Allow serial number 0 for root CA certificates

[jackctj117]

Fixes #8615

This pull request updates the logic for validating X.509 certificate serial numbers in wolfcrypt/src/asn.c. The main change is to improve compliance with RFC 5280 while allowing for real-world exceptions involving root CAs. The previous strict check for zero serial numbers is now more nuanced, permitting serial number 0 for self-signed CA certificates but still rejecting it for other certificates.

Certificate serial number validation improvements:

• Moved and updated the check for serial numbers of 0 to allow self-signed CA (root) certificates to have a serial number of 0, while still treating serial 0 as an error for all other certificates. This better aligns with RFC 5280 and real-world trust store practices. [1] [2]
• Removed the previous check that always treated a serial number of 0 as an error, regardless of certificate type.

Testing

Tested with certificates generated using OpenSSL to verify all scenarios:

• Root CA with serial 0 loads successfully (previously failed, now passes)
• End-entity cert with serial 0 is correctly rejected
• Normal end-entity cert signed by root CA with serial 0 verifies successfully
• Self-signed non-CA cert with serial 0 is correctly rejected

[kareem-wolfssl]

Changes look good.

Can you add some test cases with a CA and leaf cert with a serial of 0?

[jackctj117]

@kareem-wolfssl it looks like the failures are looking for an expected failure due to a self-signed CA certificate with serial number 0.

[kareem-wolfssl]

@kareem-wolfssl it looks like the failures are looking for an expected failure due to a self-signed CA certificate with serial number 0.

Yes, you will need to update the failing test test_MakeCertWith0Ser since we no longer expect a root CA with serial 0 to fail.

[dgarske]

@jackctj117 looks like some valid unit test failures you will need to look into. All related to --enable-asn=original.

FAILURES:
   390: test_SerialNumber0_RootCA

[jackctj117]

Jenkins retest this please. History lost.

[jackctj117]

Jenkins retest this please. History lost.

[jackctj117]

Jenkins retest this please

[jackctj117]

Jenkins retest this please

[jackctj117]

Jenkins retest this

[jackctj117]

Jenkins retest this please

[kareem-wolfssl]

This should test for the expected error code.

[kareem-wolfssl]

Same as above, check for the expected error code.

[kareem-wolfssl]

Jenkins retest this please.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Copilot]

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 20 out of 20 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

wolfcrypt/src/asn.c:23904

• The log message for cert->serialSz == 0 is confusing: it suggests a certificate might legitimately have “no serial number”, but X.509 certificates always have a serial number and RFC 5280 requires it to be present. Consider rewording to clearly state that an empty/zero-length serial is invalid, and (if appropriate in this file) emit the verbose error macro consistently with other parse failures.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The serial-0 exception is currently keyed off cert->isCA && cert->selfSigned, but selfSigned is determined by issuer/subject name hash equality (not by verifying the signature with the certificate's own public key). This makes the exception apply to any self-issued CA certificate (and in all parse contexts), not specifically to explicitly-trusted root CAs as the comment describes. Consider tightening the condition to only allow serial 0 when parsing a trust anchor context (e.g., CA_TYPE / TRUSTED_PEER_TYPE) or when the certificate is cryptographically self-signed, so nonconforming non-root/self-issued certs remain rejected under strict ASN settings.

[Copilot]

This test only loads/verifies existing PEM files via the cert manager, but it is gated on WOLFSSL_CERT_GEN. Certificate generation support shouldn't be required for these APIs, so this guard will skip the test in builds that still include ASN/X.509 parsing/verification. Consider dropping defined(WOLFSSL_CERT_GEN) from the preprocessor condition (keeping only the features actually required, e.g., filesystem/certs/extensions) to improve coverage across configurations.