wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-02-04 02:25:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIPS Revalidation

Browse Source 
Merge branch 'master' into fipsv2. Using a merge instead of a rebase to retain commit IDs and tags.
This commit is contained in:
John Safranek
2018-06-06 12:43:15 -07:00
parent 6e697c21d9 b63d3173a1
commit 7e9a32fffd
197 changed files with 16293 additions and 12387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/crl.c
View File

@@ -49,8 +49,10 @@
int InitCRL(WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm)
{
WOLFSSL_ENTER("InitCRL");
crl->heap = cm->heap;
if(cm != NULL)
crl->heap = cm->heap;
else
crl->heap = NULL;
crl->cm = cm;
crl->crlList = NULL;
crl->monitors[0].path = NULL;
@@ -153,7 +155,6 @@ void FreeCRL(WOLFSSL_CRL* crl, int dynamic)
CRL_Entry* tmp = crl->crlList;
WOLFSSL_ENTER("FreeCRL");
if (crl->monitors[0].path)
XFREE(crl->monitors[0].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR);
@@ -373,12 +374,14 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
WOLFSSL_MSG("Issuing missing CRL callback");
url[0] = '\0';
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
WOLFSSL_MSG("CRL url too long");
if (cert->extCrlInfo) {
if (cert->extCrlInfoSz < (int)sizeof(url) -1 ) {
XMEMCPY(url, cert->extCrlInfo, cert->extCrlInfoSz);
url[cert->extCrlInfoSz] = '\0';
}
else {
WOLFSSL_MSG("CRL url too long");
}
}
crl->cm->cbMissingCRL(url);
@@ -489,6 +492,34 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */
}
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
{
CRL_Entry *crle;
WOLFSSL_CRL *crl;
WOLFSSL_ENTER("wolfSSL_X509_STORE_add_crl");
if (store == NULL || newcrl == NULL)
return BAD_FUNC_ARG;
crl = store->crl;
crle = newcrl->crlList;
if (wc_LockMutex(&crl->crlLock) != 0)
{
WOLFSSL_MSG("wc_LockMutex failed");
return BAD_MUTEX_E;
}
crle->next = crl->crlList;
crl->crlList = crle;
newcrl->crlList = NULL;
wc_UnLockMutex(&crl->crlLock);
WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_crl", WOLFSSL_SUCCESS);
return WOLFSSL_SUCCESS;
}
#endif
#ifdef HAVE_CRL_MONITOR

1964
src/internal.c
View File

File diff suppressed because it is too large Load Diff

14
src/keys.c
View File

@@ -2125,7 +2125,9 @@ int SetCipherSpecs(WOLFSSL* ssl)
if (ssl->version.major == 3 && ssl->version.minor >= 1) {
#ifndef NO_TLS
ssl->options.tls = 1;
#ifndef WOLFSSL_NO_TLS12
ssl->hmac = TLS_hmac;
#endif
if (ssl->version.minor >= 2) {
ssl->options.tls1_1 = 1;
if (ssl->version.minor >= 4)
@@ -3440,14 +3442,14 @@ int MakeMasterSecret(WOLFSSL* ssl)
}
#endif
#ifdef NO_OLD_TLS
return MakeTlsMasterSecret(ssl);
#elif !defined(NO_TLS)
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
#endif
#ifndef NO_OLD_TLS
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
return MakeSslMasterSecret(ssl);
#elif !defined(WOLFSSL_NO_TLS12)
return MakeTlsMasterSecret(ssl);
#else
(void)ssl;
return 0;
#endif
}

910
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

21
src/tls.c Executable file → Normal file
View File

@@ -99,13 +99,14 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions);
#endif
#ifndef WOLFSSL_NO_TLS12
#ifdef WOLFSSL_SHA384
#define P_HASH_MAX_SIZE WC_SHA384_DIGEST_SIZE
#else
#define P_HASH_MAX_SIZE WC_SHA256_DIGEST_SIZE
#endif
/* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */
static int p_hash(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash,
@@ -233,6 +234,8 @@ static int p_hash(byte* result, word32 resLen, const byte* secret,
#undef P_HASH_MAX_SIZE
#endif /* !WOLFSSL_NO_TLS12 */
#ifndef NO_OLD_TLS
@@ -325,6 +328,8 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
#endif
#ifndef WOLFSSL_NO_TLS12
/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
use */
static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
@@ -452,6 +457,7 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
return ret;
}
#endif /* !WOLFSSL_NO_TLS12 */
#ifndef NO_OLD_TLS
@@ -479,6 +485,8 @@ ProtocolVersion MakeTLSv1_1(void)
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
ProtocolVersion MakeTLSv1_2(void)
{
ProtocolVersion pv;
@@ -488,6 +496,8 @@ ProtocolVersion MakeTLSv1_2(void)
return pv;
}
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
/* The TLS v1.3 protocol version.
*
@@ -503,6 +513,7 @@ ProtocolVersion MakeTLSv1_3(void)
}
#endif
#ifndef WOLFSSL_NO_TLS12
#ifdef HAVE_EXTENDED_MASTER
static const byte ext_master_label[EXT_MASTER_LABEL_SZ + 1] =
@@ -877,6 +888,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
return ret;
}
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef HAVE_TLS_EXTENSIONS
/**
@@ -9464,6 +9477,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_METHOD* wolfTLSv1_2_client_method(void)
{
@@ -9481,6 +9495,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
return method;
}
#endif /* WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
/* The TLS v1.3 client method data.
*
@@ -9586,6 +9602,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
}
#endif /* !NO_OLD_TLS */
#ifndef WOLFSSL_NO_TLS12
WOLFSSL_METHOD* wolfTLSv1_2_server_method(void)
{
@@ -9605,6 +9622,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
return method;
}
#endif /* !WOLFSSL_NO_TLS12 */
#ifdef WOLFSSL_TLS13
/* The TLS v1.3 server method data.
*

77
src/tls13.c Executable file → Normal file
View File

@@ -2376,11 +2376,18 @@ int SendTls13ClientHello(WOLFSSL* ssl)
if (ssl->options.resuming &&
(ssl->session.version.major != ssl->version.major ||
ssl->session.version.minor != ssl->version.minor)) {
/* Cannot resume with a different protocol version - new handshake. */
ssl->options.resuming = 0;
ssl->version.major = ssl->session.version.major;
ssl->version.minor = ssl->session.version.minor;
return SendClientHello(ssl);
#ifndef WOLFSSL_NO_TLS12
if (ssl->session.version.major == ssl->version.major &&
ssl->session.version.minor < ssl->version.minor) {
/* Cannot resume with a different protocol version. */
ssl->options.resuming = 0;
ssl->version.major = ssl->session.version.major;
ssl->version.minor = ssl->session.version.minor;
return SendClientHello(ssl);
}
else
#endif
return VERSION_ERROR;
}
#endif
@@ -2774,15 +2781,18 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ret != 0)
return ret;
if (!IsAtLeastTLSv1_3(pv) && pv.major != TLS_DRAFT_MAJOR) {
#ifndef WOLFSSL_NO_TLS12
if (ssl->options.downgrade) {
ssl->version = pv;
return DoServerHello(ssl, input, inOutIdx, helloSz);
}
#endif
WOLFSSL_MSG("CLient using higher version, fatal error");
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
}
#else
#ifndef WOLFSSL_NO_TLS12
if (pv.major == ssl->version.major && pv.minor < TLSv1_2_MINOR &&
ssl->options.downgrade) {
/* Force client hello version 1.2 to work for static RSA. */
@@ -2790,6 +2800,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->version.minor = TLSv1_2_MINOR;
return DoServerHello(ssl, input, inOutIdx, helloSz);
}
#endif
if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR)
return VERSION_ERROR;
#endif
@@ -2848,7 +2859,9 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if ((i - begin) + OPAQUE16_LEN > helloSz) {
if (!ssl->options.downgrade)
return BUFFER_ERROR;
#ifndef WOLFSSL_NO_TLS12
ssl->version.minor = TLSv1_2_MINOR;
#endif
ssl->options.haveEMS = 0;
}
if ((i - begin) < helloSz)
@@ -2891,6 +2904,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
* Only now do we know how to deal with session id.
*/
if (!IsAtLeastTLSv1_3(ssl->version)) {
#ifndef WOLFSSL_NO_TLS12
ssl->arrays->sessionIDSz = sessIdSz;
if (ssl->arrays->sessionIDSz > ID_LEN) {
@@ -2907,6 +2921,10 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ssl->chVersion.minor = TLSv1_2_MINOR;
/* Complete TLS v1.2 processing of ServerHello. */
ret = CompleteServerHello(ssl);
#else
WOLFSSL_MSG("Client using higher version, fatal error");
ret = VERSION_ERROR;
#endif
WOLFSSL_LEAVE("DoTls13ServerHello", ret);
@@ -3744,7 +3762,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
word16 totalExtSz = 0;
int usingPSK = 0;
byte sessIdSz;
#ifndef WOLFSSL_NO_TLS12
int bogusID = 0;
#endif
WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO);
WOLFSSL_ENTER("DoTls13ClientHello");
@@ -3766,8 +3786,10 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR)
pv.minor = TLSv1_2_MINOR;
#ifndef WOLFSSL_NO_TLS12
if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor < TLSv1_3_MINOR)
return DoClientHello(ssl, input, inOutIdx, helloSz);
#endif
#ifdef HAVE_SESSION_TICKET
if (ssl->options.downgrade) {
@@ -3802,9 +3824,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
XMEMCPY(ssl->session.sessionID, input + i, sessIdSz);
i += ID_LEN;
}
#ifdef HAVE_SESSION_TICKET
if (sessIdSz > 0 && sessIdSz < ID_LEN)
bogusID = 1;
#ifndef WOLFSSL_NO_TLS12
#ifdef HAVE_SESSION_TICKET
if (sessIdSz > 0 && sessIdSz < ID_LEN)
bogusID = 1;
#endif
#endif
/* Cipher suites */
@@ -3919,6 +3943,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret;
#endif
}
#ifndef WOLFSSL_NO_TLS12
else if (ssl->options.resuming) {
ret = HandleTlsResumption(ssl, bogusID, &clSuites);
if (ret != 0)
@@ -3931,6 +3956,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret;
}
}
#else
else {
WOLFSSL_MSG("Negotiated lesser version than TLS v1.3");
return VERSION_ERROR;
}
#endif
if (!usingPSK) {
if ((ret = MatchSuite(ssl, &clSuites)) < 0) {
@@ -3941,6 +3972,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Check that the negotiated ciphersuite matches protocol version. */
if (IsAtLeastTLSv1_3(ssl->version)) {
if (ssl->options.cipherSuite0 != TLS13_BYTE) {
#ifndef WOLFSSL_NO_TLS12
TLSX* ext;
if (!ssl->options.downgrade) {
@@ -3960,6 +3992,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS);
if (ext != NULL)
ext->resp = 0;
#else
WOLFSSL_MSG("Negotiated ciphersuite from lesser version than "
"TLS v1.3");
return VERSION_ERROR;
#endif
}
}
/* VerifyServerSuite handles when version is less than 1.3 */
@@ -5252,7 +5289,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
#endif /* HAVE_ECC */
#ifdef HAVE_ED25519
if (ssl->hsType == DYNAMIC_TYPE_ED25519) {
/* Nothing to do */
ret = Ed25519CheckPubKey(ssl);
if (ret < 0) {
ERROR_OUT(ret, exit_scv);
}
sig->length = ED25519_SIG_SIZE;
}
#endif /* HAVE_ECC */
@@ -6685,10 +6725,6 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
WOLFSSL_MSG("NewSessionTicket received out of order");
return OUT_OF_ORDER_E;
}
if (ssl->msgsReceived.got_session_ticket) {
WOLFSSL_MSG("Duplicate NewSessionTicket received");
return DUPLICATE_MSG_E;
}
ssl->msgsReceived.got_session_ticket = 1;
break;
@@ -7357,8 +7393,10 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
return WOLFSSL_SUCCESS;
if (!ssl->options.tls1_3) {
#ifndef WOLFSSL_NO_TLS12
if (ssl->options.downgrade)
return wolfSSL_connect(ssl);
#endif
WOLFSSL_MSG("Client using higher version, fatal error");
return VERSION_ERROR;
@@ -7459,9 +7497,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
FALL_THROUGH;
case FIRST_REPLY_THIRD:
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth)
#endif
{
if ((ssl->error = SendTls13Finished(ssl)) != 0) {
WOLFSSL_ERROR(ssl->error);
return WOLFSSL_FATAL_ERROR;
}
}
WOLFSSL_MSG("sent: finished");

47
src/wolfio.c
View File

@@ -194,41 +194,14 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
int sd = *(int*)ctx;
int recvd;
#ifdef WOLFSSL_DTLS
{
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
if (wolfSSL_dtls(ssl)
&& !wolfSSL_get_using_nonblock(ssl)
&& dtls_timeout != 0) {
#ifdef USE_WINDOWS_API
DWORD timeout = dtls_timeout * 1000;
#else
struct timeval timeout;
XMEMSET(&timeout, 0, sizeof(timeout));
timeout.tv_sec = dtls_timeout;
#endif
if (setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (char*)&timeout,
sizeof(timeout)) != 0) {
WOLFSSL_MSG("setsockopt rcvtimeo failed");
}
}
}
#endif
recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags);
if (recvd < 0) {
int err = wolfSSL_LastError();
WOLFSSL_MSG("Embed Receive error");
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else {
WOLFSSL_MSG("\tSocket timeout");
return WOLFSSL_CBIO_ERR_TIMEOUT;
}
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else if (err == SOCKET_ECONNRESET) {
WOLFSSL_MSG("\tConnection reset");
@@ -238,10 +211,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
WOLFSSL_MSG("\tSocket interrupted");
return WOLFSSL_CBIO_ERR_ISR;
}
else if (err == SOCKET_ECONNREFUSED) {
WOLFSSL_MSG("\tConnection refused");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
else if (err == SOCKET_ECONNABORTED) {
WOLFSSL_MSG("\tConnection aborted");
return WOLFSSL_CBIO_ERR_CONN_CLOSE;
@@ -348,7 +317,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
WOLFSSL_MSG("Embed Receive From error");
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
if (wolfSSL_get_using_nonblock(ssl)) {
if (wolfSSL_dtls_get_using_nonblock(ssl)) {
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
@@ -459,7 +428,7 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx)
WOLFSSL_MSG("Embed Receive From error");
if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) {
if (wolfSSL_get_using_nonblock(ssl)) {
if (wolfSSL_dtls_get_using_nonblock(ssl)) {
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
@@ -1715,7 +1684,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int dtls_timeout = wolfSSL_dtls_get_current_timeout(ssl);
if (wolfSSL_dtls(ssl)
&& !wolfSSL_get_using_nonblock(ssl)
&& !wolfSSL_dtls_get_using_nonblock(ssl)
&& dtls_timeout != 0) {
/* needs timeout in milliseconds */
NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err);
@@ -1732,7 +1701,7 @@ int MicriumReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx)
if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY ||
err == NET_ERR_FAULT_LOCK_ACQUIRE) {
if (!wolfSSL_dtls(ssl) || wolfSSL_get_using_nonblock(ssl)) {
if (!wolfSSL_dtls(ssl) || wolfSSL_dtls_get_using_nonblock(ssl)) {
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}
@@ -1772,7 +1741,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
if (ssl->options.handShakeDone)
dtls_timeout = 0;
if (!wolfSSL_get_using_nonblock(ssl)) {
if (!wolfSSL_dtls_get_using_nonblock(ssl)) {
/* needs timeout in milliseconds */
NetSock_CfgTimeoutRxQ_Set(sd, dtls_timeout * 1000, &err);
if (err != NET_SOCK_ERR_NONE) {
@@ -1787,7 +1756,7 @@ int MicriumReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx)
if (err == NET_ERR_RX || err == NET_SOCK_ERR_RX_Q_EMPTY ||
err == NET_ERR_FAULT_LOCK_ACQUIRE) {
if (wolfSSL_get_using_nonblock(ssl)) {
if (wolfSSL_dtls_get_using_nonblock(ssl)) {
WOLFSSL_MSG("\tWould block");
return WOLFSSL_CBIO_ERR_WANT_READ;
}