Add mp_to_unsigned_bin_len_ct() which puts a number into a buffer with
padding in constant time.
Call mp_to_unsigned_bin_len_ct() in RSA when encoding result of
exponentiation.
For SHA256 using NEON on ARM32, change vmov instruction that is moving
from scalar to general-purpose register to have explicit size (32 bits).
May be needed by some compilers.
SM2 named curve value is specified in specification.
Values 0-14 aren't used, so, those bits in disabledCurves are used for
values over 31.
Add range checks.
This exercises the fragmenting of ClientHello via large post-quantum key share.
./configure --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtls \
--enable-dtls13 --with-liboqs
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
Optimised assembly of AES-XTS for Aarch64 and ARM32 using hardware
crypto instructions.
Aarch64 has loop unrolling.
Update aes.c to not have AES-XTS implementation when assembly
compilable.
Update test of AES-XTS to check expected cipher text of partial block
encryption.
We should always read MTU + EXTRA so that we capture the entire message and are able to correctly decrypt the entire datagram. A smaller MTU also breaks larger handshake messages sent during a connection like secure renegotiation in DTLS 1.2 (confirmed) and post-handshake messages in DTLS 1.3 (suspected).
- Call wolfSSL_CTX_free on ssl->initial_ctx so that it decrements the counter and free's the object
- Clean up where ssl->initial_ctx is free'd. It only needs to be free'd when the ssl object is being free'd
- Regen CRL's as most of them are expired
- certs/crl/extra-crls/ca-int-cert-revoked.pem: CRL that revokes certs/intermediate/ca-int-cert.pem signed by certs/ca-cert.pem
- Add CheckCertCRL_ex API to not depend on DecodedCert
- CheckCertCRLList: accept raw serial or hashed version to work with Signers
- Add XELEM_CNT to simplify pre-proc element counting
When using custom curves, only use the first 22 values with the prime to
calculate Legendre symbol. The known curves work and defeats long running
times when non-prime values are passed in.
- Need to call fs_file_t_init() before calling fs_open()
- 0 is a valid POSIX socket number
- Include stdio.h when needed to simplify macro logic
- Define Zephyr specific macros in CMakeLists.txt to make for a better user experience
By default, wolfcrypt PKCS11 interface accesses tokens in read-only
mode. In some cases, we might want to build the client with write
permissions, i.e. when initializing tokens via C_InitToken().
The WOLFSSL_PKCS11_RW_TOKENS option, if present, allows write access to
PKCS11 tokens.
WOLFSSL_SP_ARM_ARCH no longer used.
Using WOLFSSL_ARM_ARCH instead.
Change umaal check to only available with WOLFSSL_ARM_ARCH > 6.
SAKKE mont_reduce with umaal not using correct registers at end.
Thumb2/ARM32: use umaal instruction to speed up mulitplication, squaring
and reduction. umaal not always available so use umlal instead.
Implementations for architectures less than 4 still kept - no umull.
Cleanup point arithmetic to not take shortcuts.
Make masking for constant time faster.
Add alternate asm for different compilers.
Get ARMv4 and ARMv6 compiling.
Remove whitespace at end of lines.
- CheckCertCRLList: check all entries in case a single issuer has multiple CRL's loaded
- test_multiple_crls_same_issuer: testing two different certificates forcing the client to check both CRL's from the same issuer
- CRL_Entry
- use a lock instead of a mutex to allow multiple threads to access the same list simultaneously
- add a verifyMutex when doing verification so that we don't have to release the crlLock
- Add allocation and free functions for CRL_Entry
- DupCRL_Entry: simplify copying by copying all static fields in one memcpy
- Use unions for type punning in xor API
- Initialise potentially uninitialised variables
- Use `LL` suffix to specify a larger integer type
- Don't use `max` as it can shadow other definitions
Add support for compiling ASM for Thumb2
Add Curve25519 ASM for Thumb2
Limit assembly code compiled when Ed25519 not required.
Rework all assembly implementations to replace ge_*() functions instead
of having fe_ge_*() versions that take many parameters.
Get ARM32 inline asm working.
1. Remove the case block deciding if to checkout the wolfcrypt files or
not, it is redundant. Things are set up now where we don't need it.
2. Comment reflow.
Changes due to peer review:
3. Change the check for the temp mytag branches to use a git command
that provides an exact match, rather than a foulable grep check.
4. Change the fips repo file checkout to work the same way as the
wolfcrypt files. Each file in the copy list is tagged with its
revision.
1. Move the command line updatable variables to the beginning of the
script.
2. Reorder the OE names in the usage list.
3. Add the missing asm files.
4. Correct the regex for the fipsv2-OE-ready version name.
1. Remove the demo OE.
2. Update all OEs with the new file lists.
3. Merge OEs with same files and tags, and add a check for the
difference to optionally update that. For example, solaris is the
same file list and tags as linuxv2, but uses gmake instead of make.
1. Remove the demo variable presets. Actually use them in testing.
2. FIPS_REPO can be set to a local file path to speed up testing.
3. Add files missing from the demo OE checkout.
4. Add the fips-read OE files.
5. Add the quiet option to grep.
1. Add an optional initialized variable for the KEEP option and default
it to 'yes' temporarily.
2. Comment out all the descriptions for all the OEs except the test OE.
3. Update the copy FIPS file list format to have the file path and add
the tag to use for copying as the first item.
4. Merge the branch-creation and file checkout into one function. Remove
the local path changing.
5. Update and simplify the FIPS file copying function.
6. Remove the old copying code.
7. When updating the fipsv2-OE-ready version string, also check that
fips.c is non-zero.
8. Use explicit paths for files.
1. Add a test OE for trying out the new methods.
2. Add a temporary way to trigger using the new methods.
3. Add a function to check out different versions of files in the repo,
and only adding a new branch when needed.
4. Remove the old checkout code.
1. Whitespace changes.
2. Deleted the stm32l4 build. The fips-check-2.0.sh script handles it.
3. Removed the CAVP_SELFTEST_* variables, used the FIPS_OPTIONS for it.
4. Removed the v1 style code checkout. The current method works for all
available cases.
5. Removed the FIPS_CONFLICTS case rename case.
These typos could have been generated by some program, in which case
the program should be fixed instead. Yet the typos are inconcistent,
as if the output had been manually copied. Why is the output poorly
aligned?
Use seconds or s for seconds, consistently.
Use ops for operations, consistently. Unless you want the singular
op for operation, as the value is often < 2.
- wolfssl_ec_point_mul: fix parameters being passed into ec_mul2add
- Compile in compressed ecc key parsing for OPENSSLALL
- Improve debugging around compat layer ecc operations
- wolfSSL_BN_div: dv can be NULL
- Add spake like computation test
- Add CI krb5 testing
- Add timeouts to CI
src/internal.c:wolfSSL_DtlsUpdateWindow(): shiftTooManyBitsSigned and integerOverflowCond (true positive, fixed);
src/ssl.c:wolfSSL_GetSessionFromCache(): autoVariables (true positive, intentional and now suppressed);
wolfcrypt/src/asn.c: several uninitvars in EccSpecifiedECDomainDecode(), wc_EccPrivateKeyDecode(), DecodeSingleResponse(), and DecodeResponseData() (false positives due to bug in cppcheck short circuit eval analysis, mitigated by refactoring && expressions to nested-if constructs that are semantically identical);
src/ssl.c:wolfSSL_GetSessionFromCache(): nullPointer (false positive due to bug in cppcheck value flow analysis, workarounded).
add it to the list of non-fatal errors so that a socket close alert wont be sent out but the caller still won't block and will instead get OCSP_WANT_READ as an error back from wolfSSL_connect
so that the re-run of DoHandShakeMsgType knows not to hash the certificate twice and won't send an alert to the server as it was when OCSP_WANT_READ instead of setting ret to 0
tweak several #includes of settings.h to include types.h instead (all of these are for clarity, as types.h is indirectly included by later #includes), and add #include <wolfssl/wolfcrypt/types.h> where missing;
remove trailing semicolons from PRAGMA*() macro invocations as they are unneeded and can be harmful (inducing frivolous -Wdeclaration-after-statement etc.).
if ENABLED_LINUXKM_PIE, add -DWOLFSSL_NO_OCSP_ISSUER_CHECK to gate out backward dependency in asn.c;
if ENABLE_LINUXKM, don't error on FIPS without thread_ls_on;
for --enable-curl, set ENABLED_MD4="yes", and move --enable-md4 AC_ARG_ENABLE() clause up to a position adjacent to des3 handling;
scripts/sniffer-gen.sh: fix illegal exit code (SC2242);
src/internal.c: fix clang-analyzer-core.NonNullParamChecker in CreateTicket();
src/ocsp.c: fix readability-redundant-preprocessor;
src/tls.c: fix empty-body in TLSX_PskKeModes_Parse() and clang-diagnostic-unreachable-code-break in ALPN_Select();
tests/api.c: fix several clang-analyzer-core.NullDereference related to Expect*() refactor;
wolfcrypt/src/asn.c:
fix -Wconversions in DecodeAuthKeyId() and ParseCertRelative();
fix readability-redundant-declaration re GetCA() and GetCAByName();
gate inclusion of wolfssl/internal.h on !defined(WOLFCRYPT_ONLY);
wolfssl/internal.h: add macro-detection gating around GetCA() and GetCAByName() prototypes matching gates in wolfcrypt/src/asn.c;
tests/utils.c: in create_tmp_dir(), use one-arg variant of mkdir() if defined(__CYGWIN__) || defined(__MINGW32__).
mp_exptmod_base_2() uses Montogmery method and does not support even
modulus. Added check.
mp_exptmod_fast() uses Montogmery method when odd not when dr > 0.
Comment updated at call.
Reduce value of zero doesn't work for mp_reduece_2k. Changed setup of
use to check for zero and won't use it. Other methods won't work either.
Add support for cipher aliases DHE, EDH and EECDH.
Add define SSL_CTRL_GET_CHAIN_CERTS to help hitch and other programs detect SSL_CTX_get0_chain_certs is supported.
Add wolfSSL_get_locking_callback.
Allow using ECDHE+RSA cipher suites when ECDHE alias is used while in OpenSSL compatibility mode.
Add more alerts for hitch.
SSL_CM should use the CTX's x509_store_pt if available.
Add support for SSL_CERT_FILE and SSL_CERT_DIR. Load default OpenSSL TLS 1.3 ciphers when using OPENSSL_COMPATIBLE_DEFAULTS.
Use wolfSSL_sk_X509_new_null to allocate WOLFSSL_STACK in wolfSSL_CTX_get_extra_chain_certs. Previous approach of malloc'ing without setting type/memsetting was leading to a segfault.
Add --enable-hitch.
hitch: Add unit tests for new APIs, fix a couple of issues uncovered by unit testing.
Correct behavior of wolfSSL_BIO_set_mem_buf for BIO_CLOSE/NOCLOSE and update unit test accordingly.
Add Github action test for hitch.
This also adds new keys for SPHINCS+. The reason is that SPHINCS+
was updated to 3.1 in liboqs (open-quantum-safe/liboqs/pull/1420),
and old keys are incompatible with the new implementation.
Keys were generated using the oqs-provider for OpenSSL 3
openssl genpkey \
-provider default -provider oqsprovider \
-algorithm sphincsshake128fsimple \
-outform der \
-out bench_sphincs_fast_level1_key.der
And certs_test.h was updated using xxd
xxd -i -c 10 -u bench_sphincs_fast_level1_key.der
This was repeated for the 6 variants of SPHINCS+ that wolfSSL supports.
Split out certificate manager APIs into ssl_certman.c.
ssl.c includes ssl_certman.c
Better test coverage.
Minor fixes.
wolfSSL_X509_chain_up_ref calls XFREE with name->heap but name may be
NULL. Check for NULL first.
- nginx: add necessary defines and function
- Implement Certificate Authorities for TLS 1.3
- Implement secret logging for TLS 1.3. Can be used for example with:
./configure CPPFLAGS="-DWOLFSSL_SSLKEYLOGFILE -DSHOW_SECRETS -DHAVE_SECRET_CALLBACK -DWOLFSSL_SSLKEYLOGFILE_OUTPUT='\"/tmp/secrets\"'"
- Implement session context checking for tickets
- Check for authorized responder in OCSP basic response
- Fix handling call to ocsp->statusCb
- compat: Translate SOCKET_PEER_CLOSED_E to WOLFSSL_ERROR_SYSCALL
- Fix wolfSSL_CTX_set_session_cache_mode
- WOLFSSL_SESS_CACHE_OFF means nothing should be on
- WOLFSSL_SESS_CACHE_NO_INTERNAL turns off only the internal cache
- Respect ssl->options.internalCacheOff
- Implement SSL_SESSION_set_time
- wolfSSL_SSL_in_init: fix detection for TLS 1.3
- Fix handling call to ssl->alpnSelect
- SendTls13NewSessionTicket: always generate new ID
- When we send a new ticket for the same session (for example we resumed a connection and are sending a new ticket so that the client can resume in the future), we need to generate a new ID so that we don't overwrite the old session in the cache. Overwriting the session results in the `diff` calculation in `DoClientTicketCheck()` producing the wrong value and failing to resume.
Add nginx github action test
- Fix memory leaks
- wolfSSL_OCSP_basic_verify: implement OCSP_TRUSTOTHER flag
- AKID: implement matching on issuer name and serial number
- ocsp: check for a chain match for OCSP responder
- Split CreateTicket into CreateTicket and SetupTicket
- SendCertificateStatus: free response.buffer
- Use heap hint when allocating responseBuffer
- Remove responseBuffer from internal API's that don't use it anywhere
Address PR comments + other cleanup
Addressing PR comments
Minor change
Make sure the last line gets output as well
Add in ARIA SHA256 session to internal structure
Add in ARIA SHA384 session to internal structure
Add necessary function for ARIA to extract key
Fix unit tests
Rename HAVE_ARIAGCM to HAVE_ARIA
Move aria.* to wolfcrypt/port/aria
Separate out aria-crypt init functions
Adding in ECC+SHA callbacks
Avoid using AC_CHECK_FILE
Rename Aria to wc_Aria
Don't need special cases
Addressing PR comments
Code cleanup
C89 support
Remove TODO
Add documentation about buffer size
Clean up header files
Use ARIA_DEVID by default if available
Dummy update call to make MagicCrypto happy
Fix for detecting what algo type to use
Documentation
Use the appropriate sign/verify
Collect MagicCrypto functions together (and avoid leaks)
Fall back on other implementations on failure
Fix issue when compiling without CRYPTOCB
Addressing PR comments
Better cleanup
Addressing PR comments
Cleaner exit in case of error
- move the testsuite file helps into a new tests/utils.c file so that they can be used across all tests
- dump the raw TLS stream when WOLFSSL_DUMP_MEMIO_STREAM is defined so that it can be examined in Wireshark
This caused an issue on big endian platforms
From the getsockopt man page:
Most socket-level options utilize an int argument for optval. For setsockopt(), the argument should be non‐
zero to enable a boolean option, or zero if the option is to be disabled.
Add support for:
- SM2 elliptic curve and SM2 sign/verify
- SM3 digest
- SM4 cipher with modes ECB/CBC/CTR/GCM/CCM
Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
PEM example converts PEM to DER and DER to PEM.
Supports encrypting DER and writing out as PEM.
Added better support for 40-bit RC2-CBC PBE.
Added AES-128-CBC encryption support with PKCS#5v2.
Fixed handling of iterations to support writing 24-bit values.
Declared enum types for pass to PKCS#8 encryption APIs.
Add more DER and PEM files to certs directory.
Add testing of 'pem' with pem.test script.
Importing an EC point ordinate with one being zero will result in
different errors based on different implementations. Check both known
error codes.
Benchmark usage fixed.
Do leaf CRL check by default
Correct wolfSSL_sk_X509_NAME_push return check
Update OpenSSL compatibility errors for HAProxy
Change X509_V to literal constant values
Fix the compat layer with TLS session ticket reuse
Fix for tls1_2 session resume and cache miss
Save intitial wolfSSL ctx
Check for OpenSSL CRL error code 23
bio.c:
wolfSSL_BIO_flush(): check allocation to bio->ip succeeded.
internal.c:
InitSSL_Ctx(): set ctx->heap to heap if value passed in
ProcessPeerCerts(): check for error MEMORY_E too as a fatal parsing
error
ssl.c:
wolfSSL_shutdown(): SOCKET_ERROR_E is also an indication that the
socket is done, MEMORY_E is a fatal error
wolfSSL_Cleanup(): move free of memory fail couting to wolfSSL API
SessionTicketNoncePrealloc(): eror return must be non-zero
AddSessionToCache(): XFREE checks for NULL no need to do it before
call
wolfSSL_set_psk_use_session_callback(): ensure ssl is not NULL before
dereferencing
wolfSSL_SMIME_read_PKCS7(): check for error return from
wolfSSL_BIO_gets()
asn.c:
wc_MIME_parse_headers(): check allocation succeeded into nextHdr
compress.c:
wc_DeCompressDynamic(): free tmp on inflateInit2 failure
memory.c: rework where memory allocation failure counting code for when
WOFLSSL_STATIC_MEMORY is defined
wc_port.c:
wolfCrypt_Cleanup(): only call wc_MemFailCount_Free() when no
wolfSSL_Cleanup()
Changed EXPECT_DECL to start of as TEST_SKIPPED.
Modified other EXPECT macros appropriately.
Change test functions to not use 'res' when EXPECT_DECL is used.
memory.c:
wc_MemFailCount_Init(): don't declare variable after a statement
conf.c:
wolfSSL_TXT_DB_read(): free the whole WOLFSSL_TXT_DB on failure
instead of just the memory
wolfSSL_CONF_add_string(): pop the value added into section->value
(sk) if it can't be pushed onto conf->data
wolfSSL_NCONF_load(): free the new value if it wasn't able to be added
ocsp.c:
wolfSSL_OCSP_cert_to_id():
free the decoded certificate if parsing failed (is freed after use
otherwise)
free the certificate id on failure and make it NULL and continue
freeing other variables
pk.c:
wolfSSL_RSA_set0_crt_params(): set dmp1, dmq1 and iqmp fields to NULL
if setting the internal failed - returns error and caller needs to free
the passed in BNs
wolfSSL_RSA_set0_factors(): set p and q fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
wolfSSL_RSA_set0_key(): set n, e abd d fields to NULL if setting the
internal failed - returns error and caller needs to free the passed in
BNs
x509.c:
wolfSSL_X509_set_serialNumber(): explicit NULL
checkwolfSSL_X509_REQ_add1_attr_by_NID(): check whether push succeeded
and on failure free attribute
asn.c:
ConfirmSignature(): for DSA, allocate separately to ensure no leak on
memory allocation failure.
dh.c:
wc_DhGenerateParams(): ensure tmp and tmp2 are able to be cleared on
error
evp.c:
wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(): fix realloc use to no leak on
failure
wolfSSL_EVP_CIPHER_CTX_iv_length(): handle ctx being NULL.
dtls13.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
Use idx when calculating unused byte count of outputBuffer.
internal.c:
Change end of outputBuffer data calculations to use function
GetOutputBuffer().
Use GetOutputBuffer() to calculate end of data in outputBuffer.
GrowOutputBuffer():
Calculate new size to allocate to include already written data in
case of static buffer.
Copy all data including already written count (idx).
CheckAvailableSize():
Don't subtract idx from length when checking MTU size.
Do subtract idx from bufferSize to determine count of unused bytes
in outputBuffer.
The modular exponentiation implementations in sp_int.c and tfm.c are not
safe when using Encrypted Memory.
Cannot have two pieces of memory where one changes and the other doesn't
based on private value.
Use extra variable to hold the two new values and assign them both back
at the same time in a safe manner.
Alternative implementations used when WC_PROTECT_ENCRYPTED_MEM is
defined.
wolfssl/wolfcrypt/types.h: add 'U' suffix to W64LIT() macro defs, and add SW64LIT() macro defs (not yet used anywhere);
wolfcrypt/src/asn.c: add !WOLFSSL_ECC_CURVE_STATIC gate around DataToHexStringAlloc() to resolve -Wunused;
wolfcrypt/src/ecc.c: guard against zero-valued "len" arg to wc_ecc_get_curve_id_from_oid();
wolfcrypt/src/wc_port.c: fix several argument implicit sign changes in USE_WINDOWS_API paths;
wolfssl/wolfcrypt/ecc.h: remove const attribute from inline buffers in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type.
wolfssl_sce_unit_test.c:
sce_crypt_Sha_AesCbcGcm_multitest(): duplicate condition
ssl_asn1.c:
wolfSSL_i2t_ASN1_OBJECT(): done is not needed
MonthStr(): fix bounds check on i
woolfcrypt_test.c, test_main.c, wolfssl_tsip_unit_test.c, devices.c,
aes.c, des3.c:
Variable not used.
asn.c:
DecodeSubjKeyId(): sz is unsigned - check for less than zero does
nothing
kcapi_rsa.c:
KcapiRsa_Decrypt(): fix ret check by using else
KcapiRsa_Encrypt(): make same change for consistency
kcapi_hash.c:
KcapiHashFinal(): move ret into #ifdef where it is needed
stm32.c:
wc_Stm32_Hash_GetDigest(): i redeclared with different type - use ii
instead
bio.c, conf.c:
XFREE checks for NULL
Reduce scope of varialbes.
Condition same.
Fix: ./configure --disable-shared --enable-smallstack --enable-all
CFLAGS=-DNO_ASN_TIME
Don't compile mp_test when compiling for SP Math All and RSA
verification only - very few functions available.
ssl.c:
wolfSSL_Rehandshake(): wolfSSL_UseSessionTicket only available when
not NO_WOLFSSL_CLIENT
api.c:
test_wolfSSL_ticket_keys(): meant to be tested on server
bio.c:
wolfSSL_BIO_push(): handles NULL for top and append.
crl.c:
InitCRL_Entry(): set toBeSigned to NULL after freeing when allocation
fails.
AddCRL(): free CRL entry properly on error.
wolfSSL_X509_STORE_add_crl(): check for NULL after
wolfSSL_X509_crl_new call.
ssl.c:
wolfSSL_CertManagerGetCerts(): free the certificate if it didn't get
pushed onto stack
wolfSSL_RAND_Init(): returns success if global already initialized.
ssl_asn1.c: wolfSSL_ASN1_TYPE_set now avaiable when OPENSSL_EXTRA
defined for function wolfssl_dns_entry_othername_to_gn().
x509.c:
Added support for creating a valid General Name of type GEN_OTHERNAME.
Extracted some code out into wolfssl_x509_alt_names_to_gn().
wolfSSL_X509_set_ext(): free data correctly on errors
wolfSSL_X509_PUBKEY_set(): free str if DSA parameters cannot be
retrieved; wolfSSL_OBJ_nid2obj() called separately to handle when
returning NULL.
wolfSSL_X509_NAME_copy(): check for failure when
wolfSSL_X509_NAME_add_entry() is called.
x509_str.c:
wolfSSL_X509_STORE_CTX_new(): check for error from calling
wolfSSL_X509_STORE_CTX_init().
wolfSSL_X509_STORE_get0_objects(): don't double free x509; free memory
correctly on error
Added a new version of 'nofail' handshaking that doesn't use threads.
More tests can be run in single threaded.
Changed tests over to use test_wolfSSL_client_server_nofail() or
test_wolfSSL_client_server_nofail_memio() to simplfy test cases.
Changed tests to use Expect.
CRL:
BufferLoadCRL wasn't freeing allocated data when currentEntry
couldn't be allocated.
ssl.c:
DecodeToX509(): Needs to call FreeDecodedCert even if
ParseCertRelative fails.
wolfSSL_PEM_read_PUBKEY(): Need to check result of
wolfSSL_d2i_PUBKEY is NULL rather than the passed in WOLFSSL_EVP_PKEY.
X509:
wolfSSL_X509_set_ext(): Must free allocated WOLFSSL_X509_EXTENSION
if not pushed on to stack regardless of stack being NULL.
wolfSSL_X509V3_EXT_i2d(): Don't free asn1str on error as it is the
data passed in.
wolfSSL_i2d_X509_NAME_canon(): free names and cano_data when call to
wolfSSL_ASN1_STRING_canon() fails.
PKCS7:
wc_PKCS7_InitWithCert(): Check memory allocation of cert for NULL.
tests/unit.h: fix ExpectPtr() to inhibit pedantic warnings on both gcc and clang;
wolfssl/test.h: in myVerify(), explicitly check for nullness when printing issuer/subject, to avoid cppcheck null-deref warning;
tests/api.c: fixes for:
* myriad "embedding a directive within macro arguments is not portable"
* an "ISO C forbids conversion of object pointer to function pointer type"
* some "stringop-overflow"s
* a clang-analyzer-core.uninitialized.Assign
* a clang-analyzer-core.CallAndMessage "2nd function call argument is an uninitialized value"
* a nullPointerRedundantCheck
* several clang-diagnostic-declaration-after-statement
* a spurious gcc sanitizer maybe-uninitialized in test_wolfSSL_CheckOCSPResponse()
Modified number of tests to not crash on failure and cleanup allocations
on failure.
Added memory fail count option to set which memory allocation to start
failing on.
Fix issues found from testing.
bio.c:
BIO_new() move ref count up so that calls to wolfSSL_BIO_free()
work.
internal.c:
ImportCipherSpecState wasn't checking SetKeySide for failure. Crash
when pointer is NULL and accessed directly.
ocsp.c:
wolfSSL_OCSP_response_get1_basic() doesn't need to free vs->source
as it is freed in WOLFSSL_OCSP_RESPONSE_free().
ssl.c:
ProcessBuffer() Don't strip PKCS#8 header if failed to create DER.
Crasged as directly accessing 'der' which was NULL.
ssl_asn.c:
wolfssl_asn1_integer_require_len was checking wrong variable to see
if allocation failed.
x509,c:
wolfSSL_X509_ALGOR_set0 needs to set aobj only when no failure
possible.
wolfSSL_X509_chain_up_ref needs to call cleanup to ensure everything
is freed.
wolfSSL_X509_NAME_ENTRY_get_object
- object field was being reused if it existed but lost on error
- store object only on success, ie object is not NULL
- moved function into x509.c
wc_RsaEncryptSize(): assumed a key size of 2048 when using hardware key.
Added callback to do lookup and implemented for PKCS#11.
If lookup not supported then assumes 2048 bits.
AES C impl: don't align to 32 bytes, align to 16 as buffer is 16 bytes
long.
SP int: Don't call _sp_mulmod but call sp_mul and _sp_div to do mod
operation. For RSA, fewer calls for mod operation means less stack used
at deepest point.
wolfSSL_X509_NAME_ENTRY_create_by_txt and
wolfSSL_X509_NAME_ENTRY_create_by_NID:
- object field was being reused if it existed but lost on error
- extracted common code
- store object only on success, ie object is not NULL
Skip ECC private key check when the TPM is used to generate the key, since it doesn't release the private part. this option needs to be used with a FIPS approved TPM for the end result to be FIPS approved
sp_mulmod
- scan-build getting confused with size of result
- don't check result size as checked already
- split out implementation of sp_mulmod from check
StoreEccKey
- ensure pubKey is not NULL even though all uses will not be
GetCertKey
- ensure source is not NULL
- cert->source may be NULL in incorrect usages of APIs
DecodeRsaPssParams() assumed params is never NULL. Should never be
called with NULL but check saves a NULL dereference.
PrintObjectIdText() didn't check return of call to GetObjectId. 'oid'
will retain -1 value on error and work as normal on error return.
Cleaner to check for ASN_PARSE_E and handle - other error,
ASN_UNKNOWN_OID_E, is OK for printing.
1. The description text for the brainpool enable option in configure was
using a shell variable that ended up in the output. Switched to the
description pattern used in other options.
* make wolfssl compile with Mingw-w64
* cmake: CMAKE_SYSTEM_PROCESSOR is AMD64 on Windows
* cmake: use target_compile_definitions instead of add_definitions
* cmake: change default value of WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT to ON
* cmake: link crypt32.lib on Windows
* cmake: export wolfssl
* move Config.cmake.in to cmake directory
* revert changes to .gitignore
* add Config.cmake.in to include.am
linuxkm/linuxkm_wc_port.h: activate SAVE/RESTORE_VECTOR_REGISTERS() whenever defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) for benchmark.c support, independent of vector crypto features;
fix and optimize various alignment issues with stack and heap allocations;
fix macro definitions for XMALLOC/XREALLOC/XFREE to correctly use kvmalloc and friends when defined(HAVE_KVMALLOC), and to use wolfSSL_Malloc() and friends when defined(WOLFSSL_TRACK_MEMORY);
purge stale LINUXKM_SIMD_IRQ code.
In DTLS v1.3 the normal (plaintext) record header can be used only with
unprotected message (epoch == 0). Protected messages use the unified header.
Check this invariant using `IsAtLeastTLSv1_3` instead of `ssl->options.tls1_3`
because the latter is false before version negotiation.
In DTLSv1.2 the DTLS normal header is used for all the epoch, this check doesn't
interfere because:
1. the first CH's epoch must be zero in all DTLS versions
2. In case of downgrade after version negotiation `IsAtLeastTLSv1_3` is false
configure.ac: Don't use == in test.
client.c: Merge string to one line.
asn.c/asn_public.h:
fix conversion warnings/errors.
wc_Asn1_Print no longer public and doesn't need to check for NULL.
wc_Asn1_PrintAll check all pointer parameters for NULL.
The `kse->pubKeyLen` parameter is used as an input parameter to `DhGenKeyPair`
to provide the size of the `pubKey` buffer (the same size as the prime p). After
that, `kse->pubKeyLen` is used to check that the public key generated is of the
same length as the prime p. If this is not the case, the public key is
padded. If the key generation is asynchronous, then `TLSX_KeyShare_GenDhKey` may
be invoked twice. The second time, the `kse->pubKeyLen` value, updated
asynchronously by the async code, is overwritten with the prime size at the
beginning of the function. When this happens, a wrong public key value is used,
and the shared secret computed is incorrect.
Similar reasoning can be applied to `kse->keyLen`
* zephyr wolfssl_tls_sock: fix project name
* zephyr tls_sock.c: don't include options.h when using user settings
* zephyr: define XSTAT_TYPE for use with XSTAT
* set dev ID with signature check
* refactor devId use and add API to set devId in WOLFSSL_CERT_MANAGER structure
* add api.c call to set devid with WOLFSSL_CERT_MANAGER
* resolving devID CRL issue and CM pointer
* add device find callback
* add simple test case
wolfssl/wolfcrypt/sp_int.h: refactor MP_INT_SIZEOF() using sizeof(sp_int_minimal) and addition, rather than sizeof(sp_int) and subtraction, for clarity and analyzer mollification.
GetDateInfo called with a local index (reset to 0) but size is of
original buffer. Subtract the index into original buffer from size to
get size available for parsing.
TLS 1.3 Server: don't cache the messages for Ed25519/Ed448 when doing
TLS 1.3.
ASN DecodeCertInternal: Call GetCertName for issuer and subject after
freeing the dataASN.
* Add TLSv1.3 stateful support
Fix internal and external session cache
* session cache fixes
* Refactor
- implement wolfSSL_CTX_flush_sessions
- use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic
- add dtls to test_wolfSSL_CTX_add_session_ext
- DoClientTicket_ex does not modify ssl object
- only call session remove callback on:
- timeout
- session is being overwritten/removed from the cache
* Session fixes
- restore bogus ID on session duplicate
- don't evict on overwrite
- use memmove instead on memcpy as `ssl->session == session` is possible
- ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF
- use sessionID when altSessionID not present
* Session fixes
- DoClientTicketFinalize: always copy in the ID as teh altSessionID
- don't overwrite ex_data when overwriting cacheSession and cacheSession owns it
* Callback wants to retain a copy
* wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here
* test_wolfSSL_CTX_add_session_ext
gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME
* TlsSessionIdIsValid: copy return can't be ignored
* Silence unused parameter
* test_wolfSSL_CTX_add_session_ext: handle async case
* Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE
* ssl.c: style fixes
* Add twcase_get_sessionCb_cleanup to free external cache
* Remove hard tab
* Correct build error in wolfSSL_CTX_flush_sessions
* Jenkins fixes:
- altSessionID only available with WOLFSSL_TICKET_HAVE_ID
- slim out psk_sess_free_cb_ctx
* Stateful dtls case has 2 accesses. Stateless just one.
* Add version numbering to hostap logs
* Import internal.h for test_wolfSSL_SESSION_get_ex_new_index
* wolfSSL_SetSession: don't check SslSessionCacheOff for session setting
* wolfSSL_SetSession: fully set expired session for OpenSSL compatibility
* wolfSSL_SetSession: check if setting same object
* AddSession: always populate the session object to allow re-use
* Add logging to wolfSSL_NewSession and wolfSSL_FreeSession
* Always setup session object
* Check if session has been setup before setting it
* Print errors in async test
* Make SetupSession available outside NO_SESSION_CACHE
* Review comments
* Fix ticBuf leak and TlsSessionIdIsValid logic
* Fix unmatched curly brackets
* TlsSessionIdIsValid: always need to check copy var
* TlsResumptionIsValid: set resume to FALSE default
* wolfSSL_SetSession: remove now variable since only used in one place
* Move internalCacheLookupOff into HAVE_EXT_CACHE block
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
The order may be 1 bit larger than prime for some curves.
Handle this in calculation of maximum size of curve.
SP int _sp_mont_red(): ensure m->used is never 0 when doing default
implementaion.
Ed25519CheckPubKey/Ed448CheckPubKey: get the public key from certificate
in a new function, wc_CertGetPubKey, that uses less memory.
Set the ENCRYPT_BASE_BITS to minimal values when Curve448/Curve25519 are
the largest public key algorithms.
Move declaration of sp_ints until after checks of valid parameters.
In particular, whether used field of input/s are valid.
Pull implementations of algorithms out into separate functions as a
pattern to fix.
SP int should be able to calculate size of encoded number for a radix of
10 when mp_int has all digits used.
sp_radix_size declared a temporary mp_int of 1 greater than input. Don't
need it 1 greater. Stack declaration of maximum plus one caused address
sanitizer error.
Changed temporary mp_int to be same size as input mp_int.
fix for benign clang-analyzer-deadcode.DeadStores in aes.c:wc_AesFeedbackEncrypt();
fix for cppcheck:selfAssignment in chacha.c:wc_Chacha_wordtobyte().
- Add CONFIG_PTHREAD_IPC when using threads
- Add logging config suggestions
- test.c: fix undefined `ret` error
- Increase stack size for samples
- Ignore ASN_BEFORE_DATE_E in examples
- wc_port.h: add missing posix thread includes
- wc_port.h: move definitions to relevant section
- benchmark.c: fix missing `arc` and `argv` errors
- benchmark.c: fflush does not work on stdout in Zephyr
- Update z_fs_open implementation to support flags
CheckCertSignature
Free the dataASN before calling ConfirmSignature.
dataASN not needed at this point and ConfirmSignature uses lots of
memory.
DecodeCertInternal:
Free the dataASN before calling DecodeCertExtensions,
dataASN not needed at this point and DecodeCertExtensions uses more
memory.
ecc_verify_hash:
v doesn't need to be a new allocated variable - reuse w.
v is the modular reduction of x-ordinate to prime calculated at end.
New creation of mp_ints r and s to be minimal size must not be
re-initialized.
Changes to ASN.1 code to handle r and s being initialized and to not
initialize again.
Public API wc_ecc_is_point() needs to validate the parameters.
Ensure that the x and y are in range [0, p-1] and z is one (affine
ordinates).
Made the API a wrapper around existing calculation code.
When x-ordinate is a large negative, then it will spend large amounts of
time adding the prime to a large negative intermediate value.
fixes for clang-tidy/bugprone-macro-parentheses in wolfssl/wolfcrypt/sp_int.{c,h} and wolfcrypt/src/ecc.c;
fix for clang-analyzer-deadcode.DeadStores in olfcrypt/src/asn.c.
Tested with `./configure --disable-asm --enable-32bit --enable-asn=original --enable-cryptonly CFLAGS="-Wconversion -pedantic" && make`. Some progress with ASN template, but not complete.
* Update to ensure full blocks for crypto in En/DecodeAuthEnvelopedData.
* Corrected spacing and comments
* Set plain to NULL after free on non-error path.
* refactor error-checking cascade in wc_PemCertToDer_ex() as in wc_PemPubKeyToDer_ex(),
* refactor staticBuffer gating/dynamics in wc_PemPubKeyToDer_ex() as in wc_PemCertToDer_ex(),
* and use IO_FAILED_E, not BUFFER_E, for I/O errors on the file handles, in both routines;
fix smallstack null pointer dereferences in src/pk.c:wolfSSL_RSA_GenAdd() and src/ssl.c:set_curves_list().
Minimize use of stack.
Make very large stack allocations dynamic memory allocations unless
WOLFSSL_SP_NO_MALLOC.
ProcessBufferTryDecode() split up into a function for each type.
ProcessBufferTryDecodeRsa() decodes the data and gets key size rather
than having or allocating an RsaKey.
Added wc_RsaPrivateKeyValidate() that only validates the encoding is an
RSA key and returns the key size in bytes.
For SP int, only create sp_ints of required size in RSA and ECC
implementation. For WOLFSSL_SMALL_STACK, memory is allocated to have
just enough bytes and size is set to maximum supported. Otherwise,
relies on dynamic stack variables.
For ECC, MAX_ECC_BITS_USE used when dynamic stack variables not
supported. Significantly reduces memory usage when RSA/DH is also built.
Add macros to sp_int.h, tfm.h and integer.h to support declaring,
allocating, initializing and freeing mp_ints.
For integer.h, mp_int is always static as size is no more than 32 bytes.
For tfm.h, WOLFSSL_SMALL_STACK has a full mp_int allocated, otherwise
the full mp_int is put on the stack.
For sp_int.h with new macros, dynamically allocate sp_int to minimal
size when WOLFSSL_SMALL_STACK, or when dynamic stack variables, declare
them to be of minimal size or otherwise declare with a fixed max.
Added mp_bitsused(), for all implementations, to get the number of bits
available based on used. Included for RSA to get the size of the
modulus.
SP int now always uses dynamic stack variables if possible rather than
for builds with WOLFSSL_SP_SMALL.
Moved code out into separate functions so that stack allocations don't
happen when not going down code path.
Create a fixed buffer BIO of length 1 and then write one byte into it so
that there is 0 length to write into.
Test cases removed as setting fixed buffer BIO to length 0 allocated 0
length buffer that is sometimes returning NULL.
linuxkm/module_exports.c.template: include wolfssl/wolfcrypt/wolfmath.h, to bring in wc_GetMathInfo() prototype;
src/ssl.c: move "Global pointer to constant BN on" to src/ssl_bn.c; and in wolfSSL_Cleanup(), call the new wolfSSL_BN_free_one() rather than using ad hoc cleanup logic;
src/ssl_bn.c: add bn_one and wolfSSL_BN_free_one();
src/ssl_asn1.c: fix bugprone-macro-parentheses in bufLenOrNull(); refactor wolfSSL_ASN1_TIME_diff() to avoid floating point math; use intermediate tm_year variable in wolfssl_asn1_time_to_tm() to avoid target-specific type conflicts on tm->tm_year; use "FALL_THROUGH", not "/* fall-through */", in wolfSSL_ASN1_TYPE_set (clang-diagnostic-implicit-fallthrough);
wolfcrypt/src/ecc.c: fix identicalInnerCondition in ecc_mul2add();
wolfcrypt/src/integer.c: refactor OPT_CAST()s in mp_grow() to unconditional casts as elsewhere, to mollify a confused cppcheck-all-intmath;
tests/api.c: reformat some overlong lines.
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
Implementations of ASN.1 APIs reworked.
Added tests.
Added wolfssl_bn_set_neg for ASN.1 code.
Added wolfssl_sk_new_type() and wolfssl_sk_pop_type() to generically
handle creating and popping a stack of elements of a type.
No longer freeing pathlen field of ASN1 OBJECT in
wolfSSL_X509_EXTENSION_free(). This is happening in
wolfSSL_ASN1_OBJECT_free().
Stop wolfSSL_i2d_X509_NAME_canon from double freeing ASN.1 STRING's data
field.
Fixed up GetFormattedTime() to be better code.
Added ASN_CLASS_MASK to mask off the class part of an ASN.1 tag.
NO_ASN_TIME means no implementation to get the current time. Disable
features that won'r work without time.
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.
Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
ForceZero the client and server secret regardless of whether TLS 1.3 as
it may change but have been copied in.
ForceZero the input buffer in wolfSSL_Clear() when encryption was on.
Changed wc_PRF_TLS to only check the parts of data used.
Changed where scatch is added for checking in wc_AesCtrEncrypt.
Change wc_MakeRsaKey to memset p, q, tmp1, tmp2 and tmp3 to all zeros so
that MemZero check works. Memset not needed otherwise.
Changes for new compiler - thinks uninitialized.
src/internal.c: fix for -Wdeclaration-after-statement and clang-diagnostic-unreachable-code-break;
tests/api.c: fix for -Wunused-variable and clang-analyzer-deadcode.DeadStores;
olfcrypt/src/pkcs12.c: fixes for cppcheck uselessAssignmentPtrArg and arrayIndexThenCheck, and clang-tidy clang-analyzer-deadcode.DeadStores and clang-analyzer-core.NonNullParamChecker;
wolfssl/src/tls.c: fix for clang-analyzer-deadcode.DeadStores;
wolfcrypt/src/tfm.c: fix for clang-diagnostic-newline-eof;
src/tls13.c: fix for clang-analyzer-core.NonNullParamChecker.
HAVE_ECH only used by TLS 1.3 add protection around all code.
ssl->options.onlyPskDheKe only available when HAVE_SUPPORTED_CURVES.
CleanupClientTickets() defined when HAVE_SUPPORTED_CURVES.
TLSX_KeyShare_DeriveSecret only defined when HAVE_SUPPORTED_CURVES.
DecodeResponseData - initialize variable single.
New OpenSSL compatibility BN code requires mp_read_radix - turn on in
integer.c, sp_int.c when OPENSSL_EXTRA defined.
rsa.c:_CheckProbablePrime - make sure tmp1 and tmp2 are initialized
before error handling jumps to freeing them.
test_remove_hs_message uses 1024-bit DH key which is not supported when
using SP math with SP.
Long server IDs were being truncated. Hash long IDs instead.
TLS 1.3 session ticket on client side no longer added session to client
cache. Explicit call added.
Loading from memory based on register that is overwritten in ldrd.
When ldrd split out for older processors, register overwritten before
second load.
Switch order of loads in this case.
AES-GCM stremaing was caching IV even when larger than buffer copying
into.
Instead, require calls to wc_AesGcmSetIV() or wc_AesGcmSetExtIV() to
cache IV.
wc_AesGcmInit() now uses passed in IV or retrieves from cache.
on handshake messages' errors:
- don't send alerts on WANT_READ, WANT_WRITE and WC_PENDING_E "errors"
- use return error code to decide which alert description
to send
- use alert description handshake_failure in the general case
- if a fatal alert was already sent, do not send any new alerts. This allow
a more specific alert description in case the exact description can't be
derived from the return code
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
345 | #define FALL_THROUGH ; __attribute__ ((fallthrough))
In file included from ./wolfssl/internal.h:27,
from src/internal.c:92:
src/internal.c: In function 'SendCertificateVerify':
./wolfssl/wolfcrypt/types.h:345:40: error: attribute 'fallthrough' not preceding a case label or default label [-Werror]
345 | #define FALL_THROUGH ; __attribute__ ((fallthrough))
DER/BER encoding requires positive numbers to not have leading zeros.
Sometimes customer's have examples that break the rules.
In those cases define: WOLFSSL_ASN_INT_LEAD_0_ANY
Define used in original ASN.1 implementation.
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
configure.ac: remove implied --disable-examples when --disable-inline;
tests/api.c: always include wolfcrypt/src/misc.c;
wolfcrypt/src/misc.c: use WC_MISC_STATIC to designate staticness of the misc functions;
wolfssl/wolfcrypt/misc.h: define WC_MISC_STATIC to empty or static depending on #ifdef NO_INLINE or not (respectively);
wolfssl/wolfcrypt/types.h: #ifdef NO_INLINE, #define WC_INLINE WC_MAYBE_UNUSED, and move the definitions of WARN_UNUSED_RESULT and WC_MAYBE_UNUSED above the definition of WC_INLINE for clarity;
wolfssl/wolfcrypt/mem_track.h: always declare TrackMalloc() et al static (no functional change, because the state and callback bindings were and remain unconditionally static, but previously #ifdef NO_INLINE the functions were globals, leading to multiple definitions.
* Check for circular dependencies in compatibility headers
* Run header check only when ENABLED_OPENSSLEXTRA
* Add missing include
* Pedantic compilers don't like empty translation units
* Fix macro guards
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
When a certificate is loaded then the private key type and size is set
based on the public key.
Always set, even if previously set.
Use case is setting an RSA certificate against ctx and then setting EC
certificate against ssl.
Made the following updates based on review feedback
Fixed mixed variable declaration and simplified cases by typedefing
wolfssl_RX64_HW_Hash to wc_Sha, wc_Sha224, & wc_Sha256
Added files to include.am so they are built when using make
Add WOLFSSL_RENESAS_RX64_HASH to settings.h and set WOLFSSL_NO_HASH_RAW
in settings.h based on value of WOLFSSL_RENESAS_RX64_HASH
Add and handle return value for rx64_hw_Open
Fix some minor formatting and comments
Adding support for SHA1, SHA224, and SHA256 hardware acceleration on
Renesas RX64 and RX71 microcontrollers.
This follows the a similar pattern as the Renesas TSIP support.
Speed comparison for hashing 64KB of data on a RX64M
| Hash Speed | SHA1 | SHA256 |
|:----------:|:----:|:------:|
| Hardware | 4ms | 4ms |
| Software | 11ms | 89ms |
Update define for RX64/RX71 SHA hardware support
This will allow for different hardware acceleration modules to be
enabled individually.
Init & Close for the RX64/RX71 SHA subsystem for WolfCrypt
This ensures that the SHA subsystem is ready for use when WolfCrypt
needs access to it.
Shorten the max line length, clean up comments
This wraps code and comments at 80 characters and adds some comments
In case buf size sz is too small it will get updated to the larger required value
and can't be used anymore to clear the buffer.
As the buffer is untouched don't need to clear it anyway.
Signed-off-by: Nuno Gonçalves <nunojpg@gmail.com>
SP ECC signing code was generating signatures with r of 0.
This is not allowed by the algorithm description.
Retry sig gen when r is 0 like when s is 0.
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;
properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
* Espressif examples run with local wolfSSL (no setup!)
* include.am Espressif local no-setup component files
* cleanup Espressif Example CMakeLists.txt, use function
* multiple wolfSSL installs is now a fatal Espressif build error
* Examples no longer need setup
* CompileAll builds local examples, not IDF_PATH ones
* Espressif compileAllExamples both local & ESP-IDF components
* add wolfssl_test_idf test project
* move VisualGDB projects to subdirectories
* move VisualGDB wolfssl_server to subdirectory
* update include.am for moved VisualGDB project files
* Support rwlock
* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE
* Implement read lock
- Use read lock for the SessionCache
- Don't copy the
* TLS 1.3: Don't push ticket to cache if we don't retrieve from it
* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER
* Implement explicit rwlocks
- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.
* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock
* condLock not necessary after all
* Use configure.ac to check for pthread_rwlock_destroy support
* Can't include config.h in wc_port.h as that breaks make distcheck
* Check for pthread_rwlock_t to determine if rwlock is available
* Code review
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
* set the client state correctly when wc_ecc_ctx_set_kdf_salt is called
* add test that covers wc_ecc_ctx_set_kdf_salt
* use shared key and smallstack to reduce test stack usage
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
Two places in sp_invmod_mont_ct were not checking err is set before
performing a new operation and setting err. Change to check error before
performing operation.
API support doesn't allow for a point to be in Jacobian ordinates.
wolfSSL_EC_POINT_add() has ordinates in Montgomery form.
When needed, compile with WOLFSSL_EC_POINT_CMP_JACOBIAN.
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
./configure --enable-wolfssh --enable-cryptonly \
--disable-asn --disable-rsa --disable-ecc
./configure --disable-asn --disable-rsa --disable-ecc --enable-psk
./configure --enable-cryptonly --disable-asn --disable-rsa --disable-ecc
1. Fails compiling the KDF file, can't find c32toa inline function.
2. In configure, move the check for ECC when ASN is disabled up to the
other ASN checks. It also needs to be checked with cryptonly is
disabled.
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
Two places in sp_invmod_mont_ct were not checking err is set before
performing a new operation and setting err. Change to check error before
performing operation.
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;
fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();
fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);
fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());
also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1.
* Cleanups for `XREALLOC` and new `WOLFSSL_NO_REALLOC` to force undef of `XREALLOC`.
* Change STM32 Cube to default to `NO_TLS_UART_TEST`.
Reworked the implementations of the EC APIs including:
wolfSSL_EC_curve, wolfSSL_EC_METHOD, wolfSSL_EC_GROUP,
wolfSSL_EC_POINT, wolfSSL_EC_KEY, wolfSSL_ECDSA_SIG, wolfSSL_ECDSA and
wolfSSL_ECDH.
Added support for EC parameters to PEM decoding.
EccEnumToNID() moved out of wolfCrypt - it maps NIDs defined in
wolfssl/openssl/ec.h to those in wolfssl/wolfcrypt/ecc.h.
Moved wc_OBJ_sn2nid() out of wolfCrypt - implementation uses
EccEnumToNID().
Changed reference counding to use wolfSSL_Ref.
Added tests to api.c that increase coverage of EC APIs.
_sp_div_small: Make it explicit as possible that we only want the bottom
digit of the product subtracted from the bottom word of t. Top digit is
unnecessary and more cycles used if calculated.
Fix for GeneratePublicDh was not right in #6002.
sp_DhExp_* are called from multiple functions.
Sometimes outLen contains a value and sometimes not.
Check public key output size in GeneratePublicDh before calling SP.
add support for EXTRA_CPPFLAGS, EXTRA_CCASFLAGS, and EXTRA_LDFLAGS;
fix typo in setup for CFLAG_VISIBILITY;
lightly refactor handling of CPPFLAGS/AM_CPPFLAGS in handlers for --with-liboqs, --with-wnr, and --with-cavium;
refactor+enhance options.h generation to handle -U directives.
Adding in tests of various versions of OpenWrt. Also simplified the way to reproduce potential issues and added in breadcrumbs for debugging.
Co-authored-by: Andras Fekete <andras@wolfssl.com>
mp_to_unsigned_len checks length and front pads with zeros.
Return MP_VAL when length is too small in all implemenations.
Make TFM implementation check length.
Add test case.
* First test
* Don't forget to run autogen.sh!
* Add tools needed by automake
* Try additional platforms
* Add in qemu for other platforms
* No real support for arm containers
* Fix indentation
* Simplify container build with a testing script
* Simpler names for actions
* No need to distribute OpenWRT test files
* Better list to put ignore files onto
* Create an 'ignore_files' list after all
* Add in some documentation of how OpenWRT tests work
* Fix up naming of OpenWrt
Co-authored-by: Andras Fekete <andras@wolfssl.com>
To speed up counting bits, use the instruction that counts leading zeros
in a word.
Fix _sp_div_3 to use registers with 0 in them for multiplication result.
* First attempt with GCC only
* Make the test run on every push temporarily
Also clean up the description of the workflow
* Fix invalid job name
* Missing hunks added
* Try out matrix actions
* Fix missing 'runs-on'
* Only needs to run on Ubuntu
* Use local installations of gcc/clang instead of containers
* Explicitly list out compilers to test
* Clean up names and concurrency group
* Only need to run on PRs and important branches
Co-authored-by: Andras Fekete <andras@wolfssl.com>
- Allocate ssl->suites when necessary for the WOLFSSL object to have its own instance. Use AllocateSuites() to allocate the object.
- Move cipher negotiation options from Suites into Options
ZD15346
The DTLS server needs to save the message_seq number of the client
hello for use in both the hello verify request in the stateless start
and for the server hello. Move the stashing of the value earlier in
DoClientHello(). (Issue #5224)
* Adding some developer utilities for Docker.
* Add support for `make test`
* Don't need to run the testsuite specifically
* Share .gitconfig and ssh keys with the container
Co-authored-by: Andras Fekete <andras@wolfssl.com>
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
* Refactor GitHub actions and add ESP tests.
* Add script for building all examples for ESP.
* Fixes for ESP-IDF v5.0
* Consolidating Espressif files into a single include.am
Co-authored-by: Andras Fekete <andras@wolfssl.com>
pool->sz is the size without the record header. The handshake header is present already.
Reproducible with
./udp_proxy -p 12345 -s 127.0.0.1:11111 -x 1:3 -S server
or
./udp_proxy -p 12345 -s 127.0.0.1:11111 -x 1:3 -S server
and
./examples/server/server -l ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305 -u -i
./examples/client/client -l ECDHE-RSA-AES256-GCM-SHA384 -u -R -p 12345 -i
There seems to have been a misunderstanding that WOLFSSL_OP_NO_TICKET would only disable tickets
for TLS version lower than 1.2. But it includes 1.2 as well.
Fix random prime generation for big endian to set low bits after
shifting top word.
Allow SP_MATH to be built without RSA, DH and ECC - needed for PKCS#12.
Add DH 2048 bit parameters to cert_test.c for test.c when NO_ASN and
WOLFSSL_SP_MATH.
This method requires some explanation. Its sibling is
int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
which re-inits the WOLFSSL* with all settings in the new CTX.
That one is the right one to use *before* a handshake is started.
This method was added by OpenSSL to be used *during* the handshake, e.g.
when a server inspects the SNI in a ClientHello callback and
decides which set of certificates to use.
Since, at the time the SNI callback is run, some decisions on
Extensions or the ServerHello might already have been taken, this
method is very restricted in what it does:
- changing the server certificate(s)
- changing the server id for session handling
and everything else in WOLFSSL* needs to remain untouched.
aia is a stack and must be pop freed rather than freed with XFREE.
Extract function that creates Authority Info Access stack.
Fix spelling issue raised by codespell.
Configuration
- thread-local storaoge is selected when available
- '--enable-error-queue-per-thread' and '--disable-error-queue-per-thread' can
be used as before to explicitly en-/disable the feature.
Implementation:
- with thread-local-storage, error queue is realized in one struct without
allocations. Queue size is restricted to 16 entries (per thread), which
is the same limit in OpenSSL 1.1.x.
- without thread-local-storage, all error queue operations are mutex locked
- wc_PeekErrorNodeLineData() and wc_GetErrorNodeErr() added for use by SSL
functions to allow locked queue iterations/manipulations.
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.
SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.
wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
--enable-entropy-memuse enables the software base entropy gatherer.
The entropy source uses difference in timing to read/write cache lines.
Random indeces into a buffer are updated with the high resolution timer
value which is fed into a hash to produce further random indeces.
The current time is added to the entropy samples at time of
conditioning.
When initializing the RNG and are using RDRAND, or one of the other
replacement random number generators that could fall back to the
Hash_DRBG if unavailable, set the status to DRBG_OK. This would fix a
problem if someone assumes the DRBG status is meaningful.
Make sp_rshd not available when WOLFSSL_SP_MATH in header.
sp_rshd is not required by any wolfCrypt code.
Fix sp_rshd comment on #endif
Make sp_div publicly available in some WOLFSSL_SP_MATH builds.
Delare sp_div for some WOLFSSL_SP_MATH builds.
Fix test.c to compile with WOLFSL_SP_MATH and HAVE_VALGRIND.
- adding patch for HAProxy, see dod/QUIC.md, based on current master.
For documentaton purposes, since HAProxy does not accept PRs. To be
removed once forwarded to the project.
SP int can be configured to declare temporary sp_ints.
Check that the requested number of digits is not larger than the max
supported (SP_INT_DIGITS).
Also check arrays of sp_ints too.
ULLONG_MAX is not defined for old versions of C compiler.
An unsigned long long type may still be available though.
Don't use unsigned long long for a 64-bit type when NO_64BIT is defined.
Tidy up Espressif ESP32 test and benchmark examples:
* add VisualGDB project and solution files for server and client
* "hardware in use revert to software" is now verbose level message
* Remove (void) TAG; - not needed to appease compiler
* include esp_log.h lib with defined(WOLFSSL_ESPIDF)
* large ESP32 default stack size
* check for max number of arguments assembled into array
* cleanup & comments per code review
* wolfssl_test VisualGDB updates
* Espressif wolfssl_test default stack 55,000 bytes
Change API test cases to return a result.
Test success is now TEST_SUCCESS (1).
Test result can be returned with use of macro TEST_RES_CHECK().
Always print the id, name of the test and the result (skipped or
otherwise) before and after running the test case.
Changed test case output to go to stderr.
Fixed some formatting.
Add option to take index and/or name of test case to run.
Added option to list all API tests.
Added option to only run API tests.
Added options to show usage.
Fixing issue #3070. When the OCSP responder returns an unknown exception,
continue through to checking the CRL. Before, it was setting the flag
to check CRL, then clearing it because of the exception.
This fixes hash based dir lookup of ASN1/DER CRLs in OpenSSL
compatible API. The function wolfSSL_X509_load_crl_file is
called with entry->dir_type, rather than hardcoded filetype.
A new test crl was added, and existing crl 0fdb2da4.r0 was
reorganized to a new dir.
Also, completes the stub wolfSSL_X509_LOOKUP_add_dir. A new
test function test_X509_LOOKUP_add_dir was added to tests/api.c
Specific compress key code for P521 doesn't need a n square function.
Fixing generation of x86_64 ASM scripts resulted in adding carriage
return to chacha_asm.S.
clang-analyzer-deadcode.DeadStores in examples/server/server.c;
-Werror=use-after-free and LeakSanitizer Direct leak in tests/api.c;
nullPointerRedundantCheck in src/pk.c which identified a semantically consequential flub.
In configure.ac and CMakeLists.txt, check for the header
Security/SecTrustSettings.h. If this header is found, enable the feature. If
it isn't, disable it. For non-configure/non-CMake builds, require the user to
explicitly define HAVE_SECURITY_SECTRUSTSETTINGS_H if they want to use system
CA certs (handled in settings.h).
For shared secrets, when a curve has a cofactor, the private key (in
range of order) is multiplied by the cofactor before use.
If there is a cofactor involved, check bit size of scalar against
modulus instead of order.
fflush stdout after each scenario for line-buffered pipelining;
refactor csv_header_count into sym_header_printed, asym_header_printed, and pqasym_header_printed;
move SAKKE tests to precede PQ tests;
rename bench_stats_sym_check() to bench_stats_check();
add bench_stats_asym_finish_ex() accepting a "desc_extra" arg, and use it to disambiguate otherwise-homonymous SAKKE runs;
fix bench_aesecb_internal() to not check time (syscall) for every 3 blocks processed.
Reorganized the DH APIs into groups.
Reworked all DH APIs.
Improved testing of DH API.
Implemented wolfSSL_PEM_read_RSAPublicKey() and
wolfSSL_PEM_write_RSA_PUBKEY().
Fix public key PEM write implementations to use the correct
header/footer names.
Added support for "RSA PUBLIC KEY" in header and footer in DerToPemEx().
Reworked PEM read/write APIs to be independent. No longer create an EVP
to use common function - common functionality refectored out.
Similarly file APIs don't create a BIO and call the partner APIs.
Improved testing of PEM read/write APIs.
Generic read BIO from memory BIO now returns the buffer instead of
allocating memory and reading.
No longer reading chunks when a file BIO.
Added wolfssl_make_rng() to create or get get global random. All RSA and
DH APIs now use this. DH_generate_parameters() creates a random object
and use global on error rather than just using global random.
Changed implementations to use BIO_new_fp() instead of create a new BIO
and setting file pointer.
WOLFSSL_PSS_LONG_SALT and WOLFSSL_PSS_SALT_LEN_DISCOVER are supported in our
latest FIPS module (v5). These should be defined for engine builds as long as
the FIPS version isn't v2.
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
* Old CyaSSL/CtaoCrypt shim layer was removed in this release (5.6.4)
## Vulnerabilities
* [Medium] A fix was added, but still under review for completeness, for a Bleichenbacher style attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a large number of trial connections. This issue is around RSA decryption and affects static RSA cipher suites on the server side, which are not recommended to be used and are off by default. Static RSA cipher suites were also removed from the TLS 1.3 protocol and only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It's recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. The fix is located in this pull request (https://github.com/wolfSSL/wolfssl/pull/6896)
## New Feature Additions
* DTLS 1.3 PQC: support fragmenting the second ClientHello message. This allows arbitrarily long keys to be used, opening up support for all PQC ciphersuites in DTLS 1.3.
* SM2/SM3/SM4: Chinese cipher support including TLS 1.3 and 1.2 cipher suites. SM2 SP implementation available.
* Ability to parse ASN1 only with SMIME_read_PKCS7
* Added support for MemUse Entropy on Windows
* Added Ada Bindings for wolfSSL
* Added a PEM example that converts to and from DER/PEM.
* Added LMS/HSS and XMSS/XMSS^MT wolfcrypt hooks, both normal and verify-only options.
* Added support for the AES EAX mode of operation
* Port for use with Hitch (https://github.com/varnish/hitch) added
* Add XTS API's to handle multiple sectors in new port ot VeraCrypt
## Enhancements and Optimizations
* Turned on SNI by default on hosts with resources
* Improved support for Silicon Labs Simplicity Studio and the ERF32 Gecko SDK
* Thumb-2 and ARM32 Curve25519 and Ed25519 assembly have significantly improved performance.
* Thumb-2 AES assembly code added.
* Thumb-2 and ARM32 SP implementations of RSA, DH and ECC have significantly improved performance.
* Minor performance improvements to SP ECC for Intel x64.
* AES-XTS assembly code added for Intel x64, Aarch64 and ARM32.
* Added support for X963 KDFs to ECIES.
* Added 32-bit type only implementation of AES GMULT using tables.
* Add support for nginx version 1.25.0
* Add support for Kerberos version 5 1.21.1
* Check all CRL entries in case a single issuer has multiple CRL's loaded
* CRL verify the entire chain including loaded CA's
* Added example for building wolfSSL as an Apple universal binary framework using configure
* Sniffer tool now supports decrypting TLS sessions using secrets obtained from a SSLKEYLOGFILE
* Updates made for EBSNET port
* Update "--enable-jni" to include additional defines for expanded JNI support. Also includes JCE and JSSE builds under the single enable option now.
## Fixes
* Fixed error handling when decrypted pre-master secret is too long when using static RSA.
* Added a fix for keymod use with i.MX RT1170 CAAM blobs
* Added a fix for AES-GCM use with Petalinux Xilinx
* Fixed `wc_SignatureGenerate_ex` to not call verify twice
* Fixed wolfCrypt FIPS DLL on Win32
* Fixed TFM math library big-endian reading implementation when a zero length buffer is passed in.
* Fixed NO_CERT configurations to build correctly.
* Fixed ARM AES-GCM streaming assembly when –enable-opensslextra defined.
* Added modulus checks to heap math implementation of mp_exptmod().
* Fixed Windows assembly code to handle that certain XMM registers are non-volatile.
* Aarch64 SP ECC implementation of sp_256_mont_dbl_4 has the register list for the assembly code fixed to include all used registers.
* mp_sqrt_mod_prime fixed to limit the number of iterations of a loop to handle malicious non-prime values being passed in.
* Ignore session ID's shorter than 32 bytes instead of erroring out
# wolfSSL Release 5.6.3 (Jun 16, 2023)
Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes:
* Fix for setting the atomic macro options introduced in release 5.6.2. This issue affects GNU gcc autoconf builds. The fix resolves a potential mismatch of the generated macros defined in options.h file and the macros used when the wolfSSL library is compiled. In version 5.6.2 this mismatch could result in unstable runtime behavior.
* Fix for invalid suffix error with Windows build using the macro GCM_TABLE_4BIT.
* Improvements to Encrypted Memory support (WC_PROTECT_ENCRYPTED_MEM) implementations for modular exponentiation in SP math-all (sp_int.c) and TFM (tfm.c).
* Improvements to SendAlert for getting output buffer.
# wolfSSL Release 5.6.2 (Jun 09, 2023)
Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
Release 5.6.2 of wolfSSL embedded TLS has bug fixes and new features including:
## Vulnerabilities
* [Low] In cases where a malicious agent could analyze cache timing at a very detailed level, information about the AES key used could be leaked during T/S Box lookups. One such case was shown on RISC-V hardware using the MicroWalk tool (https://github.com/microwalk-project/Microwalk). A hardened version of T/S Box lookups was added in wolfSSL to help mitigate this potential attack and is now on by default with RISC-V builds and can be enabled on other builds if desired by compiling wolfSSL with the macro WOLFSSL_AES_TOUCH_LINES. Thanks to Jan Wichelmann, Christopher Peredy, Florian Sieck, Anna Pätschke, Thomas Eisenbarth (University of Lübeck): MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6309
* [High] In previous versions of wolfSSL if a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing surreptitious access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. We recommend that TLS 1.3 client side users update the version of wolfSSL used. Thanks to Johannes from Sectra Communications and Linköping University for the report. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6412
## New Feature Additions
### New Ports and Expansions
* Add support for STM32H5
* Add support for Renesas TSIP v1.17
* Add Renesas SCE RSA crypto-only support
* STARCORE DSP port and example builds added
* Add the function wc_PKCS7_SetDefaultSignedAttribs for setting PKCS7 signed attributes to use with PKCS7 bundle creation
* NXP IMX6Q CAAM port with QNX and performance optimizations for AES-CTR
### New Build Options
* ASN.1 print utility to decode ASN.1 syntax and print out human readable text --enable-asn-print. Utility app is located in the directory ./examples/asn1/
* Add introspection for math build, wc_GetMathInfo() to get information about the math library compiled into the linked wolfSSL library
* Implement TLS recommendations from RFC 9325 for hardening TLS/DTLS security. Enabled with the autoconf flag --enable-harden-tls.
* Add option to support disabling thread local storage, --disable-threadlocal
* Added wc_DsaSign_ex() and wc_DsaVerify_ex() for handling alternative digest algorithms with DSA Sign/Verify
* Implement atomic operations interface. Macros auto-detect if atomic operations are expected to be available, can be turned off with the macro WOLFSSL_NO_ATOMICS
* Added support for DTLS 1.3 Authentication and Integrity-Only Cipher Suites
* Expand crypto callback to have a device ID find callback function with wc_CryptoCb_SetDeviceFindCb. Enabled with the macro WOLF_CRYPTO_CB_FIND
## Enhancements and Optimizations
### Optimizations
* Increased performance with ChaCha20 C implementation and general XOR operations
* Added integer type to the ASN.1 sequencing with ASN.1 Integer sequence
* With wolfSSL_get_x509_next_altname reset alt name list to head once cycled through if compiling with the macro WOLFSSL_MULTICIRCULATE_ALTNAMELIST
* Additional key validity sanity checks on input to wolfSSL_EC_KEY_set_private_key
* adds support for TLSv1.3 stateful session tickets when using SSL_OP_NO_TICKET
### Memory Optimizations
* Improvements to stack usage and management with SP int math library
* Optimization to TLS 1.3 server to remove caching messages for Ed25519/Ed448
* Added a HAVE_CURL macro build for building a subset of the wolfSSL library when linking with cURL
* Memory usage improvement with reducing the size of alignment needed with AES
* Reduce run time memory used with ECC operations and ALT_ECC_SIZE
* Fixes and improvements for building edge cases such as crypto callback without hash-drbg with low footprint options
* Support HAVE_SESSION_TICKET build option without depending on realloc
### Documentation
* Instructions for GPDMA on STM32 configuration added
* Add in instructions for compiling with zephyr on STM32
* Documentation fixup for wolfSSL_get_chain_cert()
* Fix the file pointed to in the TI RTOS documentation that we maintain
* Documentation for wolfSSL_CertManagerFreeCRL
* Updates made to AES and Chacha documentation
* Update Japanese comments for Ed25519, AES, and other miscellaneous items
### Tests
* Add in an option for easily testing malloc failures when building with WOLFSSL_MEM_FAIL_COUNT macro
* Updated in process for using Expect vs Assert to facilitate more malloc failure tests
* Enhance wolfCrypt test for builds that do not have ECC SECP curves enabled
* ESP32 platform-specific VisualGDB test & benchmark projects
* Update to dependencies in docker container file used for tests
* Fix up for base 10 output with bundled benchmark application
### Port Updates
* Zephyr port update, compile time warning fixes, misc. fixes when used with TLS and update of includes
* Update RIOT-OS to not compile out use of writev by default
* Update Micrium port to enable use of STM32_RNG
* Micrium updates for XMEMOVE and XSTRTOK use
* Various Espressif HW crypto, SHA2, AES, MP updates
* Added in ASIO build option with CMake builds
### General Enhancements
* Global codebase cleanup for C89 compliance and wolfCrypt -Wconversion hygiene
* PKCS#11 enhancement adding a callback for RSA key size when using a hardware key, by default 2048 bit key is used
* Allow for unknown OIDs in extensions in wolfSSL_X509_set_ext()
* Allow user to override XSTAT by defining the macro XSTAT when compiling
* Support UPN and SID with x509 certificate extensions and custom OID build
* Write next IV in wolfSSL_DES_ede3_cbc_encrypt for better handling of inline encryption
* Adding NO_ASN_TIME_CHECK build option for compiling out certificate before/after checks
* Improve different peer recvfrom handling and error reporting with ipv4 vs ipv6
## Fixes
* Fix for STM32 ECC sign and verify out of bounds buffer write when the hash length passed in is larger than the key size. Thanks to Maximilian for the report.
* Fix to skip Async_DevCtxInit when using init rsa/ecc label/id api's
* Revert WOLFSSL_NO_ASN_STRICT macro guard around alternate names directory list
* In async mode, don't retry decrypting if a valid error is encountered on a packet parse attempt
* Add additional sanity check on PKCS7 index value in wc_PKCS7_DecryptKekri
* Fix for padding when using an AuthEnvelope PKCS7 type with GCM/CCM stream ciphers
* Fix siphash assembly so that no register is left behind
* Fix to not send a TLS 1.3 session ID resume response when resuming and downgrading to a protocol less than TLS 1.3
* Fix overwriting serialNumber by favouriteDrink when generating a certificate using Cert struct
* Fix for the default realloc used with EspressIf builds
* Track SetDigest usage to avoid invalid free under error conditions
* DTLS v1.3 fix for epoch 0 check on plaintext message
* Fix for session ticket memory leak in wolfSSL_Cleanup
* Fixes for propagating SendAlert errors when the peer disconnects
* Replace XMEMCPY with XMEMMOVE to fix valgrind-3.15.0 reports "Source and destination overlap in memcpy" when using --enable-aesgcm-stream
* Fix for potential out-of-bounds write edge case in fp_mod_2d with --enable-fastmath math library
* Fix getting ECC key size in stm32_ecc_sign_hash_ex
* Fix for case where wc_PeekErrorNodeLineData was not unlocking error queue on error
* Fix for async ECC shared secret state
* Fix for better error checking with sp_gcd with SP int math library
* Fix memory leak in TLSX_KeyShare_Setup when handling an error case
* Fix for double free edge case in InitOCSPRequest when handling a memory allocation failure
* X509 NAME Entry fix for leaking memory on error case
* Fix wolfssl_asn1_time_to_tm setting unexpected fields in tm struct
* Fix for FIPS ECC integrity check with crypto callback set
* BN_to_ASN1_INTEGER fix for handling leading zero byte padding when needed
* Fix a typo in PP macro and add a ceiling to guard against implementation bugs
* DTLS 1.3 fix for using the correct label when deriving the resumption key
* OCSP fix for GetDateInfo edge case with non ASN template builds
* Allow a user set certificate callback function to override the skipAddCA flag when parsing a certificate
* SP int: sp_radix_size when radix 10 fix temp size for handling edge case
* Fixes and improvements for handling failures with memory allocations
* Fix for DecodeECC_DSA_Sig to handle r and s being initialized
* Fix for wc_ecc_is_point to ensure that the x and y are in range [0, p-1] and z is one (affine ordinates)
### Build Fixes
* Fix for building on Windows with CMake and using USER_SETTINGS and fix for options.h creation with CMake when using USER_SETTINGS
* CMake fixes and improvements for use with mingw32
* Fix for building with wpas and x509 small options
* Check if colrm is available for options.h creation when using autoconf
* Clean up NO_BIG_INT build, removing WOLFSSL_SP_MATH macro and heapmath compile
* Fix PKCS#7 build with NO_PKCS7_STREAM
* Fix compilation error in CC-RX and remove unnecessary public key import
* SP Build fixes for ARM assembly with ARMv6 clz and ARM thumb debug build
* For to not advertise support for RSA in TLS extensions when compiled with NO_RSA
# wolfSSL Release 5.6.0 (Mar 24, 2023)
Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
* This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original
Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
## New Feature Additions
* ASN template is now the default ASN parsing implementation when compiling with configure
* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption)
* DTLS 1.3 stateless server ClientHello parsing support added
### Ports
* Add RX64/RX71 SHA hardware support
* Port to RT1170 and expand NXP CAAM driver support
* Add NuttX integration files for ease of use
* Updated Stunnel support for version 5.67
Compatibility Layer
* Add in support for AES-CCM with EVP
* BN compatibility API refactoring and separate API created
* Expanding public key type cipher suite list strings support
### Misc.
* Support pthread_rwlock and add enable option
* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options
* Docker build additions for wolfSSL library and wolfCLU application
* Add favorite drink pilot attribute type to get it from the encoding
* Added in support for indefinite length BER parsing with PKCS12
* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM
## Improvements / Optimizations
### Tests
* Additional CI (continuous integration) testing and leveraging of GitHub workflows
* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows
* Add compilation of Espressif to GitHub workflows tests
* Refactoring and improving error results with wolfCrypt unit test application
* Minor warning fixes from Coverity static analysis scan
* Add new SHA-512/224 and SHA-512/256 tests
* Used codespell and fixed some minor typos
### Ports
* Improve TLS1.2 client authentication to use TSIP
* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32
* AES-GCM Windows assembly additions
* CRLF line endings, trailing spaces for C# Wrapper Projects
Compatibility Layer
* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size
* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey
* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates
* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs
### SP
* In SP math library rework mod 3 and use count leading zero instruction
* Fix with SP ECC sign to reject the random k generated when r is 0
* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function
* With SP int fail when buffer writing to is too small for number rather than discarding the extra values
### Builds
* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack
* Fix CMake to exclude libm when DH is not enabled
* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product
* Add option to add library suffix, --with-libsuffix
* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros
* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h
* Purge the AES variant of Dilithium
* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key
* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds
* Expand checking for hardware that supports ARMv7a neon with autotools configure
* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer
* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined
### Benchmarking
* Update wolfCrypt benchmark Windows build files to support x64 Platform
* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes
* Separate AES-GCM streaming runs when benchmarked
* No longer call external implementation of Kyber from benchmark
* Fix for benchmarking shake with custom block size
* Fixes for benchmark help `-alg` list and block format
Documentation/Examples
* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen
* Move the wolfSSL Configuration section higher in QUIC.md
* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h
* Espressif examples run with local wolfSSL now with no additional setup needed
* Added a fix for StartTLS use In the example client
* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app
### Optimizations
* AES-NI usage added for AES modes ECB/CTR/XTS
### Misc
* Update AES-GCM stream decryption to allow long IVs
* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports
* Cleanup function logging making adjustments to the debug log print outs
* Remove realloc dependency in DtlsMsgCombineFragBuckets function
* Refactor to use WOLFSSL_CTX’s cipher suite list when possible
* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function
* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS
* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER
* Update AES XTS encrypt to handle in-place encryption properly
* With TLS 1.3 add option to require only PSK with DHE
## Fixes
### Ports
* Fix for AES use with CAAM on imx8qxp with SECO builds
* Fix for PIC32 crypto HW and unused `TLSX_SetResponse`
* Fix warning if ltime is unsigned seen with QNX build
* Updates and fix for Zephyr project support
* Include sys/time.h for WOLFSSL_RIOT_OS
* Move X509_V errors from enums to defines for use with HAProxy CLI
* Fix IAR compiler warnings resolved
* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1
* ESP32 fix for SHA384 init with hardware acceleration
### Builds
* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl
* Fixes for building with C++17 and avoiding clashing with byte naming
* Fixes SP math all build issue with small-stack and no hardening
* Fix for building with ASN template with `NO_ASN_TIME` defined
* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined
* Don't allow aesgcm-stream option with kcapi
* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems
* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler
* Fixes for building KCAPI with opensslextra enabled
* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler
* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR`
* Fix for PKCS7 with asynchronous crypto enabled
### Math Library
* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce
* In SP builds add sanity check with DH exp. to check the output length for minimum size
* In SP math fix scalar length check with EC scalar multiply
* With SP int fix handling negative character properly with read radix
* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct
* Fix to add sanity check for malloc of zero size in fastmath builds
* In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check
* Heapmath fast mod. reduce fix
### Compatibility Layer
* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information
* Fix for EVP_EncryptUpdate to update outl on empty input
* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility
* Rework EC API and validate point after setting it
* Fix for X509 RSA PSS with compatibility layer functions
* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing
* Added sanity check on key length with wolfSSL_CMAC_Init function
* Fix for return value type conversion of bad mutex error in logging function
* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption
* Fix unguarded XFPRINTF calls with opensslextra build
* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails
### Misc.
* Add sanity check to prevent an out of bounds read with OCSP response decoding
* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax
* Adjust RNG sanity checks and remove error prone first byte comparison
* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer
* PKCS7 addition of sequence around algo parameters with authenvelop
* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init
* Fix for SRTP setting bitfield when it is encoded for the TLS extension
* Fix for handling small http headers when doing CRL verification
* Fix for ECCSI hash function to validate the output size and curve size
* Fix for value of givenName and name being reversed with CSR generation
* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification
* Fix for a potential memory leak with ProcessCSR when handling OCSP responses
* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set
* Fix for zlib decompression buffer issue with PKCS7
* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence
* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket()
* Fix for handling long session IDs with TLS 1.3 session tickets
* Fix for AES-GCM streaming when caching an IV
* Fix for test case with older selftest that returns bad padding instead of salt len error
* Add fix for siphash cache and added in additional tests
* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds
* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3
* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING
# wolfSSL Release 5.5.4 (Dec 21, 2022)
Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:
## New Feature Additions
* QUIC related changes for HAProxy integration and config option
* Support for Analog Devices MAXQ1080 and MAXQ1065
* Testing and build of wolfSSL with NuttX
* New software based entropy gatherer with configure option --enable-entropy-memuse
* NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC
* Support for multi-threaded sniffer
## Improvements / Optimizations
### Benchmark and Tests
* Add alternate test case for unsupported static memory API when testing mutex allocations
* Additional unit test cases added for AES CCM 256-bit
* Initialize and free AES object with benchmarking AES-OFB
* Kyber with DTLS 1.3 tests added
* Tidy up Espressif ESP32 test and benchmark examples
* Rework to be able to run API tests individually and add display of time taken per test
### Build and Port Improvements
* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU
* Add support to detect SIZEOF_LONG in armclang and diab
* Added in a simple example working on Rx72n
* Update azsphere support to prevent compilation of file included inline
* --enable-brainpool configure option added and default to on when custom curves are also on
* Add RSA PSS salt defines to engine builds if not FIPS v2
### Post Quantum
* Remove kyber-90s and route all Kyber through wolfcrypt
* Purge older version of NTRU and SABER from wolfSSL
### SP Math
* Support static memory build with sp-math
* SP C, SP int: improve performance
* SP int: support mingw64 again
* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long
* SP int: check size required when using sp_int on stack
* SP: --enable-sp-asm now enables SP by default if not set
* SP: support aarch64 big endian
### DTLS
* Allow DTLS 1.3 to compile when FIPS is enabled
* Allow for stateless DTLS client hello parsing
### Misc.
* Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value
* Detection of duplicate known extensions with TLS
* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API
* Update max Cert Policy size based on RFC 5280
* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
* Improve logic for enabling system CA certs on Apple devices
* Stub functions to allow for cpuid public functions with non-intel builds
* Increase RNG_SECURITY_STRENGTH for FIPS
* Improvements in OpenSSL Compat ERR Queue handling
* Support ASN1/DER CRLs in LoadCertByIssuer
* Expose more ECC math functions and improve async shared secret
* Improvement for sniffer error messages
* Warning added that renegotiation in TLS 1.3 requires session ticket
* Adjustment for TLS 1.3 post auth support
* Rework DH API and improve PEM read/write
## Fixes
### Build Fixes
* Fix --enable-devcrypto build error for sys without u_int8_t type
* Fix casts in evp.c and build issue in ParseCRL
* Fixes for compatibility layer building with heap hint and OSSL callbacks
* fix compile error due to Werro=undef on gcc-4.8
* Fix mingw-w64 build issues on windows
* Xcode project fixes for different build settings
* Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration
* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification
* Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds
* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY`
### OCSP Fixes
* Correctly save next status with OCSP response verify
* When the OCSP responder returns an unknown exception, continue through to checking the CRL
### Math Fixes
* Fix for implicit conversion with 32-bit in SP math
* Fix for error checks when modulus is even with SP int build
* Fix for checking of err in _sp_exptmod_nct with SP int build
* ECC cofactor fix when checking scalar bits
* ARM32 ASM: don't use ldrd on user data
* SP int, fix when ECC specific size code included
### Port Fixes
* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM
* Fix for cryptocell signature verification with ECC
* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO
### Compat. Layer Fixes
* Fix for handling DEFAULT:... cipher suite list
* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object
* Set alt name type to V_ASN1_IA5STRING
* Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject
* Fix wolfSSL_set_SSL_CTX() to be usable during handshake
* Fix X509_get1_ocsp to set num of elements in stack
* X509v3 EXT d2i: fix freeing of aia
* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509()
* Link newly created x509 store's certificate manager to self by default to assist with CRL verification
* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found
### Misc.
* Free potential signer malloc in a fail case
* fix other name san parsing and add RID cert to test parsing
* WOLFSSL_OP_NO_TICKET fix for TLSv1.2
* fix ASN template parsing of X509 subject directory attribute
* Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
* Fix incorrect self signed error return when compiled with certreq and certgen.
* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline()
* Fix for decryption after second handshake with async sniffer
* Allow session tickets to properly resume when using PQ KEMs
* Add sanity overflow check to DecodeAltNames input buffer access
# wolfSSL Release 5.5.3 (Nov 2, 2022)
Release 5.5.3 of wolfSSL embedded TLS has the following bug fix:
## Fixes
* Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (https://github.com/wolfSSL/wolfssl/pull/5743) and fixed in pull request 5757 (https://github.com/wolfSSL/wolfssl/pull/5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL.
# wolfSSL Release 5.5.2 (Oct 28, 2022)
Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:
@@ -2800,7 +3318,7 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
a) If using wolfSSL for DTLS on the server side of a publicly accessible
machine you MUST update.
b) If using wolfSSL for TLS on the server side with private RSA keys allowing
ephemeral key exchange without low memory optimziations you MUST update and
ephemeral key exchange without low memory optimizations you MUST update and
regenerate the private RSA keys.
Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details
This is a Docker environment for compiling, testing and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
# Docker Hub
These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
# FAQ
## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
## Unable to access symlinked files outside of WolfSSL
The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.
@@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the
4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL.
5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
Here's an example of the paths that must be added.
@@ -6,6 +6,7 @@ and have not yet been upgraded to the master branch V5.
See the latest [migration guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
## Overview
ESP-IDF development framework with wolfSSL by setting *WOLFSSL_ESPIDF* definition
Including the following examples:
@@ -17,29 +18,57 @@ Including the following examples:
The *user_settings.h* file enables some of the hardened settings.
## Requirements
1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
## Setup for Linux
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
## Setup for Windows
1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
3. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
4. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
@@ -14,3 +14,177 @@ When you want to run the benchmark program
2.`idf.py monitor` to see the message
See the README.md file in the upper level 'examples' directory for more information about examples.
## Performance
Reminder than when building on WSL in `/mnt/c` there will be a noticeable performance degradation at compile time. Using `~/` will be faster at the cost of shared filesystems.
Example build on WSL:
```
Optionally install wolfSSL component
# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF
./setup.sh
cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
# Pick ESP-IDF install directory, this one for v4.4.2 in VisualGDB
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
