Netty FIPS fixes for cross-signed certs, empty protocol array, SNI caching

Author: JeremiahM37

src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java

@@ -101,6 +101,9 @@ public class WolfSSLEngine extends SSLEngine {
     private int lastSSLConnectRet = WolfSSL.SSL_FAILURE;
     private int lastSSLAcceptRet = WolfSSL.SSL_FAILURE;
 
+    /* SNI mismatch detected during handshake */
+    private boolean sniMismatch = false;
+
     /* closeNotify status when shutting down */
     private boolean closeNotifySent = false;
     private boolean closeNotifyReceived = false;
@@ -1036,6 +1039,11 @@ else if (produced == 0) {
                     () -> "==================================================");
             }
 
+            if (this.sniMismatch) {
+                throw new SSLHandshakeException(
+                    "Unrecognized Server Name");
+            }
+
             return new SSLEngineResult(status, hs, consumed, produced);
 
         } finally {
@@ -1228,6 +1236,7 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
                     System.arraycopy(tmp, 0, this.pendingAppData, 0, ret);
                     this.pendingAppDataLen = ret;
                     this.pendingNetConsumed = 0;
+                    Arrays.fill(tmp, 0, ret, (byte)0);
                     return 0; /* 0 bytes written to output */
                 }
 
@@ -1333,6 +1342,13 @@ public synchronized SSLEngineResult unwrap(ByteBuffer in, ByteBuffer[] out,
             inRemaining = in.remaining();
         }
 
+        /* Cache SNI from ClientHello before native handshake consumes
+         * the data. The read callback advances netData position, so
+         * SNI must be parsed here while the buffer is still intact. */
+        if (!this.handshakeFinished) {
+            cacheRequestedServerNamesFromNetData();
+        }
+
         if (extraDebugEnabled) {
             final SSLEngineResult.Status tmpStatus = status;
             WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
@@ -1816,6 +1832,11 @@ else if (!this.handshakeFinished && (ret == 0) &&
                     () -> "==================================================");
             }
 
+            if (this.sniMismatch) {
+                throw new SSLHandshakeException(
+                    "Unrecognized Server Name");
+            }
+
             return new SSLEngineResult(status, hs, consumed, produced);
 
         } catch (SSLException | RuntimeException e) {
@@ -1918,6 +1939,10 @@ else if (this.closeNotifyReceived == true &&
                             (this.nativeWantsToWrite == 0) &&
                             (this.nativeWantsToRead == 0)) {
 
+                            if (!this.getUseClientMode() &&
+                                !this.engineHelper.matchSNI()) {
+                                this.sniMismatch = true;
+                            }
                             this.handshakeFinished = true;
                             hs = SSLEngineResult.HandshakeStatus.FINISHED;
                             this.engineHelper.getSession().updateStoredSessionValues();

src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java

@@ -569,8 +569,8 @@ protected synchronized void setCiphers(String[] suites)
      *
      * @param p String array of SSL/TLS protocols to be enabled
      *
-     * @throws IllegalArgumentException if input array is null,
-     *         has length zero, or contains invalid/unsupported protocols
+     * @throws IllegalArgumentException if input array is null or
+     *         contains invalid/unsupported protocols
      */
     protected synchronized void setProtocols(String[] p)
         throws IllegalArgumentException {
@@ -580,7 +580,9 @@ protected synchronized void setProtocols(String[] p)
         }
 
         if (p.length == 0) {
-            throw new IllegalArgumentException("input array has length zero");
+            /* Empty array is valid, store empty set */
+            this.params.setProtocols(new String[0]);
+            return;
         }
 
         /* sanitize protocol array for unsupported strings */

src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java

@@ -1118,8 +1118,10 @@ public String[] getLocalSupportedSignatureAlgorithms() {
 
     @Override
     public String[] getPeerSupportedSignatureAlgorithms() {
-        /* TODO */
-        return null;
+        /* TODO: Wire to native wolfSSL_get_peer_sigalgs() once
+         * available. Returns String[0] not null because JSSE
+         * callers iterate the result directly. Null causes NPE. */
+        return new String[0];
     }
 
     /**

src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java

@@ -32,7 +32,6 @@
 import java.security.cert.CertificateException;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLEngine;
-import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.X509TrustManager;
 import javax.net.ssl.X509ExtendedTrustManager;
@@ -574,8 +573,8 @@ else if ((!this.clientMode) && (this.params != null) &&
             (!this.params.getNeedClientAuth())) {
             /* wantClientAuth is set and client sent a certificate.
              * Try to verify via TrustManager, but don't fail the
-             * handshake if verification fails — wantClientAuth means
-             * verification failure is non-fatal (JSSE contract). */
+             * handshake if verification fails — matches SunJSSE
+             * behavior where wantClientAuth is non-fatal. */
             if (VerifyCertChainWithTrustManager(x509certs, authType)) {
                 WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
                     () -> "wantClientAuth: client cert verified successfully");

src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java

@@ -236,7 +236,9 @@ synchronized public void setEnabledProtocols(String[] protocols)
         }
 
         if (protocols.length == 0) {
-            throw new IllegalArgumentException("input array has length zero");
+            /* Empty array is valid, store empty set */
+            params.setProtocols(new String[0]);
+            return;
         }
 
         /* sanitize protocol array for unsupported strings */

src/java/com/wolfssl/provider/jsse/WolfSSLTrustX509.java

@@ -573,10 +573,33 @@ private List<X509Certificate> certManagerVerify(
         ret = cm.CertManagerVerifyBuffer(peer, peer.length,
                 WolfSSL.SSL_FILETYPE_ASN1);
         if (ret != WolfSSL.SSL_SUCCESS) {
-            WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
-                () -> "Failed to verify peer certificate");
-            cm.free();
-            throw new CertificateException("Failed to verify peer certificate");
+            /* Native CA lookup by subject hash may return wrong issuer
+             * for cross-signed certs. Find correct one by signature,
+             * reload it, and retry. */
+            X509Certificate issuer = findIssuerBySignature(
+                sortedCerts[0], this.store);
+            if (issuer != null) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "Found issuer by signature for peer: " +
+                    sortedCerts[0].getSubjectX500Principal().getName());
+                try {
+                    cm.CertManagerUnloadCAs();
+                    byte[] issuerEnc = issuer.getEncoded();
+                    cm.CertManagerLoadCABuffer(issuerEnc,
+                        issuerEnc.length, WolfSSL.SSL_FILETYPE_ASN1);
+                } catch (Exception e) {
+                    /* Fall through to failure below */
+                }
+                ret = cm.CertManagerVerifyBuffer(peer, peer.length,
+                    WolfSSL.SSL_FILETYPE_ASN1);
+            }
+            if (ret != WolfSSL.SSL_SUCCESS) {
+                WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
+                    () -> "Failed to verify peer certificate");
+                cm.free();
+                throw new CertificateException(
+                    "Failed to verify peer certificate");
+            }
         }
 
         WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,

src/test/com/wolfssl/provider/jsse/test/WolfSSLServerSocketTest.java

@@ -416,16 +416,19 @@ public void testGetSetEnabledProtocols()
                 /* expected */
             }
 
-            /* test failure, empty string */
+            String[] savedProtos = s.getEnabledProtocols();
+
+            /* test empty array accepted */
             try {
                 String[] empty = {};
                 s.setEnabledProtocols(empty);
-                System.out.println("\t... failed");
-                fail("setEnabledProtocols() failed");
             } catch (IllegalArgumentException e) {
-                /* expected */
+                System.out.println("\t... failed");
+                fail("setEnabledProtocols() should accept empty");
             }
 
+            s.setEnabledProtocols(savedProtos);
+
             /* test failure, bad value */
             try {
                 String[] badvalue = { "badvalue" };

src/test/com/wolfssl/provider/jsse/test/WolfSSLSocketTest.java

@@ -474,16 +474,19 @@ public void testGetSetEnabledProtocols()
                 /* expected */
             }
 
-            /* test failure, empty string */
+            String[] savedProtos = s.getEnabledProtocols();
+
+            /* test empty array accepted */
             try {
                 String[] empty = {};
                 s.setEnabledProtocols(empty);
-                System.out.println("\t\t... failed");
-                fail("SSLSocket.setEnabledProtocols() failed");
             } catch (IllegalArgumentException e) {
-                /* expected */
+                System.out.println("\t\t... failed");
+                fail("SSLSocket.setEnabledProtocols() should accept empty");
             }
 
+            s.setEnabledProtocols(savedProtos);
+
             /* test failure, bad value */
             try {
                 String[] badvalue = { "badvalue" };