Fixes for OpenSSL compatibility layer#10674
Merged
Merged
Conversation
Ensure caller-supplied intermediate certificates cannot terminate the chain during compatibility-layer verification; a path must reach a configured trust anchor. Add a regression test and supporting certs.
Fail compatibility-layer verification when the path-building loop runs out of its depth budget before reaching a configured trust anchor, instead of accepting the last verified link. Add a regression test.
…ck pollution Robustness fixes in the OpenSSL-compatibility certificate verifier, independent of the depth-exhaustion fix: - Fail closed on allocation failure. When the failedCerts working stack could not be allocated, the function fell through to exit with ret still set to WOLFSSL_SUCCESS and reported the chain as verified without checking anything (a fail-open regression from the leak fix that turned the early return into a goto exit). Also check the ctx->chain allocation. Both now set an error. - Remove caller-supplied intermediates from the correct stack. The intermediates appended to the working cert list during chain building were popped from ctx->store->certs by count, but they are appended to whichever stack is in use - which may be the caller's setTrustedSk (X509_STORE_CTX_set0_trusted_stack). Remove them by pointer identity from that same stack, recomputed from ctxIntermediates. Identity removal also survives the chain-building retries that reorder the stack, where a positional pop could drop a legitimate trusted entry and leave an injected intermediate behind - which a later verification reusing the store/ctx would then snapshot as a trust anchor. The removal helper walks the list once (O(n)) rather than indexing per position. - NULL-guard ctx->store->param before dereferencing its flags in the partial-chain check. Add regression tests covering: the trusted stack being restored after verification, and the retry path (tampered plus genuine same-subject intermediates, both orderings) leaving the store clean for later use.
|
dgarske
approved these changes
Jun 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Various fixes and hardening for the OpenSSL compatibility layer. Adds regression tests as well.
Fixes zd21920.