Commit Graph

16419 Commits

Author SHA1 Message Date
David Garske 9644a04db2 Peer review fix. 2022-02-28 11:32:12 -08:00
David Garske 9bdef1577b Fixes for hmac. 2022-02-25 15:19:52 -08:00
David Garske cc2eb0ab71 KCAPI Testing fixes. 2022-02-25 15:16:55 -08:00
Anthony Hu 07fdca1d62 Merge pull request #4885 from SparkiDev/asn_templ_bad_name 2022-02-24 12:44:27 -05:00
David Garske 86e08525cb Merge pull request #4852 from elms/fix/more_oot
automake: fix fips touch and cleanup
2022-02-24 09:04:05 -08:00
David Garske 5fdc339e34 Merge pull request #4889 from SparkiDev/sp_int_iar
SP math all: IAR doesn't accept comment lines in assembly
2022-02-24 08:37:51 -08:00
Sean Parkinson 3d5b933f3c SP math all: IAR doesn't accept comment lines in assembly
Replace assembly comment lines with C comment lines.
2022-02-24 16:06:31 +10:00
Sean Parkinson bb50777f1a ASN template: handle short OIDs
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
2022-02-24 15:36:56 +10:00
Sean Parkinson b13826a3a5 Merge pull request #4840 from haydenroche5/visual_studio_cleanup
Clean up Visual Studio output and intermediate directories.
2022-02-24 15:07:13 +10:00
elms d1895e5679 automake: fix fips touch and cleanup
This fixes an issue with yocto that only occurs when using `devtool`
which builds out of tree.
2022-02-23 14:11:31 -08:00
Hayden Roche 666cf508a2 Merge pull request #4874 from dgarske/ocsp_ipv6 2022-02-23 13:37:16 -08:00
David Garske fbc7d5a6b2 Minor textual fixes. Thanks Hayden. 2022-02-23 09:43:10 -08:00
David Garske 0824a64c92 Merge pull request #4807 from julek-wolfssl/stunnel-5.61
stunnel 5.61 support
2022-02-23 09:41:51 -08:00
David Garske b84086a482 Merge pull request #4883 from SparkiDev/ssl_bio_move
BIO: move APIs out of ssl.c
2022-02-23 09:38:54 -08:00
David Garske 0afc5e2cf1 Merge pull request #4881 from SparkiDev/sp_asm_shift_fix
SP asm: fix for modexp corner case
2022-02-23 09:37:25 -08:00
David Garske 8623b0c089 Merge pull request #4849 from SparkiDev/sp_p521
SP: Add support for P521
2022-02-23 09:33:49 -08:00
David Garske 3a34a4cd1d Merge pull request #4882 from SparkiDev/even_mod_check
RSA/DH: check for even modulus
2022-02-23 09:33:12 -08:00
Juliusz Sosinowicz 2c978a96b2 Prevent possibility of an infinite retry loop and resource exhaution
Reported in ZD13606
2022-02-23 10:07:21 +01:00
Juliusz Sosinowicz fb943a2f23 Rebase and make wolfSSL_CTX_up_ref always available
`wolfSSL_CTX_up_ref` is a small and potentially useful API for users so it doesn't need to be restricted only to the compatibility layer. The reference counting mechanisms are always available anyway. This just exposes the functionality to the user.
2022-02-23 09:55:52 +01:00
Juliusz Sosinowicz d1f53055e9 Peeking can't return a WOLFSSL_ERROR_WANT_READ in compatibility mode 2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 617eda9d44 Fix misc memory issues
- Make `InternalTicket` memory alignment independent
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz b402102e58 Add backwards compatibility for wolfSSL_get_session
Before this pull request, `wolfSSL_get_session` always returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it calls `wolfSSL_set_session` on it. This PR adds a define `NO_SESSION_CACHE_REF` (for now only defined with `OPENSSL_COMPATIBLE_DEFAULTS`) that makes wolfSSL only return a pointer to `ssl->session`. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with the `WOLFSSL` object. This commit leverages the lightweight `ClientCache` to "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz ceff401269 Fixes for Jenkins tests
- Move test to `HAVE_IO_TESTS_DEPENDENCIES`
- Implement `wolfSSL_trust_peer_cert`
- have{cipher} options weren't being set with only RSA enabled
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 91b08fb691 Allocate ssl->session separately on the heap
- Refactor session cache access into `AddSessionToCache` and `wolfSSL_GetSessionFromCache`
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz 1d712d47ba Access to session cache is now atomic
- Adding and getting sessions to and from the local cache is now atomic.
  - The new internal `wolfSSL_GetSessionFromCache` requires a destination object to be supplied when retrieving from the cache so that items can be retrieved independently from the cache. For most existing calls, the destination is `ssl->session`.
  -`PREALLOC_SESSION_TICKET_LEN` defines how much memory is temporarily allocated for the ticket if it doesn't fit in the static session buffer.
2022-02-23 09:47:34 +01:00
Juliusz Sosinowicz afca455cda stunnel 5.61 support
- New/Implemented API
  - `SSL_has_pending`
  - `wolfSSL_CertManagerLoadCRLFile`
  - `wolfSSL_LoadCRLFile`
  - `wolfSSL_CTX_LoadCRLFile`
  - `wolfSSL_CTX_add_session`
- Calling chain certificate API (for example `wolfSSL_CTX_use_certificate_chain_file`) no longer requires an actual chain certificate PEM file to be passed in as input. `ProcessUserChain` error in `ProcessBuffer` is ignored if it returns that it didn't find a chain.
- Add `WOLFSSL_TICKET_HAVE_ID` macro. When defined tickets will include the original session ID that can be used to lookup the session in internal cache. This is useful for fetching information about the peer that doesn't get sent in a resumption (such as the peer's certificate chain).
  - Add `ssl->ticketSessionID` field because `ssl->session.sessionID` is used to return the "bogus" session ID sent by the client in TLS 1.3
- `OPENSSL_COMPATIBLE_DEFAULTS` changes
  - Define `WOLFSSL_TRUST_PEER_CERT` and certificates added as CA's will also be loaded as trusted peer certificates
  - Define `WOLFSSL_TLS13_MIDDLEBOX_COMPAT`
- Seperate `internalCacheOff` and `internalCacheLookupOff` options to govern session addition and lookup
- `VerifyServerSuite` now determines if RSA is available by checking for it directly and not assuming it as the default if static ECC is not available
- `WOLFSSL_SESSION` changes
  - `ssl->extSession` added to return a dynamic session when internalCacheOff is set
  - `ssl->session.refPtr` made dynamic and gets free'd in `SSL_ResourceFree`
- If `SSL_MODE_AUTO_RETRY` is set then retry should only occur during a handshake
- `WOLFSSL_TRUST_PEER_CERT` code now always uses `cert->subjectHash` for the `cm->tpTable` table row selection
- Change some error message names to line up with OpenSSL equivalents
- Run `MatchSuite` again if certificate setup callback installed and successful
- Refactor clearing `ASN_NO_PEM_HEADER` off the error queue into a macro
- `wolfSSL_get_peer_certificate` now returns a duplicated object meaning that the caller needs to free the returned object
- Allign `wolfSSL_CRYPTO_set_mem_functions` callbacks with OpenSSL API
- `wolfSSL_d2i_PKCS12_bio` now consumes the input BIO. It now supports all supported BIO's instead of only memory BIO.
- stunnel specific
  - Always return a session object even if we don't have a session in cache. This allows stunnel to save information in the session external data that will be transfered to new connections if the session is reused
  - When allocating a dynamic session, always do `wolfSSL_SESSION_set_ex_data(session, 0, (void *)(-1)`. This is to mimic the new index callback set in `SSL_SESSION_get_ex_new_index`.
- Fix comment in `wolfSSL_AES_cbc_encrypt`
- Trusted peer certificate suite tests need to have CRL disabled since we don't have the issuer certificate in the CA store if the certificates are only added as trusted peer certificates.
tested
2022-02-23 09:47:34 +01:00
Sean Parkinson 2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
Sean Parkinson d33b787993 BIO: move APIs out of ssl.c
Get configuration working: --enable-all CFLAGS=-DNO_BIO
2022-02-23 14:11:30 +10:00
Sean Parkinson b5ed5c9b99 RSA/DH: check for even modulus 2022-02-23 09:51:15 +10:00
Sean Parkinson 5b6130889e SP asm: fix for modexp corner case
When exponent bit length is a multiple of the window size and the top
word has only window bits in it, then n is shifted down by an undefined
value (size of a word). The n value is not used after this.
Check for this condition and don't attempt to shift n.
2022-02-23 09:17:08 +10:00
David Garske 2beb27972b OCSP IPv6 support with --enable-ipv6 or WOLFSSL_IPV6. Improve the logic around C99 and getaddrinfo. 2022-02-22 15:07:05 -08:00
David Garske fef8a57eb2 Merge pull request #4880 from julek-wolfssl/plain-alert
Detect if we are processing a plaintext alert
2022-02-22 10:11:08 -08:00
David Garske e8c9a413ca Merge pull request #4878 from SparkiDev/sp_x64_oob_write_fix_1
ECC with SP math: OOB write
2022-02-22 09:53:32 -08:00
David Garske b40226099d Merge pull request #4877 from SparkiDev/sp_x64_asm_fix_1
SP asm: fix map function to use p not point
2022-02-22 09:50:53 -08:00
Sean Parkinson d10900e124 ECC with SP math: OOB write
Don't let input points ordinates be greater than modulus in length.
2022-02-22 17:00:23 +10:00
Sean Parkinson 78f116b27f SP asm: fix map function to use p not point 2022-02-22 16:33:24 +10:00
Sean Parkinson 2a750acf03 Merge pull request #4873 from dgarske/async_v5.2.0
Asynchronous Release v5.2.0: TLS 1.3 HelloRetryRequest
2022-02-22 10:35:17 +10:00
David Garske 250a06f759 Merge pull request #4865 from SparkiDev/sp_int_mont_red
SP int: Montgomery Reduction
2022-02-21 16:20:17 -08:00
David Garske 31abc99f6f Fix for async handling of TLS v1.3 hello retry broken in #4863. 2022-02-21 14:14:20 -08:00
David Garske 6a81cc976e Merge pull request #4872 from SparkiDev/tls13_empty_cert_cli
TLS 1.3: fail immediately if server sends empty certificate message
2022-02-21 14:10:40 -08:00
David Garske 38d4da56ab Merge pull request #4857 from julek-wolfssl/ZD13631
Reported in ZD13631
2022-02-21 14:01:51 -08:00
David Garske d834c50c85 Merge pull request #4858 from julek-wolfssl/ZD13611
Reported in ZD13611
2022-02-21 14:01:42 -08:00
David Garske e6c07a296d Merge pull request #4866 from ejohnstown/release
Prepare for release 5.2.0
v5.2.0-stable
2022-02-21 09:09:58 -08:00
Sean Parkinson 9263e6ead3 TLS 1.3: fail immediately if server sends empty certificate message 2022-02-21 21:34:13 +10:00
John Safranek ad8bf40b5e Update readme for release. 2022-02-20 13:05:04 -08:00
John Safranek bb8af1cac5 Prepare for release 5.2.0
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
   contexts if the contexts exist.
2022-02-18 13:55:22 -08:00
David Garske ffb4ae07df Merge pull request #4871 from wolfSSL/small-leak
Fix Small Memory Leaks
2022-02-18 13:53:56 -08:00
John Safranek 041d300b2b Fix Small Memory Leaks
Found with the configuration running the unit test through valgrind.

    % ./configure CFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST \
      --enable-all --disable-fastmath --enable-debug --disable-shared

1. ssl.c: In wolfSSL_DSA_generate_key(), we initialize (and allocate)
   all the parameters in the key (p, q, g, x, y), and then we generate a
   key, initializes (and allocates) x and y, again. mp_clear them
   first.
2. evp.c: When printing public keys, the temporary mp_int wasn't getting
   correctly freed.
3. evp.c: When printing public keys, modified the utility functions to
   return once with a do-while-0 loop.
2022-02-18 10:01:49 -08:00
John Safranek 4b0c8c07f4 Merge pull request #4870 from elms/fix/tls13_renegotiation_info_ext
tls13: fix not including RENEGOTIATION_INFO ext
2022-02-17 13:09:02 -08:00
elms 208c457348 tls13: fix to not send RENEGOTIATION_INFO ext
Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
2022-02-17 11:22:17 -08:00