Commit Graph

335 Commits

Author SHA1 Message Date
John Safranek 6dfef1400d Use the new APIs for HKDF extract with label. 2021-10-26 20:24:25 -05:00
John Safranek 7f64fc4efb Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-10-26 20:24:25 -05:00
Juliusz Sosinowicz 79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz 70901f0626 #257 2021-10-21 14:25:06 +02:00
Hideki Miyazaki 91cd2b1731 TLS 1.3 ServerHello additional fix for PR4439 in Static RSA case 2021-10-19 17:51:00 +09:00
David Garske 854512105f Merge pull request #4314 from SparkiDev/libkcapi
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
David Garske 9d2082f7e1 Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437)
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
Sean Parkinson 4473e9335e TLS 1.3: Check min downgrade when no extensions in ServerHello
TLS 1.3 ServerHello must have extensions, so server attempting to
downgrade, but min downgrade was not checked in that case.
2021-10-01 12:51:10 +10:00
Anthony Hu 0e80923fb3 Unit tests for post-quantum groups.
Also, fixes for the things they caught such as:

- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
  moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
  TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
  generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
  because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
Daniel Pouzzner 6d715130a2 linuxkm: cleanups and smallstack refactors related to WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED, associated linuxkm-SIMD-IRQ PR, and associated peer review:
smallstack refactors for wolfcrypt/src/rsa.c:wc_CheckProbablePrime_ex() and wolfcrypt/src/pwdbased.c:wc_PKCS12_PBKDF_ex();

add WARN_UNUSED_RESULT macro to types.h;

text format cleanup;

fix internal.c:LowResTimer() implementation.

refactor tls13.c:TimeNowInMilliseconds() for kernel 4.9 and 3.16 compat.

use ktime_get_coarse_real_ts64() only for kernel 5.x+.  in kernel 4.x, use its older form, current_kernel_time64(), and in 3.x, use getnstimeofday().

linuxkm/module_hooks.c: fix wolfssl_init() pie code to be compatible with kernel 4.4-;

fix allocate_wolfcrypt_irq_fpu_states() return codes to all be wolfcrypt codes, and in calling code, pass up that code (suggested by dgarske peer review).
2021-09-20 13:46:51 -05:00
Hideki Miyazaki 4d49ab6342 add store finished message on Tls13 (#4381)
* add to store finished message on Tls13

* addressed jenkins failure

* jenkins failures

sanity check for size before copying memory

* remove check of finishSz

* addressed review comments
2021-09-14 09:22:16 +10:00
David Garske 9b6cf56a6e Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335)
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
2021-09-01 09:28:24 +10:00
David Garske 2a6b8f4912 Merge pull request #4275 from JacobBarthelmeh/Compatibility-Layer
add set num tickets compat function
2021-08-30 09:26:49 -07:00
Sean Parkinson 0488caed4c Merge pull request #4346 from cconlon/verifyPostHandshake
TLS 1.3: add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
2021-08-30 09:47:23 +10:00
Chris Conlon 070029fd08 add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode 2021-08-27 14:49:47 -06:00
Kareem 9a438ce289 liboqs integration using keyshare/supported_groups extensions in TLS 1.3 2021-08-27 13:56:53 -04:00
Jacob Barthelmeh ff9fed08a3 fix count on number of tickets sent 2021-08-26 21:17:45 -06:00
Jacob Barthelmeh a52df87c8a adjust type for max tickets variable and number sent with WOLFSSL_TLS13_TICKET_BEFORE_FINISHED macro 2021-08-26 15:45:21 -06:00
David Garske 9898b5d82b Various spelling fixes. 2021-08-16 16:31:18 -07:00
Juliusz Sosinowicz 7dea1dcd39 OpenResty 1.13.6.2 and 1.19.3.1 support
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list

# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
David Garske 9c3502bea9 Merge pull request #4285 from haydenroche5/alerts
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
Hayden Roche fdc350fb52 Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
Hayden Roche ef5510cbcc During the handshake, make sure alerts are getting read on the client side in
the event of an error.
2021-08-09 14:26:53 -07:00
Elms d8a54e1a32 tls13: avoid buffer overflow with size check
For cases where a private key that is larger than the configured
maximum is passed.
2021-08-04 17:14:25 -07:00
JacobBarthelmeh 2479346f5c add set num tickets compat function 2021-08-02 23:47:53 +07:00
Sean Parkinson 9452c22653 Small configurations: get compiling
./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_SERVER

./configure --enable-psk -disable-rsa --disable-dh -disable-ecc
--disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-coding
--disable-filesystem CFLAGS=-DNO_WOLFSSL_CLIENT
2021-07-23 11:55:08 +10:00
JacobBarthelmeh 18399091ce Merge pull request #4012 from julek-wolfssl/haproxy
HaProxy 2.4-dev18 support
2021-07-14 15:46:04 +07:00
John Safranek b9dac74086 Merge pull request #4193 from JacobBarthelmeh/StaticAnalysisTests
Static analysis tests
2021-07-07 14:23:58 -07:00
JacobBarthelmeh 7b9d6a3f5e Merge pull request #3792 from TakayukiMatsuo/os_keylog
Add wolfSSL_CTX_set_keylog_callback
2021-07-07 15:34:33 +07:00
Juliusz Sosinowicz fc7533fe5e Code review changes 2021-07-06 16:14:25 +02:00
Juliusz Sosinowicz 1b6b16c2c3 HaProxy 2.4-dev18 support
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
2021-07-06 15:39:23 +02:00
Jacob Barthelmeh ae00b5acd0 some minor changes for unintialized and null infer reports 2021-07-06 14:13:45 +07:00
TakayukiMatsuo 5df0f7820a Add wolfSSL_CTX_set_keylog_callback 2021-07-03 14:51:23 +09:00
Hideki Miyazaki d576e3ef96 not send smaller versions than minimum downgradable version as supportedversion ext 2021-06-25 14:51:34 +09:00
Daniel Pouzzner 93dfb4c7f4 add outbound connection filtering support to libwolfssl, add wolfSentry support to the test client, and add wolfSentry JSON config file support to the test client and server using --wolfsentry-config.
also, add mygetopt_long() to wolfssl/test.h, and add --help and Japanese counterpart options to test client and server.
2021-06-17 20:05:40 -05:00
Eric Blankenhorn 8900d05167 Fix nonblocking ret value from crlIOCb 2021-06-15 15:31:29 -05:00
David Garske 2e4e65f518 Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
2021-06-11 14:12:12 -07:00
David Garske 624e150c7b Merge pull request #3827 from SparkiDev/tls13_psk_hash
TLS 1.3 PSK: use the hash algorithm to choose cipher suite
2021-06-10 06:59:40 -07:00
Sean Parkinson 56c317e1ab Merge pull request #4052 from elms/gcc11_fixes
fixes for gcc 11 compile and other whitespace
2021-06-10 15:51:04 +10:00
Sean Parkinson 7e0c372e4c TLS 1.3 PSK: use the hash algorithm to choose cipher suite
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH

Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
2021-06-10 09:55:27 +10:00
David Garske c6c7dfd5db Merge pull request #4053 from SparkiDev/cppcheck_fixes_6
cppcheck: fixes from reviewing report
2021-06-09 12:51:30 -07:00
Elms 5a54bb656b make macros for pragma to compile with gcc11 2021-06-08 19:20:20 -07:00
Sean Parkinson 8ee1dda2f9 Merge pull request #4001 from dgarske/time_long
Improve TLS v1.3 time rollover support and fixes for NO_ASN_TIME
2021-06-08 11:17:55 +10:00
Elms 7127dbeeec fixes for gcc 11 compile and other whitespace 2021-05-25 12:34:04 -07:00
Sean Parkinson 2c6285ccba cppcheck: fixes from reviewing report 2021-05-20 17:55:06 +10:00
David Garske 6c131e3e8b Fix off by 1 in rollover calculation. 2021-05-06 14:46:35 -07:00
toddouska 014bd21df0 Merge pull request #3983 from tmael/tls_down
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
David Garske f8ecd4b441 Fixes for building with NO_ASN_TIME. If used with TLS user must supply LowResTimer and TimeNowInMilliseconds. 2021-04-30 15:04:31 -07:00