Commit Graph

2715 Commits

Author SHA1 Message Date
Sean Parkinson 9f6ef65e8f Merge pull request #6557 from julek-wolfssl/zd/16332
Don't allow a resumption handshake inside of a SCR
2023-07-10 13:51:29 +10:00
David Garske 91fb24161b Merge pull request #6515 from julek-wolfssl/nginx-1.25.0
Add support for nginx-1.25.0
2023-07-07 09:29:23 -07:00
Juliusz Sosinowicz 0abaa89787 Add support for nginx-1.25.0
- nginx: add necessary defines and function
- Implement Certificate Authorities for TLS 1.3
- Implement secret logging for TLS 1.3. Can be used for example with:
  ./configure CPPFLAGS="-DWOLFSSL_SSLKEYLOGFILE -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE_OUTPUT='\"/tmp/secrets\"'"
- Implement session context checking for tickets
- Check for authorized responder in OCSP basic response
- Fix handling call to ocsp->statusCb
- compat: Translate SOCKET_PEER_CLOSED_E to WOLFSSL_ERROR_SYSCALL
- Fix wolfSSL_CTX_set_session_cache_mode
  - WOLFSSL_SESS_CACHE_OFF means nothing should be on
  - WOLFSSL_SESS_CACHE_NO_INTERNAL turns off only the internal cache
- Respect ssl->options.internalCacheOff
- Implement SSL_SESSION_set_time
- wolfSSL_SSL_in_init: fix detection for TLS 1.3
- Fix handling call to ssl->alpnSelect
- SendTls13NewSessionTicket: always generate new ID
  - When we send a new ticket for the same session (for example we resumed a connection and are sending a new ticket so that the client can resume in the future), we need to generate a new ID so that we don't overwrite the old session in the cache. Overwriting the session results in the `diff` calculation in `DoClientTicketCheck()` producing the wrong value and failing to resume.
Add nginx github action test
- Fix memory leaks
- wolfSSL_OCSP_basic_verify: implement OCSP_TRUSTOTHER flag
- AKID: implement matching on issuer name and serial number
- ocsp: check for a chain match for OCSP responder
- Split CreateTicket into CreateTicket and SetupTicket
- SendCertificateStatus: free response.buffer
- Use heap hint when allocating responseBuffer
- Remove responseBuffer from internal API's that don't use it anywhere
2023-07-07 11:22:58 +02:00
Juliusz Sosinowicz 2248140bf3 Clear ssl->arrays->sessionIDSz at start of function 2023-07-06 15:13:56 -07:00
Juliusz Sosinowicz 57e53d1a43 Don't allow a resumption handshake inside of a SCR 2023-07-06 15:13:56 -07:00
Juliusz Sosinowicz c041863aaa Code review 2023-07-06 19:00:11 +02:00
Juliusz Sosinowicz d2642e329d Properly enforce the pathLenConstraint of the BasicConstraints extension
- move the testsuite file helps into a new tests/utils.c file so that they can be used across all tests
- dump the raw TLS stream when WOLFSSL_DUMP_MEMIO_STREAM is defined so that it can be examined in Wireshark
2023-07-06 19:00:11 +02:00
Daniel Pouzzner 1912f1bc2a fixes for clang-analyzer-core.NullDereference, clang-analyzer-core.NonNullParamChecker, clang-analyzer-deadcode.DeadStores, readability-redundant-preprocessor, clang-diagnostic-unreachable-code-break, -Werror=sign-conversion, bugprone-macro-parentheses, "Call to 'malloc' has an allocation size of 0 bytes", clang-diagnostic-declaration-after-statement re tests/unit.h:ExpectPtr() pragmas. 2023-07-06 00:53:37 -05:00
Juliusz Sosinowicz b0c2e29a2e Always add DTLS_MTU_ADDITIONAL_READ_BUFFER for better MTU interop 2023-07-05 10:19:19 -07:00
David Garske f00b5c3a1e Merge pull request #6537 from SparkiDev/sm
SM2/SM3/SM4: Chinese cipher support
2023-07-04 10:03:37 -07:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00
Juliusz Sosinowicz 3d68bcd6f7 Jenkins fixes 2023-07-03 14:02:51 +02:00
David Garske 95675c7e34 Merge pull request #6455 from lealem47/INIT_SSL_NO_CTX_KEY
Allow option to create SSL without key/cert in ctx
2023-06-30 10:35:52 -07:00
Lealem Amedie 7720dac545 Allow option to create SSL without key/cert in ctx 2023-06-29 13:57:40 -06:00
Anthony Hu ed4774f606 Allocate WOLFSSL_X509_NAME with heap hint. 2023-06-29 12:04:32 -04:00
David Garske 048083cfe3 Merge pull request #6329 from tmael/crl_off
Add support for enabling and disabling CRLs.
2023-06-28 16:03:25 -07:00
Tesfa Mael 03e5d109c7 Add test_wolfSSL_dup_CA_list 2023-06-27 08:29:13 -07:00
Tesfa Mael fd17fa3e9c Implement the option to disable CRL check
Do leaf CRL check by default
Correct wolfSSL_sk_X509_NAME_push return check
Update OpenSSL compatibility errors for HAProxy
Change X509_V to literal constant values
Fix the compat layer with TLS session ticket reuse
Fix for tls1_2 session resume and cache miss
Save intitial wolfSSL ctx
Check for OpenSSL CRL error code 23
2023-06-27 08:26:02 -07:00
Juliusz Sosinowicz 291c538e5f Ignore session ID's shorter than 32 bytes instead of erroring out 2023-06-27 14:51:46 +02:00
David Garske 23c60b7b9c Merge pull request #6530 from SparkiDev/tests_api_expect_5
Test api.c: change more tests to use Expect instead of Assert
2023-06-26 16:10:52 -07:00
Sean Parkinson 578f56e60c Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.

internal.c:
  InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error

ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
  wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
  SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()

asn.c:
  wc_MIME_parse_headers(): check allocation succeeded into nextHdr

compress.c:
  wc_DeCompressDynamic(): free tmp on inflateInit2 failure

memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined

wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
2023-06-27 08:01:33 +10:00
David Garske a56fe30c2c Fixes and cleanups for Keil MDK examples. Combine duplicate user_settings.h. Use SP math all by default. Disable old/deprecated algorithms. Add CMSIS RTOS timer support for TLS and benchmark. 2023-06-22 16:48:17 -06:00
David Garske 9204101e94 Merge pull request #6517 from douzzer/20230615-opensslextra-wolfSSL_ERR_reason_error_string
20230615-opensslextra-wolfSSL_ERR_reason_error_string
2023-06-21 11:06:51 -07:00
Sean Parkinson beef8b0014 outputBuffer - use idx field
dtls13.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
  Use idx when calculating unused byte count of outputBuffer.

internal.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
  Use GetOutputBuffer() to calculate end of data in outputBuffer.
  GrowOutputBuffer():
Calculate new size to allocate to include already written data in
case of static buffer.
    Copy all data including already written count (idx).
  CheckAvailableSize():
    Don't subtract idx from length when checking MTU size.
Do subtract idx from bufferSize to determine count of unused bytes
in outputBuffer.
2023-06-16 10:29:52 +10:00
Daniel Pouzzner 970663f8a1 in wolfSSL_ERR_reason_error_string(), unconditionally convert positive error codes to negative, and in switch(), match against negated values of OpenSSL positive codes like WOLFSSL_ERROR_WANT_READ. fixes #6514 2023-06-15 17:42:03 -05:00
JacobBarthelmeh 5b81dc47d2 adjust location used for writing to output buffer 2023-06-14 21:01:12 -07:00
JacobBarthelmeh 9e0c13bbdb sanity check on send fatal alert return 2023-06-14 11:08:56 -07:00
JacobBarthelmeh 938a48d9b1 sanity check on socket return value for timeout with DTLS13 2023-06-08 02:37:21 -06:00
JacobBarthelmeh 2b054e223b Merge pull request #6483 from SparkiDev/cppcheck_fixes_10
cppcheck: fixes from scan
2023-06-07 11:13:53 -06:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
John Safranek d67ce722ff Merge pull request #6476 from kareem-wolfssl/dtlsBlankCert
Send blank certificate message in DTLS when no client cert is loaded.
2023-06-06 22:43:01 -07:00
Sean Parkinson 3230d27700 Merge pull request #6436 from lealem47/sanitizer
Miscellaneous fixes for sanitizer
2023-06-06 11:55:52 +10:00
Kareem ebac138e77 Send blank certificate message in DTLS when no client cert is loaded. 2023-06-05 10:49:42 -07:00
JacobBarthelmeh 80311975ce Merge pull request #6452 from anhu/no_rsa_sigalgs
For NO_RSA, don't advertise support for RSA.
2023-05-31 13:41:56 -06:00
jordan 1bdd1cb157 Used codespell and fixed obvious typos in src and wolfssl. 2023-05-30 11:36:43 -05:00
Anthony Hu ea6155c924 For NO_RSA, don't advertise support for RSA. 2023-05-30 12:34:23 -04:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
Lealem Amedie 5613109fae Miscellaneous fixes for sanitizer 2023-05-23 13:51:46 -06:00
David Garske 0530ee774f Merge pull request #6418 from douzzer/20230517-linuxkm-benchmarks
20230517-linuxkm-benchmarks
2023-05-17 15:00:49 -07:00
Daniel Pouzzner 5aceae1d1c src/internal.c: fix for typo (identicalInnerCondition) in DoClientHello(). 2023-05-17 01:05:14 -05:00
JacobBarthelmeh 53ef26bf3a Merge pull request #6392 from rizlik/dtls13-fix-ch-epoch
DTLS v1.3: fix epoch 0 check on plaintext message
2023-05-16 10:07:14 -06:00
JacobBarthelmeh ea40176bee check for socket errors on SendAlert 2023-05-12 09:52:01 -07:00
Marco Oliverio 6c8811a737 dtls13: fix: check plaintext record header epoch is 0
In DTLS v1.3 the normal (plaintext) record header can be used only with
unprotected message (epoch == 0). Protected messages use the unified header.

Check this invariant using `IsAtLeastTLSv1_3` instead of `ssl->options.tls1_3`
because the latter is false before version negotiation.

In DTLSv1.2 the DTLS normal header is used for all the epoch, this check doesn't
interfere because:
1. the first CH's epoch must be zero in all DTLS versions
2. In case of downgrade after version negotiation `IsAtLeastTLSv1_3` is false
2023-05-10 13:54:25 +00:00
Sean Parkinson d2afe9e5e0 Memory usage improvements
ECC: make private key field 'k' able to be smaller when ALT_ECC_SIZE is
defined.
WOLFSSL_SMALL_STACK_CACHE: allocate temps using new macros.
2023-05-04 10:26:57 +10:00
JacobBarthelmeh 45c8796f7c Merge pull request #6355 from bandi13/minorBugfix
Should only move the index by the amount we wrote
2023-05-01 13:56:22 -06:00
Lealem Amedie 99b4ee50ba Fix uninitialized variable compiler warning 2023-04-28 13:58:29 -06:00
Andras Fekete 1522155892 Should only move the index by the amount we wrote 2023-04-28 14:08:15 -04:00
Juliusz Sosinowicz bf2c66a1cb Allow cert callback to override skipAddCA 2023-04-27 10:07:04 +02:00
JacobBarthelmeh 12cec5ec61 Merge pull request #6325 from SparkiDev/memusage_fix_4
Memory Usage fixes
2023-04-21 09:37:11 -06:00
tmael 1106e5ff0e TLS v1.3: Support a stateful ticket and test HAVE_EXT_CACHE (#5960)
* Add TLSv1.3 stateful support
Fix internal and external session cache

* session cache fixes

* Refactor

- implement wolfSSL_CTX_flush_sessions
- use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic
- add dtls to test_wolfSSL_CTX_add_session_ext
- DoClientTicket_ex does not modify ssl object
- only call session remove callback on:
  - timeout
  - session is being overwritten/removed from the cache

* Session fixes

- restore bogus ID on session duplicate
- don't evict on overwrite
- use memmove instead on memcpy as `ssl->session == session` is possible
- ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF
- use sessionID when altSessionID not present

* Session fixes

- DoClientTicketFinalize: always copy in the ID as teh altSessionID
- don't overwrite ex_data when overwriting cacheSession and cacheSession owns it

* Callback wants to retain a copy

* wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here

* test_wolfSSL_CTX_add_session_ext 

gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME

* TlsSessionIdIsValid: copy return can't be ignored

* Silence unused parameter

* test_wolfSSL_CTX_add_session_ext: handle async case

* Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE

* ssl.c: style fixes

* Add twcase_get_sessionCb_cleanup to free external cache

* Remove hard tab

* Correct build error in wolfSSL_CTX_flush_sessions

* Jenkins fixes:

- altSessionID only available with WOLFSSL_TICKET_HAVE_ID
- slim out psk_sess_free_cb_ctx

* Stateful dtls case has 2 accesses. Stateless just one.

* Add version numbering to hostap logs

* Import internal.h for test_wolfSSL_SESSION_get_ex_new_index

* wolfSSL_SetSession: don't check SslSessionCacheOff for session setting

* wolfSSL_SetSession: fully set expired session for OpenSSL compatibility

* wolfSSL_SetSession: check if setting same object

* AddSession: always populate the session object to allow re-use

* Add logging to wolfSSL_NewSession and wolfSSL_FreeSession

* Always setup session object

* Check if session has been setup before setting it

* Print errors in async test

* Make SetupSession available outside NO_SESSION_CACHE

* Review comments

* Fix ticBuf leak and TlsSessionIdIsValid logic

* Fix unmatched curly brackets

* TlsSessionIdIsValid: always need to check copy var

* TlsResumptionIsValid: set resume to FALSE default

* wolfSSL_SetSession: remove now variable since only used in one place

* Move internalCacheLookupOff into HAVE_EXT_CACHE block

---------

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2023-04-21 06:46:08 -07:00