Skip to content

Require verify result to be captured in client cert response handlers#426

Merged
bigbrett merged 1 commit into
wolfSSL:mainfrom
padelsbach:require-verify-return-code
Jul 2, 2026
Merged

Require verify result to be captured in client cert response handlers#426
bigbrett merged 1 commit into
wolfSSL:mainfrom
padelsbach:require-verify-return-code

Conversation

@padelsbach

Copy link
Copy Markdown
Contributor

Addresses F-6199. Caller is no longer allowed to pass out_rc == NULL since this value contains the actual verification result. This breaks convention within wolfHSM, admittedly.

@padelsbach padelsbach marked this pull request as ready for review June 28, 2026 15:10

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enforces that certificate verification APIs always capture the server’s verification verdict by making out_rc mandatory (non-NULL) across client-side cert verify response handlers and synchronous helpers, addressing F-6199.

Changes:

  • Updated public API documentation in wh_client.h to state out_rc is required and to clarify that rc == 0 does not imply a successful verification verdict.
  • Added argument validation in client cert verification code paths to reject out_rc == NULL with WH_ERROR_BADARGS.
  • Extended certificate client tests to ensure passing a NULL verdict pointer is rejected.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
wolfhsm/wh_client.h Updates API docs to require out_rc and clarify verification semantics.
src/wh_client_cert.c Enforces out_rc non-NULL in cert verify response/dispatch helpers.
test/wh_test_cert.c Adds regression coverage for rejecting out_rc == NULL in cert verify.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread wolfhsm/wh_client.h
Comment thread src/wh_client_cert.c
Comment thread src/wh_client_cert.c
Comment thread src/wh_client_cert.c
whMessageCert_VerifyResponse resp;

if (c == NULL) {
/* out_rc is mandatory; it carries the verification verdict */

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@padelsbach can we get rid of these comments in whatever PR you are working on next? Kinda just clutters things and unneccessary. But dont want to block this merge

@bigbrett bigbrett merged commit a578b41 into wolfSSL:main Jul 2, 2026
108 checks passed

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #426

Scan targets checked: wolfhsm-core-bugs, wolfhsm-crypto-bugs, wolfhsm-src
Findings: 1

Info (1)

Inner out_rc != NULL guards are now always-true dead conditions

File: src/wh_client_cert.c:431
Function: _certVerifyResponse
Category: Dead/unreachable code

The new top-level out_rc == NULL early return makes the pre-existing inner if (out_rc != NULL) guards unreachable when false in the response helpers (_certVerifyResponse, _certVerifyMultiRootResponse, _certVerifyDmaResponse, _certVerifyMultiRootDmaResponse, and the Acert responders). Harmless but now-redundant.

Recommendation: Optionally drop the now-redundant inner NULL guard around the *out_rc = resp.rc assignment.

Referenced code: src/wh_client_cert.c:431-433 (3 lines)


This review was generated automatically by Fenrir. Findings are non-blocking.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants