Commit Graph

17800 Commits

Author SHA1 Message Date
David Garske 5445b183ed Adding CMAC documentation. Fixes ZD14601. 2022-08-11 12:00:19 -07:00
David Garske fef84e2c4c Fixes for asn_public.h documentation. Fix spelling error. 2022-08-11 08:58:32 -07:00
David Garske 5e6c45a6fb Merge pull request #5397 from SparkiDev/cert_rsa_pss
Certs with RSA-PSS sig
2022-08-11 08:19:12 -07:00
David Garske 66644c2e31 Merge pull request #5457 from kaleb-himes/openssl-test-stuck-fix
Fix a very frequent stuck scenario with the openssl.test script
2022-08-11 07:43:23 -07:00
kaleb-himes 8efc8b0819 Fix up other test scripts using the same logic 2022-08-11 06:26:43 -06:00
Sean Parkinson dd2a6410d1 Merge pull request #5454 from dgarske/docs_hashtype
Improve the documentation for HMAC hash types
2022-08-11 16:50:55 +10:00
David Garske 87d96c9c96 Merge pull request #5452 from icing/quic-resume
QUIC session resumption and early data handshake handling.
2022-08-10 22:33:13 -07:00
David Garske 9ec61d4ce4 Merge pull request #5449 from douzzer/20220809-quic-fixes
20220809-quic-fixes
2022-08-10 21:56:45 -07:00
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
2022-08-11 09:43:01 +10:00
kaleb-himes a0e1c2567e Fix a very frequent stuck scenario with the openssl.test script 2022-08-10 17:41:54 -06:00
Daniel Pouzzner 8197f958a9 address peer review on PR #5449. 2022-08-10 13:33:57 -05:00
Daniel Pouzzner f771181e1a fixes for issues introduced in #5384:
added numerous missing _SMALL_STACK code paths (PK objects on the stack);

in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);

fixes for unsafe strcat()s in tests/quic.c;

fix for unsafe macro WOLFSSL_IS_QUIC();

fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);

fix for signed/unsigned clash in wolfSSL_quic_receive().
2022-08-10 13:33:56 -05:00
David Garske c707186b9f Improve the documentation for HMAC hash types. 2022-08-10 09:23:01 -07:00
JacobBarthelmeh b46693f8c8 Merge pull request #5445 from douzzer/20220808-fixes
20220808-fixes (unchecked snprintf() retvals)
2022-08-10 10:21:07 -06:00
Stefan Eissing ea04ffc99f QUIC session resumption and early data handshake handling.
In test with ngtcp2 example client using openssl, session resumption
against a QUIC wolfssl server failed. The error was tracked down to
wolfSSL believing EaryData needs to be handled and returning SUCCESS
from wolfSSL_SSL_do_handshake() after the server Finished had been
sent.

However the handshake was not complete and ngtcp2 invoked the
post_handshake processing for new data arriving from the client.
This failed a check in post processing that the ssl->handShakeState
actually was HANDSHAKE_DONE.

The workaround in this PR repeats do_handshake until the ssl
state acually says it is complete. This way, session resumption works.

Either this alternative do_handshake() is merged for QUIC protocol
hanlders. Or we need to fix the 'normal' do_handshake() to no return
SUCCESS when early data is expected on a QUIC WOLFSSL.
2022-08-10 15:17:30 +02:00
Daniel Pouzzner c07d0fe4b4 address peer review:
use camel case not underscores in variable names;

restore use of const int variables for buffer sizes in several spots (for ease of smallstack code paths should they be needed);

use more MISRAish flow control in X509PrintSignature().

also, capture the retval from several more snprintf()s to pass directly to wolfSSL_BIO_write(), avoiding frivolous strlen()s.
2022-08-09 23:23:11 -05:00
David Garske eceee6ac95 Merge pull request #5444 from anhu/PQ_get_curve_name
Bugfix: wolfSSL_get_curve_name() will now print post-quantum group names.
2022-08-09 16:53:55 -07:00
Anthony Hu 57dc263d05 Make clang happy. 2022-08-09 14:35:59 -04:00
David Garske fa97923005 Merge pull request #5384 from icing/quic
QUIC support for wolfSSL
2022-08-09 10:13:29 -07:00
Daniel Pouzzner 371fbc698c src/x509.c: mollify bugprone-unused-return-value warnings around XSNPRINTF();
fix various possible buffer overruns;

fix various runtime-error-driven memory leaks;

various refactors for efficiency, clarity, and safety, including refactors to eliminate unsafe XSTRNCAT() calls.
2022-08-08 18:55:38 -05:00
Anthony Hu ae0faa40cf Bugfix: wolfSSL_get_curve_name() will now print post-quantum group names. 2022-08-08 17:51:45 -04:00
Chris Conlon e3310984b6 Merge pull request #5443 from TakayukiMatsuo/doalert 2022-08-08 15:22:18 -06:00
Chris Conlon 039bf721c4 Merge pull request #5440 from miyazakh/sce_compile_failure 2022-08-08 10:36:15 -06:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
David Garske 7004157869 Merge pull request #5387 from TakayukiMatsuo/tk14445
Suppress build errors when defining some disable macros
2022-08-07 20:09:41 -07:00
TakayukiMatsuo 9fd56c9c5c Changes in response to other PRs 2022-08-08 02:10:14 +09:00
TakayukiMatsuo 79fb1783c4 Suppress build errors when defining some disable macros 2022-08-07 17:11:22 +09:00
David Garske 2d2c55f1c1 Merge pull request #5431 from haydenroche5/wolfssl_error
Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
2022-08-05 15:14:44 -07:00
David Garske 96fcc129ec Merge pull request #5213 from JacobBarthelmeh/req
expand functions included in opensslextra and add REQ print out
2022-08-05 13:20:21 -07:00
Hayden Roche 3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
2022-08-05 10:32:18 -07:00
JacobBarthelmeh d6c895d19d use or with all/extra macro guard 2022-08-05 09:31:42 -07:00
JacobBarthelmeh 83f1ade1fc use extension free function with opensslextra and remove debug printf 2022-08-05 09:15:35 -07:00
Juliusz Sosinowicz 192f081833 Merge pull request #5439 from SparkiDev/tls13_ext_msgs 2022-08-05 10:49:13 +02:00
Hideki Miyazaki f30b3f1163 fix compile error 2022-08-05 16:00:09 +09:00
Sean Parkinson c35b47f265 TLS !.3: restrict extension validity by message
Extensions ServerName, SupportedGroups and ALPN must not appear in
server_hello.
Removed server_hello from the valid checks.
2022-08-05 08:26:09 +10:00
Sean Parkinson 56be09005f Merge pull request #5427 from julek-wolfssl/dtls-timeout-and-closed-socket
DTLS socket and timeout fixes
2022-08-05 08:13:14 +10:00
JacobBarthelmeh ff512a34c6 adjust temporary buffer size and memory free'ing 2022-08-04 15:11:24 -07:00
David Garske 7465691c70 Merge pull request #5437 from douzzer/20220804-fixes
20220804 fixes
2022-08-04 13:55:03 -07:00
Daniel Pouzzner 9d5e633a96 wolfcrypt/src/pkcs12.c: add WOLFSSL_SMALL_STACK path in freeDecCertList(). 2022-08-04 11:16:47 -05:00
Daniel Pouzzner d7e33b3293 wolfcrypt/src/asn.c: fix null pointer deref in SetReqAttribSingle() (clang-analyzer-core.NonNullParamChecker). 2022-08-04 11:12:09 -05:00
David Garske 99dad91344 Merge pull request #5435 from douzzer/20220803-gcc-12-ASAN
20220803-gcc-12-ASAN
2022-08-04 08:41:26 -07:00
Juliusz Sosinowicz 6d4f0146ca Refactor sending alert on decryption failure
Take sending of the alert outside of DecryptTls() and DecryptTls13(). The alert is now sent in ProcessReplyEx().
2022-08-04 12:06:26 +02:00
Juliusz Sosinowicz ebcfa31993 Refactor checking socket type into a function 2022-08-04 11:35:27 +02:00
Juliusz Sosinowicz 3278210e1c Silently discard DTLS msgs that fail decryption
Don't send alerts when decryption fails inside a DTLS connection.
TLS should always send a bad_record_mac when decryption fails.
2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz fd1e8c49eb Reset timeout when reading a valid DTLS message
- Increment the DTLS 1.3 timeout on a long timeout
2022-08-04 11:27:45 +02:00
Juliusz Sosinowicz 67d518544b EmbedReceiveFrom: fix when using a TCP socket
- recvfrom() returns 0 on a closed TCP socket
- TCP sockets set WOLFSSL_CBIO_ERR_ISR on a timeout
2022-08-04 11:27:45 +02:00
Sean Parkinson 9ea3e173d0 Merge pull request #5277 from JacobBarthelmeh/req_attr
expand subject name and req attribute support
2022-08-04 14:32:14 +10:00
David Garske 2c2a7750a4 Merge pull request #5414 from darktohka/feature/chacha20-poly1305-evp
Integrate chacha20-poly1305 into the EVP interface
2022-08-03 18:21:17 -07:00
Sean Parkinson 1dc848d8e3 Merge pull request #5429 from dgarske/sniffer_async2
Fix for sniffer to ensure the session was polled before trying to reprocess it
2022-08-04 08:18:55 +10:00
Sean Parkinson e32cfb79e5 Merge pull request #5419 from dgarske/aurix
Support for Infineon AURIX IDE and minor compiler warnings.
2022-08-04 08:01:57 +10:00