1. In `wolfSSL_d2i_DHparams()`, when setting the internal key on a
WOLFSSL_KEY, set the flag inSet.
2. Not a leak, but in `wolfSSL_EVP_PKEY_set1_DH()`, only allocate one
buffer to store the flat key. Saves an alloc, memcpy, and free.
- make `wc_ecc_export_point_der_compressed` a local function
- use `int` for `shortKeySize` in `wc_ecc_import_point_der_ex`
- check for null return value from `wolfSSL_OBJ_nid2obj` and `wolfSSL_d2i_PUBKEY`
- add comments to `ssl.c`
- check `lnlen` in `wolfSSL_OBJ_ln2nid`
- Add `parameter` to `WOLFSSL_X509_ALGOR`
- Implement `wolfSSL_ASN1_TYPE_new`, `wolfSSL_ASN1_TYPE_free`, and `wolfSSL_ASN1_TYPE_set`
- Fix leak where `pval` in `wolfSSL_X509_ALGOR_set0` was lost if `aobj` was provided
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
* Fix to expose `wc_ecc_import_private_key_ex` and its ability to import a private key even when `NO_ASN` is defined.
* Remove execute bit on CSharp files.
Have a constant and non-constant time modular exponentation available in
tfm.c.
Call the non-constant time version explicitly when performing RSA public
key mod exp.
The warning was "comparison of array 'ecc_sets[i].name' not equal to a null
pointer is always true [-Wtautological-pointer-compare]"
Compiler is correct, ecc_sets[i].name is an array of size 16, thus
can't be NULL
Also, fix build error on Windows by changing uint8_t to "unsigned char"
(alternative fix could be including stdint.h)
Old gcc compilers can keep track of the 128-bit multiplication and left
shift results' size.
Split all multiplication and left shift results into separate variables.
Add/subtract into the correct variable at end.
Don't want variable declarations after statements so reduce doesn't use
'tr' anymore.
1. wc_HmacSetKey() has a check against the hmac's type that assumes one
has called wc_HmacInit() on the object first. In FIPS Ready builds we
do not have wc_HmacInit() in the boundary. This change removes that check
and action when making a FIPS build. The free called doesn't do anything
in the FIPS build case.
2. Initialize the Hmac's macType to WC_HASH_TYPE_NONE. Check the macType
against that rather than 0. There are some build configs where none isn't
0.
An endpoint's retransmit pool was being reset when receiving its peer's
change cipher spec message. When the finished message was lost, and
retransmits need to happen, they weren't available, so nothing happened.
Moved the reset to the finished case rather than CCS.
Check the top half of number being divided to see if it is greater than
or equal.
If it is then the first div_word may crash as the result is more than
64-bits. So subtract modulus from the top to keep value small.
Check for HAVE_GETADDRINFO beside WOLF_C99
Move STR_SIZEOF to wolfssl/wolfcrypt/types.h and rename to XSTR_SIZEOF to prevent collision in client projects
Remove wolfssl/openssl/ssl.h and wolfssl/internal.h from crypto layer
define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv
add wolfSSL_GetLoggingCb functionality when compiling without enable-debug
fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing
- increase FP_MAX_BITS for OpenSSH
- Add helpful loggin API (names are self-explanatory)
-- wolfSSL_GetLoggingCb
-- WOLFSSL_IS_DEBUG_ON
- Define WOLFSSL_EC_METHOD as an alias of WOLFSSL_EC_GROUP
- Add wolfSSL_EC_GROUP_method_of which really just returns the group itself
- Add wolfSSL_EC_METHOD_get_field_type which gets the curve type of the WOLFSSL_EC_GROUP(remember that WOLFSSL_EC_METHOD is an alias of WOLFSSL_EC_GROUP for now)
- Modify Base64_Decode so that it accepts arbitrary PEM line length
- Modify PemToDer so that it accepts private keys with a custom -----BEGIN * PRIVATE KEY----- header
Add EC_POINT conversion to BIGNUM (EC_POINT_point2bn)
Add setting affine coordinates for EC_POINT (EC_POINT_set_affine_coordinates_GFp)
Add bit clearing for BIGNUM (BN_clear_bit)
Add supporting unit tests in api.c
* Fix for ECC and using NULL curve->order (wasn't loaded).
* Fix for typo on heap.
* Fix for QT case where GetInt failure retry did not "init" the mp_int.
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
1. Fix for issue #2724. When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
1. Fix for issue #2718. Added a flag to the X509 structure when someone
sets the issuer name.
2. When making a certificate out of the X509, if the issuer name is set
clear the self-signed flag in the cert.
3. Propigate the flat X509_NAMEs to the string the cert building code
uses.
* Provides a context for AEAD to allow "chunked" updates of data then a final calculation for the authentication tag.
* New API's are on by default and can be disabled using NO_CHACHAPOLY_AEAD_IUF.
1. Found a corner case where secure renegotiation would fail trying to
inappropriately use a session ticket.
2. Explicitly split renegotiation into Rehandshake and SecureResume.
build dps with ARM neon 64
fix for release mode build
add in threading protection and seperate out rng
added callback function and updates to README
update default handle to lock, and add finished handle call
cleanup after veiwing diff of changes
1. Client wasn't skipping a handshake state when the server sends a
hello without a hello verify. It ended up resetting the handshake hash
and resending Hello with its next messages.
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
* Fix for key gen macro name in benchmark.c
* Fix for possible RSA fall-through warning.
* Fix for building `WOLFSSL_STM32_PKA` without `HAVE_ECC`.
* Added option to build RSA keygen without the DER to PEM using `WOLFSSL_NO_DER_TO_PEM`.
* Added options.h includes for test.c and benchmark.c.
* Added printf warning on the math size mismatch in test.c.
* Added support for benchmarking larger sizes.
* TLS benchmarks for HiFive unleashed.
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.
The subject name must match - even when the AKID matches.
Cap the incoming DTLS handshake messages size the same way we do for
TLS. If handshake messages claim to be larger than the largest allowed
certificate message, we error out.
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name. If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
1. One of the error string was >80 bytes long. Shortened it.
2. The function that copies an error string to an output array needs to
ensure the string is still null terminated.
3. Added a check to the wolfCrypt test to see that error strings aren't
>= 80 bytes long.
1. Fix some preprocessor flag checking for function EncodePolicyOID. It
also needs to be available for OpenSSL Compatibility.
2. Fix for a name string for a test that can get left in or out
incorrectly.
When building with `WOLFSSL_ALT_CERT_CHAINS` a peer's presented CA could be incorrectly added to the certificate manager, marking it as trusted.
Began in PR #1934
ZD 9626
Handle prime (modulus) of 0 and 1.
Handle exponent of 0.
Fix for base of 0 in fp_exptmod and hadnle base of 0 in mp_exptmod.
fp_exptmod - Don't modify X's sign during operation when passed in as negative.
Value to invert: a
Modulus: b
integer.c - normal math
- a is one, or a mod b is one
tfm.c - fast math
- b is -ve (error), or b is zero
- a is zero or a mod b is zero
1. Undo an earlier change with respect to parsing a long length with
length zero. If BerToDer is disabled, this will be treated as a zero
length. With BerToDer enabled, the conversion will do the right thing.
1. Remove the function Word32ToString and replace with calls to
XSNPRINTF().
2. Simplify DecodePolicyOID(), which converts an ASN.1 OID to a text
string in the form a.b.ccccc.d... Return an error if it gets too long.
If the top bit is set then the encoding routine will drop a byte of the
serial number.
Better to ensure number is positive, top bit clear, and use as much of
the serial number data as possible.
1. Prime test should return NO for 1. (ex function, normal math and fast
math)
2. Call mp_init() on the k value for the primality test case in the
wolfCrypt test.
1. Added a test case for checking "1" as a prime number to the wolfCrypt
test.
2. Allow the wolfCrypt prime test for SP builds.
3. Modify the prime test to use mp_mul rather than mp_mul_d, as the SP
math library doesn't export sp_mul_d.
1. Updated the window scrolling. There was a couple off-by-one errors in
the DTLS window handling. They canceled each other out, but there was a
rare case where they would shift too much.
When encrypting with AES-GCM, AES-CCM, or PolyChacha, do not increment
the DTLS sequence number. The sequence number should only be incremented
in BuildMessage. This was done because the sequence number used to be
incremented after calculating the HMAC or after the encrypt for AEAD
ciphers. The HMAC has been separated from the sequence increment.
1. Check array index bounds before using them in arrays.
2. When processing an HTTP buffer, check that the new buffer size is
valid before allocating a new one.
1. When getting the DH public key, initialize the P, G, and Pub pointers
to NULL, then set that we own the DH parameters flag. This allows
FreeSSL to correctly clean up the DH key.
1. For OCTEON builds, leave out the "-DCVMX_BUILD_FOR_LINUX_HOST" option
from CFLAGS by default so it makes standalone host builds.
2. Add a check of the variable OCTEON_HOST for linux to add back in the
"-DCVMX_BUILD_FOR_LINUX_HOST" to CFLAGS.
In verify, two points are added and they may either be the same point
(different z) or result in infinity.
If they are the same point then a double needs to be performed instead.
Detection of infinity added.
Calculation of wc_ecc_sig_size fixed to handle wehn there are more bits
in the order than in the modulus.
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
* Reduced codesize when building with `OPENSSL_EXTRA_X509_SMALL`.
* Additional argument checks in `wolfSSL_ASN1_BIT_STRING_set_bit`, `wolfSSL_ASN1_STRING_to_UTF8`, `wolfSSL_RSA_meth_new`, `wolfSSL_RSA_meth_set`.
* Fix for compiler warnings in asn.c using strncmp to duplicate string. "specified bound depends on the length of the source argument"
Add ABI tags to the functions wolfSSL_Cleanup() to match wolfSSL_Init(),
wolfSSL_X509_free to match wolfSSL_load_certificate_file() which
allocates memory.
1. Add a blank #define WOLFSSL_ABI to tag functions as part of the ABI
to remind developers there are rules about those functions specifically.
2. Added allocators and deallocators for WC_RNG objects and ecc_key
objects so they don't have to be used on the stack.
3. Add tests for the new allocators.
Only set the name string in one place, keeping a length of the name type
to copy. Also only move cert data index once.
Reset certificate extension policy number/count in case of malicious
cert with multiple policy extensions.
1. When retaining the handshake resources for a session using resumption, do not delete the peer's certificate. If keeping peer certificates is enabled, the certificate needs to exist so it may be examined.
2. Free the saved peer certificate when receiving a peer certificate during a renegotiation.
Salt length larger than the hash size allowed in RSA-PSS.
Passing -2 to PSS pad function uses maximum salt length.
Passing -2 to PSS un-pad function makes it discover salt length.
For the sync QAT, the QAT headers are included into the library after it
has been built and is being used. The actual headers should only be used
when building wolfSSL and should be hidden from the user.
1. Most of the functions in the sync QAT and OCTEON headers don't need
to be exported. Move all of that into the source files. Only export the
init and deinit functions.
2. Remove inline from the OCTEON support functions.
3. Remove the AES-ECB files for sync OCTEON as unused.
4. Configure defaults to OCTEON2 build, can be overridden with variable.
1. Switched the IntelQa sync API back to local.
2. Added two functions to setup and cleanup the IntelQA device.
3. Changed the Octeon functions to match the IntelQa functions.
4. Updated sniffer, wolfcryptest, and benchmark.
Added back some changes from a dropped commit.
1. The Octeon README should be a stub.
2. Changed the license notice in the octeon sync files back to GPLv2.
3. Added a flag to Aes that needed a build guard around it.
4. Replaced the disable for sniffer session stats.
1. The QAT callback's worker functions need to copy the IV into the AES IV register. QAT doesn't update it automatically.
2. Update the GMAC test to set its device to INVALID_DEVID.
3. Always allocate NUMA buffers before running crypto operation and store the results.
4. The QAT does not like non-multiple of 4 iv lenths, and aad lengths. Or 0. Remove a few test cases for those.
5. QAT wasn't getting a pointer to store the auth tag for GCM. Then store it.
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Make a synchonous copy of the quickassist files.
3. Tie in the crypto device to the sniffer.
4. When making a sniffer build, define static DH enabled.
5. The readme files in the Cavium were being added to the distro optionally, changed to always add the readme files.
6. Added an include of the cavium_octeon header in the wc_ports.c.
7. Updated the Cavium OCTEON callback for AES-GCM.
8. Add the global tag to the list of crypto callback function pointers.
9. Add an accessor to the OCTEON crypto callback module to return the device ID of the OCTEON device.
10. Add a new version of ssl_SetWatchKeyCallback which takes an additional parameter of a device ID. This ID is used to set up the wolfSSL_CTXs in the sniffer session trackers.
11. Update the benchmark to use sync OCTEON and QAT.
1. Add --enable-libwebsockets option
2. Add OPENSSL_NO_EC (used in libwebsockets)
3. Add SSL_MODE_RELEASE_BUFFERS and debug message for when wolfSSL_CTX_set_mode doesn't recognize a mode.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
# wolfSSL Release 4.3.0 (12/20/2019)
If you have questions about this release, then feel free to contact us on our info@ address.
Release 4.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
##### New Feature Additions
* Add --enable-libwebsockets option for support of libwebsockets build
* Updated support for NGINX 1.15.0 and added support for 1.16.1
* Add wc_scrypt_ex API which can take in iterations rather than cost
* Updates to RSA-PSS salt lengths. Macro WOLFSSL_PSS_SALT_LEN_DISCOVER allows for discovering the salt length. Passing RSA_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex attempts to discover salt length and can use larger salt lengths
* Additional OpenSSL compatibility API wolfSSL_CertManagerGetCerts and wolfSSL_X509_STORE_GetCerts for retrieving certificates
* Add support for 4096-bit RSA/DH operations to SP (single precision) build
* Update support for Google WebRTC to branch m79
* Adds new FREESCALE_MQX_5_0 macro for MQX 5.0 support
* Adds a CMS/PKCS#7 callback for signing SignedData raw digests enabled with macro HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK and call to function wc_PKCS7_SetRsaSignRawDigestCb
* Add --disable-errorqueue feature to disable adding debug nodes to queue with --enable-opensslextra build
* After defining WOLFSSL_SHUTDOWNONCE macro the function wolfSSL_shutdown will return a specific error code of SSL_SHUTDOWN_ALREADY_DONE_E, to indicate to the application that the shutdown has already occurred
* Add AES-CCM decryption to benchmarking app bundled with wolfSSL
##### Fixes
* Fixes IAR warnings with IAR-EWARM 7.50.2
* Alignment fixes for mmCAU with AES and hashing algorithms
* Fix check for plaintext length when using Encrypt-Then-MAC
* Fix for unit tests with NGINX and debug mode
* Fix for macro names in test cases (WOLFSSL_PUBLIC_MP) and pkcs7.c (HAVE_AESCCM)
* Fix for Apache want read case with BIO retry flag
* Fix for PKCS7 streaming mode that would error rather than verify bundle
* Fix for freeing mutex for X509 and wolfSSL_EVP_PKEY_free, applies to OPENSSL_EXTRA / --enable-opensslextra builds
* Fix for encrypt then MAC when re-handshaking, encrypted handshakes change over to ETM now
* Fix for curve25519 assembly optimizations with GCC + AVX2
* Fix to hang onto certificate for retrieval if using secure renegotiation and session resumption
* Fixes case where the heap hint is created before WOLFSSL_CTX, when calling wc_LoadStaticMemory instead of wolfSSL_CTX_load_static_memory
* Fix for setting correct return value in PKCS12 parse error case
* Reset certificate extension policy count
* Fix for memcpy with TLS I/O buffers when using staticmemory pools and loading memory as WOLFMEM_IO_POOL_FIXED
* Fixes and updates for STM32 port, including additional mutex protection, AES-GCM decrypt auth tag, AES-CTR mode with CubeMX, update to OpenSTM32 project
* Fix for EVP CipherUpdate decrypt and add a test case
* DTLS fixes including; some DTLS sequence number issues in general where the sequence was incremented twice for each record and some offset values in the DTLS window checking
* Fix sp_add to handle carries properly (--enable-sp-math build)
* Additional sanity check on OCSP response decoder
* Fix for vasprintf with Solaris and AIX builds
* Fix for missing variable declaration with --enable-scep --with-libz build
* Fix for certificate date check with async build
* Sanity check on “out” length with Base64_Decode added
* Decode X.509 name - check input length for jurisdiction
* Additional sanity check on variable out index with DecodePolicyOID
* Fix for PKCS#12 PBKDF buffer size for buffer overflow
* TLS supported curve extension check curve name is in range before checking for disabled
* Sanity check for non TLS 1.3 cipher suite with TLS 1.3 connection
* Poly1305 AVX2 assembly optimization fix for carry with large input values
* Fixes for coverity report including null termination of test case strings and initialization of PKCS7 variables
* Fix for API visibility of wc_ed25519_check_key which resolves a wolfcrypt-py install issue
* Sanity check on max ALPN length accepted
* Additional sanity check when parsing CRL’s for copying the structure, fix for bounds checking
* Additional checks on error string length for debug mode and check for null termination
* ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
* Clear the top bit when generating a serial number
* Sanity check that ASN date characters are valid ASCII characters
* Fix to add deterministic ECDSA and fix corner cases for add point.
* When getting the DH public key, initialize the P, G, and Pub pointers to NULL, then set that we own the DH parameters flag. This allows FreeSSL to correctly clean up the DH key.
##### Improvements/Optimizations
* Added configure error report with using invalid build of --enable-opensslextra and --enable-opensslcoexist together
* Update PKCS11 for determining key type given the private key type
* Update DoVerifyCallback to check verify param hostName and ipasc (--enable-opensslextra builds)
* additional null sanity checks on input arguments with QSH and Cryptocell builds
* Additional checks on RSA key added to the function wc_CheckRsaKey
* Updates for EBSNET support, including fseek, revised macros in settings.h, and realloc support
* MISRA-C updates for SP math code
* Update to allow compiling for pwdbased/PBKDF2 with having NO_ASN defined
* Modify KeyShare and PreSharedKey TLS 1.3 extension linked list advancement to be easier for compilers to handle
* Optimization to parsing certificate extension name strings
* Adjustment to example server -x runtime behavior when encountering an unrecoverable error case
* Remove Blake2b support from HMAC
* Adds new hash wrapper init wc_HashInit_ex and Adds new PBKDF2 API wc_PBKDF2_ex for using heap hints for custom memory pools
* Adding script to cleanup generated test files, scripts/cleanup_testfiles.sh
* Support 20-byte serial numbers and disallow 0
* sp_div improved to handle when a has less digits than d (--enable-sp-math build)
* When decoding a policy OID and turning it into a human readable string use snprintf()
* set the IV length of EVP AES GCM to 96-bits by default
* Allow adding CAs for root CA's over the wire that do not have the extended key usage cert_sign set
* Added logging messages for SendAlert call and update to send alert after verify certificate callback
* updates for synchronous OCTEON support in the Sniffer
* Rework BER to DER functions to not be recursive
* Updates to find CRL by AuthKeyId
* Add a check for subject name hash after matching AKID
* Enhancement to mp_invmod/fp_exptmod/sp_exptmod to handle more inputs
* Remove requirement for macro NO_SKID when CRL use is enabled
* Improvements on XFTELL return code and MAX_WOLFSSL_FILE_SIZE checking
* When checking if value is prime return NO in the case of the value 1
* Additional sanity checks on arrays and buffers with OCSP
##### This release of wolfSSL includes a fix for 6 security vulnerabilities.
A fix for having an additional sanity check when parsing certificate domain names was added. This fix checks that the domain name location index is not past the maximum value before setting it. The reported issue affects users that are parsing certificates and have --enable-opensslextra (macro OPENSSL_EXTRA), or build options that turn this on such as --enable-all, when building wolfSSL. The CVE associated with the fix is CVE-2019-18840.
Fix to set a limit on the maximum size of DTLS handshake messages. By default the RFC allows for handshake message sizes of up to 2^24-1 bytes long but in typical field use cases the handshake messages are not this large. Setting a maximum size limit on the handshake message helps avoid a potential DoS attack due to memory being malloc’d. The new default max size is set to handle a certificate chain length of approximately 9, 2048 bit RSA certificates. This only effects builds that have DTLS turned on and have applications that are using DTLS.
Fix for a potential hang when ECC caching is enabled (off by default) and --enable-fastmath is used. ECC caching is off by default and is turned on in builds that are using --enable-all or --enable-fpecc. This issue does not affect builds that are using the macro WOLFSSL_VALIDATE_ECC_IMPORT which turns on validating all ECC keys that are imported. To fix this potential hang case a sanity check on the input values to the internal invmod function was added.
To fix a potential fault injection attack on a wrapper function for wolfCrypt RSA signature generations an additional sanity check verifying the signature after it’s creation was added. This check is already done automatically in current versions of wolfSSL with TLS connections (internal function call of VerifyRsaSign during TLS state machine). The report only affects users making calls to the wolfCrypt function wc_SignatureGenerateHash and does not affect current TLS use cases. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
Blinding was added for DSA signing operations. The DSA signing uses the BEEA algorithm during modular inversion of the nonce which can potentially leak the nonce through side channels such as cache and power fluctuations. The fix of adding in blinding makes the DSA signing operation more resistant to side channel attacks. Users who have turned on DSA (disabled by default) and are performing signing operations should update. Note that DSA is not used in any TLS connections. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
Fix to add additional side channel cache attack resistance to the internal ECC function wc_ecc_mulmod_ex. This function by default is used with ECDSA signing operations. Users should update if performing ECDSA singing operations (server side ECC TLS connections, mutual authentication on client side) or calling wolfCrypt ECC sign functions and have the potential for outside users to perform sophisticated monitoring of the cache.Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
# wolfSSL Release 4.2.0 (10/22/2019)
If you have questions about this release, then feel free to contact us on our info@ address.
@@ -899,7 +1144,7 @@ More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
- Add helper functions for static memory option to allow getting optimum buffer
sizes.
- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now.
- Update fp_isprime function from libtom enchancement/cleanup repository.
- Update fp_isprime function from libtom enhancement/cleanup repository.
- Update sanity checks on inputs and return values for AES-CMAC.
- Update wolfSSL for use with MYSQL v5.6.30.
- Update LPCXpresso eclipse project to not include misc.c when not needed.
@@ -1226,7 +1471,7 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
the Prosecco team at INRIA Paris-Rocquencourt for the report.
- FIPS version submitted
- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
- User can set mimimum downgrade version with CyaSSL_SetMinVersion()
- User can set minimum downgrade version with CyaSSL_SetMinVersion()
- Small stack improvements at TLS/SSL layer
- TLS Master Secret generation and Key Expansion are now exposed
- Adds client side Secure Renegotiation, * not recommended *
@@ -1893,7 +2138,7 @@ works but seems to remove sockets from TIME_WAIT entirely?
`sudo sysctl -w net.ipv4.tcp_fin_timeout=1`
doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
doesn't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
@@ -22,13 +22,15 @@ The `IDE/CRYPTOCELL/main.c` example application provides a function to run the s
- SHA-256
- AES CBC
- CryptoCell 310 RNG
- RSA sign/verify and RSA key gen
- RSA sign/verify and RSA key gen (2048 bit in PKCSv1.5 padding mode)
- RSA encrypt/decrypt
- ECC sign/verify/shared secret
- ECC key import/export and key gen pairs
- Hardware RNG
- RTC for benchmark timing source
Note: All Cryptocell features are not supported. The wolfcrypt RSA API allows import and export of Private/Public keys in DER format. However, this is not possible with key pairs generated with Cryptocell because the importing/exporting Cryptocell keys has not been implemented yet.
## Setup
### Setting up Nordic SDK with wolfSSL
1. Download the wolfSSL source code or a zip file from GitHub and place it under your SDK `InstallFolder/external/` directory. You can also copy or simlink to the source.
This directory is to help with building wolfSSL for use with DSP. It assumes that the Hexagon SDK has been setup on the machine and that the environment variables have been set by calling (source ~/Qualcomm/Hexagon_SDK/3.4.3/setup_sdk_env.source). Currently offloading ECC 256 verify operations to the DSP is supported. When WOLFSSL_DSP is defined ECC verify operations are offloaded to the aDSP by default. When not in SINGLE_THREADED mode a call back function must be set for getting the handle or a handle must be set in the ecc_key structure for the operation to make use of multiple threads when offloading to the DSP. This is because creating new handles for new threads must be done.
## Building
The directory is divided up into a build for the CPU portion in IDE/HEXAGON and a build for use on the DSP located in IDE/HEXAGON/DSP. Each section has their own Makefile. The Makefile default to an Ubuntu + hexagon v65 release build but can be changed by using V=<build type>. An example of building both would be:
```
cd IDE/HEXAGON
make V=UbuntuARM_Release_aarch64
cd DSP
make V=hexagon_Release_dynamic_toolv83_v65
```
The results from each build will be placed into the ship directories of each, for example ./UbuntuARM_Release_aarch64/ship/* and ./DSP/hexagon_Release_dynamic_toolv83_v65/ship/*.
The Makefile creates a DSP library libwolfssl_dsp_skel.so, library libwolfssl.so, executable benchmark, example ecc-verify, example ecc-verify-benchmark and executable testwolfcrypt.
These then need pushed to the device in order to run. An example of pushing the results to the device would be:
To change the settings wolfSSL is built with macros can be set in IDE/HEXAGON/user_settings.h. It contains a default setting at this point that was used for collecting benchmark values. The macro necessary to turn on use of the DSP is WOLFSSL_DSP.
The script IDE/HEXAGON/build.sh was added to help speed up building and testing. An example of using the script would be:
```
cd IDE/HEXAGON
./build.sh Release
```
This will delete the previous build and rebuild for Release mode. Then it will try to push the resulting library and some of the executables to the device.
For increased performance uncomment the -O3 flag in IDE/HEXAGON/Makefile and IDE/HEXAGON/DSP/Makefile.
## Use
A default handle is created with the call to wolfCrypt_Init() and is set to use the aDSP. A default mutex is locked for each use of the handle to make the library stable when multiple threads are calling to DSP supported operations.
To use wolfSSL with a user created handle it can be done by calling wc_ecc_set_handle or by setting a callback function using wolfSSL_SetHandleCb(). This should be set in the case of multithreaded applications to account for having a handle for each thread being used.
#### wolfSSL_SetHandleCb
The API wolfSSL_SetHandleCb takes a function pointer of type "int (*wolfSSL_DSP_Handle_cb)(remote_handle64 *handle, int finished void *ctx);". This callback is executed right before the operation is handed off to the DSP (finished set to 0) and right after done with the handle (finished set to 1). With ECC this would be after the ECC verify function has been called but before the information is passed on to the DSP and once again with the finished flag set after the result is returned.
The callback set should return 0 on successfully setting the input handle. The ctx argument is for future custom context to be passed in and is currently not used.
#### Expected Performance
This is the expected results from running ./eccbenchmark using the -O3 flag
benchmarking using default (locks on handle for aDSP)
5000 verifies on 1 threads took 17.481616 seconds
10000 verifies on 2 threads took 35.324308 seconds
benchmarking using software (+NEON if built in)
5000 verifies on 1 threads took 1.398336 seconds
10000 verifies on 2 threads took 1.383992 seconds
benchmarking using threads on aDSP
5000 verifies on 1 threads took 17.616811 seconds
10000 verifies on 2 threads took 19.215413 seconds
15000 verifies on 3 threads took 20.410200 seconds
20000 verifies on 4 threads took 23.261446 seconds
# Static Library: Building libwolfssl.sgx.static.lib.a for use with SGX Enclaves
### Requirements:
This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necesary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familure with simulation software being used in place of hardware.
This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necessary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familure with simulation software being used in place of hardware.
### Overview and Build:
This project creates a static library to then link with Enclaves. A simple example of an Enclave linking to the created wolfSSL library can be found in wolfssl-examples on github. This project has been tested with gcc 5.4.0 on Ubuntu 16.04.
When building with tests the file wolfssl/options.h is expected, in downloaded bundles from wolfssl.com this file exists but when building from a cloned version of wolfSSL from GitHub then the file needs created. This is done either through cd wolfssl && ./autogen.sh && ./configure && ./config.status or by cd wolfssl && touch wolfssl/options.h.
<option id="fr.ac6.managedbuild.tool.gnu.cross.c.compiler.fdata.1859252267" name="Place the data in their own section (-fdata-sections)" superClass="fr.ac6.managedbuild.tool.gnu.cross.c.compiler.fdata" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="fr.ac6.managedbuild.tool.gnu.cross.c.compiler.fdata.191119685" name="Place the data in their own section (-fdata-sections)" superClass="fr.ac6.managedbuild.tool.gnu.cross.c.compiler.fdata" useByScannerDiscovery="false" value="true" valueType="boolean"/>
# wolfSSL STM32F2/F4 Example for Open STM32 Tools System Workbench
# wolfSSL STM32 Example for System Workbench for STM32 (Open STM32 Tools)
This example includes:
* wolfCrypt test
* wolfCrypt benchmark
* wolfSSL TLS client/server test using in-memory transfers
These examples use the CubeMX Hal for STM32. If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX` in `user_settings.h`.
## Requirements
@@ -16,12 +23,36 @@
6. Adjust the micro-controller define in `Project Settings -> C/C++ General -> Paths and Symbols -> Symbols -> GNU C`. Example uses `STM32F437xx`, but should be changed to reflect your micro-controller type.
7. Build and Run
Note: You may need to manually copy over the CubeMX HAL files for `stm32f4xx_hal_cryp.c`, `stm32f4xx_hal_cryp_ex.c`, `stm32f4xx_hal_cryp.h`, `stm32f4xx_hal_cryp_ex.h`. Also uncomment the `#define HAL_CRYP_MODULE_ENABLED` line in `stm32f4xx_hal_conf.h`.
If you hardware support crypto acceleration then:
1. Manually copy over the CubeMX HAL files for `stm32f4xx_hal_cryp.c`, `stm32f4xx_hal_cryp_ex.c`, `stm32f4xx_hal_cryp.h`, `stm32f4xx_hal_cryp_ex.h`.
2. Uncomment the `#define HAL_CRYP_MODULE_ENABLED` line in `stm32f4xx_hal_conf.h`.
## Configuration
The settings for the wolfSTM32 project are located in `<wolfssl-root>/IDE/OPENSTM32/Inc/user_settings.h`.
* To enable STM32F2 support define `WOLFSSL_STM32F2`.
* To enable STM32F4 support define `WOLFSSL_STM32F4`.
* To enable STM32F7 support define `WOLFSSL_STM32F7`.
* To enable STM32L4 support define `WOLFSSL_STM32L4`.
If you are using FreeRTOS make sure your `FreeRTOSConfig.h` has its `configTOTAL_HEAP_SIZE` increased.
The TLS client/server benchmark example requires about 76 KB for allocated tasks (with stack) and peak heap.
## Example Output
```
....MENU
.t. WolfCrypt Test
.b. WolfCrypt Benchmark
.l. WolfSSL TLS Bench
.e. Show Cipher List
Please select one of the above options:
```
## Support
For questions please email [support@wolfssl.com](mailto:support@wolfssl.com)
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
