Commit Graph

2361 Commits

Author SHA1 Message Date
Sean Parkinson cd41c8beaf Merge pull request #5147 from rizlik/do_alert_reset
internal.c:reset input/processReply state if exiting after DoAlert()
2022-05-19 09:36:44 +10:00
Marco Oliverio be172af3cd internal.c: check that we have data before processing messages
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
2022-05-18 18:49:33 +02:00
Marco Oliverio 6940a5eaae internal.c:reset input/processReply state if exiting after DoAlert() 2022-05-18 18:35:29 +02:00
Sean Parkinson 2f91028f2d TLS 1.3: pre-master secret zeroizing 2022-05-18 08:52:38 +10:00
David Garske ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak
Call ctx->rem_sess_cb when a session is about to be invalid
2022-05-16 13:27:08 -07:00
Sean Parkinson eea537e5ea Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG
Address issues ID'd by new windows multi-config test
2022-05-13 09:39:15 +10:00
Sean Parkinson d1308fcdfc Merge pull request #5122 from rizlik/tls13_pad_calc
internal.c: fix pad-size when more records are received at once
2022-05-13 07:59:36 +10:00
Daniel Pouzzner c4920021d8 print errors to stderr, not stdout;
fix whitespace in internal.c;

add missing error handling in examples/server/server.c around recvfrom().
2022-05-12 13:07:32 -05:00
John Safranek 2cf87a8049 Merge pull request #5084 from julek-wolfssl/zd14101-dtls-want-write
DTLS fixes with WANT_WRITE simulations
2022-05-12 09:36:40 -07:00
David Garske 05ce8329c9 Merge pull request #5067 from miyazakh/compat_altcertchain
"veify ok" if alternate cert chain mode is used
2022-05-12 08:54:51 -07:00
Juliusz Sosinowicz a31b76878f DTLS fixes with WANT_WRITE simulations
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
2022-05-12 15:46:08 +02:00
Hideki Miyazaki 5d93a48ddf veify ok if alternate cert chain mode for verifyCallback 2022-05-12 06:15:18 +09:00
Daniel Pouzzner 9fbb4a923f src/internal.c:GetCipherKeaStr(): allow "ECDH" (in addition to "ECDHE") as a suite clause that maps to KEA "ECDH". 2022-05-10 15:12:00 -05:00
Daniel Pouzzner 26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp;
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
Marco Oliverio f06ac9965c internal.c: fix: plaintext check account for the current record only 2022-05-10 13:12:09 +02:00
Marco Oliverio db23d8a0cf internal.c: don't skip records if we don't process early-data
If we don't process early data, we want to skip only the current record and not
all the received data
2022-05-10 13:04:43 +02:00
Marco Oliverio 445c1e6ceb internal.c: don't check TLS13 plaintext limit twice
Plaintext size is checked before decryption in TLS 1.3
2022-05-10 12:51:50 +02:00
kaleb-himes d5f7beefd4 Address issues ID'd by new windows multi-config test 2022-05-09 16:50:56 -06:00
Marco Oliverio 0c7e9a0104 internal.c: fix pad-size when more records are received at once
don't consider the end of the record the end of received data as more records
may be read at once when DTLS will be supported.
2022-05-09 11:00:31 +02:00
David Garske 36877d78b4 Merge pull request #5078 from julek-wolfssl/wpas-tls13
Clean up wolfSSL_clear() and add some more logging
2022-05-06 11:45:43 -07:00
Juliusz Sosinowicz b6b007de3c Call ctx->rem_sess_cb when a session is about to be invalid
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
2022-05-06 16:34:28 +02:00
David Garske 628a91efda Fix for size calculation for encrypt then mac without openssl extra enabled. Fix for cast warning. 2022-05-02 17:11:48 -06:00
David Garske 277d6dc5dd Fix minor clang-tidy warnings for async. 2022-04-27 10:22:19 -07:00
John Safranek 7436a41bc7 Merge pull request #5046 from SparkiDev/cppcheck_fixes_8
cppcheck: fixes
2022-04-26 10:37:42 -07:00
John Safranek 7e8598f75b Merge pull request #5081 from dgarske/sniffer_decrypt
Restore sniffer internal decrypt function. This allows decrypting TLS…
2022-04-26 09:37:32 -07:00
David Garske 273ed1df76 Restore sniffer internal decrypt function. This allows decrypting TLS v1.2 traffic ignoring AEAD errors. 2022-04-25 16:28:09 -07:00
Sean Parkinson 20e5e654a3 cppcheck: fixes
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
2022-04-26 09:26:41 +10:00
Juliusz Sosinowicz 4013f83e4f Add some missing logs and implement WOLFSSL_MSG_EX()
WOLFSSL_MSG_EX() uses XVSNPRINTF to allow for formatted strings to be printed. It uses a 100 byte internal stack buffer to format the log message.
2022-04-25 15:59:07 +02:00
David Garske 4ecf3545d7 Improve scan-build fix for ProcessPeerCertParse checking of empty dCert. With WOLFSSL_SMALL_CERT_VERIFY it is NULL. 2022-04-22 16:07:24 -07:00
David Garske e9b80e53fa Fix issue with InitX509Name. 2022-04-22 16:02:54 -07:00
David Garske 84a33183a6 Various scan-build fixes. 2022-04-22 16:02:54 -07:00
David Garske 3755b88a02 Fix InitX509Name to set dynamicName on init. 2022-04-22 16:02:53 -07:00
David Garske c41b1b1b9b Fix to ensure args->dCert is set for ProcessPeerCertParse. 2022-04-22 16:02:53 -07:00
David Garske ec76f79e9d Fixes for sniffer decrypt broken in PR #4875. The TLS v1.2 sniffer decrypt did not have ssl->curRL set for proper auth tag calculation and was placing the data at offset + 8 to leave room for explicit IV. 2022-04-19 16:31:27 -07:00
Eric Blankenhorn ab6dc8d669 Add ability to set ECC Sign userCTX using WOLFSSL_CTX 2022-04-11 08:41:27 -05:00
Daniel Pouzzner 0d6c283f7a fixes for -Werror=declaration-after-statement in debug builds. 2022-04-04 09:29:26 -05:00
Daniel Pouzzner ae3996fd0e fix codebase for -Wvla -Wdeclaration-after-statement; fix some whitespace. 2022-04-01 14:44:10 -05:00
Eric Blankenhorn ea38e1aab5 Add wolfSSL_CTX_SetCertCbCtx to set user context for CB 2022-03-30 12:27:11 -05:00
Daniel Pouzzner 12776b3772 fixups for warnings from gcc-12:
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44);

fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);

src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;

scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
2022-03-24 16:33:36 -05:00
Anthony Hu ceae169a34 Merge pull request #4969 from dgarske/pk_pubkey 2022-03-24 12:40:03 -04:00
David Garske aa38d99538 Fix for TLS PK callback issue with Ed25519/Ed448 and public key not being set. 2022-03-22 08:33:54 -07:00
David Garske 59665a44b5 Fixes for allowing server to have a public key set when using external key with PK callbacks. 2022-03-21 13:14:24 -07:00
David Garske 29c120356e Sniffer asynchronous support.
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
2022-03-21 12:05:08 -07:00
David Garske 8bf14ba1d3 Merge pull request #4957 from JacobBarthelmeh/Compatibility-Layer
alter return value and add error string
2022-03-21 09:10:04 -07:00
Sean Parkinson ef66a12a24 Merge pull request #4961 from dgarske/cust_fixups
Various portability improvements (Time, DTLS epoch size, IV alloc)
2022-03-18 11:38:57 +10:00
David Garske b546b2a5ec Improve logic around private key id/label. Adds WOLF_PRIVATE_KEY_ID. 2022-03-17 14:48:30 -07:00
David Garske ae25a48509 Improve the build message to not always allocate the IV (16 byte) (use fixed buffer if <= 16 bytes). 2022-03-17 14:01:57 -07:00
David Garske 3fba5d17c3 Various portability improvements:
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
2022-03-17 14:00:55 -07:00
JacobBarthelmeh d0e83be596 alter return value and add error string 2022-03-15 10:26:59 -07:00
Sean Parkinson 9ed061cc96 TLS: add peer authentication failsafe for TLS 1.2 and below
Tightened the TLS 1.3 failsafe checks too.
2022-03-15 08:51:44 +10:00