Commit graph

171 commits

Author SHA1 Message Date
Johannes Berg
1d0d8888af build: Make more library things common
We don't really need to duplicate more of this, so just
move the lib.rules include to the end and do more of the
stuff that's common anyway there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:35 +03:00
Johannes Berg
f4b3d14e97 build: Make a common library build
Derive the library name from the directory name, and let each
library Makefile only declare the objects that are needed.

This reduces duplicate code for the ar call. While at it, also
pretty-print that call.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-12 20:20:20 +03:00
Johannes Berg
283eee8eed gitignore: Clean up a bit
Now that we no longer leave build artifacts outside the build folder, we
can clean up the gitignore a bit. Also move more things to per-folder
files that we mostly had already anyway.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 19:32:50 +03:00
Johannes Berg
87098d3324 build: Put archive files into build/ folder too
This is something I hadn't previously done, but there are
cases where it's needed, e.g., building 'wlantest' and then
one of the tests/fuzzing/*/ projects, they use a different
configuration (fuzzing vs. not fuzzing).

Perhaps more importantly, this gets rid of the last thing
that was dumped into the source directories, apart from
the binaries themselves.

Note that due to the use of thin archives, this required
building with absolute paths.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-11 11:16:00 +03:00
Johannes Berg
722138cd25 build: Put object files into build/ folder
Instead of building in the source tree, put most object
files into the build/ folder at the root, and put each
thing that's being built into a separate folder.

This then allows us to build hostapd and wpa_supplicant
(or other combinations) without "make clean" inbetween.

For the tests keep the objects in place for now (and to
do that, add the build rule) so that we don't have to
rewrite all of that with $(call BUILDOBJS,...) which is
just noise there.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:51:39 +03:00
Johannes Berg
06a6adb54e build: Use build.rules in lib.rules
Use the new build.rules in lib.rules and also unify the
clean targets to lib.rules.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2020-10-10 12:47:41 +03:00
Jouni Malinen
24a6bca704 PKCS#1: Debug dump invalid Signature EB
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 20:13:26 +03:00
Jouni Malinen
eac6eb7024 X509: Use unique debug prints for unused bits entries
This makes it easier to understand which X.509 BIT STRING value has the
unused bits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-05 19:59:47 +03:00
Jouni Malinen
31b5950d0b ASN.1: Helper functions for building DER encoded data
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
ce1f477397 ASN.1: More OID definitions
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-31 23:16:05 +02:00
Jouni Malinen
8006742fa3 ASN.1: Add a helper for parsing AlgorithmIdentifier
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 15:23:32 +02:00
Jouni Malinen
f7f2843c45 ASN.1: Add a helper for parsing SEQUENCE
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 12:12:26 +02:00
Jouni Malinen
3393d94d02 ASN.1: Add a helper for parsing INTEGER
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-30 12:00:21 +02:00
Jouni Malinen
76162b1828 TLS: Fix bounds checking in certificate policy parser
The recent addition of the X.509v3 certificatePolicies parser had a
copy-paste issue on the inner SEQUENCE parser that ended up using
incorrect length for the remaining buffer. Fix that to calculate the
remaining length properly to avoid reading beyond the end of the buffer
in case of corrupted input data.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20363
Fixes: d165b32f38 ("TLS: TOD-STRICT and TOD-TOFU certificate policies")
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-28 14:21:03 +02:00
Jouni Malinen
d165b32f38 TLS: TOD-STRICT and TOD-TOFU certificate policies
Add parsing of certificate policies for TOD-STRICT and TOD-TOFU when
using CONFIG_TLS=internal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 16:44:49 +02:00
Jouni Malinen
cd66b8295c TLS: Fix a typo in a debug message
Signed-off-by: Jouni Malinen <j@w1.fi>
2020-01-26 12:50:44 +02:00
Jouni Malinen
8e5e36a184 Clean up base64_{encode,decode} pointer types
Allow any pointer to be used as source for encoding and use char * as
the return value from encoding and input value for decoding to reduce
number of type casts needed in the callers.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-11-28 16:39:09 +02:00
Jouni Malinen
e1e203c800 libtommath: Make sure fast_s_mp_mul_digs initializes the W[] array
Some compilers have started to warn about this and the use of two loops
with ix 0..pa-1 and 0..pa loop a bit suspicious, so better make sure the
array is initialized with zeros before extracting the terms from it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
702cc6da1a TLS: Move ASN.1 DER BOOLEAN validation into generic ASN.1 parsing
This does not need to be specific to X.509, so move the BOOLEAN DER
encoding validation into asn1_get_next() to make it apply for all cases
instead of having to have the caller handle this separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:56:44 +03:00
Jouni Malinen
34c1b75c82 TLS: Only allow 0xff value as TRUE for ASN.1 DER encoded BOOLEAN
While BER encoding allows any nonzero value to be used for TRUE, DER is
explicitly allowing only the value 0xff. Enforce this constraint in
X.509 parsing to be more strict with what is acceptable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:27:36 +03:00
Jouni Malinen
ce11c281ad TLS: Fix X.509v3 BasicConstraints parsing
Handling of the optional pathLenConstraint after cA was not done
properly. The position after cA needs to be compared to the end of the
SEQUENCE, not the end of the available buffer, to determine whether the
optional pathLenConstraint is present. In addition, when parsing
pathLenConstraint, the length of the remaining buffer was calculated
incorrectly by not subtracting the length of the header fields needed
for cA. This could result in reading couple of octets beyond the end of
the buffer before rejecting the ASN.1 data as invalid.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15408
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-06-22 18:11:24 +03:00
Jouni Malinen
a6ed414c82 TLS: Be more careful in X.509 Time parsing
sscanf() can apparently read beyond the end of the buffer even if the
maximum length of the integer is specified in the format string. Replace
this parsing mechanism with helper functions that use sscanf() with NUL
terminated string to avoid this.

Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15158
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-06-11 06:34:19 +03:00
Jouni Malinen
32f4760664 TLS: Add support for RFC 5705 TLS exporter context with internal TLS
Use the provided context, if any, to generate the seed for TLS PRF.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-03-16 18:52:09 +02:00
Jouni Malinen
4a9531a755 bignum: Fix documentation for bignum_cmp_d()
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-05 16:10:33 +02:00
Jouni Malinen
62269c8d8d TLS: Fix X.509 certificate name conversion into empty string
If none of the supported name attributes are present, the name string
was nul terminated only at the end. Add an explicit nul termination at
the end of the last written (or beginning of the buffer, if nothing is
written) to avoid writing uninitialized data to debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
3eae9766b7 TLS: Fix ASN.1 parsing with no room for the header
Explicitly check the remaining buffer length before trying to read the
ASN.1 header values. Attempt to parse an ASN.1 header when there was not
enough buffer room for it would have started by reading one or two
octets beyond the end of the buffer before reporting invalid data at the
following explicit check for buffer room.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
fbc2123a14 TLS: Fix AlertDescription for missing partial processing case
tlsv1_record_receive() did not return error here and as such, &alert was
not set and must not be used. Report internal error instead to avoid use
of uninitialized memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
1ac9c020b5 tests: TLS fuzzing tool
Add test-tls program that can be used for fuzzing the internal TLS
client and server implementations. This tool can write client or server
messages into a file as an initialization step and for the fuzzing step,
that file (with potential modifications) can be used to replace the
internally generated message contents.

The TEST_FUZZ=y build parameter is used to make a special build where a
hardcoded random number generator and hardcoded timestamp are used to
force deterministic behavior for the TLS operations.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-11 02:35:29 +02:00
Jouni Malinen
f3cca8b1ea TLS server: Check credentials have been configured before using them
Allow ServerHello to be built without local credential configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
19dd7a736e TLS server: Local failure information on verify_data mismatch
Mark connection state FAILED in this case even though TLS Alert is not
sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
f08ab18bf9 TLS server: Add internal callbacks get_failed, get_*_alerts
These can be used to implement cleaner termination of the handshake in
case of failures.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
b642ab4062 TLS server: More complete logging of ClientHello decode errors
Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Jouni Malinen
fdd8a2f0b8 TLS client: Fix peer certificate event checking for probing
conn->cred might be NULL here, so check for that explicitly before
checking whether conn->cred->cert_probe is set. This fixes a potential
NULL pointer dereference when going through peer certificates with
event_cb functionality enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2019-02-10 01:43:50 +02:00
Johannes Berg
a1f11e34c4 Use os_memdup()
This leads to cleaner code overall, and also reduces the size
of the hostapd and wpa_supplicant binaries (in hwsim test build
on x86_64) by about 2.5 and 3.5KiB respectively.

The mechanical conversions all over the code were done with
the following spatch:

    @@
    expression SIZE, SRC;
    expression a;
    @@
    -a = os_malloc(SIZE);
    +a = os_memdup(SRC, SIZE);
    <...
    if (!a) {...}
    ...>
    -os_memcpy(a, SRC, SIZE);

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-03-07 13:19:10 +02:00
Jouni Malinen
95de34a10a Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Sergei Sinyak
7d8f795003 Fix typo in DigestAlgorithn
Replace n with m in DigestAlgorithn, i.e., DigestAlgorithm.

Signed-off-by: Sergei Sinyak <serega.belarus@gmail.com>
2016-10-29 11:14:09 +03:00
Jouni Malinen
324ade51e1 TLS: Make tls_cert_chain_failure_event() more robust
Explicitly check for the failure event to include a certificate before
trying to build the event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-28 18:31:11 +02:00
Jouni Malinen
c6231b5e1e TLS: Remove storing of never-read value
While this could in theory be claimed to be ready for something to be
added to read a field following the server_write_IV, it does not look
likely that such a use case would show up. As such, just remove the
unused incrementing of pos at the end of the function to get rid of a
useless static analyzer complaint.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-28 18:15:18 +02:00
Jouni Malinen
0764dd6849 TLS client: Multi-OCSP check to cover intermediate CAs
This extends multi-OCSP support to verify status for intermediate CAs in
the server certificate chain.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
02683830b5 TLS: Move variable declaration to the beginning of the block
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
b5677752b2 TLS client: OCSP stapling with ocsp_multi option (RFC 6961)
This adds a minimal support for using status_request_v2 extension and
ocsp_multi format (OCSPResponseList instead of OCSPResponse) for
CertificateStatus. This commit does not yet extend use of OCSP stapling
to validate the intermediate CA certificates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 20:44:56 +02:00
Jouni Malinen
8ea6a27003 TLS server: OCSP stapling with ocsp_multi option (RFC 6961)
This allows hostapd with the internal TLS server implementation to
support the extended OCSP stapling mechanism with multiple responses
(ocsp_stapling_response_multi).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 20:44:52 +02:00
Jouni Malinen
bca0872dd5 TLS server: OCSP stapling
This adds support for hostapd-as-authentication-server to be build with
the internal TLS implementation and OCSP stapling server side support.
This is more or less identical to the design used with OpenSSL, i.e.,
the cached response is read from the ocsp_stapling_response=<file> and
sent as a response if the client requests it during the TLS handshake.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 17:53:45 +02:00
Jouni Malinen
8ba8c01d0c TLS: Report OCSP rejection cases when no valid response if found
This adds a CTRL-EVENT-EAP-TLS-CERT-ERROR and CTRL-EVENT-EAP-STATUS
messages with 'bad certificate status response' for cases where no valid
OCSP response was received, but the network profile requires OCSP to be
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:47:38 +02:00
Jouni Malinen
f163ed8bae TLS: Process OCSP SingleResponse(s)
This completes OCSP stapling support on the TLS client side. Each
SingleResponse value is iterated until a response matching the server
certificate is found. The validity time of the SingleResponse is
verified and certStatus good/revoked is reported if all validation step
succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
8e3271dcd1 TLS: Store DER encoded version of Subject DN for X.509 certificates
This is needed for OCSP issuerNameHash matching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
32ce69092e TLS: Share digest OID checkers from X.509
These will be used by the OCSP implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 11:28:38 +02:00
Jouni Malinen
b72a36718f TLS: Support longer X.509 serialNumber values
This extends the old support from 32 or 64 bit value to full 20 octets
maximum (RFC 5280, 4.1.2.2).

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 01:41:45 +02:00
Jouni Malinen
af4eba16ce TLS: Parse and validate BasicOCSPResponse
This adds the next step in completing TLS client support for OCSP
stapling. The BasicOCSPResponse is parsed, a signing certificate is
found, and the signature is verified. The actual sequence of OCSP
responses (SignleResponse) is not yet processed in this commit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-17 00:48:34 +02:00
Jouni Malinen
06f14421ea TLS: Parse OCSPResponse to extract BasicOCSPResponse
This adds the next step for OCSP stapling. The received OCSPResponse is
parsed to get the BasicOCSPResponse. This commit does not yet process
the BasicOCSPResponse.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00