Commit Graph

6917 Commits

Author SHA1 Message Date
kaleb-himes b2caa5c5ae Fix invalid PP macro logic, guard under same conditions as internal.h 2023-02-16 14:40:43 -07:00
David Garske 464c2d19dc Merge pull request #6006 from SparkiDev/tls13_only_psk_dhe_ke
TLS 1.3 PSK: add option to require only PSK with DHE
2023-02-15 21:10:27 -08:00
Daniel Pouzzner 859b1ff398 Merge pull request #6093 from dgarske/fix_async
Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR`
2023-02-15 19:49:56 -06:00
Sean Parkinson aaed553311 Merge pull request #6092 from dgarske/various
Various cleanups (STM docs, include case, make dist small script)
2023-02-16 11:23:51 +10:00
Sean Parkinson b624fc8377 TLS 1.3 PSK: add option to require only PSK with DHE
Can specify only PSK without DHE.
Add only PSK with DHE.
2023-02-16 09:21:29 +10:00
David Garske e8a26c673a Fix for async with WOLFSSL_CHECK_ALERT_ON_ERR. 2023-02-15 14:57:34 -08:00
David Garske 5481a059c4 Fix wincrypt.h include header case when used with case sensitive file system. 2023-02-15 11:44:34 -08:00
David Garske 6ea3fe2f7a Merge pull request #6089 from kaleb-himes/stunnel-5_67_support_fix
Fix unused variable warning when configuring with --enable-apachehttpd
2023-02-15 08:39:30 -08:00
Daniel Pouzzner ca87a99646 src/ssl.c and src/x509.c: use the customary function pointers (WOLFSSL_CRYPTO_EX_*()), not void *, in the arg lists of wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index(), to avoid "ISO C forbids passing argument ... between function pointer and ‘void *’";
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;

properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
2023-02-14 19:28:40 -06:00
kaleb-himes 2719943ffd Fix unused variable warning when configuring with --enable-apachehttpd 2023-02-14 14:25:57 -07:00
Juliusz Sosinowicz 0cedc4e1ac stunnel 5.67 support (#6020)
* stunnel 5.67 support

- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
  - Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
  - Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION

* Upref the session for stunnel instead of duplicating it

* Add small stack option for wolfSSL_parse_cipher_list
2023-02-14 09:38:28 -08:00
tmael c4fa013800 Fix for BIO_reset() (#5887)
* Fix for BIO_reset
* Introduced BIO_FLAGS_MEM_RDONLY
2023-02-14 08:54:25 -08:00
Sean Parkinson 2fe34facba Merge pull request #6084 from philljj/zd15607
Check keyLen matches cipher in wolfSSL_CMAC_Init.
2023-02-14 12:51:20 +10:00
David Garske 405b98aaa4 Merge pull request #6078 from SparkiDev/rsapss_openssl_compat
X509 RSA PSS: fixes for OpenSSL compat layer
2023-02-13 08:43:10 -08:00
jordan 909aa86d2d Check keyLen matches cipher in wolfSSL_CMAC_Init.
Fixes ZD15607.
2023-02-12 18:26:40 -06:00
tmael 55a7e24cfe Support pthread_rwlock (#5952)
* Support rwlock

* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE

* Implement read lock

- Use read lock for the SessionCache
- Don't copy the

* TLS 1.3: Don't push ticket to cache if we don't retrieve from it

* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER

* Implement explicit rwlocks

- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.

* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock

* condLock not necessary after all

* Use configure.ac to check for pthread_rwlock_destroy support

* Can't include config.h in wc_port.h as that breaks make distcheck

* Check for pthread_rwlock_t to determine if rwlock is available

* Code review

---------

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2023-02-10 10:42:38 -08:00
Sean Parkinson 9750fc4485 X509 RSA PSS: fixes for OpenSSL compat layer
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
2023-02-10 10:25:49 +10:00
Hideki Miyazaki d336e22b85 Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey (#6055)
* fix qt qsslkey unit test
2023-02-09 14:48:52 -08:00
David Garske 8929b31b84 Fix for possible uses of NULL in heap hint. The api.c has expected "bad" test cases where the key is passed in as NULL and the XFREE tries to use it. Tested with: ./configure --enable-asynccrypt --with-intelqa=../QAT1.8 --enable-all && make && sudo ./tests/unit.test 2023-02-09 10:18:37 -08:00
David Garske 05f8abd524 Merge pull request #6064 from embhorn/gh6063
Add WOLFSSL_IP_ALT_NAME to --enable-curl; fix unused error in FindPsk
2023-02-09 08:38:38 -08:00
Daniel Pouzzner 63fdc4e843 src/ssl.c: fix PK object on stack in wolfSSL_i2d_PublicKey(). 2023-02-08 21:30:50 -06:00
Daniel Pouzzner ef0eda4091 cleaner fix for bugprone-signed-char-misuse first addressed in 38c057a084. 2023-02-08 21:28:34 -06:00
John Bland e9aeb1a857 Add nuttx integration (#6043) 2023-02-08 16:04:53 -08:00
David Garske 7f9b764eb5 Merge pull request #6054 from anhu/d2i_publickey_fix
Ensure that i2d APIs for public keys gives appropriate data.
2023-02-08 14:44:29 -08:00
Anthony Hu 7a6ed68f2d Ensure that i2d APIs for public keys gives appropriate data. 2023-02-08 09:54:28 -05:00
jordan cc791a7a53 Spelling cleanup: configure.ac, ssl.c, ssl.h 2023-02-07 21:45:06 -06:00
Sean Parkinson 1912aaf91b EC OpenSSL compat: validate point after setting
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
2023-02-07 18:17:39 -05:00
Eric Blankenhorn 2539ba3f3d Add WOLFSSL_IP_ALT_NAME to --enable-curl; fix unused error in FindPsk 2023-02-07 15:51:09 -06:00
Sean Parkinson 92065b61b3 wolfSSL_EC_POINT_cmp: handle Jacobian ordinates
API support doesn't allow for a point to be in Jacobian ordinates.
wolfSSL_EC_POINT_add() has ordinates in Montgomery form.
When needed, compile with WOLFSSL_EC_POINT_CMP_JACOBIAN.
2023-02-07 11:02:50 +10:00
David Garske 2448adf68b Merge pull request #6051 from philljj/zd15531
Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
2023-02-06 12:46:21 -08:00
David Garske 8a212ec351 Merge pull request #6042 from SparkiDev/ec_point_set
EC OpenSSL compat: validate point after setting
2023-02-06 07:14:19 -08:00
Sean Parkinson c9fefe660f EC OpenSSL compat: validate point after setting
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
2023-02-06 12:22:17 +10:00
David Garske a4ffe085a0 Merge pull request #6052 from rizlik/fix_ret_create
fix: propagate WOLFSSL_TICKET_RET_CREATE from DoDecryptTicket()
2023-02-03 17:32:26 -08:00
David Garske 1027c0667a Merge pull request #6049 from SparkiDev/sp_int_used_size
SP int: make used and size fields unsigned
2023-02-03 09:38:40 -08:00
Marco Oliverio a2bf82397a fix: propagate WOLFSSL_TICKET_RET_CREATE from DoDecryptTicket() 2023-02-03 17:33:24 +00:00
jordan f61dce8746 Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
Added mp_setneg for ZD#15531.
2023-02-03 08:51:46 -06:00
Sean Parkinson 3455e726f9 SP int: make used and size fields unsigned
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
2023-02-03 17:09:56 +10:00
David Garske ef266d7e0b Merge pull request #6047 from SparkiDev/refinc_ret_check
Ref counting: rework for static analysers
2023-02-02 18:46:34 -08:00
Sean Parkinson f6da3a26ac Ref counting: rework for static analysers
When always reference counting APIs always return 0 don't check return
value for error.
Reference decrement set isZero to false on error.
2023-02-03 10:13:32 +10:00
John Safranek ca999f932c SRTP Marshaling
1. Changed the loop over the SRTP setting bitfield when it is encoded
   for the TLS extension.
2023-02-02 14:51:12 -08:00
Sean Parkinson 447991a9c2 Merge pull request #5949 from JacobBarthelmeh/Testing
add pragram around sanity check for vcpkg build warning
2023-02-02 10:34:14 +10:00
Daniel Pouzzner 38c057a084 fix resource leak (missing calls to wc_AesFree()) in wolfSSL_EVP_CIPHER_CTX_cleanup();
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;

fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();

fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);

fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());

also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
2023-02-01 00:49:34 -06:00
David Garske 9defb9a356 Merge pull request #6035 from gojimmypi/PK_SSL_init_vars
Initialize `OPENSSL_ALL` local size / length / type vars
2023-01-31 09:09:18 -08:00
David Garske 934d8e274f Merge pull request #5926 from SparkiDev/openssl_ec_api_rework
EC OpenSSL compat: rework EC API
2023-01-31 09:08:26 -08:00
gojimmypi b10adae48f Initialize OPENSSL_ALL local size / length / type vars 2023-01-30 17:30:56 -08:00
Sean Parkinson 7691cd4b45 EC OpenSSL compat: rework EC API
Reworked the implementations of the EC APIs including:
wolfSSL_EC_curve, wolfSSL_EC_METHOD, wolfSSL_EC_GROUP,
wolfSSL_EC_POINT, wolfSSL_EC_KEY, wolfSSL_ECDSA_SIG, wolfSSL_ECDSA and
wolfSSL_ECDH.

Added support for EC parameters to PEM decoding.

EccEnumToNID() moved out of wolfCrypt - it maps NIDs defined in
wolfssl/openssl/ec.h to those in wolfssl/wolfcrypt/ecc.h.
Moved wc_OBJ_sn2nid() out of wolfCrypt - implementation uses
EccEnumToNID().

Changed reference counding to use wolfSSL_Ref.

Added tests to api.c that increase coverage of EC APIs.
2023-01-31 10:19:57 +10:00
Anthony Hu 242dcb0141 Closing and opening scope around case statement.
Related: ZD 15451
2023-01-30 13:45:03 -05:00
Sean Parkinson 53dfcd00e2 Ref count: change to use wolfSSL_Ref
Data structures changed:
WOLFSSL_CERT_MANAGER, WOLFSSL_CTX, WOLFSSL_SESSION, WOLFSSL_X509,
WOLFSSL_X509, WOLFSSL_EVP_PKEY, WOLFSSL_BIO, WOLFSSL_X509_STORE
2023-01-23 16:29:12 +10:00
Daniel Pouzzner aa776057ff fixes: shellcheck gripes on Docker/OpenWrt/runTests.sh; null pointer derefs and duplicate tests and assigns in src/tls.c and wolfcrypt/src/hpke.c found by cppcheck (nullPointerRedundantCheck, identicalInnerCondition, duplicateAssignExpression). 2023-01-21 00:51:57 -06:00
Daniel Pouzzner d711e4b9f8 Merge pull request #5995 from jpbland1/ech-no-recursion
stop ech from using a recursive function call
2023-01-20 23:47:22 -06:00