-Wdeclaration-after-statement to .github/workflows/pq-all.yml.
rearrange code/gating in wolfcrypt/src/wc_mlkem.c:mlkemkey_encapsulate() for
clarity and to fix a -Wdeclaration-after-statement.
also, made mlkem_encapsulate_c() and mlkem_encapsulate() return error code
(currently always zero) rather than void, for consistency.
configure.ac: fix Kyber/ML-KEM option setup.
wolfcrypt/test/test.c: fix gating around modLen in rsa_test().
wolfssl/openssl/bn.h: remove superfluous WOLFSSL_SP_MATH gate around mp_int mpi
in struct WOLFSSL_BIGNUM definition.
wolfssl/wolfcrypt/wolfmath.h: add check for "Conflicting MPI settings.", add
initial check for WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_MATH to include sp_int.h,
and remove superfluous WOLFSSL_SP_MATH gate on "common math functions".
the FIPS boundary, just set up appropriate defaults.
wolfssl/wolfcrypt/wolfmath.h: if legacy math back ends aren't defined, and
NO_BIG_INT isn't defined, then always include sp_int.h, for backward compat.
defined, and issue a #error if no MPI backend gate is defined and NO_BIG_INT
is not defined either.
configure.ac:
* add support for FIPS lean-aesgcm[-{ready,dev}].
* implement handler for --enable-sha256.
* move setup for WOLFSSL_FIPS_DEV and WOLFSSL_FIPS_READY into the applicable
per-flavor sections.
* fix sensing of $ENABLED_AESGCM in FIPS setup clauses to pivot on `!= "no"`
rather than `= "yes"`, to accommodate "4bit" and other non-"yes" values.
* fix SNI_DEFAULT to be "no" if $ENABLED_TLS = no.
* fix ENABLED_DHDEFAULTPARAMS default to be $ENABLED_DH rather than yes.
wc_encrypt.c: add missing gates in wc_CryptKey() for NO_SHA256.
wolfcrypt/test/test.c: gating fixes for NO_SHA256.
wolfcrypt/benchmark/benchmark.c: basic fixes for building/running with
--disable-rng (-DWC_NO_RNG).
With the above additions and fixes, it's now a clean build, test, and benchmark,
with --disable-sha256 --enable-cryptonly --disable-hashdrbg --disable-rng
--disable-hmac, though RSA/DH/ECC benches are disabled.
as readonly in the encrypt/decrypt handlers -- clone them before setting the IV
-- for thread safety. also, remove the "experimental" designation of
--enable-linuxkm-lkcapi-register=all.
Improved testing of random APIs.
wolfmath tests moved out.
Public key algorithm testing moved out: RSA, DSA, DH, ECC, SM2,
Curve25519, Ed25519, Curve448, Ed448, ML-DSA.
Signature API tests moved out.
Fix for OCSP testing to ensure RSA is available.
Added group names to API test cases.
Can select groups to run with --group <name>. --groups lists all known
group names.
Added option to stop API testing on first failure: --stopOnFail.
* sense assert.h and define WOLFSSL_HAVE_ASSERT_H accordingly.
* force off enable_aesgcm_stream if 32 bit armasm or riscv-asm (not yet implemented or buildable).
* add AM_CONDITIONAL([BUILD_CHACHA_NOASM, ...]) when --enable-chacha=noasm.
src/include.am: gate armasm/riscv_asm chacha files on !BUILD_CHACHA_NOASM.
tests/api.c: add missing HAVE_CHACHA&&HAVE_POLY1305 gate around test_TLSX_CA_NAMES_bad_extension().
wolfcrypt/src/chacha.c: tweak WOLFSSL_ARMASM and WOLFSSL_RISCV_ASM codepaths to also depend on !NO_CHACHA_ASM.
wolfssl/wolfcrypt/types.h: in setup for wc_static_assert(), #include <assert.h> if WOLFSSL_HAVE_ASSERT_H, >=C11, or >=C++11.
WOLFSSL_DEBUG_TRACE_ERROR_CODES support for EINVAL/ENOMEM/EBADMSG;
configure.ac: remove ENABLED_EXPERIMENTAL requirement for
--enable-linuxkm-lkcapi-register=cfb(aes);
linuxkm/module_hooks.c: omit "skipping full wolfcrypt_test" message if
wc_RunAllCast_fips() was run.
this now works, and uses armasm-accelerated _AesEcb{En,De}crypt() via
_AesXtsHelper(). also, add -DNO_CRYPT_TEST to CFLAGS in builds with
$ENABLED_CRYPT_TESTS = no.
configure.ac: add a "Conflicting asm settings" error check at end, since our configuration currently blows up if --enable-intelasm and --disable-asm are combined.
self-test and crypto fuzzer), and de-experimentalize it.
wolfssl/wolfcrypt/types.h: add definitions for WOLFSSL_WORD_SIZE_LOG2.
wolfcrypt/src/misc.c: fix xorbuf() to make the XorWords() reachable; also,
refactor integer division and modulus ops as masks and shifts, and add pragma
to suppress linuxkm FORTIFY_SOURCE false positive -Wmaybe-uninitialized.
- Change struct KyberKey to struct MlKemKey
- Add backward compatibility typedef for KyberKey
- Add function declarations for new wc_MlKemKey_ functions
- Add backward compatibility #defines to map old wc_KyberKey APIs to new wc_MlKemKey APIs
- Update wc_MlKemKey_Init to take key first and type second
- Create new files wc_mlkem.h and wc_mlkem.c with updated content
- Update internal APIs with lowercase kyberkey to lowercase mlkemkey
Co-Authored-By: sean@wolfssl.com <sean@wolfssl.com>
Must set before and after dates into certificate structure as creation
of certificate does not fill in those fields but uses the current time.
The current time may change by a second between signings.
SP int inline asm:
- allow input variables to be either registers or memory for Intel
x86/x64 (minor performance improvement)
- don't have memory in clobber list if output variables are registers
- remove empty clobber line in arm32/thumb2 code for old versions of
gcc
_sp_mont_red():
- simplify the code by not using extra variables
- don't add to j in for loop check.
Adding -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT flag to the default
compilation flags when --enable-jni is used.
Related PRs in other repositories:
- wolfSSL/wolfssljni#255
- wolfSSL/testing#845
src/internal.c: fix shiftTooManyBitsSigned in DefTicketEncCb().
tests/api/test_sha256.c and wolfssl/wolfcrypt/sha256.h: gate raw transform APIs (wc_Sha256Transform(), wc_Sha256FinalRaw()) and tests on !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH).
move enum wc_HashFlags from wolfssl/wolfcrypt/hash.h to wolfssl/wolfcrypt/types.h to resolve circular dependency detected by cross-armv7m-armasm-thumb-fips-140-3-dev-sp-asm-all-crypto-only.
add FIPS_VERSION_GE(7,0) gates to new null-arg tests in test_wc_Shake{128,256}_*().
optimize ByteReverseWords() for cases where only one operand is unaligned, and add correct handling of unaligned data in ByteReverseWords64() to resolve unaligned access sanitizer report in cross-aarch64_be-all-sp-asm-unittest-sanitizer.
* Add support for CMake
* Add support for Zephyr
* Make sure the internal key state is properly handled in case a public
key is imported into a reloaded private key.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
- Added validation for digest type in `wolfSSL_OCSP_cert_to_id` function.
- Defined `OCSP_DIGEST` based on available hash types.
- Set `hashAlgoOID` in `certId` based on `OCSP_DIGEST`.
- Updated `asn.h` to define `OCSP_DIGEST` and `OCSP_DIGEST_SIZE` based on
available hash types.
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.
Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.
Add default digest size enums for Blake2b and Blake2s.
On memory allocation failure, some functions were leaking memory.
Also add reference counting to CRL object so that a deep copy of a list
of CRLs doesn't leak memory.
The test was explicitly freeing each CRL in the list.
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, define NO_OLD_WC_NAMES, OPENSSL_COEXIST, etc., to avoid collisions with in-tree crypto in application sources that include both wolfssl and linux kernel native headers.
There are the following reasons for this
- it conflicts with the OFFSETOF macro in the OS/2 header (Open Watcom)
- it is compiler-specific and should use the C standard offsetof definition in the header file stddef.h
- it is more transparent unique name
In case no user group ranking is set, all groups are now ranked equally
instead of the order in the `preferredGroup` array. This is the
behavior already indicated in the comment header of the function.
This change is necessary for applications that do not set their own
group ranking (via `wolfSSL_CTX_set_groups()` for example). When such an
application creates a TLS server and receives a ClientHello message with
multiple key shares, now the first key share is selected instead of the
one with the lowest index in the `preferredGroup` array.
Recent browsers with PQC support place two key shares in their
ClientHello message: a hybrid PQC + X25519 one and at least one
classic-only one. The hybrid one is the first one, indicating a
preference. Without this change, however, always the classic-only key
share has been selected, as these algorithms have a lower index in the
`preferredGroup` array compared to the PQC hybrids.
Tested using a patched version of NGINX.
This change also results in a different selection of a key share group
in case of a HelloRetryRequest message. For the tests, where static
ephemeral keys are used (`WOLFSSL_STATIC_EPHEMERAL`), an additional
check is necessary to make sure the correct key is used for the ECDH
calculation.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
Add support for X25519 and X448 based hybrid PQC + ECC key exchange
groups. Furthermore, two new combinations with SECP curves are added to
match OQS combinations.
This also incorporates the changed order of X25519 and X448 based
combinations to place the PQC material before the ECDH material. This is
motivated by the necessity to always have material of a FIPS approved
algorithm first.
Also, codepoints are updated to reflect the latest draft standards for
pure ML-KEM and some of the hybrids. With these changes and based on the
recent additions to both enable ML-KEM final and draft versions
simultaneously, a WolfSSL TLS server is now compatible with all recent
browsers that support either the draft version of ML-KEM (Chromium based
browsers and Firefox < version 132; only when the draft version is
enabled in the build) or the final version already (Firefox > version 132).
In the process of extending support, some code and logic cleanup
happened. Furthermore, some memory leaks within the hybrid code path have
been fixed.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
Threads::Threads is not defined, if support not found for some reason
if custom threads support is used then it happen always
of cause some tests relates to standard threads support then it fails during build, but build is started and only some tests fail
ML-KEM/Kyber:
MakeKey call generate random once only for all data.
Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
Fix InvNTT assembly code for x64 - more reductions.
Split out ML-KEM/Kyber tests from api.c.
TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.
misc.c: when Intel x64 build, assume able to read/write unaligned
- Added a new test case `resp_bad_embedded_cert` in
`create_ocsp_test_blobs.py` to test OCSP response with an unusable
internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
test case.
- Ensured the new test case checks for proper handling of OCSP responses
with incorrect internal certificates.
- Search certificate based on responderId
- Verify response signer is authorized for all single responses
- Align with OpenSSL behavior
- Separate wolfSSL_OCSP_basic_verify from verification done during
decoding
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
XOR in random value to scalar and perform special scalar multiplication.
Multiply x3 and z3 by random value to randomize co-ordinates.
Add new APIs to support passing in an RNG.
Old APIs create a new RNG.
Only needed for the C implementations that are not small.
Modified TLS and OpenSSL compat API implementations to pass in RNG.
Fixed tests and benchmark program to pass in RNG.
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
The SE050 port won't compile in the latest wolfSSL. This patch:
* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
* Correct cmake script to support Open Watcom toolchain (#8167)
* Fix thread start callback prototype for Open Watcom toolchain (#8175)
* Added GitHub CI action for Windows/Linux/OS2
* Improvements for C89 compliance.
Thank you @jmalak for your contributions.
in wolfcrypt/src/coding.c, add ALIGN64 to hexDecode[], and add hexEncode[] for use by Base16_Encode();
in wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h:
move ctMask*() up so that min() and max() can use them, and add ctMaskWord32GTE();
add ALIGN64 to kHexChar[];
add CT implementation of CharIsWhiteSpace();
remove min_size_t() and max_size_t() recently added, but only one user (refactored).
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
Fix spaces at start of copyright line in .asm files.
Changed generation of X25519 and Ed448 code to better match changes
already in C code. Fixed formatting in places.
change Buffers.prevSent and .plainSz from int to word32;
change SendData() sz arg from int sz to size_t sz;
add asserts in SendData() and ReceiveData() to prevent sz > INT_MAX (assuring no overflow internally or in the returned int).
wolfssl/ssl.h and src/ssl.c:
change WOLFSSL_BUFFER_INFO.length from unsigned int to word32 (no functional change, just for consistency);
add wolfSSL_write_internal(), refactor wolfSSL_write() to call it, and fix wolfSSL_write_ex() to take size_t sz, not int sz.
fix internal functions wolfSSL_read_internal() and ReceiveData() to likewise accept size_t sz;
add negative sz checks where needed to other functions that call wolfSSL_read_internal() and ReceiveData();
add min_size_t() and max_size_t() to misc.c/misc.h.
- Support using MAXQ for:
- AES-ECB
- AES-CCM
- AES-CBC
- ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
- check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
- This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
- delete a key in case it already exists; ignore error since it might not exist.
- unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
- allow maxq1065 to call the crypto callback.
- do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
Add assembly for Poly1305 using ARM32 NEON instruction set.
For Poly1305 ARM32 Base:
Change name from poly1305_blocks_arm32_16 to poly1305_arm32_blocks_16
poly1305.c:
ARM32 NEON - buffer up to 4 blocks
x86_64 - only calculate powers of r once after key is set.
test.c: poly1305 testing with multiple updates.
benchmark: chacha20-poly1305 now uses AAD
0-return from quic_record_append is an error. `quic_record_complete(qr) || len == 0` is not an error condition. We should return as normal on success.
The issue is that passing in buffers with length 1 then 3 causes `qr_length` (in `quic_record_make`) to return 0. Then when `quic_record_append` gets called the `len` gets consumed by the first `if` and `len == 0` is true. This causes the error return which is not correct behaviour.
Reported in https://github.com/wolfSSL/wolfssl/issues/8156. Reproducing is a bit tricky. I couldn't get the docker to work.
First setup ngtcp2 as described in https://github.com/ngtcp2/ngtcp2/pkgs/container/ngtcp2-interop. The Relevant steps are (I tested with master/main branches of all libs):
```
$ git clone --depth 1 -b v5.7.4-stable https://github.com/wolfSSL/wolfssl
$ cd wolfssl
$ autoreconf -i
$ # For wolfSSL < v5.6.6, append --enable-quic.
$ ./configure --prefix=$PWD/build \
--enable-all --enable-aesni --enable-harden --enable-keylog-export \
--disable-ech
$ make -j$(nproc)
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only
$ make -j$(nproc) check
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ autoreconf -i
$ # For Mac users who have installed libev with MacPorts, append
$ # LIBEV_CFLAGS="-I/opt/local/include" LIBEV_LIBS="-L/opt/local/lib -lev"
$ ./configure PKG_CONFIG_PATH=$PWD/../wolfssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig \
--with-wolfssl
$ make -j$(nproc) check
```
Download and unzip https://github.com/user-attachments/files/17621329/failing.pcap.zip
From the ngtcp2 dir:
```
./examples/wsslserver 127.0.0.1 44433 /path/to/wolfssl/certs/server-key.pem /path/to/wolfssl/certs/server-cert.pem
```
Then run the following python script (`failing.pcap` has to be available in the running dir) (probably needs to be run as `sudo`):
```
from scapy.utils import rdpcap, PcapNgReader
from scapy.all import *
reader = PcapNgReader("failing.pcap")
for i in reader:
p = i[IP]
p.dport = 44433
p.dst = "127.0.0.1"
p[UDP].chksum=0
p.display()
send(p)
```
Then observe the log line:
```
I00000000 0xa48accb7b49ec1556ac7111c64d3a4572a81 frm tx 625216795 Initial CONNECTION_CLOSE(0x1c) error_code=CRYPTO_ERROR(0x100) frame_type=0 reason_len=0 reason=[]
```
You can also use `gdb` and place a break inside the following section in `wolfssl/src/quic.c`.
```
if (quic_record_complete(qr) || len == 0) {
return 0;
}
```
The server was checking ssl->extensions which will always have an entry for TLSX_SIGNATURE_ALGORITHMS
as it is unconditionally added by TLSX_PopulateExtensions earlier in the DoTls13ClientHello function.
Instead, check args->clSuites->hashSigAlgoSz which is only set if signature_algorithms is found and parsed by TLSX_Parse.
This reverts commit bc12dad041.
This commit broke builds that combine QUIC and PQ -- known failures are pq-all-valgrind-unittest, pq-hybrid-all-rpk, pq-hybrid-all-rpk-valgrind-unittest, quantum-safe-wolfssl-all-gcc-latest, quantum-safe-wolfssl-all-g++-latest, quantum-safe-wolfssl-all-fortify-source-asm, quantum-safe-wolfssl-all-fortify-source-asm-noasm, and quantum-safe-wolfssl-all-intelasm-sp-asm-valgrind.
Note that the unit.test asserts added by this commit fail both before and after reversion.
wolfcrypt/src/integer.c: add additional guards against OOB access from uint wraps and null derefs of mp_int.dp, and refactor mp_grow() and mp_init_size() to use XMEMSET, for the benefit of clang-tidy. in mp_grow(), fix the condition for the realloc to assure always evaluated if a->alloc == 0.
wolfcrypt/src/asn.c: fix wc_CreatePKCS8Key() so that *outSz is always assigned when LENGTH_ONLY_E is returned.
wolfcrypt/src/pkcs7.c: remove redundant inner condition in wc_PKCS7_EncodeAuthEnvelopedData(), added in previous commit and caught on review by Jacob (thanks!).
wolfcrypt/src/sp_int.c: in sp_mont_norm(), add another suppression for the same false positive in sp_mul() suppressed in previous commit.
wolfcrypt/src/srp.c: refactor SrpHashSize() to return ALGO_ID_E rather than 0 when unknown/uncompiled alg is requested.
several fixes for defects reported by cppcheck:
wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;
wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
Plus fix location of the certificate files in the examples.
Tested with both Ada examples:
```
obj/tls_server_main --psk
obj/tls_client_main 127.0.0.1 --psk
```
0-return from quic_record_append is an error. `quic_record_complete(qr) || len == 0` is not an error condition. We should return as normal on success.
The issue is that passing in buffers with length 1 then 3 causes `qr_length` (in `quic_record_make`) to return 0. Then when `quic_record_append` gets called the `len` gets consumed by the first `if` and `len == 0` is true. This causes the error return which is not correct behaviour.
Reported in https://github.com/wolfSSL/wolfssl/issues/8156. Reproducing is a bit tricky. I couldn't get the docker to work.
First setup ngtcp2 as described in https://github.com/ngtcp2/ngtcp2/pkgs/container/ngtcp2-interop. The Relevant steps are (I tested with master/main branches of all libs):
```
$ git clone --depth 1 -b v5.7.4-stable https://github.com/wolfSSL/wolfssl
$ cd wolfssl
$ autoreconf -i
$ # For wolfSSL < v5.6.6, append --enable-quic.
$ ./configure --prefix=$PWD/build \
--enable-all --enable-aesni --enable-harden --enable-keylog-export \
--disable-ech
$ make -j$(nproc)
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/nghttp3
$ cd nghttp3
$ autoreconf -i
$ ./configure --prefix=$PWD/build --enable-lib-only
$ make -j$(nproc) check
$ make install
$ cd ..
$ git clone --recursive https://github.com/ngtcp2/ngtcp2
$ cd ngtcp2
$ autoreconf -i
$ # For Mac users who have installed libev with MacPorts, append
$ # LIBEV_CFLAGS="-I/opt/local/include" LIBEV_LIBS="-L/opt/local/lib -lev"
$ ./configure PKG_CONFIG_PATH=$PWD/../wolfssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig \
--with-wolfssl
$ make -j$(nproc) check
```
Download and unzip https://github.com/user-attachments/files/17621329/failing.pcap.zip
From the ngtcp2 dir:
```
./examples/wsslserver 127.0.0.1 44433 /path/to/wolfssl/certs/server-key.pem /path/to/wolfssl/certs/server-cert.pem
```
Then run the following python script (`failing.pcap` has to be available in the running dir) (probably needs to be run as `sudo`):
```
from scapy.utils import rdpcap, PcapNgReader
from scapy.all import *
reader = PcapNgReader("failing.pcap")
for i in reader:
p = i[IP]
p.dport = 44433
p.dst = "127.0.0.1"
p[UDP].chksum=0
p.display()
send(p)
```
Then observe the log line:
```
I00000000 0xa48accb7b49ec1556ac7111c64d3a4572a81 frm tx 625216795 Initial CONNECTION_CLOSE(0x1c) error_code=CRYPTO_ERROR(0x100) frame_type=0 reason_len=0 reason=[]
```
You can also use `gdb` and place a break inside the following section in `wolfssl/src/quic.c`.
```
if (quic_record_complete(qr) || len == 0) {
return 0;
}
```
- Add comments for the PSK value in the example.
- Add runtime argument for executing the PSK test.
- Warn user that their callback implementation can't be in the SPARK subset.
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
Tested with:
`wolfSSL/wolfssl-examples/psk/server-psk.c`
after changing `DTLSv1_3_Client_Method` to `DTLSv1_2_Client_Method` to comply with the server example.
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.
Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.
Improved array data format for inline assembly code.
add wolfssl_no_resume flag to openssl.test
check for version of openssl testing against
check if RSA is supported for test case
guard on test case for TLS versions supported
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```
Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```
Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```
Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.
wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'
tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'
tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
Interrupted connection should return control to the user since they may want to handle the signal that caused the interrupt. Otherwise, we might never give back control to the user (the timeout would error out but that causes a big delay).
socat.yml: in test 475, the test would send a SIGTERM after 3 seconds. We would continue to ignore this signal and continue to call `recvfrom`. Instead we should error out and give control back to the user.
- wolfDTLS_accept_stateless - statelessly listen for incoming connections
- wolfSSL_inject - insert data into WOLFSSL object
- wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO
- wolfSSL_get_wfd - get the write side file descriptor
- wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record
- wolfSSL_dtls_get0_peer - zero copy access to the peer address
- wolfSSL_is_stateful - boolean to check if we have entered stateful processing
- wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid
- wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid
- wolfSSL_dtls_cid_parse - extract cid from a datagram/message
* change default WOLFSSL_REPO to the canonical upstream.
* refactor tag calculation without bash associative arrays, for backward compat.
* add support for fetching FIPS tags/branches into a persistent fips repo if one is found at ../fips.
* use --shared in git clones where applicable.
* always check out the master FIPS branch, for its tooling, and always make sure it's up to date with $FIPS_REPO.
* after each fetch for a previously unknown tag, explicitly associate the tag with the FETCH_HEAD.
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
The Ada wrapper had an `&` operator for the verification mode. This
effectively caused the verification mode to equal `0`.
The operator has been switched to `or` now, in addition, a getter has
been added to the API. This allows for the test I've added to the server
code to verify that it is being set correctly.
`OPENSSL_ALL` flag added to Ada so that the verify mode getter function
is compiled in.
Fixes#7461
Thanks to @dalybrown for reporting it.
This adds STM32 HAL support for:
* SHA384
* SHA512 (with -224 and -256)
* SHA3 (all variants apart from SHAKE)
The partial FIFO block calculations have been adjusted based in the
STM32 code to support the larger hash sizes.
This should work with other chips such as the STM32U5xx, but is not
enabled for that yet.
This adds support for the STM32MP13 HAL, tested on the STM32MP135F MPU.
Using the HAL this modifies our previous RNG, AES-CBC, AES-GCM, HASH,
ECDSA and DES3 ST HAL acceleration to work with the MPU. It also works
around bugs found in the AES-GCM code of the HAL.
The HAL does not appear to have support for MD5 HASH at the moment, so
this has been given a flag to disable it on this MPU.
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.
linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.
src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.
src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.
wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().
tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
```
Start wolf tsip crypt Test
simple crypt test by using TSIP
sha_test() passed
sha256_test() passed
tsip_aes_cbc_test() passed
tsip_aes256_test() passed
tsip_rsa_test(2048) passed
tsip_rsa_SignVerify_test(2048) passed
End wolf tsip crypt Test
```
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
Cryptodev has two sections for the session info struct, cipher and hash.
Our debug mode was using hash for the output even if we were using
cipher, so would output random data. Simple 'if' statement to do the
correct thing.
src/wolfio.c: #include <errno.h> if necessary;
wolfcrypt/src/asn.c: gate WOLFSSL_MSG_EX() uses on defined(DEBUG_WOLFSSL), for pedantic C89 compatibility (no variadic macros);
wolfssl/wolfcrypt/wc_port.h: refine setup for XFENCE().
return error code from wolfSSL_RefWithMutexUnlock() to expose result to caller;
fix endianness bug in src/x509.c:wolfSSL_X509_add_ext() (fixes failing test_wolfSSL_X509_add_ext on BE targets);
fix possible file handle leak in tests/api.c:test_wolfSSL_d2i_X509_REQ() (reported by clang-tidy);
in wolfssl/ssl.h, define CONST_NUM_ERR_WOLFSSL_SUCCESS, so that WOLFSSL_SUCCESS can be benignly miswrapped in WC_NO_ERR_TRACE().
in in wc_port.c, rename mutexful implementations of wolfSSL_Ref*() to wolfSSL_RefWithMutex*(), and build them even if defined(WOLFSSL_ATOMIC_OPS).
refactor wolfSSL_CTX_UnloadIntermediateCerts() to wrap the refcount check and deallocation with wolfSSL_RefWithMutexLock()...wolfSSL_RefWithMutexUnlock().
move port-specific setup for WARN_UNUSED_RESULT, WC_MAYBE_UNUSED, and WC_INLINE, from types.h to wc_port.h, to make them usable by port-specific definitions later in wc_port.h.
when defined(SINGLE_THREADED) and !defined(WOLFSSL_NO_ATOMICS), typedef int wolfSSL_Atomic_Int, so that access to wolfSSL_Atomic_Ints in SINGLE_THREADED builds is easy.
refactor fallback definitions of wolfSSL_Atomic_Int_FetchAdd and wolfSSL_Atomic_Int_FetchSub as WC_INLINE functions to avoid -Wunused-result.
In file included from ./wolfssl/error-ssl.h:27,
from ./wolfssl/ssl.h:35,
from ./wolfssl/internal.h:28,
from src/ssl.c:36:
./src/x509_str.c: In function 'int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE*, byte*, word32, int)':
./wolfssl/wolfcrypt/error-crypt.h:336:37: error: 'CONST_NUM_ERR_WOLFSSL_SUCCESS' was not declared in this scope; did you mean 'CONST_NUM_ERR_WOLFSSL_UNKNOWN'?
336 | #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label)
| ^~~~~~~~~~~~~~
./src/x509_str.c:1456:15: note: in expansion of macro 'WC_NO_ERR_TRACE'
1456 | int ret = WC_NO_ERR_TRACE(WOLFSSL_SUCCESS);
| ^~~~~~~~~~~~~~~
Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.
Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
* add WOLFSSL_ATOMIC_INITIALIZER() to wc_port.h;
* rename feature macro to WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS for clarity;
* remove spin lock logic in wolfSSL_Init() and instead return DEADLOCK_AVERTED_E on contended initialization;
* unless WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS is user-defined to 0, automatically enable it when appropriate.
.github/workflows/codespell.yml: remove */README_jp.txt from "skip" list.
IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt: convert from SHIFT_JIS to UTF-8.
cmake/options.h.in: use "#cmakedefine HAVE_PTHREAD 1" to avoid conflict with config.h.
configure.ac: add --enable-c89, and remove !ENABLED_OPENSSLEXTRA dependency from AM_CONDITIONAL([BUILD_CRYPTONLY],...).
wolfcrypt/src/asn.c: refactor SetOthername() for efficiency, and add PRAGMA_GCC to suppress false positive -Wstringop-overflow associated with -fstack-protector.
wolfssl/wolfcrypt/rsa.h: add WC_ prefixes to RSA_PKCS1_PADDING_SIZE and RSA_PKCS1_OAEP_PADDING_SIZE, and define unprefixed compat aliases only if !OPENSSL_COEXIST.
wolfssl/wolfcrypt/types.h:
#ifdef WOLF_C89, #define WC_BITFIELD unsigned;
enhance WOLF_ENUM_DUMMY_LAST_ELEMENT() to include the line number, to construct unique labels given a per-filename argument, to accommodate anonymous enums.
examples/asn1/asn1.c:
examples/client/client.c:
examples/pem/pem.c:
examples/server/server.c:
wolfcrypt/src/sp_dsp32.c:
wolfcrypt/src/wc_port.c:
wolfssl/test.h:
use XMALLOC/XREALLOC/XFREE consistently, not malloc/realloc/free.
wolfcrypt/benchmark/benchmark.c:
wolfcrypt/src/memory.c:
wolfcrypt/test/test.c:
wolfssl/wolfcrypt/mem_track.h:
wolfssl/wolfcrypt/settings.h:
wolfssl/wolfcrypt/types.h:
annotate intentional native heap access with "/* native heap */".
wolfcrypt/src/asn.c:
wolfssl/callbacks.h:
wolfssl/openssl/ec.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/hpke.h:
wolfssl/wolfcrypt/types.h:
fix enum trailing commas.
wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/rsa.h:
wolfssl/openssl/ssl.h:
use WC_BITFIELD in bitfield elements, not byte or word16, to allow for pedantic C89 conformant builds.
wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/pem.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/logging.h:
avoid variadic macros wherever possible, and where unavoidable, #ifdef WOLF_NO_VARIADIC_MACROS, define them with empty arg lists, rather than ..., to support Watcom compiler.
wolfssl/wolfcrypt/settings.h: if defined(__WATCOMC__), define WOLF_NO_VARIADIC_MACROS.
All required dependencies of a package must also be found in the
package configuration file. Consumers of wolfSSL can't know
if it was built with or without threads support. This change
adds find_package(Threads) lookup in the file used for
find_package(wolfssl) if wolfSSL was built with threads support.
This adds improved support for the Raspberry Pi Pico range of
microcontrollers.
Benchmark now compiles, and added support for the RNG functions of the
Pico SDK. This gives a ~2x RNG performance improvement on the RP2040 and
over 3x improvement on the RP2350.
The accelerated SHA256 in the RP2350 unfortunately cannot be used with
wolfSSL.
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
rename WOLFSSL_MAX_RSA_BITS to WC_MAX_RSA_BITS, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h, preceding setup for WC_MAX_CERT_VERIFY_SZ.
configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm."
wolfcrypt/src/asn.c: fix trailing comma in enum.
wolfcrypt/src/port/arm/armv8-aes.c: fix wc_AesCcmEncrypt() and wc_AesCcmDecrypt() for test_wolfssl_EVP_aes_ccm_zeroLen().
add config-time assert for "dual-alg-certs is incompatible with --enable-cryptonly.";
remove obsolete config-time check for "--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.";
linuxkm/linuxkm_wc_port.h: add fallback definitions for INT32_MAX and UINT32_MAX;
linuxkm/module_exports.c.template: add wolfssl/openssl/fips_rand.h;
wolfssl/wolfcrypt/settings.h: add #undef HAVE_ATEXIT to WOLFSSL_LINUXKM settings;
wolfssl/wolfcrypt/types.h: fix trailing comma in the DYNAMIC_TYPE_* enum.
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.
examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
No functional changes.
Several compat symbols that were formerly enums are now macros.
All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.
wolfcrypt/test/test.c is similarly refactored to use only native symbols.
examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
```
[CC-AARCH64] lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.o
lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:212:6: error: conflicting types for 'BlockSha3'; have 'void(long unsigned int *)'
212 | void BlockSha3(unsigned long* state)
| ^~~~~~~~~
In file included from lib/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c:35:
lib/wolfssl/wolfssl/wolfcrypt/sha3.h:224:20: note: previous declaration of 'BlockSha3' with type 'void(word64 *)' {aka 'void(long long unsigned int *)'}
224 | WOLFSSL_LOCAL void BlockSha3(word64 *s);
| ^~~~~~~~~
```
Detect reading of packet errors
--enable-all and --enable-sniffer exposed this issue
Don't need variable
Rework argument parsing
Need a way to allow arguments to be supplied more granularly. Partucilarly, I needed a "-tracefile" argument without requiring the use of a PCAP file
Fix error prints to STDERR
Fix setting of port filtering
Fix 80 char limit
Not actually a bad packet when there are no more packets
Fix strcat size
Allow the sniffer to print the trace to STDOUT
Fix indexing
Take out superfluous error which is handled later
Set default port to 11111
Single return point
Combine chain to one contiguous memory block
Fix return
Add in error handling for XMALLOC
Add in debugging output when --enable-debug
It makes no sense to allocate a ton of small buffers to process chains
Ultimately, the code is slower because of the several small memcpy instead of a single large contiguous memcpy
Pass in a device name
Fix unused variable
Fix cast
Addressing PR comments
Add new flags to --help
* Consolidate the USE_WINDOWS_API to a single place.
* Expand the `WOLFSSL_NOT_WINDOWS_API` improvement for intrinsics and word sizes.
* Fix for macro variadic `...` when no variables are used (some compilers like Watcom C have issue with this).
* Fix for Watcom C compiler "long long" -> "__int64".
* Fix a couple of minor cast warnings reported from VS.
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key
- ToTraditionalInline_ex2: Add DH checking
- wc_ecc_get_curve_id: check index is not negative
- Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der
- wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free
- wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case
- pkcs8_encode: Add DSA and DH support
- wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer
- RSA_LOW_MEM: export all integers in compat layer
- Add softhsm action
- Define
- OPENSSL_DH_MAX_MODULUS_BITS
- OPENSSL_DSA_MAX_MODULUS_BITS
- OPENSSL_RSA_MAX_MODULUS_BITS
- Implement
- BN_mul_word
- i2d_ECPKParameters
- PEM_write_bio_PKCS8_PRIV_KEY_INFO
- PEM_read_bio_PKCS8_PRIV_KEY_INFO
- i2d_PKCS8_PRIV_KEY_INFO
- RSA_padding_add_PKCS1_PSS_mgf1
- RSA_verify_PKCS1_PSS_mgf1
wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs: update for new calling conventions around wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey, and the corresponding delete functions.
wolfssl/wolfcrypt/aes.h: add Aes.streamData_sz;
src/tls13.c: fix devId passed to wc_HmacInit() in CreateCookieExt() and TlsCheckCookie();
src/keys.c: in SetKeys(), call wc_HmacInit() on hmacs only if newly allocated;
wolfcrypt/src/aes.c:
* in wc_Gmac(), wc_GmacVerify(), and AesSivCipher(), use wc_AesNew() and wc_AesDelete();
* in wc_AesInit(), zero the object on entry, and remove superseded piecemeal initializations to zero;
* in wc_AesFree(), zero aes->streamData, and zero the entire object as final cleanup;
wolfcrypt/src/curve25519.c: in wc_curve25519_free(), zero the entire object rather than zeroing piecemeal;
wolfcrypt/test/test.c:
* add fallback implementations (for old FIPS) of wc_HashNew(), wc_HashDelete(), wc_curve25519_new(), wc_curve25519_delete(), wc_ed25519_new(), and wc_ed25519_delete();
* update constructor calls throughout for new semantics;
* refactor ed25519_test() for proper cleanup and error encoding.
add delete APIs, matching recently added wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey:
* wc_AesDelete()
* wc_HashDelete()
* wc_DeleteRsaKey()
* wc_curve25519_delete()
* wc_ed25519_delete()
* remove handling in corresponding preexisting free APIs for recently added .isAllocated member -- this restores preexisting semantics;
* add WC_NO_CONSTRUCTORS gate, and auto-activate it when NO_WOLFSSL_MEMORY && WOLFSSL_NO_MALLOC (unless preempted by XMALLOC_USER or XMALLOC_OVERRIDE);
* exclude recently added .isAllocated members from wolfcrypt structs when defined(WC_NO_CONSTRUCTORS);
* adjust wolfcrypt/test/test.c for consistency with the above, and fix cleanup codes/dynamics in several tests.
Dtls13HashClientHello(): fix wc_HashType handling;
Dtls13SendFragment(): fix identicalConditionAfterEarlyExit;
GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator);
test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference,
test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive,
test_AEAD_limit_client(): fix an united-data defect found by valgrind.
Scripts changed to make generated code not go over 80 characters per
line but SP not updated.
Fix input register formatting in all ARM32 C assembly code.
fix numerous trailing commas in enums, mostly by removing them, but one (in asn.h, enum Extensions_Sum) using WOLF_ENUM_DUMMY_LAST_ELEMENT();
rearrange bitfields in struct ed25519_key for contiguity;
always define WOLFSSL_SP_NO_DYN_STACK when defined(WOLF_C89).
wolfcrypt/src/dh.c: in wc_DhGenerateParams(), use named constant for buf size, and only XFREE it if !WOLFSSL_NO_MALLOC;
wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h: in wc_ecc_new_point_ex(), remove !WOLFSSL_NO_MALLOC gate around XMALLOC(), and if XMALLOC()ed, set ecc_point.isAllocated, then in wc_ecc_del_point_ex, XFREE() iff ecc_point.isAllocated;
wolfcrypt/src/pkcs7.c: in wc_PKCS7_RsaVerify(), when WOLFSSL_NO_MALLOC, jumbo-size the digest buffer to cope with in-place dynamics in RsaUnPad();
wolfcrypt/test/test.c: add !WOLFSSL_NO_MALLOC gates around various XFREE()s of objects that are on the stack in WOLFSSL_NO_MALLOC builds;
wolfssl/wolfcrypt/types.h: add an unconditional include of memory.h (itself guarded against multiple inclusion) to assure availability of WC_DEBUG_CIPHER_LIFECYCLE prototypes/macros.
wolfcrypt/src//asn.c: add stack buffer codepaths in ParseKeyUsageStr(), SetKeyIdFromPublicKey(), and EncodePolicyOID;
wolfcrypt/src/dh.c: add stack buffer codepath in wc_DhGenerateParams();
wolfcrypt/src/ecc.c: add always-fail codepath to find_hole() to preempt heap allocation attempts;
wolfcrypt/test/test.c: gate out several heap-dependent subtests when defined(WOLFSSL_NO_MALLOC), and add a stack buffer codepath in ed448_test();
wolfssl/wolfcrypt/types.h: harmonize macro definitions of XFREE() to use do { ... } while (0) wrappers to assure syntactic indivisibility.
Fix unit tests to not compile when NO_RSA is defined and RSA used.
test_wc_PKCS7_EncodeSignedData: only RSA supported with streaming.
test_wolfSSL_RSA when SP math and SP: CRT parameters required.
test_wolfSSL_OCSP_REQ_CTX to compile with NO_ASN_TIME.
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS: make sure all objects freed even
on memory allocation failure.
test_wolfSSL_error_cb: don't use bio if is NULL.
test_wolfSSL_BN_enc_dec: don't free a twice on memory allocation error.
test_wc_dilithium_der: remove debug printing
test_othername_and_SID_ext: make sid_oid NULL after free to ensure no
double free on later memory allocation failure.
test_wolfSSL_RSA: don't leak when BN_dup fails.
test_wolfSSL_i2d_ASN1_TYPE: free ASN1 string whn no ASN1 type to put it
into.
test_tls13_rpk_handshake: don't leak on failure
test_dtls_client_hello_timeout_downgrade: only move memory when test is
wolfSSL_certs_clear, wolfSSL_set_SSL_CTX, SetSSL_CTX: Check return from
AllocCopyDer.
d2i_generic: make sure impBuf is only freed once.
wolfSSL_BIO_write: don't dereference front unless it is not NULL.
wolfssl_dns_entry_othername_to_gn: don't free obj twice
wolfSSL_X509_REQ_add1_attr_by_NID: don't access reqAttributes if NULL.
succeeding.
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
wolfssl/internal.h: refactor WOLFSSL_ASSERT_EQ() and WOLFSSL_ASSERT_SIZEOF_GE() to use wc_static_assert(), and drop unused WOLFSSL_ASSERT_TEST() and WOLFSSL_ASSERT_SIZEOF_TEST().
src/ssl_crypto.c and wolfcrypt/src/evp.c: refactor ad hoc asserts in wolfSSL_DES_ecb_encrypt(), wolfSSL_CRYPTO_cts128_decrypt(), and wolfSSL_EVP_DigestInit(), to use wc_static_assert().
Improved performance by reworking kyber_ntt, kyber_invtt,
kyber_basemul_mont, kyber_basemul_mont_add, kyber_rej_uniform_c to be
in assembly.
Replace WOLFSSL_SP_NO_UMAAL with WOLFSSL_ARM_ARCH_7M
The instruction 'li' is a pseduo instruction for 'load immediate'.
With some compilers, the immediate was interpretted R0[0].
Change to use XOR instead.
Make draft version of ML-DSA compiled in with final.
Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for
the level to get the draft implementation.
configure.ac and src/include.am: add ENABLED_ARM_THUMB, BUILD_ARM_THUMB, BUILD_ARM_NONTHUMB, ENABLED_ARM_64, BUILD_ARM_64, ENABLED_ARM_32. and BUILD_ARM_32, and use them to gate building of ARM asm files, to fix "ISO C forbids an empty translation unit" warnings (the warning only affects inline asm files, but the gating is deployed more widely).
examples/pem/pem.c: fix stdio stream leaks.
src/ssl.c and src/ssl_load.c: suppress concurrency-mt-unsafe around getenv(). getenv() is threadsafe as long as no threads putenv() or setenv().
wolfssl/openssl/asn1.h: add parentheses to fix bugprone-macro-parentheses in ASN1_EX_TEMPLATE_TYPE(), and suppress misfiring bugprone-macro-parentheses around IMPLEMENT_ASN1_FUNCTIONS().
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
wolfcrypt/src/wc_kyber_poly.c: add SAVE_VECTOR_REGISTERS2()...RESTORE_VECTOR_REGISTERS() wrappers for AVX2 implementations.
src/bio.c and src/ssl.c: add several missing WC_NO_ERR_TRACE()s, and tweak several returns to generate error traces.
The ECC key generation test was failing due not using large enough of a
buffer. Fixed to use a better size.
1. Set the shared digest/sig buffer size in
_ecc_pairwise_consistency_test() to the maximum possible based on the
math in wc_ecc_sig_sz().
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.
src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).
wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.
wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
wolfssl/internal.h: add DTLS13_HANDSHAKE_HEADER_SZ;
src/tls13.c: in EchHashHelloInner(), use falseHeader[DTLS13_HANDSHAKE_HEADER_SZ] to fix buffer overrun;
src/dtls13.c: add static assert for DTLS13_HANDSHAKE_HEADER_SZ.
1. Update the ECC PCT to use the key's heap to allocate any buffers for
the test. This is similar to how RSA does it.
2. Put the buffers on the stack if not using small stack option.
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API attribute to wolfSSL_Atomic_Int_Init, wolfSSL_Atomic_Int_FetchAdd, and wolfSSL_Atomic_Int_FetchAdd, and add fallback definitions for them, allowing elimination of SINGLE_THREADED implementations of wolfSSL_Ref*(), and allowing ungated use of wolfSSL_Atomic_* calls in api.c.
wolfcrypt/src/dh.c: in wc_DhAgree_ct(), remove frivolous XMEMSET() and stray semicolon.
wolfcrypt/benchmark/benchmark.c: fix bench_rsaKeyGen() to skip tests of key sizes below RSA_MIN_SIZE, and add 4096 bit benchmark if RSA_MAX_SIZE is big enough.
tests/unit.h:
* adopt definitions of TEST_FAIL, TEST_SUCCESS, and TEST_SKIPPED from unit.c, remap TEST_SKIPPED from -7777 to 3, and add TEST_SUCCESS_NO_MSGS, TEST_SKIPPED_NO_MSGS, EXPECT_DECLS_NO_MSGS(), and EXPECT_FAILURE_CODEPOINT_ID, to support existing and future expected-particular-failure test cases without log noise.
* rename outer gate from CyaSSL_UNIT_H to TESTS_UNIT_H.
tests/api.c:
* use EXPECT_DECLS_NO_MSGS() in test_ssl_memio_setup(), test_ssl_memio_read_write(), and test_wolfSSL_client_server_nofail_memio(), and globally update affected expected error codes to correspond.
* use atomics for {client,server}SessRemCount{Malloc,free} to fix races in SessRemCtxCb() and SessRemSslSetupCb().
The function _fp_exptmod_nct() is using WOLFSSL_NO_MALLOC to guard
using stack allocation vs malloc. It's twin function _fp_exptmod_ct()
is using WOLFSSL_SMALL_STACK for this. This is causing inappropriate use
of malloc() in a small stack environment. The no-malloc case will also
be kept so static memory and no-malloc fix still works.
1. Change the guards for `#ifndef WOLFSSL_NO_MALLOC` in the function
`_fp_exptmod_nct()` to `#if defined(WOLFSSL_SMALL_STACK) &&
!defined(WOLFSSL_NO_MALLOC)`.
* set DEFAULT_ENABLED_ALL_ASM=no if enable_afalg or ENABLED_32BIT;
* omit enable_srtp_kdf from enable-all-crypto if enable_afalg.
linuxkm: add GetCAByAKID to wolfssl_linuxkm_pie_redirect_table.
src/x509.c: in GenerateDNSEntryIPString(), use XMEMSET() to initialize tmpName, not = {0}, to avoid unmaskable compiler emission of memset() call.
wolfssl/openssl/ssl.h: add OPENSSL_EXTRA to an existing OPENSSL_ALL-gated section, consistent with gating of correspinding section in wolfssl/ssl.h.
wolfssl/wolfcrypt/settings.h: adopt setup for WOLFSSL_SP_NO_UMAAL from wolfssl/wolfcrypt/sp_int.h now that it's used by wolfcrypt/src/port/arm/thumb2-poly1305-asm.S.
* move leanpsk and asn option processing early to make their results available to existing math back end selector logic;
* add -DWOLFSSL_ASN_ALL to enable-all-crypto;
* tweak asn option processing to preserve "original" value in case later configure logic wants to pivot on that.
* in handling for enable-all-asm, add check for full Gnu C and don't auto-enable all-asm unless full Gnu C and enable-all-crypto, among other sanity checks.
* in enable-all and enable-all-crypto, correctly conditionalize several FIPS-v6-only features/algorithms.
* in FIPS v5 setup, force off SRTP and SRTP-KDF (with warnings).
* Proposed new interface for AesSivEncrypt with number of ADs != 1.
* Implement AES SIV S2V computation with a number of ADs not equal to 1.
* Add Example A.1 from RFC5297 to AES SIV test vectors.
* Add tests for new AES SIV interface, and add test vectors for examples given in RFC5297.
* Include the nonce in count of maximum number of ADs.
* Addressing review comments.
* Addressing review comments: Use uppercase 'U' suffix on unsigned constant.
* Rename local variables named 'ad0' to 'ad', since the zero makes no sense, especially since in the RFC 5297 document they're actually counting the ADs from 1.
* adds wc_DhAgree_ct().
* adds wolfSSL_DH_compute_key_padded(), using wc_DhAgree_ct() if available, with fallback fixup code.
* adds unit test coverage in api.c:test_wolfSSL_DH() for expected-success calls to wolfSSL_DH_compute_key() and wolfSSL_DH_compute_key_padded().
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
try to lookup the certificate using the key hash as key identifier
first. If we can't find a certificate, it means that the certificate
uses another method to compute the key identifier so we need to fallback
to linear search.
kdf.c: wc_PRF() - No need for previous, reuse current.
sha256.c: Transform_Sha256() - Add slow but small version for many
register implementation.
sp_int.h: Change 'used' and 'size' fields to 16-bit types when possible.
sp_int.c: Fixes for 16-bit used.
- RsaFunctionPrivate: detect when only n,e,d are available
- wolfSSL_EVP_add_digest: return success
- wolfSSL_EVP_add_cipher: return success
- wolfSSL_BN_bin2bn: accept NULL data if len is 0 (checked in mp_read_unsigned_bin)
- wolfssl_read_bio: advance correct bio
- wolfSSL_X509_set_ext: return raw extension data for BASIC_CA_OID
- Implement
- sk_X509_EXTENSION_free
- d2i_EC_PUBKEY_bio
- d2i_RSA_PUBKEY_bio
- d2i_X509_REQ_INFO
- X509_REQ_INFO_free
- ASN1_TIME_set_string_X509
- Add option to disable ECH
- InitSuites: clean up DTLS paths
- wolfSSL_parse_cipher_list: remove WOLFSSL_MAX_SUITE_SZ setting
- wolfSSL_parse_cipher_list: add rationale for keeping ciphersuites
- test_dtls_frag_ch: ECH and ciphersuites were pushing the ClientHello message over the fragmentation limit. Disabling ECH and limiting ciphersuites fixes the test.
wolfssl/ssl.h, wolfssl/error-ssl.h, wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c, and src/internal.c:
* fix values of WOLFSSL_ERROR_SSL and WOLFSSL_ERROR_WANT_X509_LOOKUP to match OpenSSL values;
* move legacy CyaSSL compat layer error codes from ssl.h to error-ssl.h and renumber them to conform to existing sequence;
* move enum IOerrors from ssl.h to error-ssl.h to get picked up by support/gen-debug-trace-error-codes.sh;
* add to enum wolfSSL_ErrorCodes negative counterparts for several positive error return constants;
* include error-ssl.h from ssl.h;
* add label (wolfCrypt_ErrorCodes) to error-crypt.h enum, and in wc_GetErrorString(), use switch ((enum wolfCrypt_ErrorCodes)error) to activate switch warnings for missing enums;
* in wolfSSL_ERR_reason_error_string(), use switch((enum wolfSSL_ErrorCodes)error) to activate switch warnings for missing enums;
* in ssl.h, add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* in error-crypt.h, add missing WOLFSSL_API attribute to wc_backtrace_render(); and
* harmonize gating of error codes, ssl.h / error-ssl.h / internal.c:wolfSSL_ERR_reason_error_string() / api.c:error_test().
tests/api.c:
* add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
* in post_auth_version_client_cb(), add missing !NO_ERROR_STRINGS gating.
add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
tests/api.c: add error_test() adapted from wolfcrypt/test/test.c, checking all error strings for expected presence/absence and length, called from existing test_wolfSSL_ERR_strings().
wolfssl/ssl.h, wolfssl/error-ssl.h, and wolfssl/wolfcrypt/error-crypt.h:
* move several negative error return codes from ssl.h to error-ssl.h,
* renumber them to conform to existing sequence, and
* include error-ssl.h from ssl.h;
* add special-case WOLFSSL_DEBUG_TRACE_ERROR_CODES macros for WOLFSSL_FAILURE;
* add missing WOLFSSL_API attribute to wc_backtrace_render().
add numerous WC_NO_ERR_TRACE()s to operand error code uses, cleaning up error traces in general, and particularly when WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS.
* crypto lib (36),
* crypto test&benchmark (20),
* TLS lib (179),
* examples (122),
* linuxkm (3),
* tests/api.c (2272).
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
wolfssl/wolfcrypt/error-crypt.h: add WC_FIRST_E.
wolfcrypt/src/error.c: add MP error code strings.
wolfssl/error-ssl.h: add WOLFSSL_FIRST_E and WOLFSSL_LAST_E.
wolfcrypt/test/test.c: update error_test() for new error code layout, refactoring the "missing" check.
src/internal.c: use WC_FIRST_E and WC_LAST_E in wolfSSL_ERR_reason_error_string().
src/ssl.c: fix wolfSSL_ERR_GET_REASON() to identify in-range error codes using WC_FIRST_E, WC_LAST_E, WOLFSSL_FIRST_E, and WOLFSSL_LAST_E.
sp_int.h: provide for WOLFSSL_DEBUG_TRACE_ERROR_CODES, and refactor MP error codes as enums, for consistency with other error codes.
wolfcrypt/src/ecc.c: fix 2 identicalInnerCondition's.
* uses libbacktrace to enhance existing "ERR TRACE" messages with backtraces, rendered in same format as the sanitizers.
* adds wc_backtrace_render() and some related callbacks to wolfcrypt/src/logging.c.
* adds an overrideable WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE to the WC_ERR_TRACE() mechanism in wolfssl/wolfcrypt/error-crypt.h.
With --enable-dtlscid, a client sending a Client Hello to a DLTS1.2
server that supports CID, the server provides the appropriate CID and
assumes that CID has been negotiated.
However, in the case of MbedTLS, it then rejects packets that do not
match its expected CID from the client - as wolfSSL no longer sends
the CID as it is not DTLS1.2.
https://datatracker.ietf.org/doc/html/rfc9147#section-4
If a Connection ID is negotiated, then it MUST be contained in all datagrams.
This fix drops the CID if a Hello Verify Request is received, so the
second Client Hello does not include the CID.
https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
When responding to a HelloVerifyRequest, the client MUST use the same
parameter values (version, random, session_id, cipher_suites,
compression_method) as it did in the original ClientHello.
Dropping the CID extension does not violate this.
If the server sends Server Hello, Server Key Exchange and Server Hello Done
in a single DTLS packet, but for DTLS1.2 in response to a client DTLS1.3
request, then FIRST_REPLAY state does not occur until the server re-sends
the packet. At this point wolfSSLconnect() gets used and all bursts into
life.
When processing handshakes in wolfSSL_connect_TLSv13() for case
HELLO_AGAIN_REPLY, downgrade to using wolfSSLconnect() to continue
processing the remaining handshakes in the packet.
Found when using Mbed TLS for the server.
As the WolfSSL implementation of the PQC KEM algorithm kyber also
supports the ML-KEM draft version (enabled by `WOLFSSL_ML_KEM`), we have
to update the groups code point to be compatible with other TLS
implementations (e.g. OQS provider).
Also updated the reference to the source of the values to the current
OQS Github.
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
Something broke in the actions/download-artifact action and it is not preserving symbolic links. It didn't get a new release so my guess is that something was updated in the node environment or in npm. This is a future proof solution to preserve the fs structure between upload and download.
ASN macro simplification
merged with github CI tests failing due to unrelated upstream changes (same tests all previously succeeded on this PR, with only 25d14f1937 added in the meantime).
supplementary testing with `wolfssl-multi-test.sh ... super-quick-check` after rebase on then-current `master` 15e99c8eff.
Make sure the file `sha3_asm.S` is compiled when `WOLFSSL_INTEL_ASM` is
enabled using CMake.
Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
ChaCha20:
scalar and vector implementations
vector implementations doing 6, 4, 2, 1 block at a time.
scalar implemetations using roriw and pack
vector implementations using VROR_VI and roriw.
RISC-V SHA-256: avoid using s0 if it can be helped.
In the wc_GeneratePreTBS() method (used for WOLFSSL_DUAL_ALG_CERTS
support), there was a workaround for alt names in certificates, as the
CopyDecodedToX509() method wasn't properly copying them. As a proper
copy mechanism is implemented now, we have to remove the workaround as
it now causes a memory leak of the copied values.
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
Resolves warning:
```
./configure CC="gcc -fsanitize=address" && make
In file included from ./wolfclu/clu_header_main.h:71:
/usr/local/include/wolfssl/test.h:1103:18: error: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Werror,-Wdeprecated-declarations]
strLen = sprintf(serialMsg, " %s", words[3]);
^
```
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC added.
It allocates memory for and pre-calculates s1, s2 and t0.
This saves decoding the vectors repeatedly in each signature trial.
Added tests to cover ssl_load.c functions.
Fixes from testing.
pk.c: renamed wolfssl_dh_load_key to wolfssl_dh_load_params as it
doesn't handle keys - just parameters.
* Make sure wc_kyber implementation is compiled using CMake (also for
Zephyr)
* Fix compilation issue when Liboqs is also enabled
* Fix WOLFSSL_INTEL_ASM and WOLFSSL_ARM_ASM CMake options
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
also, additional backward-compatibility measures around cp and clean recipe in linuxkm/Makefile.
also, in sp_int.c, tweak DECL_DYN_SP_INT_ARRAY() to use an explicit XMEMSET() to clear n[], to avoid unshimmable implicit memset() from gcc on aarch64.
wolfcrypt/src/dh.c: in GeneratePrivateDh186(), add explicit suppression of uninitvar for "cBuf" arg that isn't fully initialized.
wolfcrypt/test/test.c: in mp_test_param(), explicitly initialize "buffer" to avoid uninitvar warning.
configure.ac: in FIPS builds, don't include enable_cryptocb in --enable-all or --enable-all-crypto. (they can still be enabled explicitly in FIPS builds with --enable-cryptocb, but the combination is not currently supported.)
The required feature flag CONFIG_PTHREAD_IPC is deprecated since Zephyr
version 3.7. The new option is CONFIG_POSIX_THREADS. This change clears
the warning.
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
* refactor WOLFSSL_BIO.num and WOLFSSL_BIO.ptr as unions, for clarity and bug resistance (no functional changes).
* in wolfSSL_BIO_free(), add WOLFSSL_BIO_DGRAM to the test for closing bio->num.fd, fixing a descriptor leak.
* use SOCKET_INVALID consistently as the invalid value for WOLFSSL_BIO.num.fd, and use SOCKET_T consistently as the internal type for file descriptors.
* move the definitions for SOCKET_T and SOCKET_INVALID from wolfio.h to the filesystem section of wc_port.h, and allow override definitions of SOCKET_T.
detected and tested with wolfssl-multi-test.sh ... pq-hybrid-all-rpk-valgrind-unittest. also tested with wolfssl-multi-test.sh ... super-quick-check.
* Fixed incorrect XFREE calls
* Use key->heap where possible
* Fixed compilation with WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM and
WC_DILITHIUM_CACHE_PUB_VECTORS
* Fixed compilation with WOLFSSL_DILITHIUM_ASSIGN_KEY (const pointers)
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
* ecc.c: in wc_ecc_free(), fix gating around handling for key->sign_k to resolve memory leak, and in wc_ecc_gen_deterministic_k(), fix -Wconversion.
* test.c: add missing mp_free()s to ecdsa_test_deterministic_k_rs() and ecc521_test_deterministic_k().
* wc_HashType: change several occurrences of int to enum wc_HashType, including ecc_key.hashType and API wc_ecc_set_deterministic_ex(), to resolve C++ warnings.
* fixes for various C++ warnings/errors in crypto and TLS layers and test and benchmark code -- implicit casts, negative initializers for unsigned type, jumped initializers, and missing enums in switch()es.
* tweak typography;
* move wolfSSL_i2d_X509_PUBKEY() from ssl.c to x509.c;
* in asn.h, add !NO_ASN_OLD_TYPE_NAMES macros to remap old names (ISSUER, SUBJECT, BEFORE, AFTER) by default unless the macros are already defined.
refactor housekeeping for bio->bytes_read and bio->bytes_write, and add WOLFSSL_BIO_HAVE_FLOW_STATS gate;
add WOLFSSL_BIO_FLAG_RETRY housekeeping for WOLFSSL_BIO_SOCKET and WOLFSSL_BIO_DGRAM;
refactor WOLFSSL_BIO.peer_addr to be inline rather than a pointer;
add wolfSSL_set_mtu_compat() and wolfSSL_CTX_load_verify_locations_compat() implementations;
enable WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_DTLS_MTU when OPENSSL_ALL.
This will allow the user to pass in a context pointer. Allows them to avoid
global variables.
We also add unknown extensions callback when processing a CA in cert manager
as CA certs can have unknown extensions as well.
Fixes ZD 18252
pk.c:
EncryptDerKey - setting wrong ret value on allocation failure.
wolfssl_rsa_generate_key_native - now checks e is a valid long
before passing in.
Fix formatting.
ssl_load.c:
ProcessBufferPrivPkcs8Dec - now checking password is not NULL
before zeroizing. Allocation may fail and ForceZero doesn't check for
NULL.
Fix formatting.
tests/api.c:
test_RsaSigFailure_cm - Check cert_sz is greater than zero
before use.
send_new_session_ticket - assert that building the message
doesn't return error or 0.
test_ticket_nonce_malloc - fix setting of medium and big to use
preprocessor. Fix big to be medium + 20.
asn.c:
GetLength_ex - Fix type of bytes so that it can go negative.
sp_int.h:
sp_clamp - add one to ii while it is a signed.
Fix formatting.
Add option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256.
Options include:
WOLFSSL_TICKET_ENC_HMAC_SHA512 for HMAC-SHA512
WOLFSSL_TICKET_ENC_HMAC_SHA384 for HMAC-SHA384
WOLFSSL_TICKET_ENC_AES256_CBC for AES-256-CBC
which are not restarted and the inner hsHashes which are restared on HRR. also send empty string with 0 encLen when sending clientHelloInner2. setup works wolfssl->wolfssl but fails to match acceptance for first HRR message when talking to an openssl server, does still work without HRR when talking to cloudflare's server without HRR.
static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
rsource "Kconfig.tls-generic"
/* Loop over authenticated associated data AD1..ADn */
/* no easy answer [c'est la vie]. Just division */
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
# wolfSSL Release 5.7.2 (July 08, 2024)
Release 5.7.2 has been developed according to wolfSSL's development and QA
@@ -89,6 +408,7 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
## Fixes
* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
@@ -219,7 +539,7 @@ fixed this omission in several PRs for this release.
* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
@@ -873,9 +1193,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
## Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve `wc_SetCustomExtension` documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
@@ -883,23 +1203,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
### SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
@@ -1203,7 +1523,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
@@ -1444,7 +1764,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
@@ -1583,7 +1903,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
- SSL_SESSION_has_ticket()
- SSL_SESSION_get_ticket_lifetime_hint()
- DIST_POINT_new
- DIST_POINT_free
- DIST_POINT_free
- DIST_POINTS_free
- CRL_DIST_POINTS_free
- sk_DIST_POINT_push
@@ -1746,7 +2066,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
@@ -4,10 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
## wolfSSL Configuration
As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
@@ -7,13 +7,33 @@ See the [example sketches](./sketches/README.md):
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
## Getting Started
See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
@@ -140,10 +141,18 @@ See the specific examples for additional details.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
```
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
. $WRK_IDF_PATH/export.sh
./setup.sh
```
## Setup for Windows
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
