Commit Graph

2492 Commits

Author SHA1 Message Date
JacobBarthelmeh bd49d37aaf Merge pull request #5492 from embhorn/zd14694
Fix for AddPacketInfo with WOLFSSL_CALLBACKS
2022-08-22 14:59:29 -06:00
David Garske b9d9dc02bb Merge pull request #5476 from julek-wolfssl/session-buffers
Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION
2022-08-22 11:59:39 -07:00
Eric Blankenhorn 22c44bd762 Fix for AddPacketInfo with WOLFSSL_CALLBACKS 2022-08-22 08:01:21 -05:00
Juliusz Sosinowicz 0dbd0ffb4e Merge pull request #5483 from embhorn/zd14659 2022-08-22 14:28:29 +02:00
Juliusz Sosinowicz e565d0d7de Refactor and code review
- Refactor object hashing into one function
- Allow multiple WOLFSSL_ASSERT_SIZEOF_GE in one function
2022-08-22 14:19:48 +02:00
Sean Parkinson 26c61f8e0f Merge pull request #5473 from icing/quic-hello-retry
Respect disabled curves on HelloRetryRequests
2022-08-22 08:32:30 +10:00
David Garske 1d0e83bd1a Merge pull request #5474 from julek-wolfssl/zd14644-2
Match OpenSSL self signed error return.
2022-08-19 06:46:26 -07:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
Stefan Eissing 6cb0caa0a0 Adding disabledCurves as a member of WOLFSSL in the OPENSSL_EXTRA case.
- inheriting from WOLFSSL_CTX on creation
- enabling on WOLFSSL only when wolfSSL_set1_curves_list() is called
2022-08-19 11:03:23 +02:00
Juliusz Sosinowicz 4d0ea62857 Refactor ticket size to not accidentally go over WOLFSSL_TICKET_ENC_SZ
- Optimize memory usage. Write directly to ssl->session->ticket in CreateTicket() and use a hash to make sure the InternalTicket was encrypted.
- DoClientTicket does not fatally error out anymore. Errors in the ticket result in the ticket being rejected instead.
2022-08-18 19:08:43 +02:00
Juliusz Sosinowicz 68f71d0d96 Remove WOLFSSL_SESSION_TYPE_REF buffers from WOLFSSL_SESSION 2022-08-17 19:29:07 +02:00
Juliusz Sosinowicz 008e947fec Match OpenSSL self signed error return.
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
2022-08-17 12:40:16 +02:00
Sean Parkinson 7435402c30 Fixes to better handle re-use of a WOLFSSL object via wolfSSL_clear. 2022-08-16 15:44:05 -07:00
David Garske e56a2355ca Merge pull request #5464 from julek-wolfssl/zd14644
Translate the verify callback error to an X509_V_ERR_* value when OPENSSL_COMPATIBLE_DEFAULTS is defined
2022-08-15 06:30:36 -07:00
Juliusz Sosinowicz 551acd2b19 Translate verify callback error with compat layer 2022-08-12 16:27:31 +02:00
Anthony Hu 82a900b438 Initial commit to add Dilithium NIST PQC winner.
Also:

* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3

Tested with the following commands:

examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
    -c ~/tmp/dilithium_aes_level5_entity_cert.pem \
    -k ~/tmp/dilithium_aes_level5_entity_key.pem \
    -A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5

with permutations of SHAKE,AES variants and levels 2,3,5
2022-08-11 11:38:31 -04:00
David Garske 5e6c45a6fb Merge pull request #5397 from SparkiDev/cert_rsa_pss
Certs with RSA-PSS sig
2022-08-11 08:19:12 -07:00
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
2022-08-11 09:43:01 +10:00
Daniel Pouzzner 8197f958a9 address peer review on PR #5449. 2022-08-10 13:33:57 -05:00
Daniel Pouzzner f771181e1a fixes for issues introduced in #5384:
added numerous missing _SMALL_STACK code paths (PK objects on the stack);

in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);

fixes for unsafe strcat()s in tests/quic.c;

fix for unsafe macro WOLFSSL_IS_QUIC();

fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);

fix for signed/unsigned clash in wolfSSL_quic_receive().
2022-08-10 13:33:56 -05:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
David Garske 7004157869 Merge pull request #5387 from TakayukiMatsuo/tk14445
Suppress build errors when defining some disable macros
2022-08-07 20:09:41 -07:00
TakayukiMatsuo 79fb1783c4 Suppress build errors when defining some disable macros 2022-08-07 17:11:22 +09:00
David Garske 2d2c55f1c1 Merge pull request #5431 from haydenroche5/wolfssl_error
Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
2022-08-05 15:14:44 -07:00
David Garske 96fcc129ec Merge pull request #5213 from JacobBarthelmeh/req
expand functions included in opensslextra and add REQ print out
2022-08-05 13:20:21 -07:00
Hayden Roche 3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
2022-08-05 10:32:18 -07:00
Sean Parkinson 56be09005f Merge pull request #5427 from julek-wolfssl/dtls-timeout-and-closed-socket
DTLS socket and timeout fixes
2022-08-05 08:13:14 +10:00
JacobBarthelmeh ff512a34c6 adjust temporary buffer size and memory free'ing 2022-08-04 15:11:24 -07:00
David Garske 99dad91344 Merge pull request #5435 from douzzer/20220803-gcc-12-ASAN
20220803-gcc-12-ASAN
2022-08-04 08:41:26 -07:00
Juliusz Sosinowicz 6d4f0146ca Refactor sending alert on decryption failure
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
2022-08-04 12:06:26 +02:00
Juliusz Sosinowicz 3278210e1c Silently discard DTLS msgs that fail decryption
Don't send alerts when decryption fails inside a DTLS connection.
TLS should always send a bad_record_mac when decryption fails.
2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz fd1e8c49eb Reset timeout when reading a valid DTLS message
- Increment the DTLS 1.3 timeout on a long timeout
2022-08-04 11:27:45 +02:00
Sean Parkinson e32cfb79e5 Merge pull request #5419 from dgarske/aurix
Support for Infineon AURIX IDE and minor compiler warnings.
2022-08-04 08:01:57 +10:00
Daniel Pouzzner a7f0c92c0d src/internal.c: in GetCipherKeaStr(), when gcc-12 or higher and __SANITIZE_ADDRESS__, wrap in a pragma to ignore -Wstringop-overread, due to false positives. 2022-08-03 12:30:29 -05:00
David Garske 4937557ddc Merge pull request #5422 from julek-wolfssl/dtls-async-fix
Fix dtls + async multi-test misc errors
2022-08-03 07:24:58 -07:00
David Garske 53e0483e47 Support for Infineon AURIX IDE. Fixes for Aurix compiler warnings. 2022-08-02 16:53:47 -07:00
Jacob Barthelmeh 52b80ea52a expand functions included in opensslextra and add REQ print out 2022-08-01 09:21:43 -07:00
Marco Oliverio 8878922f95 fix: dtls13: use correct buffer index to get epoch bits
Fixes: d079662765
2022-08-01 14:24:20 +02:00
Juliusz Sosinowicz fb2feee9b6 Fix dtls + async multi-test misc errors
DTLS uses DtlsMsgStore() to process messages when using async crypto. A check was skipping the storing straight to DtlsMsgDrain().
2022-07-29 15:49:49 +02:00
Daniel Pouzzner 9256d6aa7c src/internal.c: fixes for redundant assignments and preprocessor typo. 2022-07-27 14:42:00 -05:00
Sean Parkinson 01aad13c38 Rework 2022-07-27 12:02:15 +10:00
David Garske 9c480ece66 Fix to use the new outTmp. 2022-07-26 15:48:58 -07:00
Marco Oliverio 856ea2ffc8 internal.c: RsaDec improvements 2022-07-26 20:59:01 +02:00
Marco Oliverio 1727efbc2c internal.c: rsa decription buffer handling 2022-07-26 20:59:01 +02:00
David Garske a98642ba61 Merge pull request #5383 from julek-wolfssl/negating-ciphersuites
Expand SetCipherList()
2022-07-25 08:26:47 -07:00
Juliusz Sosinowicz e7cd1562b4 Expand SetCipherList()
- support disabling ciphersuites starting from the default list
2022-07-25 11:14:16 +02:00
Sean Parkinson dc8b796d1d Merge pull request #5347 from dgarske/async_sess_tick
Support for asynchronous session ticket callback
2022-07-22 08:04:48 +10:00
Marco Oliverio 53dde1dafe dtls12: async: store the message only if async is really used 2022-07-21 12:00:18 -07:00
Marco Oliverio dce63fdfb3 async: fix issue with DTLSv1.3 2022-07-21 12:00:16 -07:00
JacobBarthelmeh 1281d97b1e Merge pull request #5373 from haydenroche5/error_queue_fix
Fix backwards behavior for various wolfSSL_ERR* functions.
2022-07-21 09:35:21 -06:00