Commit Graph

141 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 7ba00f3b84 Initialize BIO methods at compile time 2023-08-09 16:23:46 +02:00
Kareem 56328d845a Hitch code review feedback. 2023-07-10 10:06:12 -07:00
Kareem e871b1c04d Add hitch support to wolfSSL.
Add support for cipher aliases DHE, EDH and EECDH.

Add define SSL_CTRL_GET_CHAIN_CERTS to help hitch and other programs detect SSL_CTX_get0_chain_certs is supported.

Add wolfSSL_get_locking_callback.

Allow using ECDHE+RSA cipher suites when ECDHE alias is used while in OpenSSL compatibility mode.

Add more alerts for hitch.

SSL_CM should use the CTX's x509_store_pt if available.

Add support for SSL_CERT_FILE and SSL_CERT_DIR.  Load default OpenSSL TLS 1.3 ciphers when using OPENSSL_COMPATIBLE_DEFAULTS.

Use wolfSSL_sk_X509_new_null to allocate WOLFSSL_STACK in wolfSSL_CTX_get_extra_chain_certs.  Previous approach of malloc'ing without setting type/memsetting was leading to a segfault.

Add --enable-hitch.

hitch: Add unit tests for new APIs, fix a couple of issues uncovered by unit testing.

Correct behavior of wolfSSL_BIO_set_mem_buf for BIO_CLOSE/NOCLOSE and update unit test accordingly.

Add Github action test for hitch.
2023-07-10 10:06:10 -07:00
Sean Parkinson 578f56e60c Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.

internal.c:
  InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error

ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
  wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
  SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()

asn.c:
  wc_MIME_parse_headers(): check allocation succeeded into nextHdr

compress.c:
  wc_DeCompressDynamic(): free tmp on inflateInit2 failure

memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined

wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
2023-06-27 08:01:33 +10:00
JacobBarthelmeh 14990ad92d set return bio to null after free on error 2023-06-07 15:05:52 -06:00
JacobBarthelmeh 8583cc65fa Merge pull request #6471 from SparkiDev/tests_api_expect_3
Test api.c: change more tests to use Expect instead of Assert
2023-06-07 11:22:23 -06:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
Sean Parkinson e542e51d9f Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_push(): handles NULL for top and append.

crl.c:
InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation
fails.
  AddCRL(): free CRL entry properly on error.
wolfSSL_X509_STORE_add_crl(): check for NULL after
wolfSSL_X509_crl_new call.

ssl.c:
wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get
pushed onto stack
  wolfSSL_RAND_Init(): returns success if global already initialized.

ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA
defined for function wolfssl_dns_entry_othername_to_gn().

x509.c:
Added support for creating a valid General Name of type GEN_OTHERNAME.
Extracted some code out into wolfssl_x509_alt_names_to_gn().
  wolfSSL_X509_set_ext(): free data correctly on errors
wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be
retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when
returning NULL.
wolfSSL_X509_NAME_copy(): check for failure when
wolfSSL_X509_NAME_add_entry() is called.

x509_str.c:
wolfSSL_X509_STORE_CTX_new(): check for error from calling
wolfSSL_X509_STORE_CTX_init().
wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory
correctly on error
2023-06-07 14:10:42 +10:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
Daniel Pouzzner dcc8b5d7d5 eliminate XREWIND() macro, add XSEEK_SET definitions, and refactor all XREWIND()s to XFSEEK()s, to fix clang-tidy-17 bugprone-unsafe-functions warning on rewind();
add BENCH_DEVID_COLUMN_HEADER in wolfcrypt/benchmark/benchmark.c:bench_stats_sym_finish() to resolve clang-diagnostic-embedded-directive.
2023-04-05 20:28:51 -05:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
David Garske fc6d693dae Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of SSL_SUCCESS and SSL_FAILURE. Add WOLFSSL_DEBUG_NONBLOCK option to allow printing iterations without debug enabled. 2023-02-21 12:02:15 -08:00
tmael c4fa013800 Fix for BIO_reset() (#5887)
* Fix for BIO_reset
* Introduced BIO_FLAGS_MEM_RDONLY
2023-02-14 08:54:25 -08:00
Sean Parkinson f6da3a26ac Ref counting: rework for static analysers
When always reference counting APIs always return 0 don't check return
value for error.
Reference decrement set isZero to false on error.
2023-02-03 10:13:32 +10:00
Sean Parkinson 53dfcd00e2 Ref count: change to use wolfSSL_Ref
Data structures changed:
WOLFSSL_CERT_MANAGER, WOLFSSL_CTX, WOLFSSL_SESSION, WOLFSSL_X509,
WOLFSSL_X509, WOLFSSL_EVP_PKEY, WOLFSSL_BIO, WOLFSSL_X509_STORE
2023-01-23 16:29:12 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
jordan 246ce8dbe1 Cleanup spaces. 2022-12-06 15:24:34 -06:00
jordan 87113cc88d Fix mingw-w64 build issues on windows. 2022-12-03 17:00:44 -06:00
Sean Parkinson e68c7bb74d Move file and BIO reading out to ssl_misc.c 2022-10-26 10:28:20 +10:00
JacobBarthelmeh 1e673aee3b scan-build warning fix 2022-08-26 16:29:11 -07:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
Juliusz Sosinowicz 6f2889c07d BIO_eof returns 1 when no more data remains in the BIO 2022-07-22 13:24:32 +02:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
David Garske 95a85d16d2 Fix for issue with error: format string is not a string literal. 2022-04-19 08:49:05 -07:00
JacobBarthelmeh 8136c55a39 sanity check before copy with new memory bio 2022-03-30 14:02:03 -07:00
Jacob Barthelmeh f7f94cede0 support creating new mem bio of length 0 2022-03-28 15:52:42 -06:00
Juliusz Sosinowicz 88d5059c36 Jenkins fixes
`WS_RETURN_CODE` was not functioning properly in master
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz 98bc8402db Refactor memory BIO
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz ae9b01c5b8 bind 9.18.0 fixes
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
2022-03-24 12:16:59 +01:00
Sean Parkinson 343e8bccdd ssl.c: move TXT and CONF APIs out into conf.c 2022-03-15 12:09:24 +10:00
David Garske 3a5f78b55a Merge pull request #4919 from julek-wolfssl/ZD13737
Reported in ZD13737
2022-03-03 08:22:11 -08:00
Juliusz Sosinowicz bdb7399398 Reported in ZD13737
Implement `wolfSSL_BIO_eof` support for most available BIO's
2022-03-03 10:25:09 +01:00
Juliusz Sosinowicz c7c3ee00bb Address code review
- Use functions instead of accessing `BIO` members
- Add `wolfSSL_BIO_method_type`
2022-03-03 10:09:41 +01:00
Sean Parkinson d33b787993 BIO: move APIs out of ssl.c
Get configuration working: --enable-all CFLAGS=-DNO_BIO
2022-02-23 14:11:30 +10:00
Juliusz Sosinowicz e78f7f734e Add Apache 2.4.51 support
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
2021-12-16 12:39:38 +01:00
Daniel Pouzzner 0b4f34d62a typographic cleanup: fix whitespace, remove unneeded UTF-8, convert C++ comment constructs to C. 2021-11-08 17:35:05 -06:00
Sean Parkinson 69d5405e91 Merge pull request #4350 from cconlon/pythonCompatD
OpenSSL compatibility fixes: BIO_set_nbio(), SHA3 NID, WOLFSSL_PYTHON
2021-10-12 08:14:34 +10:00
David Garske 847b8f9a1f Reduce openssl verbosity in BIO due to PEM_X509_INFO_read_bio reading 1 byte at a time. Remove duplicate PEM_X509_INFO_read_bio macro. (#4428) 2021-09-28 08:21:23 +10:00
Chris Conlon 9e4ab9b638 Add BIO_up_ref(), PEM_read_DHparam(), EVP_MD_nid() (#4348)
* add BIO_up_ref

* add PEM_read_DHparams()

* add EVP_MD_nid()

* exclude PEM_read_DHparams when NO_FILESYSTEM defined

* review feedback: single threaded, indents, EVP_MD_nid
2021-09-27 08:20:37 +10:00
Chris Conlon 82a3d79c2f unnecessary variable init, else formatting in bio.c 2021-09-23 11:26:17 -06:00
Hayden Roche ec0335cdb3 Use WOLFSSL_SUCCESS instead of 1. 2021-09-19 17:20:55 -07:00
Jacob Barthelmeh 3f534e7e07 return macro and macro guards 2021-09-19 17:20:55 -07:00
Chris Conlon f6b91f04ed BIO_set_nbio() should always return 1, check input bio for NULL before using 2021-09-19 17:20:54 -07:00
TakayukiMatsuo c8bcfe4763 Add implementation to make wolfSSL_BIO_flush work for WOLFSSL_BIO_FILE (#4395) 2021-09-14 10:08:55 +10:00
Eric Blankenhorn 649aa9c95f Add error handling to wolfSSL_BIO_get_len (#4385) 2021-09-10 08:15:30 +10:00
Hayden Roche 7ff1351971 Make changes to support libimobiledevice.
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
2021-08-24 08:52:43 -07:00
John Safranek 2c62880fd2 flags update
1. Fixed typo in ifdef for HAVE_ED448.
2. Fixed typos in comments in sha512.
3. Add include config.h to bio.c.
2021-08-06 11:28:20 -06:00
David Garske c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
Sean Parkinson c6646ae9c8 Merge pull request #4044 from julek-wolfssl/ZD12270
Check for XREAD when XFREAD fails
2021-06-09 09:48:25 +10:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00