Commit Graph

6592 Commits

Author SHA1 Message Date
David Garske 624aca80dc Merge pull request #5606 from julek-wolfssl/zd14813-cont
0 len sz is allowed
2022-09-20 09:49:17 -07:00
David Garske 73dbc873bd Merge pull request #5586 from julek-wolfssl/dtls-misc-security
Add missing minor security checks
2022-09-19 09:47:00 -07:00
Juliusz Sosinowicz 8ca4a6086e 0 len sz is allowed
In async mode, we always store all handshake messages before processing them. The server hello done message has a length of 0 but we still need to store it to process it.
2022-09-19 14:00:13 +02:00
Daniel Pouzzner ac0d7f4d84 src/internal.c:
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();

in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;

in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
2022-09-17 13:02:51 -05:00
Daniel Pouzzner 02cc7bf82e fix whitespace/linelength/indentation. 2022-09-17 12:53:37 -05:00
Chris Conlon e6bd6a94a0 Merge pull request #5521 from TakayukiMatsuo/clientverify 2022-09-16 16:55:38 -06:00
JacobBarthelmeh 7a728c0c48 Merge pull request #5569 from SparkiDev/kyber
Kyber: Add option to build Kyber API
2022-09-16 14:56:02 -06:00
JacobBarthelmeh c6f6086b15 Merge pull request #5576 from julek-wolfssl/dtls-windows
Fix build errors and warnings for MSVC with DTLS 1.3
2022-09-16 11:11:46 -06:00
Juliusz Sosinowicz 9ef10b5435 Check return of DtlsMsgCreateFragBucket() 2022-09-16 12:13:12 +02:00
Juliusz Sosinowicz 4b3f6ada8a Do not allow 0 size DtlsMsg 2022-09-15 16:18:24 +02:00
Juliusz Sosinowicz 1941fb2b35 Keep a separate drop counter for each epoch 2022-09-15 15:49:05 +02:00
Juliusz Sosinowicz 67473bac28 Code review fixes
- Mark old epochs as invalid so we don't attempt to decrypt with them
- Return a non-zero value if possible in unit tests
- Move Dtls13CheckAEADFailLimit to dtls13.c
- Reset state in processreply
2022-09-15 14:39:33 +02:00
Juliusz Sosinowicz 63ba2f7b8f TLS 1.3: Check maximum records encrypted with one key set 2022-09-15 12:17:46 +02:00
Juliusz Sosinowicz 4e9106c355 Enforce maximum amount of failed decryptions in DTLS 1.3 2022-09-15 12:17:46 +02:00
TakayukiMatsuo c7de58ebaf Add code to fallback to S/W if TSIP cannot handle 2022-09-15 11:16:37 +09:00
JacobBarthelmeh f21b021bb6 Merge pull request #5590 from SparkiDev/tlsx_symbol_fix
TLSX: function not used
2022-09-14 09:10:56 -06:00
JacobBarthelmeh 8b641df116 Merge pull request #5588 from SparkiDev/tls13_cs_fixes
TLSv1.3 cipher suites: fixes
2022-09-14 09:06:31 -06:00
Sean Parkinson e8d5cf9662 TLSX: function not used 2022-09-14 09:52:26 +10:00
Sean Parkinson 79d85f6c13 TLS cipher suite: improvements
wolfSSL_clear: check return from InitSSL_Suites() call.
TLS13: check ClientHello cipher suite length is even.
Silently remove duplicate cipher suites from user input.
Add tests of duplicate cipher suite removal.
2022-09-14 09:26:00 +10:00
JacobBarthelmeh 12ec2272d6 Merge pull request #5585 from icing/groups-key-share
wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements.
2022-09-13 10:36:25 -06:00
Anthony Hu bcf4dbe697 Changes inspired by Feedback from Sean.
Define WOLFSSL_HAVE_KYBER when HAVE_LIBOQS is defined.
Fix some misleading debug output.
Fix benchmarking logic.
2022-09-13 10:07:28 -04:00
Anthony Hu a2635be9e6 wolfCrypt support for external Kyber implementations (liboqs and pqm4) 2022-09-13 10:07:28 -04:00
Sean Parkinson 8c1e2c52e7 Kyber: Add option to build Kyber API
wolfSSL Kyber implementation not included.
Added tests and benchmarking.
2022-09-13 10:07:27 -04:00
Stefan Eissing 531f125925 Fix build without TLS13. 2022-09-13 11:18:27 +02:00
Stefan Eissing bebb686217 Fixes for different build scenarios:
- fix the type cast in SMALL_STACK builds
- only use new behviour when wolfSSL_set_groups() is available
2022-09-13 11:10:59 +02:00
Juliusz Sosinowicz 112fc540bb Fix build errors and warnings for MSVC with DTLS 1.3 2022-09-13 10:13:44 +02:00
Sean Parkinson 5e945f94b4 TLSv1.3 cipher suites: fixes
Handle multiple instances of the same cipher suite being in the server's
list.
Fix client order negotiation of cipher suite when doing pre-shared keys.
2022-09-13 17:25:11 +10:00
Sean Parkinson 38418b31f1 Merge pull request #5197 from JacobBarthelmeh/OCSP
RSA-PSS with OCSP and add simple OCSP response der verify test case
2022-09-13 15:10:00 +10:00
JacobBarthelmeh e867f0d312 Merge pull request #5574 from haydenroche5/ecc_nb_tls
Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
2022-09-12 16:24:00 -06:00
Stefan Eissing c6c4134542 wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements.
- Use wolfSSL API wolfSSL_set_groups() and wolfSSL_CTX_set_groups()
  to configure curves list
- This sets ssl->groups and ctx->groups accordingly and makes
  TLSX_KEY_SHARE generation respect the selection and precedence.
- Add tests in quic to assert the order of selections.
2022-09-12 14:31:58 +02:00
Sean Parkinson 375b9c1a59 TLS 1.3 Middle-Box compat: fix missing brace 2022-09-12 13:11:49 +10:00
JacobBarthelmeh fa6bc79f8b Merge pull request #5578 from douzzer/20220909-fixes
20220909-fixes
2022-09-09 16:37:35 -06:00
Daniel Pouzzner 0603031362 fix whitespace in wolfssl/wolfcrypt/settings.h;
fix bugprone-macro-parentheses in wolfssl/ssl.h;

fix pointerOutOfBounds and declaration-after-statement in src/internal.c DtlsMsgAssembleCompleteMessage().
2022-09-09 15:25:06 -05:00
JacobBarthelmeh 757a18ab7e Merge pull request #5496 from SKlimaRA/SKlimaRA/SetCipherListBytes
Support for setting cipher list with bytes
2022-09-09 13:42:51 -06:00
David Garske 23ba1e7e98 Minor cleanups. Gate these API's on OPENSSL_EXTRA or WOLFSSL_SET_CIPHER_BYTES to keep code size reduced. 2022-09-09 10:49:49 -07:00
JacobBarthelmeh 6526ffc5f8 Merge pull request #5567 from haydenroche5/hmac_sha1_fix
Fix HMAC compat layer function for SHA-1.
2022-09-09 09:45:21 -06:00
Juliusz Sosinowicz 0a1332c4df Additional checks for secure renegotiation 2022-09-09 15:33:27 +02:00
Hayden Roche 226a8b676d Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
This requires the async code.
2022-09-08 11:34:59 -07:00
David Garske 52653c654d Merge pull request #5571 from julek-wolfssl/sk-cmp-param-fix
Set correct types in wolfSSL_sk_*_new functions
2022-09-08 08:47:20 -07:00
David Garske 64376d4d9e Merge pull request #5555 from julek-wolfssl/dtls-fragment-buckets
Don't over-allocate memory for DTLS fragments
2022-09-08 07:46:04 -07:00
Juliusz Sosinowicz 28af88788a Set correct types in wolfSSL_sk_*_new functions
- Use WOLF_SK_COMPARE_CB() to generate the correct types instead of using void* for the callback parameters.
- Remove WOLFSSL_STACK.comp entirely since it is not used anywhere. Ignore input parameters that used to set this member.
2022-09-08 11:55:32 +02:00
Hayden Roche 18450eb94b Fix HMAC compat layer function for SHA-1.
This function would only accept the string "SHA" for SHA-1-based HMAC, but it
should also accept "SHA1." This is similar to how wolfSSL_EVP_get_digestbyname
allows both "SHA" and "SHA1." We didn't have a test for this in api.c. I added
one, and it failed before my fix here.
2022-09-07 15:25:31 -07:00
Juliusz Sosinowicz 28895ed0cd Use a union and struct for padding in DtlsFragBucket
Zero length arrays are not allowed so `byte padding[0]` is not a valid member. Changed to use a union and struct instead.
2022-09-07 13:04:26 +02:00
Juliusz Sosinowicz 8bf3e0829e Don't over-allocate memory for DTLS fragments
Don't reserve the full message length of memory. Instead we only allocate memory for the fragments that we have already received. We also dynamically combine memory fragments when we receive overlap.
2022-09-07 13:04:06 +02:00
David Garske d72b401e8e Merge pull request #5545 from icing/evp_chacha
Add ChaCha20 as available cipher in the EVP API.
2022-09-06 10:42:54 -07:00
David Garske e2de8f3b6c Merge pull request #5554 from rizlik/dtls_cid_fix
fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest
2022-09-06 09:28:25 -07:00
Stefan Eissing 9f47999002 Add ChaCha20 as available cipher in the EVP API.
- wire the wc_ChaCha_* implementation into the EVP API
  as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
  CHACHA20_POLY1305 has been negotiated in the handshake.
2022-09-06 10:06:02 +02:00
David Garske 483d7189c7 Merge pull request #5512 from SparkiDev/tls13_64bit_milli
Make time in milliseconds 64-bits
2022-09-05 16:19:03 -07:00
Sean Parkinson e7dbb5b375 Merge pull request #5548 from dgarske/whitespace
Whitespace cleanup
2022-09-06 07:54:29 +10:00
Marco Oliverio aee81764f2 fix: dtls13: do not negotiate ConnectionID in HelloRetryRequest 2022-09-05 17:00:09 +02:00