Commit Graph

169 Commits

Author SHA1 Message Date
Daniel Pouzzner c81c9be9ce error code fixes:
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
Daniel Pouzzner 806df85477 backfill more missing WC_NO_ERR_TRACE()s on error code operands, and refactor away the obsolete GEN_MEM_ERR macro mechanism in wolfcrypt/src/ecc.c. 2024-09-03 17:44:11 -05:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
Juliusz Sosinowicz a6a40de249 init sssd support
- Refactor OCSP to separate IO callback
- wolfSSL_BIO_reset: fix return
- CheckCertCRL_ex: return CRL_CERT_DATE_ERR instead of ASN_AFTER_DATE_E
- CheckCertCRL_ex: return most relevant error code
- i2d/d2i APIs: correct parameters handling and return codes
- Custom ASN1 structures: major refactor to make it much more versatile
- Use WOLFSSL_ASSERT_SIZEOF_GE where applicable
- wolfSSL_EVP_SignFinal: implement ecc
- wolfSSL_EVP_VerifyFinal: implement ecc
- OBJ_NAME_do_all: bring closer to OpenSSL functionality
- Correct return of *_push api
- Implement:
  - OCSP_REQ_CTX API
  - d2i_ECPKParameters
  - wolfSSL_sk_insert
  - OCSP_parse_url
  - X509_STORE_set1_param
  - X509_get0_subject_key_id
  - X509_OBJECT_retrieve_by_subject
  - OCSP_sendreq_nbio
2024-08-16 17:22:41 +02:00
Andras Fekete d350ba6c41 remove NULL test with XFREE arguments with dereference 2024-08-06 10:44:59 -04:00
David Garske f9dc5e9f4d Fixes for uses of deprecated sprintf. If C89 remap XSNPRINTF to use sprintf. 2024-07-29 14:03:44 -07:00
David Garske 575df43889 Merge pull request #7768 from JacobBarthelmeh/copyright
update copyright to 2024
2024-07-19 14:27:39 -07:00
Daniel Pouzzner 787397b28e src/bio.c and related:
* refactor WOLFSSL_BIO.num and WOLFSSL_BIO.ptr as unions, for clarity and bug resistance (no functional changes).

* in wolfSSL_BIO_free(), add WOLFSSL_BIO_DGRAM to the test for closing bio->num.fd, fixing a descriptor leak.

* use SOCKET_INVALID consistently as the invalid value for WOLFSSL_BIO.num.fd, and use SOCKET_T consistently as the internal type for file descriptors.

* move the definitions for SOCKET_T and SOCKET_INVALID from wolfio.h to the filesystem section of wc_port.h, and allow override definitions of SOCKET_T.

detected and tested with wolfssl-multi-test.sh ... pq-hybrid-all-rpk-valgrind-unittest. also tested with wolfssl-multi-test.sh ... super-quick-check.
2024-07-19 14:50:26 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
Daniel Pouzzner ee7748f2e3 PR7648 20240418-exosip-apis peer review:
* tweak typography;
* move wolfSSL_i2d_X509_PUBKEY() from ssl.c to x509.c;
* in asn.h, add !NO_ASN_OLD_TYPE_NAMES macros to remap old names (ISSUER, SUBJECT, BEFORE, AFTER) by default unless the macros are already defined.
2024-07-16 19:12:19 -05:00
Daniel Pouzzner 9023aeef75 BIO/wolfio: refactor TranslateReturnCode(), wolfSSL_LastError(), and TranslateIoError() into complete+consistent wolfSSL_LastError() and TranslateIoReturnCode(), handling all special cases correctly, and correctly returning WOLFSSL_CBIO_ERR_WANT_WRITE and WOLFSSL_CBIO_ERR_TIMEOUT. use TranslateIoReturnCode() directly in wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), wolfIO_SendTo(), and remove now-superfluous TranslateIoError() calls from EmbedReceive(), EmbedSend(), EmbedReceiveFrom(), EmbedSendTo(), EmbedReceiveFromMcast(). 2024-07-16 19:12:19 -05:00
Daniel Pouzzner 5298039d09 fixes from peer review: move OS-specific code from wolfSSL_BIO_read() and wolfSSL_BIO_write() to wolfIO_Recv(), wolfIO_Send(), wolfIO_RecvFrom(), and wolfIO_SendTo(); add SOCKET_ETIMEDOUT definitions to wolfio.h; misc cleanups. 2024-07-16 19:12:19 -05:00
Daniel Pouzzner 0c1163f01f src/bio.c: restore inadvertently removed update of bio->connected in wolfSSL_BIO_ctrl() case BIO_CTRL_DGRAM_SET_CONNECTED. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 1159fc333f src/bio.c: in wolfSSL_BIO_ADDR_size(), add missing gate on HAVE_SYS_UN_H for AF_UNIX. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 51c49b678e src/bio.c: fix gating for WOLFSSL_BIO_DGRAM handling. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 0a928ead3f address peer review around WOLFSSL_HAVE_BIO_ADDR:
refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate;

add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM;

refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer;

add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations;

enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL.
2024-07-16 19:12:18 -05:00
Daniel Pouzzner 2d370f3e4e wolfSSL_BIO_read(): return MEMORY_E if wolfSSL_BIO_ADDR_new() fails. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 7216a543dd checkpoint: complete test_wolfSSL_BIO_datagram(); fix some WOLFSSL_HAVE_BIO_ADDR gates to also gate on WOLFSSL_DTLS and OPENSSL_EXTRA; use DTLS_RECVFROM_FUNCTION, DTLS_SENDTO_FUNCTION, SOCKET_T, SOCKADDR, SOCKADDR_IN, and SOCKADDR_IN6 macros and types, and add SOCKADDR_UN type. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner bd7f7c8bdf checkpoint: add wolfSSL_BIO_ADDR_free to wolfSSL_BIO_free(); tweak EXPECT_SUCCESS() to tolerate TEST_SKIPPED; add WIP test_wolfSSL_BIO_datagram. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 29ec038aa6 checkpoint: add WOLFSSL_BIO_ADDR, wolfSSL_BIO_ADDR_new(), wolfSSL_BIO_ADDR_free(), wolfSSL_BIO_ADDR_clear(), wolfIO_SendTo(), wolfIO_RecvFrom(); fix name of wolfSSL_BIO_s_datagram(). 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 08940866c3 checkpoint progress: add macro definitions for BIO_CTRL_DGRAM_SET_CONNECTED, BIO_CTRL_DGRAM_SET_PEER, WOLFSSL_MULTI_LABEL_WILDCARDS, WOLFSSL_MULTI_LABEL_WILDCARDS, NID_id_GostR3410_2001, NID_id_GostR3410_2012_256, NID_id_GostR3410_2012_512; fix flag arithmetic in wolfSSL_X509_check_host(); add compat macros for i2d_X509_PUBKEY, BIO_new_dgram. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 3f921e0a32 checkpoint progress: add wolfSSL_BIO_s_dgram, wolfSSL_BIO_new_dgram, WOLFSSL_BIO_DGRAM, and remove now-duplicate prototype and definition of wolfSSL_X509_STORE_get0_param. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner 1e7810153f add wolfSSL_set_rbio, wolfSSL_set_wbio, wolfSSL_BIO_number_read, wolfSSL_BIO_number_written, and compat layer shim macros SSL_set0_rbio, SSL_set0_wbio, BIO_number_read, BIO_number_written, BIO_reset. 2024-07-16 19:12:18 -05:00
Daniel Pouzzner b3e8f0ad24 add --enable-debug-trace-errcodes, WOLFSSL_DEBUG_TRACE_ERROR_CODES, WC_ERR_TRACE(), WC_NO_ERR_TRACE(), support/gen-debug-trace-error-codes.sh. also add numerous deployments of WC_NO_ERR_TRACE() to inhibit frivolous/misleading errcode traces when -DWOLFSSL_DEBUG_TRACE_ERROR_CODES. 2024-06-08 16:39:53 -05:00
Daniel Pouzzner ac5cabaac9 fixes for USE_WINDOWS_API && !NO_FILESYSTEM && !NO_WOLFSSL_DIR:
* in wc_port.h, add XWRITE and XREAD definitions and include <io.h>;
* in wolfSSL_BIO_read(), implement Windows support for XREAD and XWRITE;
* in wolfSSL_BIO_write_filename(), add 'b' flag to XFOPEN flags;
* in wolfSSL_RAND_file_name(), add support for XALTHOMEVARNAME, and add Windows definition for it to wc_port.h alongside XWRITE and XREAD.

fixes test_wolfSSL_BIO, test_wolfSSL_X509_print, test_wolfSSL_RAND, test_wolfSSL_RSA_print in cross-mingw-all-crypto scenario.
2024-06-06 17:14:12 -05:00
Juliusz Sosinowicz d9f7629296 Add grpc support
- Fix BIO_BIO type
  - Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
  - Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
  - X509_CRL_dup
  - ASN1_UTCTIME_set
  - X509_STORE_CTX_get0_param
  - X509_STORE_get0_param
  - X509_STORE_set_verify_cb
  - X509_STORE_set_get_crl
  - X509_set1_notAfter
  - X509_set1_notBefore
2024-05-16 18:20:53 +02:00
Andras Fekete a59a3d109f Explicit cast 2024-05-14 11:03:20 -04:00
Juliusz Sosinowicz 4f1d777090 BIO_BIO: BIO_{write|read} on a BIO pair should wrap around ring buffer
- BIO_nread0 should return 0 when no data to read and -2 when not initialized
2024-01-25 13:46:45 +01:00
Juliusz Sosinowicz 7ba00f3b84 Initialize BIO methods at compile time 2023-08-09 16:23:46 +02:00
Kareem 56328d845a Hitch code review feedback. 2023-07-10 10:06:12 -07:00
Kareem e871b1c04d Add hitch support to wolfSSL.
Add support for cipher aliases DHE, EDH and EECDH.

Add define SSL_CTRL_GET_CHAIN_CERTS to help hitch and other programs detect SSL_CTX_get0_chain_certs is supported.

Add wolfSSL_get_locking_callback.

Allow using ECDHE+RSA cipher suites when ECDHE alias is used while in OpenSSL compatibility mode.

Add more alerts for hitch.

SSL_CM should use the CTX's x509_store_pt if available.

Add support for SSL_CERT_FILE and SSL_CERT_DIR.  Load default OpenSSL TLS 1.3 ciphers when using OPENSSL_COMPATIBLE_DEFAULTS.

Use wolfSSL_sk_X509_new_null to allocate WOLFSSL_STACK in wolfSSL_CTX_get_extra_chain_certs.  Previous approach of malloc'ing without setting type/memsetting was leading to a segfault.

Add --enable-hitch.

hitch: Add unit tests for new APIs, fix a couple of issues uncovered by unit testing.

Correct behavior of wolfSSL_BIO_set_mem_buf for BIO_CLOSE/NOCLOSE and update unit test accordingly.

Add Github action test for hitch.
2023-07-10 10:06:10 -07:00
Sean Parkinson 578f56e60c Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.

internal.c:
  InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error

ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
  wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
  SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()

asn.c:
  wc_MIME_parse_headers(): check allocation succeeded into nextHdr

compress.c:
  wc_DeCompressDynamic(): free tmp on inflateInit2 failure

memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined

wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
2023-06-27 08:01:33 +10:00
JacobBarthelmeh 14990ad92d set return bio to null after free on error 2023-06-07 15:05:52 -06:00
JacobBarthelmeh 8583cc65fa Merge pull request #6471 from SparkiDev/tests_api_expect_3
Test api.c: change more tests to use Expect instead of Assert
2023-06-07 11:22:23 -06:00
Sean Parkinson ed01b14356 cppcheck: fixes from scan
wolfssl_sce_unit_test.c:
  sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
  wolfSSL_i2t_ASN1_OBJECT(): done is not needed
  MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
  Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
  KcapiRsa_Decrypt(): fix ret check by using else
  KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
  KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
  XFREE checks for NULL

Reduce scope of varialbes.
Condition same.
2023-06-07 17:27:51 +10:00
Sean Parkinson e542e51d9f Test api.c: change more tests to use Expect instead of Assert
bio.c:
  wolfSSL_BIO_push(): handles NULL for top and append.

crl.c:
InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation
fails.
  AddCRL(): free CRL entry properly on error.
wolfSSL_X509_STORE_add_crl(): check for NULL after
wolfSSL_X509_crl_new call.

ssl.c:
wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get
pushed onto stack
  wolfSSL_RAND_Init(): returns success if global already initialized.

ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA
defined for function wolfssl_dns_entry_othername_to_gn().

x509.c:
Added support for creating a valid General Name of type GEN_OTHERNAME.
Extracted some code out into wolfssl_x509_alt_names_to_gn().
  wolfSSL_X509_set_ext(): free data correctly on errors
wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be
retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when
returning NULL.
wolfSSL_X509_NAME_copy(): check for failure when
wolfSSL_X509_NAME_add_entry() is called.

x509_str.c:
wolfSSL_X509_STORE_CTX_new(): check for error from calling
wolfSSL_X509_STORE_CTX_init().
wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory
correctly on error
2023-06-07 14:10:42 +10:00
Sean Parkinson 541ea51ad5 Tests api.c: rework for malloc failure testing
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.

bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
2023-05-30 12:01:21 +10:00
Daniel Pouzzner dcc8b5d7d5 eliminate XREWIND() macro, add XSEEK_SET definitions, and refactor all XREWIND()s to XFSEEK()s, to fix clang-tidy-17 bugprone-unsafe-functions warning on rewind();
add BENCH_DEVID_COLUMN_HEADER in wolfcrypt/benchmark/benchmark.c:bench_stats_sym_finish() to resolve clang-diagnostic-embedded-directive.
2023-04-05 20:28:51 -05:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
David Garske fc6d693dae Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of SSL_SUCCESS and SSL_FAILURE. Add WOLFSSL_DEBUG_NONBLOCK option to allow printing iterations without debug enabled. 2023-02-21 12:02:15 -08:00
tmael c4fa013800 Fix for BIO_reset() (#5887)
* Fix for BIO_reset
* Introduced BIO_FLAGS_MEM_RDONLY
2023-02-14 08:54:25 -08:00
Sean Parkinson f6da3a26ac Ref counting: rework for static analysers
When always reference counting APIs always return 0 don't check return
value for error.
Reference decrement set isZero to false on error.
2023-02-03 10:13:32 +10:00
Sean Parkinson 53dfcd00e2 Ref count: change to use wolfSSL_Ref
Data structures changed:
WOLFSSL_CERT_MANAGER, WOLFSSL_CTX, WOLFSSL_SESSION, WOLFSSL_X509,
WOLFSSL_X509, WOLFSSL_EVP_PKEY, WOLFSSL_BIO, WOLFSSL_X509_STORE
2023-01-23 16:29:12 +10:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
jordan 246ce8dbe1 Cleanup spaces. 2022-12-06 15:24:34 -06:00
jordan 87113cc88d Fix mingw-w64 build issues on windows. 2022-12-03 17:00:44 -06:00
Sean Parkinson e68c7bb74d Move file and BIO reading out to ssl_misc.c 2022-10-26 10:28:20 +10:00
JacobBarthelmeh 1e673aee3b scan-build warning fix 2022-08-26 16:29:11 -07:00
Eric Blankenhorn 3d8562f07b Fixes for build and runtime issues 2022-08-19 08:12:04 -05:00
Juliusz Sosinowicz 6f2889c07d BIO_eof returns 1 when no more data remains in the BIO 2022-07-22 13:24:32 +02:00