Commit Graph

3292 Commits

Author SHA1 Message Date
David Garske 128ebf54e9 Fix for loading certificate DER chain longer than 2 deep. Fix to properly trap BUFFER_E in ProcessUserChain. ZD14048. 2022-06-16 16:19:37 -07:00
David Garske fb704774a0 Merge pull request #4907 from rizlik/dtls13
DTLSv1.3 support
2022-06-15 13:57:02 -07:00
Marco Oliverio d1924928c0 dtls13: support retransmission
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.

* Retransmission

Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.

* ACK

For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-06-15 10:46:43 -07:00
Marco Oliverio 60834ba516 dtls13: new methods and version negotiation 2022-06-15 10:46:42 -07:00
Sean Parkinson f1ce0cc95d Memory zeroization fixes
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
Sean Parkinson 890abfbefc pk.c: rework
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
2022-06-10 09:54:32 +10:00
Daniel Pouzzner 088d378ba4 ssl.c:EncryptDerKey(): use XSTRLCPY() and XSTRLCAT() to build up cipherInfo, and remove XSTRCPY() macro from wolfssl/wolfcrypt/types.h (clang-tidy hates on it, albeit frivolously). 2022-06-07 08:22:48 -05:00
Lealem Amedie 07e0a6fa8e Removing ghost functions and fixing overflow warning in ssl.c 2022-06-06 11:33:26 -07:00
Juliusz Sosinowicz c74315f1ef Save pending alerts when using async io
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
2022-05-31 18:17:11 +02:00
Juliusz Sosinowicz 50c0b3d2a2 Add testing/docs for blocking write
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz 4e8c362152 Allocate ssl->async seperately to the SSL object 2022-05-26 23:08:48 +02:00
Eric Blankenhorn 2800d00bb4 Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA 2022-05-26 06:11:45 -05:00
David Garske fa80aa6505 Merge pull request #5132 from JacobBarthelmeh/req
Add support for additional CSR attributes
2022-05-25 13:35:46 -07:00
Hayden Roche 6d9fbf7ab3 Provide access to "Finished" messages outside the compat layer.
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
2022-05-19 16:34:13 -07:00
David Garske ec619e3f35 Merge pull request #5107 from julek-wolfssl/wpas-ex-data-leak
Call ctx->rem_sess_cb when a session is about to be invalid
2022-05-16 13:27:08 -07:00
Juliusz Sosinowicz 7f8f0dcffe Refactor cache ex_data update/retrieve into one function
- Add explicit pointer cast
2022-05-16 13:01:05 +02:00
David Garske 6b1e3003fb Merge pull request #5142 from SparkiDev/ssl_move_pk
ssl.c rework
2022-05-13 12:56:14 -07:00
David Garske 1a57e3065a Small cleanups. Missing (void), spelling and formatting. Also fixes for variations of 25519/448 build. 2022-05-13 09:24:59 -07:00
Sean Parkinson 852d5169d4 ssl.c rework
Move the public key APIs out of ssl.c and into pk.c.
(RSA, DSA, DH and EC)
2022-05-13 11:12:44 +10:00
Sean Parkinson eea537e5ea Merge pull request #5124 from kaleb-himes/WIN_MULTICONFIG
Address issues ID'd by new windows multi-config test
2022-05-13 09:39:15 +10:00
Juliusz Sosinowicz 9914da3046 Fix resumption failure and use range in connect state logic 2022-05-12 15:46:08 +02:00
Juliusz Sosinowicz a31b76878f DTLS fixes with WANT_WRITE simulations
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
2022-05-12 15:46:08 +02:00
Jacob Barthelmeh 818ac2b8dd add more REQ attribute support 2022-05-11 22:27:48 -06:00
Daniel Pouzzner 26673a0f28 where appropriate, use strcmp/strcasecmp, not strncmp/strncasecmp;
add macro XSTRCASECMP();

update XSTRNCASECMP() for XC32 >= 1.00 to use strncasecmp.
2022-05-10 12:20:12 -05:00
kaleb-himes d5f7beefd4 Address issues ID'd by new windows multi-config test 2022-05-09 16:50:56 -06:00
Sean Parkinson 59fdf05155 Merge pull request #5111 from kaleb-himes/ABI-check-test-rev2
Refactor wolfSSL_ASN1_TIME_adj to use GetFormattedTimeString (new API)
2022-05-09 09:15:57 +10:00
David Garske 36877d78b4 Merge pull request #5078 from julek-wolfssl/wpas-tls13
Clean up wolfSSL_clear() and add some more logging
2022-05-06 11:45:43 -07:00
David Garske 3e774be88c Minor text and formatting cleanups. 2022-05-06 11:01:40 -07:00
Juliusz Sosinowicz b6b007de3c Call ctx->rem_sess_cb when a session is about to be invalid
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
2022-05-06 16:34:28 +02:00
kaleb-himes ef89e2e637 Rename utc_str[_buf] -> time_str[_buf] (semantic change) 2022-05-06 08:18:14 -06:00
Juliusz Sosinowicz 7e9896d162 Only clear session when we didn't complete a handshake
- Allow overriding buffer size with `WOLFSSL_MSG_EX_BUF_SZ`
- Allow disabling `WOLFSSL_MSG_EX` by defining `NO_WOLFSSL_MSG_EX`
2022-05-06 12:35:49 +02:00
kaleb-himes ecf449dfe0 Refactor wolfSSL_ASN1_TIME_adj to use GetUnformattedTimeString (new API) 2022-05-05 16:25:25 -06:00
David Garske 628a91efda Fix for size calculation for encrypt then mac without openssl extra enabled. Fix for cast warning. 2022-05-02 17:11:48 -06:00
Jacob Barthelmeh 38c01b9d9f fix for infer diff report 2022-04-29 10:34:38 -06:00
JacobBarthelmeh df4dd7d5b3 Merge pull request #5088 from dgarske/sniffer_async_2
Fix to properly trap errors in sniffer (broken after async additions)
2022-04-28 09:47:05 -06:00
David Garske 8bf228d346 Merge pull request #5083 from SparkiDev/d2i_ecpriv_der
d2i_ECPrivateKey() takes DER encoded data
2022-04-27 09:32:04 -07:00
David Garske fbc2ccca1e Fix to properly trap errors in sniffer SetupKeys after async changes. Fix minor scan-build warnings. 2022-04-27 08:28:36 -07:00
Sean Parkinson f86f4a8ca0 d2i_ECPrivateKey() takes DER encoded data
Code was incorrectly using data as a private key instead of DER
decoding.
Fixed i2d_EcPrivateKey() to output DER encoded data.
2022-04-27 09:39:50 +10:00
David Garske cbc27f7de4 Merge pull request #5085 from douzzer/20220426-multi-test
20220426 multi-test fixups
2022-04-26 11:15:59 -07:00
John Safranek 7436a41bc7 Merge pull request #5046 from SparkiDev/cppcheck_fixes_8
cppcheck: fixes
2022-04-26 10:37:42 -07:00
Daniel Pouzzner e6d267ef16 src/ssl.c wolSSL_DH_new_by_nid(): fix cppcheck nullPointer report. 2022-04-26 09:58:07 -05:00
Sean Parkinson 8737d46bb1 Merge pull request #5018 from haydenroche5/libspdm
Make changes to compatibility layer to support libspdm.
2022-04-26 09:55:22 +10:00
Sean Parkinson d362b6dd08 Merge pull request #5033 from haydenroche5/ec_key_print_fp
Add wolfSSL_EC_KEY_print_fp to compat layer.
2022-04-26 09:51:37 +10:00
Sean Parkinson 20e5e654a3 cppcheck: fixes
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
2022-04-26 09:26:41 +10:00
Masashi Honma 3ab5ccd04f Add support for EVP_PKEY_sign/verify functionality (#5056)
* Fix wolfSSL_RSA_public_decrypt() return value to match Openssl
* Add support for EVP_PKEY_verify_init() and EVP_PKEY_verify()
* wpa_supplicant SAE public key functionality requires this function.
* Add DSA support for EVP_PKEY_sign/verify()
* Add ECDSA support for EVP_PKEY_sign/verify()
* Add tests for EVP_PKEY_sign_verify()
* Fix "siglen = keySz" at error cases
* Fix wolfSSL_DSA_do_sign() usage
1. Check wolfSSL_BN_num_bytes() return value
2. Check siglen size
3. Double the siglen
* Check return code of wolfSSL_i2d_ECDSA_SIG() in wolfSSL_EVP_DigestSignFinal()
* Add size calculations to `wolfSSL_EVP_PKEY_sign`
* Add size checks to wolfSSL_EVP_PKEY_sign before writing out signature
* Use wc_ecc_sig_size() to calculate ECC signature size
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-04-25 14:19:56 -07:00
Juliusz Sosinowicz 4013f83e4f Add some missing logs and implement WOLFSSL_MSG_EX()
WOLFSSL_MSG_EX() uses XVSNPRINTF to allow for formatted strings to be printed. It uses a 100 byte internal stack buffer to format the log message.
2022-04-25 15:59:07 +02:00
David Garske ea2841fa7a Make sure ASN1 isDynamic is always set to 0. SK Cipher doesn't have free (data is contained in the SK). 2022-04-22 16:02:54 -07:00
David Garske 84a33183a6 Various scan-build fixes. 2022-04-22 16:02:54 -07:00
John Safranek bf16696d8c Merge pull request #5036 from dgarske/sniffer
Fixes for minor sniffer and async issues
2022-04-22 12:24:33 -07:00
Juliusz Sosinowicz 8c4887c166 Free session in wolfSSL_clear
- Define `NO_SESSION_CACHE_REF` in wpa build
2022-04-22 15:54:04 +02:00