Commit Graph

6254 Commits

Author SHA1 Message Date
David Garske fb704774a0 Merge pull request #4907 from rizlik/dtls13
DTLSv1.3 support
2022-06-15 13:57:02 -07:00
David Garske d9d8b7e2d8 Merge pull request #5245 from SparkiDev/force_zero
Memory zeroization fixes
2022-06-15 11:16:04 -07:00
David Garske aa8df1af78 Fixes for building without DTLS v1.2 and TLS v1.2. Fixes for explicit cast warnings. 2022-06-15 10:49:18 -07:00
Marco Oliverio ca05ad2dc0 dtls13: introduce wolfSSL_dtls_13_has_pending_msg() API 2022-06-15 10:46:43 -07:00
Marco Oliverio e2abdf23a7 internal: return from wolfSSL_Peek() with sz 0 if we don't have data
This way we can use wolfSSL_Peek() invoked with sz == 0 to process pending
records and, if none of this records is an application data record, we will not
block.
2022-06-15 10:46:43 -07:00
Marco Oliverio dfc9873c0f dtls13: support KeyUpdate messages 2022-06-15 10:46:43 -07:00
Marco Oliverio d1924928c0 dtls13: support retransmission
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.

* Retransmission

Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.

* ACK

For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2022-06-15 10:46:43 -07:00
Marco Oliverio d079662765 dtls13: support fragmentation, sending and receiving
This commit implements the core of the header parsing, building, and the sending
and receiving routines that handle fragmentation and defragmentation.

* In DTLSv1.3 the header used for protected messages is a variable-length header,
and it is described RFC9147 Section 4.

* Fragmentation happens after building the full message, if necessary. If the
underlying I/O can't send a fragment because of a WANT_WRITE error, the sending
of fragments will continue in the next invocation of
wolfSSL_connect/wolfSSL_accept/wolfSSL_write. In this case the message is saved
in a buffer inside the WolfSSL object.

* Defragmentation works like DTLSv1.2 defragmentation, and re-use
most of the same code.

* The Dtls13AddHeaders() function does not add the record layer header, but it
lefts space for it. It is eventually placed by BuildTls13Message() to allow
easier management of sequence numbers.
2022-06-15 10:46:43 -07:00
Marco Oliverio 173077b142 dtls: refactor DtlsUpdateWindow() window
split the DtlsUpdateWindow() function, so part of the code can be reused by
DTLSv1.3 code.
2022-06-15 10:46:43 -07:00
Marco Oliverio 30fb664163 internal.c: add runProcessingOneRecord section
DTLSv1.3 needs to do some operation per-record, this commit adds an appropriate
section to ProcessReplyEx.
2022-06-15 10:46:43 -07:00
Marco Oliverio 2696c3cdd3 dtls13: change encryption keys dynamically based on the epoch
In DTLSv1.3, because of retransmission and reordering, we may need to encrypt or
decrypt records with older keys. As an example, if the server finished message
is lost, the server will need to retransmit that message using handshake traffic
keys, even if he already used the traffic0 ones (as, for example, to send
NewSessionTicket just after the finished message).

This commit implements a way to save the key bound to a DTLS epoch and setting
the right key/epoch when needed.
2022-06-15 10:46:43 -07:00
Marco Oliverio de04973051 dtls13: record number encryption and decryption 2022-06-15 10:46:43 -07:00
Marco Oliverio 60834ba516 dtls13: new methods and version negotiation 2022-06-15 10:46:42 -07:00
Marco Oliverio 7586851734 dtls13: export functions
They will be used by DTLSv1.3 code
2022-06-15 10:46:42 -07:00
Marco Oliverio d8ac35579c dtls13: add autotools, cmake build options and vstudio paths 2022-06-15 10:46:42 -07:00
Marco Oliverio 6630a83182 dtls: handshake header parsing fixes 2022-06-15 12:00:26 +02:00
Sean Parkinson f1ce0cc95d Memory zeroization fixes
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
Sean Parkinson 9656963f61 Merge pull request #5231 from dgarske/glitch_harden
Added sanity check on TLS encrypt to trap against glitching
2022-06-15 09:48:18 +10:00
David Garske 2f4864cab2 Added sanity check on TLS encrypt to trap against glitching. 2022-06-14 09:37:44 -07:00
Daniel Pouzzner 5a8c130040 fix whitespace 2022-06-14 09:43:05 -05:00
David Garske 0b78961111 Merge pull request #5186 from SparkiDev/pk_c_rework_1
pk.c: rework
2022-06-13 08:35:09 -07:00
Sean Parkinson 1de54ed8d7 Improve SessionSecret_callback code. 2022-06-13 10:43:09 +10:00
David Garske cafe5646b6 Fix for TLS v1.1 length sanity check for large messages. 2022-06-10 13:35:06 -07:00
David Garske d600a4b887 Spelling and Whitespace cleanups. Fix issue with trying to build pk.c directly and always getting warn even with WOLFSSL_IGNORE_FILE_WARN. 2022-06-10 09:06:55 -07:00
David Garske 49008b169c Merge pull request #5087 from haydenroche5/x509_print
Add support for more extensions to wolfSSL_X509_print_ex.
2022-06-10 08:19:23 -07:00
Sean Parkinson 890abfbefc pk.c: rework
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
2022-06-10 09:54:32 +10:00
Hayden Roche f479600066 Add support for more extensions to wolfSSL_X509_print_ex.
- Key usage
- Extended key usage
- Subject alt name

Additionally, print out the criticality of the extensions.
2022-06-09 16:50:10 +02:00
Daniel Pouzzner 088d378ba4 ssl.c:EncryptDerKey(): use XSTRLCPY() and XSTRLCAT() to build up cipherInfo, and remove XSTRCPY() macro from wolfssl/wolfcrypt/types.h (clang-tidy hates on it, albeit frivolously). 2022-06-07 08:22:48 -05:00
Daniel Pouzzner 711a900ff7 Merge pull request #5214 from lealem47/ghostFunc
Removing ghosts and updating defines in openssl/buffer.h
2022-06-06 17:05:33 -05:00
Lealem Amedie 07e0a6fa8e Removing ghost functions and fixing overflow warning in ssl.c 2022-06-06 11:33:26 -07:00
kaleb-himes 3bcdef1972 Fix various warnings and an uninitialized XFILE 2022-06-03 09:52:53 -06:00
Sean Parkinson ee78e63b87 Merge pull request #5203 from dgarske/zd14289
Fix the supported version extension to always check minDowngrade
2022-06-03 08:31:36 +10:00
David Garske 2dd27c8d4a Fix the supported version extension to check the ssl->options.minDowngrade always. 2022-06-02 11:17:25 -07:00
Daniel Pouzzner 2e307e1cd3 tls13.c: fix null pointer deref in FreeDcv13Args(). 2022-06-02 10:32:05 -05:00
Juliusz Sosinowicz 3d71956b48 wolfssl-multi-test fixes:
- Remove RetrySendAlert and SendAlert recursion
- args possible NULL dereference
2022-06-02 16:08:25 +02:00
David Garske 9cfcdfc7aa Merge pull request #5149 from julek-wolfssl/store-frags-v2
Re-use async to support WANT_WRITE while sending fragments
2022-06-01 10:52:54 -07:00
Juliusz Sosinowicz d29c656d4f SendAlert: clear output buffer to try and send the alert now 2022-06-01 16:48:57 +02:00
Juliusz Sosinowicz df10e1fad2 Store RetrySendAlert error in ssl->error 2022-06-01 14:59:10 +02:00
Sean Parkinson be743b2204 TLS 1.3: send ticket
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz c74315f1ef Save pending alerts when using async io
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
2022-05-31 18:17:11 +02:00
David Garske 2ed85926d5 Merge pull request #5187 from kareem-wolfssl/hsHashesNull
Confirm ssl->hsHashes is not NULL before attempting to dereference it.
2022-05-30 10:41:35 -07:00
Juliusz Sosinowicz 8aa2da532c Combine preproc check into one statement 2022-05-30 15:27:36 +02:00
Juliusz Sosinowicz 8cb4819b53 Fix curve group matching on secure renegotiation 2022-05-27 21:26:55 +02:00
Juliusz Sosinowicz 50c0b3d2a2 Add testing/docs for blocking write
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
2022-05-27 21:26:55 +02:00
Kareem 98ec442b37 Confirm ssl->hsHashes is not NULL before attempting to dereference it. 2022-05-27 10:57:23 -07:00
Anthony Hu df06db114d Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442
Testing:

./autogen.sh
./configure --enable-psk
make all check

$ ./examples/server/server  -j -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!

$ ./examples/client/client  -s -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
2022-05-27 11:05:55 -04:00
Juliusz Sosinowicz 4e8c362152 Allocate ssl->async seperately to the SSL object 2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz 733fe1a8d3 Use WOLFSSL_ASYNC_IO for WOLFSSL_NONBLOCK_OCSP
- Enable ssl->async to store function arguments for non-blocking OCSP
- Remove ssl->nonblockarg
2022-05-26 23:08:48 +02:00
Juliusz Sosinowicz c151dcec50 Re-use async to support WANT_WRITE while sending fragments
- Async I/O can be turned off with WOLFSSL_NO_ASYNC_IO
- WOLFSSL_ASYNC_IO functionality enabled in SendCertificateVerify() and SendServerKeyExchange() to allow safe re-entry into SendHandshakeMsg()
- Testing size of structs is refactored int WOLFSSL_ASSERT_SIZEOF_GE()
2022-05-26 23:08:48 +02:00
Eric Blankenhorn 2800d00bb4 Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA 2022-05-26 06:11:45 -05:00