From b325e0ff916aa5989c523e7619f4dbbbeded74a1 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 19 Mar 2018 09:55:45 +1000 Subject: [PATCH 1/2] Fixes for wpa_supplicant --- configure.ac | 2 +- src/internal.c | 14 +++++++------ src/ssl.c | 50 ++++++++++++++++++++++++++++++++------------- wolfcrypt/src/asn.c | 20 ++++++++++++++---- wolfcrypt/src/dh.c | 1 + wolfcrypt/src/ecc.c | 18 ++++++++++++++++ wolfssl/ssl.h | 8 ++++++-- 7 files changed, 86 insertions(+), 27 deletions(-) diff --git a/configure.ac b/configure.ac index 2eaab4729..1dc3d7c4b 100644 --- a/configure.ac +++ b/configure.ac @@ -567,7 +567,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN -DWOLFSSL_DES_ECB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS" fi diff --git a/src/internal.c b/src/internal.c index c8e74fe46..7470b46bf 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1753,13 +1753,13 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, #ifdef WC_RSA_PSS if (tls1_2) { #ifdef WOLFSSL_SHA512 - if (keySz >= MIN_RSA_SHA512_PSS_BITS) { + if (keySz == 0 || keySz >= MIN_RSA_SHA512_PSS_BITS) { suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; suites->hashSigAlgo[idx++] = sha512_mac; } #endif #ifdef WOLFSSL_SHA384 - if (keySz >= MIN_RSA_SHA384_PSS_BITS) { + if (keySz == 0 || keySz >= MIN_RSA_SHA384_PSS_BITS) { suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; suites->hashSigAlgo[idx++] = sha384_mac; } @@ -8488,11 +8488,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX)); store->error = ret; - #ifdef WOLFSSL_WPAS - store->error_depth = 0; - #else store->error_depth = args->certIdx; - #endif store->discardSessionCerts = 0; store->domain = args->domain; store->userCtx = ssl->verifyCbCtx; @@ -14570,6 +14566,11 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) switch (error) { +#ifdef WOLFSSL_WPAS + case 0 : + return "ok"; +#endif + case UNSUPPORTED_SUITE : return "unsupported cipher suite"; @@ -22930,6 +22931,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMSET(&cookieHmac, 0, sizeof(Hmac)); #endif /* WOLFSSL_DTLS */ + #ifdef WOLFSSL_CALLBACKS if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello"); if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); diff --git a/src/ssl.c b/src/ssl.c index 20f403fd0..070aed7ee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7002,6 +7002,19 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) } +int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, + const char* file, int format) +{ + /* process up to MAX_CHAIN_DEPTH plus subject cert */ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); + if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL) + == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + + return WOLFSSL_FAILURE; +} + + #ifndef NO_DH /* server Diffie-Hellman parameters */ @@ -7954,6 +7967,18 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) return WOLFSSL_FAILURE; } +int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file, + int format) +{ + /* process up to MAX_CHAIN_DEPTH plus subject cert */ + WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format"); + if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, + NULL) == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + + return WOLFSSL_FAILURE; +} + #ifdef HAVE_ECC @@ -16099,7 +16124,7 @@ void wolfSSL_set_connect_state(WOLFSSL* ssl) InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveECC, - ssl->options.haveStaticECC, ssl->options.side); + ssl->options.haveStaticECC, WOLFSSL_CLIENT_END); } ssl->options.side = WOLFSSL_CLIENT_END; } @@ -21377,24 +21402,21 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, return 0; } -#ifndef NO_WOLFSSL_STUB -int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev) +int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { - (void)rev; - WOLFSSL_STUB("OPENSSL_sk_num"); - return 0; + if (sk == NULL) + return 0; + return (int)sk->num; } -#endif -#ifndef NO_WOLFSSL_STUB -void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i) +void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, int i) { - (void)rev; - (void)i; - WOLFSSL_STUB("OPENSSL_sk_value"); - return 0; + for (; sk != NULL && i > 0; i--) + sk = sk->next; + if (sk == NULL) + return NULL; + return (void*)sk->data.obj; } -#endif /* stunnel 4.28 needs */ void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 26756b692..37772362c 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4296,6 +4296,10 @@ static int GetName(DecodedCert* cert, int nameType) if (copy && !tooBig) { XMEMCPY(&full[idx], copy, XSTRLEN(copy)); idx += (word32)XSTRLEN(copy); + #ifdef WOLFSSL_WPAS + full[idx] = '='; + idx++; + #endif XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); idx += strLen; } @@ -6895,6 +6899,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int badDate = 0; int criticalExt = 0; word32 confirmOID; + int selfSigned = 0; if (cert == NULL) { return BAD_FUNC_ARG; @@ -6985,18 +6990,25 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) #endif #else cert->ca = GetCA(cm, cert->issuerHash); + if (XMEMCMP(cert->issuerHash, cert->subjectHash, KEYID_SIZE) == 0) + selfSigned = 1; #endif /* !NO_SKID */ WOLFSSL_MSG("About to verify certificate signature"); if (cert->ca) { - if (cert->isCA) { - if (cert->ca->pathLengthSet) { + if (cert->isCA && cert->ca->pathLengthSet) { + if (selfSigned) { + if (cert->ca->pathLength != 0) { + WOLFSSL_MSG("Root CA with path length > 0"); + return ASN_PATHLEN_INV_E; + } + } + else { if (cert->ca->pathLength == 0) { WOLFSSL_MSG("CA with path length 0 signing a CA"); return ASN_PATHLEN_INV_E; } - if (cert->pathLengthSet && - cert->pathLength >= cert->ca->pathLength) { + else if (cert->pathLength >= cert->ca->pathLength) { WOLFSSL_MSG("CA signing CA with longer path length"); return ASN_PATHLEN_INV_E; diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 928dd4266..0ce4c8bfa 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -966,6 +966,7 @@ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, } #else { + ret = WC_KEY_SIZE_E; } #endif diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index f0ff1b626..3e8f6d3fc 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -7970,6 +7970,23 @@ done: */ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret) { +#ifdef SQRTMOD_USE_MOD_EXP + int res; + + mp_int e; + + res = mp_init(&e); + if (res == MP_OKAY) + res = mp_add_d(prime, 1, &e); + if (res == MP_OKAY) + res = mp_div_2d(&e, 2, &e, NULL); + if (res == MP_OKAY) + res = mp_exptmod(n, &e, prime, ret); + + mp_clear(&e); + + return res; +#else int res, legendre, done = 0; mp_int t1, C, Q, S, Z, M, T, R, two; mp_digit i; @@ -8148,6 +8165,7 @@ int mp_sqrtmod_prime(mp_int* n, mp_int* prime, mp_int* ret) mp_clear(&two); return res; +#endif } #endif #endif /* !WOLFSSL_ATECC508A */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a8bf51c7f..61f981201 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -490,6 +490,8 @@ WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX*, const char*, int); #endif WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX *, const char *file); +WOLFSSL_API int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX *, + const char *file, int format); WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX*, const char*, int); WOLFSSL_API long wolfSSL_get_verify_depth(WOLFSSL* ssl); @@ -498,6 +500,8 @@ WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_PrivateKey_file(WOLFSSL*, const char*, int); WOLFSSL_API int wolfSSL_use_certificate_chain_file(WOLFSSL*, const char *file); +WOLFSSL_API int wolfSSL_use_certificate_chain_file_format(WOLFSSL*, + const char *file, int format); WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); #ifdef WOLFSSL_DER_LOAD @@ -1413,8 +1417,8 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_UTCTIME*); WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO*, const WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_X509_REVOKED*); -WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED*, int); +WOLFSSL_API int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*); +WOLFSSL_API void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*, int); /* stunnel 4.28 needs */ WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); From c9c2e1a8a7c3c269e093725f30029ee9039dcc52 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 21 Mar 2018 08:33:54 +1000 Subject: [PATCH 2/2] Don't base signature algorithm support on certificate The signature algorithm support is what you can do with another key, not what you can do with your key. --- src/internal.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 7470b46bf..ae1155df4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1753,16 +1753,12 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig, #ifdef WC_RSA_PSS if (tls1_2) { #ifdef WOLFSSL_SHA512 - if (keySz == 0 || keySz >= MIN_RSA_SHA512_PSS_BITS) { - suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; - suites->hashSigAlgo[idx++] = sha512_mac; - } + suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; + suites->hashSigAlgo[idx++] = sha512_mac; #endif #ifdef WOLFSSL_SHA384 - if (keySz == 0 || keySz >= MIN_RSA_SHA384_PSS_BITS) { - suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; - suites->hashSigAlgo[idx++] = sha384_mac; - } + suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; + suites->hashSigAlgo[idx++] = sha384_mac; #endif #ifndef NO_SHA256 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;