aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
Commit message (Collapse)AuthorAgeFilesLines
* PKCS#1: Debug dump invalid Signature EBJouni Malinen2020-04-051-0/+4
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* X509: Use unique debug prints for unused bits entriesJouni Malinen2020-04-051-2/+4
| | | | | | | This makes it easier to understand which X.509 BIT STRING value has the unused bits. Signed-off-by: Jouni Malinen <j@w1.fi>
* ASN.1: Helper functions for building DER encoded dataJouni Malinen2020-01-312-0/+161
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ASN.1: More OID definitionsJouni Malinen2020-01-312-4/+103
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ASN.1: Add a helper for parsing AlgorithmIdentifierJouni Malinen2020-01-302-0/+26
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ASN.1: Add a helper for parsing SEQUENCEJouni Malinen2020-01-302-0/+20
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* ASN.1: Add a helper for parsing INTEGERJouni Malinen2020-01-302-0/+38
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* TLS: Fix bounds checking in certificate policy parserJouni Malinen2020-01-281-2/+2
| | | | | | | | | | | | The recent addition of the X.509v3 certificatePolicies parser had a copy-paste issue on the inner SEQUENCE parser that ended up using incorrect length for the remaining buffer. Fix that to calculate the remaining length properly to avoid reading beyond the end of the buffer in case of corrupted input data. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363 Fixes: d165b32f3887 ("TLS: TOD-STRICT and TOD-TOFU certificate policies") Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: TOD-STRICT and TOD-TOFU certificate policiesJouni Malinen2020-01-263-1/+144
| | | | | | | Add parsing of certificate policies for TOD-STRICT and TOD-TOFU when using CONFIG_TLS=internal. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix a typo in a debug messageJouni Malinen2020-01-261-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Clean up base64_{encode,decode} pointer typesJouni Malinen2019-11-281-4/+4
| | | | | | | | Allow any pointer to be used as source for encoding and use char * as the return value from encoding and input value for decoding to reduce number of type casts needed in the callers. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* libtommath: Make sure fast_s_mp_mul_digs initializes the W[] arrayJouni Malinen2019-06-221-0/+1
| | | | | | | | Some compilers have started to warn about this and the use of two loops with ix 0..pa-1 and 0..pa loop a bit suspicious, so better make sure the array is initialized with zeros before extracting the terms from it. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Move ASN.1 DER BOOLEAN validation into generic ASN.1 parsingJouni Malinen2019-06-222-24/+32
| | | | | | | | This does not need to be specific to X.509, so move the BOOLEAN DER encoding validation into asn1_get_next() to make it apply for all cases instead of having to have the caller handle this separately. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Only allow 0xff value as TRUE for ASN.1 DER encoded BOOLEANJouni Malinen2019-06-221-0/+12
| | | | | | | | While BER encoding allows any nonzero value to be used for TRUE, DER is explicitly allowing only the value 0xff. Enforce this constraint in X.509 parsing to be more strict with what is acceptable. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix X.509v3 BasicConstraints parsingJouni Malinen2019-06-221-4/+6
| | | | | | | | | | | | | | Handling of the optional pathLenConstraint after cA was not done properly. The position after cA needs to be compared to the end of the SEQUENCE, not the end of the available buffer, to determine whether the optional pathLenConstraint is present. In addition, when parsing pathLenConstraint, the length of the remaining buffer was calculated incorrectly by not subtracting the length of the header fields needed for cA. This could result in reading couple of octets beyond the end of the buffer before rejecting the ASN.1 data as invalid. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15408 Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Be more careful in X.509 Time parsingJouni Malinen2019-06-111-8/+50
| | | | | | | | | | sscanf() can apparently read beyond the end of the buffer even if the maximum length of the integer is specified in the format string. Replace this parsing mechanism with helper functions that use sscanf() with NUL terminated string to avoid this. Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158 Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* TLS: Add support for RFC 5705 TLS exporter context with internal TLSJouni Malinen2019-03-164-12/+62
| | | | | | Use the provided context, if any, to generate the seed for TLS PRF. Signed-off-by: Jouni Malinen <j@w1.fi>
* bignum: Fix documentation for bignum_cmp_d()Jouni Malinen2019-03-051-2/+2
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* TLS: Fix X.509 certificate name conversion into empty stringJouni Malinen2019-02-111-0/+2
| | | | | | | | | If none of the supported name attributes are present, the name string was nul terminated only at the end. Add an explicit nul termination at the end of the last written (or beginning of the buffer, if nothing is written) to avoid writing uninitialized data to debug log. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix ASN.1 parsing with no room for the headerJouni Malinen2019-02-111-0/+8
| | | | | | | | | | Explicitly check the remaining buffer length before trying to read the ASN.1 header values. Attempt to parse an ASN.1 header when there was not enough buffer room for it would have started by reading one or two octets beyond the end of the buffer before reporting invalid data at the following explicit check for buffer room. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix AlertDescription for missing partial processing caseJouni Malinen2019-02-111-1/+2
| | | | | | | | tlsv1_record_receive() did not return error here and as such, &alert was not set and must not be used. Report internal error instead to avoid use of uninitialized memory. Signed-off-by: Jouni Malinen <j@w1.fi>
* tests: TLS fuzzing toolJouni Malinen2019-02-112-0/+6
| | | | | | | | | | | | | | Add test-tls program that can be used for fuzzing the internal TLS client and server implementations. This tool can write client or server messages into a file as an initialization step and for the fuzzing step, that file (with potential modifications) can be used to replace the internally generated message contents. The TEST_FUZZ=y build parameter is used to make a special build where a hardcoded random number generator and hardcoded timestamp are used to force deterministic behavior for the TLS operations. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS server: Check credentials have been configured before using themJouni Malinen2019-02-091-1/+1
| | | | | | Allow ServerHello to be built without local credential configuration. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS server: Local failure information on verify_data mismatchJouni Malinen2019-02-091-0/+1
| | | | | | | Mark connection state FAILED in this case even though TLS Alert is not sent. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS server: Add internal callbacks get_failed, get_*_alertsJouni Malinen2019-02-093-0/+26
| | | | | | | These can be used to implement cleaner termination of the handshake in case of failures. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS server: More complete logging of ClientHello decode errorsJouni Malinen2019-02-091-11/+39
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS client: Fix peer certificate event checking for probingJouni Malinen2019-02-091-1/+1
| | | | | | | | | conn->cred might be NULL here, so check for that explicitly before checking whether conn->cred->cert_probe is set. This fixes a potential NULL pointer dereference when going through peer certificates with event_cb functionality enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use os_memdup()Johannes Berg2017-03-073-16/+8
| | | | | | | | | | | | | | | | | | | | | | This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Remove trailing whitespaceJouni Malinen2016-12-286-118/+118
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix typo in DigestAlgorithnSergei Sinyak2016-10-291-3/+3
| | | | | | Replace n with m in DigestAlgorithn, i.e., DigestAlgorithm. Signed-off-by: Sergei Sinyak <serega.belarus@gmail.com>
* TLS: Make tls_cert_chain_failure_event() more robustJouni Malinen2015-12-281-1/+1
| | | | | | | Explicitly check for the failure event to include a certificate before trying to build the event. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS: Remove storing of never-read valueJouni Malinen2015-12-281-1/+0
| | | | | | | | | | While this could in theory be claimed to be ready for something to be added to read a field following the server_write_IV, it does not look likely that such a use case would show up. As such, just remove the unused incrementing of pos at the end of the function to get rid of a useless static analyzer complaint. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS client: Multi-OCSP check to cover intermediate CAsJouni Malinen2015-12-234-16/+81
| | | | | | | This extends multi-OCSP support to verify status for intermediate CAs in the server certificate chain. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS: Move variable declaration to the beginning of the blockJouni Malinen2015-12-231-1/+1
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS client: OCSP stapling with ocsp_multi option (RFC 6961)Jouni Malinen2015-12-222-39/+136
| | | | | | | | | This adds a minimal support for using status_request_v2 extension and ocsp_multi format (OCSPResponseList instead of OCSPResponse) for CertificateStatus. This commit does not yet extend use of OCSP stapling to validate the intermediate CA certificates. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS server: OCSP stapling with ocsp_multi option (RFC 6961)Jouni Malinen2015-12-226-30/+145
| | | | | | | | This allows hostapd with the internal TLS server implementation to support the extended OCSP stapling mechanism with multiple responses (ocsp_stapling_response_multi). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS server: OCSP staplingJouni Malinen2015-12-225-1/+116
| | | | | | | | | | This adds support for hostapd-as-authentication-server to be build with the internal TLS implementation and OCSP stapling server side support. This is more or less identical to the design used with OpenSSL, i.e., the cached response is read from the ocsp_stapling_response=<file> and sent as a response if the client requests it during the TLS handshake. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* TLS: Report OCSP rejection cases when no valid response if foundJouni Malinen2015-12-171-0/+10
| | | | | | | | | This adds a CTRL-EVENT-EAP-TLS-CERT-ERROR and CTRL-EVENT-EAP-STATUS messages with 'bad certificate status response' for cases where no valid OCSP response was received, but the network profile requires OCSP to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Process OCSP SingleResponse(s)Jouni Malinen2015-12-171-1/+287
| | | | | | | | | | This completes OCSP stapling support on the TLS client side. Each SingleResponse value is iterated until a response matching the server certificate is found. The validity time of the SingleResponse is verified and certStatus good/revoked is reported if all validation step succeed. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Store DER encoded version of Subject DN for X.509 certificatesJouni Malinen2015-12-172-0/+10
| | | | | | This is needed for OCSP issuerNameHash matching. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Share digest OID checkers from X.509Jouni Malinen2015-12-172-4/+9
| | | | | | These will be used by the OCSP implementation. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Support longer X.509 serialNumber valuesJouni Malinen2015-12-162-12/+17
| | | | | | | This extends the old support from 32 or 64 bit value to full 20 octets maximum (RFC 5280, 4.1.2.2). Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Parse and validate BasicOCSPResponseJouni Malinen2015-12-163-42/+387
| | | | | | | | | This adds the next step in completing TLS client support for OCSP stapling. The BasicOCSPResponse is parsed, a signing certificate is found, and the signature is verified. The actual sequence of OCSP responses (SignleResponse) is not yet processed in this commit. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Parse OCSPResponse to extract BasicOCSPResponseJouni Malinen2015-12-141-2/+145
| | | | | | | | This adds the next step for OCSP stapling. The received OCSPResponse is parsed to get the BasicOCSPResponse. This commit does not yet process the BasicOCSPResponse. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Parse CertificateStatus messageJouni Malinen2015-12-145-3/+190
| | | | | | | | | | This allows the internal TLS client implementation to accept CertificateStatus message from the server when trying to use OCSP stapling. The actual OCSPResponse is not yet processed in this commit, but the CertificateStatus message is accepted to allow the TLS handshake to continue. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Add status_request ClientHello extension if OCSP is requestedJouni Malinen2015-12-141-1/+39
| | | | | | | | This allows the internal TLS implementation to request server certificate status using OCSP stapling. This commit is only adding code to add the request. The response is not yet used. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Parse ServerHello extensionsJouni Malinen2015-12-141-2/+55
| | | | | | | This prints the received ServerHello extensions into the debug log and allows handshake to continue even if such extensions are included. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Add minimal support for PKCS #12Jouni Malinen2015-12-141-1/+737
| | | | | | | | This allows the internal TLS implementation to parse a private key and a certificate from a PKCS #12 file protected with pbeWithSHAAnd3-KeyTripleDES-CBC. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Extend PKCS #5 to support PKCS #12 style key decryptionJouni Malinen2015-12-141-4/+170
| | | | | | | This adds support for decrypting private keys protected with the old PKCS #12 mechanism using OID pbeWithSHAAnd3-KeyTripleDES-CBC. Signed-off-by: Jouni Malinen <j@w1.fi>
* TLS: Fix and complete ASN.1 tag listJouni Malinen2015-12-131-1/+3
| | | | | | | One of the unused defines had incorrect value and couple of tags were missing. Signed-off-by: Jouni Malinen <j@w1.fi>