Skip to content

Various fixes#10702

Open
Frauschi wants to merge 7 commits into
wolfSSL:masterfrom
Frauschi:zd21992
Open

Various fixes#10702
Frauschi wants to merge 7 commits into
wolfSSL:masterfrom
Frauschi:zd21992

Conversation

@Frauschi

@Frauschi Frauschi commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Hardening and correctness fixes for certificate, TLS, and crypto paths

A set of defensive fixes across several subsystems, each in its own commit with an accompanying regression test:

  • PKCS7: stricter checks in the OpenSSL-compat verify path
  • Cert manager: tighten key-usage handling for chain-supplied intermediates
  • TLS: validate negotiated certificate type more strictly
  • TLS 1.3: harden the post-handshake authentication path
  • SP math: correct ECDH shared-secret output-buffer length checks (regenerated across all backends from the generator)
  • BIO: guard the memory read path against non-positive lengths

All changes are covered by new unit tests; full test suite passes. Fixes findings 1, 2, 3, 6, 12, and 29 of zd21992. Needs https://github.com/wolfSSL/scripts/pull/588.

@Frauschi
PKCS7: tighten signature presence check in PKCS7_verify
d382439 
Ensure a signer signature is actually verified before reporting a
PKCS7 SignedData object as verified, and add a regression test.
@Frauschi Frauschi self-assigned this Jun 16, 2026
Frauschi added 2 commits June 16, 2026 20:31
@Frauschi
certman: enforce keyCertSign usage on chain-supplied intermediate CAs
3e30e69 
Require the keyCertSign key usage on non-root intermediate CAs added during
path building when a KeyUsage extension is present, per RFC 5280. Adds a
regression test.
@Frauschi
TLS: validate negotiated certificate type for raw public keys
c929798 
Ensure a peer's certificate form (X.509 vs raw public key) matches the
negotiated certificate type, defaulting to X.509 when none was negotiated,
on both the client and server. Adds RPK regression tests covering both
directions.
@github-actions

github-actions Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

MemBrowse Memory Report

gcc-arm-cortex-m3

  • FLASH: .text +12 B (+0.0%, 121,409 B / 262,144 B, total: 46% used)

gcc-arm-cortex-m4-tls12

@Frauschi

Frauschi commented Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Needs https://github.com/wolfSSL/scripts/pull/588

Frauschi added 3 commits June 16, 2026 20:56
@Frauschi
TLS 1.3: fix for post-handshake authentication
f23544f 
Only exempt the missing-certificate check during the initial handshake; once a
post-handshake CertificateRequest is outstanding the server again requires the
client certificate (and its CertificateVerify). Adds a post-handshake auth
test.
@Frauschi
SP math: validate ECDH shared-secret output buffer against the field …
8f55480 
…size

Regenerate the SP backends so the ECDH secret generators check the caller's
buffer against the number of bytes actually written. Adds a P-384/P-521
buffer-size regression test.
@Frauschi
BIO: reject negative length in memory BIO read
eaa5634 
Reject a negative read length in the memory BIO read path so it cannot bypass
the signed bounds checks and reach a wild copy. Adds a regression test.
@JacobBarthelmeh

JacobBarthelmeh commented Jun 16, 2026

Copy link
Copy Markdown
Contributor 
wolfssl/tests/api/test_ossl_x509_str.c:1540:10: warning: Although the value stored to 'sz' is used in the enclosing expression, the value is never actually read from 'sz' [clang-analyzer-deadcode.DeadStores]
if ((sz = wc_MakeCert(&cert, out, (word32)outMax, subjKey, NULL, rng)) < 0)
^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wolfssl/tests/api/test_ossl_x509_str.c:1540:10: note: Although the value stored to 'sz' is used in the enclosing expression, the value is never actually read from 'sz'
if ((sz = wc_MakeCert(&cert, out, (word32)outMax, subjKey, NULL, rng)) < 0)
^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wolfssl/tests/api/test_ossl_x509_str.c:1569:10: warning: Although the value stored to 'sz' is used in the enclosing expression, the value is never actually read from 'sz' [clang-analyzer-deadcode.DeadStores]
if ((sz = wc_MakeCert(&cert, out, (word32)outMax, leafKey, NULL, rng)) < 0)
^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
wolfssl/tests/api/test_ossl_x509_str.c:1569:10: note: Although the value stored to 'sz' is used in the enclosing expression, the value is never actually read from 'sz'
if ((sz = wc_MakeCert(&cert, out, (word32)outMax, leafKey, NULL, rng)) < 0)
^    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed Jun 16, 2026
View reviewed changes

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #10702

Scan targets checked: wolfcrypt-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src

No new issues found in the changed files. ✅

@JacobBarthelmeh

JacobBarthelmeh commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Retest this please Jenkins CAVP test make check failure "wolfSSL error: port number cannot be 0"

@JacobBarthelmeh JacobBarthelmeh added the For This Release Release version 5.9.2 label Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Frauschi Frauschi

Labels

For This Release Release version 5.9.2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Frauschi @JacobBarthelmeh @wolfSSL-Fenrir-bot