Commit Graph

2453 Commits

Author SHA1 Message Date
Daniel Pouzzner 9256d6aa7c src/internal.c: fixes for redundant assignments and preprocessor typo. 2022-07-27 14:42:00 -05:00
Sean Parkinson 01aad13c38 Rework 2022-07-27 12:02:15 +10:00
David Garske 9c480ece66 Fix to use the new outTmp. 2022-07-26 15:48:58 -07:00
Marco Oliverio 856ea2ffc8 internal.c: RsaDec improvements 2022-07-26 20:59:01 +02:00
Marco Oliverio 1727efbc2c internal.c: rsa decription buffer handling 2022-07-26 20:59:01 +02:00
David Garske a98642ba61 Merge pull request #5383 from julek-wolfssl/negating-ciphersuites
Expand SetCipherList()
2022-07-25 08:26:47 -07:00
Juliusz Sosinowicz e7cd1562b4 Expand SetCipherList()
- support disabling ciphersuites starting from the default list
2022-07-25 11:14:16 +02:00
Sean Parkinson dc8b796d1d Merge pull request #5347 from dgarske/async_sess_tick
Support for asynchronous session ticket callback
2022-07-22 08:04:48 +10:00
Marco Oliverio 53dde1dafe dtls12: async: store the message only if async is really used 2022-07-21 12:00:18 -07:00
Marco Oliverio dce63fdfb3 async: fix issue with DTLSv1.3 2022-07-21 12:00:16 -07:00
JacobBarthelmeh 1281d97b1e Merge pull request #5373 from haydenroche5/error_queue_fix
Fix backwards behavior for various wolfSSL_ERR* functions.
2022-07-21 09:35:21 -06:00
David Garske 8605195709 Support for asynchronous session ticket callback (can return WC_PENDING_E). Requires wolfAsyncCrypt support. ZD 14420. 2022-07-20 16:43:17 -07:00
David Garske 706ab6aac0 Merge pull request #5377 from kareem-wolfssl/rsaKeyEncipher
Don't require digital signature bit for static RSA cipher suites.  Make wolfSSL_CTX_clear_options available without OPENSSL_EXTRA.
2022-07-20 15:28:55 -07:00
Kareem 873890316c Don't require digital signature bit for static RSA cipher suites. 2022-07-20 12:08:20 -07:00
David Garske 1c7f64cce9 Fixes for sniffer session ticket resumption with TLS v1.2. ZD14531. 2022-07-20 11:18:19 -07:00
David Garske b46a308544 Merge pull request #5361 from embhorn/zd14491
Fix for build with NO_TLS
2022-07-20 09:28:23 -07:00
Hayden Roche e6da540fb3 Fix backwards behavior for various wolfSSL_ERR* functions.
wolfSSL_ERR_get_error and wolfSSL_ERR_peek_error_line_data should return the
earliest error in the queue (i.e. the error at the front), but prior to this
commit, they returned the latest/most recent one instead.

In DoAlert, we were adding an error to the queue for all alerts. However, a
close_notify isn't really an error. This commit makes it so DoAlert only adds
errors to the queue for non-close_notify alerts. In ReceiveData, similarly, we
were adding an error to the queue when the peer sent a close_notify, as
determined by ssl->error == ZERO_RETURN. Now, we don't add an error in this
case.
2022-07-20 08:56:48 -07:00
David Garske ab60865178 Merge pull request #5374 from julek-wolfssl/dtls-multiple-msgs
ShrinkInputBuffer should not be called in the middle of ProcessReply
2022-07-20 08:27:56 -07:00
David Garske 719e814841 Merge pull request #5370 from rizlik/dtls13_partial_read_fixes
dtlsv1.3 fixes
2022-07-20 08:03:29 -07:00
Marco Oliverio 6711756b03 dtls13: support stream-based medium
Don't assume that the underlying medium of DTLS provides the full message in a
single operation. This is usually true for message-based socket (eg. using UDP)
and false for stream-based socket (eg. using TCP).

Commit changes:

- Do not error out if we don't have the full message while parsing the header.
- Do not assume that the record header is still in the buffer when decrypting
  the message.
- Try to get more data if we didn't read the full DTLS header.
2022-07-20 14:53:07 +02:00
Juliusz Sosinowicz 40cb6e0853 ShrinkInputBuffer should not be called in the middle of ProcessReply 2022-07-20 11:57:48 +02:00
Jacob Barthelmeh 8eaa85e412 update copyright year to 2022 2022-07-19 10:44:31 -06:00
Eric Blankenhorn 8b904e9082 Fix for build with NO_TLS 2022-07-19 11:12:18 -05:00
Hayden Roche a1b7c29309 Make wolfSSL_(get|set)_options available outside compat layer.
Also make wolfSSL_CTX_get_options available.
2022-07-14 16:03:58 -07:00
Daniel Pouzzner ccc5952369 global fixup to check or explicitly ignore return values from failable library/system calls that weren't already being checked;
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";

tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;

wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);

unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");

sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
2022-07-11 22:28:09 -05:00
Daniel Pouzzner b952c2f777 src/internal.c: add codepath in _DtlsUpdateWindowGTSeq() to avoid a word32 overshift. 2022-07-07 19:36:20 -05:00
Juliusz Sosinowicz e295328436 Fix window handling around word32 boundary 2022-07-07 17:37:10 +02:00
John Safranek 8f3449ffea Refactor DTLS Window Update (Fix #5211)
1. Rename _DtlsUpdateWindow() as wolfSSL_Dtls_UpdateWindow() and make
   it public so it may be tested.
2. Rename the internal functions DtlsWindowUpdate(), DtlsWindowCheck(),
   and DtlsUpdateWindowGTSeq() as _DtlsWindowUpdate() and
   _DtlsWindowCheck(), and _DtlsUpdateWindowGTSeq().
3. When updating the DTLS sequence window, and the next sequence
   number (lo) wraps to zero, increment the next sequence number (hi)
   by 1.
4. Fix an off-by-one error that wrapped around when saving the
   packet sequence number in the bit-field window.
5. Adding a test for wolfSSL_DtlsUpdateWindow() function. With many test
   cases. It is set up in a table format with running check values.
6. Change location of incrementing the difference when calculating the
   location for setting the bit.
7. Updated the check of the sequence difference in the GT scenario.
8. In the DTLS window update functions remove newDiff and just use diff.
9. Handle the cases where the DTLS window crosses the high order word
   sequence number change.
10. Add a debug option to print out the state of the DTLS sequence number
   window.
2022-07-06 18:20:06 -07:00
David Garske b2d1bf96ed Merge pull request #5276 from rizlik/dtls13_client_downgrade
Dtls: improve version negotiation
2022-07-06 11:57:53 -07:00
David Garske a7fa7875e4 Merge pull request #5244 from julek-wolfssl/wpas-dpp
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
2022-07-06 11:35:52 -07:00
Marco Oliverio df7e81d187 dtls: support version negotiation 2022-07-06 16:18:44 +02:00
Marco Oliverio 8fe3f51ecb dtls13: client: recompute transcript hash on downgrade
If a lower version is negotiated, the transcript hash must be recomputed using
the <= v1.2 rules.
2022-07-06 16:18:44 +02:00
Marco Oliverio 5d74c49ecb dtls13: allow processing of HelloVerifyRequest to support downgrade
HelloVerifyRequest is used in DTLSv1.2 to perform a return routability check, so
it can be the legitim reply from a DTLSv1.2 server to a ClientHello.
2022-07-06 16:18:44 +02:00
Juliusz Sosinowicz 9b085a44be sessionSecretCb should only be called when a ticket is present 2022-07-06 15:08:57 +02:00
Juliusz Sosinowicz 20e5c98b2c Error out when server indicates resumption but does full handshake 2022-07-05 09:42:39 +02:00
Juliusz Sosinowicz fd7bf8d04d Do resuming check as soon as we get a non-resumption msg 2022-07-05 08:49:00 +02:00
David Garske 00391a5ace Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER". 2022-07-04 11:08:39 +02:00
Juliusz Sosinowicz c6aa4fc526 DTLS 1.3: allow the server to operate without maintaining state 2022-07-04 11:08:39 +02:00
Kareem 96aedc2f47 Fix SetCurve max sizes. Add fix for potentially uninitialized type in ProcessReplyEx. 2022-07-01 13:18:33 -07:00
David Garske 0459e83a59 Merge pull request #5310 from SparkiDev/memusage_fix_1
TLS memusage: reduce usage
2022-07-01 09:13:05 -07:00
Sean Parkinson 7d58dc5678 TLS memusage: reduce usage
Reduce the amount allocated to reduce maximum overall dynamic memory
usage.
Rework ServerKeyExchange by extracting the handling of the signed data.
2022-07-01 14:24:59 +10:00
Chris Conlon 867a1f7afa Merge pull request #5289 from TakayukiMatsuo/tls13 2022-06-30 15:49:53 -06:00
TakayukiMatsuo ba19737627 Add support for TLS1.3 2022-06-30 23:00:05 +09:00
Sean Parkinson 1ba9ea9759 Fix mismatched dynamic types 2022-06-30 13:00:57 +10:00
Sean Parkinson f2acaa8ee9 Merge pull request #5242 from SKlimaRA/SKlimaRA/strict-verification
zd14249
2022-06-30 08:19:42 +10:00
Stanislav Klima ce977e8c0b requested review changes 2 2022-06-24 15:37:10 +02:00
Stanislav Klima 7c827d3a82 requested review changes 2022-06-20 11:27:09 +02:00
Sean Parkinson 1b29f7353a Check memory is zeroized
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.

wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.

Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
2022-06-16 10:22:32 +10:00
David Garske fb704774a0 Merge pull request #4907 from rizlik/dtls13
DTLSv1.3 support
2022-06-15 13:57:02 -07:00
David Garske d9d8b7e2d8 Merge pull request #5245 from SparkiDev/force_zero
Memory zeroization fixes
2022-06-15 11:16:04 -07:00