Commit Graph

7002 Commits

Author SHA1 Message Date
JacobBarthelmeh 7e8d027a17 Merge pull request #6217 from douzzer/20230321-fixes
20230321-fixes
2023-03-22 10:23:07 -06:00
Daniel Pouzzner 49cd3ff872 wolfssl/internal.h: fixes for -Wpedantic "redefinition of typedef" around typedef ... TLSX and Options;
src/internal.c: fix for -Wdeclaration-after-statement and clang-diagnostic-unreachable-code-break;

tests/api.c: fix for -Wunused-variable and clang-analyzer-deadcode.DeadStores;

olfcrypt/src/pkcs12.c: fixes for cppcheck uselessAssignmentPtrArg and arrayIndexThenCheck, and clang-tidy clang-analyzer-deadcode.DeadStores and clang-analyzer-core.NonNullParamChecker;

wolfssl/src/tls.c: fix for clang-analyzer-deadcode.DeadStores;

wolfcrypt/src/tfm.c: fix for clang-diagnostic-newline-eof;

src/tls13.c: fix for clang-analyzer-core.NonNullParamChecker.
2023-03-21 22:52:56 -05:00
JacobBarthelmeh 147395476f Merge pull request #6213 from SparkiDev/regression_fixes_6
Regression testing fixes
2023-03-21 20:17:30 -06:00
Sean Parkinson 9ec742b11f Regression testing fixes
HAVE_ECH only used by TLS 1.3 add protection around all code.
ssl->options.onlyPskDheKe only available when HAVE_SUPPORTED_CURVES.
CleanupClientTickets() defined when HAVE_SUPPORTED_CURVES.
TLSX_KeyShare_DeriveSecret only defined when HAVE_SUPPORTED_CURVES.
DecodeResponseData - initialize variable single.
New OpenSSL compatibility BN code requires mp_read_radix - turn on in
integer.c, sp_int.c when OPENSSL_EXTRA defined.
rsa.c:_CheckProbablePrime - make sure tmp1 and tmp2 are initialized
before error handling jumps to freeing them.

test_remove_hs_message uses 1024-bit DH key which is not supported when
using SP math with SP.
2023-03-22 08:57:20 +10:00
JacobBarthelmeh 2af55903c5 Merge pull request #6187 from SparkiDev/tls13_server_id
Server ID - long id, TLS 1.3 - cache client session for tickets
2023-03-21 16:48:05 -06:00
Sean Parkinson 17e20b8c36 Server ID - long id, TLS 1.3 - cache client session for tickets
Long server IDs were being truncated. Hash long IDs instead.
TLS 1.3 session ticket on client side no longer added session to client
cache. Explicit call added.
2023-03-21 15:29:07 +10:00
Marco Oliverio 84d8245e58 internal: move SendAlerts outside of GetRecordHeader
This will give a chance to DTLS logic to ignore an error.
2023-03-20 10:50:00 +00:00
Marco Oliverio aabd665e73 SendAlert: propagate return error in non-fatal SendAlert 2023-03-20 10:50:00 +00:00
JacobBarthelmeh 327692b09f Merge pull request #6200 from kareem-wolfssl/zd15324_2
Fix IAR warnings.
2023-03-17 15:04:35 -06:00
JacobBarthelmeh 9c3cfab328 Merge pull request #6196 from bandi13/zd15783
OCSP_CERT_UNKNOWN
2023-03-17 14:33:57 -06:00
JacobBarthelmeh 06d970c999 Merge pull request #6181 from kareem-wolfssl/zd15767
Fix not ignoring date errors when VERIFY_SKIP_DATE is set
2023-03-17 10:53:41 -06:00
Kareem 5126dc87e6 Fix IAR warnings. 2023-03-16 15:46:41 -07:00
Kareem cc51b2d52e Add additional fix for absolute URN issue from PR #5964 and add test. 2023-03-16 14:56:44 -07:00
JacobBarthelmeh fb6f2d1790 cast on input of XISALNUM 2023-03-15 15:43:28 -07:00
Andras Fekete 69024d121f Revert change 2023-03-15 10:16:34 -04:00
Andras Fekete 682354628b Better return value 2023-03-15 09:58:39 -04:00
Andras Fekete 1967375ea5 Pass up the error 2023-03-14 18:11:00 -04:00
Andras Fekete c6e7ea685e Add in CERT_UNKNOWN detection 2023-03-14 18:09:45 -04:00
Sean Parkinson a268222167 Merge pull request #6169 from rizlik/wssl-alerts
Wssl alerts
2023-03-15 07:48:57 +10:00
Marco Oliverio 4227f763a8 ssl: send alert on bad psk 2023-03-14 09:27:19 +00:00
Marco Oliverio 7b53baea62 refactor: more centralized extra alerts
on handshake messages' errors:

- don't send alerts on WANT_READ, WANT_WRITE and WC_PENDING_E "errors"
- use return error code to decide which alert description
  to send
- use alert description handshake_failure in the general case
- if a fatal alert was already sent, do not send any new alerts. This allow
  a more specific alert description in case the exact description can't be
  derived from the return code
2023-03-14 09:27:18 +00:00
Marco Oliverio f666a7d4b7 internal.c: fix fall_through compilation issues
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
  345 |                 #define FALL_THROUGH ; __attribute__ ((fallthrough))

In file included from ./wolfssl/internal.h:27,
                 from src/internal.c:92:
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
  345 |                 #define FALL_THROUGH ; __attribute__ ((fallthrough))
2023-03-14 09:27:18 +00:00
JacobBarthelmeh d7cd7bc256 adjust guards around PreSharedKey structure for non tls13 builds 2023-03-13 14:47:25 -07:00
Juliusz Sosinowicz 4c7aa5c8dd Address code review 2023-03-09 19:00:25 +01:00
Juliusz Sosinowicz 335722c586 Async fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz f5f67f43d7 Reset DTLS sequence number 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz a432502a98 Refactor sequence number reset for DTLS into one function 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz db1f199a11 Add comment about keyshare negotiation 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz cbedae2f55 This path in TLSX_KeyShare_Choose should not be taken normally 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 06749144d5 Add RFC link to help understand constraints 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz f2032e8744 Clear decrypted ticket that failed checks in DoClientTicket_ex 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz b0d7656ad2 Rebase fixes 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 61c2059cd9 Differentiate between empty and missing extension 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 5f39c594aa TLS 1.3: hold decrypted ticket to check which ciphersuite matches
DTLS 1.3: Move stateless ticket decoding to FindPskSuiteFromExt
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 8c08dbb6ce Adding checks for SigAlgs, KeyShare, and Supported Groups 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 2bbdf6979a Reuse ReadVector16 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz de6ed96feb CopyExtensions -> CopySupportedGroup 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 5f65752414 Refactor alerts into one location
Remove previous stateless code. Now all DTLS 1.3 stateless handling is done in dtls.c
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 51a384eba5 Read cookie extension into separate field 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 5b0903a82d Missing casts 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz b5e7761e58 For DTLS 1.3 use PSK for ticket
Resumption info is also necessary when WOLFSSL_DTLS_NO_HVR_ON_RESUME is not defined.
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 969c610ef7 Fix unused variable 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 57dccc4cf4 Calculate cookie in SendStatelessReplyDtls13()
Not touching ssl->hsHashes while in stateless mode
2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz c15043b191 Refactor SendStatelessReply 1.3 branch into new function 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz 2f31cdef69 Re-create hs header for hash 2023-03-07 12:04:54 +01:00
Juliusz Sosinowicz aa9dcca624 Rebase and Jenkins fixes 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz a999909969 Use PSK callback to get the ciphersuite to use
- Allocate additional byte in TLSX_PreSharedKey_New for null terminator
2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz 6160f93f94 Fix Jenkins errors 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz 7dfa96a729 Define usePSK when ext is present 2023-03-07 12:02:54 +01:00
Juliusz Sosinowicz 984d709db0 dtls 1.3: Stateless ClientHello parsing 2023-03-07 12:02:54 +01:00