Commit Graph

16408 Commits

Author SHA1 Message Date
Hayden Roche 666cf508a2 Merge pull request #4874 from dgarske/ocsp_ipv6 2022-02-23 13:37:16 -08:00
David Garske fbc7d5a6b2 Minor textual fixes. Thanks Hayden. 2022-02-23 09:43:10 -08:00
David Garske 0824a64c92 Merge pull request #4807 from julek-wolfssl/stunnel-5.61
stunnel 5.61 support
2022-02-23 09:41:51 -08:00
David Garske b84086a482 Merge pull request #4883 from SparkiDev/ssl_bio_move
BIO: move APIs out of ssl.c
2022-02-23 09:38:54 -08:00
David Garske 0afc5e2cf1 Merge pull request #4881 from SparkiDev/sp_asm_shift_fix
SP asm: fix for modexp corner case
2022-02-23 09:37:25 -08:00
David Garske 8623b0c089 Merge pull request #4849 from SparkiDev/sp_p521
SP: Add support for P521
2022-02-23 09:33:49 -08:00
David Garske 3a34a4cd1d Merge pull request #4882 from SparkiDev/even_mod_check
RSA/DH: check for even modulus
2022-02-23 09:33:12 -08:00
Juliusz Sosinowicz 2c978a96b2 Prevent possibility of an infinite retry loop and resource exhaution
Reported in ZD13606
2022-02-23 10:07:21 +01:00
Juliusz Sosinowicz fb943a2f23 Rebase and make wolfSSL_CTX_up_ref always available
`wolfSSL_CTX_up_ref` is a small and potentially useful API for users so it doesn't need to be restricted only to the compatibility layer. The reference counting mechanisms are always available anyway. This just exposes the functionality to the user.
2022-02-23 09:55:52 +01:00
Juliusz Sosinowicz d1f53055e9 Peeking can't return a WOLFSSL_ERROR_WANT_READ in compatibility mode 2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 617eda9d44 Fix misc memory issues
- Make `InternalTicket` memory alignment independent
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz b402102e58 Add backwards compatibility for wolfSSL_get_session
Before this pull request, `wolfSSL_get_session` always returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it calls `wolfSSL_set_session` on it. This PR adds a define `NO_SESSION_CACHE_REF` (for now only defined with `OPENSSL_COMPATIBLE_DEFAULTS`) that makes wolfSSL only return a pointer to `ssl->session`. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with the `WOLFSSL` object. This commit leverages the lightweight `ClientCache` to "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz ceff401269 Fixes for Jenkins tests
- Move test to `HAVE_IO_TESTS_DEPENDENCIES`
- Implement `wolfSSL_trust_peer_cert`
- have{cipher} options weren't being set with only RSA enabled
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 91b08fb691 Allocate ssl->session separately on the heap
- Refactor session cache access into `AddSessionToCache` and `wolfSSL_GetSessionFromCache`
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 1d712d47ba Access to session cache is now atomic
- Adding and getting sessions to and from the local cache is now atomic.
  - The new internal `wolfSSL_GetSessionFromCache` requires a destination object to be supplied when retrieving from the cache so that items can be retrieved independently from the cache. For most existing calls, the destination is `ssl->session`.
  -`PREALLOC_SESSION_TICKET_LEN` defines how much memory is temporarily allocated for the ticket if it doesn't fit in the static session buffer.
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz afca455cda stunnel 5.61 support
- New/Implemented API
  - `SSL_has_pending`
  - `wolfSSL_CertManagerLoadCRLFile`
  - `wolfSSL_LoadCRLFile`
  - `wolfSSL_CTX_LoadCRLFile`
  - `wolfSSL_CTX_add_session`
- Calling chain certificate API (for example `wolfSSL_CTX_use_certificate_chain_file`) no longer requires an actual chain certificate PEM file to be passed in as input. `ProcessUserChain` error in `ProcessBuffer` is ignored if it returns that it didn't find a chain.
- Add `WOLFSSL_TICKET_HAVE_ID` macro. When defined tickets will include the original session ID that can be used to lookup the session in internal cache. This is useful for fetching information about the peer that doesn't get sent in a resumption (such as the peer's certificate chain).
  - Add `ssl->ticketSessionID` field because `ssl->session.sessionID` is used to return the "bogus" session ID sent by the client in TLS 1.3
- `OPENSSL_COMPATIBLE_DEFAULTS` changes
  - Define `WOLFSSL_TRUST_PEER_CERT` and certificates added as CA's will also be loaded as trusted peer certificates
  - Define `WOLFSSL_TLS13_MIDDLEBOX_COMPAT`
- Seperate `internalCacheOff` and `internalCacheLookupOff` options to govern session addition and lookup
- `VerifyServerSuite` now determines if RSA is available by checking for it directly and not assuming it as the default if static ECC is not available
- `WOLFSSL_SESSION` changes
  - `ssl->extSession` added to return a dynamic session when internalCacheOff is set
  - `ssl->session.refPtr` made dynamic and gets free'd in `SSL_ResourceFree`
- If `SSL_MODE_AUTO_RETRY` is set then retry should only occur during a handshake
- `WOLFSSL_TRUST_PEER_CERT` code now always uses `cert->subjectHash` for the `cm->tpTable` table row selection
- Change some error message names to line up with OpenSSL equivalents
- Run `MatchSuite` again if certificate setup callback installed and successful
- Refactor clearing `ASN_NO_PEM_HEADER` off the error queue into a macro
- `wolfSSL_get_peer_certificate` now returns a duplicated object meaning that the caller needs to free the returned object
- Allign `wolfSSL_CRYPTO_set_mem_functions` callbacks with OpenSSL API
- `wolfSSL_d2i_PKCS12_bio` now consumes the input BIO. It now supports all supported BIO's instead of only memory BIO.
- stunnel specific
  - Always return a session object even if we don't have a session in cache. This allows stunnel to save information in the session external data that will be transfered to new connections if the session is reused
  - When allocating a dynamic session, always do `wolfSSL_SESSION_set_ex_data(session, 0, (void *)(-1)`. This is to mimic the new index callback set in `SSL_SESSION_get_ex_new_index`.
- Fix comment in `wolfSSL_AES_cbc_encrypt`
- Trusted peer certificate suite tests need to have CRL disabled since we don't have the issuer certificate in the CA store if the certificates are only added as trusted peer certificates.
tested
2022-02-23 09:47:34 +01:00
Sean Parkinson 2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
Sean Parkinson d33b787993 BIO: move APIs out of ssl.c
Get configuration working: --enable-all CFLAGS=-DNO_BIO
2022-02-23 14:11:30 +10:00
Sean Parkinson b5ed5c9b99 RSA/DH: check for even modulus 2022-02-23 09:51:15 +10:00
Sean Parkinson 5b6130889e SP asm: fix for modexp corner case
When exponent bit length is a multiple of the window size and the top
word has only window bits in it, then n is shifted down by an undefined
value (size of a word). The n value is not used after this.
Check for this condition and don't attempt to shift n.
2022-02-23 09:17:08 +10:00
David Garske 2beb27972b OCSP IPv6 support with --enable-ipv6 or WOLFSSL_IPV6. Improve the logic around C99 and getaddrinfo. 2022-02-22 15:07:05 -08:00
David Garske fef8a57eb2 Merge pull request #4880 from julek-wolfssl/plain-alert
Detect if we are processing a plaintext alert
2022-02-22 10:11:08 -08:00
David Garske e8c9a413ca Merge pull request #4878 from SparkiDev/sp_x64_oob_write_fix_1
ECC with SP math: OOB write
2022-02-22 09:53:32 -08:00
David Garske b40226099d Merge pull request #4877 from SparkiDev/sp_x64_asm_fix_1
SP asm: fix map function to use p not point
2022-02-22 09:50:53 -08:00
Sean Parkinson d10900e124 ECC with SP math: OOB write
Don't let input points ordinates be greater than modulus in length.
2022-02-22 17:00:23 +10:00
Sean Parkinson 78f116b27f SP asm: fix map function to use p not point 2022-02-22 16:33:24 +10:00
Sean Parkinson 2a750acf03 Merge pull request #4873 from dgarske/async_v5.2.0
Asynchronous Release v5.2.0: TLS 1.3 HelloRetryRequest
2022-02-22 10:35:17 +10:00
David Garske 250a06f759 Merge pull request #4865 from SparkiDev/sp_int_mont_red
SP int: Montgomery Reduction
2022-02-21 16:20:17 -08:00
David Garske 31abc99f6f Fix for async handling of TLS v1.3 hello retry broken in #4863. 2022-02-21 14:14:20 -08:00
David Garske 6a81cc976e Merge pull request #4872 from SparkiDev/tls13_empty_cert_cli
TLS 1.3: fail immediately if server sends empty certificate message
2022-02-21 14:10:40 -08:00
David Garske 38d4da56ab Merge pull request #4857 from julek-wolfssl/ZD13631
Reported in ZD13631
2022-02-21 14:01:51 -08:00
David Garske d834c50c85 Merge pull request #4858 from julek-wolfssl/ZD13611
Reported in ZD13611
2022-02-21 14:01:42 -08:00
David Garske e6c07a296d Merge pull request #4866 from ejohnstown/release
Prepare for release 5.2.0
v5.2.0-stable
2022-02-21 09:09:58 -08:00
Sean Parkinson 9263e6ead3 TLS 1.3: fail immediately if server sends empty certificate message 2022-02-21 21:34:13 +10:00
John Safranek ad8bf40b5e Update readme for release. 2022-02-20 13:05:04 -08:00
John Safranek bb8af1cac5 Prepare for release 5.2.0
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
   contexts if the contexts exist.
2022-02-18 13:55:22 -08:00
David Garske ffb4ae07df Merge pull request #4871 from wolfSSL/small-leak
Fix Small Memory Leaks
2022-02-18 13:53:56 -08:00
John Safranek 041d300b2b Fix Small Memory Leaks
Found with the configuration running the unit test through valgrind.

    % ./configure CFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST \
      --enable-all --disable-fastmath --enable-debug --disable-shared

1. ssl.c: In wolfSSL_DSA_generate_key(), we initialize (and allocate)
   all the parameters in the key (p, q, g, x, y), and then we generate a
   key, initializes (and allocates) x and y, again. mp_clear them
   first.
2. evp.c: When printing public keys, the temporary mp_int wasn't getting
   correctly freed.
3. evp.c: When printing public keys, modified the utility functions to
   return once with a do-while-0 loop.
2022-02-18 10:01:49 -08:00
John Safranek 4b0c8c07f4 Merge pull request #4870 from elms/fix/tls13_renegotiation_info_ext
tls13: fix not including RENEGOTIATION_INFO ext
2022-02-17 13:09:02 -08:00
elms 208c457348 tls13: fix to not send RENEGOTIATION_INFO ext
Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
2022-02-17 11:22:17 -08:00
David Garske 95ae242550 Merge pull request #4869 from wolfSSL/silabs-aes
SILABS port: fix sizeof
2022-02-17 10:45:47 -08:00
David Garske b343c2691b Merge pull request #4867 from maximevince/master
Fix WOLFSSL_NO_TLS12 for Async dev
2022-02-17 10:18:18 -08:00
John Safranek 4361d1bdd2 SILABS port: fix sizeof
A sizeof wasn't dereferencing a pointer using the sizeof the pointer and
not the actual struct. This is limited to setting the key for an AES
operation only when using SILABS SE2 acceleration.
2022-02-17 08:52:46 -08:00
Maxime Vincent 111ae9da84 Fix WOLFSSL_NO_TLS12 for Async dev 2022-02-17 08:10:19 +01:00
Juliusz Sosinowicz c5875cfc5a Detect if we are processing a plaintext alert 2022-02-16 10:50:44 +01:00
David Garske df0b516c68 Merge pull request #4863 from SparkiDev/tls13_auth
TLS 1.3: improved checks on received message type
2022-02-15 11:33:34 -08:00
Juliusz Sosinowicz 15d0dd258a Add cert test for UID name component 2022-02-15 14:05:46 +01:00
Sean Parkinson ea5785f6fd SP int: Montgomery Reduction
Improve performance for ECC curves when all bits in words are used (mask
is 0).
On 64-bit platforms, improves performance for 256 and 384 bit curves.
On 32-bit platforms, improves performance for 224, 256, 384 bit curves.
2022-02-15 17:19:57 +10:00
Sean Parkinson 94c03a77f5 TLS 1.3: improved checks on received message type
pskNegotiated field added to indicate Session Ticket or PSK negotiated.

peerAuthGood field added to indicate that any require peer
authentication (certificate, if required, or PSK) have been performed.
2022-02-15 13:25:16 +10:00
Sean Parkinson 9906c9c55e Merge pull request #4862 from dgarske/no_server
Fix typo for no server
2022-02-15 10:31:12 +10:00