Commit Graph

794 Commits

Author SHA1 Message Date
JacobBarthelmeh 269090353e Merge pull request #6884 from kareem-wolfssl/zd16824
Add explicit break to switch statement in GetHmacLength
2023-10-18 11:20:55 -06:00
Sean Parkinson 1e84d24c20 SM2 named curve disabled: value outside of supported values
SM2 named curve value is specified in specification.
Values 0-14 aren't used, so, those bits in disabledCurves are used for
values over 31.
Add range checks.
2023-10-18 10:51:37 +10:00
Kareem f59b22d3a0 Add explicit break to switch statement in GetHmacLength 2023-10-17 14:14:05 -07:00
Daniel Pouzzner 0549dba3db configure.ac and src/tls.c: fix --enable-keylog-export to warn at configure time, then build cleanly. 2023-10-12 13:09:43 -05:00
JacobBarthelmeh f0bfcc50d7 Merge pull request #6748 from julek-wolfssl/dtls13-frag-ch2
DTLS 1.3: allow fragmenting the second ClientHello message
2023-10-11 11:13:57 -06:00
Hideki Miyazaki f8604da8e3 change to use a cutom random generation func for PRNG 2023-10-11 06:50:26 +09:00
Juliusz Sosinowicz 2c6c52078a test_dtls13_frag_ch_pq: make sure kyber5 is used 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz c802193119 Simplify the pqc keyshare handling 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz df8ee69075 Clear the keyshare instead of storing it 2023-10-09 12:54:11 +02:00
Juliusz Sosinowicz 85a596e54a DTLS 1.3: allow fragmenting the second ClientHello message
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
2023-10-09 12:54:11 +02:00
Anthony Hu 7c1cc5e8f9 Allow the server to send supported groups extension in TLS 1.3 2023-09-29 12:42:44 -04:00
David Garske bc02006def Merge pull request #6794 from res0nance/fix-memory-type
pqc: fix memory type for shared secret storage server side
2023-09-20 14:24:42 -07:00
res0nance 0983ea9a80 pqc: fix memory type for shared secret storage server side
This gets copied to preMasterSecret and freed in
TLSX_KeyShare_ProcessPqc with the SECRET type but is allocated
with the TLSX type.
2023-09-20 15:45:26 +08:00
Andras Fekete 186d3c2eb4 Fixes to various Async issues 2023-09-19 13:10:16 -04:00
Andras Fekete 2af5ae89a2 Rename enum to protect the innocent
WC_NO_PENDING_E indicates that there really isn't any asynchronous task that is pending.
2023-09-19 10:46:11 -04:00
res0nance 825db397d7 Set namedGroup when generating pqc ciphertext
This fixes an issue where wolfSSL_get_curve_name() will
return NULL when using PQC groups.
2023-09-13 13:29:31 +08:00
JacobBarthelmeh 2f2dddde25 Merge pull request #6727 from bigbrett/tls13-sniffer-keylogfile
TLS 1.3 sniffer keylog file support
2023-08-24 16:52:00 -06:00
Brett Nicholas 15918d8ee6 First pass at TLS1.3 keylog file working 2023-08-24 13:04:59 -06:00
Juliusz Sosinowicz 82c5170659 TLSX_CA_Names_Parse: Include header in length check 2023-08-24 15:23:37 +02:00
JacobBarthelmeh 3033371abc Merge pull request #6717 from bigbrett/sniffer-keylogfile
sniffer keylog file support
2023-08-22 14:06:27 -06:00
Brett Nicholas 2ee6a01d91 Initial sniffer keylog file support for TLS 1.2 2023-08-22 11:23:46 -06:00
jordan d4ba2e50d4 Used codespell and fixed obvious typos. 2023-08-17 15:20:10 -05:00
TakayukiMatsuo 3a5739a8fa Add support for raw-public-key 2023-08-11 11:29:15 +09:00
Juliusz Sosinowicz 854ae0dcdb Code review 2023-07-31 15:16:59 +02:00
Juliusz Sosinowicz a495bb4e7f TLSX_CA_Names_Parse: make sure to do cleanup when smallstack is on 2023-07-28 16:34:35 +02:00
Juliusz Sosinowicz 5947c9ae8c TLSX_CA_Names_Parse: Verify the length of the extension 2023-07-26 13:32:37 +02:00
gojimmypi 31dfdf8360 TLS SM2, SM3, SM4-CBC: hash details for SM3 2023-07-25 17:25:11 -07:00
JacobBarthelmeh 1285ae7816 Merge pull request #6506 from DimitriPapadopoulos/codespell
Fix typos found by codespell
2023-07-24 10:34:29 -06:00
Daniel Pouzzner f6f8d2eda3 add WC_DO_NOTHING macro to wolfssl/wolfcrypt/types.h, with default expansion "do {} while (0)", and globally refactor to use the macro where appropriate, annotating intended-null macros-with-args with "/* null expansion */";
tweak several #includes of settings.h to include types.h instead (all of these are for clarity, as types.h is indirectly included by later #includes), and add #include <wolfssl/wolfcrypt/types.h> where missing;

remove trailing semicolons from PRAGMA*() macro invocations as they are unneeded and can be harmful (inducing frivolous -Wdeclaration-after-statement etc.).
2023-07-14 09:50:01 -05:00
Daniel Pouzzner 648f474d83 configure.ac:
if ENABLED_LINUXKM_PIE, add -DWOLFSSL_NO_OCSP_ISSUER_CHECK to gate out backward dependency in asn.c;

  if ENABLE_LINUXKM, don't error on FIPS without thread_ls_on;

  for --enable-curl, set ENABLED_MD4="yes", and move --enable-md4 AC_ARG_ENABLE() clause up to a position adjacent to des3 handling;

scripts/sniffer-gen.sh: fix illegal exit code (SC2242);

src/internal.c: fix clang-analyzer-core.NonNullParamChecker in CreateTicket();

src/ocsp.c: fix readability-redundant-preprocessor;

src/tls.c: fix empty-body in TLSX_PskKeModes_Parse() and clang-diagnostic-unreachable-code-break in ALPN_Select();

tests/api.c: fix several clang-analyzer-core.NullDereference related to Expect*() refactor;

wolfcrypt/src/asn.c:

  fix -Wconversions in DecodeAuthKeyId() and ParseCertRelative();

  fix readability-redundant-declaration re GetCA() and GetCAByName();

  gate inclusion of wolfssl/internal.h on !defined(WOLFCRYPT_ONLY);

wolfssl/internal.h: add macro-detection gating around GetCA() and GetCAByName() prototypes matching gates in wolfcrypt/src/asn.c;

tests/utils.c: in create_tmp_dir(), use one-arg variant of mkdir() if defined(__CYGWIN__) || defined(__MINGW32__).
2023-07-12 13:47:40 -05:00
Sean Parkinson 9f6ef65e8f Merge pull request #6557 from julek-wolfssl/zd/16332
Don't allow a resumption handshake inside of a SCR
2023-07-10 13:51:29 +10:00
David Garske 91fb24161b Merge pull request #6515 from julek-wolfssl/nginx-1.25.0
Add support for nginx-1.25.0
2023-07-07 09:29:23 -07:00
Juliusz Sosinowicz 0abaa89787 Add support for nginx-1.25.0
- nginx: add necessary defines and function
- Implement Certificate Authorities for TLS 1.3
- Implement secret logging for TLS 1.3. Can be used for example with:
  ./configure CPPFLAGS="-DWOLFSSL_SSLKEYLOGFILE -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE_OUTPUT='\"/tmp/secrets\"'"
- Implement session context checking for tickets
- Check for authorized responder in OCSP basic response
- Fix handling call to ocsp->statusCb
- compat: Translate SOCKET_PEER_CLOSED_E to WOLFSSL_ERROR_SYSCALL
- Fix wolfSSL_CTX_set_session_cache_mode
  - WOLFSSL_SESS_CACHE_OFF means nothing should be on
  - WOLFSSL_SESS_CACHE_NO_INTERNAL turns off only the internal cache
- Respect ssl->options.internalCacheOff
- Implement SSL_SESSION_set_time
- wolfSSL_SSL_in_init: fix detection for TLS 1.3
- Fix handling call to ssl->alpnSelect
- SendTls13NewSessionTicket: always generate new ID
  - When we send a new ticket for the same session (for example we resumed a connection and are sending a new ticket so that the client can resume in the future), we need to generate a new ID so that we don't overwrite the old session in the cache. Overwriting the session results in the `diff` calculation in `DoClientTicketCheck()` producing the wrong value and failing to resume.
Add nginx github action test
- Fix memory leaks
- wolfSSL_OCSP_basic_verify: implement OCSP_TRUSTOTHER flag
- AKID: implement matching on issuer name and serial number
- ocsp: check for a chain match for OCSP responder
- Split CreateTicket into CreateTicket and SetupTicket
- SendCertificateStatus: free response.buffer
- Use heap hint when allocating responseBuffer
- Remove responseBuffer from internal API's that don't use it anywhere
2023-07-07 11:22:58 +02:00
Juliusz Sosinowicz 57e53d1a43 Don't allow a resumption handshake inside of a SCR 2023-07-06 15:13:56 -07:00
Juliusz Sosinowicz d2642e329d Properly enforce the pathLenConstraint of the BasicConstraints extension
- move the testsuite file helps into a new tests/utils.c file so that they can be used across all tests
- dump the raw TLS stream when WOLFSSL_DUMP_MEMIO_STREAM is defined so that it can be examined in Wireshark
2023-07-06 19:00:11 +02:00
Dimitri Papadopoulos 50752f5a2b Fix typos found by codespell 2023-07-04 07:21:27 +02:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00
Anthony Hu 3e821c6f2b make sure that when TLSX_ALPN_GetRequest() returns data and dataSz are not pointing to junk. 2023-06-22 15:01:11 -04:00
Kareem 75c8d87353 Fix trusted_ca_keys extension allowed logic. 2023-06-21 15:35:29 -07:00
Anthony Hu ea6155c924 For NO_RSA, don't advertise support for RSA. 2023-05-30 12:34:23 -04:00
JacobBarthelmeh 00f1eddee4 add tls extension sanity check 2023-05-15 15:49:44 -07:00
jordan 8c792b836c Fix memory leak in TLSX_KeyShare_Setup 2023-05-08 10:46:33 -05:00
Marco Oliverio a5a2316aa4 async: fix overwrite of keylen params between calls
The `kse->pubKeyLen` parameter is used as an input parameter to `DhGenKeyPair`
to provide the size of the `pubKey` buffer (the same size as the prime p). After
that, `kse->pubKeyLen` is used to check that the public key generated is of the
same length as the prime p. If this is not the case, the public key is
padded. If the key generation is asynchronous, then `TLSX_KeyShare_GenDhKey` may
be invoked twice. The second time, the `kse->pubKeyLen` value, updated
asynchronously by the async code, is overwritten with the prime size at the
beginning of the function. When this happens, a wrong public key value is used,
and the shared secret computed is incorrect.

Similar reasoning can be applied to `kse->keyLen`
2023-05-02 16:34:15 +00:00
Sean Parkinson 8851065848 cppcheck fixes
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
2023-04-03 16:59:58 +10:00
Chris Conlon 496a15037b Merge pull request #6166 from TakayukiMatsuo/tsip117 2023-03-27 11:49:18 -06:00
JacobBarthelmeh 7e8d027a17 Merge pull request #6217 from douzzer/20230321-fixes
20230321-fixes
2023-03-22 10:23:07 -06:00
Daniel Pouzzner 49cd3ff872 wolfssl/internal.h: fixes for -Wpedantic "redefinition of typedef" around typedef ... TLSX and Options;
src/internal.c: fix for -Wdeclaration-after-statement and clang-diagnostic-unreachable-code-break;

tests/api.c: fix for -Wunused-variable and clang-analyzer-deadcode.DeadStores;

olfcrypt/src/pkcs12.c: fixes for cppcheck uselessAssignmentPtrArg and arrayIndexThenCheck, and clang-tidy clang-analyzer-deadcode.DeadStores and clang-analyzer-core.NonNullParamChecker;

wolfssl/src/tls.c: fix for clang-analyzer-deadcode.DeadStores;

wolfcrypt/src/tfm.c: fix for clang-diagnostic-newline-eof;

src/tls13.c: fix for clang-analyzer-core.NonNullParamChecker.
2023-03-21 22:52:56 -05:00
Sean Parkinson 9ec742b11f Regression testing fixes
HAVE_ECH only used by TLS 1.3 add protection around all code.
ssl->options.onlyPskDheKe only available when HAVE_SUPPORTED_CURVES.
CleanupClientTickets() defined when HAVE_SUPPORTED_CURVES.
TLSX_KeyShare_DeriveSecret only defined when HAVE_SUPPORTED_CURVES.
DecodeResponseData - initialize variable single.
New OpenSSL compatibility BN code requires mp_read_radix - turn on in
integer.c, sp_int.c when OPENSSL_EXTRA defined.
rsa.c:_CheckProbablePrime - make sure tmp1 and tmp2 are initialized
before error handling jumps to freeing them.

test_remove_hs_message uses 1024-bit DH key which is not supported when
using SP math with SP.
2023-03-22 08:57:20 +10:00
TakayukiMatsuo 7d2a9136b6 Add support for TSIP v1.17 2023-03-21 11:28:07 +09:00
Juliusz Sosinowicz 4c7aa5c8dd Address code review 2023-03-09 19:00:25 +01:00