Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .wolfssl_known_macro_extras
Original file line number Diff line number Diff line change
Expand Up @@ -970,6 +970,7 @@ WOLFSSL_USE_FLASHMEM
WOLFSSL_USE_FORCE_ZERO
WOLFSSL_USE_OPTIONS_H
WOLFSSL_VALIDATE_DH_KEYGEN
WOLFSSL_VERIFY_NONE_DEFAULT
WOLFSSL_WC_SLHDSA_RECURSIVE
WOLFSSL_WC_XMSS_NO_SHA256
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
Expand Down
6 changes: 6 additions & 0 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -2642,6 +2642,12 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)

XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));

#ifdef WOLFSSL_VERIFY_NONE_DEFAULT

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟠 [Medium] No test coverage for WOLFSSL_VERIFY_NONE_DEFAULT security-relevant default change

The new WOLFSSL_VERIFY_NONE_DEFAULT build option flips the default peer-verification behavior of a freshly created CTX (and every SSL it spawns, via ssl->options.verifyNone = ctx->verifyNone) from verify to no-verify. This is a security-relevant default and there is no test asserting (a) that with the macro set a new CTX has verifyNone and an SSL inherits it, and (b) that a subsequent wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, ...) correctly clears the default. The PR checklist 'added tests' is unchecked.

Fix: Add an API test (guarded on WOLFSSL_VERIFY_NONE_DEFAULT) that creates a CTX, checks the default is VERIFY_NONE, verifies an SSL inherits it, and verifies wolfSSL_CTX_set_verify(WOLFSSL_VERIFY_PEER) overrides it. Also confirm interaction with wolfSSL_CTX_set_verify(WOLFSSL_VERIFY_DEFAULT), which resets verifyNone back to 0.

/* OpenSSL compat: default to SSL_VERIFY_NONE unless the app
* sets SSL_VERIFY_PEER. */
ctx->verifyNone = 1;
#endif

ctx->method = method;
if (heap == NULL) {
ctx->heap = ctx; /* defaults to self */
Expand Down
31 changes: 31 additions & 0 deletions wolfssl/openssl/bio.h
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,37 @@
#define BIO_meth_set_create wolfSSL_BIO_meth_set_create
#define BIO_meth_set_destroy wolfSSL_BIO_meth_set_destroy

#define WOLFSSL_BIO_TYPE_DESCRIPTOR 0x0100
#define WOLFSSL_BIO_TYPE_SOURCE_SINK 0x0400

/* OpenSSL allocates a fresh BIO type index per call; wolfSSL
* untracked, so return a fixed app-range index. */
static WC_INLINE int wolfSSL_BIO_get_new_index(void) { return 1000; }

/* wolfSSL does not store these BIO method callbacks; getters
* report none, set_callback_ctrl is a no-op. */
static WC_INLINE void *
wolfSSL_BIO_meth_get_gets(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE void *
wolfSSL_BIO_meth_get_puts(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE void *
wolfSSL_BIO_meth_get_ctrl(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE void *
wolfSSL_BIO_meth_get_create(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE void *
wolfSSL_BIO_meth_get_destroy(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE void *
wolfSSL_BIO_meth_get_callback_ctrl(WOLFSSL_BIO_METHOD *m)
{ (void)m; return NULL; }
static WC_INLINE int
wolfSSL_BIO_meth_set_callback_ctrl(WOLFSSL_BIO_METHOD *m, void *cb)
{ (void)m; (void)cb; return 1; }

#define BIO_snprintf XSNPRINTF

/* BIO CTRL */
Expand Down
11 changes: 11 additions & 0 deletions wolfssl/openssl/err.h
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,21 @@
#define WOLFSSL_SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2
#define WOLFSSL_SSL_F_SSL_USE_PRIVATEKEY 3
#define WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT 4
#define WOLFSSL_SSL_F_SSL_SET_FD 5

/* reasons */
#define WOLFSSL_ERR_R_SYS_LIB 1
#define WOLFSSL_PKCS12_R_MAC_VERIFY_FAILURE 2
#define WOLFSSL_ERR_R_BUF_LIB 0

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔵 [Low] WOLFSSL_ERR_R_BUF_LIB defined as 0 (conflicts with 'no error' and OpenSSL's value)

WOLFSSL_ERR_R_BUF_LIB (mapped to ERR_R_BUF_LIB) is defined as 0. An error reason value of 0 is conventionally 'no error/unset', and 0 is also used as the function-code sentinel in this file's wolfSSL_SSLerr(0,...) macros, so an app doing if (ERR_GET_REASON(e) == ERR_R_BUF_LIB) could match on a cleared/zero reason. It also does not match OpenSSL, where ERR_R_BUF_LIB is a nonzero library reason code. The other reasons in this block are nonzero (SYS_LIB=1, MAC_VERIFY_FAILURE=2).

Fix: Give ERR_R_BUF_LIB a distinct nonzero value (matching OpenSSL's convention if the consumer compares raw values), or confirm the consumer never treats 0 as a meaningful reason.

#define WOLFSSL_SSL_R_UNKNOWN_PROTOCOL 252
#define WOLFSSL_SSL_R_WRONG_VERSION_NUMBER 267
#define WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL 258
#define WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE 194
#define WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER 182
#define WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION 254
#define WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION 259
#define WOLFSSL_SSL_R_WRONG_SSL_VERSION 266
#define WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070

#ifndef OPENSSL_COEXIST

Expand Down
6 changes: 6 additions & 0 deletions wolfssl/openssl/hmac.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@

#include <wolfssl/openssl/compat_types.h>
#include <wolfssl/openssl/opensslv.h>
/* OpenSSL's hmac.h pulls in evp.h; mirror it, but only on standalone
* include (WOLFSSL_SSL_H unset) to avoid an include cycle during
* wolfssl/ssl.h's own parse. */
#ifndef WOLFSSL_SSL_H
#include <wolfssl/openssl/evp.h>
#endif

#ifdef __cplusplus
extern "C" {
Expand Down
14 changes: 14 additions & 0 deletions wolfssl/openssl/objects.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,20 @@
#define NID_ad_OCSP WC_NID_ad_OCSP
#define NID_ad_ca_issuers WC_NID_ad_ca_issuers

/* OBJ_find_sigid_algs(): report SHA-256 / RSA for libpq's

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔵 [Low] Garbled comment on OBJ_find_sigid_algs literal NIDs

The comment 'Literal NIDs (672, 6) is for ASN is disabled.' is grammatically broken and unclear (double 'is'). It appears to intend 'Literal NIDs (672, 6) are used in case ASN is disabled.'

Fix: Fix the comment wording.

* RSA-with-SHA-256 channel binding. Literal NIDs (672, 6) is for
* ASN is disabled. */
#ifndef BUILDING_WOLFSSL
static WC_INLINE int

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 [High] OBJ_find_sigid_algs stub hardcodes SHA-256/RSA and ignores sigid

The new wolfSSL_OBJ_find_sigid_algs() casts away its sigid input ((void)sigid;) and unconditionally reports *pdig = 672 (NID_sha256) and *ppkey = 6 (NID_rsaEncryption) for ALL signature algorithms, then returns success (1). This is an always-success stub returning fixed values regardless of input, which the wolfSSL C coding conventions explicitly forbid ("No always-success stubs - return a 'not implemented' error instead"). Functionally it is wrong for any certificate not signed with sha256WithRSAEncryption: for an ECDSA cert or an RSA cert signed with SHA-384/SHA-512, this reports SHA-256+RSA. libpq's tls-server-end-point channel binding derives the binding hash from the server certificate's signature algorithm (via X509_get_signature_nid() -> OBJ_find_sigid_algs()); reporting the wrong digest/pkey will compute the wrong channel-binding hash and cause the bound connection to fail against a real peer, or silently produce a non-interoperable binding. The narrow libpq use case (RSA+SHA-256) works, but the function is a latent correctness/interop defect for the general case and gives no way for the caller to detect the substitution.

Fix: Do not ship an always-success stub that returns fixed crypto parameters. Either map the real signature algorithm, or return 0 for anything other than the algorithm(s) actually supported so callers can detect the unsupported case.

wolfSSL_OBJ_find_sigid_algs(int sigid, int *pdig, int *ppkey)
{
(void)sigid;
if (pdig != NULL) *pdig = 672; /* NID_sha256 */
if (ppkey != NULL) *ppkey = 6; /* NID_rsaEncryption */
return 1;
}
#endif

#endif /* !OPENSSL_COEXIST */

#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
Expand Down
40 changes: 37 additions & 3 deletions wolfssl/openssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
#include <wolfssl/openssl/evp.h>
#endif
#include <wolfssl/openssl/bio.h>
#include <wolfssl/openssl/err.h>
#ifdef OPENSSL_EXTRA
#include <wolfssl/openssl/crypto.h>
#endif
Expand Down Expand Up @@ -1568,6 +1569,12 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE;
#define SSL_get_state wolfSSL_get_state
#define SSL_state_string_long wolfSSL_state_string_long

#define WOLFSSL_TLS_ST_OK 16

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔵 [Low] TLS_ST_OK hardcoded to 16, coupled to internal enum position

WOLFSSL_TLS_ST_OK is defined as the literal 16. This is correct today because wolfSSL_get_state() returns ssl->options.handShakeState, and HANDSHAKE_DONE is the 17th member (index 16) of the internal enum states. However, 16 is a magic number duplicating an internal enum value: if any state is ever inserted before HANDSHAKE_DONE, this constant silently becomes wrong. The internal enum already carries a warning comment ('Adding state before HANDSHAKE_DONE will break session importing'), so risk is low, but the coupling is not obvious from the public header.

Fix: Add a comment noting that 16 must equal the internal HANDSHAKE_DONE enum value (wolfssl/internal.h enum states), so a future editor keeps them in sync.

#define WOLFSSL_SSL_ST_OK WOLFSSL_TLS_ST_OK
#define TLS_ST_OK WOLFSSL_TLS_ST_OK
#define SSL_ST_OK WOLFSSL_SSL_ST_OK
#define SSL_F_SSL_SET_FD WOLFSSL_SSL_F_SSL_SET_FD

#define GENERAL_NAME_new wolfSSL_GENERAL_NAME_new
#define GENERAL_NAME_free wolfSSL_GENERAL_NAME_free
#define GENERAL_NAME_dup wolfSSL_GENERAL_NAME_dup
Expand Down Expand Up @@ -1738,16 +1745,43 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE;
#define SSL_R_DATA_LENGTH_TOO_LONG BUFFER_ERROR
#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG BUFFER_ERROR
#define SSL_R_BAD_LENGTH BUFFER_ERROR
#define SSL_R_UNKNOWN_PROTOCOL VERSION_ERROR
#define SSL_R_WRONG_VERSION_NUMBER VERSION_ERROR
#define SSL_R_UNKNOWN_PROTOCOL WOLFSSL_SSL_R_UNKNOWN_PROTOCOL
#define SSL_R_WRONG_VERSION_NUMBER WOLFSSL_SSL_R_WRONG_VERSION_NUMBER
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC ENCRYPT_ERROR
#define SSL_R_HTTPS_PROXY_REQUEST PARSE_ERROR
#define SSL_R_HTTP_REQUEST PARSE_ERROR
#define SSL_R_UNSUPPORTED_PROTOCOL VERSION_ERROR
#define SSL_R_UNSUPPORTED_PROTOCOL WOLFSSL_SSL_R_UNSUPPORTED_PROTOCOL
#define SSL_R_NO_PROTOCOLS_AVAILABLE \
WOLFSSL_SSL_R_NO_PROTOCOLS_AVAILABLE
#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER \
WOLFSSL_SSL_R_BAD_PROTOCOL_VERSION_NUMBER
#define SSL_R_UNKNOWN_SSL_VERSION WOLFSSL_SSL_R_UNKNOWN_SSL_VERSION
#define SSL_R_UNSUPPORTED_SSL_VERSION \
WOLFSSL_SSL_R_UNSUPPORTED_SSL_VERSION
#define SSL_R_WRONG_SSL_VERSION WOLFSSL_SSL_R_WRONG_SSL_VERSION
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION \
WOLFSSL_SSL_R_TLSV1_ALERT_PROTOCOL_VERSION
#define SSL_R_CERTIFICATE_VERIFY_FAILED VERIFY_CERT_ERROR
#define SSL_R_CERT_CB_ERROR CLIENT_CERT_CB_ERROR
#define SSL_R_NULL_SSL_METHOD_PASSED BAD_FUNC_ARG
#define SSL_R_CCS_RECEIVED_EARLY OUT_OF_ORDER_E
#define ERR_R_BUF_LIB WOLFSSL_ERR_R_BUF_LIB
#define BIO_TYPE_DESCRIPTOR WOLFSSL_BIO_TYPE_DESCRIPTOR
#define BIO_TYPE_SOURCE_SINK WOLFSSL_BIO_TYPE_SOURCE_SINK
#define BIO_get_app_data(bio) wolfSSL_BIO_get_data(bio)
#define BIO_set_app_data(bio, data) \
wolfSSL_BIO_set_data((bio), (data))
#define BIO_get_new_index wolfSSL_BIO_get_new_index
#define BIO_meth_get_gets wolfSSL_BIO_meth_get_gets
#define BIO_meth_get_puts wolfSSL_BIO_meth_get_puts
#define BIO_meth_get_ctrl wolfSSL_BIO_meth_get_ctrl
#define BIO_meth_get_create wolfSSL_BIO_meth_get_create
#define BIO_meth_get_destroy wolfSSL_BIO_meth_get_destroy
#define BIO_meth_get_callback_ctrl wolfSSL_BIO_meth_get_callback_ctrl
#define BIO_meth_set_callback_ctrl wolfSSL_BIO_meth_set_callback_ctrl
#ifndef BUILDING_WOLFSSL
#define OBJ_find_sigid_algs wolfSSL_OBJ_find_sigid_algs
#endif

#ifdef HAVE_SESSION_TICKET
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
Expand Down
Loading