Sean Parkinson
6a0682d422
i2d AIPs move pointer on when a pointer to a buffer is passed in
...
Restore behaviour to be compatible with OpenSSL.
Replace comparison of DER data using AsserStrEQ to use memcmp.
2022-06-17 12:36:06 +10:00
Sean Parkinson
4fc709d2af
Merge pull request #5256 from dgarske/cert_chain_der
...
Fixes for loading a DER/ASN.1 certificate chain
2022-06-17 11:55:49 +10:00
David Garske
128ebf54e9
Fix for loading certificate DER chain longer than 2 deep. Fix to properly trap BUFFER_E in ProcessUserChain. ZD14048.
2022-06-16 16:19:37 -07:00
Sean Parkinson
2834c22ce0
Merge pull request #5204 from lealem47/basicConst
...
Encoding the X509 Basic Constraint when CA:FALSE
2022-06-17 08:33:57 +10:00
Lealem Amedie
911f361285
Call RSA_To_Der instead of RSA_To_Der_ex in i2d_RSA key funcs
2022-06-16 12:26:47 -07:00
John Safranek
8f7db87f01
Merge pull request #5249 from dgarske/rsa_ifc
...
Cleanup the RSA consistency check
2022-06-16 09:14:08 -07:00
Lealem Amedie
5e63740c6c
Ensuring that X509 Basic Constraint is set when CA:FALSE
2022-06-16 08:46:52 -07:00
Marco Oliverio
6a0c6049ce
dtls: abide deadstore static analyzer warnings
2022-06-16 14:02:09 +02:00
David Garske
7e1549c684
Cleanup the RSA consistency check. Should only be enabled for FIPS v2 (3389), FIPS v5 or later. Can be forcefully enabled for non-FIPS using WOLFSSL_RSA_KEY_CHECK. The existing WOLFSSL_NO_RSA_KEY_CHECK macro will also disable it. This change was introduced in PR #4359 .
2022-06-15 14:46:23 -07:00
David Garske
fb704774a0
Merge pull request #4907 from rizlik/dtls13
...
DTLSv1.3 support
2022-06-15 13:57:02 -07:00
David Garske
d9d8b7e2d8
Merge pull request #5245 from SparkiDev/force_zero
...
Memory zeroization fixes
2022-06-15 11:16:04 -07:00
David Garske
aa8df1af78
Fixes for building without DTLS v1.2 and TLS v1.2. Fixes for explicit cast warnings.
2022-06-15 10:49:18 -07:00
Marco Oliverio
ca05ad2dc0
dtls13: introduce wolfSSL_dtls_13_has_pending_msg() API
2022-06-15 10:46:43 -07:00
Marco Oliverio
e2abdf23a7
internal: return from wolfSSL_Peek() with sz 0 if we don't have data
...
This way we can use wolfSSL_Peek() invoked with sz == 0 to process pending
records and, if none of this records is an application data record, we will not
block.
2022-06-15 10:46:43 -07:00
Marco Oliverio
dfc9873c0f
dtls13: support KeyUpdate messages
2022-06-15 10:46:43 -07:00
Marco Oliverio
d1924928c0
dtls13: support retransmission
...
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.
* Retransmission
Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.
* ACK
For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com >
2022-06-15 10:46:43 -07:00
Marco Oliverio
d079662765
dtls13: support fragmentation, sending and receiving
...
This commit implements the core of the header parsing, building, and the sending
and receiving routines that handle fragmentation and defragmentation.
* In DTLSv1.3 the header used for protected messages is a variable-length header,
and it is described RFC9147 Section 4.
* Fragmentation happens after building the full message, if necessary. If the
underlying I/O can't send a fragment because of a WANT_WRITE error, the sending
of fragments will continue in the next invocation of
wolfSSL_connect/wolfSSL_accept/wolfSSL_write. In this case the message is saved
in a buffer inside the WolfSSL object.
* Defragmentation works like DTLSv1.2 defragmentation, and re-use
most of the same code.
* The Dtls13AddHeaders() function does not add the record layer header, but it
lefts space for it. It is eventually placed by BuildTls13Message() to allow
easier management of sequence numbers.
2022-06-15 10:46:43 -07:00
Marco Oliverio
173077b142
dtls: refactor DtlsUpdateWindow() window
...
split the DtlsUpdateWindow() function, so part of the code can be reused by
DTLSv1.3 code.
2022-06-15 10:46:43 -07:00
Marco Oliverio
30fb664163
internal.c: add runProcessingOneRecord section
...
DTLSv1.3 needs to do some operation per-record, this commit adds an appropriate
section to ProcessReplyEx.
2022-06-15 10:46:43 -07:00
Marco Oliverio
2696c3cdd3
dtls13: change encryption keys dynamically based on the epoch
...
In DTLSv1.3, because of retransmission and reordering, we may need to encrypt or
decrypt records with older keys. As an example, if the server finished message
is lost, the server will need to retransmit that message using handshake traffic
keys, even if he already used the traffic0 ones (as, for example, to send
NewSessionTicket just after the finished message).
This commit implements a way to save the key bound to a DTLS epoch and setting
the right key/epoch when needed.
2022-06-15 10:46:43 -07:00
Marco Oliverio
de04973051
dtls13: record number encryption and decryption
2022-06-15 10:46:43 -07:00
Marco Oliverio
60834ba516
dtls13: new methods and version negotiation
2022-06-15 10:46:42 -07:00
Marco Oliverio
7586851734
dtls13: export functions
...
They will be used by DTLSv1.3 code
2022-06-15 10:46:42 -07:00
Marco Oliverio
d8ac35579c
dtls13: add autotools, cmake build options and vstudio paths
2022-06-15 10:46:42 -07:00
Marco Oliverio
6630a83182
dtls: handshake header parsing fixes
2022-06-15 12:00:26 +02:00
Sean Parkinson
f1ce0cc95d
Memory zeroization fixes
...
Zeroize secrets in stack buffers and allocated memory.
mp_forcezero to ensure private MP integers are zeroized.
Fix whitespace and add some comments.
2022-06-15 11:26:11 +10:00
Sean Parkinson
9656963f61
Merge pull request #5231 from dgarske/glitch_harden
...
Added sanity check on TLS encrypt to trap against glitching
2022-06-15 09:48:18 +10:00
David Garske
2f4864cab2
Added sanity check on TLS encrypt to trap against glitching.
2022-06-14 09:37:44 -07:00
Daniel Pouzzner
5a8c130040
fix whitespace
2022-06-14 09:43:05 -05:00
David Garske
0b78961111
Merge pull request #5186 from SparkiDev/pk_c_rework_1
...
pk.c: rework
2022-06-13 08:35:09 -07:00
Sean Parkinson
1de54ed8d7
Improve SessionSecret_callback code.
2022-06-13 10:43:09 +10:00
David Garske
cafe5646b6
Fix for TLS v1.1 length sanity check for large messages.
2022-06-10 13:35:06 -07:00
David Garske
d600a4b887
Spelling and Whitespace cleanups. Fix issue with trying to build pk.c directly and always getting warn even with WOLFSSL_IGNORE_FILE_WARN.
2022-06-10 09:06:55 -07:00
David Garske
49008b169c
Merge pull request #5087 from haydenroche5/x509_print
...
Add support for more extensions to wolfSSL_X509_print_ex.
2022-06-10 08:19:23 -07:00
Sean Parkinson
890abfbefc
pk.c: rework
...
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
2022-06-10 09:54:32 +10:00
Hayden Roche
f479600066
Add support for more extensions to wolfSSL_X509_print_ex.
...
- Key usage
- Extended key usage
- Subject alt name
Additionally, print out the criticality of the extensions.
2022-06-09 16:50:10 +02:00
Daniel Pouzzner
088d378ba4
ssl.c:EncryptDerKey(): use XSTRLCPY() and XSTRLCAT() to build up cipherInfo, and remove XSTRCPY() macro from wolfssl/wolfcrypt/types.h (clang-tidy hates on it, albeit frivolously).
2022-06-07 08:22:48 -05:00
Daniel Pouzzner
711a900ff7
Merge pull request #5214 from lealem47/ghostFunc
...
Removing ghosts and updating defines in openssl/buffer.h
2022-06-06 17:05:33 -05:00
Lealem Amedie
07e0a6fa8e
Removing ghost functions and fixing overflow warning in ssl.c
2022-06-06 11:33:26 -07:00
kaleb-himes
3bcdef1972
Fix various warnings and an uninitialized XFILE
2022-06-03 09:52:53 -06:00
Sean Parkinson
ee78e63b87
Merge pull request #5203 from dgarske/zd14289
...
Fix the supported version extension to always check minDowngrade
2022-06-03 08:31:36 +10:00
David Garske
2dd27c8d4a
Fix the supported version extension to check the ssl->options.minDowngrade always.
2022-06-02 11:17:25 -07:00
Daniel Pouzzner
2e307e1cd3
tls13.c: fix null pointer deref in FreeDcv13Args().
2022-06-02 10:32:05 -05:00
Juliusz Sosinowicz
3d71956b48
wolfssl-multi-test fixes:
...
- Remove RetrySendAlert and SendAlert recursion
- args possible NULL dereference
2022-06-02 16:08:25 +02:00
David Garske
9cfcdfc7aa
Merge pull request #5149 from julek-wolfssl/store-frags-v2
...
Re-use async to support WANT_WRITE while sending fragments
2022-06-01 10:52:54 -07:00
Juliusz Sosinowicz
d29c656d4f
SendAlert: clear output buffer to try and send the alert now
2022-06-01 16:48:57 +02:00
Juliusz Sosinowicz
df10e1fad2
Store RetrySendAlert error in ssl->error
2022-06-01 14:59:10 +02:00
Sean Parkinson
be743b2204
TLS 1.3: send ticket
...
Can send a new session ticket any time after handshake is complete with
TLS v1.3.
Added API for server application to do this.
Added tests.
2022-06-01 10:36:01 +10:00
Juliusz Sosinowicz
c74315f1ef
Save pending alerts when using async io
...
- Don't overwrite ssl->error
- Clear the error in ssl->error because the return of SendBuffered is now stored in ret instead
2022-05-31 18:17:11 +02:00
David Garske
2ed85926d5
Merge pull request #5187 from kareem-wolfssl/hsHashesNull
...
Confirm ssl->hsHashes is not NULL before attempting to dereference it.
2022-05-30 10:41:35 -07:00