Commit Graph

27 Commits

Author SHA1 Message Date
JacobBarthelmeh 1001428637 adjust test case macro guard for ALLOW_INVALID_CERTSIGN builds 2026-06-18 08:20:33 -06:00
JacobBarthelmeh e6f02ecf4d fix for clang-tidy warning on variable not read 2026-06-16 16:09:42 -06:00
Tobias Frauenschläger 3e30e69c35 certman: enforce keyCertSign usage on chain-supplied intermediate CAs
Require the keyCertSign key usage on non-root intermediate CAs added during
path building when a KeyUsage extension is present, per RFC 5280. Adds a
regression test.
2026-06-16 20:31:36 +02:00
JacobBarthelmeh 86ba8f7770 Merge pull request #10652 from SparkiDev/regression_fixes_25
Regression testing fixes - memory allocation failure testing
2026-06-12 16:30:57 -06:00
Tobias Frauenschläger 5c1225e6ab x509: harden wolfSSL_X509_verify_cert() against alloc failure and stack pollution
Robustness fixes in the OpenSSL-compatibility certificate verifier, independent
of the depth-exhaustion fix:

- Fail closed on allocation failure. When the failedCerts working stack could
  not be allocated, the function fell through to exit with ret still set to
  WOLFSSL_SUCCESS and reported the chain as verified without checking anything
  (a fail-open regression from the leak fix that turned the early return into a
  goto exit). Also check the ctx->chain allocation. Both now set an error.

- Remove caller-supplied intermediates from the correct stack. The intermediates
  appended to the working cert list during chain building were popped from
  ctx->store->certs by count, but they are appended to whichever stack is in use
  - which may be the caller's setTrustedSk (X509_STORE_CTX_set0_trusted_stack).
  Remove them by pointer identity from that same stack, recomputed from
  ctxIntermediates. Identity removal also survives the chain-building retries
  that reorder the stack, where a positional pop could drop a legitimate trusted
  entry and leave an injected intermediate behind - which a later verification
  reusing the store/ctx would then snapshot as a trust anchor. The removal helper
  walks the list once (O(n)) rather than indexing per position.

- NULL-guard ctx->store->param before dereferencing its flags in the
  partial-chain check.

Add regression tests covering: the trusted stack being restored after
verification, and the retry path (tampered plus genuine same-subject
intermediates, both orderings) leaving the store clean for later use.
2026-06-12 17:29:31 +02:00
Tobias Frauenschläger 2d76a68925 x509: reject depth-exhausted chains in wolfSSL_X509_verify_cert()
Fail compatibility-layer verification when the path-building loop runs
out of its depth budget before reaching a configured trust anchor,
instead of accepting the last verified link. Add a regression test.
2026-06-12 17:29:31 +02:00
Tobias Frauenschläger 3e2c46001e x509: require a trusted anchor in wolfSSL_X509_verify_cert()
Ensure caller-supplied intermediate certificates cannot terminate the
chain during compatibility-layer verification; a path must reach a
configured trust anchor. Add a regression test and supporting certs.
2026-06-12 17:29:31 +02:00
Sean Parkinson b04f573e20 Regression testing fixes - memory allocation failure testing
crl.c, internal.h: leak of sigParams requiring reorder the struct fields to that it is above memcpy part.
dtl13.c: free the DRLS fragments buffer in Dtls13FreeFsmResources in case fragment is never sent.
ocsp.c: only free cid if locally allocated.
tls.c: make sure ecc_kse is zeroized and can be freed.
tls13.c: set hsHashesEch after init so isn't lost on failure.
evp_pk.c: free key on the BIO error path

Fixed various tests to not leak or crash on memory allocation failure.
2026-06-11 12:14:06 +10:00
David Garske 678ddd6c73 Merge pull request #10339 from embhorn/zd21707
Fix handling of otherName in ConfirmNameConstraints
2026-05-05 11:41:28 -07:00
David Garske 07ea48673a Merge pull request #10073 from anhu/certmgr
Ensure certificates are getting into cert manager
2026-04-29 09:58:45 -07:00
Eric Blankenhorn e0f753c0d6 Fix wolfSSL_X509_verify_cert permissiveness with compat layer 2026-04-29 09:40:15 -05:00
Anthony Hu b96a83699b Guarding fix 2026-04-15 11:47:56 -04:00
Eric Blankenhorn 2b503dae54 Fix from review 2026-04-14 07:41:30 -05:00
Eric Blankenhorn a6fd25b94e Fix partial chain verification 2026-04-14 07:25:11 -05:00
Daniel Pouzzner 1b692b8063 fixes for clang -Wunused-but-set-globals (coverage added by LLVM 23_pre20260331). 2026-04-12 12:07:33 -05:00
Anthony Hu ce226a8ad7 Fix bad merge in tests 2026-04-10 12:15:04 -04:00
Anthony Hu 7336ed7cee Fixes ZD 19760
Before this fix, the certificates were not getting into the certificate manager.
This makes sure they are going in.
2026-04-09 13:09:17 -04:00
Tobias Frauenschläger e5ab7fa745 x509: fix CA:FALSE bypass in wolfSSL_X509_verify_cert
When an untrusted issuer has CA:FALSE and no verify_cb is registered,
the !isCa branch now fails closed (ret=WOLFSSL_FAILURE, goto exit)
instead of falling through and skipping X509StoreVerifyCert for the
leaf. SetupStoreCtxError_ex is also hardened to never overwrite a
previously recorded error with success, preventing a later valid chain
link from clobbering ctx->error back to X509_V_OK. Tests added for
both the no-callback rejection and the error-preservation cases.

Reported by: Nicholas Carlini (Anthropic) & Thai Duong (Calif.io)
2026-04-02 22:38:16 -06:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Sean Parkinson be4584784c Split out code form ssl.c and pk.c
Move EC and RSA code out of pk.c into separate file.

Move out of ssl.c into separate files:
  - Certificate APIs
  - CRL/OCSP APIs
  - Public Key APIs
  - ECH

Internal Certificate Manager APIs pulled out into ssl_certman.c.
d2i and i2d WOLFSSL_EVP_PKEY APIs pulled out into evp_pk.c.

Fix formatting.
2026-01-29 18:49:56 +10:00
Hideki Miyazaki 6392c2b420 undo changes
fix indentation
2026-01-08 07:10:25 +09:00
Hideki Miyazaki c6dd1a745e boundary check 2026-01-07 09:19:43 +09:00
Hideki Miyazaki 30fe079763 Addressed review comments 2026-01-07 06:55:22 +09:00
Hideki Miyazaki 10d3e251fd fix qt jenkins nightly test failure 2026-01-07 06:55:22 +09:00
JacobBarthelmeh 01442a1460 adjust macro guard around test case 2025-12-12 13:36:14 -07:00
JacobBarthelmeh e1bbb71878 tie in use of check_time with x509 store 2025-12-12 09:22:23 -07:00
Sean Parkinson b4b617de49 api.c: Split out more functions
More X509 function testing.
X509 store function testing.
X509 lookup function testing.
2025-12-11 19:00:19 +10:00