Commit Graph

49 Commits

Author SHA1 Message Date
Reda Chouk ef4e11b016 add missing WOLFSSL_QUIC_MAX_RECORD_CAPACITY check on the early-data path in quic_record_make() and added a unit test for it 2026-04-14 12:43:19 +02:00
Juliusz Sosinowicz 8696d0d2d8 QuicTransportParam_new: update len check
F-431
2026-03-10 09:52:05 +01:00
Eric Blankenhorn 165c2cf017 Fix wolfSSL_get_peer_quic_transport_version 2026-03-04 15:26:59 -06:00
David Garske 1047aaa881 Merge pull request #9796 from JacobBarthelmeh/copyright
update Copyright year
2026-02-19 08:47:30 -08:00
Andrew Hutchings b7c3bbf101 Fixes to size checking
In `quic_record_transfer()`, the unsigned subtraction
`qr->end - qr->start` could wrap around if `end < start`, and the
subsequent `len <= 0` check was ineffective on a `word32`. Move the
comparison before the subtraction so the function returns `0` safely.

In `GetEchConfig()`, `XSTRLEN(config->publicName)` was assigned to a
single byte, silently truncating names longer than 255 characters while
`XMEMCPY` still copied the full string. Add a 255-byte length
validation in both `wolfSSL_CTX_GenerateEchConfig()` and
`GetEchConfig()`, and cache the length in a local variable to avoid
redundant `XSTRLEN` calls.
2026-02-18 18:01:33 +00:00
JacobBarthelmeh a156ed7bc7 update Copyright year 2026-02-18 09:52:21 -07:00
Andrew Hutchings 00de3f3918 Use XMEMSET instead of memset in QUIC 2026-02-17 10:36:47 +00:00
Juliusz Sosinowicz 3209d264b8 Improve TLS 1.3 early data handling.
Introduce `clientInEarlyData` to only return when in `wolfSSL_read_early_data`. This makes sure that other API don't return `ZERO_RETURN` when not in `wolfSSL_read_early_data`. Chose `APP_DATA_READY` as it won't result in a false positive return from `wolfSSL_read_early_data`.
2025-10-29 19:04:36 +01:00
effbiae 7a3db09ddd automated small stack compress 2025-10-11 11:40:30 +11:00
JacobBarthelmeh 629c5b4cf6 updating license from GPLv2 to GPLv3 2025-07-10 16:11:36 -06:00
David Garske 0f4ce03c28 Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384. 2025-05-05 14:36:36 -07:00
Daniel Pouzzner c401f5caf2 move the newly added wolfcrypt/src/wolfssl_sources.h to wolfssl/wolfcrypt/libwolfssl_sources.h, and likewise for wolfssl_sources_asm.h; revert changes to IDE/ project files. 2025-04-04 18:44:12 -05:00
Daniel Pouzzner 217440c885 Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
  sources to include them at the top.

  wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
  conditionally, config.h.  settings.h and wc_port.h are unconditionally
  included at the top of types.h.

  wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.

Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
  files.

Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
  wolfssl/wolfcrypt/settings.h to allow coverage testing.

In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
  them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.

Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.

Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
  for clarity.
2025-04-04 16:51:04 -05:00
Eric Blankenhorn 66ed35c910 Fix QUIC callback failure 2025-02-19 10:56:44 -06:00
JacobBarthelmeh 2c24291ed5 update copyright date 2025-01-21 09:55:03 -07:00
Juliusz Sosinowicz 88c6349837 quic_record_append: return correct code
0-return from quic_record_append is an error. `quic_record_complete(qr) || len == 0` is not an error condition. We should return as normal on success.

The issue is that passing in buffers with length 1 then 3 causes `qr_length` (in `quic_record_make`) to return 0. Then when `quic_record_append` gets called the `len` gets consumed by the first `if` and `len == 0` is true. This causes the error return which is not correct behaviour.

Reported in https://github.com/wolfSSL/wolfssl/issues/8156. Reproducing is a bit tricky. I couldn't get the docker to work.

First setup ngtcp2 as described in https://github.com/ngtcp2/ngtcp2/pkgs/container/ngtcp2-interop. The Relevant steps are (I tested with master/main branches of all libs):

```
$ git clone --depth 1 -b v5.7.4-stable https://github.com/wolfSSL/wolfssl
$ cd wolfssl
$ autoreconf -i
$ # For wolfSSL < v5.6.6, append --enable-quic.
$ ./configure --prefix=$PWD/build \
    --enable-all --enable-aesni --enable-harden --enable-keylog-export \
    --disable-ech
$ make -j$(nproc)
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only
$ make -j$(nproc) check
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ autoreconf -i
$ # For Mac users who have installed libev with MacPorts, append
$ # LIBEV_CFLAGS="-I/opt/local/include" LIBEV_LIBS="-L/opt/local/lib -lev"
$ ./configure PKG_CONFIG_PATH=$PWD/../wolfssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig \
    --with-wolfssl
$ make -j$(nproc) check
```

Download and unzip https://github.com/user-attachments/files/17621329/failing.pcap.zip

From the ngtcp2 dir:

```
./examples/wsslserver 127.0.0.1 44433 /path/to/wolfssl/certs/server-key.pem /path/to/wolfssl/certs/server-cert.pem
```

Then run the following python script (`failing.pcap` has to be available in the running dir) (probably needs to be run as `sudo`):

```
from scapy.utils import rdpcap, PcapNgReader
from scapy.all import *
reader = PcapNgReader("failing.pcap")
for i in reader:
    p = i[IP]
    p.dport = 44433
    p.dst = "127.0.0.1"
    p[UDP].chksum=0
    p.display()
    send(p)
```

Then observe the log line:

```
I00000000 0xa48accb7b49ec1556ac7111c64d3a4572a81 frm tx 625216795 Initial CONNECTION_CLOSE(0x1c) error_code=CRYPTO_ERROR(0x100) frame_type=0 reason_len=0 reason=[]
```

You can also use `gdb` and place a break inside the following section in `wolfssl/src/quic.c`.

```
    if (quic_record_complete(qr) || len == 0) {
        return 0;
    }
```
2025-01-16 11:39:57 -08:00
Daniel Pouzzner d4c654205b Revert "quic_record_append: return correct code"
This reverts commit bc12dad041.

This commit broke builds that combine QUIC and PQ -- known failures are pq-all-valgrind-unittest, pq-hybrid-all-rpk, pq-hybrid-all-rpk-valgrind-unittest, quantum-safe-wolfssl-all-gcc-latest, quantum-safe-wolfssl-all-g++-latest, quantum-safe-wolfssl-all-fortify-source-asm, quantum-safe-wolfssl-all-fortify-source-asm-noasm, and quantum-safe-wolfssl-all-intelasm-sp-asm-valgrind.

Note that the unit.test asserts added by this commit fail both before and after reversion.
2025-01-10 17:38:02 -06:00
Juliusz Sosinowicz bc12dad041 quic_record_append: return correct code
0-return from quic_record_append is an error. `quic_record_complete(qr) || len == 0` is not an error condition. We should return as normal on success.

The issue is that passing in buffers with length 1 then 3 causes `qr_length` (in `quic_record_make`) to return 0. Then when `quic_record_append` gets called the `len` gets consumed by the first `if` and `len == 0` is true. This causes the error return which is not correct behaviour.

Reported in https://github.com/wolfSSL/wolfssl/issues/8156. Reproducing is a bit tricky. I couldn't get the docker to work.

First setup ngtcp2 as described in https://github.com/ngtcp2/ngtcp2/pkgs/container/ngtcp2-interop. The Relevant steps are (I tested with master/main branches of all libs):

```
$ git clone --depth 1 -b v5.7.4-stable https://github.com/wolfSSL/wolfssl
$ cd wolfssl
$ autoreconf -i
$ # For wolfSSL < v5.6.6, append --enable-quic.
$ ./configure --prefix=$PWD/build \
    --enable-all --enable-aesni --enable-harden --enable-keylog-export \
    --disable-ech
$ make -j$(nproc)
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only
$ make -j$(nproc) check
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ autoreconf -i
$ # For Mac users who have installed libev with MacPorts, append
$ # LIBEV_CFLAGS="-I/opt/local/include" LIBEV_LIBS="-L/opt/local/lib -lev"
$ ./configure PKG_CONFIG_PATH=$PWD/../wolfssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig \
    --with-wolfssl
$ make -j$(nproc) check
```

Download and unzip https://github.com/user-attachments/files/17621329/failing.pcap.zip

From the ngtcp2 dir:

```
./examples/wsslserver 127.0.0.1 44433 /path/to/wolfssl/certs/server-key.pem /path/to/wolfssl/certs/server-cert.pem
```

Then run the following python script (`failing.pcap` has to be available in the running dir) (probably needs to be run as `sudo`):

```
from scapy.utils import rdpcap, PcapNgReader
from scapy.all import *
reader = PcapNgReader("failing.pcap")
for i in reader:
    p = i[IP]
    p.dport = 44433
    p.dst = "127.0.0.1"
    p[UDP].chksum=0
    p.display()
    send(p)
```

Then observe the log line:

```
I00000000 0xa48accb7b49ec1556ac7111c64d3a4572a81 frm tx 625216795 Initial CONNECTION_CLOSE(0x1c) error_code=CRYPTO_ERROR(0x100) frame_type=0 reason_len=0 reason=[]
```

You can also use `gdb` and place a break inside the following section in `wolfssl/src/quic.c`.

```
    if (quic_record_complete(qr) || len == 0) {
        return 0;
    }
```
2025-01-08 18:53:43 +01:00
Daniel Pouzzner a2bcbf7ecf additional fixes and peer review for -DOPENSSL_EXTRA -DOPENSSL_COEXIST: cover -DWOLFSSL_QUIC, fix -DNO_ASN, rename WOLFSSL_ASN1_TYPE_* to WOLFSSL_V_ASN1_*, completed nativization of NID_*, and switch to prefix WC_NID_ rather than wc_NID_. 2024-10-31 00:10:21 -05:00
Daniel Pouzzner c81c9be9ce error code fixes:
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
2024-09-06 19:33:48 -05:00
Daniel Pouzzner b178138d83 src/internal.c: in wolfSSL_ERR_reason_error_string(), add missing error string for SCR_DIFFERENT_CERT_E, and de-gate error strings previously gated on HAVE_HTTP_CLIENT.
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().

wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().

add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
2024-08-28 23:05:04 -05:00
JacobBarthelmeh 31a6a2bf59 update copyright to 2024 2024-07-19 13:15:05 -06:00
gasbytes 88527a3d6e word32 -> sword32 2024-06-13 13:44:50 +02:00
gasbytes 845e2f752c added check if the buf is at least RECORD_HEADER_SZ
when adding the record headers through quic
2024-06-11 22:10:18 +02:00
Andras Fekete affd0a318e Fix sign conversion errors 2024-05-14 11:02:28 -04:00
Juliusz Sosinowicz 2328270222 Code review 2024-04-26 15:56:20 +02:00
Juliusz Sosinowicz 49952a97d7 Fix quic header protect cipher return 2024-04-26 14:18:40 +02:00
Daniel Pouzzner 59290cd066 src/quic.c: fix -Wunused-function for evp_cipher_eq(). 2024-04-25 22:09:28 -05:00
Juliusz Sosinowicz d61fec5af9 Clean up EVP usage in quic 2024-04-25 16:34:38 +02:00
JacobBarthelmeh 44f3e4a3b7 CID 337219 allocation using untrusted size 2024-03-18 16:04:37 +07:00
JacobBarthelmeh 635d326812 CID 337232 sanity check on tainted scalar 2024-03-18 15:03:04 +07:00
jordan f222adf4c2 Fix issues from infer diff report. 2023-12-13 15:59:03 -06:00
Daniel Pouzzner 689a82a622 fix AES-related code, in both crypto and TLS layers, for various uninitialized data and resource leak defects around wc_AesInit() and wc_AesFree():
* followup to https://github.com/wolfSSL/wolfssl/pull/7009 "20231128-misc-fixes" and  https://github.com/wolfSSL/wolfssl/pull/7011 "Add missing wc_AesInit calls."

* adds WC_DEBUG_CIPHER_LIFECYCLE, which embeds asserts in low-level AES implementations for proper usage of wc_AesInit() and wc_AesFree().

* fixes native CMAC, AES-EAX, and AES-XTS implementations to assure resource release.

* adds missing wc_AesXtsInit() API, and adds a new wc_AesXtsSetKey_NoInit().

* fixes misspellings in EVP that unconditionally gated out AES-OFB and AES-XTS.

* fixes misspellings in EVP that unconditionally gated out AES-CBC and AES-CFB code in wolfSSL_EVP_CIPHER_CTX_cleanup_cipher().

* openssl compat AES low level cipher API has no counterpart to wc_AesFree(), so these compat APIs will now be gated out in configurations where they would otherwise leak memory or file descriptors (WOLFSSL_AFALG, WOLFSSL_DEVCRYPTO, WOLF_CRYPTO_CB, etc.).  A new macro, WC_AESFREE_IS_MANDATORY, is defined in wolfcrypt/aes.h to streamline this dependency.

* fixes 40 missing EVP_CIPHER_CTX_cleanup()s and 11 wc_AesFree()s in src/ssl.c, src/ssl_crypto.c, tests/api.c, and wolfcrypt/test/test.c.
2023-12-05 15:58:09 -06:00
Daniel Pouzzner 73ca6daf2b wolfssl/wolfcrypt/types.h: add needed (void)s for unused args to several XMALLOC/XFREE/XREALLOC macros that were missing them.
src/quic.c: fix misspelled DYNAMIC_TYPE_TMP_BUFFER.
2023-11-29 16:02:39 -06:00
Juliusz Sosinowicz 291c538e5f Ignore session ID's shorter than 32 bytes instead of erroring out 2023-06-27 14:51:46 +02:00
jordan 409ed6232a Used codespell and fixed obvious typos in src and wolfssl. 2023-03-02 09:52:07 -06:00
David Garske fc6d693dae Update logging enter, exit, msg to match function names. Fix some typos and improper use of "enter". Fix internal uses of SSL_SUCCESS and SSL_FAILURE. Add WOLFSSL_DEBUG_NONBLOCK option to allow printing iterations without debug enabled. 2023-02-21 12:02:15 -08:00
Jacob Barthelmeh 9dcc48c8f7 update copyright to 2023 2022-12-30 17:12:11 -07:00
Stefan Eissing e5cfd96609 QUIC API support in OpenSSL compat layer, as needed by HAProxy integration.
- adding patch for HAProxy, see dod/QUIC.md, based on current master.
      For documentaton purposes, since HAProxy does not accept PRs. To be
      removed once forwarded to the project.
2022-12-01 10:12:35 +01:00
Stefan Eissing 9726d1f6eb Allowing use of SSL/CTX_set_max_early_data() for client side.
- updating english doc and test cases
2022-10-18 10:40:18 +02:00
Stefan Eissing 9f47999002 Add ChaCha20 as available cipher in the EVP API.
- wire the wc_ChaCha_* implementation into the EVP API
  as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
  CHACHA20_POLY1305 has been negotiated in the handshake.
2022-09-06 10:06:02 +02:00
David Garske 90c65bd50b Merge pull request #5458 from icing/quic-earlydata
QUIC fixes for handling of early data
2022-08-11 17:52:29 -07:00
Daniel Pouzzner 017c4e7a41 fix gating and unused-variable warnings in src/quic.c wolfSSL_quic_aead_is_{gcm,ccm,chacha20}();
fix TLS version gating in tests/quic.c;

fix gating in src/ssl.c for wolfSSLv2_client_method() and wolfSSLv2_server_method();

reorganize prototypes in wolfssl/ssl.h for wolf*_method*() to group systematically by protocol version and gate correctly on support for that version in the build.
2022-08-11 14:58:59 -05:00
Stefan Eissing b3de591c6f Rename of buffer to tmpbuffer to avoid collision with customer setup test. 2022-08-11 20:06:46 +02:00
Stefan Eissing 53fd4b37f2 QUIC fixes for handling of early data
- new internal field for keeping early data enabled status,
  as QUIC does not call SSL_write_early_data() itself.
- using read_/write_early_data() methods in QUIC handshake
  when early data is enabled. This triggers the internals
  that emit the proper early data indication handlings.
2022-08-11 18:08:37 +02:00
David Garske 87d96c9c96 Merge pull request #5452 from icing/quic-resume
QUIC session resumption and early data handshake handling.
2022-08-10 22:33:13 -07:00
Daniel Pouzzner f771181e1a fixes for issues introduced in #5384:
added numerous missing _SMALL_STACK code paths (PK objects on the stack);

in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);

fixes for unsafe strcat()s in tests/quic.c;

fix for unsafe macro WOLFSSL_IS_QUIC();

fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);

fix for signed/unsigned clash in wolfSSL_quic_receive().
2022-08-10 13:33:56 -05:00
Stefan Eissing ea04ffc99f QUIC session resumption and early data handshake handling.
In test with ngtcp2 example client using openssl, session resumption
against a QUIC wolfssl server failed. The error was tracked down to
wolfSSL believing EaryData needs to be handled and returning SUCCESS
from wolfSSL_SSL_do_handshake() after the server Finished had been
sent.

However the handshake was not complete and ngtcp2 invoked the
post_handshake processing for new data arriving from the client.
This failed a check in post processing that the ssl->handShakeState
actually was HANDSHAKE_DONE.

The workaround in this PR repeats do_handshake until the ssl
state acually says it is complete. This way, session resumption works.

Either this alternative do_handshake() is merged for QUIC protocol
hanlders. Or we need to fix the 'normal' do_handshake() to no return
SUCCESS when early data is expected on a QUIC WOLFSSL.
2022-08-10 15:17:30 +02:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00