long long" -> "__int64".
* Fix a couple of minor cast warnings reported from VS.
2024-10-29 11:50:24 -07:00
Marco Oliverio 724fdae7d7 ocsp: propagate ocsp cb return error 2024-10-15 10:03:15 +00:00
Daniel Pouzzner c81c9be9ce error code fixes:
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
David Garske 7c7de235d8 Merge pull request #7937 from douzzer/20240903-missing-WC_NO_ERR_TRACEs
20240903-missing-WC_NO_ERR_TRACEs
2024-09-04 08:07:19 -07:00
Daniel Pouzzner b26fa6cf59 Merge pull request #7918 from SparkiDev/type_conversion_fixes_3
Type conversion fixes
2024-09-03 20:18:00 -05:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
Sean Parkinson ed7beb4e0e Type conversion fixes
Changes to get compilation with -Wconversion passing on the files.
2024-09-02 19:19:23 +10:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
Juliusz Sosinowicz 3260a9b680 Address code review 2024-08-20 10:53:44 +02:00