From 85511067e454441fa8e74ab17abd8cd1bf0ac212 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 21 May 2018 13:03:49 -0700 Subject: [PATCH 01/63] Added crypto device framework to handle PK RSA/ECC operations using callbacks. Adds new build option `./configure --enable-cryptodev` or `#define WOLF_CRYPTO_DEV`. Added devId support to PKCS7. --- configure.ac | 14 +++ wolfcrypt/src/cryptodev.c | 207 ++++++++++++++++++++++++++++++++++ wolfcrypt/src/ecc.c | 37 +++++- wolfcrypt/src/include.am | 4 + wolfcrypt/src/pkcs7.c | 29 ++--- wolfcrypt/src/rsa.c | 22 +++- wolfcrypt/src/wc_port.c | 8 ++ wolfcrypt/test/test.c | 37 +++++- wolfssl/wolfcrypt/cryptodev.h | 114 +++++++++++++++++++ wolfssl/wolfcrypt/ecc.h | 2 +- wolfssl/wolfcrypt/include.am | 3 +- wolfssl/wolfcrypt/pkcs7.h | 1 + wolfssl/wolfcrypt/rsa.h | 3 + wolfssl/wolfcrypt/types.h | 32 +++++- 14 files changed, 486 insertions(+), 27 deletions(-) create mode 100644 wolfcrypt/src/cryptodev.c create mode 100644 wolfssl/wolfcrypt/cryptodev.h diff --git a/configure.ac b/configure.ac index 9c8dfd4d30..a240142abf 100644 --- a/configure.ac +++ b/configure.ac @@ -3868,6 +3868,20 @@ else fi +# Support for crypto device hardware +AC_ARG_ENABLE([cryptodev], + [AS_HELP_STRING([--enable-cryptodev],[Enable crypto hardware support (default: disabled)])], + [ ENABLED_CRYPTODEV=$enableval ], + [ ENABLED_CRYPTODEV=no ] + ) + +if test "$ENABLED_CRYPTODEV" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLF_CRYPTO_DEV" +fi +AM_CONDITIONAL([BUILD_CRYPTODEV], [test "x$ENABLED_CRYPTODEV" = "xyes"]) + + # Session Export AC_ARG_ENABLE([sessionexport], [AS_HELP_STRING([--enable-sessionexport],[Enable export and import of sessions (default: disabled)])], diff --git a/wolfcrypt/src/cryptodev.c b/wolfcrypt/src/cryptodev.c new file mode 100644 index 0000000000..80179e0e13 --- /dev/null +++ b/wolfcrypt/src/cryptodev.c @@ -0,0 +1,207 @@ +/* cryptodev.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* This framework provides a central place for crypto hardware integration + using the devId scheme. If not supported return `NOT_COMPILED_IN`. */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLF_CRYPTO_DEV + +#include +#include +#include + + +/* TODO: Consider linked list with mutex */ +#ifndef MAX_CRYPTO_DEVICES +#define MAX_CRYPTO_DEVICES 8 +#endif + +typedef struct CryptoDev { + int devId; + CryptoDevCallbackFunc cb; + void* ctx; +} CryptoDev; +static CryptoDev gCryptoDev[MAX_CRYPTO_DEVICES]; + +static CryptoDev* wc_CryptoDev_FindDevice(int devId) +{ + int i; + for (i=0; idevId = devId; + dev->cb = cb; + dev->ctx = ctx; + + return 0; +} + +void wc_CryptoDev_UnRegisterDevice(int devId) +{ + CryptoDev* dev = wc_CryptoDev_FindDevice(devId); + if (dev) { + XMEMSET(dev, 0, sizeof(*dev)); + dev->devId = INVALID_DEVID; + } +} + +#ifndef NO_RSA +int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_RSA; + cryptoInfo.pk.rsa.in = in; + cryptoInfo.pk.rsa.inLen = inLen; + cryptoInfo.pk.rsa.out = out; + cryptoInfo.pk.rsa.outLen = outLen; + cryptoInfo.pk.rsa.type = type; + cryptoInfo.pk.rsa.key = key; + cryptoInfo.pk.rsa.rng = rng; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(private_key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDH; + cryptoInfo.pk.ecdh.private_key = private_key; + cryptoInfo.pk.ecdh.public_key = public_key; + cryptoInfo.pk.ecdh.out = out; + cryptoInfo.pk.ecdh.outlen = outlen; + + ret = dev->cb(private_key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_SIGN; + cryptoInfo.pk.eccsign.in = in; + cryptoInfo.pk.eccsign.inlen = inlen; + cryptoInfo.pk.eccsign.out = out; + cryptoInfo.pk.eccsign.outlen = outlen; + cryptoInfo.pk.eccsign.rng = rng; + cryptoInfo.pk.eccsign.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} + +int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key) +{ + int ret = NOT_COMPILED_IN; + CryptoDev* dev; + + /* locate registered callback */ + dev = wc_CryptoDev_FindDevice(key->devId); + if (dev) { + if (dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = WC_PK_TYPE_ECDSA_VERIFY; + cryptoInfo.pk.eccverify.sig = sig; + cryptoInfo.pk.eccverify.siglen = siglen; + cryptoInfo.pk.eccverify.hash = hash; + cryptoInfo.pk.eccverify.hashlen = hashlen; + cryptoInfo.pk.eccverify.res = res; + cryptoInfo.pk.eccverify.key = key; + + ret = dev->cb(key->devId, &cryptoInfo, dev->ctx); + } + } + + return ret; +} +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 9801a51c56..d53847ae7a 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -122,6 +122,10 @@ ECC Curve Sizes: #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef NO_INLINE #include #else @@ -2793,6 +2797,15 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (private_key->devId != INVALID_DEVID) { + err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + /* type valid? */ if (private_key->type != ECC_PRIVATEKEY && private_key->type != ECC_PRIVATEKEY_ONLY) { @@ -3495,8 +3508,10 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) XMEMSET(key, 0, sizeof(ecc_key)); key->state = ECC_STATE_NONE; -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) key->devId = devId; +#else + (void)devId; #endif #ifdef WOLFSSL_ATECC508A @@ -3532,8 +3547,6 @@ int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) /* handle as async */ ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_ECC, key->heap, devId); -#else - (void)devId; #endif return ret; @@ -3641,6 +3654,15 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) @@ -4291,6 +4313,15 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return ECC_BAD_ARG_E; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); + if (err != NOT_COMPILED_IN) + return err; + err = 0; /* reset error code and try using software */ + } +#endif + #ifdef WOLFSSL_ASYNC_CRYPT err = wc_ecc_alloc_async(key); if (err != 0) diff --git a/wolfcrypt/src/include.am b/wolfcrypt/src/include.am index 315388e125..cf181f82fe 100644 --- a/wolfcrypt/src/include.am +++ b/wolfcrypt/src/include.am @@ -63,6 +63,10 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \ wolfcrypt/src/port/caam/caam_doc.pdf \ wolfcrypt/src/port/st/stm32.c +if BUILD_CRYPTODEV +src_libwolfssl_la_SOURCES += wolfcrypt/src/cryptodev.c +endif + if BUILD_CAVIUM src_libwolfssl_la_SOURCES += wolfcrypt/src/port/cavium/cavium_nitrox.c diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 807d90e00f..835f58209d 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -247,8 +247,8 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; - (void)devId; /* silence unused warning */ return 0; } @@ -600,8 +600,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_InitRsaKey(privKey, pkcs7->heap); - + ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { idx = 0; ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, @@ -649,7 +648,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) return MEMORY_E; #endif - ret = wc_ecc_init_ex(privKey, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { idx = 0; @@ -1309,7 +1308,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_InitRsaKey(key, pkcs7->heap); + ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1384,7 +1383,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, XMEMSET(digest, 0, MAX_PKCS7_DIGEST_SZ); - ret = wc_ecc_init_ex(key, pkcs7->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2124,6 +2123,7 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) typedef struct WC_PKCS7_KARI { DecodedCert* decoded; /* decoded recip cert */ void* heap; /* user heap, points to PKCS7->heap */ + int devId; /* device ID for HW based private key */ ecc_key* recipKey; /* recip key (pub | priv) */ ecc_key* senderKey; /* sender key (pub | priv) */ byte* senderKeyExport; /* sender ephemeral key DER */ @@ -2249,6 +2249,7 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->direction = direction; kari->heap = pkcs7->heap; + kari->devId = pkcs7->devId; return kari; } @@ -2333,7 +2334,7 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, return BAD_FUNC_ARG; } - ret = wc_ecc_init_ex(kari->recipKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->recipKey, kari->heap, kari->devId); if (ret != 0) return ret; @@ -2384,7 +2385,7 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) kari->senderKeyExportSz = kari->decoded->pubKeySize; - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; @@ -2986,7 +2987,7 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, #endif /* EncryptedKey */ - ret = wc_InitRsaKey(pubKey, 0); + ret = wc_InitRsaKey_ex(pubKey, heap, INVALID_DEVID); if (ret != 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -3250,7 +3251,7 @@ static int wc_PKCS7_GenerateIV(PKCS7* pkcs7, WC_RNG* rng, byte* iv, word32 ivSz) if (rnd == NULL) return MEMORY_E; - ret = wc_InitRng_ex(rnd, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(rnd, pkcs7->heap, pkcs7->devId); if (ret != 0) { XFREE(rnd, pkcs7->heap, DYNAMIC_TYPE_RNG); return ret; @@ -3384,7 +3385,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } /* generate random content encryption key */ - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret != 0) return ret; @@ -3712,7 +3713,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #endif - ret = wc_InitRsaKey(privKey, 0); + ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3735,7 +3736,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* decrypt encryptedKey */ #ifdef WC_RSA_BLINDING - ret = wc_InitRng_ex(&rng, pkcs7->heap, INVALID_DEVID); + ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); if (ret == 0) { ret = wc_RsaSetRNG(privKey, &rng); } @@ -3823,7 +3824,7 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, return ASN_EXPECT_0_E; /* get sender ephemeral public ECDSA key */ - ret = wc_ecc_init_ex(kari->senderKey, kari->heap, INVALID_DEVID); + ret = wc_ecc_init_ex(kari->senderKey, kari->heap, kari->devId); if (ret != 0) return ret; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 658b5a29c9..6108aa5833 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -190,6 +190,9 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #include #include +#ifdef WOLF_CRYPTO_DEV + #include +#endif #ifdef NO_INLINE #include #else @@ -237,8 +240,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) return BAD_FUNC_ARG; } - (void)devId; - XMEMSET(key, 0, sizeof(RsaKey)); key->type = RSA_TYPE_UNKNOWN; @@ -251,6 +252,12 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->rng = NULL; #endif +#ifdef WOLF_CRYPTO_DEV + key->devId = devId; +#else + (void)devId; +#endif + #ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_CERT_GEN XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); @@ -263,8 +270,6 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) if (ret != 0) return ret; #endif /* WC_ASYNC_ENABLE_RSA */ -#else - (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ ret = mp_init_multi(&key->n, &key->e, NULL, NULL, NULL, NULL); @@ -1619,6 +1624,15 @@ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, return BAD_FUNC_ARG; } +#ifdef WOLF_CRYPTO_DEV + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoDev_Rsa(in, inLen, out, outLen, type, key, rng); + if (ret != NOT_COMPILED_IN) + return ret; + ret = 0; /* reset error code and try using software */ + } +#endif + #ifndef NO_RSA_BOUNDS_CHECK if (type == RSA_PRIVATE_DECRYPT && key->state == RSA_STATE_DECRYPT_EXPTMOD) { diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0d2c1998a..9b2868be0b 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -64,6 +64,10 @@ #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ #pragma warning(disable: 4996) @@ -82,6 +86,10 @@ int wolfCrypt_Init(void) if (initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); + #ifdef WOLF_CRYPTO_DEV + wc_CryptoDev_Init(); + #endif + #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_HardwareStart(); if (ret != 0) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 314285f0c5..3945d57ce6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -119,6 +119,9 @@ #ifdef WOLFSSL_IMX6_CAAM_BLOB #include #endif +#ifdef WOLF_CRYPTO_DEV + #include +#endif #define WOLFSSL_MISC_INCLUDED #include @@ -341,6 +344,9 @@ int blob_test(void); #endif int misc_test(void); +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void); +#endif /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -960,6 +966,13 @@ initDefaultName(); else printf( "misc test passed!\n"); +#ifdef WOLF_CRYPTO_DEV + if ( (ret = cryptodev_test()) != 0) + return err_sys("crypto dev test failed!\n", ret); + else + printf( "crypto dev test passed!\n"); +#endif + #ifdef WOLFSSL_ASYNC_CRYPT wolfAsync_DevClose(&devId); #endif @@ -8297,7 +8310,7 @@ static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) * -101 = USER_CRYPTO_ERROR */ if (ret == 0) -#elif defined(WOLFSSL_ASYNC_CRYPT) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_DEV) /* async may not require RNG */ if (ret != 0 && ret != MISSING_RNG_E) #elif defined(HAVE_FIPS) || defined(WOLFSSL_ASYNC_CRYPT) || \ @@ -18561,6 +18574,28 @@ int misc_test(void) return 0; } +#ifdef WOLF_CRYPTO_DEV +int cryptodev_test(void) +{ + int ret = 0; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + +#ifndef NO_RSA + if (ret == 0) + ret = rsa_test(); +#endif +#ifdef HAVE_ECC + if (ret == 0) + ret = ecc_test(); +#endif + + return ret; +} +#endif /* WOLF_CRYPTO_DEV */ + + #undef ERROR_OUT #else diff --git a/wolfssl/wolfcrypt/cryptodev.h b/wolfssl/wolfcrypt/cryptodev.h new file mode 100644 index 0000000000..98be93cb4b --- /dev/null +++ b/wolfssl/wolfcrypt/cryptodev.h @@ -0,0 +1,114 @@ +/* cryptodev.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifndef _WOLF_CRYPTO_DEV_H_ +#define _WOLF_CRYPTO_DEV_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLF_CRYPTO_DEV + +#ifndef NO_RSA + #include +#endif +#ifdef HAVE_ECC + #include +#endif + +/* Crypto Information Structure for callbacks */ +typedef struct wc_CryptoInfo { + int algo_type; /* enum wc_AlgoType */ + struct { + int type; /* enum wc_PkType */ + union { + #ifndef NO_RSA + struct { + const byte* in; + word32 inLen; + byte* out; + word32* outLen; + int type; + RsaKey* key; + WC_RNG* rng; + } rsa; + #endif + #ifdef HAVE_ECC + struct { + ecc_key* private_key; + ecc_key* public_key; + byte* out; + word32* outlen; + } ecdh; + struct { + const byte* in; + word32 inlen; + byte* out; + word32 *outlen; + WC_RNG* rng; + ecc_key* key; + } eccsign; + struct { + const byte* sig; + word32 siglen; + const byte* hash; + word32 hashlen; + int* res; + ecc_key* key; + } eccverify; + #endif + }; + } pk; +} wc_CryptoInfo; + +typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + +WOLFSSL_LOCAL void wc_CryptoDev_Init(void); + +WOLFSSL_API int wc_CryptoDev_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void* ctx); +WOLFSSL_API void wc_CryptoDev_UnRegisterDevice(int devId); + + +#ifndef NO_RSA +WOLFSSL_LOCAL int wc_CryptoDev_Rsa(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +WOLFSSL_LOCAL int wc_CryptoDev_Ecdh(ecc_key* private_key, ecc_key* public_key, + byte* out, word32* outlen); + +WOLFSSL_LOCAL int wc_CryptoDev_EccSign(const byte* in, word32 inlen, byte* out, + word32 *outlen, WC_RNG* rng, ecc_key* key); + +WOLFSSL_LOCAL int wc_CryptoDev_EccVerify(const byte* sig, word32 siglen, + const byte* hash, word32 hashlen, int* res, ecc_key* key); +#endif /* HAVE_ECC */ + +#endif /* WOLF_CRYPTO_DEV */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _WOLF_CRYPTO_DEV_H_ */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index f6fdf219b1..7554c2963f 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -319,7 +319,7 @@ struct ecc_key { int slot; /* Key Slot Number (-1 unknown) */ byte pubkey_raw[ECC_MAX_CRYPTO_HW_PUBKEY_SIZE]; #endif -#ifdef PLUTON_CRYPTO_ECC +#if defined(PLUTON_CRYPTO_ECC) || defined(WOLF_CRYPTO_DEV) int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am index 6e84ed9d55..95221ef1da 100644 --- a/wolfssl/wolfcrypt/include.am +++ b/wolfssl/wolfcrypt/include.am @@ -61,7 +61,8 @@ nobase_include_HEADERS+= \ wolfssl/wolfcrypt/pkcs12.h \ wolfssl/wolfcrypt/wolfmath.h \ wolfssl/wolfcrypt/sha3.h \ - wolfssl/wolfcrypt/cpuid.h + wolfssl/wolfcrypt/cpuid.h \ + wolfssl/wolfcrypt/cryptodev.h noinst_HEADERS+= \ wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \ diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 764e2668e9..f0b4deed11 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -133,6 +133,7 @@ typedef struct PKCS7 { int encryptOID; /* key encryption algorithm OID */ int keyWrapOID; /* key wrap algorithm OID */ int keyAgreeOID; /* key agreement algorithm OID */ + int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 5cbc76770b..ecf41413d1 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -121,6 +121,9 @@ struct RsaKey { #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif +#ifdef WOLF_CRYPTO_DEV + int devId; +#endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 3329b794f6..37a982bf8d 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -102,7 +102,7 @@ (defined(LP64) || defined(_LP64)) /* LP64 with GNU GCC compiler is reserved for when long int is 64 bits * and int uses 32 bits. When using Solaris Studio sparc and __sparc are - * avialable for 32 bit detection but __sparc64__ could be missed. This + * available for 32 bit detection but __sparc64__ could be missed. This * uses LP64 for checking 64 bit CPU arch. */ typedef word64 wolfssl_word; #define WC_64BIT_CPU @@ -201,7 +201,7 @@ /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embeded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -496,6 +496,17 @@ MIN_STACK_BUFFER = 8 }; + + /* Algorithm Types */ + enum wc_AlgoType { + WC_ALGO_TYPE_NONE = 0, + WC_ALGO_TYPE_HASH = 1, + WC_ALGO_TYPE_CIPHER = 2, + WC_ALGO_TYPE_PK = 3, + + WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_PK + }; + /* hash types */ enum wc_HashType { WC_HASH_TYPE_NONE = 0, @@ -518,7 +529,7 @@ }; /* cipher types */ - enum CipherTypes { + enum wc_CipherType { WC_CIPHER_NONE = 0, WC_CIPHER_AES = 1, WC_CIPHER_AES_CBC = 2, @@ -530,10 +541,25 @@ WC_CIPHER_DES = 8, WC_CIPHER_CHACHA = 9, WC_CIPHER_HC128 = 10, + WC_CIPHER_IDEA = 11, WC_CIPHER_MAX = WC_CIPHER_HC128 }; + /* PK=public key (asymmetric) based algorithms */ + enum wc_PkType { + WC_PK_TYPE_NONE = 0, + WC_PK_TYPE_RSA = 1, + WC_PK_TYPE_DH = 2, + WC_PK_TYPE_ECDH = 3, + WC_PK_TYPE_ECDSA_SIGN = 4, + WC_PK_TYPE_ECDSA_VERIFY = 5, + WC_PK_TYPE_ED25519 = 6, + WC_PK_TYPE_CURVE25519 = 7, + + WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE25519 + }; + /* settings detection for compile vs runtime math incompatibilities */ enum { From 9a75e5cf68f883526b82f8d43d923fd6145845d9 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 14:48:10 -0700 Subject: [PATCH 02/63] Fixes in PKCS7 for handling hardware based devId and no private key. Fix to handle scenario where `kari->decoded` is allocated, but not initalized (was causing use of unitliaized in `FreeDecodedCert`). Fix to handle hardware base RSA key size. --- tests/api.c | 1 + wolfcrypt/src/pkcs7.c | 76 ++++++++++++++++++++++++++----------------- wolfcrypt/src/rsa.c | 13 +++++++- 3 files changed, 60 insertions(+), 30 deletions(-) diff --git a/tests/api.c b/tests/api.c index 2c87e39db2..b42c48804b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14537,6 +14537,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 835f58209d..1f54df3d91 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -259,7 +259,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; - + int devId; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; @@ -270,9 +270,11 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) #else heap = pkcs7->heap; #endif + devId = pkcs7->devId; XMEMSET(pkcs7, 0, sizeof(PKCS7)); pkcs7->heap = heap; + pkcs7->devId = devId; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK @@ -590,9 +592,9 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) RsaKey* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -602,11 +604,15 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, pkcs7->devId); if (ret == 0) { - idx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { ret = wc_RsaSSL_Sign(in, inSz, esd->encContentDigest, sizeof(esd->encContentDigest), @@ -638,9 +644,9 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) ecc_key* privKey = &stack_privKey; #endif - if (pkcs7 == NULL || pkcs7->privateKey == NULL || pkcs7->rng == NULL || - in == NULL || esd == NULL) + if (pkcs7 == NULL || pkcs7->rng == NULL || in == NULL || esd == NULL) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -649,13 +655,16 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) #endif ret = wc_ecc_init_ex(privKey, pkcs7->heap, pkcs7->devId); - if (ret == 0) { - idx = 0; - ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(pkcs7->privateKey, &idx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } } - if (ret == 0) { outSz = sizeof(esd->encContentDigest); ret = wc_ecc_sign_hash(in, inSz, esd->encContentDigest, @@ -1032,9 +1041,9 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7 == NULL || pkcs7->content == NULL || pkcs7->contentSz == 0 || pkcs7->encryptOID == 0 || pkcs7->hashOID == 0 || pkcs7->rng == 0 || pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0 || - pkcs7->privateKey == NULL || pkcs7->privateKeySz == 0 || - output == NULL || outputSz == 0) + output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2136,6 +2145,7 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ + byte decodedInit : 1; /* indicates decoded was intiialized */ } WC_PKCS7_KARI; @@ -2247,6 +2257,7 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfo = NULL; kari->sharedInfoSz = 0; kari->direction = direction; + kari->decodedInit = 0; kari->heap = pkcs7->heap; kari->devId = pkcs7->devId; @@ -2264,7 +2275,9 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - FreeDecodedCert(kari->decoded); + if (kari->decodedInit) { + FreeDecodedCert(kari->decoded); + } XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { @@ -2318,12 +2331,9 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, cert == NULL || certSz == 0) return BAD_FUNC_ARG; - if (kari->direction == WC_PKCS7_DECODE && - (key == NULL || keySz == 0)) - return BAD_FUNC_ARG; - /* decode certificate */ InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); + kari->decodedInit = 1; ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) return ret; @@ -2349,9 +2359,13 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, } /* get recip private key */ else if (kari->direction == WC_PKCS7_DECODE) { - - idx = 0; - ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + if (key != NULL && keySz > 0) { + idx = 0; + ret = wc_EccPrivateKeyDecode(key, &idx, kari->recipKey, keySz); + } + else if (kari->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) return ret; @@ -3722,9 +3736,14 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return ret; } - keyIdx = 0; - ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, - pkcs7->privateKeySz); + if (pkcs7->privateKey != NULL && pkcs7->privateKeySz > 0) { + keyIdx = 0; + ret = wc_RsaPrivateKeyDecode(pkcs7->privateKey, &keyIdx, privKey, + pkcs7->privateKeySz); + } + else if (pkcs7->devId == INVALID_DEVID) { + ret = BAD_FUNC_ARG; + } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); #ifdef WOLFSSL_SMALL_STACK @@ -4381,8 +4400,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, int explicitOctet; if (pkcs7 == NULL || pkcs7->singleCert == NULL || - pkcs7->singleCertSz == 0 || pkcs7->privateKey == NULL || - pkcs7->privateKeySz == 0) + pkcs7->singleCertSz == 0) return BAD_FUNC_ARG; if (pkiMsg == NULL || pkiMsgSz == 0 || diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 6108aa5833..18045d47b3 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2282,10 +2282,21 @@ int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaEncryptSize(RsaKey* key) { + int ret; + if (key == NULL) { return BAD_FUNC_ARG; } - return mp_unsigned_bin_size(&key->n); + + ret = mp_unsigned_bin_size(&key->n); + +#ifdef WOLF_CRYPTO_DEV + if (ret == 0 && key->devId != INVALID_DEVID) { + ret = 2048/8; /* hardware handles, use 2048-bit as default */ + } +#endif + + return ret; } From 72d168028e81c7041ca00325656fac8b1fc46b4d Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 15:29:33 -0700 Subject: [PATCH 03/63] Fixes to better handle PKCS7 error cases. --- tests/api.c | 4 +++- wolfcrypt/src/pkcs7.c | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/tests/api.c b/tests/api.c index b42c48804b..9d89de83cb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14535,9 +14535,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) }; /* END pkcs7EnvelopedVector */ printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()"); + + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); + testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { - AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId), 0); AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 1f54df3d91..2da4c5e159 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -2145,7 +2145,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - byte decodedInit : 1; /* indicates decoded was intiialized */ + byte decodedInit : 1; /* indicates decoded was initialized */ + byte recipKeyInit : 1; /* indicates recipKey was initialized */ + byte senderKeyInit : 1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -2258,6 +2260,8 @@ static WC_PKCS7_KARI* wc_PKCS7_KariNew(PKCS7* pkcs7, byte direction) kari->sharedInfoSz = 0; kari->direction = direction; kari->decodedInit = 0; + kari->recipKeyInit = 0; + kari->senderKeyInit = 0; kari->heap = pkcs7->heap; kari->devId = pkcs7->devId; @@ -2275,17 +2279,18 @@ static int wc_PKCS7_KariFree(WC_PKCS7_KARI* kari) heap = kari->heap; if (kari->decoded) { - if (kari->decodedInit) { + if (kari->decodedInit) FreeDecodedCert(kari->decoded); - } XFREE(kari->decoded, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKey) { - wc_ecc_free(kari->senderKey); + if (kari->senderKeyInit) + wc_ecc_free(kari->senderKey); XFREE(kari->senderKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->recipKey) { - wc_ecc_free(kari->recipKey); + if (kari->recipKeyInit) + wc_ecc_free(kari->recipKey); XFREE(kari->recipKey, heap, DYNAMIC_TYPE_PKCS7); } if (kari->senderKeyExport) { @@ -2348,6 +2353,8 @@ static int wc_PKCS7_KariParseRecipCert(WC_PKCS7_KARI* kari, const byte* cert, if (ret != 0) return ret; + kari->recipKeyInit = 1; + /* get recip public key */ if (kari->direction == WC_PKCS7_ENCODE) { @@ -2403,6 +2410,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) if (ret != 0) return ret; + kari->senderKeyInit = 1; + ret = wc_ecc_make_key_ex(rng, kari->recipKey->dp->size, kari->senderKey, kari->recipKey->dp->id); if (ret != 0) @@ -3847,6 +3856,8 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, if (ret != 0) return ret; + kari->senderKeyInit = 1; + /* length-1 for unused bits counter */ ret = wc_ecc_import_x963(pkiMsg + (*idx), length - 1, kari->senderKey); if (ret != 0) From 6f221ff75ceca49c260a0e0d2d46dd956126b357 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 23 May 2018 16:21:49 -0700 Subject: [PATCH 04/63] Fix possible leak in PKCS for failure case with small stack enabled. --- wolfcrypt/src/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 2da4c5e159..4f7e6bf0c6 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -4186,6 +4186,9 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, pkcs7->privateKeySz); if (ret != 0) { wc_PKCS7_KariFree(kari); + #ifdef WOLFSSL_SMALL_STACK + XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + #endif return ret; } From e684156a1ecff2ef3bd9a57b30f02ab8bca2a4eb Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 11 May 2018 16:11:01 +1000 Subject: [PATCH 05/63] Constant time padding and HMAC verification in TLS --- src/internal.c | 343 +++++-------- src/tls.c | 484 ++++++++++++++++++- wolfcrypt/src/misc.c | 42 ++ wolfcrypt/src/sha.c | 14 + wolfcrypt/src/sha256.c | 14 + wolfcrypt/src/sha512.c | 28 ++ wolfssl/internal.h | 11 +- wolfssl/wolfcrypt/misc.h | 9 + wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h | 2 + wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h | 2 + wolfssl/wolfcrypt/port/st/stm32.h | 2 + wolfssl/wolfcrypt/port/ti/ti-hash.h | 2 + wolfssl/wolfcrypt/sha.h | 1 + wolfssl/wolfcrypt/sha256.h | 1 + wolfssl/wolfcrypt/sha512.h | 2 + 15 files changed, 708 insertions(+), 249 deletions(-) diff --git a/src/internal.c b/src/internal.c index a65b2365c4..f7ca86595b 100644 --- a/src/internal.c +++ b/src/internal.c @@ -146,7 +146,7 @@ static const byte tls13Downgrade[7] = { #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify); + int padSz, int content, int verify); #endif @@ -11860,173 +11860,6 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) return 0; } -#ifndef NO_OLD_TLS - -static INLINE void Md5Rounds(int rounds, const byte* data, int sz) -{ - wc_Md5 md5; - int i; - - wc_InitMd5(&md5); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_Md5Update(&md5, data, sz); - wc_Md5Free(&md5); /* in case needed to release resources */ -} - - - -/* do a dummy sha round */ -static INLINE void ShaRounds(int rounds, const byte* data, int sz) -{ - wc_Sha sha; - int i; - - wc_InitSha(&sha); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) - wc_ShaUpdate(&sha, data, sz); - wc_ShaFree(&sha); /* in case needed to release resources */ -} -#endif - -#ifndef WOLFSSL_NO_TLS12 - -#ifndef NO_SHA256 - -static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha256 sha256; - int i; - - wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha256Update(&sha256, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha256Free(&sha256); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA384 - -static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha384 sha384; - int i; - - wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha384Update(&sha384, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha384Free(&sha384); /* in case needed to release resources */ -} - -#endif - - -#ifdef WOLFSSL_SHA512 - -static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) -{ - wc_Sha512 sha512; - int i; - - wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ - - for (i = 0; i < rounds; i++) { - wc_Sha512Update(&sha512, data, sz); - /* no error check on purpose, dummy round */ - } - wc_Sha512Free(&sha512); /* in case needed to release resources */ -} - -#endif - -#ifdef WOLFSSL_RIPEMD - -static INLINE void RmdRounds(int rounds, const byte* data, int sz) -{ - RipeMd ripemd; - int i; - - (void)wc_InitRipeMd(&ripemd); - - for (i = 0; i < rounds; i++) - (void)wc_RipeMdUpdate(&ripemd, data, sz); -} - -#endif - - -/* Do dummy rounds */ -static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) -{ - (void)rounds; - (void)data; - (void)sz; - - switch (type) { - case no_mac : - break; - -#ifndef NO_OLD_TLS -#ifndef NO_MD5 - case md5_mac : - Md5Rounds(rounds, data, sz); - break; -#endif - -#ifndef NO_SHA - case sha_mac : - ShaRounds(rounds, data, sz); - break; -#endif -#endif - -#ifndef NO_SHA256 - case sha256_mac : - Sha256Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA384 - case sha384_mac : - Sha384Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_SHA512 - case sha512_mac : - Sha512Rounds(rounds, data, sz); - break; -#endif - -#ifdef WOLFSSL_RIPEMD - case rmd_mac : - RmdRounds(rounds, data, sz); - break; -#endif - - default: - WOLFSSL_MSG("Bad round type"); - break; - } -} - - -/* do number of compression rounds on dummy data */ -static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) -{ - if (rounds) - DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); -} - /* check all length bytes for the pad value, return 0 on success */ static int PadCheck(const byte* a, byte pad, int length) @@ -12042,81 +11875,127 @@ static int PadCheck(const byte* a, byte pad, int length) } -/* get compression extra rounds */ -static INLINE int GetRounds(int pLen, int padLen, int t) +/* Mask the padding bytes with the expected values. + * Constant time implementation - does maximum pad size possible. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC. + * returns 0 on success, otherwise failure. + */ +static byte MaskPadding(const byte* data, int sz, int macSz) { - int roundL1 = 1; /* round up flags */ - int roundL2 = 1; + int i; + int checkSz = sz - 1; + byte paddingSz = data[sz - 1]; + byte mask; + byte good = ctMaskGT(paddingSz, sz - 1 - macSz); - int L1 = COMPRESS_CONSTANT + pLen - t; - int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; + if (checkSz > TLS_MAX_PAD_SZ) + checkSz = TLS_MAX_PAD_SZ; - L1 -= COMPRESS_UPPER; - L2 -= COMPRESS_UPPER; + for (i = 0; i < checkSz; i++) { + mask = ctMaskLTE(i, paddingSz); + good |= mask & (data[sz - 1 - i] ^ paddingSz); + } - if ( (L1 % COMPRESS_LOWER) == 0) - roundL1 = 0; - if ( (L2 % COMPRESS_LOWER) == 0) - roundL2 = 0; - - L1 /= COMPRESS_LOWER; - L2 /= COMPRESS_LOWER; - - L1 += roundL1; - L2 += roundL2; - - return L1 - L2; + return good; } +/* Mask the MAC in the message with the MAC calculated. + * Constant time implementation - starts looking for MAC where maximum padding + * size has it. + * + * data Message data. + * sz Size of the message including MAC and padding and padding length. + * macSz Size of the MAC data. + * expMac Expected MAC value. + * returns 0 on success, otherwise failure. + */ +static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) +{ + int i, j; + unsigned char mac[WC_MAX_DIGEST_SIZE]; + int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; + int macEnd = sz - 1 - data[sz - 1]; + int macStart = macEnd - macSz; + int r = 0; + unsigned char started, notEnded; + unsigned char good = 0; + + if (scanStart < 0) + scanStart = 0; + + /* Div on Intel has different speeds depending on value. + * Use a bitwise AND or mod a specific value (converted to mul). */ + if ((macSz & (macSz - 1)) == 0) + r = (macSz - (scanStart - macStart)) & (macSz - 1); +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) + r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; +#endif + + XMEMSET(mac, 0, macSz); + for (i = scanStart; i < sz; i += macSz) { + for (j = 0; j < macSz && j + i < sz; j++) { + started = ctMaskGTE(i + j, macStart); + notEnded = ctMaskLT(i + j, macEnd); + mac[j] |= started & notEnded & data[i + j]; + } + } + + if ((macSz & (macSz - 1)) == 0) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) & (macSz - 1)]; + } +#ifndef NO_SHA + else if (macSz == WC_SHA_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE]; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (macSz == WC_SHA384_DIGEST_SIZE) { + for (i = 0; i < macSz; i++) + good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE]; + } +#endif + + return good; +} /* timing resistant pad/verify check, return 0 on success */ -static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, - int pLen, int content) +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, + int pLen, int content) { byte verify[WC_MAX_DIGEST_SIZE]; - byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0}; - byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy; + byte good; int ret = 0; - (void)dmy; + good = MaskPadding(input, pLen, macSz); + ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, + content, 1); + good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); - if ( (t + padLen + 1) > pLen) { - WOLFSSL_MSG("Plain Len not long enough for pad/mac"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); + /* Non-zero on failure. */ + good = ~good; + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + /* Make ret negative on masking failure. */ + ret -= 1 - good; - return VERIFY_MAC_ERROR; - } - - if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { - WOLFSSL_MSG("PadCheck failed"); - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ - ConstantCompare(verify, input + pLen - t, t); - - return VERIFY_MAC_ERROR; - } - - PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); - ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); - - CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); - - if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { - WOLFSSL_MSG("Verify MAC compare failed"); - return VERIFY_MAC_ERROR; - } - - /* treat any faulure as verify MAC error */ + /* Treat any faulure as verify MAC error. */ if (ret != 0) ret = VERIFY_MAC_ERROR; return ret; } -#endif /* WOLFSSL_NO_TLS12 */ - int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx) { @@ -12368,8 +12247,8 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, badPadLen = 1; } PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, - content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, + content, 1); if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, digestSz) != 0) return VERIFY_MAC_ERROR; @@ -12378,7 +12257,7 @@ static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } } else if (ssl->specs.cipher_type == stream) { - ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1); + ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1); if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ return VERIFY_MAC_ERROR; } @@ -13118,7 +12997,7 @@ int SendChangeCipher(WOLFSSL* ssl) #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) + int padLen, int content, int verify) { byte result[WC_MAX_DIGEST_SIZE]; word32 digestSz = ssl->specs.hash_size; /* actual sizes */ @@ -13133,6 +13012,8 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify); + (void)padLen; + #ifdef HAVE_FUZZER if (ssl->fuzzerCb) ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx); @@ -13609,8 +13490,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ERROR_OUT(MEMORY_E, exit_buildmsg); #endif - ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz, - type, 0); + ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, + inSz, -1, type, 0); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -13619,8 +13500,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, } else #endif - ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz, - inSz, type, 0); + ret = ssl->hmac(ssl, output + args->idx, output + + args->headerSz + args->ivSz, inSz, -1, type, 0); #ifdef WOLFSSL_DTLS if (ssl->options.dtls) DtlsSEQIncrement(ssl, CUR_ORDER); diff --git a/src/tls.c b/src/tls.c index df8ac64f52..efd9bd4e08 100755 --- a/src/tls.c +++ b/src/tls.c @@ -852,13 +852,447 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, } -/* TLS type HMAC */ -int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, - int content, int verify) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + +/* Update the hash in the HMAC. + * + * hmac HMAC object. + * data Data to be hashed. + * sz Size of data to hash. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashUpdate(Hmac* hmac, const byte* data, word32 sz) { - Hmac hmac; - int ret = 0; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaUpdate(&hmac->hash.sha, data, sz); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256Update(&hmac->hash.sha256, data, sz); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384Update(&hmac->hash.sha384, data, sz); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512Update(&hmac->hash.sha512, data, sz); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the hash but don't put the EOC, padding or length in. + * + * hmac HMAC object. + * hash Hash result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_HashFinalRaw(Hmac* hmac, unsigned char* hash) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_ShaFinalRaw(&hmac->hash.sha, hash); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_Sha256FinalRaw(&hmac->hash.sha256, hash); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_Sha384FinalRaw(&hmac->hash.sha384, hash); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_Sha512FinalRaw(&hmac->hash.sha512, hash); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Finalize the HMAC by performing outer hash. + * + * hmac HMAC object. + * mac MAC result. + * returns 0 on success, otherwise failure. + */ +static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) +{ + int ret = BAD_FUNC_ARG; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + ret = wc_InitSha(&hmac->hash.sha); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->opad, + WC_SHA_BLOCK_SIZE); + if (ret == 0) + ret = wc_ShaUpdate(&hmac->hash.sha, (byte*)hmac->innerHash, + WC_SHA_DIGEST_SIZE); + if (ret == 0) + ret = wc_ShaFinal(&hmac->hash.sha, mac); + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + ret = wc_InitSha256(&hmac->hash.sha256); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, (byte*)hmac->opad, + WC_SHA256_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha256Update(&hmac->hash.sha256, + (byte*)hmac->innerHash, + WC_SHA256_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha256Final(&hmac->hash.sha256, mac); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + ret = wc_InitSha384(&hmac->hash.sha384); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, (byte*)hmac->opad, + WC_SHA384_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha384Update(&hmac->hash.sha384, + (byte*)hmac->innerHash, + WC_SHA384_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha384Final(&hmac->hash.sha384, mac); + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + ret = wc_InitSha512(&hmac->hash.sha512); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512,(byte*)hmac->opad, + WC_SHA512_BLOCK_SIZE); + if (ret == 0) + ret = wc_Sha512Update(&hmac->hash.sha512, + (byte*)hmac->innerHash, + WC_SHA512_DIGEST_SIZE); + if (ret == 0) + ret = wc_Sha512Final(&hmac->hash.sha512, mac); + break; + #endif /* WOLFSSL_SHA512 */ + } + + return ret; +} + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using wc_Sha*FinalRaw(). + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte lenBytes[8]; + int i, j, k; + int blockBits, blockMask; + int realLen, lastBlockLen, macLen, extraLen, eocIndex; + int blocks, safeBlocks, lenBlock, eocBlock; + int maxLen; + int blockSz, padSz; + int ret; + byte extraBlock; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macLen = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macLen = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + default: + return BAD_FUNC_ARG; + } + blockMask = blockSz - 1; + + /* Size of data to HMAC if padding length byte is zero. */ + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + /* Complete data (including padding) has block for EOC and/or length. */ + extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + /* Total number of blocks for data including padding. */ + blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + /* Up to last 6 blocks can be hashed safely. */ + safeBlocks = blocks - 6; + + /* Length of message data. */ + realLen = maxLen - in[sz - 1]; + /* Number of message bytes in last block. */ + lastBlockLen = realLen & blockMask; + /* Number of padding bytes in last block. */ + extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; + /* Number of blocks to create for hash. */ + lenBlock = (realLen + extraLen) >> blockBits; + /* Block containing EOC byte. */ + eocBlock = realLen >> blockBits; + /* Index of EOC byte in block. */ + eocIndex = realLen & blockMask; + + /* Add length of hmac's ipad to total length. */ + realLen += blockSz; + /* Length as bits - 8 bytes bigendian. */ + c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); + c32toa(realLen << 3, lenBytes + sizeof(word32)); + + ret = Hmac_HashUpdate(hmac, (unsigned char*)hmac->ipad, blockSz); + if (ret != 0) + return ret; + + XMEMSET(hmac->innerHash, 0, macLen); + + if (safeBlocks > 0) { + ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret != 0) + return ret; + } + else + safeBlocks = 0; + + XMEMSET(digest, 0, macLen); + k = safeBlocks * blockSz; + for (i = safeBlocks; i < blocks; i++) { + unsigned char hashBlock[WC_MAX_BLOCK_SIZE]; + unsigned char isEocBlock = ctMaskEq(i, eocBlock); + unsigned char isOutBlock = ctMaskEq(i, lenBlock); + + for (j = 0; j < blockSz; j++, k++) { + unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock; + unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; + unsigned char b = 0; + + if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + b = header[k]; + else if (k < maxLen) + b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + + b = ctMaskSel(atEoc, b, 0x80); + b &= ~pastEoc; + b &= ~isOutBlock | isEocBlock; + + if (j >= blockSz - 8) { + b = ctMaskSel(isOutBlock, b, lenBytes[j - (blockSz - 8)]); + } + + hashBlock[j] = b; + } + + ret = Hmac_HashUpdate(hmac, hashBlock, blockSz); + if (ret != 0) + return ret; + ret = Hmac_HashFinalRaw(hmac, hashBlock); + if (ret != 0) + return ret; + for (j = 0; j < macLen; j++) + ((unsigned char*)hmac->innerHash)[j] |= hashBlock[j] & isOutBlock; + } + + ret = Hmac_OuterHash(hmac, digest); + + return ret; +} + +#endif + +#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || defined(HAVE_BLAKE2) + +/* Calculate the HMAC of the header + message data. + * Constant time implementation using normal hashing operations. + * Update-Final need to be constant time. + * + * hmac HMAC object. + * digest MAC result. + * in Message data. + * sz Size of the message data. + * header Constructed record header with length of handshake data. + * returns 0 on success, otherwise failure. + */ +static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, + word32 sz, byte* header) +{ + byte dummy[WC_MAX_BLOCK_SIZE] = {0}; + int ret; + word32 msgSz, blockSz, macSz, padSz, maxSz, realSz; + word32 currSz, offset; + int msgBlocks, blocks, blockBits; + int i; + + switch (hmac->macType) { + #ifndef NO_SHA + case WC_SHA: + blockSz = WC_SHA_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA_DIGEST_SIZE; + padSz = WC_SHA_BLOCK_SIZE - WC_SHA_PAD_SIZE + 1; + break; + #endif /* !NO_SHA */ + + #ifndef NO_SHA256 + case WC_SHA256: + blockSz = WC_SHA256_BLOCK_SIZE; + blockBits = 6; + macSz = WC_SHA256_DIGEST_SIZE; + padSz = WC_SHA256_BLOCK_SIZE - WC_SHA256_PAD_SIZE + 1; + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + blockSz = WC_SHA384_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA384_DIGEST_SIZE; + padSz = WC_SHA384_BLOCK_SIZE - WC_SHA384_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA384 */ + + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + blockSz = WC_SHA512_BLOCK_SIZE; + blockBits = 7; + macSz = WC_SHA512_DIGEST_SIZE; + padSz = WC_SHA512_BLOCK_SIZE - WC_SHA512_PAD_SIZE + 1; + break; + #endif /* WOLFSSL_SHA512 */ + + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + blockSz = BLAKE2B_BLOCKBYTES; + blockBits = 7; + macSz = BLAKE2B_256; + padSz = 0; + break; + #endif /* HAVE_BLAK2 */ + + default: + return BAD_FUNC_ARG; + } + + msgSz = sz - (1 + in[sz - 1] + macSz); + /* Make negative result 0 */ + msgSz &= ~(0 - (msgSz >> 31)); + realSz = WOLFSSL_TLS_HMAC_INNER_SZ + msgSz; + maxSz = WOLFSSL_TLS_HMAC_INNER_SZ + (sz - 1) - macSz; + + /* Calculate #blocks processed in HMAC for max and real data. */ + blocks = maxSz >> blockBits; + blocks += ((maxSz + padSz) % blockSz) < padSz; + msgBlocks = realSz >> blockBits; + /* #Extra blocks to process. */ + blocks -= msgBlocks + (((realSz + padSz) % blockSz) < padSz); + /* Calculate whole blocks. */ + msgBlocks--; + + ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + if (ret == 0) { + /* Fill the rest of the block with any available data. */ + currSz = ctMaskLT(msgSz, blockSz) & msgSz; + currSz |= ctMaskGTE(msgSz, blockSz) & blockSz; + currSz -= WOLFSSL_TLS_HMAC_INNER_SZ; + currSz &= ~(0 - (currSz >> 31)); + ret = wc_HmacUpdate(hmac, in, currSz); + offset = currSz; + } + if (ret == 0) { + /* Do the hash operations on a block basis. */ + for (i = 0; i < msgBlocks; i++, offset += blockSz) { + ret = wc_HmacUpdate(hmac, in + offset, blockSz); + if (ret != 0) + break; + } + } + if (ret == 0) + ret = wc_HmacUpdate(hmac, in + offset, msgSz - offset); + if (ret == 0) + ret = wc_HmacFinal(hmac, digest); + if (ret == 0) { + /* Do the dummy hash operations. Do at least one. */ + for (i = 0; i < blocks + 1; i++) { + ret = wc_HmacUpdate(hmac, dummy, blockSz); + if (ret != 0) + break; + } + } + + return ret; +} + +#endif + +int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, + int content, int verify) +{ + Hmac hmac; + byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + int ret = 0; if (ssl == NULL) return BAD_FUNC_ARG; @@ -875,14 +1309,40 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, return ret; ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), - wolfSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); + wolfSSL_GetMacSecret(ssl, verify), + ssl->specs.hash_size); if (ret == 0) { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); - if (ret == 0) - ret = wc_HmacUpdate(&hmac, in, sz); /* content */ - if (ret == 0) - ret = wc_HmacFinal(&hmac, digest); + /* Constant time verification required. */ + if (verify && padSz >= 0) { +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) + #ifdef HAVE_BLAKE2 + if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } + else + #endif + { + ret = Hmac_UpdateFinal_CT(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); + } +#else + ret = Hmac_UpdateFinal(&hmac, digest, in, sz + + ssl->specs.hash_size + padSz + 1, + myInner); +#endif + } + else { + ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret == 0) + ret = wc_HmacUpdate(&hmac, in, sz); /* content */ + if (ret == 0) + ret = wc_HmacFinal(&hmac, digest); + } } + wc_HmacFree(&hmac); return ret; diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 8cfe780aea..f5017e356c 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -311,6 +311,48 @@ STATIC INLINE word32 btoi(byte b) } +/* Constant time - mask set when a > b. */ +STATIC INLINE byte ctMaskGT(int a, int b) +{ + return (((word32)a - b - 1) >> 31) - 1; +} + +/* Constant time - mask set when a >= b. */ +STATIC INLINE byte ctMaskGTE(int a, int b) +{ + return (((word32)a - b ) >> 31) - 1; +} + +/* Constant time - mask set when a < b. */ +STATIC INLINE byte ctMaskLT(int a, int b) +{ + return (((word32)b - a - 1) >> 31) - 1; +} + +/* Constant time - mask set when a <= b. */ +STATIC INLINE byte ctMaskLTE(int a, int b) +{ + return (((word32)b - a ) >> 31) - 1; +} + +/* Constant time - mask set when a == b. */ +STATIC INLINE byte ctMaskEq(int a, int b) +{ + return 0 - (a == b); +} + +/* Constant time - select b when mask is set and a otherwise. */ +STATIC INLINE byte ctMaskSel(byte m, byte a, byte b) +{ + return (a & ~m) | (b & m); +} + +/* Constant time - bit set when a <= b. */ +STATIC INLINE byte ctSetLTE(int a, int b) +{ + return ((word32)a - b - 1) >> 31; +} + #undef STATIC diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 3a4a973763..15fc5e9a3d 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -431,6 +431,20 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) return 0; } +int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) +{ + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA_DIGEST_SIZE); +#endif + + return 0; +} + int wc_ShaFinal(wc_Sha* sha, byte* hash) { byte* local; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 731e1605fd..c6be6a40e8 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -765,6 +765,20 @@ static int InitSha256(wc_Sha256* sha256) return XTRANSFORM(sha256); } + int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) + { + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA256_DIGEST_SIZE); + #endif + + return 0; + } + int wc_Sha256Final(wc_Sha256* sha256, byte* hash) { int ret; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 9def455764..7b14a59eb7 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -695,6 +695,20 @@ static INLINE int Sha512Final(wc_Sha512* sha512) return 0; } +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); +#if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA512_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha512Final(wc_Sha512* sha512, byte* hash) { int ret; @@ -2588,6 +2602,20 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) } +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); +#if defined(LITTLE_ENDIAN_ORDER) + ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA384_DIGEST_SIZE); +#endif + + return 0; +} + int wc_Sha384Final(wc_Sha384* sha384, byte* hash) { int ret; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index c9ef6413d4..7b15cf3076 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1095,10 +1095,6 @@ enum Misc { PAD_MD5 = 48, /* pad length for finished */ PAD_SHA = 40, /* pad length for finished */ MAX_PAD_SIZE = 256, /* maximum length of padding */ - COMPRESS_DUMMY_SIZE = 64, /* compression dummy round size */ - COMPRESS_CONSTANT = 13, /* compression calc constant */ - COMPRESS_UPPER = 55, /* compression calc numerator */ - COMPRESS_LOWER = 64, /* compression calc denominator */ LENGTH_SZ = 2, /* length field for HMAC, data only */ VERSION_SZ = 2, /* length of proctocol version */ @@ -1181,6 +1177,7 @@ enum Misc { OPAQUE8_LEN + WC_MAX_DIGEST_SIZE, MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ + TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ #ifdef HAVE_FIPS MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE, @@ -1550,6 +1547,8 @@ WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 helloSz, byte* extMsgType); #endif +int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t, + int pLen, int content); enum { @@ -2853,7 +2852,7 @@ WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); -typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int); +typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int); #ifndef NO_CLIENT_CACHE WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int); @@ -3942,7 +3941,7 @@ WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength); #ifndef NO_TLS WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*); WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, - word32 sz, int content, int verify); + word32 sz, int padSz, int content, int verify); #endif #ifndef NO_WOLFSSL_CLIENT diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index ea86dd7076..7cf4cff2af 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -91,6 +91,15 @@ void ato24(const byte* c, word32* u24); void ato32(const byte* c, word32* u32); word32 btoi(byte b); + +WOLFSSL_LOCAL byte ctMaskGT(int a, int b); +WOLFSSL_LOCAL byte ctMaskGTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskLT(int a, int b); +WOLFSSL_LOCAL byte ctMaskLTE(int a, int b); +WOLFSSL_LOCAL byte ctMaskEq(int a, int b); +WOLFSSL_LOCAL byte ctMaskSel(byte m, byte a, byte b); +WOLFSSL_LOCAL byte ctSetLTE(int a, int b); + #endif /* NO_INLINE */ diff --git a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h index cb4b087811..95ddf55bfa 100644 --- a/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h +++ b/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h @@ -28,6 +28,8 @@ #include +#define WOLFSSL_NO_HASH_RAW + #ifndef WC_CAAM_CTXLEN /* last 8 bytes of context is for length */ #define WC_CAAM_CTXLEN 8 diff --git a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h index 1eae5837af..354c832c4c 100644 --- a/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h +++ b/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h @@ -196,6 +196,8 @@ int wc_Pic32DesCrypt(word32 *key, int keyLen, word32 *iv, int ivLen, #endif #ifdef WOLFSSL_PIC32MZ_HASH +#define WOLFSSL_NO_HASH_RAW + int wc_Pic32Hash(const byte* in, int inLen, word32* out, int outLen, int algo); int wc_Pic32HashCopy(hashUpdCache* src, hashUpdCache* dst); #endif diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index 2c82b4760a..40629aaf65 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -24,6 +24,8 @@ #ifdef STM32_HASH +#define WOLFSSL_NO_HASH_RAW + /* Generic STM32 Hashing Function */ /* Supports CubeMX HAL or Standard Peripheral Library */ diff --git a/wolfssl/wolfcrypt/port/ti/ti-hash.h b/wolfssl/wolfcrypt/port/ti/ti-hash.h index 361993896b..d42404e01e 100644 --- a/wolfssl/wolfcrypt/port/ti/ti-hash.h +++ b/wolfssl/wolfcrypt/port/ti/ti-hash.h @@ -33,6 +33,8 @@ #define WOLFSSL_MAX_HASH_SIZE 64 #endif +#define WOLFSSL_NO_HASH_RAW + typedef struct { byte *msg; word32 used; diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 6d08cf5ebd..5357cce6fb 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -122,6 +122,7 @@ typedef struct wc_Sha { WOLFSSL_API int wc_InitSha(wc_Sha*); WOLFSSL_API int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); WOLFSSL_API int wc_ShaUpdate(wc_Sha*, const byte*, word32); +WOLFSSL_API int wc_ShaFinalRaw(wc_Sha*, byte*); WOLFSSL_API int wc_ShaFinal(wc_Sha*, byte*); WOLFSSL_API void wc_ShaFree(wc_Sha*); diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 3409b5151c..4667143fea 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -139,6 +139,7 @@ typedef struct wc_Sha256 { WOLFSSL_API int wc_InitSha256(wc_Sha256*); WOLFSSL_API int wc_InitSha256_ex(wc_Sha256*, void*, int); WOLFSSL_API int wc_Sha256Update(wc_Sha256*, const byte*, word32); +WOLFSSL_API int wc_Sha256FinalRaw(wc_Sha256*, byte*); WOLFSSL_API int wc_Sha256Final(wc_Sha256*, byte*); WOLFSSL_API void wc_Sha256Free(wc_Sha256*); diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index 315f56df0d..88ea524577 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -112,6 +112,7 @@ typedef struct wc_Sha512 { WOLFSSL_API int wc_InitSha512(wc_Sha512*); WOLFSSL_API int wc_InitSha512_ex(wc_Sha512*, void*, int); WOLFSSL_API int wc_Sha512Update(wc_Sha512*, const byte*, word32); +WOLFSSL_API int wc_Sha512FinalRaw(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512Free(wc_Sha512*); @@ -144,6 +145,7 @@ typedef wc_Sha512 wc_Sha384; WOLFSSL_API int wc_InitSha384(wc_Sha384*); WOLFSSL_API int wc_InitSha384_ex(wc_Sha384*, void*, int); WOLFSSL_API int wc_Sha384Update(wc_Sha384*, const byte*, word32); +WOLFSSL_API int wc_Sha384FinalRaw(wc_Sha384*, byte*); WOLFSSL_API int wc_Sha384Final(wc_Sha384*, byte*); WOLFSSL_API void wc_Sha384Free(wc_Sha384*); From fb7d74c19761a0a00b54f1c8c22ede63c027547f Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 25 May 2018 09:01:44 +1000 Subject: [PATCH 06/63] FinalRaw parameter hash may not be aligned. --- wolfcrypt/src/sha.c | 10 ++++++++-- wolfcrypt/src/sha256.c | 11 +++++++++-- wolfcrypt/src/sha512.c | 22 ++++++++++++++++++---- 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 15fc5e9a3d..d800e2d9b9 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -433,13 +433,19 @@ int wc_ShaUpdate(wc_Sha* sha, const byte* data, word32 len) int wc_ShaFinalRaw(wc_Sha* sha, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; +#endif + if (sha == NULL || hash == NULL) { return BAD_FUNC_ARG; } - XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); #ifdef LITTLE_ENDIAN_ORDER - ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA_DIGEST_SIZE); + ByteReverseWords((word32*)digest, (word32*)sha->digest, WC_SHA_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA_DIGEST_SIZE); +#else + XMEMCPY(hash, sha->digest, WC_SHA_DIGEST_SIZE); #endif return 0; diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index c6be6a40e8..bd234c4f0a 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -767,13 +767,20 @@ static int InitSha256(wc_Sha256* sha256) int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + #endif + if (sha256 == NULL || hash == NULL) { return BAD_FUNC_ARG; } + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); - #if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords((word32*)hash, (word32*)hash, WC_SHA256_DIGEST_SIZE); #endif return 0; diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 7b14a59eb7..a39bd8379d 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -697,13 +697,20 @@ static INLINE int Sha512Final(wc_Sha512* sha512) int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; +#endif + if (sha512 == NULL || hash == NULL) { return BAD_FUNC_ARG; } +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA512_DIGEST_SIZE); +#else XMEMCPY(hash, sha512->digest, WC_SHA512_DIGEST_SIZE); -#if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA512_DIGEST_SIZE); #endif return 0; @@ -2604,13 +2611,20 @@ int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) { +#ifdef LITTLE_ENDIAN_ORDER + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; +#endif + if (sha384 == NULL || hash == NULL) { return BAD_FUNC_ARG; } +#ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); +#else XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE); -#if defined(LITTLE_ENDIAN_ORDER) - ByteReverseWords64((word64*)hash, (word64*)hash, WC_SHA384_DIGEST_SIZE); #endif return 0; From fc482235b0bebf4285ef09bf631c477ebf4b6fe0 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 09:11:44 -0700 Subject: [PATCH 07/63] Improved the CryptoDev test to include example callback with context. --- wolfcrypt/test/test.c | 101 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3945d57ce6..5c442435e0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18575,12 +18575,110 @@ int misc_test(void) } #ifdef WOLF_CRYPTO_DEV + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* example, not used */ +} myCryptoDevCtx; + + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + } + #endif /* HAVE_ECC */ + } + + (void)myCtx; + + return ret; +} + int cryptodev_test(void) { int ret = 0; + myCryptoDevCtx myCtx; + + /* example data for callback */ + myCtx.exampleVar = 1; /* set devId to something other than INVALID_DEVID */ devId = 1; + ret = wc_CryptoDev_RegisterDevice(devId, myCryptoDevCb, &myCtx); #ifndef NO_RSA if (ret == 0) @@ -18591,6 +18689,9 @@ int cryptodev_test(void) ret = ecc_test(); #endif + /* reset devId */ + devId = INVALID_DEVID; + return ret; } #endif /* WOLF_CRYPTO_DEV */ From d7b560f2aba1629b5dc0bf6190bd19cdfe4b7c96 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 12:44:55 -0700 Subject: [PATCH 08/63] Fix for scan-build warning about value being stored and not used. Changed the `wc_RsaFunction` API to public. Added ability to expose `wc_RsaDirect` with new define `WC_RSA_DIRECT`. --- wolfcrypt/src/ecc.c | 1 - wolfcrypt/src/rsa.c | 4 ++-- wolfssl/wolfcrypt/rsa.h | 6 +++++- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index d53847ae7a..6bf7a58519 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2802,7 +2802,6 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, err = wc_CryptoDev_Ecdh(private_key, public_key, out, outlen); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 18045d47b3..7d10551726 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1517,7 +1517,7 @@ static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, } #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ -#ifdef WC_RSA_NO_PADDING +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) /* Function that does the RSA operation directly with no padding. * * in buffer to do operation on @@ -1611,7 +1611,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, return ret; } -#endif /* WC_RSA_NO_PADDING */ +#endif /* WC_RSA_DIRECT || WC_RSA_NO_PADDING */ int wc_RsaFunction(const byte* in, word32 inLen, byte* out, diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index ecf41413d1..e2337c77ae 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -152,7 +152,7 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ -WOLFSSL_LOCAL int wc_RsaFunction(const byte* in, word32 inLen, byte* out, +WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -238,9 +238,13 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); +#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); +#endif + #endif /* HAVE_FIPS*/ + WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, From 33d416a060e2c3a57d829b600c8552e519ac003e Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 30 May 2018 13:23:08 -0700 Subject: [PATCH 09/63] Fix two more scan-build issues with set but not used. --- wolfcrypt/src/ecc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 6bf7a58519..7ecaaeff6e 100755 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3658,7 +3658,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, err = wc_CryptoDev_EccSign(in, inlen, out, outlen, rng, key); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif @@ -4317,7 +4316,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, err = wc_CryptoDev_EccVerify(sig, siglen, hash, hashlen, res, key); if (err != NOT_COMPILED_IN) return err; - err = 0; /* reset error code and try using software */ } #endif From 6a2c30e5931201e36c91f1ed1703075842b16faa Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 30 May 2018 17:11:38 -0700 Subject: [PATCH 10/63] Release v3.15.0 1. Update configure.ac for new version. 2. Update the version header. 3. Update the README files with the new changelog. 4. Moved all previous change logs from README files to NEWS files. --- NEWS | 1917 +++++++++++++++++++++++++++++++++++++++++++++ NEWS.md | 1908 ++++++++++++++++++++++++++++++++++++++++++++ README | 1911 ++++---------------------------------------- README.md | 1903 +++----------------------------------------- configure.ac | 26 +- wolfssl/version.h | 4 +- 6 files changed, 4065 insertions(+), 3604 deletions(-) create mode 100644 NEWS.md diff --git a/NEWS b/NEWS index e69de29bb2..2cf67a6ac7 100644 --- a/NEWS +++ b/NEWS @@ -0,0 +1,1917 @@ +wolfSSL Release 3.15.0 (05/01/2018) + +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: + +- Support for TLS 1.3 Draft versions 23, 26 and 28. +- Improved downgrade support for TLS 1.3. +- Improved TLS 1.3 support from interoperability testing. +- Single Precision assembly code added for ARM and 64-bit ARM. +- Improved performance for Single Precision maths on 32-bit. +- Allow TLS 1.2 to be compiled out. +- Ed25519 support in TLS 1.2 and 1.3. +- Update wolfSSL_HMAC_Final() so the length parameter is optional. +- Various fixes for Coverity static analysis reports. +- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +- Switch LowResTimer() to call XTIME instead of time(0) for better portability. +- Expanded OpenSSL compatibility layer. +- Added Renesas CS+ project files. +- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +- Add build option for CAVP self test build (--enable-selftest). +- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +- Add FIPS SGX support. +- Example certificate expiration dates and generation script updated. +- Additional optimizations to trim out unused strings depending on build + options. +- Fix for DN tag strings to have “=” when returning the string value to users. +- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are + in the queue. +- Fix for AES-CBC IV value with PIC32 hardware acceleration. +- Fix for wolfSSL_X509_print with ECC certificates. +- Fix for strict checking on URI absolute vs relative path. +- Added crypto device framework to handle PK RSA/ECC operations using + callbacks, which adds new build option `./configure --enable-cryptodev` or + `WOLF_CRYPTO_DEV`. +- Added devId support to ECC and PKCS7 for hardware based private key. +- Fixes in PKCS7 for handling possible memory leak in some error cases. +- Added test for invalid cert common name when set with + `wolfSSL_check_domain_name`. +- Refactor of the cipher suite names to use single array, which contains + internal name, IANA name and cipher suite bytes. +- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA + cipher suite name using bytes. +- Fixes for fsanitize reports. +- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check + returned size. +- Fixes and improvements for FreeRTOS AWS. +- Fixes for building openssl compatibility with FreeRTOS. +- Fix and new test for handling match on domain name that may have a null + terminator inside. +- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use + single macro `CloseSocket`. +- Refactor of the TLSX code to support returning error codes. +- Added new signature wrapper functions `wc_SignatureVerifyHash` and + `wc_SignatureGenerateHash` to allow direct use of hash. +- Improvement to GCC-ARM IDE example. +- Enhancements and cleanups for the ASN date/time code including new API's + `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` + to force C99. +- Added a new `--enable-opensslall` option to enable all openssl compatibility + features. +- Added new `--enable-webclient` option for enabling a few HTTP API's. +- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` + to asn.c and renamed to `wc_`. Added backwards compatibility macro for old + function names. +- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for + encrypted PEM private keys using password callback without having to use + opensslextra. +- Added ForceZero on the password buffer after done using it. +- Refactor unique hash types to use same internal values + (ex WC_MD5 == WC_HASH_TYPE_MD5). +- Refactor the Sha3 types to use `wc_` naming, while retaining old names for + compatibility. +- Improvements to `wc_PBKDF1` to support more hash types and the non-standard + extra data option. +- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +- Fix for `HAVE_EXT_CACHE` callbacks not being available without + `OPENSSL_EXTRA` defined. +- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to + macro order. +- Added support for building and using PKCS7 without RSA (assuming ECC is + enabled). +- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC + (SHA-224 and SHA3). +- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration + option to enable Base16 API's. +- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` + defined. +- Refactor IO callback function names to use `_CTX_` to eliminate confusion + about the first parameter. +- Added support for not loading a private key for server or client when + `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for + a key size. +- Cleanup ECC point import/export code and added new API + `wc_ecc_import_unsigned`. +- Fixes for handling OCSP with non-blocking. +- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new + callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and + `wolfSSL_CTX_SetRsaPssVerifySignCb`. +- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and + encodes them into ECDSA signature format. +- Added support for `WOLFSSL_STM32F1`. +- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +- Add copyright notice to autoconf files. (Thanks Brian Aker!) +- Updated the M4 files for autotools. (Thanks Brian Aker!) +- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with + test cases. (Thanks Thivya Ashok!) +- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, + section 2. (Thanks Thivya Ashok!) +- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be + agnostic to network socket behavior for TLS. (DTLS is another matter.) + The functions `wolfSSL_set_using_nonblock()` and + `wolfSSL_get_using_nonblock()` are deprecated. +- Hush the AR warning when building the static library with autotools. +- Hush the “-pthread” warning when building in some environments. +- Added a dist-hook target to the Makefile to reset the default options.h file. +- Removed the need for the darwin-clang.m4 file with the updates provided by + Brian A. +- Renamed the AES assembly file so GCC on the Mac will build it using the + preprocessor. +- Add a disable option (--disable-optflags) to turn off the default + optimization flags so user may supply their own custom flags. +- Correctly touch the dummy fips.h header. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL Release 3.14.0 (3/02/2018) + +Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: + +- TLS 1.3 draft 22 and 23 support added +- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +- Added i.MX CAAM driver support with Integrity OS support +- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +- Fix for signature type detection with PKCS7 RSA SignedData +- Public key call back functions added for DH Agree +- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +- API added for importing and exporting raw DSA parameters +- Updated DSA key generation to be FIPS 186-4 compliant +- Fix for wolfSSL_check_private_key when comparing ECC keys +- Support for AES Cipher Feedback(CFB) mode added +- Updated RSA key generation to be FIPS 186-4 compliant +- Update added for the ARM CMSIS software pack +- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +- Performance improvements for AES-GCM with AVX1 and AVX2 +- Fix for possible memory leak on error case with wc_RsaKeyToDer function +- Make wc_PKCS7_PadData function available +- Updates made to building SGX on Linux +- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +- Update static memory feature for FREERTOS use +- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +- Update NGINX port to version 1.13.8 +- Support for HMAC-SHA3 added +- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +- Option to have ecc_mul2add function public facing +- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +- Support for indefinite length BER encodings in PKCS7 +- Added API for additional validation of prime q in a public DH key +- Added support for RSA encrypt and decrypt without padding + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +- Fixes for TLS 1.3, support for Draft 21 +- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +- New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +- New option for memory reduced build (--enable-lowresource) +- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +- SHA-3 size and performance optimizations +- Fixes for Intel AVX2 builds on Mac/OSX +- Intel assembly for Curve25519, and Ed25519 performance optimizations +- New option to force 32-bit mode with “--enable-32bit” +- New option to disable all inline assembly with “--disable-asm” +- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +- Fixes for handling of unsupported TLS extensions. +- Fixes for compiling AES-GCM code with GCC 4.8.* +- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +- Fixes for building without a filesystem +- Removes 3DES and SHA1 dependencies from PKCS#7 +- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +- Add ability to get client-side SNI +- Expanded OpenSSL compatibility layer +- Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +- Adds static memory support to the wolfSSL example client +- Fixes for sniffer to use TLS 1.2 client method +- Adds option to wolfCrypt benchmark to benchmark individual algorithms +- Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +- Updated Texas Instruments TI-RTOS build +- Updated STM32 CubeMX build with fixes for SHA +- Updated IAR EWARM project files +- Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + + https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) + +Release 3.12.2 of wolfSSL has bug fixes and new features including: + +This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. + +- Added TLS extension for Supported Point Formats (ec_point_formats) +- Fix to not send OCSP stapling extensions in client_hello when not enabled +- Added new API's for disabling OCSP stapling +- Add check for SIZEOF_LONG with sun and LP64 +- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +- Fix to disallow upgrading to TLS v1.3 +- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +- Add HMAC benchmark and expanded AES key size benchmarks +- Added simple GCC ARM Makefile example +- Add tests for 3072-bit RSA and DH. +- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +- Fixes to allow custom serial number during certificate generation +- Add method to get WOLFSSL_CTX certificate manager +- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +- Fixes for HAVE_INTEL_MULX +- Cleanup include paths for MySQL cmake build +- Added configure option for building library for wolfSSH (--enable-wolfssh) +- Openssl compatibility layer improvements +- Expanded API unit tests +- Fixes for STM32 crypto hardware acceleration +- Added AES XTS mode (--enable-xts) +- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +- Math updates and added TFM_MIPS speedup. +- Fix for creation of the KeyUsage BitString +- Fix for 8k keys with MySQL compatibility +- Fixes for ATECC508A. +- Fixes for PIC32MZ hashing. +- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +- Update HASH_DRBG Reseed mechanism and add test case +- Rename the file io.h/io.c to wolfio.h/wolfio.c +- Cleanup the wolfIO_Send function. +- OpenSSL Compatibility Additions and Fixes +- Improvements to Visual Studio DLL project/solution. +- Added function to generate public ECC key from private key +- Added async blocking support for sniffer tool. +- Added wolfCrypt hash tests for empty string and large data. +- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +- Updated Micrium uC/OS-III Port +- Updated root certs for OCSP scripts +- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +- Speedups for AES GCM with AESNI (--enable-aesni) +- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 + + +********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) + +Release 3.12.0 of wolfSSL has bug fixes and new features including: + +- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) +- TLS 1.3 0RTT feature added +- Added port for using Intel SGX with Linux +- Update and fix PIC32MZ port +- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 +- AVX and AVX2 assembly for improved ChaCha20 performance +- Intel QAT fixes for when using --disable-fastmath +- Update how DTLS handles decryption and MAC failures +- Update DTLS session export version number for --enable-sessionexport feature +- Add additional input argument sanity checks to ARMv8 assembly port +- Fix for making PKCS12 dynamic types match +- Fixes for potential memory leaks when using --enable-fast-rsa +- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test +- Update TI-RTOS port for dependency on new wolfSSL source files +- DTLS multicast feature added, --enable-mcast +- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist +- Improvements and enhancements to Intel QuickAssist support +- Added Xilinx port +- Added SHA3 Keccak feature, --enable-sha3 +- Expand wolfSSL Python wrapper to now include a client side implementation +- Adjust example servers to not treat a peer closed error as a hard error +- Added more sanity checks to fp_read_unsigned_bin function +- Add SHA224 and AES key wrap to ARMv8 port +- Update MQX classics and mmCAU ports +- Fix for potential buffer over read with wolfSSL_CertPemToDer +- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber +- Fix ThreadX/NetX warning +- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP +- Added RSA PSS sign and verify +- Fix for STM32F4 AES-GCM +- Added enable all feature (--enable-all) +- Added trackmemory feature (--enable-trackmemory) +- Fixes for AES key wrap and PKCS7 on Windows VS +- Added benchmark block size argument +- Support use of staticmemory with PKCS7 +- Fix for Blake2b build with GCC 5.4 +- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. +- Added warning when compiling without hardened math operations + + +Note: +There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. +If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. + +This release of wolfSSL fixes 1 low level security vulnerability. + +Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) + +Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: + +- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support + +This is strictly a BETA release, and designed for testing and user feedback. +Please send any comments, testing results, or feedback to wolfSSL at +support@wolfssl.com. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) + +Release 3.11.0 of wolfSSL has bug fixes and new features including: + +- Code updates for warnings reported by Coverity scans +- Testing and warning fixes for FreeBSD on PowerPC +- Updates and refactoring done to ASN1 parsing functions +- Change max PSK identity buffer to account for an identity length of 128 characters +- Update Arduino script to handle recent files and additions +- Added support for PKCS#7 Signed Data with ECDSA +- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions +- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. +- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) +- Added support for HAproxy load balancer +- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) +- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types +- Fix to not send session ID on server side if session cache is off unless we're echoing +session ID as part of session tickets +- Fixes for ensuring all default ciphers are setup correctly (see PR #830) +- Added NXP Hexiwear example in `IDE/HEXIWEAR`. +- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access +- Fixes for TLS elliptic curve selection on private key import. +- Fixes for RNG with Intel rdrand and rdseed speedups. +- Improved performance with Intel rdrand to use full 64-bit output +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Removed RNG ARC4 support +- Added ECC helpers to get size and id from curve name. +- Added ECC Cofactor DH (ECC-CDH) support +- Added ECC private key only import / export functions. +- Added PKCS8 create function +- Improvements to TLS layer CTX handling for switching keys / certs. +- Added check for duplicate certificate policy OID in certificates. +- Normal math speed-up to not allocate on mp_int and defer until mp_grow +- Reduce heap usage with fast math when not using ALT_ECC_SIZE +- Fixes for building CRL with Windows +- Added support for inline CRL lookup when HAVE_CRL_IO is defined +- Added port for tenAsys INtime RTOS +- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) +- Updated WPA Supplicant support +- Added support for Nginx +- Update stunnel port for version 5.40 +- Fixes for STM32 hardware crypto acceleration +- Extended test code coverage in bundled test.c +- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. +- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. + + +This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. + +3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. +- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. +- Fix for DH key accepted by wc_DhAgree when the key was malformed. +- Fix for a double free case when adding CA cert into X509_store. + +Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + +Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ + +Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) + +Release 3.10.2 of wolfSSL has bug fixes and new features including: + +- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro +- Compatibility layer expanded with multiple functions added +- Improve fp_copy performance with ALT_ECC_SIZE +- OCSP updates and improvements +- Fixes for IAR EWARM 8 compiler warnings +- Reduce stack usage with ECC_CACHE_CURVE disabled +- Added ECC export raw for public and private key +- Fix for NO_ASN_TIME build +- Supported curves extensions now populated by default +- Add DTLS build without big integer math +- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR +- Added PSK interoperability testing to script bundled with wolfSSL +- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) +- Fix for tests on unaligned memory with static memory feature +- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates +- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret +- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage + + +This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. + +Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. + +Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. + +Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +Release 3.9.10 of wolfSSL has bug fixes and new features including: + +- Default configure option changes: + 1. DES3 disabled by default + 2. ECC Supported Curves Extension enabled by default + 3. New option Extended Master Secret enabled by default +- Added checking CA certificate path length, and new test certs +- Fix to DSA pre padding and sanity check on R/S values +- Added CTX level RNG for single-threaded builds +- Intel RDSEED enhancements +- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 +- Arduino support updates +- Added the Extended Master Secret TLS extension + 1. Enabled by default in configure options, API to disable + 2. Added support for Extended Master Secret to sniffer +- OCSP fix with issuer key hash, lookup refactor +- Added support for Frosted OS +- Added support for DTLS over SCTP +- Added support for static memory with wolfCrypt +- Fix to ECC Custom Curve support +- Support for asynchronous wolfCrypt RSA and TLS client +- Added distribution build configure option +- Update the test certificates + +This release of wolfSSL fixes medium level security vulnerabilities. Fixes for +potential AES, RSA, and ECC side channel leaks is included that a local user +monitoring the same CPU core cache could exploit. VM users, hyper-threading +users, and users where potential attackers have access to the CPU cache will +need to update if they utilize AES, RSA private keys, or ECC private keys. +Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for +the report. More information will be available on our site: + + https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + +********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) + +Release 3.9.6 of wolfSSL has bug fixes and new features including: + +- Add staticmemory feature +- Add public wc_GetTime API with base64encode feature +- Add AES CMAC algorithm +- Add DTLS sessionexport feature +- Add python wolfCrypt wrapper +- Add ECC encrypt/decrypt benchmarks +- Add dynamic session tickets +- Add eccshamir option +- Add Whitewood netRandom support --with-wnr +- Add embOS port +- Add minimum key size checks for RSA and ECC +- Add STARTTLS support to examples +- Add uTasker port +- Add asynchronous crypto and wolf event support +- Add compile check for misc.c with inline +- Add RNG benchmark +- Add reduction to stack usage with hash-based RNG +- Update STM32F2_CRYPTO port with additional algorithms supported +- Update MDK5 projects +- Update AES-NI +- Fix for STM32 with STM32F2_HASH defined +- Fix for building with MinGw +- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) +- Fix certificate buffers github issue #422 +- Fix decrypt max size with RSA OAEP +- Fix DTLS sanity check with DTLS timeout notification +- Fix free of WOLFSSL_METHOD on failure to create CTX +- Fix memory leak in failure case with wc_RsaFunction (2) + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 +- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update +- Tag 3.9.6w is for a Windows example echoserver fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) + +Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) + +Release 3.8.0 of wolfSSL has bug fixes and new features including: + +- Example client/server with VxWorks +- AESNI use with AES-GCM +- Stunnel compatibility enhancements +- Single shot hash and signature/verify API added +- Update cavium nitrox port +- LPCXpresso IDE support added +- C# wrapper to support wolfSSL use by a C# program +- (BETA version)OCSP stapling added +- Update OpenSSH compatibility +- Improve DTLS handshake when retransmitting finished message +- fix idea_mult() for 16 and 32bit systems +- fix LowResTimer on Microchip ports + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) + +Release 3.7.0 of wolfSSL has bug fixes and new features including: + +- ALPN extension support added for HTTP2 connections with --enable-alpn +- Change of example/client/client max fragment flag -L -> -F +- Throughput benchmarking, added scripts/benchmark.test +- Sniffer API ssl_FreeDecodeBuffer added +- Addition of AES_GCM to Sniffer +- Sniffer change to handle unlimited decrypt buffer size +- New option for the sniffer where it will try to pick up decoding after a + sequence number acknowldgement fault. Also includes some additional stats. +- JNI API setter and getter function for jobject added +- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto +- fix to asn configuration bug +- AES-GCM/CCM fixes. +- Port for Rowley added +- Rowley Crossworks bare metal examples added +- MDK5-ARM project update +- FreeRTOS support updates. +- VXWorks support updates. +- Added the IDEA cipher and support in wolfSSL. +- Update wolfSSL website CA. +- CFLAGS is usable when configuring source. + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) + +Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also +includes bug fixes and new features including: + +- Two High level security fixes, all users SHOULD update. + a) If using wolfSSL for DTLS on the server side of a publicly accessible + machine you MUST update. + b) If using wolfSSL for TLS on the server side with private RSA keys allowing + ephemeral key exchange without low memory optimizations you MUST update and + regenerate the private RSA keys. + + Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details + +- No filesystem build fixes for various configurations +- Certificate generation now supports several extensions including KeyUsage, + SKID, AKID, and Certificate Policies +- CRLs can be loaded from buffers as well as files now +- SHA-512 Certificate Signing generation +- Fixes for sniffer reassembly processing + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) + +Release 3.6.6 of wolfSSL has bug fixes and new features including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freescale I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest + +See INSTALL file for build instructions. +More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +Release 3.6.0 of wolfSSL has bug fixes and new features including: + +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect + Forward Secrecy). With --enable-maxstrength +- Server side session ticket support, the example server and echoserver use the + example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() +- FIPS version submitted for iOS. +- TI Crypto Hardware Acceleration +- DTLS fragmentation fixes +- ECC key check validation with wc_ecc_check_key() +- 32bit code options to reduce memory for Curve25519 and Ed25519 +- wolfSSL JNI build switch with --enable-jni +- PicoTCP support improvements +- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() +- KEEP_PEER_CERT and AltNames can now be used together +- ChaCha20 big endian fix +- SHA-512 signature algorithm support for key exchange and verify messages +- ECC make key crash fix on RNG failure, ECC users must update. +- Improvements to usage of time code. +- Improvements to VS solution files. +- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, + to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 14, ecc RNG failure) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + + *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +Release 3.4.6 of wolfSSL has bug fixes and new features including: + +- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, + rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. + These speedup the use of RNG, SHA2, and public key algorithms. +- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples + in wolcrypt/test/test.c ed25519_test(). +- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes + of memory per secure connection including cipher state. +- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and + ctaocrypt headers which will enable the compatibility APIs for the + foreseeable future +- INSTALL file to help direct users to build instructions for their environment +- For ECC users with the normal math library a fix that prevents a crash when + verify signature fails. Users of 3.4.0 with ECC and the normal math library + must update +- RC4 is now disabled by default in autoconf mode +- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers + available without a switch +- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution +- DHE-PSK cipher suites can now be built without ASN or Cert support +- Fix some NO MD5 build issues with optional features +- Freescale CodeWarrior project updates +- ECC curves can be individually turned on/off at build time. +- Sniffer handles Cert Status message and other minor fixes +- SetMinVersion() at the wolfSSL Context level instead of just SSL session level + to allow minimum protocol version allowed at runtime +- RNG failure resource cleanup fix + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 6 use case of ecc/normal math) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + + *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) + +Release 3.4.0 wolfSSL has bug fixes and new features including: + +- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt + headers which will enable the compatibility APIs for the foreseeable future +- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c +- Example use of the wolfSSL API can be found in examples/client/client.c +- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon +- Improvements in the build configuration under AIX +- Microchip Pic32 MZ updates +- TIRTOS updates +- PowerPC updates +- Xcode project update +- Bidirectional shutdown examples in client/server with -w (wait for full + shutdown) option +- Cycle counts on benchmarks for x86_64, more coming soon +- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA + keys +- Various compile warnings +- Scan-build warning fixes +- Changed a memcpy to memmove in the sniffer (if using sniffer please update) +- No high level security fixes that requires an update though we always + recommend updating to the latest + + + ***********CyaSSL Release 3.3.0 (12/05/2014) + +- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without + FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from + the Prosecco team at INRIA Paris-Rocquencourt for the report. +- FIPS version submitted +- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED +- User can set minimum downgrade version with CyaSSL_SetMinVersion() +- Small stack improvements at TLS/SSL layer +- TLS Master Secret generation and Key Expansion are now exposed +- Adds client side Secure Renegotiation, * not recommended * +- Client side session ticket support, not fully tested with Secure Renegotiation +- Allows up to 4096bit DHE at TLS Key Exchange layer +- Handles non standard SessionID sizes in Hello Messages +- PicoTCP Support +- Sniffer now supports SNI Virtual Hosts +- Sniffer now handles non HTTPS protocols using STARTTLS +- Sniffer can now parse records with multiple messages +- TI-RTOS updates +- Fix for ColdFire optimized fp_digit read only in explicit 32bit case +- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +***********CyaSSL Release 3.2.0 (09/10/2014) + +Release 3.2.0 CyaSSL has bug fixes and new features including: + +- ChaCha20 and Poly1305 crypto and suites +- Small stack improvements for OCSP, CRL, TLS, DTLS +- NTRU Encrypt and Decrypt benchmarks +- Updated Visual Studio project files +- Updated Keil MDK5 project files +- Fix for DTLS sequence numbers with GCM/CCM +- Updated HashDRBG with more secure struct declaration +- TI-RTOS support and example Code Composer Studio project files +- Ability to get enabled cipher suites, CyaSSL_get_ciphers() +- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU +- Sniffer improvement checking for decrypt key setup +- Support for raw ECC key import +- Ability to convert ecc_key to DER, EccKeyToDer() +- Security fix for RSA Padding check vulnerability reported by Intel Security + Advanced Threat Research team + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.1.0 (07/14/2014) + +Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.2 (05/30/2014) + +Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 3.0.0 (04/29/2014) + +Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 2.9.4 (04/09/2014) + +Release 2.9.4 CyaSSL has bug fixes and new features including: + +- Security fixes that address items reported by Ivan Fratric of the Google + Security Team +- X.509 Unknown critical extensions treated as errors, report by Suman Jana with + security researchers at UT Austin and UC Davis +- Sniffer fixes for corrupted packet length and Jumbo frames +- ARM thumb mode assembly fixes +- Xcode 5.1 support including new clang +- PIC32 MZ hardware support +- CyaSSL Object has enough room to read the Record Header now w/o allocs +- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. +- A sample I/O pool is demonstrated with --enable-iopool to overtake memory + handling and reduce memory fragmentation on I/O large sizes + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************ CyaSSL Release 2.9.0 (02/07/2014) + +Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support +- TLS Hello extensions + - ECC + - Secure Renegotiation (null) + - Truncated HMAC +- SCEP support + - PKCS #7 Enveloped data and signed data + - PKCS #10 Certificate Signing Request generation +- DTLS sliding window +- OCSP Improvements + - API change to integrate into Certificate Manager + - IPv4/IPv6 agnostic + - example client/server support for OCSP + - OCSP nonces are optional +- GMAC hashing +- Windows build additions +- Windows CYGWIN build fixes +- Updated test certificates +- Microchip MPLAB Harmony support +- Update autoconf scripts +- Additional X.509 inspection functions +- ECC encrypt/decrypt primitives +- ECC Certificate generation + +The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the +K53 Sub-Family Reference Manual: +http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf + +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + + +*****************CyaSSL Release 2.8.0 (8/30/2013) + +Release 2.8.0 CyaSSL has bug fixes and new features including: +- AES-GCM and AES-CCM use AES-NI +- NetX default IO callback handlers +- IPv6 fixes for DTLS Hello Cookies +- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() +- SEP certificate extensions +- Callback getters for easier resource freeing +- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing +- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing +- Public Key Callbacks for ECC and RSA +- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +*****************CyaSSL Release 2.7.0 (6/17/2013) + +Release 2.7.0 CyaSSL has bug fixes and new features including: +- SNI support for client and server +- KEIL MDK-ARM projects +- Wildcard check to domain name match, and Subject altnames are checked too +- Better error messages for certificate verification errors +- Ability to discard session during handshake verify +- More consistent error returns across all APIs +- Ability to unload CAs at the CTX or CertManager level +- Authority subject id support for Certificate matching +- Persistent session cache functionality +- Persistent CA cache functionality +- Client session table lookups to push serverID table to library level +- Camellia support to sniffer +- User controllable settings for DTLS timeout values +- Sniffer fixes for caching long lived sessions +- DTLS reliability enhancements for the handshake +- Better ThreadX support + +When compiling with Mingw, libtool may give the following warning due to +path conversion errors: + +libtool: link: Could not determine host file name corresponding to ** +libtool: link: Continuing, but uninstalled executables may not work. + +If so, examples and testsuite will have problems when run, showing an +error while loading shared libraries. To resolve, please run "make install". + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +************** CyaSSL Release 2.6.0 (04/15/2013) + +Release 2.6.0 CyaSSL has bug fixes and new features including: +- DTLS 1.2 support including AEAD ciphers +- SHA-3 finalist Blake2 support, it's fast and uses little resources +- SHA-384 cipher suites including ECC ones +- HMAC now supports SHA-512 +- Track memory use for example client/server with -t option +- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were + turned on, localhost only was used. Now link-local (with scope ids) and ipv6 + hosts can be used as well. +- Xcode v4.6 project for iOS v6.1 update +- settings.h is now checked in all *.c files for true one file setting detection +- Better alignment at SSL layer for hardware crypto alignment needs + * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and + 13 bytes DTLS headers, but every effort is now made to align with the + CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement +- NO_64BIT flag to turn off 64bit data type accumulators in public key code + * Note, some systems are faster with 32bit accumulators +- --enable-stacksize for example client/server stack use + * Note, modern desktop Operating Systems may add bytes to each stack frame +- Updated compression/decompression with direct crypto access +- All ./configure options are now lowercase only for consistency +- ./configure builds default to fastmath option + * Note, if on ia32 and building in shared mode this may produce a problem + with a missing register being available because of PIC, there are at least + 6 solutions to this: + 1) --disable-fastmath , don't use fastmath + 2) --disable-shared, don't build a shared library + 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use + 4) use clang, it just seems to work + 5) play around with no PIC options to force all registers being open, + e.g, --without-pic + 6) if static lib is still a problem try removing fPIE +- Many new ./configure switches for option enable/disable for example + * rsa + * dh + * dsa + * md5 + * sha + * arc4 + * null (allow NULL ciphers) + * oldtls (only use TLS 1.2) + * asn (no certs or public keys allowed) +- ./configure generates cyassl/options.h which allows a header the user can + include in their app to make sure the same options are set at the app and + CyaSSL level. +- autoconf no longer needs serial-tests which lowers version requirements of + automake to 1.11 and autoconf to 2.63 + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************** CyaSSL Release 2.5.0 (02/04/2013) + +Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is partial and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + +CyaSSL is able to use the STM32F2 hardware-based cryptography and random number +generator through the STM32F2 Standard Peripheral Library. For necessary +defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the +STM32F2 Standard Peripheral Library can be found in the following document: +http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +*************** CyaSSL Release 2.4.6 (12/20/2012) + +Release 2.4.6 CyaSSL has bug fixes and a few new features including: +- ECC into main version +- Lean PSK build (reduced code size, RAM usage, and stack usage) +- FreeBSD CRL monitor support +- CyaSSL_peek() +- CyaSSL_send() and CyaSSL_recv() for I/O flag setting +- CodeWarrior Support +- MQX Support +- Freescale Kinetis support including Hardware RNG +- autoconf builds use jobserver +- cyassl-config +- Sniffer memory reductions + +Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, +warning system, and general good ideas for improving CyaSSL! + +The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the +K70 Sub-Family Reference Manual: +http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +*************** CyaSSL Release 2.4.0 (10/10/2012) + +Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +*************** CyaSSL Release 2.3.0 (8/10/2012) + +Release 2.3.0 CyaSSL has bug fixes and a few new features including: +- AES-GCM crypto and cipher suites +- make test cipher suite checks +- Subject AltName processing +- Command line support for client/server examples +- Sniffer SessionTicket support +- SHA-384 cipher suites +- Verify cipher suite validity when user overrides +- CRL dir monitoring +- DTLS Cookie support, reliability coming soon + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +***************CyaSSL Release 2.2.0 (5/18/2012) + +Release 2.2.0 CyaSSL has bug fixes and a few new features including: +- Initial CRL support (--enable-crl) +- Initial OCSP support (--enable-ocsp) +- Add static ECDH suites +- SHA-384 support +- ECC client certificate support +- Add medium session cache size (1055 sessions) +- Updated unit tests +- Protection against mutex reinitialization + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +***************CyaSSL Release 2.0.8 (2/24/2012) + +Release 2.0.8 CyaSSL has bug fixes and a few new features including: +- A fix for malicious certificates pointed out by Remi Gacogne (thanks) + resulting in NULL pointer use. +- Respond to renegotiation attempt with no_renegoatation alert +- Add basic path support for load_verify_locations() +- Add set Temp EC-DHE key size +- Extra checks on rsa test when porting into + + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.6 (1/27/2012) + +Release 2.0.6 CyaSSL has bug fixes and a few new features including: +- Fixes for CA basis constraint check +- CTX reference counting +- Initial unit test additions +- Lean and Mean Windows fix +- ECC benchmarking +- SSMTP build support +- Ability to group handshake messages with set_group_messages(ctx/ssl) +- CA cache addition callback +- Export Base64_Encode for general use + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.2 (12/05/2011) + +Release 2.0.2 CyaSSL has bug fixes and a few new features including: +- CTaoCrypt Runtime library detection settings when directly using the crypto + library +- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation +- All test certificates now use 2048bit and SHA-1 for better modern browser + support +- Direct AES block access and AES-CTR (counter) mode +- Microchip pic32 support + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +************* CyaSSL Release 2.0.0rc3 (9/28/2011) + +Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +- updated autoconf support +- better make install and uninstall (uses system directories) +- make test / make check +- CyaSSL headers now in +- CTaocrypt headers now in +- OpenSSL compatibility headers now in +- examples and tests all run from home directory so can use certs in ./certs + (see note 1) + +So previous applications that used the OpenSSL compatibility header + now need to include instead, no other +changes are required. + +Special Thanks to Brian Aker for his autoconf, install, and header patches. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +************CyaSSL Release 2.0.0rc2 (6/6/2011) + +Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +- bug fixes (Alerts, DTLS with DHE) +- FreeRTOS support +- lwIP support +- Wshadow warnings removed +- asn public header +- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being + updated to reflect this change) +- and more. + +This is the 2nd and perhaps final release candidate for version 2. +Please send any comments or questions to support@wolfssl.com. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +***********CyaSSL Release 2.0.0rc1 (5/2/2011) + +Release 2.0.0rc1 for CyaSSL has many new features including: +- bug fixes +- SHA-256 cipher suites +- Root Certificate Verification (instead of needing all certs in the chain) +- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) +- Serial number retrieval for x509 +- PBKDF2 and PKCS #12 PBKDF +- UID parsing for x509 +- SHA-256 certificate signatures +- Client and server can send chains (SSL_CTX_use_certificate_chain_file) +- CA loading can now parse multiple certificates per file +- Dynamic memory runtime hooks +- Runtime hooks for logging +- EDH on server side +- More informative error codes +- More informative logging messages +- Version downgrade more robust (use SSL_v23*) +- Shared build only by default through ./configure +- Compiler visibility is now used, internal functions not polluting namespace +- Single Makefile, no recursion, for faster and simpler building +- Turn on all warnings possible build option, warning fixes +- and more. + +Because of all the new features and the multiple OS, compiler, feature-set +options that CyaSSL allows, there may be some configuration fixes needed. +Please send any comments or questions to support@wolfssl.com. + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +****************** CyaSSL Release 1.9.0 (3/2/2011) + +Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and +better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, +improper AES key setup detection, user cert verify callback improvements, and +more. + +The CyaSSL manual offering is included in the doc/ directory. For build +instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@wolfssl.com. + +****************** CyaSSL Release 1.8.0 (12/23/2010) + +Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate +generation, a C standard library abstraction layer, lower memory use, increased +portability through the os_settings.h file, and the ability to use NTRU cipher +suites when used in conjunction with an NTRU license and library. + +The initial CyaSSL manual offering is included in the doc/ directory. For +build instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@wolfssl.com. + +Happy Holidays. + + +********************* CyaSSL Release 1.6.5 (9/9/2010) + +Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To enable certificate generation support add this option to ./configure +./configure --enable-certgen + +An example is included in ctaocrypt/test/test.c and documentation is provided +in doc/CyaSSL_Extensions_Reference.pdf item 11. + +********************** CyaSSL Release 1.6.0 (8/27/2010) + +Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add RIPEMD-160 support add this option to ./configure +./configure --enable-ripemd + +To add SHA-512 support add this option to ./configure +./configure --enable-sha512 + +To add RSA key generation support add this option to ./configure +./configure --enable-keygen + +Please see ctaocrypt/test/test.c for examples and usage. + +For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is +off by default. To turn key generation on add the define CYASSL_KEY_GEN to +CyaSSL. + + +************* CyaSSL Release 1.5.6 (7/28/2010) + +Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, +and a fix for GCC builds on some systems. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +************** CyaSSL Release 1.5.4 (7/7/2010) + +Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed +improvements from loop unrolling, and support for the Mongoose Web Server. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +*************** CyaSSL Release 1.5.0 (5/11/2010) + +Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer +support, and initial swig interface support. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add support for GoAhead WebServer either --enable-opensslExtra or if you +don't want all the features of opensslExtra you can just define GOAHEAD_WS +instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or +you can define it yourself. + +To look at the sniffer support please see the sniffertest app in +sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the +vcproj files on windows. You'll need to have pcap installed on *nix and +WinPcap on windows. + +A swig interface file is now located in the swig directory for using Python, +Java, Perl, and others with CyaSSL. This is initial support and experimental, +please send questions or comments to support@wolfssl.com. + +When doing load testing with CyaSSL, on the echoserver example say, the client +machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT +queue, and can't be reused by default. There are generally two ways to fix +this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow +items on the TIME_WAIT queue to be reused. + + +To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) + +sudo sysctl -w net.inet.tcp.msl=3000 + +In Linux + +sudo sysctl -w net.ipv4.tcp_tw_reuse=1 + +allows reuse of sockets in TIME_WAIT + +sudo sysctl -w net.ipv4.tcp_tw_recycle=1 + +works but seems to remove sockets from TIME_WAIT entirely? + +sudo sysctl -w net.ipv4.tcp_fin_timeout=1 + +doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts + + +******************** CyaSSL Release 1.4.0 (2/18/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support +through SSLv23_server_method(), and improved documentation in the doc/ folder. + +For general build instructions doc/Building_CyaSSL.pdf. + +******************** CyaSSL Release 1.3.0 (1/21/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, +better porting support, removal of assert()s, and a complete THREADX port. + +For general build instructions see rc1 below. + +******************** CyaSSL Release 1.2.0 (11/2/2009) + +Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is +read or write. + +For general build instructions see rc1 below. + +******************** CyaSSL Release 1.1.0 (9/2/2009) + +Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session +cache use, support for lighttpd, and TLS 1.2. + +To get TLS 1.2 support please use the client and server functions: + +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); + +CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with +lighttpd use the following commands from the CyaSSL install dir : + +./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib + +make +make openssl-links + +Then to build lighttpd with CyaSSL use the following commands from the +lighttpd install dir: + +./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm + +make + +On some systems you may get a linker error about a duplicate symbol for +MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file +md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. +When liblightcomp is linked with the SSL_LIBs the linker may complain about +the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c +and adding this line to the beginning of the file: + +#if 0 + +and this line to the end of the file + +#endif + +Then from the lighttpd src dir do a: + +make clean +make + + +If you get link errors about undefined symbols more than likely the actual +OpenSSL libraries are found by the linker before the CyaSSL openssl-links that +point to the CyaSSL library, causing the linker confusion. This can be fixed +by editing the Makefile in the lighttpd src directory and changing the line: + +SSL_LIB = -lssl -lcrypto + +to + +SSL_LIB = -lcyassl + +Then from the lighttpd src dir do a: + +make clean +make + +This should remove any confusion the linker may be having with missing symbols. + +For any questions or concerns please contact support@wolfssl.com . + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.6 (8/03/2009) + +Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster +math with a huge code option. + +The session cache now defaults to a client mode, also good for embedded servers. +For servers not under heavy load (less than 200 new sessions per minute), define +BIG_SESSION_CACHE. If the server will be under heavy load, define +HUGE_SESSION_CACHE. + +There is now a fasthugemath option for configure. This enables fastmath plus +even faster math by greatly increasing the code size of the math library. Use +the benchmark utility to compare public key operations. + + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.3 (5/10/2009) + +Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL +compatibility when building other applications. + +Release 1.0.3 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +******************CyaSSL Release 1.0.2 (4/3/2009) + +Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems +will send a SIGPIPE on socket recv() at any time and this should be handled by +the application by turning off SIGPIPE through setsockopt() or returning from +the handler. + +Release 1.0.2 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) + + +Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for +iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root +directory. This release also includes a fix for supporting other +implementations that bundle multiple messages at the record layer, this was +lost when cyassl i/o was re-implemented but is now fixed. + +For general build instructions see rc1 below. + +*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) + + +Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream +ciphers along with their respective cipher suites. CyaSSL adds support for +HC-128 and RABBIT stream ciphers. The new suites are: + +TLS_RSA_WITH_HC_128_SHA +TLS_RSA_WITH_RABBIT_SHA + +And the corresponding cipher names are + +HC128-SHA +RABBIT-SHA + +CyaSSL also adds support for building with devkitPro for PPC by changing the +library proper to use libogc. The examples haven't been changed yet but if +there's interest they can be. Here's an example ./configure to build CyaSSL +for devkitPro: + +./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" + +For linking purposes you'll need + +LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" + +For general build instructions see rc1 below. + + +********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) + + +Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several +areas have optimization improvements, less dynamic memory use, and the I/O +strategy has been refactored to allow alternate I/O handling or Library use. +Many thanks to Thierry Fournier for providing these ideas and most of the work. + +Because of these changes, this release is only a candidate since some problems +are probably inevitable on some platform with some I/O use. Please report any +problems and we'll try to resolve them as soon as possible. You can contact us +at support@wolfssl.com or todd@wolfssl.com. + +Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly +on some platforms. This is new so please report any problems as every compiler, +mode, OS combination hasn't been tested. On ia32 all of the registers need to +be available so be sure to pass these options to CFLAGS: + +CFLAGS="-O3 -fomit-frame-pointer" + +OS X will also need -mdynamic-no-pic added to CFLAGS + +Also if you're building in shared mode for ia32 you'll need to pass options to +LDFLAGS as well on OS X: + +LDFLAGS=-Wl,-read_only_relocs,warning + +This gives warnings for some symbols but seems to work. + + +--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +--To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + + + +*************************CyaSSL version 0.9.9 (7/25/2008) + +This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory +handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the +work on TomsFastMath. + +To optionally use TomsFastMath pass --enable-fastmath to ./configure +Or define USE_FAST_MATH in each project from CyaSSL for MSVC. + +Please use the benchmark routine before and after to see the performance +difference, on some platforms the gains will be little but RSA encryption +always seems to be faster. On x86-64 machines with GCC the normal math library +may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't +yet use -m64 because of GCCs inability to do 128bit division. + + **** UPDATE GCC 4.2.1 can now do 128bit division *** + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.8 (5/7/2008) + +This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better +socket handling. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.6 (1/31/2008) + +This release of CyaSSL adds bug fixes, increased session management, and a fix +for gnutls. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.9.0 (10/15/2007) + +This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, +IPV6 support and test, and new test certificates. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.8.0 (1/10/2007) + +This release of CyaSSL adds increased socket support, for non-blocking writes, +connects, and interrupted system calls. + +See notes below (0.2.0) for complete build instructions. + + +****************CyaSSL version 0.6.3 (10/30/2006) + +This release of CyaSSL adds debug logging to stderr to aid in the debugging of +CyaSSL on systems that may not provide the best support. + +If CyaSSL is built with debugging support then you need to call +CyaSSL_Debugging_ON() to turn logging on. + +On Unix use ./configure --enable-debug + +On Windows define DEBUG_CYASSL when building CyaSSL + + +To turn logging back off call CyaSSL_Debugging_OFF() + +See notes below (0.2.0) for complete build instructions. + + +*****************CyaSSL version 0.6.2 (10/29/2006) + +This release of CyaSSL adds TLS 1.1. + +Note that CyaSSL has certificate verification on by default, unlike OpenSSL. +To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with +SSL_VERIFY_NONE. In order to have full security you should never do this, +provide CyaSSL with the proper certificates to eliminate impostors and call +CyaSSL_check_domain_name() to prevent man in the middle attacks. + +See notes below (0.2.0) for build instructions. + +*****************CyaSSL version 0.6.0 (10/25/2006) + +This release of CyaSSL adds more SSL functions, better autoconf, nonblocking +I/O for accept, connect, and read. There is now an --enable-small configure +option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in +for the defines. Note that TLS requires HMAC and AES requires TLS. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.5.5 (09/27/2006) + +This mini release of CyaSSL adds better input processing through buffered input +and big message support. Added SSL_pending() and some sanity checks on user +settings. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.5.0 (03/27/2006) + +This release of CyaSSL adds AES support and minor bug fixes. + +See notes below (0.2.0) for build instructions. + + +*****************CyaSSL version 0.4.0 (03/15/2006) + +This release of CyaSSL adds TLSv1 client/server support and libtool. + +See notes below for build instructions. + + +*****************CyaSSL version 0.3.0 (02/26/2006) + +This release of CyaSSL adds SSLv3 server support and session resumption. + +See notes below for build instructions. + + +*****************CyaSSL version 0.2.0 (02/19/2006) + + +This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL +is written in ANSI C with the idea of a small code size, footprint, and memory +usage in mind. CTaoCrypt can be as small as 32K, and the current client +version of CyaSSL can be as small as 12K. + + +The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer +Support, RSA, ASN parsing, and basic x509 (en/de)coding. + +The first release of CyaSSL supports normal client RSA mode SSLv3 connections +with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. + + +--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +--To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + +*** The next release of CyaSSL will support a server and more OpenSSL +compatibility functions. + + +Please send questions or comments to todd@wolfssl.com + + diff --git a/NEWS.md b/NEWS.md new file mode 100644 index 0000000000..d3f0a8f3da --- /dev/null +++ b/NEWS.md @@ -0,0 +1,1908 @@ +# wolfSSL Release 3.15.0 (05/01/2018) + +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: + +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Improved downgrade support for TLS 1.3. +* Improved TLS 1.3 support from interoperability testing. +* Single Precision assembly code added for ARM and 64-bit ARM. +* Improved performance for Single Precision maths on 32-bit. +* Allow TLS 1.2 to be compiled out. +* Ed25519 support in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Add FIPS SGX support. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL Release 3.14.0 (03/02/2018) + +Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: + +* TLS 1.3 draft 22 and 23 support added +* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM +* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations +* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 +* Added i.MX CAAM driver support with Integrity OS support +* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size +* Fix for signature type detection with PKCS7 RSA SignedData +* Public key call back functions added for DH Agree +* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) +* API added for importing and exporting raw DSA parameters +* Updated DSA key generation to be FIPS 186-4 compliant +* Fix for wolfSSL_check_private_key when comparing ECC keys +* Support for AES Cipher Feedback(CFB) mode added +* Updated RSA key generation to be FIPS 186-4 compliant +* Update added for the ARM CMSIS software pack +* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools +* Performance improvements for AES-GCM with AVX1 and AVX2 +* Fix for possible memory leak on error case with wc_RsaKeyToDer function +* Make wc_PKCS7_PadData function available +* Updates made to building SGX on Linux +* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported +* Update static memory feature for FREERTOS use +* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key +* Update NGINX port to version 1.13.8 +* Support for HMAC-SHA3 added +* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. +* Option to have ecc_mul2add function public facing +* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes +* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time +* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation +* Support for indefinite length BER encodings in PKCS7 +* Added API for additional validation of prime q in a public DH key +* Added support for RSA encrypt and decrypt without padding + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +* Fixes for TLS 1.3, support for Draft 21 +* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option +* New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +* New option for memory reduced build (--enable-lowresource) +* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +* SHA-3 size and performance optimizations +* Fixes for Intel AVX2 builds on Mac/OSX +* Intel assembly for Curve25519, and Ed25519 performance optimizations +* New option to force 32-bit mode with “--enable-32bit” +* New option to disable all inline assembly with “--disable-asm” +* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +* Fixes for handling of unsupported TLS extensions. +* Fixes for compiling AES-GCM code with GCC 4.8.* +* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +* Fixes for building without a filesystem +* Removes 3DES and SHA1 dependencies from PKCS#7 +* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +* Add ability to get client-side SNI +* Expanded OpenSSL compatibility layer +* Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +* Adds static memory support to the wolfSSL example client +* Fixes for sniffer to use TLS 1.2 client method +* Adds option to wolfCrypt benchmark to benchmark individual algorithms +* Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +* Updated Texas Instruments TI-RTOS build +* Updated STM32 CubeMX build with fixes for SHA +* Updated IAR EWARM project files +* Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) + +## Release 3.12.2 of wolfSSL has bug fixes and new features including: + +This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. + +* Added TLS extension for Supported Point Formats (ec_point_formats) +* Fix to not send OCSP stapling extensions in client_hello when not enabled +* Added new API's for disabling OCSP stapling +* Add check for SIZEOF_LONG with sun and LP64 +* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). +* Fix to disallow upgrading to TLS v1.3 +* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. +* Add HMAC benchmark and expanded AES key size benchmarks +* Added simple GCC ARM Makefile example +* Add tests for 3072-bit RSA and DH. +* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 +* Fixes to allow custom serial number during certificate generation +* Add method to get WOLFSSL_CTX certificate manager +* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object +* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. +* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). +* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. +* Fixes for HAVE_INTEL_MULX +* Cleanup include paths for MySQL cmake build +* Added configure option for building library for wolfSSH (--enable-wolfssh) +* Openssl compatibility layer improvements +* Expanded API unit tests +* Fixes for STM32 crypto hardware acceleration +* Added AES XTS mode (--enable-xts) +* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). +* Math updates and added TFM_MIPS speedup. +* Fix for creation of the KeyUsage BitString +* Fix for 8k keys with MySQL compatibility +* Fixes for ATECC508A. +* Fixes for PIC32MZ hashing. +* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. +* Update HASH_DRBG Reseed mechanism and add test case +* Rename the file io.h/io.c to wolfio.h/wolfio.c +* Cleanup the wolfIO_Send function. +* OpenSSL Compatibility Additions and Fixes +* Improvements to Visual Studio DLL project/solution. +* Added function to generate public ECC key from private key +* Added async blocking support for sniffer tool. +* Added wolfCrypt hash tests for empty string and large data. +* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. +* Updated Micrium uC/OS-III Port +* Updated root certs for OCSP scripts +* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. +* Speedups for AES GCM with AESNI (--enable-aesni) +* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 + + +# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) + +## Release 3.12.0 of wolfSSL has bug fixes and new features including: + +- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) +- TLS 1.3 0RTT feature added +- Added port for using Intel SGX with Linux +- Update and fix PIC32MZ port +- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 +- AVX and AVX2 assembly for improved ChaCha20 performance +- Intel QAT fixes for when using --disable-fastmath +- Update how DTLS handles decryption and MAC failures +- Update DTLS session export version number for --enable-sessionexport feature +- Add additional input argument sanity checks to ARMv8 assembly port +- Fix for making PKCS12 dynamic types match +- Fixes for potential memory leaks when using --enable-fast-rsa +- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test +- Update TI-RTOS port for dependency on new wolfSSL source files +- DTLS multicast feature added, --enable-mcast +- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist +- Improvements and enhancements to Intel QuickAssist support +- Added Xilinx port +- Added SHA3 Keccak feature, --enable-sha3 +- Expand wolfSSL Python wrapper to now include a client side implementation +- Adjust example servers to not treat a peer closed error as a hard error +- Added more sanity checks to fp_read_unsigned_bin function +- Add SHA224 and AES key wrap to ARMv8 port +- Update MQX classics and mmCAU ports +- Fix for potential buffer over read with wolfSSL_CertPemToDer +- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber +- Fix ThreadX/NetX warning +- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP +- Added RSA PSS sign and verify +- Fix for STM32F4 AES-GCM +- Added enable all feature (--enable-all) +- Added trackmemory feature (--enable-trackmemory) +- Fixes for AES key wrap and PKCS7 on Windows VS +- Added benchmark block size argument +- Support use of staticmemory with PKCS7 +- Fix for Blake2b build with GCC 5.4 +- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. +- Added warning when compiling without hardened math operations + + +Note: +There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. +If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. + +This release of wolfSSL fixes 1 low level security vulnerability. + +Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) + +## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: + +- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support + +This is strictly a BETA release, and designed for testing and user feedback. +Please send any comments, testing results, or feedback to wolfSSL at +support@wolfssl.com. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) + +## Release 3.11.0 of wolfSSL has bug fixes and new features including: + +- Code updates for warnings reported by Coverity scans +- Testing and warning fixes for FreeBSD on PowerPC +- Updates and refactoring done to ASN1 parsing functions +- Change max PSK identity buffer to account for an identity length of 128 characters +- Update Arduino script to handle recent files and additions +- Added support for PKCS#7 Signed Data with ECDSA +- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions +- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. +- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) +- Added support for HAproxy load balancer +- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) +- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types +- Fix to not send session ID on server side if session cache is off unless we're echoing +session ID as part of session tickets +- Fixes for ensuring all default ciphers are setup correctly (see PR #830) +- Added NXP Hexiwear example in `IDE/HEXIWEAR`. +- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access +- Fixes for TLS elliptic curve selection on private key import. +- Fixes for RNG with Intel rdrand and rdseed speedups. +- Improved performance with Intel rdrand to use full 64-bit output +- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source +- Removed RNG ARC4 support +- Added ECC helpers to get size and id from curve name. +- Added ECC Cofactor DH (ECC-CDH) support +- Added ECC private key only import / export functions. +- Added PKCS8 create function +- Improvements to TLS layer CTX handling for switching keys / certs. +- Added check for duplicate certificate policy OID in certificates. +- Normal math speed-up to not allocate on mp_int and defer until mp_grow +- Reduce heap usage with fast math when not using ALT_ECC_SIZE +- Fixes for building CRL with Windows +- Added support for inline CRL lookup when HAVE_CRL_IO is defined +- Added port for tenAsys INtime RTOS +- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) +- Updated WPA Supplicant support +- Added support for Nginx +- Update stunnel port for version 5.40 +- Fixes for STM32 hardware crypto acceleration +- Extended test code coverage in bundled test.c +- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. +- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. + +This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. + +3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. +- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. +- Fix for DH key accepted by wc_DhAgree when the key was malformed. +- Fix for a double free case when adding CA cert into X509_store. + +Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. + + +Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ + +Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. + + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) + +## Release 3.10.2 of wolfSSL has bug fixes and new features including: + +- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro +- Compatibility layer expanded with multiple functions added +- Improve fp_copy performance with ALT_ECC_SIZE +- OCSP updates and improvements +- Fixes for IAR EWARM 8 compiler warnings +- Reduce stack usage with ECC_CACHE_CURVE disabled +- Added ECC export raw for public and private key +- Fix for NO_ASN_TIME build +- Supported curves extensions now populated by default +- Add DTLS build without big integer math +- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR +- Added PSK interoperability testing to script bundled with wolfSSL +- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) +- Fix for tests on unaligned memory with static memory feature +- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates +- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret +- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage + + +This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. + +Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. + +Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. + +Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) + +## Release 3.10.0 of wolfSSL has bug fixes and new features including: + +- Added support for SHA224 +- Added scrypt feature +- Build for Intel SGX use, added in directory IDE/WIN-SGX +- Fix for ChaCha20-Poly1305 ECDSA certificate type request +- Enhance PKCS#7 with ECC enveloped data and AES key wrap support +- Added support for RIOT OS +- Add support for parsing PKCS#12 files +- ECC performance increased with custom curves +- ARMv8 expanded to AArch32 and performance increased +- Added ANSI-X9.63-KDF support +- Port to STM32 F2/F4 CubeMX +- Port to Atmel ATECC508A board +- Removed fPIE by default when wolfSSL library is compiled +- Update to Python wrapper, dropping DES and adding wc_RSASetRNG +- Added support for NXP K82 hardware acceleration +- Added SCR client and server verify check +- Added a disable rng option with autoconf +- Added more tests vectors to test.c with AES-CTR +- Updated DTLS session export version number +- Updated DTLS for 64 bit sequence numbers +- Fix for memory management with TI and WOLFSSL_SMALL_STACK +- Hardening RSA CRT to be constant time +- Fix uninitialized warning with IAR compiler +- Fix for C# wrapper example IO hang on unexpected connection termination + + +This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) + +## Release 3.9.10 of wolfSSL has bug fixes and new features including: + +- Default configure option changes: + 1. DES3 disabled by default + 2. ECC Supported Curves Extension enabled by default + 3. New option Extended Master Secret enabled by default +- Added checking CA certificate path length, and new test certs +- Fix to DSA pre padding and sanity check on R/S values +- Added CTX level RNG for single-threaded builds +- Intel RDSEED enhancements +- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 +- Arduino support updates +- Added the Extended Master Secret TLS extension + 1. Enabled by default in configure options, API to disable + 2. Added support for Extended Master Secret to sniffer +- OCSP fix with issuer key hash, lookup refactor +- Added support for Frosted OS +- Added support for DTLS over SCTP +- Added support for static memory with wolfCrypt +- Fix to ECC Custom Curve support +- Support for asynchronous wolfCrypt RSA and TLS client +- Added distribution build configure option +- Update the test certificates + +This release of wolfSSL fixes medium level security vulnerabilities. Fixes for +potential AES, RSA, and ECC side channel leaks is included that a local user +monitoring the same CPU core cache could exploit. VM users, hyper-threading +users, and users where potential attackers have access to the CPU cache will +need to update if they utilize AES, RSA private keys, or ECC private keys. +Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for +the report. More information will be available on our site: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html + + +# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) + +##Release 3.9.8 of wolfSSL has bug fixes and new features including: + +- Add support for custom ECC curves. +- Add cipher suite ECDHE-ECDSA-AES128-CCM. +- Add compkey enable option. This option is for compressed ECC keys. +- Add in the option to use test.h without gettimeofday function using the macro + WOLFSSL_USER_CURRTIME. +- Add RSA blinding for private key operations. Enable option of harden which is + on by default. This negates timing attacks. +- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. +- Add helper functions for static memory option to allow getting optimum buffer + sizes. +- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. +- Update fp_isprime function from libtom enchancement/cleanup repository. +- Update sanity checks on inputs and return values for AES-CMAC. +- Update wolfSSL for use with MYSQL v5.6.30. +- Update LPCXpresso eclipse project to not include misc.c when not needed. +- Fix retransmit of last DTLS flight with timeout notification. The last flight + is no longer retransmitted on timeout. +- Fixes to some code in math sections for compressed ECC keys. This includes + edge cases for buffer size on allocation and adjustments for compressed curves + build. The code and full list can be found on github with pull request #456. +- Fix function argument mismatch for build with secure renegotiation. +- X.509 bug fixes for reading in malformed certificates, reported by researchers + at Columbia University +- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning + produced by GCC 6 trying to determine the intent of code. +- Fixes for static memory option. Including avoid potential race conditions with + counters, decrement handshake counter correctly. +- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a + possible buffer corruption. For information and code see pull request #481. + + +- One high level security fix that requires an update for use with static RSA + cipher suites was submitted. This fix was the addition of RSA blinding for + private RSA operations. We recommend servers who allow static RSA cipher + suites to also generate new private RSA keys. Static RSA cipher suites are + turned off by default. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) + +##Release 3.9.6 of wolfSSL has bug fixes and new features including: + +- Add staticmemory feature +- Add public wc_GetTime API with base64encode feature +- Add AES CMAC algorithm +- Add DTLS sessionexport feature +- Add python wolfCrypt wrapper +- Add ECC encrypt/decrypt benchmarks +- Add dynamic session tickets +- Add eccshamir option +- Add Whitewood netRandom support --with-wnr +- Add embOS port +- Add minimum key size checks for RSA and ECC +- Add STARTTLS support to examples +- Add uTasker port +- Add asynchronous crypto and wolf event support +- Add compile check for misc.c with inline +- Add RNG benchmark +- Add reduction to stack usage with hash-based RNG +- Update STM32F2_CRYPTO port with additional algorithms supported +- Update MDK5 projects +- Update AES-NI +- Fix for STM32 with STM32F2_HASH defined +- Fix for building with MinGw +- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) +- Fix certificate buffers github issue #422 +- Fix decrypt max size with RSA OAEP +- Fix DTLS sanity check with DTLS timeout notification +- Fix free of WOLFSSL_METHOD on failure to create CTX +- Fix memory leak in failure case with wc_RsaFunction (2) + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 +- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) + +##Release 3.9.0 of wolfSSL has bug fixes and new features including: + +- Add new leantls configuration +- Add RSA OAEP padding at wolfCrypt level +- Add Arduino port and example client +- Add fixed point DH operation +- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK +- Add ECDHE-PSK cipher suites +- Add PSK ChaCha20-Poly1305 cipher suites +- Add option for fail on no peer cert except PSK suites +- Add port for Nordic nRF51 +- Add additional ECC NIST test vectors for 256, 384 and 521 +- Add more granular ECC, Ed25519/Curve25519 and AES configs +- Update to ChaCha20-Poly1305 +- Update support for Freescale KSDK 1.3.0 +- Update DER buffer handling code, refactoring and reducing memory +- Fix to AESNI 192 bit key expansion +- Fix to C# wrapper character encoding +- Fix sequence number issue with DTLS epoch 0 messages +- Fix RNGA with K64 build +- Fix ASN.1 X509 V3 certificate policy extension parsing +- Fix potential free of uninitialized RSA key in asn.c +- Fix potential underflow when using ECC build with FP_ECC +- Fixes for warnings in Visual Studio 2015 build + +- No high level security fixes that requires an update though we always +recommend updating to the latest +- FP_ECC is off by default, users with it enabled should update for the zero +sized hash fix + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) + +##Release 3.8.0 of wolfSSL has bug fixes and new features including: + +- Example client/server with VxWorks +- AESNI use with AES-GCM +- Stunnel compatibility enhancements +- Single shot hash and signature/verify API added +- Update cavium nitrox port +- LPCXpresso IDE support added +- C# wrapper to support wolfSSL use by a C# program +- (BETA version)OCSP stapling added +- Update OpenSSH compatibility +- Improve DTLS handshake when retransmitting finished message +- fix idea_mult() for 16 and 32bit systems +- fix LowResTimer on Microchip ports + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) + +##Release 3.7.0 of wolfSSL has bug fixes and new features including: + +- ALPN extension support added for HTTP2 connections with --enable-alpn +- Change of example/client/client max fragment flag -L -> -F +- Throughput benchmarking, added scripts/benchmark.test +- Sniffer API ssl_FreeDecodeBuffer added +- Addition of AES_GCM to Sniffer +- Sniffer change to handle unlimited decrypt buffer size +- New option for the sniffer where it will try to pick up decoding after a + sequence number acknowldgement fault. Also includes some additional stats. +- JNI API setter and getter function for jobject added +- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto +- fix to asn configuration bug +- AES-GCM/CCM fixes. +- Port for Rowley added +- Rowley Crossworks bare metal examples added +- MDK5-ARM project update +- FreeRTOS support updates. +- VXWorks support updates. +- Added the IDEA cipher and support in wolfSSL. +- Update wolfSSL website CA. +- CFLAGS is usable when configuring source. + +- No high level security fixes that requires an update though we always +recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) + +##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. +##It also includes bug fixes and new features including: + +- Two High level security fixes, all users SHOULD update. + a) If using wolfSSL for DTLS on the server side of a publicly accessible + machine you MUST update. + b) If using wolfSSL for TLS on the server side with private RSA keys allowing + ephemeral key exchange without low memory optimziations you MUST update and + regenerate the private RSA keys. + + Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details + +- No filesystem build fixes for various configurations +- Certificate generation now supports several extensions including KeyUsage, + SKID, AKID, and Ceritifcate Policies +- CRLs can be loaded from buffers as well as files now +- SHA-512 Ceritifcate Signing generation +- Fixes for sniffer reassembly processing + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + +#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) + +##Release 3.6.6 of wolfSSL has bug fixes and new features including: + +- OpenSSH compatibility with --enable-openssh +- stunnel compatibility with --enable-stunnel +- lighttpd compatibility with --enable-lighty +- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 +- Ephemeral key cipher suites only are now supported by default + To enable static ECDH cipher suites define WOLFSSL_STATIC_DH + To enable static RSA cipher suites define WOLFSSL_STATIC_RSA + To enable static PSK cipher suites define WOLFSSL_STATIC_PSK +- Added QSH (quantum-safe handshake) extension with --enable-ntru +- SRP is now part of wolfCrypt, enable with --enabe-srp +- Certificate handshake messages can now be sent fragmented if the record + size is smaller than the total message size, no user action required. +- DTLS duplicate message fixes +- Visual Studio project files now support DLL and static builds for 32/64bit. +- Support for new Freesacle I/O +- FreeRTOS FIPS support + +- No high level security fixes that requires an update though we always + recommend updating to the latest + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) + +##Release 3.6.0 of wolfSSL has bug fixes and new features including: + +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect + Forward Secrecy). With --enable-maxstrength +- Server side session ticket support, the example server and echosever use the + example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() +- FIPS version submitted for iOS. +- TI Crypto Hardware Acceleration +- DTLS fragmentation fixes +- ECC key check validation with wc_ecc_check_key() +- 32bit code options to reduce memory for Curve25519 and Ed25519 +- wolfSSL JNI build switch with --enable-jni +- PicoTCP support improvements +- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() +- KEEP_PEER_CERT and AltNames can now be used together +- ChaCha20 big endian fix +- SHA-512 signature algorithm support for key exchange and verify messages +- ECC make key crash fix on RNG failure, ECC users must update. +- Improvements to usage of time code. +- Improvements to VS solution files. +- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error + add -fdebug-types-section to C_EXTRA_FLAGS + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 14, ecc RNG failure) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) + +##Release 3.4.8 of wolfSSL has bug fixes and new features including: + +- FIPS version submitted for iOS. +- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. +- Improvements to usage of time code. +- Improvements to VS solution files. + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) + +##Release 3.4.6 of wolfSSL has bug fixes and new features including: + +- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, + rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. + These speedup the use of RNG, SHA2, and public key algorithms. +- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples + in wolcrypt/test/test.c ed25519_test(). +- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes + of memory per secure connection including cipher state. +- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and + ctaocrypt headers which will enable the compatibility APIs for the + foreseeable future +- INSTALL file to help direct users to build instructions for their environment +- For ECC users with the normal math library a fix that prevents a crash when + verify signature fails. Users of 3.4.0 with ECC and the normal math library + must update +- RC4 is now disabled by default in autoconf mode +- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers + available without a switch +- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution +- DHE-PSK cipher suites can now be built without ASN or Cert support +- Fix some NO MD5 build issues with optional features +- Freescale CodeWarrior project updates +- ECC curves can be individually turned on/off at build time. +- Sniffer handles Cert Status message and other minor fixes +- SetMinVersion() at the wolfSSL Context level instead of just SSL session level + to allow minimum protocol version allowed at runtime +- RNG failure resource cleanup fix + +- No high level security fixes that requires an update though we always + recommend updating to the latest (except note 6 use case of ecc/normal math) + +See INSTALL file for build instructions. +More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html + + +#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) + +## Release 3.4.0 wolfSSL has bug fixes and new features including: + +- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt + headers which will enable the compatibility APIs for the foreseeable future +- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c +- Example use of the wolfSSL API can be found in examples/client/client.c +- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon +- Improvements in the build configuration under AIX +- Microchip Pic32 MZ updates +- TIRTOS updates +- PowerPC updates +- Xcode project update +- Bidirectional shutdown examples in client/server with -w (wait for full + shutdown) option +- Cycle counts on benchmarks for x86_64, more coming soon +- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA + keys +- Various compile warnings +- Scan-build warning fixes +- Changed a memcpy to memmove in the sniffer (if using sniffer please update) +- No high level security fixes that requires an update though we always + recommend updating to the latest + + +# CyaSSL Release 3.3.0 (12/05/2014) + +- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without + FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from + the Prosecco team at INRIA Paris-Rocquencourt for the report. +- FIPS version submitted +- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED +- User can set mimimum downgrade version with CyaSSL_SetMinVersion() +- Small stack improvements at TLS/SSL layer +- TLS Master Secret generation and Key Expansion are now exposed +- Adds client side Secure Renegotiation, * not recommended * +- Client side session ticket support, not fully tested with Secure Renegotiation +- Allows up to 4096bit DHE at TLS Key Exchange layer +- Handles non standard SessionID sizes in Hello Messages +- PicoTCP Support +- Sniffer now supports SNI Virtual Hosts +- Sniffer now handles non HTTPS protocols using STARTTLS +- Sniffer can now parse records with multiple messages +- TI-RTOS updates +- Fix for ColdFire optimized fp_digit read only in explicit 32bit case +- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.2.0 (09/10/2014) + +#### Release 3.2.0 CyaSSL has bug fixes and new features including: + +- ChaCha20 and Poly1305 crypto and suites +- Small stack improvements for OCSP, CRL, TLS, DTLS +- NTRU Encrypt and Decrypt benchmarks +- Updated Visual Studio project files +- Updated Keil MDK5 project files +- Fix for DTLS sequence numbers with GCM/CCM +- Updated HashDRBG with more secure struct declaration +- TI-RTOS support and example Code Composer Studio project files +- Ability to get enabled cipher suites, CyaSSL_get_ciphers() +- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU +- Sniffer improvement checking for decrypt key setup +- Support for raw ECC key import +- Ability to convert ecc_key to DER, EccKeyToDer() +- Security fix for RSA Padding check vulnerability reported by Intel Security + Advanced Threat Research team + +The CyaSSL manual is available at: +http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.1.0 (07/14/2014) + +#### Release 3.1.0 CyaSSL has bug fixes and new features including: + +- Fix for older versions of icc without 128-bit type +- Intel ASM syntax for AES-NI +- Updated NTRU support, keygen benchmark +- FIPS check for minimum required HMAC key length +- Small stack (--enable-smallstack) improvements for PKCS#7, ASN +- TLS extension support for DTLS +- Default I/O callbacks external to user +- Updated example client with bad clock test +- Ability to set optional ECC context info +- Ability to enable/disable DH separate from opensslextra +- Additional test key/cert buffers for CA and server +- Updated example certificates + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.2 (05/30/2014) + +#### Release 3.0.2 CyaSSL has bug fixes and new features including: + +- Added the following cipher suites: + * TLS_PSK_WITH_AES_128_GCM_SHA256 + * TLS_PSK_WITH_AES_256_GCM_SHA384 + * TLS_PSK_WITH_AES_256_CBC_SHA384 + * TLS_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 + * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 + * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 + * TLS_DHE_PSK_WITH_NULL_SHA256 + * TLS_DHE_PSK_WITH_NULL_SHA384 + * TLS_DHE_PSK_WITH_AES_128_CCM + * TLS_DHE_PSK_WITH_AES_256_CCM +- Added AES-NI support for Microsoft Visual Studio builds. +- Changed small stack build to be disabled by default. +- Updated the Hash DRBG and provided a configure option to enable. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 3.0.0 (04/29/2014) + +#### Release 3.0.0 CyaSSL has bug fixes and new features including: + +- FIPS release candidate +- X.509 improvements that address items reported by Suman Jana with security + researchers at UT Austin and UC Davis +- Small stack size improvements, --enable-smallstack. Offloads large local + variables to the heap. (Note this is not complete.) +- Updated AES-CCM-8 cipher suites to use approved suite numbers. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.4 (04/09/2014) + +#### Release 2.9.4 CyaSSL has bug fixes and new features including: + +- Security fixes that address items reported by Ivan Fratric of the Google + Security Team +- X.509 Unknown critical extensions treated as errors, report by Suman Jana with + security researchers at UT Austin and UC Davis +- Sniffer fixes for corrupted packet length and Jumbo frames +- ARM thumb mode assembly fixes +- Xcode 5.1 support including new clang +- PIC32 MZ hardware support +- CyaSSL Object has enough room to read the Record Header now w/o allocs +- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. +- A sample I/O pool is demonstrated with --enable-iopool to overtake memory + handling and reduce memory fragmentation on I/O large sizes + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.9.0 (02/07/2014) + +#### Release 2.9.0 CyaSSL has bug fixes and new features including: +- Freescale Kinetis RNGB support +- Freescale Kinetis mmCAU support +- TLS Hello extensions + - ECC + - Secure Renegotiation (null) + - Truncated HMAC +- SCEP support + - PKCS #7 Enveloped data and signed data + - PKCS #10 Certificate Signing Request generation +- DTLS sliding window +- OCSP Improvements + - API change to integrate into Certificate Manager + - IPv4/IPv6 agnostic + - example client/server support for OCSP + - OCSP nonces are optional +- GMAC hashing +- Windows build additions +- Windows CYGWIN build fixes +- Updated test certificates +- Microchip MPLAB Harmony support +- Update autoconf scripts +- Additional X.509 inspection functions +- ECC encrypt/decrypt primitives +- ECC Certificate generation + +The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the +K53 Sub-Family Reference Manual: +http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf + +Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation +can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library +User Guide": +http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf + + +# CyaSSL Release 2.8.0 (8/30/2013) + +#### Release 2.8.0 CyaSSL has bug fixes and new features including: +- AES-GCM and AES-CCM use AES-NI +- NetX default IO callback handlers +- IPv6 fixes for DTLS Hello Cookies +- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() +- SEP certificate extensions +- Callback getters for easier resource freeing +- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing +- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing +- Public Key Callbacks for ECC and RSA +- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.7.0 (6/17/2013) + +#### Release 2.7.0 CyaSSL has bug fixes and new features including: +- SNI support for client and server +- KEIL MDK-ARM projects +- Wildcard check to domain name match, and Subject altnames are checked too +- Better error messages for certificate verification errors +- Ability to discard session during handshake verify +- More consistent error returns across all APIs +- Ability to unload CAs at the CTX or CertManager level +- Authority subject id support for Certificate matching +- Persistent session cache functionality +- Persistent CA cache functionality +- Client session table lookups to push serverID table to library level +- Camellia support to sniffer +- User controllable settings for DTLS timeout values +- Sniffer fixes for caching long lived sessions +- DTLS reliability enhancements for the handshake +- Better ThreadX support + +When compiling with Mingw, libtool may give the following warning due to +path conversion errors: + +``` +libtool: link: Could not determine host file name corresponding to ** +libtool: link: Continuing, but uninstalled executables may not work. +``` + +If so, examples and testsuite will have problems when run, showing an +error while loading shared libraries. To resolve, please run "make install". + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.6.0 (04/15/2013) + +#### Release 2.6.0 CyaSSL has bug fixes and new features including: +- DTLS 1.2 support including AEAD ciphers +- SHA-3 finalist Blake2 support, it's fast and uses little resources +- SHA-384 cipher suites including ECC ones +- HMAC now supports SHA-512 +- Track memory use for example client/server with -t option +- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were + turned on, localhost only was used. Now link-local (with scope ids) and ipv6 + hosts can be used as well. +- Xcode v4.6 project for iOS v6.1 update +- settings.h is now checked in all *.c files for true one file setting detection +- Better alignment at SSL layer for hardware crypto alignment needs + * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and + 13 bytes DTLS headers, but every effort is now made to align with the + CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement +- NO_64BIT flag to turn off 64bit data type accumulators in public key code + * Note, some systems are faster with 32bit accumulators +- --enable-stacksize for example client/server stack use + * Note, modern desktop Operating Systems may add bytes to each stack frame +- Updated compression/decompression with direct crypto access +- All ./configure options are now lowercase only for consistency +- ./configure builds default to fastmath option + * Note, if on ia32 and building in shared mode this may produce a problem + with a missing register being available because of PIC, there are at least + 6 solutions to this: + 1) --disable-fastmath , don't use fastmath + 2) --disable-shared, don't build a shared library + 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use + 4) use clang, it just seems to work + 5) play around with no PIC options to force all registers being open, + e.g., --without-pic + 6) if static lib is still a problem try removing fPIE +- Many new ./configure switches for option enable/disable for example + * rsa + * dh + * dsa + * md5 + * sha + * arc4 + * null (allow NULL ciphers) + * oldtls (only use TLS 1.2) + * asn (no certs or public keys allowed) +- ./configure generates cyassl/options.h which allows a header the user can + include in their app to make sure the same options are set at the app and + CyaSSL level. +- autoconf no longer needs serial-tests which lowers version requirements of + automake to 1.11 and autoconf to 2.63 + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.5.0 (02/04/2013) + +#### Release 2.5.0 CyaSSL has bug fixes and new features including: +- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and + Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ +- Microchip PIC32 (MIPS16, MIPS32) support +- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit +- Updated CTaoCrypt benchmark app for embedded systems +- 1024-bit test certs/keys and cert/key buffers +- AES-CCM-8 crypto and cipher suites +- Camellia crypto and cipher suites +- Bumped minimum autoconf version to 2.65, automake version to 1.12 +- Addition of OCSP callbacks +- STM32F2 support with hardware crypto and RNG +- Cavium NITROX support + +CTaoCrypt now has support for the Microchip PIC32 and has been tested with +the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and +MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README +located under the /mplabx directory for more details. + +To add Cavium NITROX support do: + +./configure --with-cavium=/home/user/cavium/software + +pointing to your licensed cavium/software directory. Since Cavium doesn't +build a library we pull in the cavium_common.o file which gives a libtool +warning about the portability of this. Also, if you're using the github source +tree you'll need to remove the -Wredundant-decls warning from the generated +Makefile because the cavium headers don't conform to this warning. Currently +CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto +layer. Support at the SSL level is partial and currently just does AES, 3DES, +and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non +blocking mode. The example client turns on cavium support as does the crypto +test and benchmark. Please see the HAVE_CAVIUM define. + +CyaSSL is able to use the STM32F2 hardware-based cryptography and random number +generator through the STM32F2 Standard Peripheral Library. For necessary +defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the +STM32F2 Standard Peripheral Library can be found in the following document: +http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.4.6 (12/20/2012) + +#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: +- ECC into main version +- Lean PSK build (reduced code size, RAM usage, and stack usage) +- FreeBSD CRL monitor support +- CyaSSL_peek() +- CyaSSL_send() and CyaSSL_recv() for I/O flag setting +- CodeWarrior Support +- MQX Support +- Freescale Kinetis support including Hardware RNG +- autoconf builds use jobserver +- cyassl-config +- Sniffer memory reductions + +Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, +warning system, and general good ideas for improving CyaSSL! + +The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the +K70 Sub-Family Reference Manual: +http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + +# CyaSSL Release 2.4.0 (10/10/2012) + +#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: +- DTLS reliability +- Reduced memory usage after handshake +- Updated build process + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.3.0 (8/10/2012) + +#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: +- AES-GCM crypto and cipher suites +- make test cipher suite checks +- Subject AltName processing +- Command line support for client/server examples +- Sniffer SessionTicket support +- SHA-384 cipher suites +- Verify cipher suite validity when user overrides +- CRL dir monitoring +- DTLS Cookie support, reliability coming soon + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.2.0 (5/18/2012) + +#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: +- Initial CRL support (--enable-crl) +- Initial OCSP support (--enable-ocsp) +- Add static ECDH suites +- SHA-384 support +- ECC client certificate support +- Add medium session cache size (1055 sessions) +- Updated unit tests +- Protection against mutex reinitialization + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.8 (2/24/2012) + +#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: +- A fix for malicious certificates pointed out by Remi Gacogne (thanks) + resulting in NULL pointer use. +- Respond to renegotiation attempt with no_renegoatation alert +- Add basic path support for load_verify_locations() +- Add set Temp EC-DHE key size +- Extra checks on rsa test when porting into + + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.6 (1/27/2012) + +#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: +- Fixes for CA basis constraint check +- CTX reference counting +- Initial unit test additions +- Lean and Mean Windows fix +- ECC benchmarking +- SSMTP build support +- Ability to group handshake messages with set_group_messages(ctx/ssl) +- CA cache addition callback +- Export Base64_Encode for general use + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.2 (12/05/2011) + +#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: +- CTaoCrypt Runtime library detection settings when directly using the crypto + library +- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation +- All test certificates now use 2048bit and SHA-1 for better modern browser + support +- Direct AES block access and AES-CTR (counter) mode +- Microchip pic32 support + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + + + +# CyaSSL Release 2.0.0rc3 (9/28/2011) + +#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: +- updated autoconf support +- better make install and uninstall (uses system directories) +- make test / make check +- CyaSSL headers now in +- CTaocrypt headers now in +- OpenSSL compatibility headers now in +- examples and tests all run from home directory so can use certs in ./certs + (see note 1) + +So previous applications that used the OpenSSL compatibility header + now need to include instead, no other +changes are required. + +Special Thanks to Brian Aker for his autoconf, install, and header patches. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc2 (6/6/2011) + +#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: +- bug fixes (Alerts, DTLS with DHE) +- FreeRTOS support +- lwIP support +- Wshadow warnings removed +- asn public header +- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being + updated to reflect this change) +- and more. + +This is the 2nd and perhaps final release candidate for version 2. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 2.0.0rc1 (5/2/2011) + +#### Release 2.0.0rc1 for CyaSSL has many new features including: +- bug fixes +- SHA-256 cipher suites +- Root Certificate Verification (instead of needing all certs in the chain) +- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) +- Serial number retrieval for x509 +- PBKDF2 and PKCS #12 PBKDF +- UID parsing for x509 +- SHA-256 certificate signatures +- Client and server can send chains (SSL_CTX_use_certificate_chain_file) +- CA loading can now parse multiple certificates per file +- Dynamic memory runtime hooks +- Runtime hooks for logging +- EDH on server side +- More informative error codes +- More informative logging messages +- Version downgrade more robust (use SSL_v23*) +- Shared build only by default through ./configure +- Compiler visibility is now used, internal functions not polluting namespace +- Single Makefile, no recursion, for faster and simpler building +- Turn on all warnings possible build option, warning fixes +- and more. + +Because of all the new features and the multiple OS, compiler, feature-set +options that CyaSSL allows, there may be some configuration fixes needed. +Please send any comments or questions to support@yassl.com. + +The CyaSSL manual is available at: +http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions +and comments about the new features please check the manual. + +# CyaSSL Release 1.9.0 (3/2/2011) + +Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and +better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, +improper AES key setup detection, user cert verify callback improvements, and +more. + +The CyaSSL manual offering is included in the doc/ directory. For build +instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +# CyaSSL Release 1.8.0 (12/23/2010) + +Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate +generation, a C standard library abstraction layer, lower memory use, increased +portability through the os_settings.h file, and the ability to use NTRU cipher +suites when used in conjunction with an NTRU license and library. + +The initial CyaSSL manual offering is included in the doc/ directory. For +build instructions and comments about the new features please check the manual. + +Please send any comments or questions to support@yassl.com. + +Happy Holidays. + + +# CyaSSL Release 1.6.5 (9/9/2010) + +Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To enable certificate generation support add this option to ./configure +./configure --enable-certgen + +An example is included in ctaocrypt/test/test.c and documentation is provided +in doc/CyaSSL_Extensions_Reference.pdf item 11. + +# CyaSSL Release 1.6.0 (8/27/2010) + +Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key +generation. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add RIPEMD-160 support add this option to ./configure +./configure --enable-ripemd + +To add SHA-512 support add this option to ./configure +./configure --enable-sha512 + +To add RSA key generation support add this option to ./configure +./configure --enable-keygen + +Please see ctaocrypt/test/test.c for examples and usage. + +For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is +off by default. To turn key generation on add the define CYASSL_KEY_GEN to +CyaSSL. + + +# CyaSSL Release 1.5.6 (7/28/2010) + +Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, +and a fix for GCC builds on some systems. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.4 (7/7/2010) + +Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed +improvements from loop unrolling, and support for the Mongoose Web Server. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add AES-NI support add this option to ./configure +./configure --enable-aesni + +You'll need GCC 4.4.3 or later to make use of the assembly. + +# CyaSSL Release 1.5.0 (5/11/2010) + +Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer +support, and initial swig interface support. + +For general build instructions see doc/Building_CyaSSL.pdf. + +To add support for GoAhead WebServer either --enable-opensslExtra or if you +don't want all the features of opensslExtra you can just define GOAHEAD_WS +instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or +you can define it yourself. + +To look at the sniffer support please see the sniffertest app in +sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the +vcproj files on windows. You'll need to have pcap installed on *nix and +WinPcap on windows. + +A swig interface file is now located in the swig directory for using Python, +Java, Perl, and others with CyaSSL. This is initial support and experimental, +please send questions or comments to support@yassl.com. + +When doing load testing with CyaSSL, on the echoserver example say, the client +machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT +queue, and can't be reused by default. There are generally two ways to fix +this. + +1. Reduce the length sockets remain on the TIME_WAIT queue OR +2. Allow items on the TIME_WAIT queue to be reused. + + +To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) + +`sudo sysctl -w net.inet.tcp.msl=3000` + +In Linux + +`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` + +allows reuse of sockets in TIME_WAIT + +`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` + +works but seems to remove sockets from TIME_WAIT entirely? + +`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` + +doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts + + +# CyaSSL Release 1.4.0 (2/18/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support +through SSLv23_server_method(), and improved documentation in the doc/ folder. + +For general build instructions doc/Building_CyaSSL.pdf. + +# CyaSSL Release 1.3.0 (1/21/2010) + +Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, +better porting support, removal of assert()s, and a complete THREADX port. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.2.0 (11/2/2009) + +Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is +read or write. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.1.0 (9/2/2009) + +Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session +cache use, support for lighttpd, and TLS 1.2. + +To get TLS 1.2 support please use the client and server functions: + +```c +SSL_METHOD *TLSv1_2_server_method(void); +SSL_METHOD *TLSv1_2_client_method(void); +``` + +CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with +lighttpd use the following commands from the CyaSSL install dir : + +``` +./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib + +make +make openssl-links +``` + +Then to build lighttpd with CyaSSL use the following commands from the +lighttpd install dir: + +``` +./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm + +make +``` + +On some systems you may get a linker error about a duplicate symbol for +MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file +md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. +When liblightcomp is linked with the SSL_LIBs the linker may complain about +the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c +and adding this line to the beginning of the file: + +\#if 0 + +and this line to the end of the file + +\#endif + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +If you get link errors about undefined symbols more than likely the actual +OpenSSL libraries are found by the linker before the CyaSSL openssl-links that +point to the CyaSSL library, causing the linker confusion. This can be fixed +by editing the Makefile in the lighttpd src directory and changing the line: + +`SSL_LIB = -lssl -lcrypto` + +to + +`SSL_LIB = -lcyassl` + +Then from the lighttpd src dir do a: + +``` +make clean +make +``` + +This should remove any confusion the linker may be having with missing symbols. + +For any questions or concerns please contact support@yassl.com . + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.6 (8/03/2009) + +Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster +math with a huge code option. + +The session cache now defaults to a client mode, also good for embedded servers. +For servers not under heavy load (less than 200 new sessions per minute), define +BIG_SESSION_CACHE. If the server will be under heavy load, define +HUGE_SESSION_CACHE. + +There is now a fasthugemath option for configure. This enables fastmath plus +even faster math by greatly increasing the code size of the math library. Use +the benchmark utility to compare public key operations. + + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.3 (5/10/2009) + +Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL +compatibility when building other applications. + +Release 1.0.3 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +# CyaSSL Release 1.0.2 (4/3/2009) + +Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems +will send a SIGPIPE on socket recv() at any time and this should be handled by +the application by turning off SIGPIPE through setsockopt() or returning from +the handler. + +Release 1.0.2 includes an alpha release of DTLS for both client and servers. +This is only for testing purposes at this time. Rebroadcast and reordering +aren't fully implemented at this time but will be for the next release. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) + + +Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for +iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root +directory. This release also includes a fix for supporting other +implementations that bundle multiple messages at the record layer, this was +lost when cyassl i/o was re-implemented but is now fixed. + +For general build instructions see rc1 below. + +## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) + + +Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream +ciphers along with their respective cipher suites. CyaSSL adds support for +HC-128 and RABBIT stream ciphers. The new suites are: + +``` +TLS_RSA_WITH_HC_128_SHA +TLS_RSA_WITH_RABBIT_SHA +``` + +And the corresponding cipher names are + +``` +HC128-SHA +RABBIT-SHA +``` + +CyaSSL also adds support for building with devkitPro for PPC by changing the +library proper to use libogc. The examples haven't been changed yet but if +there's interest they can be. Here's an example ./configure to build CyaSSL +for devkitPro: + +``` +./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" +``` + +For linking purposes you'll need + +`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` + +For general build instructions see rc1 below. + + +## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) + + +Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several +areas have optimization improvements, less dynamic memory use, and the I/O +strategy has been refactored to allow alternate I/O handling or Library use. +Many thanks to Thierry Fournier for providing these ideas and most of the work. + +Because of these changes, this release is only a candidate since some problems +are probably inevitable on some platform with some I/O use. Please report any +problems and we'll try to resolve them as soon as possible. You can contact us +at support@yassl.com or todd@yassl.com. + +Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly +on some platforms. This is new so please report any problems as every compiler, +mode, OS combination hasn't been tested. On ia32 all of the registers need to +be available so be sure to pass these options to CFLAGS: + +`CFLAGS="-O3 -fomit-frame-pointer"` + +OS X will also need -mdynamic-no-pic added to CFLAGS + +Also if you're building in shared mode for ia32 you'll need to pass options to +LDFLAGS as well on OS X: + +`LDFLAGS=-Wl,-read_only_relocs,warning` + +This gives warnings for some symbols but seems to work. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### To make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + + + +# CyaSSL version 0.9.9 (7/25/2008) + +This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory +handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the +work on TomsFastMath. + +To optionally use TomsFastMath pass --enable-fastmath to ./configure +Or define USE_FAST_MATH in each project from CyaSSL for MSVC. + +Please use the benchmark routine before and after to see the performance +difference, on some platforms the gains will be little but RSA encryption +always seems to be faster. On x86-64 machines with GCC the normal math library +may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't +yet use -m64 because of GCCs inability to do 128bit division. + + *** UPDATE GCC 4.2.1 can now do 128bit division *** + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.8 (5/7/2008) + +This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better +socket handling. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.6 (1/31/2008) + +This release of CyaSSL adds bug fixes, increased session management, and a fix +for gnutls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.9.0 (10/15/2007) + +This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, +IPV6 support and test, and new test certificates. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.8.0 (1/10/2007) + +This release of CyaSSL adds increased socket support, for non-blocking writes, +connects, and interrupted system calls. + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.3 (10/30/2006) + +This release of CyaSSL adds debug logging to stderr to aid in the debugging of +CyaSSL on systems that may not provide the best support. + +If CyaSSL is built with debugging support then you need to call +CyaSSL_Debugging_ON() to turn logging on. + +On Unix use ./configure --enable-debug + +On Windows define DEBUG_CYASSL when building CyaSSL + + +To turn logging back off call CyaSSL_Debugging_OFF() + +See notes below (0.2.0) for complete build instructions. + + +# CyaSSL version 0.6.2 (10/29/2006) + +This release of CyaSSL adds TLS 1.1. + +Note that CyaSSL has certificate verification on by default, unlike OpenSSL. +To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with +SSL_VERIFY_NONE. In order to have full security you should never do this, +provide CyaSSL with the proper certificates to eliminate impostors and call +CyaSSL_check_domain_name() to prevent man in the middle attacks. + +See notes below (0.2.0) for build instructions. + +# CyaSSL version 0.6.0 (10/25/2006) + +This release of CyaSSL adds more SSL functions, better autoconf, nonblocking +I/O for accept, connect, and read. There is now an --enable-small configure +option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in +for the defines. Note that TLS requires HMAC and AES requires TLS. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.5 (09/27/2006) + +This mini release of CyaSSL adds better input processing through buffered input +and big message support. Added SSL_pending() and some sanity checks on user +settings. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.5.0 (03/27/2006) + +This release of CyaSSL adds AES support and minor bug fixes. + +See notes below (0.2.0) for build instructions. + + +# CyaSSL version 0.4.0 (03/15/2006) + +This release of CyaSSL adds TLSv1 client/server support and libtool. + +See notes below for build instructions. + + +# CyaSSL version 0.3.0 (02/26/2006) + +This release of CyaSSL adds SSLv3 server support and session resumption. + +See notes below for build instructions. + + +# CyaSSL version 0.2.0 (02/19/2006) + + +This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL +is written in ANSI C with the idea of a small code size, footprint, and memory +usage in mind. CTaoCrypt can be as small as 32K, and the current client +version of CyaSSL can be as small as 12K. + + +The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer +Support, RSA, ASN parsing, and basic x509 (en/de)coding. + +The first release of CyaSSL supports normal client RSA mode SSLv3 connections +with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. + + +#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: + + ./configure + make + + from the ./testsuite/ directory run ./testsuite + +#### to make a debug build: + + ./configure --enable-debug --disable-shared + make + + + +#### To build on Win32 + +Choose (Re)Build All from the project workspace + +Run the testsuite program + + + +*** The next release of CyaSSL will support a server and more OpenSSL +compatibility functions. + + +Please send questions or comments to todd@wolfssl.com diff --git a/README b/README index ace91ea4c9..296cffb375 100644 --- a/README +++ b/README @@ -72,1789 +72,144 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. +Note 3) +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. + *** end Notes *** -********* wolfSSL Release 3.14.0 (3/02/2018) +** wolfSSL Release 3.15.0 (05/01/2018) -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: +- Support for TLS 1.3 Draft versions 23, 26 and 28. +- Improved downgrade support for TLS 1.3. +- Improved TLS 1.3 support from interoperability testing. +- Single Precision assembly code added for ARM and 64-bit ARM. +- Improved performance for Single Precision maths on 32-bit. +- Allow TLS 1.2 to be compiled out. +- Ed25519 support in TLS 1.2 and 1.3. +- Update wolfSSL_HMAC_Final() so the length parameter is optional. +- Various fixes for Coverity static analysis reports. +- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +- Switch LowResTimer() to call XTIME instead of time(0) for better portability. +- Expanded OpenSSL compatibility layer. +- Added Renesas CS+ project files. +- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +- Add build option for CAVP self test build (--enable-selftest). +- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +- Add FIPS SGX support. +- Example certificate expiration dates and generation script updated. +- Additional optimizations to trim out unused strings depending on build + options. +- Fix for DN tag strings to have “=” when returning the string value to users. +- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are + in the queue. +- Fix for AES-CBC IV value with PIC32 hardware acceleration. +- Fix for wolfSSL_X509_print with ECC certificates. +- Fix for strict checking on URI absolute vs relative path. +- Added crypto device framework to handle PK RSA/ECC operations using + callbacks, which adds new build option `./configure --enable-cryptodev` or + `WOLF_CRYPTO_DEV`. +- Added devId support to ECC and PKCS7 for hardware based private key. +- Fixes in PKCS7 for handling possible memory leak in some error cases. +- Added test for invalid cert common name when set with + `wolfSSL_check_domain_name`. +- Refactor of the cipher suite names to use single array, which contains + internal name, IANA name and cipher suite bytes. +- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA + cipher suite name using bytes. +- Fixes for fsanitize reports. +- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check + returned size. +- Fixes and improvements for FreeRTOS AWS. +- Fixes for building openssl compatibility with FreeRTOS. +- Fix and new test for handling match on domain name that may have a null + terminator inside. +- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use + single macro `CloseSocket`. +- Refactor of the TLSX code to support returning error codes. +- Added new signature wrapper functions `wc_SignatureVerifyHash` and + `wc_SignatureGenerateHash` to allow direct use of hash. +- Improvement to GCC-ARM IDE example. +- Enhancements and cleanups for the ASN date/time code including new API's + `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` + to force C99. +- Added a new `--enable-opensslall` option to enable all openssl compatibility + features. +- Added new `--enable-webclient` option for enabling a few HTTP API's. +- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` + to asn.c and renamed to `wc_`. Added backwards compatibility macro for old + function names. +- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for + encrypted PEM private keys using password callback without having to use + opensslextra. +- Added ForceZero on the password buffer after done using it. +- Refactor unique hash types to use same internal values + (ex WC_MD5 == WC_HASH_TYPE_MD5). +- Refactor the Sha3 types to use `wc_` naming, while retaining old names for + compatibility. +- Improvements to `wc_PBKDF1` to support more hash types and the non-standard + extra data option. +- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +- Fix for `HAVE_EXT_CACHE` callbacks not being available without + `OPENSSL_EXTRA` defined. +- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to + macro order. +- Added support for building and using PKCS7 without RSA (assuming ECC is + enabled). +- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC + (SHA-224 and SHA3). +- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration + option to enable Base16 API's. +- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` + defined. +- Refactor IO callback function names to use `_CTX_` to eliminate confusion + about the first parameter. +- Added support for not loading a private key for server or client when + `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for + a key size. +- Cleanup ECC point import/export code and added new API + `wc_ecc_import_unsigned`. +- Fixes for handling OCSP with non-blocking. +- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new + callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and + `wolfSSL_CTX_SetRsaPssVerifySignCb`. +- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and + encodes them into ECDSA signature format. +- Added support for `WOLFSSL_STM32F1`. +- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +- Add copyright notice to autoconf files. (Thanks Brian Aker!) +- Updated the M4 files for autotools. (Thanks Brian Aker!) +- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with + test cases. (Thanks Thivya Ashok!) +- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, + section 2. (Thanks Thivya Ashok!) +- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be + agnostic to network socket behavior for TLS. (DTLS is another matter.) + The functions `wolfSSL_set_using_nonblock()` and + `wolfSSL_get_using_nonblock()` are deprecated. +- Hush the AR warning when building the static library with autotools. +- Hush the “-pthread” warning when building in some environments. +- Added a dist-hook target to the Makefile to reset the default options.h file. +- Removed the need for the darwin-clang.m4 file with the updates provided by + Brian A. +- Renamed the AES assembly file so GCC on the Mac will build it using the + preprocessor. +- Add a disable option (--disable-optflags) to turn off the default + optimization flags so user may supply their own custom flags. +- Correctly touch the dummy fips.h header. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) - -Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - - ***********CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -***********CyaSSL Release 3.2.0 (09/10/2014) - -Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.1.0 (07/14/2014) - -Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.2 (05/30/2014) - -Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.0 (04/29/2014) - -Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.4 (04/09/2014) - -Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.0 (02/07/2014) - -Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -*****************CyaSSL Release 2.8.0 (8/30/2013) - -Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*****************CyaSSL Release 2.7.0 (6/17/2013) - -Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************** CyaSSL Release 2.6.0 (04/15/2013) - -Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g, --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************** CyaSSL Release 2.5.0 (02/04/2013) - -Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.4.6 (12/20/2012) - -Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*************** CyaSSL Release 2.4.0 (10/10/2012) - -Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.3.0 (8/10/2012) - -Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.2.0 (5/18/2012) - -Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.0.8 (2/24/2012) - -Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.6 (1/27/2012) - -Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.2 (12/05/2011) - -Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.0rc3 (9/28/2011) - -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -************CyaSSL Release 2.0.0rc2 (6/6/2011) - -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -***********CyaSSL Release 2.0.0rc1 (5/2/2011) - -Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -****************** CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -****************** CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -Happy Holidays. - - -********************* CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -********************** CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -************* CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -************** CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -*************** CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -sudo sysctl -w net.inet.tcp.msl=3000 - -In Linux - -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - -allows reuse of sockets in TIME_WAIT - -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 - -works but seems to remove sockets from TIME_WAIT entirely? - -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -******************** CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -******************** CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -#if 0 - -and this line to the end of the file - -#endif - -Then from the lighttpd src dir do a: - -make clean -make - - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -SSL_LIB = -lssl -lcrypto - -to - -SSL_LIB = -lcyassl - -Then from the lighttpd src dir do a: - -make clean -make - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@wolfssl.com . - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA - -And the corresponding cipher names are - -HC128-SHA -RABBIT-SHA - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" - -For linking purposes you'll need - -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" - -For general build instructions see rc1 below. - - -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -CFLAGS="-O3 -fomit-frame-pointer" - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -LDFLAGS=-Wl,-read_only_relocs,warning - -This gives warnings for some symbols but seems to work. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -*************************CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - **** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -*****************CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -*****************CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -*****************CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -*****************CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com - diff --git a/README.md b/README.md index 77fb354413..4ac7655bff 100644 --- a/README.md +++ b/README.md @@ -66,1820 +66,101 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` -# wolfSSL Release 3.14.0 (3/02/2018) +## Note 3 +``` +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. +``` -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: +# wolfSSL Release 3.15.0 (05/01/2018) -* TLS 1.3 draft 22 and 23 support added -* Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -* Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -* AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -* Added i.MX CAAM driver support with Integrity OS support -* Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -* Fix for signature type detection with PKCS7 RSA SignedData -* Public key call back functions added for DH Agree -* RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -* API added for importing and exporting raw DSA parameters -* Updated DSA key generation to be FIPS 186-4 compliant -* Fix for wolfSSL_check_private_key when comparing ECC keys -* Support for AES Cipher Feedback(CFB) mode added -* Updated RSA key generation to be FIPS 186-4 compliant -* Update added for the ARM CMSIS software pack -* WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -* Performance improvements for AES-GCM with AVX1 and AVX2 -* Fix for possible memory leak on error case with wc_RsaKeyToDer function -* Make wc_PKCS7_PadData function available -* Updates made to building SGX on Linux -* STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -* Update static memory feature for FREERTOS use -* Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -* Update NGINX port to version 1.13.8 -* Support for HMAC-SHA3 added -* Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -* Option to have ecc_mul2add function public facing -* Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -* Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -* Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -* Support for indefinite length BER encodings in PKCS7 -* Added API for additional validation of prime q in a public DH key -* Added support for RSA encrypt and decrypt without padding +Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: +* Support for TLS 1.3 Draft versions 23, 26 and 28. +* Improved downgrade support for TLS 1.3. +* Improved TLS 1.3 support from interoperability testing. +* Single Precision assembly code added for ARM and 64-bit ARM. +* Improved performance for Single Precision maths on 32-bit. +* Allow TLS 1.2 to be compiled out. +* Ed25519 support in TLS 1.2 and 1.3. +* Update wolfSSL_HMAC_Final() so the length parameter is optional. +* Various fixes for Coverity static analysis reports. +* Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). +* Switch LowResTimer() to call XTIME instead of time(0) for better portability. +* Expanded OpenSSL compatibility layer. +* Added Renesas CS+ project files. +* Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. +* Add build option for CAVP self test build (--enable-selftest). +* Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. +* Add FIPS SGX support. +* Example certificate expiration dates and generation script updated. +* Additional optimizations to trim out unused strings depending on build options. +* Fix for DN tag strings to have “=” when returning the string value to users. +* Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. +* Fix for AES-CBC IV value with PIC32 hardware acceleration. +* Fix for wolfSSL_X509_print with ECC certificates. +* Fix for strict checking on URI absolute vs relative path. +* Added crypto device framework to handle PK RSA/ECC operations using callbacks, which adds new build option `./configure --enable-cryptodev` or `WOLF_CRYPTO_DEV`. +* Added devId support to ECC and PKCS7 for hardware based private key. +* Fixes in PKCS7 for handling possible memory leak in some error cases. +* Added test for invalid cert common name when set with `wolfSSL_check_domain_name`. +* Refactor of the cipher suite names to use single array, which contains internal name, IANA name and cipher suite bytes. +* Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA cipher suite name using bytes. +* Fixes for fsanitize reports. +* Fix for openssl compatibility function `wolfSSL_RSA_verify` to check returned size. +* Fixes and improvements for FreeRTOS AWS. +* Fixes for building openssl compatibility with FreeRTOS. +* Fix and new test for handling match on domain name that may have a null terminator inside. +* Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use single macro `CloseSocket`. +* Refactor of the TLSX code to support returning error codes. +* Added new signature wrapper functions `wc_SignatureVerifyHash` and `wc_SignatureGenerateHash` to allow direct use of hash. +* Improvement to GCC-ARM IDE example. +* Enhancements and cleanups for the ASN date/time code including new API's `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. +* Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` to force C99. +* Added a new `--enable-opensslall` option to enable all openssl compatibility features. +* Added new `--enable-webclient` option for enabling a few HTTP API's. +* Added new `wc_OidGetHash` API for getting the hash type from a hash OID. +* Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` to asn.c and renamed to `wc_`. Added backwards compatibility macro for old function names. +* Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. +* Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for encrypted PEM private keys using password callback without having to use opensslextra. +* Added ForceZero on the password buffer after done using it. +* Refactor unique hash types to use same internal values (ex WC_MD5 == WC_HASH_TYPE_MD5). +* Refactor the Sha3 types to use `wc_` naming, while retaining old names for compatibility. +* Improvements to `wc_PBKDF1` to support more hash types and the non-standard extra data option. +* Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. +* Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. +* Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. +* Fix for `HAVE_EXT_CACHE` callbacks not being available without `OPENSSL_EXTRA` defined. +* Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to macro order. +* Added support for building and using PKCS7 without RSA (assuming ECC is enabled). +* Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC (SHA-224 and SHA3). +* Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) +* Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration option to enable Base16 API's. +* Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` defined. +* Refactor IO callback function names to use `_CTX_` to eliminate confusion about the first parameter. +* Added support for not loading a private key for server or client when `HAVE_PK_CALLBACK` is defined and the private PK callback is set. +* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size. +* Cleanup ECC point import/export code and added new API `wc_ecc_import_unsigned`. +* Fixes for handling OCSP with non-blocking. +* Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and `wolfSSL_CTX_SetRsaPssVerifySignCb`. +* Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and encodes them into ECDSA signature format. +* Added support for `WOLFSSL_STM32F1`. +* Cleanup of the ASN X509 header/footer and XSTRNCPY logic. +* Add copyright notice to autoconf files. (Thanks Brian Aker!) +* Updated the M4 files for autotools. (Thanks Brian Aker!) +* Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with test cases. (Thanks Thivya Ashok!) +* Add the TLS alert message unknown_psk_identity (115) from RFC 4279, section 2. (Thanks Thivya Ashok!) +* Fix the case when using TCP with timeouts with TLS. wolfSSL shall be agnostic to network socket behavior for TLS. (DTLS is another matter.) The functions `wolfSSL_set_using_nonblock()` and `wolfSSL_get_using_nonblock()` are deprecated. +* Hush the AR warning when building the static library with autotools. +* Hush the “-pthread” warning when building in some environments. +* Added a dist-hook target to the Makefile to reset the default options.h file. +* Removed the need for the darwin-clang.m4 file with the updates provided by Brian A. +* Renamed the AES assembly file so GCC on the Mac will build it using the preprocessor. +* Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. +* Correctly touch the dummy fips.h header. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -* Fixes for TLS 1.3, support for Draft 21 -* TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -* New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -* New option for memory reduced build (--enable-lowresource) -* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -* SHA-3 size and performance optimizations -* Fixes for Intel AVX2 builds on Mac/OSX -* Intel assembly for Curve25519, and Ed25519 performance optimizations -* New option to force 32-bit mode with “--enable-32bit” -* New option to disable all inline assembly with “--disable-asm” -* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -* Fixes for handling of unsupported TLS extensions. -* Fixes for compiling AES-GCM code with GCC 4.8.* -* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -* Fixes for building without a filesystem -* Removes 3DES and SHA1 dependencies from PKCS#7 -* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -* Add ability to get client-side SNI -* Expanded OpenSSL compatibility layer -* Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -* Adds static memory support to the wolfSSL example client -* Fixes for sniffer to use TLS 1.2 client method -* Adds option to wolfCrypt benchmark to benchmark individual algorithms -* Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -* Updated Texas Instruments TI-RTOS build -* Updated STM32 CubeMX build with fixes for SHA -* Updated IAR EWARM project files -* Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -## Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -* Added TLS extension for Supported Point Formats (ec_point_formats) -* Fix to not send OCSP stapling extensions in client_hello when not enabled -* Added new API's for disabling OCSP stapling -* Add check for SIZEOF_LONG with sun and LP64 -* Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -* Fix to disallow upgrading to TLS v1.3 -* Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -* Add HMAC benchmark and expanded AES key size benchmarks -* Added simple GCC ARM Makefile example -* Add tests for 3072-bit RSA and DH. -* Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -* Fixes to allow custom serial number during certificate generation -* Add method to get WOLFSSL_CTX certificate manager -* Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -* Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -* Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -* Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -* Fixes for HAVE_INTEL_MULX -* Cleanup include paths for MySQL cmake build -* Added configure option for building library for wolfSSH (--enable-wolfssh) -* Openssl compatibility layer improvements -* Expanded API unit tests -* Fixes for STM32 crypto hardware acceleration -* Added AES XTS mode (--enable-xts) -* Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -* Math updates and added TFM_MIPS speedup. -* Fix for creation of the KeyUsage BitString -* Fix for 8k keys with MySQL compatibility -* Fixes for ATECC508A. -* Fixes for PIC32MZ hashing. -* Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -* Update HASH_DRBG Reseed mechanism and add test case -* Rename the file io.h/io.c to wolfio.h/wolfio.c -* Cleanup the wolfIO_Send function. -* OpenSSL Compatibility Additions and Fixes -* Improvements to Visual Studio DLL project/solution. -* Added function to generate public ECC key from private key -* Added async blocking support for sniffer tool. -* Added wolfCrypt hash tests for empty string and large data. -* Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -* Updated Micrium uC/OS-III Port -* Updated root certs for OCSP scripts -* New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -* Speedups for AES GCM with AESNI (--enable-aesni) -* Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -## Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -## Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -## Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -## Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -## Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html - - -# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -##Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -##Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.9.0 (03/18/2016) - -##Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -##Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -# wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -##Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -##Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. -##It also includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimziations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Ceritifcate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Ceritifcate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - -#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -##Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freesacle I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -##Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echosever use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) - -##Release 3.4.8 of wolfSSL has bug fixes and new features including: - -- FIPS version submitted for iOS. -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. -- Improvements to usage of time code. -- Improvements to VS solution files. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -##Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -## Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - -# CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set mimimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.2.0 (09/10/2014) - -#### Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.1.0 (07/14/2014) - -#### Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.2 (05/30/2014) - -#### Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.0 (04/29/2014) - -#### Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.4 (04/09/2014) - -#### Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.0 (02/07/2014) - -#### Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -# CyaSSL Release 2.8.0 (8/30/2013) - -#### Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.7.0 (6/17/2013) - -#### Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -``` -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. -``` - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.6.0 (04/15/2013) - -#### Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g., --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.5.0 (02/04/2013) - -#### Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.4.6 (12/20/2012) - -#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.4.0 (10/10/2012) - -#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.3.0 (8/10/2012) - -#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.2.0 (5/18/2012) - -#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.8 (2/24/2012) - -#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.6 (1/27/2012) - -#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.2 (12/05/2011) - -#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.0rc3 (9/28/2011) - -#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc2 (6/6/2011) - -#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc1 (5/2/2011) - -#### Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -# CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -Happy Holidays. - - -# CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -# CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -# CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@yassl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. - -1. Reduce the length sockets remain on the TIME_WAIT queue OR -2. Allow items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -`sudo sysctl -w net.inet.tcp.msl=3000` - -In Linux - -`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` - -allows reuse of sockets in TIME_WAIT - -`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` - -works but seems to remove sockets from TIME_WAIT entirely? - -`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -# CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -# CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -```c -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); -``` - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -``` -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links -``` - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -``` -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make -``` - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -\#if 0 - -and this line to the end of the file - -\#endif - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -`SSL_LIB = -lssl -lcrypto` - -to - -`SSL_LIB = -lcyassl` - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@yassl.com . - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -``` -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA -``` - -And the corresponding cipher names are - -``` -HC128-SHA -RABBIT-SHA -``` - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -``` -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" -``` - -For linking purposes you'll need - -`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` - -For general build instructions see rc1 below. - - -## CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@yassl.com or todd@yassl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -`CFLAGS="-O3 -fomit-frame-pointer"` - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -`LDFLAGS=-Wl,-read_only_relocs,warning` - -This gives warnings for some symbols but seems to work. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### To make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -# CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - *** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -# CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -# CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -# CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com diff --git a/configure.ac b/configure.ac index 8cae247aa9..61d350dfa1 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) -AC_INIT([wolfssl],[3.14.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -41,18 +41,18 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=16:0:0 -# | | | -# +------+ | +---+ -# | | | -# current:revision:age -# | | | -# | | +- increment if interfaces have been added -# | | set to zero if interfaces have been removed -# | | or changed -# | +- increment if source code has changed -# | set to zero if current is incremented -# +- increment if interfaces have been added, removed or changed +WOLFSSL_LIBRARY_VERSION=17:0:0 +# | | | +# +------+ | +---+ +# | | | +# current:revision:age +# | | | +# | | +- increment if interfaces have been added +# | | set to zero if interfaces have been removed +# | | or changed +# | +- increment if source code has changed +# | set to zero if current is incremented +# +- increment if interfaces have been added, removed or changed AC_SUBST([WOLFSSL_LIBRARY_VERSION]) # capture user C_EXTRA_FLAGS from ./configure line, CFLAGS may hold -g -O2 even diff --git a/wolfssl/version.h b/wolfssl/version.h index 0af5fb25f4..2382770581 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.14.0" -#define LIBWOLFSSL_VERSION_HEX 0x03014000 +#define LIBWOLFSSL_VERSION_STRING "3.15.0" +#define LIBWOLFSSL_VERSION_HEX 0x03015000 #ifdef __cplusplus } From a4e6cfd3ac0362e644d592e45a88b3178005564f Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:12:34 -0700 Subject: [PATCH 11/63] Added new file NEWS.md to Makefile for dist builds. --- Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index d92dc4462a..c0e5ae35a8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,6 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md +EXTRA_DIST+= NEWS.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP From 8a61b7303a6eebd853f582cb887af747a364ca09 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:14:47 -0700 Subject: [PATCH 12/63] Remove execute bit from a few files. --- certs/ca-ecc-cert.der | Bin certs/ca-ecc-key.der | Bin certs/ca-ecc-key.pem | 0 certs/ca-ecc384-cert.der | Bin certs/ca-ecc384-key.der | Bin certs/ca-ecc384-key.pem | 0 certs/include.am | 0 certs/server-ecc.der | Bin certs/test/server-cert-ecc-badsig.der | Bin src/tls.c | 0 src/tls13.c | 0 wolfcrypt/src/asn.c | 0 wolfcrypt/src/ecc.c | 0 wolfcrypt/src/pwdbased.c | 0 wolfssl/wolfcrypt/types.h | 0 15 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 certs/ca-ecc-cert.der mode change 100755 => 100644 certs/ca-ecc-key.der mode change 100755 => 100644 certs/ca-ecc-key.pem mode change 100755 => 100644 certs/ca-ecc384-cert.der mode change 100755 => 100644 certs/ca-ecc384-key.der mode change 100755 => 100644 certs/ca-ecc384-key.pem mode change 100755 => 100644 certs/include.am mode change 100755 => 100644 certs/server-ecc.der mode change 100755 => 100644 certs/test/server-cert-ecc-badsig.der mode change 100755 => 100644 src/tls.c mode change 100755 => 100644 src/tls13.c mode change 100755 => 100644 wolfcrypt/src/asn.c mode change 100755 => 100644 wolfcrypt/src/ecc.c mode change 100755 => 100644 wolfcrypt/src/pwdbased.c mode change 100755 => 100644 wolfssl/wolfcrypt/types.h diff --git a/certs/ca-ecc-cert.der b/certs/ca-ecc-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.der b/certs/ca-ecc-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc-key.pem b/certs/ca-ecc-key.pem old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-cert.der b/certs/ca-ecc384-cert.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.der b/certs/ca-ecc384-key.der old mode 100755 new mode 100644 diff --git a/certs/ca-ecc384-key.pem b/certs/ca-ecc384-key.pem old mode 100755 new mode 100644 diff --git a/certs/include.am b/certs/include.am old mode 100755 new mode 100644 diff --git a/certs/server-ecc.der b/certs/server-ecc.der old mode 100755 new mode 100644 diff --git a/certs/test/server-cert-ecc-badsig.der b/certs/test/server-cert-ecc-badsig.der old mode 100755 new mode 100644 diff --git a/src/tls.c b/src/tls.c old mode 100755 new mode 100644 diff --git a/src/tls13.c b/src/tls13.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c old mode 100755 new mode 100644 diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c old mode 100755 new mode 100644 diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h old mode 100755 new mode 100644 From dfca1beff057ca1c1b3a38a978673f2db7c67483 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 10:20:18 -0700 Subject: [PATCH 13/63] Touch the version number on the library filename in the rpm spec. --- rpm/spec.in | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rpm/spec.in b/rpm/spec.in index 05fc27b84f..e54f279cd8 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -73,8 +73,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_docdir}/wolfssl/README.txt %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so -%{_libdir}/libwolfssl.so.16 -%{_libdir}/libwolfssl.so.16.0.0 +%{_libdir}/libwolfssl.so.17 +%{_libdir}/libwolfssl.so.17.0.0 %files devel %defattr(-,root,root,-) @@ -287,6 +287,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Thu May 31 2018 John Safranek +- Update the version number on the library SO file. * Fri Mar 02 2018 Jacob Barthelmeh - Added headder files fips.h, buffer.h, objects.h, rc4.h and example tls_bench.c * Fri Sep 08 2017 Jacob Barthelmeh From 0c2199084e4adc085c1054f82020b2904b126aa4 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 31 May 2018 15:04:44 -0600 Subject: [PATCH 14/63] single threaded wolfcrypt only Nucleus port --- IDE/CSBENCH/.cproject | 182 ++++++++++++++++++++++++++++++++++++ IDE/CSBENCH/.project | 33 +++++++ IDE/CSBENCH/include.am | 8 ++ IDE/CSBENCH/user_settings.h | 22 +++++ IDE/include.am | 1 + wolfcrypt/src/random.c | 16 ++++ wolfcrypt/src/wc_port.c | 3 +- wolfssl/wolfcrypt/wc_port.h | 5 +- 8 files changed, 267 insertions(+), 3 deletions(-) create mode 100644 IDE/CSBENCH/.cproject create mode 100644 IDE/CSBENCH/.project create mode 100644 IDE/CSBENCH/include.am create mode 100644 IDE/CSBENCH/user_settings.h diff --git a/IDE/CSBENCH/.cproject b/IDE/CSBENCH/.cproject new file mode 100644 index 0000000000..ee9bc012b2 --- /dev/null +++ b/IDE/CSBENCH/.cproject @@ -0,0 +1,182 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/IDE/CSBENCH/.project b/IDE/CSBENCH/.project new file mode 100644 index 0000000000..f3da8d9558 --- /dev/null +++ b/IDE/CSBENCH/.project @@ -0,0 +1,33 @@ + + + wolfcrypt + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src + 2 + PARENT-2-PROJECT_LOC../wolfcrypt + + + diff --git a/IDE/CSBENCH/include.am b/IDE/CSBENCH/include.am new file mode 100644 index 0000000000..2f9241596c --- /dev/null +++ b/IDE/CSBENCH/include.am @@ -0,0 +1,8 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/CSBENCH/.project +EXTRA_DIST+= IDE/CSBENCH/.cproject +EXTRA_DIST+= IDE/CSBENCH/user_settings.h + diff --git a/IDE/CSBENCH/user_settings.h b/IDE/CSBENCH/user_settings.h new file mode 100644 index 0000000000..428d26df87 --- /dev/null +++ b/IDE/CSBENCH/user_settings.h @@ -0,0 +1,22 @@ +#ifndef WOLFSSL_CSBENCH_H +#define WOLFSSL_CSBENCH_H + +/* wolfSSL settings */ +#define WOLFCRYPT_ONLY +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define SINGLE_THREADED +#define HAVE_AESGCM +#define NO_ASN_TIME + +#define HAVE_ECC +#define ECC_TIMING_RESISTANT +#define WOLFSSL_NUCLEUS + +/* wolfSSH settings */ +#define WOLFSSH_SFTP +//#define DEBUG_WOLFSSH + +#endif diff --git a/IDE/include.am b/IDE/include.am index ebea79b3c0..84f49290ff 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -13,5 +13,6 @@ include IDE/INTIME-RTOS/include.am include IDE/OPENSTM32/include.am include IDE/VS-ARM/include.am include IDE/GCC-ARM/include.am +include IDE/CSBENCH/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 92234de522..4f6e5c9515 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1499,7 +1499,23 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_NUCLEUS) +#include "nucleus.h" +#include "kernel/plus_common.h" +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + int i; + srand(NU_Get_Time_Stamp()); + for (i = 0; i < sz; i++ ) { + output[i] = rand() % 256; + if ((i % 8) == 7) { + srand(NU_Get_Time_Stamp()); + } + } + + return 0; +} #elif defined(WOLFSSL_VXWORKS) #include diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 9b2868be0b..ab1d1e73df 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -220,7 +220,8 @@ int wolfCrypt_Cleanup(void) return ret; } -#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) +#if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + !defined(WOLFSSL_NUCLEUS) /* File Handling Helpers */ /* returns 0 if file found, -1 if no files or negative error */ diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index de4f8d9e5a..7a9aaf0552 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -291,7 +291,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS fgets - #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR) + #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ + && !defined(WOLFSSL_NUCLEUS) #include #include #include @@ -305,7 +306,7 @@ WOLFSSL_API int wolfCrypt_Cleanup(void); #define MAX_PATH 256 #endif -#if !defined(NO_WOLFSSL_DIR) +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_NUCLEUS) typedef struct ReadDirCtx { #ifdef USE_WINDOWS_API WIN32_FIND_DATAA FindFileData; From 1cc6042f01db1e4cc9756abf522c124cf8fb24f7 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 31 May 2018 15:27:37 -0600 Subject: [PATCH 15/63] exlude unneeded files with Nucleus build --- IDE/CSBENCH/.cproject | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/IDE/CSBENCH/.cproject b/IDE/CSBENCH/.cproject index ee9bc012b2..ce3f41cde9 100644 --- a/IDE/CSBENCH/.cproject +++ b/IDE/CSBENCH/.cproject @@ -73,7 +73,7 @@ - + @@ -153,7 +153,7 @@ - + @@ -179,4 +179,5 @@ + From 3ff8c45aa8ba18a9671e99857f5c700e26e0c044 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 1 Jun 2018 09:30:20 +0900 Subject: [PATCH 16/63] FILE to XFILE --- doc/dox_comments/header_files/ssl.h | 2 +- src/ssl.c | 8 ++++---- wolfcrypt/src/logging.c | 2 +- wolfssl/openssl/bn.h | 2 +- wolfssl/ssl.h | 8 ++++---- wolfssl/wolfcrypt/logging.h | 2 +- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 4c143c29c8..ed2d0b4989 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -5599,7 +5599,7 @@ WOLFSSL_API int wolfSSL_X509_version(WOLFSSL_X509*); \sa XFSEEK */ WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); /*! \ingroup CertsKeys diff --git a/src/ssl.c b/src/ssl.c index 052e794b42..142d8484ba 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3366,7 +3366,7 @@ void wolfSSL_EVP_init(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) -void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) +void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) { char data[WOLFSSL_MAX_ERROR_SZ + 1]; @@ -3376,7 +3376,7 @@ void wolfSSL_ERR_print_errors_fp(FILE* fp, int err) } #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -void wolfSSL_ERR_dump_errors_fp(FILE* fp) +void wolfSSL_ERR_dump_errors_fp(XFILE fp) { wc_ERR_print_errors_fp(fp); } @@ -22526,7 +22526,7 @@ char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) /* return code compliant with OpenSSL : * 1 if success, 0 if error */ -int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) +int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) { #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(DEBUG_WOLFSSL) char *buf; @@ -28684,7 +28684,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) - WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **crl, + WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, pem_password_cb *cb, void *u) { #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 0fdab26542..cc7d1545ce 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -711,7 +711,7 @@ int wc_ERR_remove_state(void) #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) /* empties out the error queue into the file */ -void wc_ERR_print_errors_fp(FILE* fp) +void wc_ERR_print_errors_fp(XFILE fp) { WOLFSSL_ENTER("wc_ERR_print_errors_fp"); diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index b1097e8824..d51450e7b1 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -110,7 +110,7 @@ WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); + WOLFSSL_API int wolfSSL_BN_print_fp(XFILE, const WOLFSSL_BIGNUM*); #endif WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 705944ceff..713ca514fa 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1227,9 +1227,9 @@ enum { /* wolfSSL extension, provide last error from SSL_get_error since not using thread storage error queue */ #include -WOLFSSL_API void wolfSSL_ERR_print_errors_fp(FILE*, int err); +WOLFSSL_API void wolfSSL_ERR_print_errors_fp(XFILE, int err); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) -WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); +WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(XFILE fp); #endif #endif @@ -1540,7 +1540,7 @@ WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM WOLFSSL_API WOLFSSL_X509* - wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, FILE* file); + wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file); #endif WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format); @@ -2571,7 +2571,7 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X50 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); #ifndef NO_FILESYSTEM -WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(FILE *fp, WOLFSSL_X509_CRL **x, +WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u); #endif diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index cbff0fa64f..19ea0e5cd3 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -112,7 +112,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void); WOLFSSL_API int wc_SetLoggingHeap(void* h); WOLFSSL_API int wc_ERR_remove_state(void); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - WOLFSSL_API void wc_ERR_print_errors_fp(FILE* fp); + WOLFSSL_API void wc_ERR_print_errors_fp(XFILE fp); #endif #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ From f1588e0ad9b22c202750dffc4bb4354bf8e74d15 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 17:38:47 -0700 Subject: [PATCH 17/63] Fix Cert Includes 1. Added files that were missing from the certs directory include.am files. 2. Fixed the duplicate items in the certs directory's include.am files. 3. Reorganized the certs directory include.am files to be a tree. --- Makefile.am | 4 ---- certs/ed25519/include.am | 25 +++++++++++++++++++++++++ certs/external/include.am | 1 + certs/include.am | 31 ++++++++----------------------- certs/test/include.am | 12 ++++++++++++ 5 files changed, 46 insertions(+), 27 deletions(-) create mode 100644 certs/ed25519/include.am diff --git a/Makefile.am b/Makefile.am index c0e5ae35a8..7488c8069a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -95,10 +95,6 @@ include wrapper/include.am include cyassl/include.am include wolfssl/include.am include certs/include.am -include certs/1024/include.am -include certs/crl/include.am -include certs/external/include.am -include certs/ocsp/include.am include doc/include.am include swig/include.am diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am new file mode 100644 index 0000000000..ce3fb80817 --- /dev/null +++ b/certs/ed25519/include.am @@ -0,0 +1,25 @@ +# vim:ft=automake +# All paths should be given relative to the root +# + +EXTRA_DIST += \ + certs/ed25519/ca-ed25519.der \ + certs/ed25519/ca-ed25519.pem \ + certs/ed25519/ca-ed25519-key.der \ + certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/client-ed25519.der \ + certs/ed25519/client-ed25519.pem \ + certs/ed25519/client-ed25519-key.der \ + certs/ed25519/client-ed25519-key.pem \ + certs/ed25519/client-ed25519-priv.der \ + certs/ed25519/client-ed25519-priv.pem \ + certs/ed25519/root-ed25519.der \ + certs/ed25519/root-ed25519.pem \ + certs/ed25519/root-ed25519-key.der \ + certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/server-ed25519.der \ + certs/ed25519/server-ed25519.pem \ + certs/ed25519/server-ed25519-key.der \ + certs/ed25519/server-ed25519-key.pem \ + certs/ed25519/server-ed25519-priv.der \ + certs/ed25519/server-ed25519-priv.pem diff --git a/certs/external/include.am b/certs/external/include.am index 4f242068bb..05bf839682 100644 --- a/certs/external/include.am +++ b/certs/external/include.am @@ -4,4 +4,5 @@ EXTRA_DIST += \ certs/external/ca-globalsign-root-r3.pem \ + certs/external/ca-digicert-ev.pem \ certs/external/baltimore-cybertrust-root.pem diff --git a/certs/include.am b/certs/include.am index 7a227aa95b..4964f59de9 100644 --- a/certs/include.am +++ b/certs/include.am @@ -8,6 +8,8 @@ EXTRA_DIST += \ certs/client-cert.pem \ certs/client-keyEnc.pem \ certs/client-key.pem \ + certs/client-uri-cert.pem \ + certs/client-relative-uri.pem \ certs/ecc-key.pem \ certs/ecc-privkey.pem \ certs/ecc-keyPkcs8Enc.pem \ @@ -63,27 +65,6 @@ EXTRA_DIST += \ certs/server-ecc-self.der \ certs/server-ecc-rsa.der \ certs/server-cert-chain.der -EXTRA_DIST += \ - certs/ed25519/ca-ed25519.der \ - certs/ed25519/ca-ed25519-key.der \ - certs/ed25519/ca-ed25519-key.pem \ - certs/ed25519/ca-ed25519.pem \ - certs/ed25519/client-ed25519.der \ - certs/ed25519/client-ed25519-key.der \ - certs/ed25519/client-ed25519-key.pem \ - certs/ed25519/client-ed25519.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/client-ed25519-priv.pem \ - certs/ed25519/root-ed25519.der \ - certs/ed25519/root-ed25519-key.der \ - certs/ed25519/root-ed25519-key.pem \ - certs/ed25519/root-ed25519.pem \ - certs/ed25519/server-ed25519.der \ - certs/ed25519/server-ed25519-key.der \ - certs/ed25519/server-ed25519-key.pem \ - certs/ed25519/server-ed25519.pem \ - certs/ed25519/server-ed25519-priv.der \ - certs/ed25519/server-ed25519-priv.pem # ECC CA prime256v1 EXTRA_DIST += \ @@ -103,7 +84,11 @@ dist_doc_DATA+= certs/taoCert.txt EXTRA_DIST+= certs/ntru-key.raw +include certs/1024/include.am +include certs/crl/include.am +include certs/ecc/include.am +include certs/ed25519/include.am +include certs/external/include.am +include certs/ocsp/include.am include certs/test/include.am include certs/test-pathlen/include.am -include certs/test/include.am -include certs/ecc/include.am diff --git a/certs/test/include.am b/certs/test/include.am index f62e970842..0e8eec2258 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -30,3 +30,15 @@ EXTRA_DIST += \ certs/test/server-nomatch.key \ certs/test/server-nomatch.pem \ certs/test/server-nomatch.der + +EXTRA_DIST += \ + certs/test/crit-cert.pem \ + certs/test/crit-key.pem \ + certs/test/dh1024.der \ + certs/test/dh1024.pem \ + certs/test/dh512.der \ + certs/test/dh512.pem \ + certs/test/digsigku.pem \ + certs/test/expired-ca.pem \ + certs/test/expired-cert.pem \ + certs/test/expired-key.pem From fcd22348416141f3769a227c9101172236d0e370 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 1 Jun 2018 10:41:45 +1000 Subject: [PATCH 18/63] Fix for downgrading from TLS 1.3 due to old cipher suite TLS 1.3 specification doesn't allow downgrading based on cipher suite. --- scripts/tls13.test | 32 ++++++++++++++++++++ src/internal.c | 74 +++++++++++++++++++++++----------------------- src/tls.c | 30 +++++++++++-------- src/tls13.c | 22 -------------- 4 files changed, 86 insertions(+), 72 deletions(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 8154d7fdd9..2a81a992a5 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -137,6 +137,38 @@ if [ $? -ne 0 ]; then exit 1 fi echo "" + + echo "Find usable TLS 1.2 cipher suite" + for CS in ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 + do + echo $CS + ./examples/client/client -e | grep $CS >/dev/null + if [ "$?" = "0" ]; then + TLS12_CS=$CS + break + fi + done + if [ "$TLS12_CS" != "" ]; then + # TLS 1.3 downgrade server and client - no common TLS 1.3 ciphers + echo -e "\n\nTLS v1.3 downgrade server and client - no common TLS 1.3 ciphers" + port=0 + SERVER_CS="TLS13-AES256-GCM-SHA384:$TLS12_CS" + CLIENT_CS="TLS13-AES128-GCM-SHA256:$TLS12_CS" + ./examples/server/server -v d -l $SERVER_CS -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -v d -l $CLIENT_CS -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nTLS v1.3 downgrading to TLS v1.2 due to ciphers" + do_cleanup + exit 1 + fi + echo "" + else + echo "No usable TLS 1.2 cipher suite found" + fi fi echo -e "\nALL Tests Passed" diff --git a/src/internal.c b/src/internal.c index d47316f255..b87fd4f019 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16868,36 +16868,6 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); i += RAN_LEN; - if (!ssl->options.resuming) { -#ifdef WOLFSSL_TLS13 - if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { - /* TLS v1.3 capable client not allowed to downgrade when - * connecting to TLS v1.3 capable server unless cipher suite - * demands it. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - (*(input + i - 1) == 0 || *(input + i - 1) == 1)) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - else -#endif - if (ssl->ctx->method->version.major == SSLv3_MAJOR && - ssl->ctx->method->version.minor == TLSv1_2_MINOR) { - /* TLS v1.2 capable client not allowed to downgrade when - * connecting to TLS v1.2 capable server. - */ - if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1), - tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && - *(input + i - 1) == 0) { - SendAlert(ssl, alert_fatal, illegal_parameter); - return VERSION_ERROR; - } - } - } - /* session id */ ssl->arrays->sessionIDSz = input[i++]; @@ -17066,7 +17036,37 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, { int ret; - if (ssl->options.resuming) { + if (!ssl->options.resuming) { + byte* down = ssl->arrays->serverRandom + RAN_LEN - + TLS13_DOWNGRADE_SZ - 1; + byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; + #ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { + /* TLS v1.3 capable client not allowed to downgrade when + * connecting to TLS v1.3 capable server unless cipher suite + * demands it. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + (vers == 0 || vers == 1)) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + else + #endif + if (ssl->ctx->method->version.major == SSLv3_MAJOR && + ssl->ctx->method->version.minor == TLSv1_2_MINOR) { + /* TLS v1.2 capable client not allowed to downgrade when + * connecting to TLS v1.2 capable server. + */ + if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && + vers == 0) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return VERSION_ERROR; + } + } + } + else { if (DSH_CheckSessionId(ssl)) { if (SetCipherSpecs(ssl) == 0) { @@ -17097,11 +17097,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, ssl->options.resuming = 0; /* server denied resumption try */ } } - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - DtlsMsgPoolReset(ssl); - } - #endif + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + DtlsMsgPoolReset(ssl); + } + #endif return SetCipherSpecs(ssl); } @@ -23461,7 +23461,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->output, args->sigSz, HashAlgoToType(args->hashAlgo)); if (ret != 0) - return ret; + goto exit_dcv; } else #endif diff --git a/src/tls.c b/src/tls.c index df8ac64f52..cc3d3b4ef2 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4810,34 +4810,38 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, continue; /* No upgrade allowed. */ - if (ssl->version.minor > minor) + if (minor > ssl->version.minor) continue; /* Check downgrade. */ - if (ssl->version.minor < minor) { + if (minor < ssl->version.minor) { if (!ssl->options.downgrade) continue; if (minor < ssl->options.minDowngrade) continue; - /* Downgrade the version. */ - ssl->version.minor = minor; + if (newMinor == 0 && minor > ssl->options.oldMinor) { + /* Downgrade the version. */ + ssl->version.minor = minor; + } } if (minor >= TLSv1_3_MINOR) { - ssl->options.tls1_3 = 1; - TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, - ssl->heap); + if (!ssl->options.tls1_3) { + ssl->options.tls1_3 = 1; + TLSX_Push(&ssl->extensions, TLSX_SUPPORTED_VERSIONS, ssl, + ssl->heap); #ifndef WOLFSSL_TLS13_DRAFT_18 - TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); + TLSX_SetResponse(ssl, TLSX_SUPPORTED_VERSIONS); #endif - newMinor = minor; + } + if (minor > newMinor) { + ssl->version.minor = minor; + newMinor = minor; + } } - else if (ssl->options.oldMinor < minor) + else if (minor > ssl->options.oldMinor) ssl->options.oldMinor = minor; - - if (newMinor != 0 && ssl->options.oldMinor != 0) - break; } } #ifndef WOLFSSL_TLS13_DRAFT_18 diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1c..db073bdd72 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3972,31 +3972,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* Check that the negotiated ciphersuite matches protocol version. */ if (IsAtLeastTLSv1_3(ssl->version)) { if (ssl->options.cipherSuite0 != TLS13_BYTE) { -#ifndef WOLFSSL_NO_TLS12 - TLSX* ext; - - if (!ssl->options.downgrade) { - WOLFSSL_MSG("Negotiated ciphersuite from lesser version " - "than TLS v1.3"); - return VERSION_ERROR; - } - - WOLFSSL_MSG("Downgrading protocol due to cipher suite"); - - if (pv.minor < ssl->options.minDowngrade) - return VERSION_ERROR; - ssl->version.minor = ssl->options.oldMinor; - - /* Downgrade from TLS v1.3 */ - ssl->options.tls1_3 = 0; - ext = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_VERSIONS); - if (ext != NULL) - ext->resp = 0; -#else WOLFSSL_MSG("Negotiated ciphersuite from lesser version than " "TLS v1.3"); return VERSION_ERROR; -#endif } } /* VerifyServerSuite handles when version is less than 1.3 */ From 5eca844e01fed3ee0cc5778bf11549543c718ce2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 4 Jun 2018 11:05:14 -0700 Subject: [PATCH 19/63] Fix for possible leak with normal math and verify fail for R and S in ECC verify. --- wolfcrypt/src/ecc.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7ecaaeff6e..ee271da8f4 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4353,6 +4353,13 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, key->state = ECC_STATE_VERIFY_DO; err = wc_ecc_verify_hash_ex(r, s, hash, hashlen, res, key); + + #ifndef WOLFSSL_ASYNC_CRYPT + /* done with R/S */ + mp_clear(r); + mp_clear(s); + #endif + if (err < 0) { break; } @@ -4361,10 +4368,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, case ECC_STATE_VERIFY_RES: key->state = ECC_STATE_VERIFY_RES; err = 0; - - /* done with R/S */ - mp_clear(r); - mp_clear(s); break; default: From 4ac34b74bdc4f04478101d4317954a868c60defd Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 1 Jun 2018 09:24:28 +1000 Subject: [PATCH 20/63] Fix test to work with configurations not including AES-GCM --- scripts/psk.test | 15 +++++++++++++++ tests/suites.c | 20 +++++++++++--------- tests/test-psk.conf | 10 +--------- 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/scripts/psk.test b/scripts/psk.test index d8a0c3d070..0d21443f24 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -103,6 +103,21 @@ if [ $? -ne 0 ]; then fi echo "" + # psk server with non psk client + port=0 + ./examples/server/server -j -R $ready_file -p $port & + server_pid=$! + create_port + ./examples/client/client -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -ne 0 ]; then + echo -e "\n\nClient connection failed" + do_cleanup + exit 1 + fi + echo "" + # check fail if no auth, psk server with non psk client echo "Checking fail when not sending peer cert" port=0 diff --git a/tests/suites.c b/tests/suites.c index bf25430e87..16bf850ce3 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -703,15 +703,17 @@ int SuiteTest(void) #endif #ifndef NO_PSK #ifndef WOLFSSL_NO_TLS12 - /* add psk cipher suites */ - strcpy(argv0[1], "tests/test-psk.conf"); - printf("starting psk cipher suite tests\n"); - test_harness(&args); - if (args.return_code != 0) { - printf("error from script %d\n", args.return_code); - args.return_code = EXIT_FAILURE; - goto exit; - } + #if !defined(NO_RSA) || defined(HAVE_ECC) + /* add psk cipher suites */ + strcpy(argv0[1], "tests/test-psk.conf"); + printf("starting psk cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #ifdef WOLFSSL_TLS13 /* add psk extra suites */ diff --git a/tests/test-psk.conf b/tests/test-psk.conf index 4086b3e93d..f4f11b2988 100644 --- a/tests/test-psk.conf +++ b/tests/test-psk.conf @@ -1,15 +1,7 @@ -# server - standard PSK +# server - PSK plus certificates -j -l PSK-CHACHA20-POLY1305 # client- standard PSK -s -l PSK-CHACHA20-POLY1305 - -# server --j --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - -# client --l ECDHE-RSA-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305 - From b63d3173a1fa2792efda89d0e6706900250131ea Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 5 Jun 2018 12:42:43 -0700 Subject: [PATCH 21/63] update change log (#1597) --- NEWS | 19 +++++++++++-------- NEWS.md | 19 ++++++++++--------- README | 19 +++++++++++-------- README.md | 19 ++++++++++--------- 4 files changed, 42 insertions(+), 34 deletions(-) diff --git a/NEWS b/NEWS index 2cf67a6ac7..da18c8c2a5 100644 --- a/NEWS +++ b/NEWS @@ -1,24 +1,26 @@ -wolfSSL Release 3.15.0 (05/01/2018) +wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - Support for TLS 1.3 Draft versions 23, 26 and 28. -- Improved downgrade support for TLS 1.3. -- Improved TLS 1.3 support from interoperability testing. -- Single Precision assembly code added for ARM and 64-bit ARM. +- Add FIPS SGX support! +- Single Precision assembly code added for ARM and 64-bit ARM to enhance + performance. - Improved performance for Single Precision maths on 32-bit. -- Allow TLS 1.2 to be compiled out. -- Ed25519 support in TLS 1.2 and 1.3. +- Improved downgrade support for the TLS 1.3 handshake. +- Improved TLS 1.3 support from interoperability testing. +- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance + security. +- Added option to support Ed25519 in TLS 1.2 and 1.3. - Update wolfSSL_HMAC_Final() so the length parameter is optional. - Various fixes for Coverity static analysis reports. - Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). - Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer. +- Expanded OpenSSL compatibility layer with a bevy of new functions. - Added Renesas CS+ project files. - Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. - Add build option for CAVP self test build (--enable-selftest). - Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Add FIPS SGX support. - Example certificate expiration dates and generation script updated. - Additional optimizations to trim out unused strings depending on build options. @@ -127,6 +129,7 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: optimization flags so user may supply their own custom flags. - Correctly touch the dummy fips.h header. +If you have questions on any of this, email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/NEWS.md b/NEWS.md index d3f0a8f3da..776f5ea3b3 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,26 +1,26 @@ -# wolfSSL Release 3.15.0 (05/01/2018) +# wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Support for TLS 1.3 Draft versions 23, 26 and 28. -* Improved downgrade support for TLS 1.3. -* Improved TLS 1.3 support from interoperability testing. -* Single Precision assembly code added for ARM and 64-bit ARM. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. * Improved performance for Single Precision maths on 32-bit. -* Allow TLS 1.2 to be compiled out. -* Ed25519 support in TLS 1.2 and 1.3. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. * Update wolfSSL_HMAC_Final() so the length parameter is optional. * Various fixes for Coverity static analysis reports. * Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). * Switch LowResTimer() to call XTIME instead of time(0) for better portability. -* Expanded OpenSSL compatibility layer. +* Expanded OpenSSL compatibility layer with a bevy of new functions. * Added Renesas CS+ project files. * Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. * Add build option for CAVP self test build (--enable-selftest). * Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -* Add FIPS SGX support. * Example certificate expiration dates and generation script updated. -* Additional optimizations to trim out unused strings depending on build options. +* Additional optimizations to trim out unused strings depending on build options. * Fix for DN tag strings to have “=” when returning the string value to users. * Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. * Fix for AES-CBC IV value with PIC32 hardware acceleration. @@ -85,6 +85,7 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. * Correctly touch the dummy fips.h header. +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/README b/README index 296cffb375..a260e9c1af 100644 --- a/README +++ b/README @@ -82,27 +82,29 @@ should be used for the enum name. *** end Notes *** -** wolfSSL Release 3.15.0 (05/01/2018) +** wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - Support for TLS 1.3 Draft versions 23, 26 and 28. -- Improved downgrade support for TLS 1.3. -- Improved TLS 1.3 support from interoperability testing. -- Single Precision assembly code added for ARM and 64-bit ARM. +- Add FIPS SGX support! +- Single Precision assembly code added for ARM and 64-bit ARM to enhance + performance. - Improved performance for Single Precision maths on 32-bit. -- Allow TLS 1.2 to be compiled out. -- Ed25519 support in TLS 1.2 and 1.3. +- Improved downgrade support for the TLS 1.3 handshake. +- Improved TLS 1.3 support from interoperability testing. +- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance + security. +- Added option to support Ed25519 in TLS 1.2 and 1.3. - Update wolfSSL_HMAC_Final() so the length parameter is optional. - Various fixes for Coverity static analysis reports. - Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). - Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer. +- Expanded OpenSSL compatibility layer with a bevy of new functions. - Added Renesas CS+ project files. - Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. - Add build option for CAVP self test build (--enable-selftest). - Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Add FIPS SGX support. - Example certificate expiration dates and generation script updated. - Additional optimizations to trim out unused strings depending on build options. @@ -211,5 +213,6 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: optimization flags so user may supply their own custom flags. - Correctly touch the dummy fips.h header. +If you have questions on any of this, email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html diff --git a/README.md b/README.md index 4ac7655bff..c51ce7c512 100644 --- a/README.md +++ b/README.md @@ -75,29 +75,29 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name. ``` -# wolfSSL Release 3.15.0 (05/01/2018) +# wolfSSL Release 3.15.0 (05/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Support for TLS 1.3 Draft versions 23, 26 and 28. -* Improved downgrade support for TLS 1.3. -* Improved TLS 1.3 support from interoperability testing. -* Single Precision assembly code added for ARM and 64-bit ARM. +* Add FIPS SGX support! +* Single Precision assembly code added for ARM and 64-bit ARM to enhance performance. * Improved performance for Single Precision maths on 32-bit. -* Allow TLS 1.2 to be compiled out. -* Ed25519 support in TLS 1.2 and 1.3. +* Improved downgrade support for the TLS 1.3 handshake. +* Improved TLS 1.3 support from interoperability testing. +* Added option to allow TLS 1.2 to be compiled out to reduce size and enhance security. +* Added option to support Ed25519 in TLS 1.2 and 1.3. * Update wolfSSL_HMAC_Final() so the length parameter is optional. * Various fixes for Coverity static analysis reports. * Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). * Switch LowResTimer() to call XTIME instead of time(0) for better portability. -* Expanded OpenSSL compatibility layer. +* Expanded OpenSSL compatibility layer with a bevy of new functions. * Added Renesas CS+ project files. * Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. * Add build option for CAVP self test build (--enable-selftest). * Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -* Add FIPS SGX support. * Example certificate expiration dates and generation script updated. -* Additional optimizations to trim out unused strings depending on build options. +* Additional optimizations to trim out unused strings depending on build options. * Fix for DN tag strings to have “=” when returning the string value to users. * Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are in the queue. * Fix for AES-CBC IV value with PIC32 hardware acceleration. @@ -162,5 +162,6 @@ Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: * Add a disable option (--disable-optflags) to turn off the default optimization flags so user may supply their own custom flags. * Correctly touch the dummy fips.h header. +If you have questions on any of this, then email us at info@wolfssl.com. See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html From ab319ae5998d3d09f85d847c51f4bdfa322aba62 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 5 Jun 2018 14:32:17 -0700 Subject: [PATCH 22/63] Fixed a couple of places in PKCS7 error cases where key free (`wc_FreeRsaKey` or `wc_ecc_free`) might not be called. --- wolfcrypt/src/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 4f7e6bf0c6..5e7af23dae 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1329,6 +1329,7 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_RsaPublicKeyDecode(pkcs7->publicKey, &scratch, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN RSA key decode error"); + wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1404,6 +1405,7 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, if (wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, key, pkcs7->publicKeySz) < 0) { WOLFSSL_MSG("ASN ECDSA key decode error"); + wc_ecc_free(key); #ifdef WOLFSSL_SMALL_STACK XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3755,6 +3757,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } if (ret != 0) { WOLFSSL_MSG("Failed to decode RSA private key"); + wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); From 0c966d7700bba0a5c859053f71180a1e5b8ce1ff Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 31 May 2018 15:34:13 -0700 Subject: [PATCH 23/63] Update ChangeLog and NEWS While the GNU coding standard states that the NEWS file should be a list of the high level changes and the ChangeLog should be every change in detail, our public source repository contains the detailed log of all changes and the name "ChangeLog" makes more sense to me than "NEWS". Instead of keeping two copies of the README, one in plain text and one in MarkDown, only keeping the MarkDown copy. It displays better in the source repository, it is still plain text, and we aren't keeping two separate copies of the files. --- ChangeLog | 1 - NEWS.md => ChangeLog.md | 0 NEWS | 1920 --------------------------------------- README | 218 ----- 4 files changed, 2139 deletions(-) delete mode 100644 ChangeLog rename NEWS.md => ChangeLog.md (100%) delete mode 100644 NEWS delete mode 100644 README diff --git a/ChangeLog b/ChangeLog deleted file mode 100644 index 87ed824016..0000000000 --- a/ChangeLog +++ /dev/null @@ -1 +0,0 @@ -Please see the file 'README' in this directory. diff --git a/NEWS.md b/ChangeLog.md similarity index 100% rename from NEWS.md rename to ChangeLog.md diff --git a/NEWS b/NEWS deleted file mode 100644 index da18c8c2a5..0000000000 --- a/NEWS +++ /dev/null @@ -1,1920 +0,0 @@ -wolfSSL Release 3.15.0 (05/05/2018) - -Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- Support for TLS 1.3 Draft versions 23, 26 and 28. -- Add FIPS SGX support! -- Single Precision assembly code added for ARM and 64-bit ARM to enhance - performance. -- Improved performance for Single Precision maths on 32-bit. -- Improved downgrade support for the TLS 1.3 handshake. -- Improved TLS 1.3 support from interoperability testing. -- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance - security. -- Added option to support Ed25519 in TLS 1.2 and 1.3. -- Update wolfSSL_HMAC_Final() so the length parameter is optional. -- Various fixes for Coverity static analysis reports. -- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). -- Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer with a bevy of new functions. -- Added Renesas CS+ project files. -- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. -- Add build option for CAVP self test build (--enable-selftest). -- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Example certificate expiration dates and generation script updated. -- Additional optimizations to trim out unused strings depending on build - options. -- Fix for DN tag strings to have “=” when returning the string value to users. -- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are - in the queue. -- Fix for AES-CBC IV value with PIC32 hardware acceleration. -- Fix for wolfSSL_X509_print with ECC certificates. -- Fix for strict checking on URI absolute vs relative path. -- Added crypto device framework to handle PK RSA/ECC operations using - callbacks, which adds new build option `./configure --enable-cryptodev` or - `WOLF_CRYPTO_DEV`. -- Added devId support to ECC and PKCS7 for hardware based private key. -- Fixes in PKCS7 for handling possible memory leak in some error cases. -- Added test for invalid cert common name when set with - `wolfSSL_check_domain_name`. -- Refactor of the cipher suite names to use single array, which contains - internal name, IANA name and cipher suite bytes. -- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA - cipher suite name using bytes. -- Fixes for fsanitize reports. -- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check - returned size. -- Fixes and improvements for FreeRTOS AWS. -- Fixes for building openssl compatibility with FreeRTOS. -- Fix and new test for handling match on domain name that may have a null - terminator inside. -- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use - single macro `CloseSocket`. -- Refactor of the TLSX code to support returning error codes. -- Added new signature wrapper functions `wc_SignatureVerifyHash` and - `wc_SignatureGenerateHash` to allow direct use of hash. -- Improvement to GCC-ARM IDE example. -- Enhancements and cleanups for the ASN date/time code including new API's - `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. -- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` - to force C99. -- Added a new `--enable-opensslall` option to enable all openssl compatibility - features. -- Added new `--enable-webclient` option for enabling a few HTTP API's. -- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. -- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` - to asn.c and renamed to `wc_`. Added backwards compatibility macro for old - function names. -- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. -- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for - encrypted PEM private keys using password callback without having to use - opensslextra. -- Added ForceZero on the password buffer after done using it. -- Refactor unique hash types to use same internal values - (ex WC_MD5 == WC_HASH_TYPE_MD5). -- Refactor the Sha3 types to use `wc_` naming, while retaining old names for - compatibility. -- Improvements to `wc_PBKDF1` to support more hash types and the non-standard - extra data option. -- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. -- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. -- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. -- Fix for `HAVE_EXT_CACHE` callbacks not being available without - `OPENSSL_EXTRA` defined. -- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to - macro order. -- Added support for building and using PKCS7 without RSA (assuming ECC is - enabled). -- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC - (SHA-224 and SHA3). -- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) -- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration - option to enable Base16 API's. -- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` - defined. -- Refactor IO callback function names to use `_CTX_` to eliminate confusion - about the first parameter. -- Added support for not loading a private key for server or client when - `HAVE_PK_CALLBACK` is defined and the private PK callback is set. -- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for - a key size. -- Cleanup ECC point import/export code and added new API - `wc_ecc_import_unsigned`. -- Fixes for handling OCSP with non-blocking. -- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new - callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and - `wolfSSL_CTX_SetRsaPssVerifySignCb`. -- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and - encodes them into ECDSA signature format. -- Added support for `WOLFSSL_STM32F1`. -- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. -- Add copyright notice to autoconf files. (Thanks Brian Aker!) -- Updated the M4 files for autotools. (Thanks Brian Aker!) -- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with - test cases. (Thanks Thivya Ashok!) -- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, - section 2. (Thanks Thivya Ashok!) -- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be - agnostic to network socket behavior for TLS. (DTLS is another matter.) - The functions `wolfSSL_set_using_nonblock()` and - `wolfSSL_get_using_nonblock()` are deprecated. -- Hush the AR warning when building the static library with autotools. -- Hush the “-pthread” warning when building in some environments. -- Added a dist-hook target to the Makefile to reset the default options.h file. -- Removed the need for the darwin-clang.m4 file with the updates provided by - Brian A. -- Renamed the AES assembly file so GCC on the Mac will build it using the - preprocessor. -- Add a disable option (--disable-optflags) to turn off the default - optimization flags so user may supply their own custom flags. -- Correctly touch the dummy fips.h header. - -If you have questions on any of this, email us at info@wolfssl.com. -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL Release 3.14.0 (3/02/2018) - -Release 3.14.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- TLS 1.3 draft 22 and 23 support added -- Additional unit tests for; SHA3, AES-CMAC, Ed25519, ECC, RSA-PSS, AES-GCM -- Many additions to the OpenSSL compatibility layer were made in this release. Some of these being enhancements to PKCS12, WOLFSSL_X509 use, WOLFSSL_EVP_PKEY, and WOLFSSL_BIO operations -- AVX1 and AVX2 performance improvements with ChaCha20 and Poly1305 -- Added i.MX CAAM driver support with Integrity OS support -- Improvements to logging with debugging, including exposing more API calls and adding options to reduce debugging code size -- Fix for signature type detection with PKCS7 RSA SignedData -- Public key call back functions added for DH Agree -- RSA-PSS API added for operating on non inline buffers (separate input and output buffers) -- API added for importing and exporting raw DSA parameters -- Updated DSA key generation to be FIPS 186-4 compliant -- Fix for wolfSSL_check_private_key when comparing ECC keys -- Support for AES Cipher Feedback(CFB) mode added -- Updated RSA key generation to be FIPS 186-4 compliant -- Update added for the ARM CMSIS software pack -- WOLFSSL_IGNORE_FILE_WARN macro added for avoiding build warnings when not working with autotools -- Performance improvements for AES-GCM with AVX1 and AVX2 -- Fix for possible memory leak on error case with wc_RsaKeyToDer function -- Make wc_PKCS7_PadData function available -- Updates made to building SGX on Linux -- STM32 hashing algorithm improvements including clock/power optimizations and auto detection of if SHA2 is supported -- Update static memory feature for FREERTOS use -- Reverse the order that certificates are compared during PKCS12 parse to account for case where multiple certificates have the same matching private key -- Update NGINX port to version 1.13.8 -- Support for HMAC-SHA3 added -- Added stricter ASN checks to enforce RFC 5280 rules. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University. -- Option to have ecc_mul2add function public facing -- Getter function wc_PKCS7_GetAttributeValue added for PKCS7 attributes -- Macros NO_AES_128, NO_AES_192, NO_AES_256 added for AES key size selection at compile time -- Support for writing multiple organizations units (OU) and domain components (DC) with CSR and certificate creation -- Support for indefinite length BER encodings in PKCS7 -- Added API for additional validation of prime q in a public DH key -- Added support for RSA encrypt and decrypt without padding - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) - -wolfSSL 3.13.0 includes bug fixes and new features, including support for -TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, -updated examples and project files, and one vulnerability fix. The full list -of changes and additions in this release include: - -- Fixes for TLS 1.3, support for Draft 21 -- TLS 1.0 disabled by default, addition of “--enable-tlsv10” configure option -- New option to reduce SHA-256 code size at expense of performance - (USE_SLOW_SHA256) -- New option for memory reduced build (--enable-lowresource) -- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 -- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM -- SHA-3 size and performance optimizations -- Fixes for Intel AVX2 builds on Mac/OSX -- Intel assembly for Curve25519, and Ed25519 performance optimizations -- New option to force 32-bit mode with “--enable-32bit” -- New option to disable all inline assembly with “--disable-asm” -- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO -- Fixes for handling of unsupported TLS extensions. -- Fixes for compiling AES-GCM code with GCC 4.8.* -- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ -- Fixes for building without a filesystem -- Removes 3DES and SHA1 dependencies from PKCS#7 -- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) -- Add ability to get client-side SNI -- Expanded OpenSSL compatibility layer -- Fix for logging file names with OpenSSL compatibility layer enabled, with - WOLFSSL_MAX_ERROR_SZ user-overridable -- Adds static memory support to the wolfSSL example client -- Fixes for sniffer to use TLS 1.2 client method -- Adds option to wolfCrypt benchmark to benchmark individual algorithms -- Adds option to wolfCrypt benchmark to display benchmarks in powers - of 10 (-base10) -- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) -- Updated Texas Instruments TI-RTOS build -- Updated STM32 CubeMX build with fixes for SHA -- Updated IAR EWARM project files -- Updated Apple Xcode projects with the addition of a benchmark example project - -This release of wolfSSL fixes 1 security vulnerability. - -wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. -The paper notes that wolfSSL only gives a weak oracle without a practical -attack but this is still a flaw. This release contains a fix for this report. -Please note that wolfSSL has static RSA cipher suites disabled by default as -of version 3.6.6 because of the lack of perfect forward secrecy. Only users -who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA -and use those suites on a host are affected. More information will be -available on our website at: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) - -Release 3.12.2 of wolfSSL has bug fixes and new features including: - -This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes. - -- Added TLS extension for Supported Point Formats (ec_point_formats) -- Fix to not send OCSP stapling extensions in client_hello when not enabled -- Added new API's for disabling OCSP stapling -- Add check for SIZEOF_LONG with sun and LP64 -- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519). -- Fix to disallow upgrading to TLS v1.3 -- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size. -- Add HMAC benchmark and expanded AES key size benchmarks -- Added simple GCC ARM Makefile example -- Add tests for 3072-bit RSA and DH. -- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 -- Fixes to allow custom serial number during certificate generation -- Add method to get WOLFSSL_CTX certificate manager -- Improvement to `wolfSSL_SetOCSP_Cb` to allow context per WOLFSSL object -- Alternate certificate chain support `WOLFSSL_ALT_CERT_CHAINS`. Enables checking cert against multiple CA's. -- Added new `--disable-oldnames` option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). -- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow openssl coexistence. -- Fixes for HAVE_INTEL_MULX -- Cleanup include paths for MySQL cmake build -- Added configure option for building library for wolfSSH (--enable-wolfssh) -- Openssl compatibility layer improvements -- Expanded API unit tests -- Fixes for STM32 crypto hardware acceleration -- Added AES XTS mode (--enable-xts) -- Added ASN Extended Key Usage Support (see wc_SetExtKeyUsage). -- Math updates and added TFM_MIPS speedup. -- Fix for creation of the KeyUsage BitString -- Fix for 8k keys with MySQL compatibility -- Fixes for ATECC508A. -- Fixes for PIC32MZ hashing. -- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V. -- Update HASH_DRBG Reseed mechanism and add test case -- Rename the file io.h/io.c to wolfio.h/wolfio.c -- Cleanup the wolfIO_Send function. -- OpenSSL Compatibility Additions and Fixes -- Improvements to Visual Studio DLL project/solution. -- Added function to generate public ECC key from private key -- Added async blocking support for sniffer tool. -- Added wolfCrypt hash tests for empty string and large data. -- Added ability to use of wolf implementation of `strtok` using `USE_WOLF_STRTOK`. -- Updated Micrium uC/OS-III Port -- Updated root certs for OCSP scripts -- New Single Precision math option for RSA, DH and ECC (off by default). See `--enable-sp`. -- Speedups for AES GCM with AESNI (--enable-aesni) -- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2 - - -********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017) - -Release 3.12.0 of wolfSSL has bug fixes and new features including: - -- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13) -- TLS 1.3 0RTT feature added -- Added port for using Intel SGX with Linux -- Update and fix PIC32MZ port -- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128 -- AVX and AVX2 assembly for improved ChaCha20 performance -- Intel QAT fixes for when using --disable-fastmath -- Update how DTLS handles decryption and MAC failures -- Update DTLS session export version number for --enable-sessionexport feature -- Add additional input argument sanity checks to ARMv8 assembly port -- Fix for making PKCS12 dynamic types match -- Fixes for potential memory leaks when using --enable-fast-rsa -- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test -- Update TI-RTOS port for dependency on new wolfSSL source files -- DTLS multicast feature added, --enable-mcast -- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist -- Improvements and enhancements to Intel QuickAssist support -- Added Xilinx port -- Added SHA3 Keccak feature, --enable-sha3 -- Expand wolfSSL Python wrapper to now include a client side implementation -- Adjust example servers to not treat a peer closed error as a hard error -- Added more sanity checks to fp_read_unsigned_bin function -- Add SHA224 and AES key wrap to ARMv8 port -- Update MQX classics and mmCAU ports -- Fix for potential buffer over read with wolfSSL_CertPemToDer -- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber -- Fix ThreadX/NetX warning -- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP -- Added RSA PSS sign and verify -- Fix for STM32F4 AES-GCM -- Added enable all feature (--enable-all) -- Added trackmemory feature (--enable-trackmemory) -- Fixes for AES key wrap and PKCS7 on Windows VS -- Added benchmark block size argument -- Support use of staticmemory with PKCS7 -- Fix for Blake2b build with GCC 5.4 -- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings. -- Added warning when compiling without hardened math operations - - -Note: -There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm. -If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address. - -This release of wolfSSL fixes 1 low level security vulnerability. - -Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017) - -Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes: - -- TLS 1.3 client and server support for TLS 1.3 with Draft 18 support - -This is strictly a BETA release, and designed for testing and user feedback. -Please send any comments, testing results, or feedback to wolfSSL at -support@wolfssl.com. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017) - -Release 3.11.0 of wolfSSL has bug fixes and new features including: - -- Code updates for warnings reported by Coverity scans -- Testing and warning fixes for FreeBSD on PowerPC -- Updates and refactoring done to ASN1 parsing functions -- Change max PSK identity buffer to account for an identity length of 128 characters -- Update Arduino script to handle recent files and additions -- Added support for PKCS#7 Signed Data with ECDSA -- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions -- DTLS update to allow multiple handshake messages in one DTLS record. Thanks to Eric Samsel over at Welch Allyn for reporting this bug. -- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html) -- Added support for HAproxy load balancer -- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1) -- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types -- Fix to not send session ID on server side if session cache is off unless we're echoing -session ID as part of session tickets -- Fixes for ensuring all default ciphers are setup correctly (see PR #830) -- Added NXP Hexiwear example in `IDE/HEXIWEAR`. -- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access -- Fixes for TLS elliptic curve selection on private key import. -- Fixes for RNG with Intel rdrand and rdseed speedups. -- Improved performance with Intel rdrand to use full 64-bit output -- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source -- Removed RNG ARC4 support -- Added ECC helpers to get size and id from curve name. -- Added ECC Cofactor DH (ECC-CDH) support -- Added ECC private key only import / export functions. -- Added PKCS8 create function -- Improvements to TLS layer CTX handling for switching keys / certs. -- Added check for duplicate certificate policy OID in certificates. -- Normal math speed-up to not allocate on mp_int and defer until mp_grow -- Reduce heap usage with fast math when not using ALT_ECC_SIZE -- Fixes for building CRL with Windows -- Added support for inline CRL lookup when HAVE_CRL_IO is defined -- Added port for tenAsys INtime RTOS -- Improvements to uTKernel port (WOLFSSL_uTKERNEL2) -- Updated WPA Supplicant support -- Added support for Nginx -- Update stunnel port for version 5.40 -- Fixes for STM32 hardware crypto acceleration -- Extended test code coverage in bundled test.c -- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this. -- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen. - - -This release of wolfSSL fixes 5 low and 1 medium level security vulnerability. - -3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America. -- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad. -- Fix for DH key accepted by wc_DhAgree when the key was malformed. -- Fix for a double free case when adding CA cert into X509_store. - -Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this. - -Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/ - -Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology. - - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - - -********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017) - -Release 3.10.2 of wolfSSL has bug fixes and new features including: - -- Poly1305 Windows macros fix. Thanks to GitHub user Jay Satiro -- Compatibility layer expanded with multiple functions added -- Improve fp_copy performance with ALT_ECC_SIZE -- OCSP updates and improvements -- Fixes for IAR EWARM 8 compiler warnings -- Reduce stack usage with ECC_CACHE_CURVE disabled -- Added ECC export raw for public and private key -- Fix for NO_ASN_TIME build -- Supported curves extensions now populated by default -- Add DTLS build without big integer math -- Fix for static memory feature with wc_ecc_verify_hash_ex and not SHAMIR -- Added PSK interoperability testing to script bundled with wolfSSL -- Fix for Python wrapper random number generation. Compiler optimizations with Python could place the random number in same buffer location each time. Thanks to GitHub user Erik Bray (embray) -- Fix for tests on unaligned memory with static memory feature -- Add macro WOLFSSL_NO_OCSP_OPTIONAL_CERTS to skip optional OCSP certificates -- Sanity checks on NULL arguments added to wolfSSL_set_fd and wolfSSL_DTLS_SetCookieSecret -- mp_jacobi stack use reduced, thanks to Szabi Tolnai for providing a solution to reduce stack usage - - -This release of wolfSSL fixes 2 low and 1 medium level security vulnerability. - -Low level fix of buffer overflow for when loading in a malformed temporary DH file. Thanks to Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America for the report. - -Medium level fix for processing of OCSP response. If using OCSP without hard faults enforced and no alternate revocation checks like OCSP stapling then it is recommended to update. - -Low level fix for potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the initial report. - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.10.0 (12/21/2016) - -Release 3.10.0 of wolfSSL has bug fixes and new features including: - -- Added support for SHA224 -- Added scrypt feature -- Build for Intel SGX use, added in directory IDE/WIN-SGX -- Fix for ChaCha20-Poly1305 ECDSA certificate type request -- Enhance PKCS#7 with ECC enveloped data and AES key wrap support -- Added support for RIOT OS -- Add support for parsing PKCS#12 files -- ECC performance increased with custom curves -- ARMv8 expanded to AArch32 and performance increased -- Added ANSI-X9.63-KDF support -- Port to STM32 F2/F4 CubeMX -- Port to Atmel ATECC508A board -- Removed fPIE by default when wolfSSL library is compiled -- Update to Python wrapper, dropping DES and adding wc_RSASetRNG -- Added support for NXP K82 hardware acceleration -- Added SCR client and server verify check -- Added a disable rng option with autoconf -- Added more tests vectors to test.c with AES-CTR -- Updated DTLS session export version number -- Updated DTLS for 64 bit sequence numbers -- Fix for memory management with TI and WOLFSSL_SMALL_STACK -- Hardening RSA CRT to be constant time -- Fix uninitialized warning with IAR compiler -- Fix for C# wrapper example IO hang on unexpected connection termination - - -This release of wolfSSL fixes a low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server that other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report. More information will be available on our site: - -https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.10 (9/23/2016) - -Release 3.9.10 of wolfSSL has bug fixes and new features including: - -- Default configure option changes: - 1. DES3 disabled by default - 2. ECC Supported Curves Extension enabled by default - 3. New option Extended Master Secret enabled by default -- Added checking CA certificate path length, and new test certs -- Fix to DSA pre padding and sanity check on R/S values -- Added CTX level RNG for single-threaded builds -- Intel RDSEED enhancements -- ARMv8 hardware acceleration support for AES-CBC/CTR/GCM, SHA-256 -- Arduino support updates -- Added the Extended Master Secret TLS extension - 1. Enabled by default in configure options, API to disable - 2. Added support for Extended Master Secret to sniffer -- OCSP fix with issuer key hash, lookup refactor -- Added support for Frosted OS -- Added support for DTLS over SCTP -- Added support for static memory with wolfCrypt -- Fix to ECC Custom Curve support -- Support for asynchronous wolfCrypt RSA and TLS client -- Added distribution build configure option -- Update the test certificates - -This release of wolfSSL fixes medium level security vulnerabilities. Fixes for -potential AES, RSA, and ECC side channel leaks is included that a local user -monitoring the same CPU core cache could exploit. VM users, hyper-threading -users, and users where potential attackers have access to the CPU cache will -need to update if they utilize AES, RSA private keys, or ECC private keys. -Thanks to Gorka Irazoqui Apecechea and Xiaofei Guo from Intel Corporation for -the report. More information will be available on our site: - - https://wolfssl.com/wolfSSL/security/vulnerabilities.php - -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html - -********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016) - -Release 3.9.8 of wolfSSL has bug fixes and new features including: - -- Add support for custom ECC curves. -- Add cipher suite ECDHE-ECDSA-AES128-CCM. -- Add compkey enable option. This option is for compressed ECC keys. -- Add in the option to use test.h without gettimeofday function using the macro - WOLFSSL_USER_CURRTIME. -- Add RSA blinding for private key operations. Enable option of harden which is - on by default. This negates timing attacks. -- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves. -- Add helper functions for static memory option to allow getting optimum buffer - sizes. -- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now. -- Update fp_isprime function from libtom enchancement/cleanup repository. -- Update sanity checks on inputs and return values for AES-CMAC. -- Update wolfSSL for use with MYSQL v5.6.30. -- Update LPCXpresso eclipse project to not include misc.c when not needed. -- Fix retransmit of last DTLS flight with timeout notification. The last flight - is no longer retransmitted on timeout. -- Fixes to some code in math sections for compressed ECC keys. This includes - edge cases for buffer size on allocation and adjustments for compressed curves - build. The code and full list can be found on github with pull request #456. -- Fix function argument mismatch for build with secure renegotiation. -- X.509 bug fixes for reading in malformed certificates, reported by researchers - at Columbia University -- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning - produced by GCC 6 trying to determine the intent of code. -- Fixes for static memory option. Including avoid potential race conditions with - counters, decrement handshake counter correctly. -- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a - possible buffer corruption. For information and code see pull request #481. - - -- One high level security fix that requires an update for use with static RSA - cipher suites was submitted. This fix was the addition of RSA blinding for - private RSA operations. We recommend servers who allow static RSA cipher - suites to also generate new private RSA keys. Static RSA cipher suites are - turned off by default. - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016) - -Release 3.9.6 of wolfSSL has bug fixes and new features including: - -- Add staticmemory feature -- Add public wc_GetTime API with base64encode feature -- Add AES CMAC algorithm -- Add DTLS sessionexport feature -- Add python wolfCrypt wrapper -- Add ECC encrypt/decrypt benchmarks -- Add dynamic session tickets -- Add eccshamir option -- Add Whitewood netRandom support --with-wnr -- Add embOS port -- Add minimum key size checks for RSA and ECC -- Add STARTTLS support to examples -- Add uTasker port -- Add asynchronous crypto and wolf event support -- Add compile check for misc.c with inline -- Add RNG benchmark -- Add reduction to stack usage with hash-based RNG -- Update STM32F2_CRYPTO port with additional algorithms supported -- Update MDK5 projects -- Update AES-NI -- Fix for STM32 with STM32F2_HASH defined -- Fix for building with MinGw -- Fix ECC math bugs with ALT_ECC_SIZE and key sizes over 256 bit (1) -- Fix certificate buffers github issue #422 -- Fix decrypt max size with RSA OAEP -- Fix DTLS sanity check with DTLS timeout notification -- Fix free of WOLFSSL_METHOD on failure to create CTX -- Fix memory leak in failure case with wc_RsaFunction (2) - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- (1) Code changes for ECC fix can be found at pull requests #411, #416, and #428 -- (2) Builds using RSA with using normal math and not RSA_LOW_MEM should update -- Tag 3.9.6w is for a Windows example echoserver fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.9.0 (3/18/2016) - -Release 3.9.0 of wolfSSL has bug fixes and new features including: - -- Add new leantls configuration -- Add RSA OAEP padding at wolfCrypt level -- Add Arduino port and example client -- Add fixed point DH operation -- Add CUSTOM_RAND_GENRATE_SEED_OS and CUSTOM_RAND_GENERATE_BLOCK -- Add ECDHE-PSK cipher suites -- Add PSK ChaCha20-Poly1305 cipher suites -- Add option for fail on no peer cert except PSK suites -- Add port for Nordic nRF51 -- Add additional ECC NIST test vectors for 256, 384 and 521 -- Add more granular ECC, Ed25519/Curve25519 and AES configs -- Update to ChaCha20-Poly1305 -- Update support for Freescale KSDK 1.3.0 -- Update DER buffer handling code, refactoring and reducing memory -- Fix to AESNI 192 bit key expansion -- Fix to C# wrapper character encoding -- Fix sequence number issue with DTLS epoch 0 messages -- Fix RNGA with K64 build -- Fix ASN.1 X509 V3 certificate policy extension parsing -- Fix potential free of uninitialized RSA key in asn.c -- Fix potential underflow when using ECC build with FP_ECC -- Fixes for warnings in Visual Studio 2015 build - -- No high level security fixes that requires an update though we always -recommend updating to the latest -- FP_ECC is off by default, users with it enabled should update for the zero -sized hash fix - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.8.0 (12/30/2015) - -Release 3.8.0 of wolfSSL has bug fixes and new features including: - -- Example client/server with VxWorks -- AESNI use with AES-GCM -- Stunnel compatibility enhancements -- Single shot hash and signature/verify API added -- Update cavium nitrox port -- LPCXpresso IDE support added -- C# wrapper to support wolfSSL use by a C# program -- (BETA version)OCSP stapling added -- Update OpenSSH compatibility -- Improve DTLS handshake when retransmitting finished message -- fix idea_mult() for 16 and 32bit systems -- fix LowResTimer on Microchip ports - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.7.0 (10/26/2015) - -Release 3.7.0 of wolfSSL has bug fixes and new features including: - -- ALPN extension support added for HTTP2 connections with --enable-alpn -- Change of example/client/client max fragment flag -L -> -F -- Throughput benchmarking, added scripts/benchmark.test -- Sniffer API ssl_FreeDecodeBuffer added -- Addition of AES_GCM to Sniffer -- Sniffer change to handle unlimited decrypt buffer size -- New option for the sniffer where it will try to pick up decoding after a - sequence number acknowldgement fault. Also includes some additional stats. -- JNI API setter and getter function for jobject added -- User RSA crypto plugin abstraction. An example placed in wolfcrypt/user-crypto -- fix to asn configuration bug -- AES-GCM/CCM fixes. -- Port for Rowley added -- Rowley Crossworks bare metal examples added -- MDK5-ARM project update -- FreeRTOS support updates. -- VXWorks support updates. -- Added the IDEA cipher and support in wolfSSL. -- Update wolfSSL website CA. -- CFLAGS is usable when configuring source. - -- No high level security fixes that requires an update though we always -recommend updating to the latest - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.8 (09/17/2015) - -Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also -includes bug fixes and new features including: - -- Two High level security fixes, all users SHOULD update. - a) If using wolfSSL for DTLS on the server side of a publicly accessible - machine you MUST update. - b) If using wolfSSL for TLS on the server side with private RSA keys allowing - ephemeral key exchange without low memory optimizations you MUST update and - regenerate the private RSA keys. - - Please see https://www.wolfssl.com/wolfSSL/Blog/Blog.html for more details - -- No filesystem build fixes for various configurations -- Certificate generation now supports several extensions including KeyUsage, - SKID, AKID, and Certificate Policies -- CRLs can be loaded from buffers as well as files now -- SHA-512 Certificate Signing generation -- Fixes for sniffer reassembly processing - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - ********* wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) - -Release 3.6.6 of wolfSSL has bug fixes and new features including: - -- OpenSSH compatibility with --enable-openssh -- stunnel compatibility with --enable-stunnel -- lighttpd compatibility with --enable-lighty -- SSLv3 is now disabled by default, can be enabled with --enable-sslv3 -- Ephemeral key cipher suites only are now supported by default - To enable static ECDH cipher suites define WOLFSSL_STATIC_DH - To enable static RSA cipher suites define WOLFSSL_STATIC_RSA - To enable static PSK cipher suites define WOLFSSL_STATIC_PSK -- Added QSH (quantum-safe handshake) extension with --enable-ntru -- SRP is now part of wolfCrypt, enable with --enabe-srp -- Certificate handshake messages can now be sent fragmented if the record - size is smaller than the total message size, no user action required. -- DTLS duplicate message fixes -- Visual Studio project files now support DLL and static builds for 32/64bit. -- Support for new Freescale I/O -- FreeRTOS FIPS support - -- No high level security fixes that requires an update though we always - recommend updating to the latest - -See INSTALL file for build instructions. -More information can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015) - -Release 3.6.0 of wolfSSL has bug fixes and new features including: - -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect - Forward Secrecy). With --enable-maxstrength -- Server side session ticket support, the example server and echoserver use the - example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb() -- FIPS version submitted for iOS. -- TI Crypto Hardware Acceleration -- DTLS fragmentation fixes -- ECC key check validation with wc_ecc_check_key() -- 32bit code options to reduce memory for Curve25519 and Ed25519 -- wolfSSL JNI build switch with --enable-jni -- PicoTCP support improvements -- DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz() -- KEEP_PEER_CERT and AltNames can now be used together -- ChaCha20 big endian fix -- SHA-512 signature algorithm support for key exchange and verify messages -- ECC make key crash fix on RNG failure, ECC users must update. -- Improvements to usage of time code. -- Improvements to VS solution files. -- GNU Binutils 2.24 (and late 2.23) ld has problems with some debug builds, - to fix an ld error add C_EXTRA_FLAGS="-fdebug-types-section -g1". - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 14, ecc RNG failure) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - - *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - - ***********CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set minimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -***********CyaSSL Release 3.2.0 (09/10/2014) - -Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.1.0 (07/14/2014) - -Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.2 (05/30/2014) - -Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 3.0.0 (04/29/2014) - -Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.4 (04/09/2014) - -Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************ CyaSSL Release 2.9.0 (02/07/2014) - -Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -*****************CyaSSL Release 2.8.0 (8/30/2013) - -Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*****************CyaSSL Release 2.7.0 (6/17/2013) - -Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -************** CyaSSL Release 2.6.0 (04/15/2013) - -Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 6 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open, - e.g, --without-pic - 6) if static lib is still a problem try removing fPIE -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************** CyaSSL Release 2.5.0 (02/04/2013) - -Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the /mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.4.6 (12/20/2012) - -Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -*************** CyaSSL Release 2.4.0 (10/10/2012) - -Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -*************** CyaSSL Release 2.3.0 (8/10/2012) - -Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.2.0 (5/18/2012) - -Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -***************CyaSSL Release 2.0.8 (2/24/2012) - -Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.6 (1/27/2012) - -Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.2 (12/05/2011) - -Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -************* CyaSSL Release 2.0.0rc3 (9/28/2011) - -Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in -- CTaocrypt headers now in -- OpenSSL compatibility headers now in -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header - now need to include instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -************CyaSSL Release 2.0.0rc2 (6/6/2011) - -Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -***********CyaSSL Release 2.0.0rc1 (5/2/2011) - -Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@wolfssl.com. - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -****************** CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -****************** CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@wolfssl.com. - -Happy Holidays. - - -********************* CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -********************** CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -************* CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -************** CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -*************** CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@wolfssl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow -items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -sudo sysctl -w net.inet.tcp.msl=3000 - -In Linux - -sudo sysctl -w net.ipv4.tcp_tw_reuse=1 - -allows reuse of sockets in TIME_WAIT - -sudo sysctl -w net.ipv4.tcp_tw_recycle=1 - -works but seems to remove sockets from TIME_WAIT entirely? - -sudo sysctl -w net.ipv4.tcp_fin_timeout=1 - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -******************** CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -******************** CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -******************** CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir : - -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -./configure --with-openssl --with-openssl-includes=/include --with-openssl-libs=/lib LDFLAGS=-lm - -make - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -#if 0 - -and this line to the end of the file - -#endif - -Then from the lighttpd src dir do a: - -make clean -make - - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -SSL_LIB = -lssl -lcrypto - -to - -SSL_LIB = -lcyassl - -Then from the lighttpd src dir do a: - -make clean -make - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@wolfssl.com . - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -******************CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -*****************CyaSSL Release Candidate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA - -And the corresponding cipher names are - -HC128-SHA -RABBIT-SHA - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" - -For linking purposes you'll need - -LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map" - -For general build instructions see rc1 below. - - -********************CyaSSL Release Candidate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@wolfssl.com or todd@wolfssl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -CFLAGS="-O3 -fomit-frame-pointer" - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -LDFLAGS=-Wl,-read_only_relocs,warning - -This gives warnings for some symbols but seems to work. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -*************************CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - **** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -****************CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -*****************CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -*****************CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -*****************CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -*****************CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -*****************CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -to make a debug build: - - ./configure --enable-debug --disable-shared - make - - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. - - -Please send questions or comments to todd@wolfssl.com - - diff --git a/README b/README deleted file mode 100644 index a260e9c1af..0000000000 --- a/README +++ /dev/null @@ -1,218 +0,0 @@ -*** Resources *** - - wolfSSL website: https://www.wolfssl.com/ - wolfSSL wiki: https://github.com/wolfSSL/wolfssl/wiki - wolfSSL manual: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html - - FIPS FAQ: https://www.wolfssl.com/wolfSSL/fips.html - - wolfSSL API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html - wolfCrypt API: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html - - TLS 1.3 https://www.wolfssl.com/docs/tls13/ - -*** Description *** - -The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS -library written in ANSI C and targeted for embedded, RTOS, and -resource-constrained environments - primarily because of its small size, speed, -and feature set. It is commonly used in standard operating environments as well -because of its royalty-free pricing and excellent cross platform support. wolfSSL -supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up -to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, -Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports -dramatically better performance when using wolfSSL over OpenSSL. - -wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt -cryptography library has been FIPS 140-2 validated (Certificate #2425). For -additional information, visit the wolfCrypt FIPS FAQ -(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com - -*** Why choose wolfSSL? *** - -There are many reasons to choose wolfSSL as your embedded SSL solution. Some of -the top reasons include size (typical footprint sizes range from 20-100 kB), -support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, -DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream -ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease -porting into existing applications which have previously used the OpenSSL package. -For a complete feature list, see https://www.wolfssl.com/docs/wolfssl-manual/ch4/ - -*** Notes, Please read *** - -Note 1) -wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no -longer supports static key cipher suites with PSK, RSA, or ECDH. This means -if you plan to use TLS cipher suites you must enable DH (DH is on by default), -or enable ECC (ECC is on by default), or you must enable static -key cipher suites with - WOLFSSL_STATIC_DH - WOLFSSL_STATIC_RSA - or - WOLFSSL_STATIC_PSK - -though static key cipher suites are deprecated and will be removed from future -versions of TLS. They also lower your security by removing PFS. Since current -NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be -used in order to build with NTRU suites. - -When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites -are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES -in the event that you desire that, i.e., you're not using TLS cipher suites. - -Note 2) -wolfSSL takes a different approach to certificate verification than OpenSSL -does. The default policy for the client is to verify the server, this means -that if you don't load CAs to verify the server you'll get a connect error, -no signer error to confirm failure (-188). -If you want to mimic OpenSSL behavior of having SSL_connect succeed even if -verifying the server fails and reducing security you can do this by calling: - -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling wolfSSL_new(); Though it's not recommended. - -Note 3) -The enum values SHA, SHA256, SHA384, SHA512 are no longer available when -wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro -NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call -hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 -should be used for the enum name. - -*** end Notes *** - - -** wolfSSL Release 3.15.0 (05/05/2018) - -Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: - -- Support for TLS 1.3 Draft versions 23, 26 and 28. -- Add FIPS SGX support! -- Single Precision assembly code added for ARM and 64-bit ARM to enhance - performance. -- Improved performance for Single Precision maths on 32-bit. -- Improved downgrade support for the TLS 1.3 handshake. -- Improved TLS 1.3 support from interoperability testing. -- Added option to allow TLS 1.2 to be compiled out to reduce size and enhance - security. -- Added option to support Ed25519 in TLS 1.2 and 1.3. -- Update wolfSSL_HMAC_Final() so the length parameter is optional. -- Various fixes for Coverity static analysis reports. -- Add define to use internal struct timeval (USE_WOLF_TIMEVAL_T). -- Switch LowResTimer() to call XTIME instead of time(0) for better portability. -- Expanded OpenSSL compatibility layer with a bevy of new functions. -- Added Renesas CS+ project files. -- Align DH support with NIST SP 800-56A, add wc_DhSetKey_ex() for q parameter. -- Add build option for CAVP self test build (--enable-selftest). -- Expose mp_toradix() when WOLFSSL_PUBLIC_MP is defined. -- Example certificate expiration dates and generation script updated. -- Additional optimizations to trim out unused strings depending on build - options. -- Fix for DN tag strings to have “=” when returning the string value to users. -- Fix for wolfSSL_ERR_get_error_line_data return value if no more errors are - in the queue. -- Fix for AES-CBC IV value with PIC32 hardware acceleration. -- Fix for wolfSSL_X509_print with ECC certificates. -- Fix for strict checking on URI absolute vs relative path. -- Added crypto device framework to handle PK RSA/ECC operations using - callbacks, which adds new build option `./configure --enable-cryptodev` or - `WOLF_CRYPTO_DEV`. -- Added devId support to ECC and PKCS7 for hardware based private key. -- Fixes in PKCS7 for handling possible memory leak in some error cases. -- Added test for invalid cert common name when set with - `wolfSSL_check_domain_name`. -- Refactor of the cipher suite names to use single array, which contains - internal name, IANA name and cipher suite bytes. -- Added new function `wolfSSL_get_cipher_name_from_suite` for getting IANA - cipher suite name using bytes. -- Fixes for fsanitize reports. -- Fix for openssl compatibility function `wolfSSL_RSA_verify` to check - returned size. -- Fixes and improvements for FreeRTOS AWS. -- Fixes for building openssl compatibility with FreeRTOS. -- Fix and new test for handling match on domain name that may have a null - terminator inside. -- Cleanup of the socket close code used for examples, CRL/OCSP and BIO to use - single macro `CloseSocket`. -- Refactor of the TLSX code to support returning error codes. -- Added new signature wrapper functions `wc_SignatureVerifyHash` and - `wc_SignatureGenerateHash` to allow direct use of hash. -- Improvement to GCC-ARM IDE example. -- Enhancements and cleanups for the ASN date/time code including new API's - `wc_GetDateInfo`, `wc_GetCertDates` and `wc_GetDateAsCalendarTime`. -- Fixes to resolve issues with C99 compliance. Added build option `WOLF_C99` - to force C99. -- Added a new `--enable-opensslall` option to enable all openssl compatibility - features. -- Added new `--enable-webclient` option for enabling a few HTTP API's. -- Added new `wc_OidGetHash` API for getting the hash type from a hash OID. -- Moved `wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer` - to asn.c and renamed to `wc_`. Added backwards compatibility macro for old - function names. -- Added new `WC_MAX_SYM_KEY_SIZE` macro for helping determine max key size. -- Added `--enable-enckeys` or (`WOLFSSL_ENCRYPTED_KEYS`) to enable support for - encrypted PEM private keys using password callback without having to use - opensslextra. -- Added ForceZero on the password buffer after done using it. -- Refactor unique hash types to use same internal values - (ex WC_MD5 == WC_HASH_TYPE_MD5). -- Refactor the Sha3 types to use `wc_` naming, while retaining old names for - compatibility. -- Improvements to `wc_PBKDF1` to support more hash types and the non-standard - extra data option. -- Fix TLS 1.3 with ECC disabled and CURVE25519 enabled. -- Added new define `NO_DEV_URANDOM` to disable the use of `/dev/urandom`. -- Added `WC_RNG_BLOCKING` to indicate block w/sleep(0) is okay. -- Fix for `HAVE_EXT_CACHE` callbacks not being available without - `OPENSSL_EXTRA` defined. -- Fix for ECC max bits `MAX_ECC_BITS` not always calculating correctly due to - macro order. -- Added support for building and using PKCS7 without RSA (assuming ECC is - enabled). -- Fixes and additions for Cavium Nitrox V to support ECC, AES-GCM and HMAC - (SHA-224 and SHA3). -- Enabled ECC, AES-GCM and SHA-512/384 by default in (Linux and Windows) -- Added `./configure --enable-base16` and `WOLFSSL_BASE16` configuration - option to enable Base16 API's. -- Improvements to ATECC508A support for building without `WOLFSSL_ATMEL` - defined. -- Refactor IO callback function names to use `_CTX_` to eliminate confusion - about the first parameter. -- Added support for not loading a private key for server or client when - `HAVE_PK_CALLBACK` is defined and the private PK callback is set. -- Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for - a key size. -- Cleanup ECC point import/export code and added new API - `wc_ecc_import_unsigned`. -- Fixes for handling OCSP with non-blocking. -- Added new PK (Primary Key) callbacks for the VerifyRsaSign. The new - callbacks API's are `wolfSSL_CTX_SetRsaVerifySignCb` and - `wolfSSL_CTX_SetRsaPssVerifySignCb`. -- Added new ECC API `wc_ecc_rs_raw_to_sig` to take raw unsigned R and S and - encodes them into ECDSA signature format. -- Added support for `WOLFSSL_STM32F1`. -- Cleanup of the ASN X509 header/footer and XSTRNCPY logic. -- Add copyright notice to autoconf files. (Thanks Brian Aker!) -- Updated the M4 files for autotools. (Thanks Brian Aker!) -- Add support for the cipher suite TLS_DH_anon_WITH_AES256_GCM_SHA384 with - test cases. (Thanks Thivya Ashok!) -- Add the TLS alert message unknown_psk_identity (115) from RFC 4279, - section 2. (Thanks Thivya Ashok!) -- Fix the case when using TCP with timeouts with TLS. wolfSSL shall be - agnostic to network socket behavior for TLS. (DTLS is another matter.) - The functions `wolfSSL_set_using_nonblock()` and - `wolfSSL_get_using_nonblock()` are deprecated. -- Hush the AR warning when building the static library with autotools. -- Hush the “-pthread” warning when building in some environments. -- Added a dist-hook target to the Makefile to reset the default options.h file. -- Removed the need for the darwin-clang.m4 file with the updates provided by - Brian A. -- Renamed the AES assembly file so GCC on the Mac will build it using the - preprocessor. -- Add a disable option (--disable-optflags) to turn off the default - optimization flags so user may supply their own custom flags. -- Correctly touch the dummy fips.h header. - -If you have questions on any of this, email us at info@wolfssl.com. -See INSTALL file for build instructions. -More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html From 1c17f55ee4631f9dbdb6b49f0bc1dc22304b171c Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 5 Jun 2018 16:10:08 -0700 Subject: [PATCH 24/63] updated the readme/changelog with the correct release date --- ChangeLog.md | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 776f5ea3b3..750274aed2 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,4 +1,4 @@ -# wolfSSL Release 3.15.0 (05/05/2018) +# wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: diff --git a/README.md b/README.md index c51ce7c512..8a6c57c32a 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name. ``` -# wolfSSL Release 3.15.0 (05/05/2018) +# wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: From 9b9568d500f31f964af26ba8d01e542e1f27e5ca Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 28 May 2018 08:32:45 +1000 Subject: [PATCH 25/63] Change ECDSA signing to use blinding. --- wolfcrypt/src/ecc.c | 68 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index ee271da8f4..6bfd210581 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3139,12 +3139,6 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) if (err == 0) err = mp_read_unsigned_bin(k, (byte*)buf, size); - /* quick sanity check to make sure we're not dealing with a 0 key */ - if (err == MP_OKAY) { - if (mp_iszero(k) == MP_YES) - err = MP_ZERO_E; - } - /* the key should be smaller than the order of base point */ if (err == MP_OKAY) { if (mp_cmp(k, order) != MP_LT) { @@ -3152,6 +3146,12 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } } + /* quick sanity check to make sure we're not dealing with a 0 key */ + if (err == MP_OKAY) { + if (mp_iszero(k) == MP_YES) + err = MP_ZERO_E; + } + ForceZero(buf, ECC_MAXSIZE); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_ECC_BUFFER); @@ -3924,20 +3924,40 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, /* don't use async for key, since we don't support async return here */ if ((err = wc_ecc_init_ex(&pubkey, key->heap, INVALID_DEVID)) == MP_OKAY) { + mp_int b; + + if (err == MP_OKAY) { + err = mp_init(&b); + } + #ifdef WOLFSSL_CUSTOM_CURVES /* if custom curve, apply params to pubkey */ - if (key->idx == ECC_CUSTOM_IDX) { + if (err == MP_OKAY && key->idx == ECC_CUSTOM_IDX) { err = wc_ecc_set_custom_curve(&pubkey, key->dp); } #endif + if (err == MP_OKAY) { + /* Generate blinding value - non-zero value. */ + do { + if (++loop_check > 64) { + err = RNG_FAILURE_E; + break; + } + + err = wc_ecc_gen_k(rng, key->dp->size, &b, curve->order); + } + while (err == MP_ZERO_E); + loop_check = 0; + } + for (; err == MP_OKAY;) { if (++loop_check > 64) { err = RNG_FAILURE_E; break; } err = wc_ecc_make_key_ex(rng, key->dp->size, &pubkey, - key->dp->id); + key->dp->id); if (err != MP_OKAY) break; /* find r = x1 mod n */ @@ -3953,30 +3973,50 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, mp_forcezero(&pubkey.k); } else { - /* find s = (e + xr)/k */ + /* find s = (e + xr)/k + = b.(e/k.b + x.r/k.b) */ + + /* k = k.b */ + err = mp_mulmod(&pubkey.k, &b, curve->order, &pubkey.k); + if (err != MP_OKAY) break; + + /* k = 1/k.b */ err = mp_invmod(&pubkey.k, curve->order, &pubkey.k); if (err != MP_OKAY) break; - /* s = xr */ + /* s = x.r */ err = mp_mulmod(&key->k, r, curve->order, s); if (err != MP_OKAY) break; - /* s = e + xr */ + /* s = x.r/k.b */ + err = mp_mulmod(&pubkey.k, s, curve->order, s); + if (err != MP_OKAY) break; + + /* e = e/k.b */ + err = mp_mulmod(&pubkey.k, e, curve->order, e); + if (err != MP_OKAY) break; + + /* s = e/k.b + x.r/k.b + = (e + x.r)/k.b */ err = mp_add(e, s, s); if (err != MP_OKAY) break; - /* s = e + xr */ - err = mp_mod(s, curve->order, s); + /* s = b.(e + x.r)/k.b + = (e + x.r)/k */ + err = mp_mulmod(s, &b, curve->order, s); if (err != MP_OKAY) break; /* s = (e + xr)/k */ - err = mp_mulmod(s, &pubkey.k, curve->order, s); + err = mp_mod(s, curve->order, s); + if (err != MP_OKAY) break; if (mp_iszero(s) == MP_NO) break; } } wc_ecc_free(&pubkey); + mp_clear(&b); + mp_free(&b); } } From e9d9e7c37c2f22ac01e6cf692ab22dfd724d5a1e Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 6 Jun 2018 10:56:24 -0700 Subject: [PATCH 26/63] replaced NEWS.md in Makefile.am with ChangeLog.md --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 7488c8069a..083ab0df75 100644 --- a/Makefile.am +++ b/Makefile.am @@ -84,7 +84,7 @@ EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md -EXTRA_DIST+= NEWS.md +EXTRA_DIST+= ChangeLog.md EXTRA_DIST+= LICENSING EXTRA_DIST+= INSTALL EXTRA_DIST+= IPP From 59067825fca4600955515e66ad46c22eed4c7fe1 Mon Sep 17 00:00:00 2001 From: Tim Date: Wed, 6 Jun 2018 16:44:46 -0600 Subject: [PATCH 27/63] Update cpuid.c to optimize intelasm for performance --- wolfcrypt/src/cpuid.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c index 6fc30979a9..81f9ab389a 100644 --- a/wolfcrypt/src/cpuid.c +++ b/wolfcrypt/src/cpuid.c @@ -60,16 +60,26 @@ static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { int got_intel_cpu = 0; + int got_amd_cpu = 0; unsigned int reg[5]; - reg[4] = '\0'; cpuid(reg, 0, 0); + + /* check for Intel cpu */ if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 && XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 && XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) { got_intel_cpu = 1; } - if (got_intel_cpu) { + + /* check for AMD cpu */ + if (XMEMCMP((char *)&(reg[EBX]), "Auth", 4) == 0 && + XMEMCMP((char *)&(reg[EDX]), "enti", 4) == 0 && + XMEMCMP((char *)&(reg[ECX]), "cAMD", 4) == 0) { + got_amd_cpu = 1; + } + + if (got_intel_cpu || got_amd_cpu) { cpuid(reg, leaf, sub); return ((reg[num] >> bit) & 0x1); } @@ -98,4 +108,3 @@ return cpuid_flags; } #endif - From 020b69aba009f4fa5f571e123cef4be4170739bf Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 7 Jun 2018 22:01:42 +1000 Subject: [PATCH 28/63] Return TLS 1.3 draft version in ServerHello --- src/tls.c | 14 ++++++++++++-- src/tls13.c | 10 ++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/src/tls.c b/src/tls.c index df8ac64f52..0b76ae8d9f 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4751,8 +4751,18 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - output[0] = ssl->version.major; - output[1] = ssl->version.minor; + #ifndef WOLFSSL_TLS13_FINAL + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor == TLSv1_3_MINOR) { + output[0] = TLS_DRAFT_MAJOR; + output[1] = TLS_DRAFT_MINOR; + } + else + #endif + { + output[0] = ssl->version.major; + output[1] = ssl->version.minor; + } *pSz += OPAQUE16_LEN; } diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1c..9bf209ff3f 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3713,8 +3713,14 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; + /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ + #ifdef WOLFSSL_TLS13_FINAL + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; + #else + hrr[hrrIdx++] = TLS_DRAFT_MAJOR; + hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #endif #endif /* Mandatory Cookie Extension */ c16toa(TLSX_COOKIE, hrr + hrrIdx); From c6e2585fbc366dcf33eaffa4bf1b2a3ccbe90535 Mon Sep 17 00:00:00 2001 From: Tim Parrish <--global> Date: Thu, 7 Jun 2018 10:35:54 -0600 Subject: [PATCH 29/63] added check for AMD processor to asm.c --- wolfcrypt/src/asm.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/asm.c b/wolfcrypt/src/asm.c index c409230ecc..91726dd9ad 100644 --- a/wolfcrypt/src/asm.c +++ b/wolfcrypt/src/asm.c @@ -81,17 +81,27 @@ static word32 cpuid_check = 0 ; static word32 cpuid_flags = 0 ; static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) { - int got_intel_cpu=0; + int got_intel_cpu = 0; + int got_amd_cpu = 0; unsigned int reg[5]; reg[4] = '\0' ; cpuid(reg, 0, 0); - if(memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 && - memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 && - memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) { + + /* check for intel cpu */ + if( memcmp((char *)&(reg[EBX]), "Genu", 4) == 0 && + memcmp((char *)&(reg[EDX]), "ineI", 4) == 0 && + memcmp((char *)&(reg[ECX]), "ntel", 4) == 0) { got_intel_cpu = 1; } - if (got_intel_cpu) { + + /* check for AMD cpu */ + if( memcmp((char *)&(reg[EBX]), "Auth", 4) == 0 && + memcmp((char *)&(reg[EDX]), "enti", 4) == 0 && + memcmp((char *)&(reg[ECX]), "cAMD", 4) == 0) { + got_amd_cpu = 1; + } + if (got_intel_cpu || got_amd_cpu) { cpuid(reg, leaf, sub); return((reg[num]>>bit)&0x1) ; } From 00ddeb07d873edecec776b1e171116dd5a53b12a Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 7 Jun 2018 15:56:37 -0700 Subject: [PATCH 30/63] Resolves issue with reassembling large certificates. The `ProcessPeerCerts` function was using the wrong max size check for certs. Built and test with `./configure CFLAGS="-DMAX_CERTIFICATE_SZ=20000"`. --- src/internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index d47316f255..716cd3a463 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8276,7 +8276,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } c24to32(input + args->idx, &listSz); args->idx += OPAQUE24_LEN; - if (listSz > MAX_RECORD_SIZE) { + if (listSz > MAX_CERTIFICATE_SZ) { ERROR_OUT(BUFFER_ERROR, exit_ppc); } if ((args->idx - args->begin) + listSz != totalSz) { From 587f4ae79e4c39d0eee83a8fbb21da2c942986f3 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 09:00:12 +1000 Subject: [PATCH 31/63] Don't include sys/time.h explicitly in tls13.c --- src/tls13.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1c..27bc33b8bd 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -80,7 +80,7 @@ #ifdef WOLFSSL_TLS13 #ifdef HAVE_SESSION_TICKET - #include + #include #endif #ifndef WOLFCRYPT_ONLY From 5547a7b4bd35b5b0202f2886bc220225c19e10cf Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 17:38:11 +1000 Subject: [PATCH 32/63] Fix private-only keys and make them script generated --- certs/ed25519/ca-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/ca-ed25519-priv.pem | 3 +++ certs/ed25519/client-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/client-ed25519-priv.pem | 2 +- certs/ed25519/gen-ed25519.sh | 14 ++++++++++++++ certs/ed25519/include.am | 4 ++++ certs/ed25519/root-ed25519-priv.der | Bin 0 -> 48 bytes certs/ed25519/root-ed25519-priv.pem | 3 +++ certs/ed25519/server-ed25519-priv.der | Bin 48 -> 48 bytes certs/ed25519/server-ed25519-priv.pem | 2 +- 10 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 certs/ed25519/ca-ed25519-priv.der create mode 100644 certs/ed25519/ca-ed25519-priv.pem create mode 100644 certs/ed25519/root-ed25519-priv.der create mode 100644 certs/ed25519/root-ed25519-priv.pem diff --git a/certs/ed25519/ca-ed25519-priv.der b/certs/ed25519/ca-ed25519-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..1618c73b2c4c48b4b29a857314ca023582f5b0c1 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy6Au6Y literal 48 zcmXreV`5}5U}a<0PAy ${NAME}-ed25519-priv.der + head -c 48 ${NAME}-ed25519-key.der | tail -c 46 >> ${NAME}-ed25519-priv.der + + echo "-----BEGIN PRIVATE KEY-----" > ${NAME}-ed25519-priv.pem + openssl base64 -in ${NAME}-ed25519-priv.der >> ${NAME}-ed25519-priv.pem + echo "-----END PRIVATE KEY-----" >> ${NAME}-ed25519-priv.pem +} + +NAME=server convert +NAME=client convert +NAME=root convert +NAME=ca convert + diff --git a/certs/ed25519/include.am b/certs/ed25519/include.am index ce3fb80817..3bd79c6d12 100644 --- a/certs/ed25519/include.am +++ b/certs/ed25519/include.am @@ -7,6 +7,8 @@ EXTRA_DIST += \ certs/ed25519/ca-ed25519.pem \ certs/ed25519/ca-ed25519-key.der \ certs/ed25519/ca-ed25519-key.pem \ + certs/ed25519/ca-ed25519-priv.der \ + certs/ed25519/ca-ed25519-priv.pem \ certs/ed25519/client-ed25519.der \ certs/ed25519/client-ed25519.pem \ certs/ed25519/client-ed25519-key.der \ @@ -17,6 +19,8 @@ EXTRA_DIST += \ certs/ed25519/root-ed25519.pem \ certs/ed25519/root-ed25519-key.der \ certs/ed25519/root-ed25519-key.pem \ + certs/ed25519/root-ed25519-priv.der \ + certs/ed25519/root-ed25519-priv.pem \ certs/ed25519/server-ed25519.der \ certs/ed25519/server-ed25519.pem \ certs/ed25519/server-ed25519-key.der \ diff --git a/certs/ed25519/root-ed25519-priv.der b/certs/ed25519/root-ed25519-priv.der new file mode 100644 index 0000000000000000000000000000000000000000..6ca194a933fb8e812f0cd15c613a80cf7dc3bbda GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy6Au6Y literal 0 HcmV?d00001 diff --git a/certs/ed25519/root-ed25519-priv.pem b/certs/ed25519/root-ed25519-priv.pem new file mode 100644 index 0000000000..0104b1620b --- /dev/null +++ b/certs/ed25519/root-ed25519-priv.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEICejNCo11Lu44dzY7A/BoNGiXPkG8ERdO5dNvd9KO6NO +-----END PRIVATE KEY----- diff --git a/certs/ed25519/server-ed25519-priv.der b/certs/ed25519/server-ed25519-priv.der index a157ffd09cc1f70cdf39cf828741a8b2e1e0d946..2245c976d7fb955535195698835545bab2c05cde 100644 GIT binary patch literal 48 zcmXreV`5}5U}a<0PAy Date: Fri, 8 Jun 2018 10:16:40 -0600 Subject: [PATCH 33/63] Allow for wc_SetAltNamesBuffer call with larger than 16384 buffers at user discretion --- wolfssl/wolfcrypt/asn_public.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 9bd337effc..a3c914a581 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -100,11 +100,15 @@ enum Ctc_Encoding { CTC_PRINTABLE = 0x13 /* printable */ }; +#ifndef WC_CTC_MAX_ALT_SIZE + #define WC_CTC_MAX_ALT_SIZE 16384 +#endif + enum Ctc_Misc { CTC_COUNTRY_SIZE = 2, CTC_NAME_SIZE = 64, CTC_DATE_SIZE = 32, - CTC_MAX_ALT_SIZE = 16384, /* may be huge */ + CTC_MAX_ALT_SIZE = WC_CTC_MAX_ALT_SIZE, /* may be huge, default: 16384 */ CTC_SERIAL_SIZE = 16, #ifdef WOLFSSL_CERT_EXT /* AKID could contains: hash + (Option) AuthCertIssuer,AuthCertSerialNum From e99fc3026d697e662648401fc3146270a0178a65 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 8 Jun 2018 10:09:53 -0700 Subject: [PATCH 34/63] Fixed issue with `MatchDomainName`. Fixes issue #1606. This is a valid and confirmed bug report in v3.15.0. Applies to `./configure --enable-sni` case with `wolfSSL_CTX_UseSNI` where common name has wildcards. Pushing fix for visibility now and will add test case. --- src/internal.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index d47316f255..e635888627 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7644,6 +7644,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 1 on success */ int MatchDomainName(const char* pattern, int len, const char* str) { + int ret = 0; char p, s; if (pattern == NULL || str == NULL || len <= 0) @@ -7676,11 +7677,17 @@ int MatchDomainName(const char* pattern, int len, const char* str) return 0; } - if (len > 0) + + if (len > 0) { + str++; len--; + } } - return *str == '\0'; + if (*str == '\0') + ret = 1; /* success */ + + return ret; } From ce2f393bc7d80d74c4a27c338a03f73ced31d940 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 8 Jun 2018 10:47:14 -0700 Subject: [PATCH 35/63] Autoconf Update 1. Remove many redundant macros. 2. Reorder several macros to more appropriate locations. 3. Several macros take lists of items to process, not just individual items. Combined duplicated macros' parameters into lists. 4. Some macros had unnecessary parameters. 5. Added some AX_REQUIRE_DEFINED() checks for the macros used. 6. Add cyassl/options.h to the AC_CONFIG_FILES list. It will be recreated from the template when running config.status the same as wolfssl/options.h 7. Remove the dist-dir rule from Makefile.am. This is prefering the process rather than automating that one step. Make dist will not run config.status. * AC_PROG_CC must be before any macros that will try to compile for tests. * AC_CHECK_SIZEOF takes a single type, no size values. * Only one of the AC_CANONICAL_X macros are expanded. Removed AC_CANONICAL_BUILD since it is never actually used. * Removed the AC_PROG_CXX and anything C++ related. * Removed LT_LANG([C]) as it is the default and the C doesn't do anything. --- Makefile.am | 3 -- configure.ac | 97 ++++++++-------------------------- m4/ax_harden_compiler_flags.m4 | 4 ++ 3 files changed, 27 insertions(+), 77 deletions(-) diff --git a/Makefile.am b/Makefile.am index 083ab0df75..036401fbf1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -205,6 +205,3 @@ merge-clean: @find ./ | $(GREP) \.BASE | xargs rm -f @find ./ | $(GREP) \~$$ | xargs rm -f -dist-hook: - cp $(distdir)/wolfssl/options.h.in $(distdir)/wolfssl/options.h - diff --git a/configure.ac b/configure.ac index 390435873c..037fb89a24 100644 --- a/configure.ac +++ b/configure.ac @@ -6,39 +6,32 @@ # # AC_COPYRIGHT([Copyright (C) 2006-2018 wolfSSL Inc.]) +AC_PREREQ([2.63]) AC_INIT([wolfssl],[3.15.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) - AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS and CXXFLAGS to empty if unset on command line. -# We do not want the default "-g -O2" that AC_PROG_CC AC_PROG_CXX sets -# automatically. +# We do not want the default "-g -O2" that AC_PROG_CC sets automatically. : ${CFLAGS=""} -: ${CXXFLAGS=""} # Test ar for the "U" option. Should be checked before the libtool macros. xxx_ar_flags=$((ar --help) 2>&1) AS_CASE([$xxx_ar_flags],[*'use actual timestamps and uids/gids'*],[: ${AR_FLAGS="Ucru"}]) +AC_PROG_CC +AM_PROG_CC_C_O AC_CANONICAL_HOST -AC_CANONICAL_BUILD - -AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) -AC_PREREQ([2.63]) - -AC_ARG_PROGRAM -AC_DEFUN([PROTECT_AC_USE_SYSTEM_EXTENSIONS], - [AX_SAVE_FLAGS - AC_LANG_PUSH([C]) - AC_USE_SYSTEM_EXTENSIONS - AC_LANG_POP([C]) - AX_RESTORE_FLAGS - ]) -#PROTECT_AC_USE_SYSTEM_EXTENSIONS - AC_CONFIG_MACRO_DIR([m4]) -AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. +AM_INIT_AUTOMAKE([1.11 -Wall -Werror -Wno-portability foreign tar-ustar subdir-objects no-define color-tests]) +m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) + +AC_ARG_PROGRAM + +AC_CONFIG_HEADERS([config.h:config.in]) + +LT_PREREQ([2.2]) +LT_INIT([disable-static win32-dll]) #shared library versioning WOLFSSL_LIBRARY_VERSION=17:0:0 @@ -60,57 +53,29 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION]) USER_C_EXTRA_FLAGS="$C_EXTRA_FLAGS" USER_CFLAGS="$CFLAGS" -LT_PREREQ([2.2]) -LT_INIT([disable-static],[win32-dll]) -LT_LANG([C++]) -LT_LANG([C]) - gl_VISIBILITY AS_IF([ test -n "$CFLAG_VISIBILITY" ], [ AM_CPPFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY" CPPFLAGS="$CPPFLAGS $CFLAG_VISIBILITY" ]) -m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) # Moved these size of and type checks before the library checks. # The library checks add the library to subsequent test compiles # and in some rare cases, the networking check causes these sizeof # checks to fail. -AC_CHECK_SIZEOF(long long, 8) -AC_CHECK_SIZEOF(long, 4) -AC_CHECK_TYPES(__uint128_t) -AC_CHECK_FUNCS([gethostbyname]) -AC_CHECK_FUNCS([getaddrinfo]) -AC_CHECK_FUNCS([gettimeofday]) -AC_CHECK_FUNCS([gmtime_r]) -AC_CHECK_FUNCS([inet_ntoa]) -AC_CHECK_FUNCS([memset]) -AC_CHECK_FUNCS([socket]) -AC_CHECK_HEADERS([arpa/inet.h]) -AC_CHECK_HEADERS([fcntl.h]) -AC_CHECK_HEADERS([limits.h]) -AC_CHECK_HEADERS([netdb.h]) -AC_CHECK_HEADERS([netinet/in.h]) -AC_CHECK_HEADERS([stddef.h]) -AC_CHECK_HEADERS([sys/ioctl.h]) -AC_CHECK_HEADERS([sys/socket.h]) -AC_CHECK_HEADERS([sys/time.h]) -AC_CHECK_HEADERS([errno.h]) -AC_CHECK_LIB(network,socket) +AC_CHECK_SIZEOF([long long]) +AC_CHECK_SIZEOF([long]) +AC_CHECK_TYPES([__uint128_t]) +AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h sys/ioctl.h sys/socket.h sys/time.h errno.h]) +AC_CHECK_LIB([network],[socket]) AC_C_BIGENDIAN -# mktime check takes forever on some systems, if time supported it would be -# highly unusual for mktime to be missing -#AC_FUNC_MKTIME -AC_PROG_CC -AC_PROG_CC_C_O -AC_PROG_CXX AC_PROG_INSTALL AC_TYPE_SIZE_T AC_TYPE_UINT8_T AM_PROG_AS -AM_PROG_CC_C_O LT_LIB_M OPTIMIZE_CFLAGS="-Os -fomit-frame-pointer" @@ -120,13 +85,9 @@ DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL" LIB_ADD= LIB_STATIC_ADD= -thread_ls_on=no # Thread local storage -AX_TLS([ - [AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"] - [thread_ls_on=yes] - ] , [:]) - +AX_TLS([thread_ls_on=yes],[thread_ls_on=no]) +AS_IF([test "x$thread_ls_on" = "xyes"],[AM_CFLAGS="$AM_CFLAGS -DHAVE_THREAD_LS"]) # DEBUG AX_DEBUG @@ -135,7 +96,6 @@ AS_IF([test "$ax_enable_debug" = "yes"], [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"]) - # Distro build feature subset (Debian, Ubuntu, etc.) AC_ARG_ENABLE([distro], [AS_HELP_STRING([--enable-distro],[Enable wolfSSL distro build (default: disabled)])], @@ -280,7 +240,7 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ ],[ ENABLED_SINGLETHREADED=yes ]) - ]) + ]) AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xyes" ],[ AM_CFLAGS="-DSINGLE_THREADED $AM_CFLAGS" ]) @@ -4225,7 +4185,6 @@ fi OPTION_FLAGS="$USER_CFLAGS $USER_C_EXTRA_FLAGS $CPPFLAGS $AM_CFLAGS" - CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -4236,17 +4195,7 @@ AC_SUBST([LIB_STATIC_ADD]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) -AC_CONFIG_FILES([Makefile]) -AC_CONFIG_FILES([wolfssl/version.h]) -AC_CONFIG_FILES([wolfssl/options.h]) -#have options.h and version.h for autoconf fips tag and build -#if test "x$ENABLED_FIPS" = "xyes" -#then -# AC_CONFIG_FILES([cyassl/version.h]) -# AC_CONFIG_FILES([cyassl/options.h]) -#fi -AC_CONFIG_FILES([support/wolfssl.pc]) -AC_CONFIG_FILES([rpm/spec]) +AC_CONFIG_FILES([Makefile wolfssl/version.h wolfssl/options.h cyassl/options.h support/wolfssl.pc rpm/spec]) AX_CREATE_GENERIC_CONFIG AX_AM_JOBSERVER([yes]) diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4 index c0ee1b17e7..9088556261 100644 --- a/m4/ax_harden_compiler_flags.m4 +++ b/m4/ax_harden_compiler_flags.m4 @@ -67,6 +67,7 @@ # changes: deleted the clearing of CFLAGS AC_DEFUN([AX_HARDEN_LINKER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG]) AC_REQUIRE([AX_VCS_CHECKOUT]) AC_REQUIRE([AX_DEBUG]) @@ -95,6 +96,7 @@ ]) AC_DEFUN([AX_HARDEN_CC_COMPILER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_LINKER_FLAGS]) AC_LANG_PUSH([C]) @@ -160,6 +162,7 @@ ]) AC_DEFUN([AX_HARDEN_CXX_COMPILER_FLAGS], [ + AC_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C++]) @@ -227,6 +230,7 @@ ]) AC_DEFUN([AX_CC_OTHER_FLAGS], [ + AX_REQUIRE_DEFINED([AX_APPEND_COMPILE_FLAGS]) AC_REQUIRE([AX_HARDEN_CC_COMPILER_FLAGS]) AC_LANG_PUSH([C]) From cf9c352d9188a5633b86446546d3ceff14193e45 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 8 Jun 2018 14:27:54 -0700 Subject: [PATCH 36/63] Fixes for Arduino. Don't use C99 for Arduino. Enhanced the script to create as new folder in `IDE/ARDUINO/wolfSSL`. Updated README.md. --- .gitignore | 3 ++ IDE/ARDUINO/README.md | 23 ++++++------ .../wolfssl_client/wolfssl_client.ino | 3 +- IDE/ARDUINO/wolfssl-arduino.sh | 37 ++++++++++++------- wolfssl/wolfcrypt/wc_port.h | 2 +- 5 files changed, 40 insertions(+), 28 deletions(-) diff --git a/.gitignore b/.gitignore index f5e2544123..b96cadc367 100644 --- a/.gitignore +++ b/.gitignore @@ -237,3 +237,6 @@ IDE/LINUX-SGX/*.a wolfcrypt/src/port/intel/qat_test /mplabx/wolfssl.X/dist/default/ /mplabx/wolfcrypt_test.X/dist/default/ + +# Arduino Generated Files +/IDE/ARDUINO/wolfSSL diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index b16d492e5f..7376c026b4 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -4,22 +4,23 @@ This is a shell script that will re-organize the wolfSSL library to be compatible with Arduino projects. The Arduino IDE requires a library's source files to be in the library's root directory with a header file in the name of -the library. This script moves all src/ files to the root wolfssl directory and -creates a stub header file called wolfssl.h. +the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL` +directory and creates a stub header file called `wolfssl.h`. Step 1: To configure wolfSSL with Arduino, enter the following from within the wolfssl/IDE/ARDUINO directory: - ./wolfssl-arduino.sh + `./wolfssl-arduino.sh` -Step 2: Edit /wolfssl/wolfcrypt/settings.h uncomment the define for -WOLFSSL_ARDUINO +Step 2: Edit `/IDE/ARDUINO/wolfSSL/wolfssl/wolfcrypt/settings.h` uncomment the define for `WOLFSSL_ARDUINO` +If building for Intel Galileo platform also uncomment the define for `INTEL_GALILEO`. -also uncomment the define for INTEL_GALILEO if building for that platform - #####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6) -1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries). -2. In the Arduino IDE: - - Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries. - - Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch. + +1. In the Arduino IDE: + - In `Sketch -> Include Library -> Add .ZIP Library...` and choose the + `IDE/ARDUNIO/wolfSSL` folder. + - In `Sketch -> Include Library` choose wolfSSL. + +An example wolfSSL client INO sketch exists here: `sketches/wolfssl_client/wolfssl_client.ino` diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino index 6d52690c2c..879a19109e 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2016 wolfSSL Inc. + * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -142,4 +142,3 @@ void loop() { } delay(1000); } - diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 4da3ff4b6d..2d84f26c0a 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -7,20 +7,29 @@ DIR=${PWD##*/} if [ "$DIR" = "ARDUINO" ]; then - cp ../../src/*.c ../../ - cp ../../wolfcrypt/src/*.c ../../ - echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h + rm -rf wolfSSL + mkdir wolfSSL + + cp ../../src/*.c ./wolfSSL + cp ../../wolfcrypt/src/*.c ./wolfSSL + + mkdir wolfSSL/wolfssl + cp ../../wolfssl/*.h ./wolfSSL/wolfssl + mkdir wolfSSL/wolfssl/wolfcrypt + cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt + + # support misc.c as include in wolfcrypt/src + mkdir ./wolfSSL/wolfcrypt + mkdir ./wolfSSL/wolfcrypt/src + cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src + + # put bio and evp as includes + mv ./wolfSSL/bio.c ./wolfSSL/wolfssl + mv ./wolfSSL/evp.c ./wolfSSL/wolfssl + + echo "/* Generated wolfSSL header file for Arduino */" >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h + echo "#include " >> ./wolfSSL/wolfssl.h else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" fi - -#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since -# they are included inline and should not be compiled directly - -ARDUINO_DIR=${PWD} -cd ../../ -rm bio.c -rm evp.c -cd $ARDUINO_DIR -# end script in the origin directory for any future functionality that may be added. -#End UPDATE: 19 Apr 2017 diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index de4f8d9e5a..cce21ba981 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -34,7 +34,7 @@ #endif /* detect C99 */ -#if !defined(WOLF_C99) && defined(__STDC_VERSION__) +#if !defined(WOLF_C99) && defined(__STDC_VERSION__) && !defined(WOLFSSL_ARDUINO) #if __STDC_VERSION__ >= 199901L #define WOLF_C99 #endif From 74d4a025421a6302a34678cc8929e88de2322ad5 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 11 Jun 2018 14:43:46 +1000 Subject: [PATCH 37/63] Remove log file and change location to local --- scripts/tls13.test | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/tls13.test b/scripts/tls13.test index 8154d7fdd9..1369b24194 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -14,7 +14,7 @@ counter=0 # also let's add some randomness by adding pid in case multiple 'make check's # per source tree ready_file=`pwd`/wolfssl_tls13_ready$$ -client_file=/tmp/wolfssl_tls13_client$$ +client_file=`pwd`/wolfssl_tls13_client$$ echo "ready file $ready_file" @@ -139,6 +139,8 @@ if [ $? -ne 0 ]; then echo "" fi +do_cleanup + echo -e "\nALL Tests Passed" exit 0 From a472325f8911824f71ac767faf8b1eec7d4d20c6 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Mon, 11 Jun 2018 14:27:08 -0600 Subject: [PATCH 38/63] return WOLFSSL_FAILURE on error from EVP_DigestUpdate() and EVP_DigestFinal() --- src/ssl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 142d8484ba..7c7bd39248 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13400,7 +13400,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } - /* WOLFSSL_SUCCESS on ok */ + /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { @@ -13450,7 +13450,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -13506,7 +13506,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif /* WOLFSSL_SHA512 */ default: - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -32922,4 +32922,4 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) } #endif /* !NO_ASN */ -#endif /* OPENSSLEXTRA */ \ No newline at end of file +#endif /* OPENSSLEXTRA */ From b7caab938efe4566c2f3df44f74c6c37212353e3 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 8 Jun 2018 17:34:03 +1000 Subject: [PATCH 39/63] Fix post authentication for TLS 1.3 --- examples/client/client.c | 12 ++-- examples/server/server.c | 55 ++------------- src/tls.c | 22 +++--- src/tls13.c | 147 ++++++++++++++++++++++----------------- 4 files changed, 105 insertions(+), 131 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index b7f2a37c3d..f90356c83f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -660,7 +660,11 @@ static void ClientWrite(WOLFSSL* ssl, char* msg, int msgSz) } #endif } - } while (err == WC_PENDING_E); + } while (err == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_PENDING_E + #endif + ); if (ret != msgSz) { printf("SSL_write msg error %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); @@ -925,9 +929,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) int onlyKeyShare = 0; #ifdef WOLFSSL_TLS13 int noPskDheKe = 0; -#ifdef WOLFSSL_POST_HANDSHAKE_AUTH int postHandAuth = 0; -#endif #endif int updateKeysIVs = 0; #ifdef WOLFSSL_EARLY_DATA @@ -2253,8 +2255,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) ClientRead(ssl, reply, sizeof(reply)-1, 1); -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (postHandAuth) +#if defined(WOLFSSL_TLS13) + if (updateKeysIVs || postHandAuth) ClientWrite(ssl, msg, msgSz); #endif if (sendGET) { /* get html */ diff --git a/examples/server/server.c b/examples/server/server.c index b2fa31ad2d..f744a96c6e 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -281,46 +281,6 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, return EXIT_SUCCESS; } -#ifdef WOLFSSL_TLS13 -static void NonBlockingServerRead(WOLFSSL* ssl, char* input, int inputLen) -{ - int ret, err; - char buffer[CYASSL_MAX_ERROR_SZ]; - - /* Read data */ - do { - err = 0; /* reset error */ - ret = SSL_read(ssl, input, inputLen); - if (ret < 0) { - err = SSL_get_error(ssl, 0); - - #ifdef WOLFSSL_ASYNC_CRYPT - if (err == WC_PENDING_E) { - ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); - if (ret < 0) break; - } - else - #endif - #ifdef CYASSL_DTLS - if (wolfSSL_dtls(ssl) && err == DECRYPT_ERROR) { - printf("Dropped client's message due to a bad MAC\n"); - } - else - #endif - if (err != WOLFSSL_ERROR_WANT_READ) { - printf("SSL_read input error %d, %s\n", err, - ERR_error_string(err, buffer)); - err_sys_ex(runWithErrors, "SSL_read failed"); - } - } - } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); - if (ret > 0) { - input[ret] = 0; /* null terminate message */ - printf("Client message: %s\n", input); - } -} -#endif - static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) { int ret, err; @@ -352,7 +312,7 @@ static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) err_sys_ex(runWithErrors, "SSL_read failed"); } } - } while (err == WC_PENDING_E); + } while (err == WC_PENDING_E || err == WOLFSSL_ERROR_WANT_READ); if (ret > 0) { input[ret] = 0; /* null terminate message */ printf("Client message: %s\n", input); @@ -1627,7 +1587,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); if (SSL_CTX_load_verify_locations(ctx, verifyCert, 0) @@ -1637,7 +1597,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) } #ifdef WOLFSSL_TRUST_PEER_CERT if (trustCert) { - if ((ret = wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + if ((ret = wolfSSL_trust_peer_cert(ssl, trustCert, WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { err_sys_ex(runWithErrors, "can't load trusted peer cert " "file"); @@ -1679,13 +1639,8 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args) ServerWrite(ssl, write_msg, write_msg_sz); #ifdef WOLFSSL_TLS13 - if (updateKeysIVs || postHandAuth) { - ServerWrite(ssl, write_msg, write_msg_sz); - if (nonBlocking) - NonBlockingServerRead(ssl, input, sizeof(input)-1); - else - ServerRead(ssl, input, sizeof(input)-1); - } + if (updateKeysIVs || postHandAuth) + ServerRead(ssl, input, sizeof(input)-1); #endif } else { diff --git a/src/tls.c b/src/tls.c index df8ac64f52..0920bc081c 100644 --- a/src/tls.c +++ b/src/tls.c @@ -7328,7 +7328,7 @@ int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes) static word16 TLSX_PostHandAuth_GetSize(byte msgType) { if (msgType == client_hello) - return OPAQUE8_LEN; + return 0; return SANITY_MSG_E; } @@ -7343,10 +7343,10 @@ static word16 TLSX_PostHandAuth_GetSize(byte msgType) */ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) { - if (msgType == client_hello) { - *output = 0; - return OPAQUE8_LEN; - } + (void)output; + + if (msgType == client_hello) + return 0; return SANITY_MSG_E; } @@ -7363,15 +7363,11 @@ static word16 TLSX_PostHandAuth_Write(byte* output, byte msgType) static int TLSX_PostHandAuth_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType) { - byte len; + (void)input; if (msgType == client_hello) { - /* Ensure length byte exists. */ - if (length < OPAQUE8_LEN) - return BUFFER_E; - - len = input[0]; - if (length - OPAQUE8_LEN != len || len != 0) + /* Ensure extension is empty. */ + if (length != 0) return BUFFER_E; ssl->options.postHandshakeAuth = 1; @@ -9347,7 +9343,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifdef WOLFSSL_POST_HANDSHAKE_AUTH case TLSX_POST_HANDSHAKE_AUTH: - WOLFSSL_MSG("PSK Key Exchange Modes extension received"); + WOLFSSL_MSG("Post Handshake Authentication extension received"); if (!IsAtLeastTLSv1_3(ssl->version)) break; diff --git a/src/tls13.c b/src/tls13.c index 75bc5ddc1c..545dfcfd0f 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -3202,16 +3202,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, /* This message is always encrypted so add encryption padding. */ *inOutIdx += ssl->keys.padSz; -#if !defined(NO_WOLFSSL_CLIENT) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.handShakeState == HANDSHAKE_DONE) { - /* reset handshake states */ - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.connectState = FIRST_REPLY_DONE; - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - } -#endif - WOLFSSL_LEAVE("DoTls13CertificateRequest", ret); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -5855,7 +5845,15 @@ static int DoTls13Finished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (*inOutIdx + size + ssl->keys.padSz > totalSz) return BUFFER_E; - if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) { /* All the handshake messages have been received to calculate * client and server finished keys. */ @@ -5961,7 +5959,15 @@ static int SendTls13Finished(WOLFSSL* ssl) AddTls13HandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); /* make finished hashes */ - if (ssl->options.side == WOLFSSL_CLIENT_END) + if (ssl->options.handShakeDone) { + ret = DeriveFinishedSecret(ssl, ssl->arrays->clientSecret, + ssl->keys.client_write_MAC_secret); + if (ret != 0) + return ret; + + secret = ssl->keys.client_write_MAC_secret; + } + else if (ssl->options.side == WOLFSSL_CLIENT_END) secret = ssl->keys.client_write_MAC_secret; else { /* All the handshake messages have been done to calculate client and @@ -6864,13 +6870,14 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) ssl->arrays->psk_keySz != 0) { WOLFSSL_MSG("CertificateRequset received while using PSK"); return SANITY_MSG_E; - return SANITY_MSG_E; } #endif + #ifndef WOLFSSL_POST_HANDSHAKE_AUTH if (ssl->msgsReceived.got_certificate_request) { WOLFSSL_MSG("Duplicate CertificateRequest received"); return DUPLICATE_MSG_E; } + #endif ssl->msgsReceived.got_certificate_request = 1; break; @@ -6878,20 +6885,20 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type) case certificate_verify: #ifndef NO_WOLFSSL_CLIENT - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState != SERVER_CERT_COMPLETE) { - WOLFSSL_MSG("No Cert before CertVerify"); - return OUT_OF_ORDER_E; + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (ssl->options.serverState != SERVER_CERT_COMPLETE) { + WOLFSSL_MSG("No Cert before CertVerify"); + return OUT_OF_ORDER_E; + } + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + /* Server's authenticating with PSK must not send this. */ + if (ssl->options.serverState == SERVER_CERT_COMPLETE && + ssl->arrays->psk_keySz != 0) { + WOLFSSL_MSG("CertificateVerify received while using PSK"); + return SANITY_MSG_E; + } + #endif } - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - /* Server's authenticating with PSK must not send this. */ - if (ssl->options.side == WOLFSSL_CLIENT_END && - ssl->options.serverState == SERVER_CERT_COMPLETE && - ssl->arrays->psk_keySz != 0) { - WOLFSSL_MSG("CertificateVerify received while using PSK"); - return SANITY_MSG_E; - } - #endif #endif #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -7134,47 +7141,61 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.tls1_3) { /* Need to hash input message before deriving secrets. */ -#ifndef NO_WOLFSSL_CLIENT - if (type == server_hello && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveEarlySecret(ssl)) != 0) - return ret; - if ((ret = DeriveHandshakeSecret(ssl)) != 0) - return ret; + #ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (type == server_hello) { + if ((ret = DeriveEarlySecret(ssl)) != 0) + return ret; + if ((ret = DeriveHandshakeSecret(ssl)) != 0) + return ret; - if ((ret = DeriveTls13Keys(ssl, handshake_key, + if ((ret = DeriveTls13Keys(ssl, handshake_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #ifdef WOLFSSL_EARLY_DATA + if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) + return ret; + #else + if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) + return ret; + #endif } - #ifdef WOLFSSL_EARLY_DATA - if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; - #else - if ((ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE)) != 0) - return ret; - #endif - } - if (type == finished && ssl->options.side == WOLFSSL_CLIENT_END) { - if ((ret = DeriveMasterSecret(ssl)) != 0) - return ret; - #ifdef WOLFSSL_EARLY_DATA - if ((ret = DeriveTls13Keys(ssl, traffic_key, + if (type == finished) { + if ((ret = DeriveMasterSecret(ssl)) != 0) + return ret; + #ifdef WOLFSSL_EARLY_DATA + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, ssl->earlyData == no_early_data)) != 0) { - return ret; - } - #else - if ((ret = DeriveTls13Keys(ssl, traffic_key, + return ret; + } + #else + if ((ret = DeriveTls13Keys(ssl, traffic_key, ENCRYPT_AND_DECRYPT_SIDE, 1)) != 0) { - return ret; + return ret; + } + #endif } - #endif + #ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (type == certificate_request && + ssl->options.handShakeState == HANDSHAKE_DONE) { + /* reset handshake states */ + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + + if (wolfSSL_connect_TLSv13(ssl) != SSL_SUCCESS) + ret = POST_HAND_AUTH_ERROR; + } + #endif } -#endif /* NO_WOLFSSL_CLIENT */ + #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - if (type == finished && ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) { ret = DeriveResumptionSecret(ssl, ssl->session.masterSecret); if (ret != 0) return ret; @@ -7497,14 +7518,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) FALL_THROUGH; case FIRST_REPLY_THIRD: - #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - if (!ssl->options.sendVerify || !ssl->options.postHandshakeAuth) - #endif - { - if ((ssl->error = SendTls13Finished(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; - } + if ((ssl->error = SendTls13Finished(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; } WOLFSSL_MSG("sent: finished"); @@ -7805,11 +7821,16 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) certReqCtx->ctx = certReqCtx->next->ctx + 1; ssl->certReqCtx = certReqCtx; + ssl->msgsReceived.got_certificate = 0; + ssl->msgsReceived.got_certificate_verify = 0; + ssl->msgsReceived.got_finished = 0; + ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len); if (ret == WANT_WRITE) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; + return ret; } #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */ From ad0a10441dc0ba6cdb86a8c71d421f127cf7d181 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 5 Jun 2018 15:48:45 -0700 Subject: [PATCH 40/63] Fixes for building with openssl compatibility enabled and no TLS client/server. Resolves issues building with: `./configure --enable-opensslextra --disable-rsa --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples` `./configure --enable-opensslextra --disable-ecc --disable-supportedcurves CFLAGS="-DNO_WOLFSSL_CLIENT -DNO_WOLFSSL_SERVER" --disable-examples` Ticket 3872 --- src/internal.c | 17 ++++++++++++----- src/ssl.c | 8 +++++--- tests/api.c | 7 ++++--- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index f30838a101..bb116852a9 100644 --- a/src/internal.c +++ b/src/internal.c @@ -136,6 +136,7 @@ enum processReply { #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { @@ -143,6 +144,7 @@ static const byte tls13Downgrade[7] = { }; #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #ifndef NO_OLD_TLS static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, @@ -2735,7 +2737,7 @@ static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ #ifndef WOLFSSL_NO_TLS12 - +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) #if !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && defined(WC_RSA_PSS)) @@ -2766,11 +2768,9 @@ static enum wc_HashType HashAlgoToType(int hashAlgo) return WC_HASH_TYPE_NONE; } - #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ - -#endif - +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ +#endif /* !WOLFSSL_NO_TLS12 */ #ifndef NO_CERTS @@ -2862,6 +2862,7 @@ void FreeX509(WOLFSSL_X509* x509) } +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Encode the signature algorithm into buffer. * * hashalgo The hash algorithm. @@ -2934,10 +2935,12 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) } /* switch */ } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #endif /* !NO_CERTS */ #ifndef NO_RSA #ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) static int TypeHash(int hashAlgo) { switch (hashAlgo) { @@ -2961,6 +2964,7 @@ static int TypeHash(int hashAlgo) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ #endif /* !WOLFSSL_NO_TLS12 */ #if defined(WC_RSA_PSS) @@ -7078,6 +7082,7 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) #endif /* WOLFSSL_NO_TLS12 */ +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* cipher requirements */ enum { REQUIRES_RSA, @@ -7633,6 +7638,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) return 0; } +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + #ifndef NO_CERTS diff --git a/src/ssl.c b/src/ssl.c index 7c7bd39248..8fbf2ce65b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1147,6 +1147,8 @@ int wolfSSL_negotiate(WOLFSSL* ssl) } #endif + (void)ssl; + WOLFSSL_LEAVE("wolfSSL_negotiate", err); return err; @@ -8433,11 +8435,11 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA WOLFSSL_METHOD* wolfSSLv23_method(void) { - WOLFSSL_METHOD* m; + WOLFSSL_METHOD* m = NULL; WOLFSSL_ENTER("wolfSSLv23_method"); -#ifndef NO_WOLFSSL_CLIENT +#if !defined(NO_WOLFSSL_CLIENT) m = wolfSSLv23_client_method(); -#else +#elif !defined(NO_WOLFSSL_SERVER) m = wolfSSLv23_server_method(); #endif if (m != NULL) { diff --git a/tests/api.c b/tests/api.c index abfaf936b2..c867b442d4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -377,7 +377,8 @@ typedef struct testVector { static const char* passed = "passed"; static const char* failed = "failed"; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) static const char* bogusFile = #ifdef _WIN32 "NUL" @@ -385,7 +386,7 @@ static const char* failed = "failed"; "/dev/null" #endif ; -#endif +#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ enum { TESTING_RSA = 1, @@ -1147,7 +1148,7 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) *----------------------------------------------------------------------------*/ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) #define HAVE_IO_TESTS_DEPENDENCIES #endif From e1890a4b0e7e8708489728446235b226fd6c7cbf Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 09:23:54 -0700 Subject: [PATCH 41/63] Added some bad argument checks on compatibility functions `BIO_new_mem_buf` and `PEM_read_bio_PrivateKey`. --- src/ssl.c | 11 +++++++++-- tests/api.c | 10 +++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 8fbf2ce65b..e0ce59235a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -11599,12 +11599,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len) { WOLFSSL_BIO* bio = NULL; - if (buf == NULL) + + if (buf == NULL || len < 0) { return bio; + } bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - if (bio == NULL) + if (bio == NULL) { return bio; + } bio->memLen = bio->wrSz = len; bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); @@ -27389,6 +27392,10 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); + if (bio == NULL) { + return pkey; + } + if ((ret = wolfSSL_BIO_pending(bio)) > 0) { memSz = ret; mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL); diff --git a/tests/api.c b/tests/api.c index c867b442d4..0340372e95 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15712,7 +15712,10 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); - /* test of creating new EVP_PKEY */ + /* test creating new EVP_PKEY with bad arg */ + AssertNull((pkey2 = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* test creating new EVP_PKEY with good args */ AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); @@ -17518,6 +17521,11 @@ static void test_wolfSSL_BIO_gets(void) printf(testingFmt, "wolfSSL_X509_BIO_gets()"); + /* try with bad args */ + AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); + AssertNull(bio = BIO_new_mem_buf((void*)msg, -1)); + + /* try with real msg */ AssertNotNull(bio = BIO_new_mem_buf((void*)msg, sizeof(msg))); XMEMSET(buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); From 9cbd2b00d4f1ead2c923ef6cbf107da843513b81 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 10:04:39 -0700 Subject: [PATCH 42/63] Added test for `PEM_read_bio_PrivateKey` using BIO loaded using `BIO_new_mem_buf`. --- tests/api.c | 126 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 80 insertions(+), 46 deletions(-) diff --git a/tests/api.c b/tests/api.c index 0340372e95..96ff2966f4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -321,7 +321,7 @@ #include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */ #endif -/* enable testing buffer load functions */ +/* force enable test buffers */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 #endif @@ -15686,57 +15686,89 @@ static void test_wolfSSL_private_keys(void) static void test_wolfSSL_PEM_PrivateKey(void) { - #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) && \ - defined(USE_CERT_BUFFERS_2048) - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) + EVP_PKEY* pkey = NULL; - EVP_PKEY* pkey2 = NULL; - BIO* bio; - unsigned char extra[10]; - int i; - - printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); - - XMEMSET(extra, 0, sizeof(extra)); - AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); - - AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertNull(pkey); - - AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, - &server_key, (long)sizeof_server_key_der_2048)); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; /* test creating new EVP_PKEY with bad arg */ - AssertNull((pkey2 = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); - /* test creating new EVP_PKEY with good args */ - AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); +#if !defined(NO_FILESYSTEM) + { + BIO* bio; + XFILE file; + const char* fname = "./certs/server-key.pem"; + size_t sz; + byte* buf; - /* test of reuse of EVP_PKEY */ - AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertIntEQ(BIO_pending(bio), 0); - AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ - AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - AssertNotNull(pkey); - AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); - AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ - AssertIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - AssertIntEQ(extra[i], 0); + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + EVP_PKEY_free(pkey); } +#endif - BIO_free(bio); - EVP_PKEY_free(pkey); - EVP_PKEY_free(pkey2); +#if (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + { + BIO* bio; + EVP_PKEY* pkey2 = NULL; + unsigned char extra[10]; + int i; + + printf(testingFmt, "wolfSSL_PEM_PrivateKey()"); + + XMEMSET(extra, 0, sizeof(extra)); + + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); + + AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertNull(pkey); + + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + /* test creating new EVP_PKEY with good args */ + AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + + /* test of reuse of EVP_PKEY */ + AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertIntEQ(BIO_pending(bio), 0); + AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/ + AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + AssertNotNull(pkey); + AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); + AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ + AssertIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + AssertIntEQ(extra[i], 0); + } + + BIO_free(bio); + EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey2); + } + #endif /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) @@ -15810,7 +15842,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif printf(resultFmt, passed); - #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + + (void)server_key; +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } From 292e9535ae4ee7c3da65d03af6c79b986f6fd946 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 10:28:31 -0700 Subject: [PATCH 43/63] Fix for `wolfSSL_ERR_clear_error` to call `wc_ClearErrorNodes` when its available (mismatched macros), which was incorrectly causing `test_wolfSSL_ERR_put_error` to fail. Added `test_wolfSSL_PEM_PrivateKey` test for ECC based key. Refactored the RNG test to only run the reseed test if `TEST_RESEED_INTERVAL` is defined. This is the test that was causing the tests/api.c to take so long to complete. Will add this macro to the enable options test. --- src/ssl.c | 2 +- tests/api.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 64 insertions(+), 9 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e0ce59235a..ca005eb191 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13618,7 +13618,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) wc_ClearErrorNodes(); #endif } diff --git a/tests/api.c b/tests/api.c index 96ff2966f4..142af2a562 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15687,7 +15687,7 @@ static void test_wolfSSL_private_keys(void) static void test_wolfSSL_PEM_PrivateKey(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && \ defined(USE_CERT_BUFFERS_2048) EVP_PKEY* pkey = NULL; @@ -15696,7 +15696,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); -#if !defined(NO_FILESYSTEM) + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { BIO* bio; XFILE file; @@ -15722,7 +15723,34 @@ static void test_wolfSSL_PEM_PrivateKey(void) } #endif -#if (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + BIO* bio; + XFILE file; + const char* fname = "./certs/ecc-key.pem"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading PEM private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + EVP_PKEY_free(pkey); + } +#endif + +#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) { BIO* bio; EVP_PKEY* pkey2 = NULL; @@ -15771,7 +15799,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_FILESYSTEM) { pem_password_cb* passwd_cb; void* passwd_cb_userdata; @@ -15812,7 +15840,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) } #endif /* !defined(NO_DES3) */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; size_t bytes; @@ -17336,7 +17364,7 @@ static void test_wolfSSL_pseudo_rand(void) #endif } -static void test_wolfSSL_pkcs8(void) +static void test_wolfSSL_PKCS8_Compat(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) PKCS8_PRIV_KEY_INFO* pt; @@ -19451,7 +19479,8 @@ static void test_DhCallbacks(void) #ifdef HAVE_HASHDRBG -static int test_wc_RNG_GenerateBlock() +#ifdef TEST_RESEED_INTERVAL +static int test_wc_RNG_GenerateBlock_Reseed() { int i, ret; WC_RNG rng; @@ -19472,6 +19501,29 @@ static int test_wc_RNG_GenerateBlock() return ret; } +#endif /* TEST_RESEED_INTERVAL */ + +static int test_wc_RNG_GenerateBlock() +{ + int i, ret; + WC_RNG rng; + byte key[32]; + + ret = wc_InitRng(&rng); + + if (ret == 0) { + for(i = 0; i < 10; i++) { + ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); + if (ret != 0) { + break; + } + } + } + + wc_FreeRng(&rng); + + return ret; +} #endif static void test_wolfSSL_X509_CRL(void) @@ -19711,7 +19763,7 @@ void ApiTest(void) test_wolfSSL_CTX_set_srp_username(); test_wolfSSL_CTX_set_srp_password(); test_wolfSSL_pseudo_rand(); - test_wolfSSL_pkcs8(); + test_wolfSSL_PKCS8_Compat(); test_wolfSSL_ERR_put_error(); test_wolfSSL_HMAC(); test_wolfSSL_OBJ(); @@ -19900,6 +19952,9 @@ void ApiTest(void) #endif #ifdef HAVE_HASHDRBG + #ifdef TEST_RESEED_INTERVAL + AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0); + #endif AssertIntEQ(test_wc_RNG_GenerateBlock(), 0); #endif From dac5f84f6160b96ac47fa7ed5f59e5fffff87b80 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 6 Jun 2018 12:54:48 -0700 Subject: [PATCH 44/63] Fix build error with missing `bio`. Fix for `pkey` not being reset to NULL for `d2i_PrivateKey` failure case test. --- tests/api.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index 142af2a562..faf006ff9e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -15690,6 +15690,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) (!defined(NO_RSA) || defined(HAVE_ECC)) && \ defined(USE_CERT_BUFFERS_2048) + BIO* bio = NULL; EVP_PKEY* pkey = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; @@ -15699,7 +15700,6 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { - BIO* bio; XFILE file; const char* fname = "./certs/server-key.pem"; size_t sz; @@ -15719,14 +15719,15 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { - BIO* bio; XFILE file; const char* fname = "./certs/ecc-key.pem"; size_t sz; @@ -15746,13 +15747,14 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; } #endif #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) { - BIO* bio; EVP_PKEY* pkey2 = NULL; unsigned char extra[10]; int i; @@ -15793,7 +15795,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) } BIO_free(bio); + bio = NULL; EVP_PKEY_free(pkey); + pkey = NULL; EVP_PKEY_free(pkey2); } #endif @@ -15835,7 +15839,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; BIO_free(bio); + bio = NULL; SSL_CTX_free(ctx); } #endif /* !defined(NO_DES3) */ @@ -15865,6 +15871,7 @@ static void test_wolfSSL_PEM_PrivateKey(void) AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); + pkey = NULL; SSL_CTX_free(ctx); } #endif @@ -15872,6 +15879,9 @@ static void test_wolfSSL_PEM_PrivateKey(void) printf(resultFmt, passed); (void)server_key; + (void)bio; + (void)pkey; + #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } From 53b0d2cba39ac911a526bfe4c33832dcea7d3200 Mon Sep 17 00:00:00 2001 From: Tim Parrish <--global> Date: Tue, 12 Jun 2018 10:59:42 -0600 Subject: [PATCH 45/63] updated readme to show that AMD processors are supported --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 77fb354413..abe15739f1 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,9 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` +# wolfSSL Release x.x.x + +* Added AES performance enhancements on AMD processors using Intel ASM instructions # wolfSSL Release 3.14.0 (3/02/2018) From 26835bef794ba038b5af6ff0c09b41a510099109 Mon Sep 17 00:00:00 2001 From: Tim Parrish <--global> Date: Tue, 12 Jun 2018 13:54:50 -0600 Subject: [PATCH 46/63] Updated README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 0c8c2d775b..919e0e935b 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,10 @@ hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name. ``` +# wolfSSL Release x.x.x + +* Added AES performance enhancements on AMD processors with build option `./configure --enable-intelasm` + # wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: From 9448b96afd8b0848f2620e00929e6f0160556466 Mon Sep 17 00:00:00 2001 From: Tim Parrish <--global> Date: Tue, 12 Jun 2018 14:15:57 -0600 Subject: [PATCH 47/63] updated change log --- ChangeLog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog.md b/ChangeLog.md index 750274aed2..5e9ed1641d 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,7 @@ +# wolfSSL Release x.x.x + +* Added AES performance enhancements on AMD processors with build option `./configure --enable-intelasm` + # wolfSSL Release 3.15.0 (06/05/2018) Release 3.15.0 of wolfSSL embedded TLS has bug fixes and new features including: From 1f16b36402d4925b3d64ca45d00e8674978b5fa6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 12 Jun 2018 14:15:34 -0700 Subject: [PATCH 48/63] Fixes for `MatchDomainName` to properly detect failures: * Fix `MatchDomainName` to also check for remaining len on success check. * Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN). Added additional tests for matching on domain name: * Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria * Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h) * Check for bad common name (CN=www.nomatch.com, Alt=None) * Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com) * Check for good wildcard common name (CN=*localhost, Alt=None) * Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost) --- certs/crl/server-goodaltwildCrl.pem | 38 +++++++++ certs/crl/server-goodcnwildCrl.pem | 38 +++++++++ certs/test/gen-testcerts.sh | 106 +++++++++++++++++++------- certs/test/include.am | 26 ++++--- certs/test/server-badaltname.der | Bin 0 -> 939 bytes certs/test/server-badaltname.pem | 74 ++++++++++++++++++ certs/test/server-badaltnamenull.conf | 17 ----- certs/test/server-badaltnamenull.csr | 17 ----- certs/test/server-badaltnamenull.der | Bin 855 -> 0 bytes certs/test/server-badaltnamenull.key | 27 ------- certs/test/server-badaltnamenull.pem | 72 ----------------- certs/test/server-badaltnull.der | Bin 0 -> 935 bytes certs/test/server-badaltnull.pem | 74 ++++++++++++++++++ certs/test/server-badcn.der | Bin 0 -> 907 bytes certs/test/server-badcn.pem | 70 +++++++++++++++++ certs/test/server-badcnnull.der | Bin 0 -> 973 bytes certs/test/server-badcnnull.pem | 72 +++++++++++++++++ certs/test/server-goodaltwild.der | Bin 0 -> 934 bytes certs/test/server-goodaltwild.pem | 74 ++++++++++++++++++ certs/test/server-goodcnwild.der | Bin 0 -> 895 bytes certs/test/server-goodcnwild.pem | 70 +++++++++++++++++ certs/test/server-nomatch.conf | 16 ---- certs/test/server-nomatch.csr | 17 ----- certs/test/server-nomatch.der | Bin 837 -> 0 bytes certs/test/server-nomatch.key | 27 ------- certs/test/server-nomatch.pem | 69 ----------------- src/internal.c | 14 ++-- tests/test-fails.conf | 47 ++++++++++-- tests/test.conf | 28 +++++++ wolfcrypt/src/asn.c | 17 +++-- wolfssl/wolfcrypt/asn.h | 1 + 31 files changed, 687 insertions(+), 324 deletions(-) create mode 100644 certs/crl/server-goodaltwildCrl.pem create mode 100644 certs/crl/server-goodcnwildCrl.pem create mode 100644 certs/test/server-badaltname.der create mode 100644 certs/test/server-badaltname.pem delete mode 100644 certs/test/server-badaltnamenull.conf delete mode 100644 certs/test/server-badaltnamenull.csr delete mode 100644 certs/test/server-badaltnamenull.der delete mode 100644 certs/test/server-badaltnamenull.key delete mode 100644 certs/test/server-badaltnamenull.pem create mode 100644 certs/test/server-badaltnull.der create mode 100644 certs/test/server-badaltnull.pem create mode 100644 certs/test/server-badcn.der create mode 100644 certs/test/server-badcn.pem create mode 100644 certs/test/server-badcnnull.der create mode 100644 certs/test/server-badcnnull.pem create mode 100644 certs/test/server-goodaltwild.der create mode 100644 certs/test/server-goodaltwild.pem create mode 100644 certs/test/server-goodcnwild.der create mode 100644 certs/test/server-goodcnwild.pem delete mode 100644 certs/test/server-nomatch.conf delete mode 100644 certs/test/server-nomatch.csr delete mode 100644 certs/test/server-nomatch.der delete mode 100644 certs/test/server-nomatch.key delete mode 100644 certs/test/server-nomatch.pem diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem new file mode 100644 index 0000000000..3cb2b27f17 --- /dev/null +++ b/certs/crl/server-goodaltwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 12 21:08:33 2018 GMT + Next Update: Mar 8 21:08:33 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 25:6a:7f:6a:71:9a:66:67:ed:88:29:d4:ec:37:a5:f2:03:0e: + cd:18:c6:f0:a8:2f:3c:8c:cf:83:d2:0c:60:97:52:73:5f:a2: + c3:76:c4:87:b4:0a:b3:7c:0d:37:64:72:30:d6:cc:58:0c:3e: + b6:ec:d0:1d:a1:19:a2:b6:58:c9:63:28:d5:45:45:8c:2f:f7: + 09:05:7d:5e:09:07:c7:53:01:f3:40:70:5f:6a:c1:1f:2c:36: + 27:8e:a1:bb:a0:94:b2:a5:98:76:f8:be:e1:87:22:d1:21:13: + 64:02:2b:de:9d:65:5a:d7:b6:48:08:b3:03:ce:f4:ef:81:66: + 1a:90:ea:b1:f4:cf:57:e2:1c:71:d6:85:24:c2:89:c2:2b:3d: + 14:00:8a:4a:7c:84:52:d5:f0:92:82:7f:04:84:dd:64:b5:86: + d2:a9:16:b1:0d:4c:57:a4:08:9b:82:4c:76:83:c5:77:3f:83: + ee:1e:2a:ea:0d:1c:5a:ff:a6:d7:00:49:ec:55:9b:8b:9e:a3: + ed:94:20:7a:0c:f0:6b:ca:9f:ec:d9:b5:2b:48:6c:a9:9b:fb: + fd:dd:95:e3:68:2c:83:61:ce:64:02:ac:09:e1:2d:3c:93:81: + e0:2c:87:35:14:7c:ae:fb:68:29:c2:35:55:75:fe:4f:9e:15: + 21:eb:bc:75 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAlan9qcZpmZ+2IKdTsN6Xy +Aw7NGMbwqC88jM+D0gxgl1JzX6LDdsSHtAqzfA03ZHIw1sxYDD627NAdoRmitljJ +YyjVRUWML/cJBX1eCQfHUwHzQHBfasEfLDYnjqG7oJSypZh2+L7hhyLRIRNkAive +nWVa17ZICLMDzvTvgWYakOqx9M9X4hxx1oUkwonCKz0UAIpKfIRS1fCSgn8EhN1k +tYbSqRaxDUxXpAibgkx2g8V3P4PuHirqDRxa/6bXAEnsVZuLnqPtlCB6DPBryp/s +2bUrSGypm/v93ZXjaCyDYc5kAqwJ4S08k4HgLIc1FHyu+2gpwjVVdf5PnhUh67x1 +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem new file mode 100644 index 0000000000..5ba972e04b --- /dev/null +++ b/certs/crl/server-goodcnwildCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com + Last Update: Jun 12 21:08:33 2018 GMT + Next Update: Mar 8 21:08:33 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 7b:61:c6:5b:68:f8:1d:4b:65:f5:67:ee:26:cc:1f:76:fc:70: + 80:55:54:01:66:d9:ba:b0:f5:bc:3e:52:ea:4e:d0:a5:95:eb: + 36:4b:9b:fa:8d:c3:62:3b:9b:e5:5a:8c:4a:50:f4:dc:33:bb: + 8d:d1:41:7f:1b:a7:7e:9a:c5:48:b6:42:85:55:8c:30:ce:16: + 83:e4:f8:20:6d:1d:b4:c6:64:cf:d9:47:19:fa:ee:87:6e:9f: + 61:33:a6:3b:81:24:93:74:e4:33:36:ea:83:42:d5:a0:19:9b: + 91:3c:c4:35:3b:90:37:62:25:fe:a5:2f:6d:2e:ed:02:09:9a: + 8c:9b:c3:2a:eb:90:33:eb:95:60:ff:39:26:ba:63:03:75:a8: + 7e:5b:59:dd:a3:9b:a0:16:ce:aa:96:96:45:9e:53:50:36:bd: + 8d:ef:1e:a3:26:96:94:9f:64:d2:ca:b4:28:21:87:2b:07:1a: + c9:00:28:80:b4:c5:10:f7:28:9b:ff:01:a3:6b:a8:f1:3d:53: + 25:8c:ea:a5:41:43:ec:b5:63:29:51:d8:5a:0b:18:97:59:c2: + f8:0b:6c:ee:99:0a:2d:79:d4:00:8e:ae:36:a5:2e:f6:4f:07: + 0e:85:4c:8d:4b:4b:b2:9f:33:09:0f:ed:59:c2:58:0b:e2:da: + cb:cc:44:f3 +-----BEGIN X509 CRL----- +MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s +ZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAMMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB7YcZbaPgdS2X1Z+4mzB92/HCAVVQB +Ztm6sPW8PlLqTtClles2S5v6jcNiO5vlWoxKUPTcM7uN0UF/G6d+msVItkKFVYww +zhaD5PggbR20xmTP2UcZ+u6Hbp9hM6Y7gSSTdOQzNuqDQtWgGZuRPMQ1O5A3YiX+ +pS9tLu0CCZqMm8Mq65Az65Vg/zkmumMDdah+W1ndo5ugFs6qlpZFnlNQNr2N7x6j +JpaUn2TSyrQoIYcrBxrJACiAtMUQ9yib/wGja6jxPVMljOqlQUPstWMpUdhaCxiX +WcL4C2zumQotedQAjq42pS72TwcOhUyNS0uynzMJD+1ZwlgL4trLzETz +-----END X509 CRL----- diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index f51942597e..3b6500e1c9 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -1,43 +1,91 @@ #!/bin/sh -# Generate CN=localhost, AltName=localhost\0h -echo "step 1 create key" -openssl genrsa -out server-badaltnamenull.key 2048 +# Args: 1=FileName, 2=CN, 3=AltName +function build_test_cert_conf { + echo "[ req ]" > $1.conf + echo "prompt = no" >> $1.conf + echo "default_bits = 2048" >> $1.conf + echo "distinguished_name = req_distinguished_name" >> $1.conf + echo "req_extensions = req_ext" >> $1.conf + echo "" >> $1.conf + echo "[ req_distinguished_name ]" >> $1.conf + echo "C = US" >> $1.conf + echo "ST = Montana" >> $1.conf + echo "L = Bozeman" >> $1.conf + echo "OU = Engineering" >> $1.conf + echo "CN = $2" >> $1.conf + echo "emailAddress = info@wolfssl.com" >> $1.conf + echo "" >> $1.conf + echo "[ req_ext ]" >> $1.conf + if [ -n "$3" ]; then + if [[ "$3" != *"DER"* ]]; then + echo "subjectAltName = @alt_names" >> $1.conf + echo "[alt_names]" >> $1.conf + echo "DNS.1 = $3" >> $1.conf + else + echo "subjectAltName = $3" >> $1.conf + fi + fi +} -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nlocalhost\n.\n" | openssl req -new -sha256 -out server-badaltnamenull.csr -key server-badaltnamenull.key -config server-badaltnamenull.conf +# Args: 1=FileName +function generate_test_cert { + rm $1.der + rm $1.pem -echo "step 3 check csr" -openssl req -text -noout -in server-badaltnamenull.csr + echo "step 1 create configuration" + build_test_cert_conf $1 $2 $3 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-badaltnamenull.csr -signkey server-badaltnamenull.key \ - -out server-badaltnamenull.pem -extensions req_ext -extfile server-badaltnamenull.conf + echo "step 2 create csr" + openssl req -new -sha256 -out $1.csr -key ../server-key.pem -config $1.conf -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-badaltnamenull.pem -text > tmp.pem -mv tmp.pem server-badaltnamenull.pem + echo "step 3 check csr" + openssl req -text -noout -in $1.csr -openssl x509 -inform pem -in server-badaltnamenull.pem -outform der -out server-badaltnamenull.der + echo "step 4 create cert" + openssl x509 -req -days 1000 -in $1.csr -signkey ../server-key.pem \ + -out $1.pem -extensions req_ext -extfile $1.conf + rm $1.conf + rm $1.csr + + if [ -n "$4" ]; then + echo "step 5 generate crl" + mkdir ../crl/demoCA + touch ../crl/demoCA/index.txt + echo "01" > ../crl/crlnumber + openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out crl.revoked -keyfile ../server-key.pem -cert $1.pem + rm ../crl/$1Crl.pem + openssl crl -in crl.revoked -text > tmp.pem + mv tmp.pem ../crl/$1Crl.pem + rm crl.revoked + rm -rf ../crl/demoCA + rm ../crl/crlnumber* + fi + + echo "step 6 add cert text information to pem" + openssl x509 -inform pem -in $1.pem -text > tmp.pem + mv tmp.pem $1.pem + + echo "step 7 make binary der version" + openssl x509 -inform pem -in $1.pem -outform der -out $1.der +} -# Generate CN=www.nomatch.com, no AltName -echo "step 1 create key" -openssl genrsa -out server-nomatch.key 2048 +# Generate Good CN=*localhost, Alt=None +generate_test_cert server-goodcnwild *localhost "" 1 -echo "step 2 create csr" -echo "US\nMontana\nBozeman\nEngineering\nwww.nomatch.com\n.\n" | openssl req -new -sha256 -out server-nomatch.csr -key server-nomatch.key -config server-nomatch.conf +# Generate Good CN=www.nomatch.com, Alt=*localhost +generate_test_cert server-goodaltwild www.nomatch.com *localhost 1 -echo "step 3 check csr" -openssl req -text -noout -in server-nomatch.csr +# Generate Bad CN=localhost\0h, Alt=None +# DG: Have not found a way to properly encode null in common name +generate_test_cert server-badcnnull DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 -echo "step 4 create cert" -openssl x509 -req -days 1000 -in server-nomatch.csr -signkey server-nomatch.key \ - -out server-nomatch.pem -extensions req_ext -extfile server-nomatch.conf +# Generate Bad Name CN=www.nomatch.com, Alt=None +generate_test_cert server-badcn www.nomatch.com -echo "step 5 make human reviewable" -openssl x509 -inform pem -in server-nomatch.pem -text > tmp.pem -mv tmp.pem server-nomatch.pem - -openssl x509 -inform pem -in server-nomatch.pem -outform der -out server-nomatch.der +# Generate Bad Alt CN=www.nomatch.com, Alt=localhost\0h +generate_test_cert server-badaltnull www.nomatch.com DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 +# Generate Bad Alt Name CN=www.nomatch.com, Alt=www.nomatch.com +generate_test_cert server-badaltname www.nomatch.com www.nomatch.com diff --git a/certs/test/include.am b/certs/test/include.am index 0e8eec2258..c1f4a447d9 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -20,16 +20,22 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/test/gen-testcerts.sh \ - certs/test/server-badaltnamenull.conf \ - certs/test/server-badaltnamenull.csr \ - certs/test/server-badaltnamenull.key \ - certs/test/server-badaltnamenull.pem \ - certs/test/server-badaltnamenull.der \ - certs/test/server-nomatch.conf \ - certs/test/server-nomatch.csr \ - certs/test/server-nomatch.key \ - certs/test/server-nomatch.pem \ - certs/test/server-nomatch.der + certs/test/server-goodcnwild.pem \ + certs/test/server-goodcnwild.der \ + certs/test/server-goodcnwild.csr \ + certs/test/server-goodaltwild.pem \ + certs/test/server-goodaltwild.der \ + certs/test/server-badcnnull.pem \ + certs/test/server-badcnnull.der \ + certs/test/server-badcn.pem \ + certs/test/server-badcn.der \ + certs/test/server-badaltnull.pem \ + certs/test/server-badaltnull.der \ + certs/test/server-badaltname.der \ + certs/test/server-badaltname.pem \ + certs/crl/server-goodaltwildCrl.pem \ + certs/crl/server-goodcnwildCrl.pem + EXTRA_DIST += \ certs/test/crit-cert.pem \ diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der new file mode 100644 index 0000000000000000000000000000000000000000..7c831d6be34cf4d7f03586f7407389f1069f4dd7 GIT binary patch literal 939 zcmXqLVqR|0#MHllnTe5!iIZV}K}*RB|DtXKUN%mxHjlRNyo`*jtPBQ?O@`bCoNUaY zENsF|p}~d%27Dk62M@b%eqKppULs6{orm2izbZ91G0#xMKnSFUn}^#qFFi9aHMJ-+ zFWpeWKnx_x%)?(^UapsypPN{coS~PTpKB;@APcvYlTl0{GcPUQp*%k)t++S`q`*K< zoY&C8z|7Fd$k4#T*f>g@*T~So*uVnH9UP8qVpKv7JVsUq<|amd27@L>E~X|%Mur1Z zIUa^Pek#n}e#zBQoiX*8>$*>SR19`ZJ*V$??VC);o|^f;SESefinm>kn-<8kH)Qj}+<2Ki%EcEsnL9-;3G7TctaV}GG_O4muSi87UvS`Has|JO zxq;EN1|#LE3(I#2Uz%S0C|31k7Vlxpge6-xWI8!%=gwpa=ua7)@me_ps z(zN?GFZi#$&cw{fz_?h>K*m6djX6|SkVV))un9daAcr6;I0P9P()F5LH#!~joqC@C zQ{Oc1yXDWe@E_Qd&Cl}Y-or=PT%K$03-|Q^iI`Y+t<8LiN4P>HME!zYk=+(=1L7RgPb1!10mi!mN^$oW~Ea-PUW`V)Fq2 D{WfCz literal 0 HcmV?d00001 diff --git a/certs/test/server-badaltname.pem b/certs/test/server-badaltname.pem new file mode 100644 index 0000000000..f012f26313 --- /dev/null +++ b/certs/test/server-badaltname.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13794671295210680971 (0xbf708474a84f728b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:www.nomatch.com + Signature Algorithm: sha1WithRSAEncryption + 67:2e:82:45:b1:42:c6:4d:95:cf:0f:f2:8e:96:0b:dd:77:e6: + b4:0f:c0:bc:6b:0f:04:ec:de:e1:e2:6b:0a:49:ac:df:13:8c: + 8f:4c:66:b9:48:ac:2b:f4:ae:ca:35:ad:31:a0:ef:f1:4b:8e: + 02:6d:42:ab:4b:8b:55:14:d8:86:df:f7:b6:cc:ce:42:ec:1b: + 49:53:e8:09:d1:33:d1:cf:a7:a4:40:90:c2:1d:6d:59:09:0d: + 95:06:ef:81:e0:89:8f:71:19:50:97:84:a2:69:25:78:d3:f7: + be:2c:e0:2c:f4:a5:c9:11:d7:fb:bf:b6:de:02:ee:2b:d7:c5: + 55:46:17:7b:d8:9b:49:77:42:ad:43:67:f6:1b:10:a6:fc:ce: + 60:d0:3e:79:3d:b7:ce:63:95:07:af:22:fb:45:6b:9b:da:4e: + a9:96:75:c2:e8:57:30:65:85:50:b0:b3:aa:0d:38:dc:13:0d: + 2a:fa:fa:76:88:89:a1:07:38:e7:98:55:7d:10:ac:48:da:2a: + 2d:09:98:60:d1:0d:03:80:58:11:1a:aa:dd:2e:3e:88:3b:90: + b7:a3:a5:38:25:ef:3c:cb:6f:f9:16:fb:c0:6a:ee:29:73:63: + 55:23:5f:a1:30:08:f1:0c:d0:9a:74:c9:09:c7:c0:06:db:2e: + 82:b4:3c:f0 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIJAL9whHSoT3KLMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMeMBwwGgYDVR0RBBMwEYIPd3d3Lm5vbWF0Y2guY29tMA0GCSqGSIb3 +DQEBBQUAA4IBAQBnLoJFsULGTZXPD/KOlgvdd+a0D8C8aw8E7N7h4msKSazfE4yP +TGa5SKwr9K7KNa0xoO/xS44CbUKrS4tVFNiG3/e2zM5C7BtJU+gJ0TPRz6ekQJDC +HW1ZCQ2VBu+B4ImPcRlQl4SiaSV40/e+LOAs9KXJEdf7v7beAu4r18VVRhd72JtJ +d0KtQ2f2GxCm/M5g0D55PbfOY5UHryL7RWub2k6plnXC6FcwZYVQsLOqDTjcEw0q ++vp2iImhBzjnmFV9EKxI2iotCZhg0Q0DgFgRGqrdLj6IO5C3o6U4Je88y2/5FvvA +au4pc2NVI1+hMAjxDNCadMkJx8AG2y6CtDzw +-----END CERTIFICATE----- diff --git a/certs/test/server-badaltnamenull.conf b/certs/test/server-badaltnamenull.conf deleted file mode 100644 index cfca7b7e17..0000000000 --- a/certs/test/server-badaltnamenull.conf +++ /dev/null @@ -1,17 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.wolfssl.com -commonName_max = 64 -commonName_default = localhost - -[ req_ext ] -#subjectAltName = localhost\0h -subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-badaltnamenull.csr b/certs/test/server-badaltnamenull.csr deleted file mode 100644 index 7ee5658d69..0000000000 --- a/certs/test/server-badaltnamenull.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICyTCCAbECAQAwWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAls -b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBWOI9sH7D -UouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluER8yoj6E3//LY -58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3Md7UT52xOLkz -0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+EO2WvvA8c5fiS -ozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4ggwuvegNdEqeRg -CtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7SFWgzbRayp5y -a7jal5x/6U+5AgMBAAGgKTAnBgkqhkiG9w0BCQ4xGjAYMBYGA1UdEQQPMA2CC2xv -Y2FsaG9zdABoMA0GCSqGSIb3DQEBCwUAA4IBAQCHfMbbmvXJGKjO6Z6UOkF3f7sa -cB8gEyjm9+Aa8gMQnaWOH8Sw6nGhGNSOVTQUIqt8EohqNCd/jrjZF34mecaJ3ycw -ryt7AGQzQX5uutBLVr55jszVVC8EDKuPzO3jXH6h6ptvSebG/0KL0P+JHL5JvzZ1 -wAsTBtnnnrnxCQO3a2SFC4zVyH+LCP+EWehH7Sjt9FtrCIoP+xoM6AJ2tCxb4CHH -A8WGuw36lG78DH6rs4kbh0iCP/pKYrYeG9EBOj6+Bw7WF4ee6QhL0VzHXUcIFjkp -YlVLGBTL6KVjPW4uim1az5F1+HxZTvbAbnPU7f81M2ePmqbFfODYO1KPXycg ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-badaltnamenull.der b/certs/test/server-badaltnamenull.der deleted file mode 100644 index b844057227287489832d48d5d20ed74a6770d022..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 855 zcmXqLVh%QFVzOSq%*4pV#K~~eFjda=$HLhLylk9WZ60mkc^Mg5Ss4tX4Y>_C*_cCF z*o2uvgAD}?_&^*E9(LdSypqJcM3@LW54%%-RcdZxo}q|=5J(Ld54USxdS+f~YEfoh zx}lJP07#UXhchQXIWZ?AzqrIePMp`!!obwP*wDV-Ql3_%~Lq|bY_S;_^g)aPd_Z)A+&O1t?!c5 z>CE3JTw^yhTxzS97v181W<~!(^Z%c2JU`Z4!qW6x{=reBYde%Z8sgm|n&;c6+={Yy zkhNQ;_)^tA=kJP{+YRqs@t?cVVyE$Cwx{VPi;EUYybd=tNc?q#J3jI2%%)7kDmy8L z<<-5i-i!s4l;vBjQ`hg|mwEbQ(qa>Zx~rFr|5e=I8tToxqohuAt8m8df6L?aeiZhc zd;I>&Jh{jJI}{GRzSnTwW#y9ut_wm-*_OK8-?(mtqT`C+pI6sUkkpc2^hIOM=c41M zySrFkUJ9SzzS|>o!PzZQr{)!9@3=L6PW?;&olMM(42+AV3?vN1*qB3Q1zGqFc$>K4 zk;jmM9D1za&|_p+SN1B-Sm(Uhi8qVXwIp{c?atgX&Gfsf%-!zaM^+e#cNQ<$qrBMj z%3rDLfA+V>Ith6zD3rL@)lBa^_;GQQRRs4IR_=pLx0c;Gm6H(huUY2L+v9tt-QTp{ z@T-Qa?$rZPPE!x39CeF1+jp({@0_otE@!UQ-Ix{{!!Tcd%||YFO`ct=YvtGUI)t`8 zF_jhU6zD#b{(q)X+UHoW!{%}3Mh?}Q0jf_A-nd_#V)y-s9An2nm2W(+z8Bq>E8>}* zaya|VxtSYF6F;rFnqOVZR-LmVXN{Zr-Sy8-_ZM6be`Im<*{sR8g4v!~9<9vcTH|?( aWnqGT{IvI{a!itP)~L!{eek`n<~{(@cT0N! diff --git a/certs/test/server-badaltnamenull.key b/certs/test/server-badaltnamenull.key deleted file mode 100644 index b7d71ee2bc..0000000000 --- a/certs/test/server-badaltnamenull.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAwVjiPbB+w1KLs5QIDiyYFUBMqx8PZ8MXiBKpsX1NpGWXA/eQ -1gcxMaU9Jm5bhEfMqI+hN//y2OfGg3QEgvsf4MUy1rgjSIBfRliDnz9k2lo/QB0+ -piHpJT9s/aiZtzHe1E+dsTi5M9MG5Wc0o3KhGOtXNTBh+sQLX2H1mYJpMXo+GgCn -e40dSwFwkiMfhDtlr7wPHOX4kqM0IH7V0jP+eN+1VUsLuHR+KbUTaLv+p14u+HGM -zuPv1J4e4/+IIMLr3oDXRKnkYArQEqUGpUTfsa6oIUGo+/Orf5AZKh+i9Cis83LH -y4uKBOnSV5+Hu0hVoM20Wsqecmu42pecf+lPuQIDAQABAoIBAEL0a8xfHVa4dCZo -4e0+ph/d127+34/YMILvq5IKSWPfxk8aYS6s6O0/QpDXcJu7XXUV4AeLe+Z/RPBq -sdFF84Eb6QIQXC+UPOoYZuQzyNIQpIyoU/SmE53RfAXPaAPXokm1lG81rHT05BN3 -DPR5Eq6VeOqzaYq0bxfFzY4uag02pITGuYMIxuBkJ+q9mu9XTaBWY1mGlD0zqxUZ -LC0dgrWklJFNHNWddrsMl0LDXFRfuxdFmoZT5NBLh+DWgKq/IW+TAqe3lZGVCPFs -cctR3WevykigH5TZmK3gsT98kqe5y9xO+pOpAvNAKeiXVYEREzE+PbsdiLiXbaEy -X1pUB70CgYEA7BSSQqa5duNNwOFp9DcNmMj1VKE2ixhRZi+R7jxHquiyh6IQv7tf -865f8ZA55mPwy5h/Gqin6YdswvkwHUqbEstnQ+BXmcXaI0EY6iZAkSSKbC0ygr3o -yVuRSCJmkCdmb8KIz0yguEjOmbNcavaH9ivE7KS6DhYb65PwyGuCxqsCgYEA0alC -a84cpN59zFTaW85gpq1zeWMbXmkBees8xnygJ4kZw2MkqQSZw+zUFdb9WbltSAsU -Y8eF0SAaShoXfa7BwB2Bnrs7NZMQzZfVmSG5QLF45v+087guN7pgWnmkUQ0G9ijc -oLI5Mn3oMy9UrJ48JUVwYysaacgRa73tMsGZ0ysCgYALrbDWjzzZfsEX6468QATy -K+7G8vqpwtgz/+JuMJkzATPjtcayVWiXu2aPopzaotMEn1SaUwGLceGVe5I/wLMP -KPTAzNZIixsRZ2T+IEpNY8tdMpcvFInxfBAhy2Hbe7d7i9oMtzO0KhXeUJsfx3ZO -XTfupO93Ruy2qKjeoULk5QKBgCDD9O9oHK3fX4WJVT63t/8UaFF2HZbZjjOBgdP7 -MgQ7tt0EJ3yKjYVDA7oOCTX2do+lu6AEVHNkMveVsEoh/4GImvM1i4FJ5Hxc2DLA -RHVJxv1CxQK5q+9lnx1EmVtZT9c0d5Zdg/bSGnG1WeRILlocyf2VhOE3NRHDcshV -3TZVAoGAXP0SDgRcA544d0zdw07f9/KgHlYcsJuPGt2F7UzjIZiBivr3yh+EXBw2 -xMqRwFnsBeOgvW/i3Je01RjeWZL6M9Lq1ywk2HZtDPnN6dP15LwSS33OBRca5Fk+ -CyKDfZHd+8c2wj8hNsxd/D4N7ZVDrU3UNvMslHwGh0PbIaQxcQM= ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-badaltnamenull.pem b/certs/test/server-badaltnamenull.pem deleted file mode 100644 index 61017211c2..0000000000 --- a/certs/test/server-badaltnamenull.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 15650401360786530715 (0xd931651e45f8a19b) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Validity - Not Before: May 3 16:02:13 2018 GMT - Not After : Jan 27 16:02:13 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c1:58:e2:3d:b0:7e:c3:52:8b:b3:94:08:0e:2c: - 98:15:40:4c:ab:1f:0f:67:c3:17:88:12:a9:b1:7d: - 4d:a4:65:97:03:f7:90:d6:07:31:31:a5:3d:26:6e: - 5b:84:47:cc:a8:8f:a1:37:ff:f2:d8:e7:c6:83:74: - 04:82:fb:1f:e0:c5:32:d6:b8:23:48:80:5f:46:58: - 83:9f:3f:64:da:5a:3f:40:1d:3e:a6:21:e9:25:3f: - 6c:fd:a8:99:b7:31:de:d4:4f:9d:b1:38:b9:33:d3: - 06:e5:67:34:a3:72:a1:18:eb:57:35:30:61:fa:c4: - 0b:5f:61:f5:99:82:69:31:7a:3e:1a:00:a7:7b:8d: - 1d:4b:01:70:92:23:1f:84:3b:65:af:bc:0f:1c:e5: - f8:92:a3:34:20:7e:d5:d2:33:fe:78:df:b5:55:4b: - 0b:b8:74:7e:29:b5:13:68:bb:fe:a7:5e:2e:f8:71: - 8c:ce:e3:ef:d4:9e:1e:e3:ff:88:20:c2:eb:de:80: - d7:44:a9:e4:60:0a:d0:12:a5:06:a5:44:df:b1:ae: - a8:21:41:a8:fb:f3:ab:7f:90:19:2a:1f:a2:f4:28: - ac:f3:72:c7:cb:8b:8a:04:e9:d2:57:9f:87:bb:48: - 55:a0:cd:b4:5a:ca:9e:72:6b:b8:da:97:9c:7f:e9: - 4f:b9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Alternative Name: - DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - ae:76:ea:5e:33:2c:cf:16:c8:ec:a2:27:2a:19:b9:22:bb:69: - b4:96:35:f7:25:1c:dd:8b:fb:c4:a8:32:17:89:73:a0:bc:23: - a3:49:d4:fd:1a:d7:fc:bf:87:5d:42:12:4b:20:20:74:47:7e: - 7c:97:89:c1:f1:a3:82:3a:58:0b:b4:05:0b:c1:02:da:a6:dc: - ca:6c:60:58:fe:83:1c:fc:ed:c7:bc:96:df:b2:af:31:f5:28: - 45:2d:d5:c0:5a:42:95:c3:64:c5:46:5c:cd:8e:d6:7b:fd:9c: - f5:75:44:cc:d6:7e:d8:96:55:5c:00:9f:1f:ac:f1:0a:07:29: - 0c:ba:ab:7d:1f:ac:8d:40:55:86:e4:35:1d:11:89:10:8b:c2: - 67:ff:99:32:66:f3:5d:4a:c3:37:5e:37:32:40:7b:29:50:25: - e5:c1:d8:df:7b:64:3e:f7:c4:1e:01:88:fe:24:f6:0c:ea:f7: - 72:df:1e:72:0c:9b:64:c3:6b:ec:ce:99:b1:75:61:f2:ac:d5: - 6f:7b:7d:06:7b:6c:a8:6c:ac:46:37:dd:af:e6:cb:8f:70:d7: - 57:e2:38:d9:e6:9a:93:da:53:06:e6:39:c5:79:6a:0a:ac:49: - da:04:a1:60:2f:5f:96:ef:ca:6c:34:62:6c:ac:25:1c:d5:e0: - f7:8e:7c:df ------BEGIN CERTIFICATE----- -MIIDUzCCAjugAwIBAgIJANkxZR5F+KGbMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE4MDUwMzE2 -MDIxM1oXDTIxMDEyNzE2MDIxM1owWzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01v -bnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRIw -EAYDVQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDBWOI9sH7DUouzlAgOLJgVQEyrHw9nwxeIEqmxfU2kZZcD95DWBzExpT0mbluE -R8yoj6E3//LY58aDdASC+x/gxTLWuCNIgF9GWIOfP2TaWj9AHT6mIeklP2z9qJm3 -Md7UT52xOLkz0wblZzSjcqEY61c1MGH6xAtfYfWZgmkxej4aAKd7jR1LAXCSIx+E -O2WvvA8c5fiSozQgftXSM/5437VVSwu4dH4ptRNou/6nXi74cYzO4+/Unh7j/4gg -wuvegNdEqeRgCtASpQalRN+xrqghQaj786t/kBkqH6L0KKzzcsfLi4oE6dJXn4e7 -SFWgzbRayp5ya7jal5x/6U+5AgMBAAGjGjAYMBYGA1UdEQQPMA2CC2xvY2FsaG9z -dABoMA0GCSqGSIb3DQEBBQUAA4IBAQCudupeMyzPFsjsoicqGbkiu2m0ljX3JRzd -i/vEqDIXiXOgvCOjSdT9Gtf8v4ddQhJLICB0R358l4nB8aOCOlgLtAULwQLaptzK -bGBY/oMc/O3HvJbfsq8x9ShFLdXAWkKVw2TFRlzNjtZ7/Zz1dUTM1n7YllVcAJ8f -rPEKBykMuqt9H6yNQFWG5DUdEYkQi8Jn/5kyZvNdSsM3XjcyQHspUCXlwdjfe2Q+ -98QeAYj+JPYM6vdy3x5yDJtkw2vszpmxdWHyrNVve30Ge2yobKxGN92v5suPcNdX -4jjZ5pqT2lMG5jnFeWoKrEnaBKFgL1+W78psNGJsrCUc1eD3jnzf ------END CERTIFICATE----- diff --git a/certs/test/server-badaltnull.der b/certs/test/server-badaltnull.der new file mode 100644 index 0000000000000000000000000000000000000000..c782b0d0f86b9552c364a4a5f073c117c05917d9 GIT binary patch literal 935 zcmXqLVqR>}#MHfjnTe5!iId^+3Ffjez30;nc-c6$+C196^D;8BvN9MnHW_joaI!In zvaks=g$5f681R8O96ap4`FSOYd5JI)b{=-8{HoO4#5_Y010j$aZXRyey!6bx)YPKP zymUhe12K>&GY@}xdAVL*er{q(a)w@Vey*Xsfh^ooPDU|-%)GRGhw}WKwBq6%kOBia zab80U12aP-BSQlVW8)}sUL!*TV*?8)cW^keiBSnT@EBPcn41{+84Q{jxtN+585s^t z<#-tG_^B{=`z2RLb;i_VuIoPSQ8Cyt^_;%nwQn*VdurzYUXfn^FJ?|)>G!Tv?9Wa0 z`ycMDKA>N-I%S3UpHs2byB;V$Ez--^Yr8SE_|_Wf;GOaI*ClyX{U0VL2X=F(*spco zu~a6;Wb- zt}WhEt*^NCZ(1PF-jK}?bK_<9C>LMkWbPEXB(O8(u-1iz)4cXPydo8Se8GW($rb!A z<_1R78jO^uE-c?Ad}(^|qgd6GS-giW6P9e*km=;a`SJ$G9%F^g5lYKfy*~2rSz`0i zOVjS(yx_m~IukP^1LI;T14ufM6=dNz;BDg0$xlwq$;dA*VaPxZJyvk&F*4}I?vL^k zyY6>!t^|9|tgVOV$Sf|c&Y8Hn@y2J%osCLS>(=DES4CImh%Yy)U)P-=^HT4R?mnj% z3CnMKUMbWvYU3B#=&m@uiof$kLWZ`I($xPZeoi%vSMysU!uLqGe%!sX{`zGO8tNHG-FAMp zd&l=wY|`@$&-8Wvlq<~Wg@*T~So*uVnH9UP8qVpKv7JVsUq<|amd27@L>E~X|%Mur1Z zIUa^Pek#n}e#zBQoiX*8>$*>SR19`ZJ*V$??VC);o|^f;SESefinm>kn-<8kH)Qj}+<2Ki%EcEsnL9-;3G7TctaV}GG_O4muSi87UvS`Has|JO zxq;EN1|#LE3(I#2Uz%S0C|31k7Vlxpge6-xWI8!%=gwpa=ua7)@me_ps z(zN?GFZi#$&cw{fz=#||tl$u0WKf*B(jZPYaaT%*-$K#cSKZ<79pb*vOcDCQe8>O% zm0#T^Nozk|$(!QZu)*i_0--Ytw{CB}s(3^p`tvt|qi%{Xqt40gdFZ}`zqfwUr1f5} zPBRA2`^X+FqNKg?w!3_!X#0Y{#>&jkD+OvMEKKHQb3EhKYvT9n_bdMstuDNiG(}tQ zoeysH*0feyQIl(xRN~dNXFlbNUVB_W^>x0>)@G)K8FMT;!ft1B?Ch$ku=RDi zvw9z6ug;CKs9KqH$=^%$$`bxv6WlKUle6mTf(?3$R~-0bP+OE?oukI9ZkH$^$sF`Bka8iFt-120|b;+&tW_dFh#Xsi{So zdFh6h2Ie49W*!3<*B~on11p0RD+?nlgCr}nWGk~YD>Gv&Gea=j0>m{pwlX)dGBB_* zvoMr5kcGR7lTl0{GcPUQp*%k)t++TxFF8NgKu(<3(89pX(8$Qpz{1!#N}Sio(7@Qh z0?HjCzGz}pLJodLRtDxKMt%l^CPpr%CPqev15-I3hC6;L%-w#;)lr=>^_c6rPkU4h zc1%5|?|1E+Ovj#@`M+1B*Z+%|6IlAa>lFKQQ~myjd#exV*Q`!iA^zu7Z1t`OicgF5 z^7YzoOf9~(Mml(By!~}aURD2x$;pA;+$r{Jop&sii80x{j$uLa(QozKkr@@m%X%bM zGUcv6EXk<1L*VhTGY(ra7rPl}w&xw$ExzpYi@R%!_f+dEZvC4U$g?+O^TXVDnLWzI z7de?bMJ@^KOgXG|Vc|5dJrA!)MIT>q;9znEzl*tn(X<95<*5tHcL`sbUi>Il^<)Q>oJbaeeeDu<^`!_H6uf5L1%*eoq973$%5MpG| zO>=eDt`?A+rJMThf9Nrn!us1goZdfwaqZpC+KAd`D^GUM4eR8s-}L;22gBONRgb1? zALXssW50P_y4U)DTPMU$|9186&6v#89BZSRs4}seZ5%4@(tpK#qKd-ATjf?g@zGc{ zQRC^`sT%Rw$t#}M>GCK%s^be^o%{UBA7Sh3yYHXv3=M18?#fg0ZQbFC8w4`#h5y$% z+sYlbW_q_;Jw<5mwt|@lE@vz4_-d1Fzk0#nU1tKGcBOBA(=A%L_x9ryDcRjuPlxt9 z)HCjSWOS$fmrcW6^ZI+yr&h@(yS-65<|DnoB;bgY;Cugh%E*VUf9iYtA( N&9Uez)8~?bdjUMmXTSge literal 0 HcmV?d00001 diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem new file mode 100644 index 0000000000..dff524a5b7 --- /dev/null +++ b/certs/test/server-badcnnull.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12504341600548822697 (0xad88586f52da1ea9) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + 2d:66:45:43:2b:7b:10:1e:9a:2d:65:ee:ff:55:c6:44:71:7f: + db:b8:42:ef:e7:e8:d6:ee:b9:7d:58:7d:e6:a9:c9:8b:9d:56: + 89:0d:7f:b2:e7:e8:48:00:ad:81:aa:e2:97:2b:c5:0d:78:bc: + 3f:b3:ae:67:4a:af:fe:b5:90:5d:97:f6:d5:dd:d9:5c:69:65: + 6c:3b:32:7c:5a:76:16:d9:86:08:24:47:1b:fd:16:4c:5a:72: + 56:17:85:1e:aa:e4:4c:28:aa:91:28:e5:ed:95:28:5f:6b:63: + a8:e7:7e:2d:0c:20:e2:7e:0e:57:ab:6d:e7:e4:fc:13:3b:d7: + bb:df:cd:89:55:56:80:b7:45:0c:74:f6:ae:c3:91:b0:10:69: + 3f:13:ff:7e:43:3d:1e:c3:3b:02:ee:ab:27:64:12:bd:b6:70: + 99:c0:d3:6b:22:b8:f5:3c:6b:3f:ab:a0:fd:ba:cc:50:e5:8a: + 67:b3:ec:8b:15:79:bd:db:e3:64:1a:1d:bb:d5:cb:55:8f:40: + 7f:01:ba:e2:32:dc:87:fa:3c:80:dd:37:7f:de:5b:ca:aa:1d: + 63:46:ec:22:c6:4c:1b:bf:74:50:c4:1a:21:b6:7a:ac:3f:55: + c8:bf:ae:69:80:2f:2d:2b:93:aa:0a:67:97:3c:c6:5b:7a:35: + e7:19:51:bd +-----BEGIN CERTIFICATE----- +MIIDyTCCArGgAwIBAgIJAK2IWG9S2h6pMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2 +Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m +b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgyMTA4MzNaMIGj +MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h +bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow +Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ +ARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1 +94rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+Fj +Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz +aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh +1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg +s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEALWZF +Qyt7EB6aLWXu/1XGRHF/27hC7+fo1u65fVh95qnJi51WiQ1/sufoSACtgarilyvF +DXi8P7OuZ0qv/rWQXZf21d3ZXGllbDsyfFp2FtmGCCRHG/0WTFpyVheFHqrkTCiq +kSjl7ZUoX2tjqOd+LQwg4n4OV6tt5+T8EzvXu9/NiVVWgLdFDHT2rsORsBBpPxP/ +fkM9HsM7Au6rJ2QSvbZwmcDTayK49TxrP6ug/brMUOWKZ7PsixV5vdvjZBodu9XL +VY9AfwG64jLch/o8gN03f95byqodY0bsIsZMG790UMQaIbZ6rD9VyL+uaYAvLSuT +qgpnlzzGW3o15xlRvQ== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der new file mode 100644 index 0000000000000000000000000000000000000000..e82bd88414c4b3e7152b397ab529e9f7f9a34aab GIT binary patch literal 934 zcmXqLVqRp>#MHHbnTe5!iId^{)8chmS2pPw@Un4gwRyCC=VfGMWo0mEY%=6F;ACSC zWnmL$3Jo?CFyI4mIC$87^Ycm)^Aceq>^$sF`Bka8iFt-120|b;+&tW_dFh#Xsi{So zdFh4{24WylW*+|X@^Zbr{M^KnP?Nyherw#s(Hp?%;4_6QdGx;4!i?FgG#sGZ-{6axpbAGBO;P z%JDGV@l#>$_Dimg>Wrz!T-SZtqhhdQ>N$PCYu{u#_SDS(y&}E-U(B4q((hfT*q@u~ z_dncQeL%lvb;=6yKc`}=cRf&iTBMh+*LGuS@vSw|!8_yauS@c(`aeug4(#Smv0v-F zW2sDx$>wzo3zCn1tLKi)s3>06Be9Yxcl}{WM!g*ZkB^;k*pj)}%{a3?@5pZPWuIT% zU0b}TT3>PN-?TuUy&;<)=ElqHQ7*p7$=oS&NnmHnVXX@br+MvpcttAu_<{omlPmaL z%ngjDH5e&RU0A+L_|o*^N3p6Wvv?0%CM?;qA=Al;^W_bWJ;n-~Bb1h}dVS>Kv&813 zm!{pndBK0}btYy;2FAsb2I2;yY|Npuf-HOnJWX6$Ir+(nIT`uICCGut3JyF*hM2Ac z?YS@3PmKQU+;%wmlpsn$&iD0=STNkt7s^R@36;h{!r623B*goH{EzOwoki zqU@l%8D2Wwesd3-{*X4zdtJ7DcU?$Z{u;d}-y-UiOE;{a{U@!->zTW(w}7ZxW7Svj LEiR05EsjY5L+4}z literal 0 HcmV?d00001 diff --git a/certs/test/server-goodaltwild.pem b/certs/test/server-goodaltwild.pem new file mode 100644 index 0000000000..4b7bc2479a --- /dev/null +++ b/certs/test/server-goodaltwild.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14980506928471650860 (0xcfe573ae6ad4b22c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:*localhost + Signature Algorithm: sha1WithRSAEncryption + 5c:8a:c0:87:6d:e8:af:91:5b:fb:43:86:c3:63:ca:3d:d7:5c: + 5b:1a:7a:c2:53:78:f3:7c:32:b3:f0:cf:d0:60:0a:53:22:b1: + c6:50:fe:a8:67:91:90:56:05:67:cf:15:ff:e9:c9:b1:ae:f2: + 9d:97:0e:f5:ec:41:b2:e5:40:0b:8f:83:e1:b9:e4:59:bd:7e: + 5c:a0:d5:31:df:c4:78:1a:ca:13:1b:e3:2f:a8:b7:9f:4e:86: + 59:33:c6:a1:96:c5:f1:5b:83:7c:21:60:97:d1:77:25:40:ac: + 86:cb:c5:b0:d7:db:07:98:0f:63:48:b1:b5:d3:f4:bc:1b:90: + fc:d1:bf:95:53:8f:03:ec:9e:ac:b3:bc:18:c8:53:ca:36:38: + 64:5b:65:65:27:e7:23:f8:6d:68:a3:f2:48:ac:26:00:73:ff: + 68:cd:62:98:65:04:a5:0f:bb:c7:11:a4:7a:6f:0e:79:14:e6: + 19:c4:4f:54:c0:a7:4f:60:99:c1:7c:17:74:6d:38:1c:72:90: + 8d:72:6b:52:dd:68:4a:2c:8b:4e:9d:c3:35:f8:1b:31:6e:eb: + 76:b7:bb:7e:54:86:6f:ac:2e:e4:f6:58:7e:23:75:b0:af:9b: + fc:66:82:4a:e6:47:1d:4b:10:15:26:81:7a:f5:17:b4:44:01: + 1e:84:41:62 +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIJAM/lc65q1LIsMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG +A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y +MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM +D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv +bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn +AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX +/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBj +xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 +ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj +laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP +rdcCAwEAAaMZMBcwFQYDVR0RBA4wDIIKKmxvY2FsaG9zdDANBgkqhkiG9w0BAQUF +AAOCAQEAXIrAh23or5Fb+0OGw2PKPddcWxp6wlN483wys/DP0GAKUyKxxlD+qGeR +kFYFZ88V/+nJsa7ynZcO9exBsuVAC4+D4bnkWb1+XKDVMd/EeBrKExvjL6i3n06G +WTPGoZbF8VuDfCFgl9F3JUCshsvFsNfbB5gPY0ixtdP0vBuQ/NG/lVOPA+yerLO8 +GMhTyjY4ZFtlZSfnI/htaKPySKwmAHP/aM1imGUEpQ+7xxGkem8OeRTmGcRPVMCn +T2CZwXwXdG04HHKQjXJrUt1oSiyLTp3DNfgbMW7rdre7flSGb6wu5PZYfiN1sK+b +/GaCSuZHHUsQFSaBevUXtEQBHoRBYg== +-----END CERTIFICATE----- diff --git a/certs/test/server-goodcnwild.der b/certs/test/server-goodcnwild.der new file mode 100644 index 0000000000000000000000000000000000000000..472993a8ff800a3e574ec957cbb152eb0156335c GIT binary patch literal 895 zcmXqLVy-r5VoF}X%*4pV#L2LDslk+8Ezyz&ylk9WZ60mkc^Mg5Ss4s!4Y>_C*_cCF z*o2uvgAD}?_&^*E9(LdSypqJcM3@LW54%%-RcdZxo}q|=5J(L-54USxdS+f~YEfoh zx}mUvAV`#%hf6CbKRGccBfq%BP~JcmZXGA1m_TM;TE0Vheok6(agJVcey)L>IIp3F zftjI^k)eTwv2m0*uaTjFv4I7YJJ8N+VpKv7Fh*7e<|amd27@L>E~X|%Mur1ZIUa^P zek#n}e#zBQoiX*8>$*>SR19`ZJ*V$??VC);o|^f;SESefinm>kn-<8kH)Qj}+<2Ki%EcEsnL9-;3G7TctaV}GG_O4muSi87UvS`Has|JOxq;EN z1|#LE3(I#2Uz%S0C|31k7Vlxpge6-xWI8!%=gwpa=ua7)@me_ps(zN?G zFZi#$&cw{fz=#||tl$u0WLPyLy7206UY;+Ddhh4(ubaG-rOoe@Id|vps|S8A#su)n^na^Xt1n?Z+ePCCt!wd`uK zN`7_R-01}ti<_<;z0rL}jk#!R(Ncp`Yp$YUlippo3!YnhT2-`R0V4b0KijI)&Kwi literal 0 HcmV?d00001 diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem new file mode 100644 index 0000000000..7b961cadc6 --- /dev/null +++ b/certs/test/server-goodcnwild.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11791884614682041113 (0xa3a53094ba845b19) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 12 21:08:33 2018 GMT + Not After : Mar 8 21:08:33 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha1WithRSAEncryption + aa:98:5b:71:d5:fb:0d:0c:f4:a2:8d:df:6c:0f:ae:93:a5:04: + 86:4e:ca:37:0b:89:fb:d5:c0:fa:b2:d2:dd:34:9b:01:c9:6d: + 35:3e:e3:31:b4:82:0b:1c:32:56:ab:61:d6:5d:c3:05:6d:89: + 51:fc:03:c3:a2:75:35:07:76:63:f1:65:24:d3:dd:c3:cf:46: + 06:65:e4:1c:8d:07:c7:be:68:93:f3:d6:eb:ab:ca:99:ad:8d: + bd:20:98:77:56:d6:f1:17:0e:77:6e:2f:9e:f3:54:c3:c3:4c: + 6d:ea:2f:e3:08:04:18:af:23:1d:be:57:1b:e3:6d:d4:d3:60: + 1e:64:83:1d:33:08:24:0b:60:3e:f4:a0:08:31:2e:0d:13:7a: + f5:a3:cc:59:0e:f4:7e:72:a4:19:f2:b7:c4:fc:51:f5:fa:68: + 3f:d7:a6:79:a1:a9:46:d9:52:c2:d9:92:cb:04:6a:a6:d5:73: + 24:6f:7b:5e:9d:97:70:38:a3:82:d6:c5:d8:8b:cc:26:03:72: + b5:72:a5:30:ca:ad:d4:25:b1:59:84:fd:ed:43:cb:b2:80:ec: + 5d:cc:33:6a:a1:49:f6:8e:3e:ab:17:fc:74:c5:ce:d6:2e:05: + bf:a1:26:11:2c:4b:13:d1:15:0f:76:92:a2:d1:28:26:ad:1b: + 65:20:3b:38 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIJAKOlMJS6hFsZMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3 +DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgy +MTA4MzNaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH +DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs +aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO +L07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8u +htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip +Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj +c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ +ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq +hkiG9w0BAQUFAAOCAQEAqphbcdX7DQz0oo3fbA+uk6UEhk7KNwuJ+9XA+rLS3TSb +AcltNT7jMbSCCxwyVqth1l3DBW2JUfwDw6J1NQd2Y/FlJNPdw89GBmXkHI0Hx75o +k/PW66vKma2NvSCYd1bW8RcOd24vnvNUw8NMbeov4wgEGK8jHb5XG+Nt1NNgHmSD +HTMIJAtgPvSgCDEuDRN69aPMWQ70fnKkGfK3xPxR9fpoP9emeaGpRtlSwtmSywRq +ptVzJG97Xp2XcDijgtbF2IvMJgNytXKlMMqt1CWxWYT97UPLsoDsXcwzaqFJ9o4+ +qxf8dMXO1i4Fv6EmESxLE9EVD3aSotEoJq0bZSA7OA== +-----END CERTIFICATE----- diff --git a/certs/test/server-nomatch.conf b/certs/test/server-nomatch.conf deleted file mode 100644 index b53010c379..0000000000 --- a/certs/test/server-nomatch.conf +++ /dev/null @@ -1,16 +0,0 @@ -[ req ] -default_bits = 2048 -distinguished_name = req_distinguished_name -req_extensions = req_ext - -[ req_distinguished_name ] -countryName = US -stateOrProvinceName = Montana -localityName = Bozeman -organizationName = Engineering -commonName = www.nomatch.com -commonName_max = 64 - -[ req_ext ] -#subjectAltName = localhost\0h -#subjectAltName = DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68 diff --git a/certs/test/server-nomatch.csr b/certs/test/server-nomatch.csr deleted file mode 100644 index 5fdc8f7777..0000000000 --- a/certs/test/server-nomatch.csr +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICtDCCAZwCAQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO -BgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC0VuZ2luZWVyaW5nMRcwFQYDVQQDDA53 -d3cubm9uYW1lLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ1B -JYwNWaXJdfnKJAz61T0m1w6xMGxELhZWjDks49zn98lW8E8wMZtCoguE1feuu9pF -6yGnfRmK2J+4QjeWVejmMqt8SQyJpW8nWCvRpFVha0RFbmT60nuvKMRX68Lku6iU -Vav2KHU+cz4yBj1m9QO6AqzJWQWiLY5t25OBq+EkhWUd9I39rGmF8ba1Bnpus27U -tqRVJ8cmEwnNPc8ihvcN8RsrYdnQNyYIiIUdJIA2iduDE7PeOSY3jT9mtmeWQOHp -l91xh/RGbJWNpLBd66TkreLTnz4zmQMMTzZGj1pdv9B3UFc6mIMNWmLsERRhiOMO -hiaFfEJwFJZBN9PaXYsCAwEAAaAPMA0GCSqGSIb3DQEJDjEAMA0GCSqGSIb3DQEB -CwUAA4IBAQCA0S++HN0qb94u8setTM5akJjpM1b2o4rcrQluFKMel8mMip9hinvG -sPkJL1KB28/O9TcdmMX57zfXBsumxLSpjzmjIqri7fVabcu/kybE2wdNNvM+9ZzT -pNbYhWEhsCS8XAegiApx/JVszmH77GLExuVAY2XqxA7Cy2Ia/qyiR6v0agMd6I4z -T7nlJHBckOOEdJ6cjqy67vqWy+BKwCK/kRnOJuirIeJ+SechS4tXuRrVni0pkDuK -xQ2uHQjpzFR40U6pFGgwZcdR1bvLCWOlC7efS4ayIETZzhOuXTZa4qQ5/IcCyM+N -scJS5z+YQpQMgOs5jj5DWYLUtMs63UmQ ------END CERTIFICATE REQUEST----- diff --git a/certs/test/server-nomatch.der b/certs/test/server-nomatch.der deleted file mode 100644 index 0dcf502a06857e1ab2ee8b5a8c1b6474a8178ea1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 837 zcmXqLVs)N8c56ub&ylk9WZ60mkc^Mg5Ss4rx47m+B*_cCF z*o2uvgAD}?_&^*E9(LdSypqJcM3@LW54%%-RcdZxo}q|=5J(Ld54USxdS+f~YEfoh zx}ms%C`gootyqzdrP2_lhZ@tG{WK+7;UwvDv15W!}ZK=42%6BHg~++mjnt zKU8T=mHpEDcTHyN$8B5Ls`57HUD>uIRQsc|S^PC*HhZuEx>PDy!09 z)_J>Gc=J6=HS=Ekv~B6r93H-$ez&mwi(Agr-X$AiUoUyG_R;0}cE&TAdHl`X`lDj^ zUnma4JcGL#LAkN|C4>S`R0^uPc|;s)P5p&{9CGQ3ojF&hT7A@HH z(SFWf^`CC7k6D+RY*?1#^1(^Ws8IiG(;;J4E*qQY?c&$vSNb&{l5<nM{9kTRuMU^Yh!?wR%3BRUN?_ I#bUMq03_Q%cmMzZ diff --git a/certs/test/server-nomatch.key b/certs/test/server-nomatch.key deleted file mode 100644 index 182b27380a..0000000000 --- a/certs/test/server-nomatch.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABAoIBAQCKxhIHfUSOvLHj -JRMZbUY/OAZzTcTo1mZBilEmp8nSidculA1wJJyyYmQ0fB6C/G2E20z8Hx2UK+at -VOMCwSXBaVxv3zdr3BDlfbgeu1wliNornoYkkQCs68+zLc+95zMAOx87qPjdNqZm -zaiaCUDR8BYqO2nXQd6oIaSzkKyI+tqTO9zW4NG8Y5zv0waKCjPK9Ep/kze9uC4S -WIp2eYhUb+x60dECDBGI9xvlgeZyP5PMCfCyaZk3CxnLsR4tI9R5WwDgMcjCShJk -3+kHyrtNU8ak2TrfUoh96arHu0HMLFJaJSdxYT9FUSKhKu+fWMn1J36AkxdqntAw -6HATVD4ZAoGBAM0DCqI5BKvmPWdO587+fpPAa76iqQDqqkaAQ94xcGtTYA0yEfbA -V4JFfsCEFm7evteMmJgmDyNNVvnSi/LQhL+ih40Q0LKREYzBiMy3aothQZAYb+Ex -fVllfZhIaWI8q/DoeZ7qohRHFGBA/znav6vls3kE3jRWx0O30eq9cX1tAoGBAMRd -bQNcp2mCm+fe//s5GKXm4ak4zeo077fUCxJly4DE5e2+IGrP+JYwVrJsMuFu/3C1 -/6+qCgLS+/08BMQ+e6xmTDJrRXtk9KmDI38tEoqzH8tkAgSTxby771/5uNr7hbgX -LtCCIsxhwSAML0b7M2I8xmEfL3Dmu1q7/GEDAMPXAoGABd/ucBOeNKbWX519OwtD -6Uv8Smwy15nh4z9NspJMHGc5O2eR6DY+y7beGPowAmFTqq2WudVtXZ+bvHDyHbUn -+K3ZoIs4z8UkcZoiJ2uiG/hffpeUrSlT5DnqTXDVxEDk1HR0977Vgis/RDrYlXnV -QEHG0NL44xsRfrlHxKhFFkkCgYB1HsgzliLgQp+c2BxUCkUSRrhXx2LCC5rjSRzl -d0O+5THC8IDDVJIPentrZi+e2CaRYmxDqSbZcmAMNa0eI6p+NHHELMk/hQKMzIPy -ib6ibZ5MILU3Z7AsFuf6labVLeoe1+z7PnNk9fVLmRjlvFR0ho1IRmJ0c5pRzwgE -ENd29wKBgA5WnuCBKF9Kv8H9E1hAuAGXwBxmw9PVeWB63/TAernlOQhF47ra9ExH -GtkZv9D/2tNJaoft1YQ1yhBn7l7rW+vfQYXAOW4yRg0FSOOgefBwN/eTOXVRU9Zg -9LBwnQlvimQUm0GrxLLAseDqFMn/a3x/KxftvF95JGx/1Lscukdz ------END RSA PRIVATE KEY----- diff --git a/certs/test/server-nomatch.pem b/certs/test/server-nomatch.pem deleted file mode 100644 index a1753cbf38..0000000000 --- a/certs/test/server-nomatch.pem +++ /dev/null @@ -1,69 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 13225619248861184800 (0xb78ad6a26ef08320) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Validity - Not Before: May 24 21:25:38 2018 GMT - Not After : Feb 17 21:25:38 2021 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Engineering, CN=www.noname.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:9d:41:25:8c:0d:59:a5:c9:75:f9:ca:24:0c:fa: - d5:3d:26:d7:0e:b1:30:6c:44:2e:16:56:8c:39:2c: - e3:dc:e7:f7:c9:56:f0:4f:30:31:9b:42:a2:0b:84: - d5:f7:ae:bb:da:45:eb:21:a7:7d:19:8a:d8:9f:b8: - 42:37:96:55:e8:e6:32:ab:7c:49:0c:89:a5:6f:27: - 58:2b:d1:a4:55:61:6b:44:45:6e:64:fa:d2:7b:af: - 28:c4:57:eb:c2:e4:bb:a8:94:55:ab:f6:28:75:3e: - 73:3e:32:06:3d:66:f5:03:ba:02:ac:c9:59:05:a2: - 2d:8e:6d:db:93:81:ab:e1:24:85:65:1d:f4:8d:fd: - ac:69:85:f1:b6:b5:06:7a:6e:b3:6e:d4:b6:a4:55: - 27:c7:26:13:09:cd:3d:cf:22:86:f7:0d:f1:1b:2b: - 61:d9:d0:37:26:08:88:85:1d:24:80:36:89:db:83: - 13:b3:de:39:26:37:8d:3f:66:b6:67:96:40:e1:e9: - 97:dd:71:87:f4:46:6c:95:8d:a4:b0:5d:eb:a4:e4: - ad:e2:d3:9f:3e:33:99:03:0c:4f:36:46:8f:5a:5d: - bf:d0:77:50:57:3a:98:83:0d:5a:62:ec:11:14:61: - 88:e3:0e:86:26:85:7c:42:70:14:96:41:37:d3:da: - 5d:8b - Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 6d:df:c3:7a:74:32:b6:ba:f5:2c:87:93:6c:64:7c:b9:5f:6e: - 79:f3:e7:b2:6a:58:c6:8d:20:9a:f6:46:b1:60:f9:59:59:6f: - 22:32:e3:f8:5c:a2:2d:53:84:48:b9:68:6d:2e:59:03:c1:e4: - ad:5b:ce:91:6e:13:bd:5c:71:2a:69:d8:7d:a8:07:cf:6f:83: - 0c:05:cf:d4:39:7f:10:3d:35:98:1c:f9:77:26:53:d5:81:f1: - 6a:0b:ca:fb:86:f9:6d:bb:92:b9:e0:57:a2:3b:43:14:cc:e0: - 75:27:10:c2:50:1d:91:ca:af:f8:36:88:cc:5d:1d:37:77:fe: - 1d:ea:b3:d9:94:b6:e4:b1:a7:29:2b:e4:1e:c7:f6:65:1d:59: - d7:e2:2d:01:d2:08:a1:72:a0:b2:f1:3f:9c:fd:27:f9:46:85: - e3:05:a5:34:b0:a6:6c:44:f0:42:16:32:71:2f:cd:82:c2:33: - 05:0a:3c:3c:e7:87:17:d7:1f:a9:4e:83:c2:1e:46:a5:0f:7a: - c2:98:f7:98:a1:75:b8:72:26:d9:1b:65:24:f0:f3:d7:2c:9c: - cf:a6:88:c4:8c:56:00:87:16:be:49:28:91:a0:bc:c7:9f:e3: - 02:35:fb:0b:39:e3:c0:f9:f3:ed:bb:7d:2e:4c:09:7a:88:53: - b1:16:5c:b4 ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIJALeK1qJu8IMgMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD -VQQKDAtFbmdpbmVlcmluZzEXMBUGA1UEAwwOd3d3Lm5vbmFtZS5jb20wHhcNMTgw -NTI0MjEyNTM4WhcNMjEwMjE3MjEyNTM4WjBgMQswCQYDVQQGEwJVUzEQMA4GA1UE -CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLRW5naW5lZXJp -bmcxFzAVBgNVBAMMDnd3dy5ub25hbWUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnUEljA1Zpcl1+cokDPrVPSbXDrEwbEQuFlaMOSzj3Of3yVbw -TzAxm0KiC4TV96672kXrIad9GYrYn7hCN5ZV6OYyq3xJDImlbydYK9GkVWFrREVu -ZPrSe68oxFfrwuS7qJRVq/YodT5zPjIGPWb1A7oCrMlZBaItjm3bk4Gr4SSFZR30 -jf2saYXxtrUGem6zbtS2pFUnxyYTCc09zyKG9w3xGyth2dA3JgiIhR0kgDaJ24MT -s945JjeNP2a2Z5ZA4emX3XGH9EZslY2ksF3rpOSt4tOfPjOZAwxPNkaPWl2/0HdQ -VzqYgw1aYuwRFGGI4w6GJoV8QnAUlkE309pdiwIDAQABMA0GCSqGSIb3DQEBBQUA -A4IBAQBt38N6dDK2uvUsh5NsZHy5X2558+eyaljGjSCa9kaxYPlZWW8iMuP4XKIt -U4RIuWhtLlkDweStW86RbhO9XHEqadh9qAfPb4MMBc/UOX8QPTWYHPl3JlPVgfFq -C8r7hvltu5K54FeiO0MUzOB1JxDCUB2Ryq/4NojMXR03d/4d6rPZlLbksacpK+Qe -x/ZlHVnX4i0B0gihcqCy8T+c/Sf5RoXjBaU0sKZsRPBCFjJxL82CwjMFCjw854cX -1x+pToPCHkalD3rCmPeYoXW4cibZG2Uk8PPXLJzPpojEjFYAhxa+SSiRoLzHn+MC -NfsLOePA+fPtu30uTAl6iFOxFly0 ------END CERTIFICATE----- diff --git a/src/internal.c b/src/internal.c index e635888627..ddf5b86292 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7653,7 +7653,7 @@ int MatchDomainName(const char* pattern, int len, const char* str) while (len > 0) { p = (char)XTOLOWER((unsigned char)*pattern++); - if (p == 0) + if (p == '\0') break; if (p == '*') { @@ -7684,8 +7684,9 @@ int MatchDomainName(const char* pattern, int len, const char* str) } } - if (*str == '\0') + if (*str == '\0' && len == 0) { ret = 1; /* success */ + } return ret; } @@ -7705,7 +7706,7 @@ int CheckAltNames(DecodedCert* dCert, char* domain) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){ + if (MatchDomainName(altName->name, altName->len, domain)){ match = 1; break; } @@ -7742,8 +7743,7 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN) while (altName) { WOLFSSL_MSG("\tindividual AltName check"); - if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), - domain)) { + if (MatchDomainName(altName->name, altName->len, domain)) { match = 1; *checkCN = 0; break; @@ -7953,7 +7953,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) while (cur != NULL) { if (cur->type == ASN_RFC822_TYPE) { DNS_entry* dnsEntry; - int strLen = (int)XSTRLEN(cur->name); + int strLen = cur->len; dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap, DYNAMIC_TYPE_ALTNAME); @@ -7970,7 +7970,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, cur->name, strLen); dnsEntry->name[strLen] = '\0'; diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 32fd0c0e1f..e9fda30214 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -1,30 +1,61 @@ -# server bad certificate alt name +# server bad certificate common name has null +# DG: Have not found a way to properly encode null in common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-badaltnamenull.key --c ./certs/test/server-badaltnamenull.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcnnull.pem -d -# client bad certificate alt name +# client bad certificate common name has null -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-badaltnamenull.pem +-A ./certs/test/server-badcnnull.pem +-m +-x + +# server bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltnull.pem +-d + +# client bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltnull.pem -m -x # server nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --k ./certs/test/server-nomatch.key --c ./certs/test/server-nomatch.pem +-k ./certs/server-key.pem +-c ./certs/test/server-badcn.pem -d # client nomatch common name -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 -h localhost --A ./certs/test/server-nomatch.pem +-A ./certs/test/server-badcn.pem +-m +-x + +# server nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltname.pem +-d + +# client nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltname.pem -m -x diff --git a/tests/test.conf b/tests/test.conf index 18cb942e5c..fdc2b7f5f2 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2246,3 +2246,31 @@ -D certs/dh3072.pem -c certs/client-cert-3072.pem -k certs/client-key-3072.pem + +# server good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcnwild.pem +-d + +# client good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcnwild.pem +-m + +# server good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodaltwild.pem +-d + +# client good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodaltwild.pem +-m diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index b8eb7b8645..5002960888 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4203,9 +4203,10 @@ static int GetName(DecodedCert* cert, int nameType) XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } + emailName->len = adv; XMEMCPY(emailName->name, &cert->source[cert->srcIdx], adv); - emailName->name[adv] = 0; + emailName->name[adv] = '\0'; emailName->next = cert->altEmailNames; cert->altEmailNames = emailName; @@ -5547,7 +5548,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altNames; while (name != NULL) { if (MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5560,7 +5561,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) DNS_entry* name = cert->altEmailNames; while (name != NULL) { if (MatchBaseName(ASN_RFC822_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz)) { return 0; } @@ -5604,7 +5605,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchDns = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5619,7 +5620,7 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) while (name != NULL) { matchEmail = MatchBaseName(ASN_DNS_TYPE, - name->name, (int)XSTRLEN(name->name), + name->name, name->len, base->name, base->nameSz); name = name->next; } @@ -5700,7 +5701,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + dnsEntry->len = strLen; XMEMCPY(dnsEntry->name, &input[idx], strLen); dnsEntry->name[strLen] = '\0'; @@ -5737,7 +5738,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + emailEntry->len = strLen; XMEMCPY(emailEntry->name, &input[idx], strLen); emailEntry->name[strLen] = '\0'; @@ -5808,7 +5809,7 @@ static int DecodeAltNames(byte* input, int sz, DecodedCert* cert) XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - + uriEntry->len = strLen; XMEMCPY(uriEntry->name, &input[idx], strLen); uriEntry->name[strLen] = '\0'; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 35b372355b..039ee34fac 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -439,6 +439,7 @@ typedef struct DNS_entry DNS_entry; struct DNS_entry { DNS_entry* next; /* next on DNS list */ int type; /* i.e. ASN_DNS_TYPE */ + int len; /* actual DNS len */ char* name; /* actual DNS name */ }; From 9dc560dd01193518c3ab4ed67893c4525c85b0f6 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Tue, 12 Jun 2018 16:45:38 -0600 Subject: [PATCH 49/63] RAW hash function APIs not supported with ARMv8 build --- configure.ac | 2 +- wolfssl/wolfcrypt/settings.h | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 037fb89a24..52481b9d1c 100644 --- a/configure.ac +++ b/configure.ac @@ -883,7 +883,7 @@ AC_ARG_ENABLE([armasm], ) if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM -DWOLFSSL_NO_HASH_RAW" #Check if mcpu and mfpu values already set if not use default case $CPPFLAGS in *mcpu* | *mfpu*) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a966db6f0c..b1fdd76986 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1678,6 +1678,11 @@ extern void uITRON4_free(void *p) ; #define KEEP_PEER_CERT #endif +/* RAW hash function APIs are not implemented with ARMv8 hardware acceleration*/ +#ifdef WOLFSSL_ARMASM + #undef WOLFSSL_NO_HASH_RAW + #define WOLFSSL_NO_HASH_RAW +#endif #ifdef __cplusplus } /* extern "C" */ From 8fa15925429f593e1bb2bcf23839cdbb98ae4c00 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 12 Jun 2018 16:12:29 -0700 Subject: [PATCH 50/63] Fix to use SHA256 for the self-signed test certificates. --- certs/crl/server-goodaltwildCrl.pem | 48 +++++++++++----------- certs/crl/server-goodcnwildCrl.pem | 48 +++++++++++----------- certs/test/gen-testcerts.sh | 2 +- certs/test/server-badaltname.der | Bin 939 -> 939 bytes certs/test/server-badaltname.pem | 58 +++++++++++++-------------- certs/test/server-badaltnull.der | Bin 935 -> 935 bytes certs/test/server-badaltnull.pem | 60 ++++++++++++++-------------- certs/test/server-badcn.der | Bin 907 -> 907 bytes certs/test/server-badcn.pem | 58 +++++++++++++-------------- certs/test/server-badcnnull.der | Bin 973 -> 973 bytes certs/test/server-badcnnull.pem | 58 +++++++++++++-------------- certs/test/server-goodaltwild.der | Bin 934 -> 934 bytes certs/test/server-goodaltwild.pem | 60 ++++++++++++++-------------- certs/test/server-goodcnwild.der | Bin 895 -> 895 bytes certs/test/server-goodcnwild.pem | 58 +++++++++++++-------------- 15 files changed, 225 insertions(+), 225 deletions(-) diff --git a/certs/crl/server-goodaltwildCrl.pem b/certs/crl/server-goodaltwildCrl.pem index 3cb2b27f17..a79341530f 100644 --- a/certs/crl/server-goodaltwildCrl.pem +++ b/certs/crl/server-goodaltwildCrl.pem @@ -2,37 +2,37 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com - Last Update: Jun 12 21:08:33 2018 GMT - Next Update: Mar 8 21:08:33 2021 GMT + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT CRL extensions: X509v3 CRL Number: 1 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - 25:6a:7f:6a:71:9a:66:67:ed:88:29:d4:ec:37:a5:f2:03:0e: - cd:18:c6:f0:a8:2f:3c:8c:cf:83:d2:0c:60:97:52:73:5f:a2: - c3:76:c4:87:b4:0a:b3:7c:0d:37:64:72:30:d6:cc:58:0c:3e: - b6:ec:d0:1d:a1:19:a2:b6:58:c9:63:28:d5:45:45:8c:2f:f7: - 09:05:7d:5e:09:07:c7:53:01:f3:40:70:5f:6a:c1:1f:2c:36: - 27:8e:a1:bb:a0:94:b2:a5:98:76:f8:be:e1:87:22:d1:21:13: - 64:02:2b:de:9d:65:5a:d7:b6:48:08:b3:03:ce:f4:ef:81:66: - 1a:90:ea:b1:f4:cf:57:e2:1c:71:d6:85:24:c2:89:c2:2b:3d: - 14:00:8a:4a:7c:84:52:d5:f0:92:82:7f:04:84:dd:64:b5:86: - d2:a9:16:b1:0d:4c:57:a4:08:9b:82:4c:76:83:c5:77:3f:83: - ee:1e:2a:ea:0d:1c:5a:ff:a6:d7:00:49:ec:55:9b:8b:9e:a3: - ed:94:20:7a:0c:f0:6b:ca:9f:ec:d9:b5:2b:48:6c:a9:9b:fb: - fd:dd:95:e3:68:2c:83:61:ce:64:02:ac:09:e1:2d:3c:93:81: - e0:2c:87:35:14:7c:ae:fb:68:29:c2:35:55:75:fe:4f:9e:15: - 21:eb:bc:75 + 16:c2:f1:59:3a:bb:50:6c:b0:f8:c4:e8:29:ac:cc:33:a7:e8: + bb:12:88:0b:9b:a0:2f:bf:39:d7:97:c9:9c:17:60:e5:31:5f: + 9f:5d:ce:70:ff:1e:aa:6f:5a:72:8c:29:a3:70:3a:bb:33:e5: + 2a:c8:61:03:96:3e:96:81:7c:fb:0d:5c:b7:67:b0:44:90:a7: + 24:63:9b:df:80:ec:8c:3a:0b:8c:16:2e:09:09:9e:fd:f8:0d: + fa:a5:63:a3:d4:6a:28:10:ab:57:3a:59:e7:1f:84:e5:30:ad: + 17:fd:f7:15:c2:75:e8:18:46:c3:5d:2c:4e:6f:ec:bd:8c:fa: + 8f:00:9e:4a:1c:c3:0d:cf:2e:24:9a:fc:13:9c:76:91:ac:e0: + 87:dd:fa:37:7a:24:72:35:1a:97:56:2f:13:0e:75:11:cd:e2: + 41:dd:12:b0:63:2f:01:52:af:dd:63:5d:59:7c:16:ed:a4:bb: + 89:d2:42:27:7f:69:c5:09:0c:db:8a:d7:0e:4b:70:ea:1f:17: + 68:a5:ac:86:66:25:1c:d4:89:47:8e:64:4f:08:30:35:5e:69: + 11:53:21:e9:c6:bd:16:ec:84:51:69:2b:bd:4a:de:65:f1:be: + 5d:32:b2:fd:85:0d:d0:47:60:c0:fc:56:d8:d6:7e:05:d2:ac: + 0c:44:1f:c7 -----BEGIN X509 CRL----- MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu -Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAM -MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAlan9qcZpmZ+2IKdTsN6Xy -Aw7NGMbwqC88jM+D0gxgl1JzX6LDdsSHtAqzfA03ZHIw1sxYDD627NAdoRmitljJ -YyjVRUWML/cJBX1eCQfHUwHzQHBfasEfLDYnjqG7oJSypZh2+L7hhyLRIRNkAive -nWVa17ZICLMDzvTvgWYakOqx9M9X4hxx1oUkwonCKz0UAIpKfIRS1fCSgn8EhN1k -tYbSqRaxDUxXpAibgkx2g8V3P4PuHirqDRxa/6bXAEnsVZuLnqPtlCB6DPBryp/s -2bUrSGypm/v93ZXjaCyDYc5kAqwJ4S08k4HgLIc1FHyu+2gpwjVVdf5PnhUh67x1 +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQAWwvFZOrtQbLD4xOgprMwz +p+i7EogLm6AvvznXl8mcF2DlMV+fXc5w/x6qb1pyjCmjcDq7M+UqyGEDlj6WgXz7 +DVy3Z7BEkKckY5vfgOyMOguMFi4JCZ79+A36pWOj1GooEKtXOlnnH4TlMK0X/fcV +wnXoGEbDXSxOb+y9jPqPAJ5KHMMNzy4kmvwTnHaRrOCH3fo3eiRyNRqXVi8TDnUR +zeJB3RKwYy8BUq/dY11ZfBbtpLuJ0kInf2nFCQzbitcOS3DqHxdopayGZiUc1IlH +jmRPCDA1XmkRUyHpxr0W7IRRaSu9St5l8b5dMrL9hQ3QR2DA/FbY1n4F0qwMRB/H -----END X509 CRL----- diff --git a/certs/crl/server-goodcnwildCrl.pem b/certs/crl/server-goodcnwildCrl.pem index 5ba972e04b..fb72e1d53a 100644 --- a/certs/crl/server-goodcnwildCrl.pem +++ b/certs/crl/server-goodcnwildCrl.pem @@ -2,37 +2,37 @@ Certificate Revocation List (CRL): Version 2 (0x1) Signature Algorithm: sha1WithRSAEncryption Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=*localhost/emailAddress=info@wolfssl.com - Last Update: Jun 12 21:08:33 2018 GMT - Next Update: Mar 8 21:08:33 2021 GMT + Last Update: Jun 12 23:10:47 2018 GMT + Next Update: Mar 8 23:10:47 2021 GMT CRL extensions: X509v3 CRL Number: 1 No Revoked Certificates. Signature Algorithm: sha1WithRSAEncryption - 7b:61:c6:5b:68:f8:1d:4b:65:f5:67:ee:26:cc:1f:76:fc:70: - 80:55:54:01:66:d9:ba:b0:f5:bc:3e:52:ea:4e:d0:a5:95:eb: - 36:4b:9b:fa:8d:c3:62:3b:9b:e5:5a:8c:4a:50:f4:dc:33:bb: - 8d:d1:41:7f:1b:a7:7e:9a:c5:48:b6:42:85:55:8c:30:ce:16: - 83:e4:f8:20:6d:1d:b4:c6:64:cf:d9:47:19:fa:ee:87:6e:9f: - 61:33:a6:3b:81:24:93:74:e4:33:36:ea:83:42:d5:a0:19:9b: - 91:3c:c4:35:3b:90:37:62:25:fe:a5:2f:6d:2e:ed:02:09:9a: - 8c:9b:c3:2a:eb:90:33:eb:95:60:ff:39:26:ba:63:03:75:a8: - 7e:5b:59:dd:a3:9b:a0:16:ce:aa:96:96:45:9e:53:50:36:bd: - 8d:ef:1e:a3:26:96:94:9f:64:d2:ca:b4:28:21:87:2b:07:1a: - c9:00:28:80:b4:c5:10:f7:28:9b:ff:01:a3:6b:a8:f1:3d:53: - 25:8c:ea:a5:41:43:ec:b5:63:29:51:d8:5a:0b:18:97:59:c2: - f8:0b:6c:ee:99:0a:2d:79:d4:00:8e:ae:36:a5:2e:f6:4f:07: - 0e:85:4c:8d:4b:4b:b2:9f:33:09:0f:ed:59:c2:58:0b:e2:da: - cb:cc:44:f3 + 79:7e:bd:34:d2:3d:f5:91:b1:79:de:50:c2:26:d5:8e:05:f7: + 30:26:bd:2f:dd:6a:a1:cf:15:91:fd:95:30:a7:04:5a:65:33: + e4:fb:63:79:dd:6e:63:bd:d1:55:bd:c8:22:3c:c2:6a:40:38: + 75:85:6a:e1:24:a3:99:e3:13:30:c2:cb:15:cc:50:4b:03:87: + b8:90:9c:e8:95:2a:62:1f:ed:33:30:a8:04:9f:67:b7:4c:bd: + 31:b3:19:59:18:9c:6d:64:c2:22:d4:8d:8e:7e:98:c2:39:b0: + 28:35:ed:8f:37:6b:03:57:3b:ef:e8:28:26:8a:f0:de:8a:21: + e8:c3:d9:68:2e:ee:cb:cb:89:4f:af:4d:37:ad:98:64:38:6e: + d8:87:fb:3b:0b:b6:a5:58:da:5e:f2:81:a1:18:90:d6:1b:f7: + 8a:1b:11:3a:6d:55:0c:09:4d:cd:ea:43:01:a4:92:05:50:7e: + b4:1a:8f:54:b2:cb:4c:94:09:e0:85:cc:29:22:e4:5b:29:ee: + 65:91:e3:4a:f9:64:19:40:25:17:27:a1:91:2b:2e:18:6d:2a: + 26:9a:e3:82:05:a6:0b:67:24:a1:dc:d4:29:ad:47:f0:89:28: + 65:da:fe:fc:62:86:47:05:51:54:08:dc:b3:e5:99:48:d6:da: + 52:be:85:7c -----BEGIN X509 CRL----- MIIB1jCBvwIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJVUzEQMA4GA1UE CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp bmcxEzARBgNVBAMMCipsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29s -ZnNzbC5jb20XDTE4MDYxMjIxMDgzM1oXDTIxMDMwODIxMDgzM1qgDjAMMAoGA1Ud -FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB7YcZbaPgdS2X1Z+4mzB92/HCAVVQB -Ztm6sPW8PlLqTtClles2S5v6jcNiO5vlWoxKUPTcM7uN0UF/G6d+msVItkKFVYww -zhaD5PggbR20xmTP2UcZ+u6Hbp9hM6Y7gSSTdOQzNuqDQtWgGZuRPMQ1O5A3YiX+ -pS9tLu0CCZqMm8Mq65Az65Vg/zkmumMDdah+W1ndo5ugFs6qlpZFnlNQNr2N7x6j -JpaUn2TSyrQoIYcrBxrJACiAtMUQ9yib/wGja6jxPVMljOqlQUPstWMpUdhaCxiX -WcL4C2zumQotedQAjq42pS72TwcOhUyNS0uynzMJD+1ZwlgL4trLzETz +ZnNzbC5jb20XDTE4MDYxMjIzMTA0N1oXDTIxMDMwODIzMTA0N1qgDjAMMAoGA1Ud +FAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQB5fr000j31kbF53lDCJtWOBfcwJr0v +3WqhzxWR/ZUwpwRaZTPk+2N53W5jvdFVvcgiPMJqQDh1hWrhJKOZ4xMwwssVzFBL +A4e4kJzolSpiH+0zMKgEn2e3TL0xsxlZGJxtZMIi1I2OfpjCObAoNe2PN2sDVzvv +6CgmivDeiiHow9loLu7Ly4lPr003rZhkOG7Yh/s7C7alWNpe8oGhGJDWG/eKGxE6 +bVUMCU3N6kMBpJIFUH60Go9UsstMlAnghcwpIuRbKe5lkeNK+WQZQCUXJ6GRKy4Y +bSommuOCBaYLZySh3NQprUfwiShl2v78YoZHBVFUCNyz5ZlI1tpSvoV8 -----END X509 CRL----- diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index 3b6500e1c9..655dd74923 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -43,7 +43,7 @@ function generate_test_cert { openssl req -text -noout -in $1.csr echo "step 4 create cert" - openssl x509 -req -days 1000 -in $1.csr -signkey ../server-key.pem \ + openssl x509 -req -days 1000 -sha256 -in $1.csr -signkey ../server-key.pem \ -out $1.pem -extensions req_ext -extfile $1.conf rm $1.conf rm $1.csr diff --git a/certs/test/server-badaltname.der b/certs/test/server-badaltname.der index 7c831d6be34cf4d7f03586f7407389f1069f4dd7..9abc5d65e82caadbd6096e14f234d15e0e50b3b3 100644 GIT binary patch delta 342 zcmZ3@zM5U#pow|8K@(H|0%j&gCMHgXKcK!E+B;>8+l*!phmce0QeXl*%nNn#l{+ z_4Yk}kx*W^=+OPWmn7L74%BtT%z5*}(D&*Z$t7nvJTu*yBm+`}8226sPx^U$qxF_e z`itv%)F8vGNfwy4iN$J`p?wkLmMfqHxY2@;l>rakE^*o-SJ;muO zZtN_n`RjLL*W^6e%D^=qffdJ+_p4~DF48}B$g9My$$2N&Z((*#u_a3DJ_YI4f1h2T w*`+<-<~sX+TgPT5)(Mua`+got{`)e&|CM^@tlkOoTz$Q6t4|&(|8Z3l0C1j>zyJUM delta 342 zcmZ3@zM5U#pow|8K@(H|0%j&gCMHgX{RJ&0EBuSP4S3l&wc0$|zVk9Nva&KvJkvID zEtiO)frYVglsK=Ep@Ff1g%Oy$@$?PGdRA5j<|al)hIG9q*Nslce5ao0|I{~)`)>KO zE&K=eWb?DUx%co2yZ?RL znR8BWq&b!lWl^ST#pUn&bROt@S$b0N z`tSYq+wL*F)4qN*)J?ql#%#}Wr?t-M-=qbW{W+I#!LHJF`?=()?CX_&yJpY6<+pNL z>7f_l2C1z98#b@vwYVe9tM%(wSx4tWc8ljTLTd%qc-+#`<(!dlk(aq4LQrbeT|K)F y>j~QzFSSs8Z*w~Tr`YcUS?@H9lS7r`7aDMULLQEAMAo81S-jYPET^edlFlseVDn41_G8T4ZJM|p`|_q#Y(f<0%}*28mT z7ME7%OkCY~rRk)srN^BpVNzkVFeIry9nq`7IIQd!$=G?q1pP{bI5G&bU9{HTF$1(ahiwPwBP0 zRaL*${Pn}CUse0B2Tea#YP~Q!w@2Z>g^0@2Ov}s_8WYu=grueP06c=(XtB`D`bfBiBC4fTwpZacr)z2kc-HtG3>XZkvS x$`xjG@&+H7RDD)pnP`dEk2Ph7YU^7!UDaWn?XqAMJC|m$Ui98W2fjW%2mqYPlU)D+ diff --git a/certs/test/server-badaltnull.pem b/certs/test/server-badaltnull.pem index b992b0a959..af1e9c8777 100644 --- a/certs/test/server-badaltnull.pem +++ b/certs/test/server-badaltnull.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 16413372648738711447 (0xe3c80376562ee797) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 18337557996975909176 (0xfe7c17d779df6938) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com Validity - Not Before: Jun 12 21:08:33 2018 GMT - Not After : Mar 8 21:08:33 2021 GMT + Not Before: Jun 12 23:10:48 2018 GMT + Not After : Mar 8 23:10:48 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -34,28 +34,28 @@ Certificate: X509v3 extensions: X509v3 Subject Alternative Name: DNS:localhost - Signature Algorithm: sha1WithRSAEncryption - 2e:5d:bf:5a:4a:16:d7:4e:d1:9d:18:07:6c:9a:b5:c3:9c:1c: - a3:75:7b:6c:91:ab:81:d8:f3:39:b9:81:22:5a:ae:ac:6f:47: - 7a:5b:79:6c:17:a7:32:7f:ae:8b:60:1c:e9:2e:fc:2d:be:42: - e8:60:a7:d9:49:d4:71:2a:32:86:0f:14:b1:47:21:97:7a:0f: - 89:e8:60:68:2b:22:22:95:ff:34:4e:42:7c:01:d5:6f:84:58: - 57:bc:1b:85:f1:bb:a9:88:f7:d1:73:3f:b9:5e:fc:f7:28:be: - 92:34:29:68:08:17:64:8d:3e:da:7a:b5:37:eb:e1:7a:fa:7a: - bf:d7:52:97:c6:75:3b:a1:6b:6d:8c:20:ff:38:14:24:e5:69: - 39:69:a8:28:91:26:43:12:e9:1b:90:01:e4:e3:1d:dc:b4:05: - c7:6e:00:27:d0:21:da:0a:2c:a6:82:c0:72:d6:4d:e2:9c:9b: - 12:ea:b6:cf:20:e1:e1:0f:44:52:6c:e8:8f:7f:a6:40:28:27: - 68:c5:46:b9:f5:3e:ee:0e:e5:16:92:e7:b0:e6:2f:2c:fc:77: - 20:98:89:0d:53:c4:92:7b:cd:10:a6:15:74:4a:f8:ac:76:c2: - 7d:7f:85:b2:d5:2c:01:9b:44:a0:aa:07:29:73:2e:5b:bd:c2: - c0:f5:e5:c1 + Signature Algorithm: sha256WithRSAEncryption + 24:29:6d:72:5e:f9:49:79:0a:c1:d7:bb:c2:eb:b5:4b:f6:b6: + 05:e3:99:7a:df:68:ee:8d:94:66:f2:31:1f:9e:c2:86:77:5d: + 3b:75:86:9a:98:c1:8b:54:18:ab:9e:13:64:af:5b:b8:35:0c: + d4:e6:dc:3e:03:d9:26:06:75:6b:13:a2:e9:3d:19:0a:65:d7: + e2:1e:c2:67:fe:d7:f0:64:d8:ae:20:c3:81:1b:7f:a4:76:6e: + 4a:5c:ae:23:6e:85:32:25:3c:5e:54:7a:bf:49:5a:a2:11:53: + a1:ce:d9:4b:19:ef:1c:ba:0e:f9:8e:c4:da:90:69:2f:ec:87: + 08:24:d7:6a:18:63:56:3e:a0:a6:22:f1:e0:10:bd:cc:68:50: + 99:e7:4f:51:27:00:da:36:2c:df:26:ab:41:5e:c3:fb:1b:bb: + 58:3f:8c:4a:b2:30:71:66:92:9e:05:a1:c9:90:f9:06:0a:79: + 33:f4:e3:b9:da:43:38:8f:82:15:1e:98:7a:b8:da:e7:a4:f6: + 08:bc:54:c6:7b:64:c2:56:a0:83:f9:c0:d5:60:ba:a3:df:8a: + 04:bc:65:d6:82:23:82:50:2f:a9:f6:bd:03:c6:3d:5e:00:b8: + a0:c5:0f:eb:cf:59:67:d9:a3:e1:84:f9:d1:91:65:67:96:93: + b6:0b:15:80 -----BEGIN CERTIFICATE----- -MIIDozCCAougAwIBAgIJAOPIA3ZWLueXMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD +MIIDozCCAougAwIBAgIJAP58F9d532k4MA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG A1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMMD3d3dy5ub21hdGNoLmNvbTEfMB0G -CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0y -MTAzMDgyMTA4MzNaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ +CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDhaFw0y +MTAzMDgyMzEwNDhaMIGCMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQ MA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxGDAWBgNVBAMM D3d3dy5ub21hdGNoLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNv bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEn @@ -64,11 +64,11 @@ AWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX xfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9 ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIj laF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBP -rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEF -BQADggEBAC5dv1pKFtdO0Z0YB2yatcOcHKN1e2yRq4HY8zm5gSJarqxvR3pbeWwX -pzJ/rotgHOku/C2+Quhgp9lJ1HEqMoYPFLFHIZd6D4noYGgrIiKV/zROQnwB1W+E -WFe8G4Xxu6mI99FzP7le/PcovpI0KWgIF2SNPtp6tTfr4Xr6er/XUpfGdTuha22M -IP84FCTlaTlpqCiRJkMS6RuQAeTjHdy0BcduACfQIdoKLKaCwHLWTeKcmxLqts8g -4eEPRFJs6I9/pkAoJ2jFRrn1Pu4O5RaS57DmLyz8dyCYiQ1TxJJ7zRCmFXRK+Kx2 -wn1/hbLVLAGbRKCqBylzLlu9wsD15cE= +rdcCAwEAAaMaMBgwFgYDVR0RBA8wDYILbG9jYWxob3N0AGgwDQYJKoZIhvcNAQEL +BQADggEBACQpbXJe+Ul5CsHXu8LrtUv2tgXjmXrfaO6NlGbyMR+ewoZ3XTt1hpqY +wYtUGKueE2SvW7g1DNTm3D4D2SYGdWsTouk9GQpl1+Iewmf+1/Bk2K4gw4Ebf6R2 +bkpcriNuhTIlPF5Uer9JWqIRU6HO2UsZ7xy6DvmOxNqQaS/shwgk12oYY1Y+oKYi +8eAQvcxoUJnnT1EnANo2LN8mq0Few/sbu1g/jEqyMHFmkp4FocmQ+QYKeTP047na +QziPghUemHq42uek9gi8VMZ7ZMJWoIP5wNVguqPfigS8ZdaCI4JQL6n2vQPGPV4A +uKDFD+vPWWfZo+GE+dGRZWeWk7YLFYA= -----END CERTIFICATE----- diff --git a/certs/test/server-badcn.der b/certs/test/server-badcn.der index e54bbc10659bcbf36b9c288bbe23b5e5018b8682..867fdb41acc1c7915a3e4ea93eb5b1f77bf632cf 100644 GIT binary patch delta 342 zcmeBX?`BswXkuxtu~Lg@4SqR+^h@}&$LZk z%OzrLXkcOyCC+PPXkct$VFc!GJiUXlo|~0{xrvdHA=}r#)S+7D0LSxn8=r^IJMiw5 zsN2h@Om}}j{A{^%%jK<0PDhLRPH+xM>b)9~A!K^JcvqXTdfoFc-V+=?KT4Vq&hcQG zKv@#Q-UQ7%K>{;&H~M`4ao#N@?N{sF2NQm)+m`76uF?FrZuzoaImc_)m?mfh{yEpa z$1~3W*_ZLv3s>c*_KHe+ yd9#%+yg2#jq|VYT^||$3;_HsvhGg$;EpvG$CSPQ@ppt_)b(X;Z delta 342 zcmeBX?`BswXkuxtu~Lg@4SqRtgH+Z&$LZk z%OzrHU}0<=CC+PPXkct$VFc!GJiUXlo|Tn>xrvdHL2>3vgE-m5T`3)Y3q^BZb%(!q zi2FV>Md%0f9sl!Jes!B9t^If^i?(&hM?F;@ID>FZ@6sVc7FqxOl@r+lmiQlW= zul(yzw7T$4(iCmIcRsk)Thm%;MNO_%lFwHkQHfX6p81q7dhK!j)YthgTbr2{X3VkZ z2)muhv9qhD!q(U6&gy-Py*f9_qH1N*C4Vo~D@*uyO>n#XPtK~V3pVI2UUA@$L2Xfn wb&eXZx?Q4d*d<>MBjLl*H7(B{9-BAYNP~A_%SKN%E^E467}OR#_O(_;0bAyeLFF6oa+;{Rpse^mR58n2Dz!{g_!Hf}pnpZu`u z9{;6N_0zR$&u|83>MXe-8L{@Y$GPK~(#hd!QL|(B&6pdpY4d@~?)_gZKP`+kNcKt- zmF-{jqR+|a7T( z?Hx|2t}zy#NMGn5qB( diff --git a/certs/test/server-badcnnull.pem b/certs/test/server-badcnnull.pem index dff524a5b7..a3ffaec6a0 100644 --- a/certs/test/server-badcnnull.pem +++ b/certs/test/server-badcnnull.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 12504341600548822697 (0xad88586f52da1ea9) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 14443731963441436391 (0xc87271b1cfe1d6e7) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com Validity - Not Before: Jun 12 21:08:33 2018 GMT - Not After : Mar 8 21:08:33 2021 GMT + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=DER:30:0d:82:0b:6c:6f:63:61:6c:68:6f:73:74:00:68/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -31,28 +31,28 @@ Certificate: a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: ad:d7 Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - 2d:66:45:43:2b:7b:10:1e:9a:2d:65:ee:ff:55:c6:44:71:7f: - db:b8:42:ef:e7:e8:d6:ee:b9:7d:58:7d:e6:a9:c9:8b:9d:56: - 89:0d:7f:b2:e7:e8:48:00:ad:81:aa:e2:97:2b:c5:0d:78:bc: - 3f:b3:ae:67:4a:af:fe:b5:90:5d:97:f6:d5:dd:d9:5c:69:65: - 6c:3b:32:7c:5a:76:16:d9:86:08:24:47:1b:fd:16:4c:5a:72: - 56:17:85:1e:aa:e4:4c:28:aa:91:28:e5:ed:95:28:5f:6b:63: - a8:e7:7e:2d:0c:20:e2:7e:0e:57:ab:6d:e7:e4:fc:13:3b:d7: - bb:df:cd:89:55:56:80:b7:45:0c:74:f6:ae:c3:91:b0:10:69: - 3f:13:ff:7e:43:3d:1e:c3:3b:02:ee:ab:27:64:12:bd:b6:70: - 99:c0:d3:6b:22:b8:f5:3c:6b:3f:ab:a0:fd:ba:cc:50:e5:8a: - 67:b3:ec:8b:15:79:bd:db:e3:64:1a:1d:bb:d5:cb:55:8f:40: - 7f:01:ba:e2:32:dc:87:fa:3c:80:dd:37:7f:de:5b:ca:aa:1d: - 63:46:ec:22:c6:4c:1b:bf:74:50:c4:1a:21:b6:7a:ac:3f:55: - c8:bf:ae:69:80:2f:2d:2b:93:aa:0a:67:97:3c:c6:5b:7a:35: - e7:19:51:bd + Signature Algorithm: sha256WithRSAEncryption + 28:2d:4a:7a:b9:22:94:2a:92:90:d8:e8:2b:bc:c5:39:46:03: + c3:16:97:a1:21:1c:8d:19:f9:d2:c5:9f:36:8c:d4:04:b0:69: + cd:2f:28:3f:95:e9:3d:22:e1:b3:c0:f0:73:f3:b8:fa:cb:63: + a4:7d:b9:3c:dc:fc:f1:7e:fd:b0:8b:c6:5e:f2:60:90:51:5a: + 94:92:e0:48:04:44:53:4f:73:e5:73:27:c5:54:94:ed:69:a4: + 8f:5c:62:0f:fa:3b:4f:c5:2b:d4:26:0d:3c:39:e1:c7:ce:d5: + 81:b6:c8:7f:63:e1:7a:de:0f:d2:ca:97:2b:7d:cc:09:53:69: + 2c:a4:d8:19:58:ad:eb:48:ce:c7:69:1b:63:57:26:5a:9b:5d: + be:98:9d:58:b2:b3:c0:79:8b:bf:f4:39:f2:a1:5d:30:63:4a: + 66:15:1d:8f:a2:e4:83:b2:25:06:74:66:8f:32:b1:5d:a7:7f: + 6f:70:f6:4e:2a:10:33:6f:c2:a4:38:34:87:f6:3f:82:a7:a5: + ab:fa:7d:43:38:f6:8d:bc:04:e1:b2:81:10:c7:6a:03:ed:0c: + 89:b9:06:b3:61:e4:c1:ca:9e:88:48:39:a6:41:e8:7f:f8:d7: + 7d:48:46:fb:9f:53:de:8c:be:6a:25:77:8c:48:bf:a4:7d:b0: + 96:dd:d0:86 -----BEGIN CERTIFICATE----- -MIIDyTCCArGgAwIBAgIJAK2IWG9S2h6pMA0GCSqGSIb3DQEBBQUAMIGjMQswCQYD +MIIDyTCCArGgAwIBAgIJAMhycbHP4dbnMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG A1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4MjowYjo2Yzo2 Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJARYQaW5m -b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgyMTA4MzNaMIGj +b0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgyMzEwNDdaMIGj MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1h bjEUMBIGA1UECwwLRW5naW5lZXJpbmcxOTA3BgNVBAMMMERFUjozMDowZDo4Mjow Yjo2Yzo2Zjo2Mzo2MTo2Yzo2ODo2Zjo3Mzo3NDowMDo2ODEfMB0GCSqGSIb3DQEJ @@ -62,11 +62,11 @@ ggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF1 Y1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0Yz aYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh 1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMg -s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEALWZF -Qyt7EB6aLWXu/1XGRHF/27hC7+fo1u65fVh95qnJi51WiQ1/sufoSACtgarilyvF -DXi8P7OuZ0qv/rWQXZf21d3ZXGllbDsyfFp2FtmGCCRHG/0WTFpyVheFHqrkTCiq -kSjl7ZUoX2tjqOd+LQwg4n4OV6tt5+T8EzvXu9/NiVVWgLdFDHT2rsORsBBpPxP/ -fkM9HsM7Au6rJ2QSvbZwmcDTayK49TxrP6ug/brMUOWKZ7PsixV5vdvjZBodu9XL -VY9AfwG64jLch/o8gN03f95byqodY0bsIsZMG790UMQaIbZ6rD9VyL+uaYAvLSuT -qgpnlzzGW3o15xlRvQ== +s1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAKC1K +erkilCqSkNjoK7zFOUYDwxaXoSEcjRn50sWfNozUBLBpzS8oP5XpPSLhs8Dwc/O4 ++stjpH25PNz88X79sIvGXvJgkFFalJLgSAREU09z5XMnxVSU7Wmkj1xiD/o7T8Ur +1CYNPDnhx87VgbbIf2Phet4P0sqXK33MCVNpLKTYGVit60jOx2kbY1cmWptdvpid +WLKzwHmLv/Q58qFdMGNKZhUdj6Lkg7IlBnRmjzKxXad/b3D2TioQM2/CpDg0h/Y/ +gqelq/p9Qzj2jbwE4bKBEMdqA+0MibkGs2HkwcqeiEg5pkHof/jXfUhG+59T3oy+ +aiV3jEi/pH2wlt3Qhg== -----END CERTIFICATE----- diff --git a/certs/test/server-goodaltwild.der b/certs/test/server-goodaltwild.der index e82bd88414c4b3e7152b397ab529e9f7f9a34aab..f5748343058b112ae8943dc4729426678d4c09c9 100644 GIT binary patch delta 342 zcmZ3+zKmVnpow{rK@(Hg0%j&gCMHgX&r%(}=SuI)HQ;6A)N1o+`_9YA$j!>$zDOn41_G8P;n~p8McUpYN(?LK9rqhZ)6A z&rr-@>2GRyC+fzqXioEj&n}OrUYqP`z}Lp`OTOno@*?lA);}80ed?GYad=NCk4NSM z?i3f9T+`UIrI801u1KEP^|Ah#4Z|1ye}{g(h*9e0epPq8;UeSb-BJ-x^Rz086HgnQ zO{=Uw?6kR1#>Z0l@6lpsRbJcKp8w5)k7wm8aDCm7zUIRJ6-lZ^ufH5jGcfeY*}XcH z!|eCs-kBR7#B^}(`WLfc%I)d9-W4J?d}qr`cQ3=ND8ER4Y1ji)a&*0ZuQFgGzWGQ@NpXwQAIeq!`*=eEPir);ms zL`zj23a6h`3nhL!AcvC1^io)K5;@AYx;T7|1VE&T=!}2biS`|95+36;O=jJ zxbsQm-ny6tR}JqUsgOD)Ed5x2#rFArZIQ;u7EU|*F}k@%F=6_}a#e>lZKscJxPF^` z27j_g{l=}AzwD8o@aN+GslolsZ|1Gpyhq|h@F_Ekl<3q{_2rwBQ2amR zY|@NWmZki=j|(oT%IB*Tc_w+pKjgr2|Ad(bYs5=(Eo6!&^cH0Y-OcdQ>Gqp@*z||A yVczSq?Yrwj+Va=vJ^2<$!O;lyXD6Z8t}4lYPET^edlFld+OhDHxWp9Y)2xRkv>hV(X{G-Uae5O<}SBH7Rhh4qfw%DI|t6v>9f9U}RNyZnCFS7kn-yZul_$Nc&l~0B; zi|fw{#TQv{cI^v!oG)sqarh)>!laeQ9;O)|@m2Xy($}t;oSv=lAi9wy^$cI;?fU1F zTd%UH?QWWvnfS^4NzSA8hiAh^M< v`BfmHqS<1?YU4=POV5(-+n!xkV>xlox@l(H>kqnd39LBjw=XRx(QOd`29=WH delta 342 zcmey*_Mc7FpozKKpouAY0W%XL6B8%H;-v;tcC|!H8t}4lYPET^edlFlWSywmBWh@1 zVQd^F&TC|7U~FJv1mR9pZ`ka{XvkR4%F4jp#K_37YDRS7)!)24Ul#S=&*5J;c_~Yq z-zjtM&fixL{MvNsuE}i1lewmLj}5mpamyHmtxmiadzdx1Gw=`d;YFpU>}AOxQ&leC zJ$&AcE%k{^FZ=O*8IwO>d%gP9%(cCH6=sx&UHd4`SDvRo?{moE!#=sM^dEDuNUT?u z-B%wj{W$l^~G=zAio!$@itMXo=*f?MMCue*KkUe|=fy z!j*0}gAU!Cbebh=+0|l|{OY*5(+eyXH(fh=qx*~+bJ5nKr3RsS4H>0BJ~+VE_OC diff --git a/certs/test/server-goodcnwild.pem b/certs/test/server-goodcnwild.pem index 7b961cadc6..656604158d 100644 --- a/certs/test/server-goodcnwild.pem +++ b/certs/test/server-goodcnwild.pem @@ -1,12 +1,12 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 11791884614682041113 (0xa3a53094ba845b19) - Signature Algorithm: sha1WithRSAEncryption + Serial Number: 9769574718208722881 (0x87948071dd77c7c1) + Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com Validity - Not Before: Jun 12 21:08:33 2018 GMT - Not After : Mar 8 21:08:33 2021 GMT + Not Before: Jun 12 23:10:47 2018 GMT + Not After : Mar 8 23:10:47 2021 GMT Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption @@ -31,28 +31,28 @@ Certificate: a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: ad:d7 Exponent: 65537 (0x10001) - Signature Algorithm: sha1WithRSAEncryption - aa:98:5b:71:d5:fb:0d:0c:f4:a2:8d:df:6c:0f:ae:93:a5:04: - 86:4e:ca:37:0b:89:fb:d5:c0:fa:b2:d2:dd:34:9b:01:c9:6d: - 35:3e:e3:31:b4:82:0b:1c:32:56:ab:61:d6:5d:c3:05:6d:89: - 51:fc:03:c3:a2:75:35:07:76:63:f1:65:24:d3:dd:c3:cf:46: - 06:65:e4:1c:8d:07:c7:be:68:93:f3:d6:eb:ab:ca:99:ad:8d: - bd:20:98:77:56:d6:f1:17:0e:77:6e:2f:9e:f3:54:c3:c3:4c: - 6d:ea:2f:e3:08:04:18:af:23:1d:be:57:1b:e3:6d:d4:d3:60: - 1e:64:83:1d:33:08:24:0b:60:3e:f4:a0:08:31:2e:0d:13:7a: - f5:a3:cc:59:0e:f4:7e:72:a4:19:f2:b7:c4:fc:51:f5:fa:68: - 3f:d7:a6:79:a1:a9:46:d9:52:c2:d9:92:cb:04:6a:a6:d5:73: - 24:6f:7b:5e:9d:97:70:38:a3:82:d6:c5:d8:8b:cc:26:03:72: - b5:72:a5:30:ca:ad:d4:25:b1:59:84:fd:ed:43:cb:b2:80:ec: - 5d:cc:33:6a:a1:49:f6:8e:3e:ab:17:fc:74:c5:ce:d6:2e:05: - bf:a1:26:11:2c:4b:13:d1:15:0f:76:92:a2:d1:28:26:ad:1b: - 65:20:3b:38 + Signature Algorithm: sha256WithRSAEncryption + 34:ef:b2:dc:02:ec:6a:b5:58:e6:2b:13:18:30:57:e2:ef:22: + 0f:7c:7d:e3:00:77:cc:c4:d9:97:7f:e8:69:f4:87:22:1a:b8: + a1:f2:17:18:94:23:cb:05:c2:90:86:c0:37:6a:90:da:00:70: + dd:de:11:68:48:95:eb:4d:08:1e:73:1e:68:6e:1b:1e:1f:93: + a1:fc:21:05:a7:99:1a:73:0a:88:37:60:f0:ba:8d:b6:b4:3f: + c8:ed:2f:7b:56:9f:a5:c0:00:19:01:e8:e3:d1:06:fc:27:b7: + 5d:f5:53:f9:00:6e:d4:f2:31:1c:a3:cd:12:5f:72:38:09:8a: + be:54:e3:6f:15:31:28:c3:c9:09:60:92:a9:c6:e1:66:33:c4: + 4d:24:f0:74:8e:87:29:63:67:6b:20:e0:5b:81:04:65:cc:0e: + 69:db:7f:e7:93:85:d5:04:26:bb:82:9e:69:61:f2:37:e4:6c: + e2:87:e1:cd:37:40:69:a4:7f:f4:e3:39:d8:fb:2d:53:61:d7: + 4d:1d:39:e0:db:0a:10:7c:f3:4e:30:55:ef:3f:8a:8b:4a:47: + 99:f5:10:60:78:83:38:90:ab:33:59:45:d2:e6:62:df:3d:cd: + a6:7c:39:91:9c:ae:96:36:b7:7f:c1:46:10:a8:c9:4e:be:66: + 6c:61:46:a2 -----BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIJAKOlMJS6hFsZMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV +MIIDezCCAmOgAwIBAgIJAIeUgHHdd8fBMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD VQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2FsaG9zdDEfMB0GCSqGSIb3 -DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMTA4MzNaFw0yMTAzMDgy -MTA4MzNaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH +DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0xODA2MTIyMzEwNDdaFw0yMTAzMDgy +MzEwNDdaMH0xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQH DAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzETMBEGA1UEAwwKKmxvY2Fs aG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXO @@ -61,10 +61,10 @@ htiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBip Am2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwj c9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJ ag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAATANBgkq -hkiG9w0BAQUFAAOCAQEAqphbcdX7DQz0oo3fbA+uk6UEhk7KNwuJ+9XA+rLS3TSb -AcltNT7jMbSCCxwyVqth1l3DBW2JUfwDw6J1NQd2Y/FlJNPdw89GBmXkHI0Hx75o -k/PW66vKma2NvSCYd1bW8RcOd24vnvNUw8NMbeov4wgEGK8jHb5XG+Nt1NNgHmSD -HTMIJAtgPvSgCDEuDRN69aPMWQ70fnKkGfK3xPxR9fpoP9emeaGpRtlSwtmSywRq -ptVzJG97Xp2XcDijgtbF2IvMJgNytXKlMMqt1CWxWYT97UPLsoDsXcwzaqFJ9o4+ -qxf8dMXO1i4Fv6EmESxLE9EVD3aSotEoJq0bZSA7OA== +hkiG9w0BAQsFAAOCAQEANO+y3ALsarVY5isTGDBX4u8iD3x94wB3zMTZl3/oafSH +Ihq4ofIXGJQjywXCkIbAN2qQ2gBw3d4RaEiV600IHnMeaG4bHh+TofwhBaeZGnMK +iDdg8LqNtrQ/yO0ve1afpcAAGQHo49EG/Ce3XfVT+QBu1PIxHKPNEl9yOAmKvlTj +bxUxKMPJCWCSqcbhZjPETSTwdI6HKWNnayDgW4EEZcwOadt/55OF1QQmu4KeaWHy +N+Rs4ofhzTdAaaR/9OM52PstU2HXTR054NsKEHzzTjBV7z+Ki0pHmfUQYHiDOJCr +M1lF0uZi3z3Npnw5kZyulja3f8FGEKjJTr5mbGFGog== -----END CERTIFICATE----- From a03c15e59891523c13d0e2422773509b28b9a5e5 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 13 Jun 2018 11:42:16 +1000 Subject: [PATCH 51/63] Allow NO_WOLFSSL_CLIENT/SERVER to compile and pass tests --- examples/benchmark/tls_bench.c | 5 + examples/client/client.c | 3 + examples/echoclient/echoclient.c | 1 + examples/echoserver/echoserver.c | 1 + examples/server/server.c | 1 + scripts/psk.test | 8 + scripts/resume.test | 32 ++-- scripts/tls13.test | 8 + src/internal.c | 288 ++++++++++++++++--------------- src/tls.c | 14 +- src/tls13.c | 287 ++++++++++++++++-------------- tests/api.c | 176 +++++++++++++++++-- tests/unit.c | 2 + wolfssl/internal.h | 4 +- wolfssl/ssl.h | 3 +- 15 files changed, 527 insertions(+), 306 deletions(-) diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index 199ab37550..93b39d9745 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -68,6 +68,7 @@ bench_tls(args); #define TEST_PACKET_SIZE 1024 #define SHOW_VERBOSE 0 /* Default output is tab delimited format */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int argShowPeerInfo = 0; /* Show more info about wolfSSL configuration */ static const char* kTestStr = @@ -864,6 +865,7 @@ int bench_tls(void* args) /* Return reporting a success */ return (((func_args*)args)->return_code = 0); } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ #ifndef NO_MAIN_DRIVER @@ -873,8 +875,11 @@ int main(int argc, char** argv) args.argc = argc; args.argv = argv; + args.return_code = 0; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) bench_tls(&args); +#endif return(args.return_code); } diff --git a/examples/client/client.c b/examples/client/client.c index f90356c83f..c16d146622 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2633,6 +2633,7 @@ exit: args.argc = argc; args.argv = argv; + args.return_code = 0; #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP) wolfSSL_Debugging_ON(); @@ -2646,6 +2647,8 @@ exit: #else client_test(&args); #endif +#else + printf("Client not compiled in!\n"); #endif wolfSSL_Cleanup(); diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c index f38b14df67..ffe4bd5ca8 100644 --- a/examples/echoclient/echoclient.c +++ b/examples/echoclient/echoclient.c @@ -334,6 +334,7 @@ void echoclient_test(void* args) args.argc = argc; args.argv = argv; + args.return_code = 0; CyaSSL_Init(); #if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 3e6bfbd584..37048f82f4 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -497,6 +497,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) args.argc = argc; args.argv = argv; + args.return_code = 0; CyaSSL_Init(); #if defined(DEBUG_CYASSL) && !defined(CYASSL_MDK_SHELL) diff --git a/examples/server/server.c b/examples/server/server.c index f744a96c6e..8103a7e01a 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1753,6 +1753,7 @@ exit: args.argc = argc; args.argv = argv; args.signal = &ready; + args.return_code = 0; InitTcpReady(&ready); #if defined(DEBUG_CYASSL) && !defined(WOLFSSL_MDK_SHELL) diff --git a/scripts/psk.test b/scripts/psk.test index 0d21443f24..b9c0f21c02 100755 --- a/scripts/psk.test +++ b/scripts/psk.test @@ -62,6 +62,14 @@ do_trap() { trap do_trap INT TERM [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi +./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi # Usual psk server / psk client. This use case is tested in # tests/unit.test and is used here for just checking if PSK is enabled diff --git a/scripts/resume.test b/scripts/resume.test index f948fb5687..c4bd80f1e5 100755 --- a/scripts/resume.test +++ b/scripts/resume.test @@ -111,18 +111,28 @@ do_test() { trap do_trap INT TERM -do_test +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -ne 0 ]; then + ./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' + if [ $? -ne 0 ]; then + RUN_TEST="Y" + fi +fi -# Check the client for the extended master secret disable option. If -# present we need to run the test twice. -options_check=`./examples/client/client -?` -case "$options_check" in -*$ems_string*) - echo -e "\nRepeating resume test without extended master secret..." - do_test -n ;; -*) - ;; -esac +if [ "$RUN_TEST" = "Y" ]; then + do_test + + # Check the client for the extended master secret disable option. If + # present we need to run the test twice. + options_check=`./examples/client/client -?` + case "$options_check" in + *$ems_string*) + echo -e "\nRepeating resume test without extended master secret..." + do_test -n ;; + *) + ;; + esac +fi echo -e "\nSuccess!\n" diff --git a/scripts/tls13.test b/scripts/tls13.test index 4fc0dd56c1..ba999f41f0 100755 --- a/scripts/tls13.test +++ b/scripts/tls13.test @@ -70,6 +70,14 @@ do_trap() { trap do_trap INT TERM [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +./examples/client/client -? 2>&1 | grep -- 'Client not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi +./examples/server/server -? 2>&1 | grep -- 'Server not compiled in!' +if [ $? -eq 0 ]; then + exit 0 +fi # Usual TLS v1.3 server / TLS v1.3 client. echo -e "\n\nTLS v1.3 server with TLS v1.3 client" diff --git a/src/internal.c b/src/internal.c index bb116852a9..0206db1644 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16274,6 +16274,152 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, #endif /* WOLFSSL_CALLBACKS */ +#if !defined(NO_CERTS) && (defined(WOLFSSL_TLS13) || \ + !defined(NO_WOLFSSL_CLIENT)) + +/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. + * The signature type is set as well. + * The maximum length of a signature is returned. + * + * ssl The SSL/TLS object. + * length The length of a signature. + * returns 0 on success, otherwise failure. + */ +int DecodePrivateKey(WOLFSSL *ssl, word16* length) +{ + int ret = BAD_FUNC_ARG; + int keySz; + word32 idx; + + /* make sure private key exists */ + if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { + WOLFSSL_MSG("Private key missing!"); + ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); + } + +#ifndef NO_RSA + ssl->hsType = DYNAMIC_TYPE_RSA; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + + WOLFSSL_MSG("Trying RSA private key"); + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an RSA private key. */ + ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (RsaKey*)ssl->hsKey, ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using RSA private key"); + + /* It worked so check it meets minimum key size requirements. */ + keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); + if (keySz < 0) { /* check if keySz has error case */ + ERROR_OUT(keySz, exit_dpk); + } + + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)keySz; + + goto exit_dpk; + } +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC +#ifndef NO_RSA + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); +#endif /* !NO_RSA */ + + ssl->hsType = DYNAMIC_TYPE_ECC; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + +#ifndef NO_RSA + WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); +#else + WOLFSSL_MSG("Trying ECC private key"); +#endif + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ECC private key. */ + ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ecc_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ECC private key"); + + /* Check it meets the minimum ECC key size requirements. */ + keySz = wc_ecc_size((ecc_key*)ssl->hsKey); + if (keySz < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); + + goto exit_dpk; + } +#endif +#ifdef HAVE_ED25519 + #if !defined(NO_RSA) || defined(HAVE_ECC) + FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + #endif + + ssl->hsType = DYNAMIC_TYPE_ED25519; + ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (ret != 0) { + goto exit_dpk; + } + + #ifdef HAVE_ECC + WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); + #elif !defined(NO_RSA) + WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); + #else + WOLFSSL_MSG("Trying ED25519 private key"); + #endif + + /* Set start of data to beginning of buffer. */ + idx = 0; + /* Decode the key assuming it is an ED25519 private key. */ + ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, + (ed25519_key*)ssl->hsKey, + ssl->buffers.key->length); + if (ret == 0) { + WOLFSSL_MSG("Using ED25519 private key"); + + /* Check it meets the minimum ECC key size requirements. */ + if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ED25519 key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); + } + + /* Return the maximum signature length. */ + *length = ED25519_SIG_SIZE; + + goto exit_dpk; + } +#endif /* HAVE_ED25519 */ + + (void)idx; + (void)keySz; + (void)length; +exit_dpk: + return ret; +} + +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ /* client only parts */ #ifndef NO_WOLFSSL_CLIENT @@ -19641,148 +19787,6 @@ exit_scke: } #endif /* HAVE_PK_CALLBACKS */ -/* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. - * The signature type is set as well. - * The maximum length of a signature is returned. - * - * ssl The SSL/TLS object. - * length The length of a signature. - * returns 0 on success, otherwise failure. - */ -int DecodePrivateKey(WOLFSSL *ssl, word16* length) -{ - int ret = BAD_FUNC_ARG; - int keySz; - word32 idx; - - /* make sure private key exists */ - if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { - WOLFSSL_MSG("Private key missing!"); - ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); - } - -#ifndef NO_RSA - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - WOLFSSL_MSG("Trying RSA private key"); - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an RSA private key. */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (RsaKey*)ssl->hsKey, ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using RSA private key"); - - /* It worked so check it meets minimum key size requirements. */ - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* check if keySz has error case */ - ERROR_OUT(keySz, exit_dpk); - } - - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = (word16)keySz; - - goto exit_dpk; - } -#endif /* !NO_RSA */ - -#ifdef HAVE_ECC -#ifndef NO_RSA - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); -#endif /* !NO_RSA */ - - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - -#ifndef NO_RSA - WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); -#else - WOLFSSL_MSG("Trying ECC private key"); -#endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ECC private key. */ - ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ECC private key"); - - /* Check it meets the minimum ECC key size requirements. */ - keySz = wc_ecc_size((ecc_key*)ssl->hsKey); - if (keySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); - - goto exit_dpk; - } -#endif -#ifdef HAVE_ED25519 - #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); - #endif - - ssl->hsType = DYNAMIC_TYPE_ED25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); - if (ret != 0) { - goto exit_dpk; - } - - #ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ED25519 private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ED25519 private key. */ - ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); - if (ret == 0) { - WOLFSSL_MSG("Using ED25519 private key"); - - /* Check it meets the minimum ECC key size requirements. */ - if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ED25519 key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); - } - - /* Return the maximum signature length. */ - *length = ED25519_SIG_SIZE; - - goto exit_dpk; - } -#endif /* HAVE_ED25519 */ - - (void)idx; - (void)keySz; - (void)length; -exit_dpk: - return ret; -} - #ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_CLIENT_AUTH diff --git a/src/tls.c b/src/tls.c index d6e947c196..22ff7f795b 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3484,7 +3484,7 @@ static int TLSX_PointFormat_Append(PointFormat* list, byte format, void* heap) return ret; } -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore) { @@ -3515,6 +3515,7 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore) } #endif + #ifndef NO_WOLFSSL_SERVER static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore) @@ -3706,6 +3707,9 @@ int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl) return 0; } +#endif + +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) /* Return the preferred group. * * ssl SSL/TLS object. @@ -4351,7 +4355,7 @@ int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap) #ifdef HAVE_SESSION_TICKET -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); @@ -4366,7 +4370,7 @@ static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) } } } -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* WLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) @@ -9115,7 +9119,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) } -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) /** Tells the buffered size of extensions to be sent into the client hello. */ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength) @@ -9320,7 +9324,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word16* pOffset) return ret; } -#endif /* NO_WOLFSSL_CLIENT */ +#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER diff --git a/src/tls13.c b/src/tls13.c index 34b862bcf6..cb30d0536c 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2190,6 +2190,127 @@ static int FindSuite(WOLFSSL* ssl, byte* suite) } #endif +#ifndef WOLFSSL_TLS13_DRAFT_18 +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +/* Create Cookie extension using the hash of the first ClientHello. + * + * ssl SSL/TLS object. + * hash The hash data. + * hashSz The size of the hash data in bytes. + * returns 0 on success, otherwise failure. + */ +static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) +{ + int ret; + byte mac[WC_MAX_DIGEST_SIZE]; + Hmac cookieHmac; + byte cookieType; + byte macSz; + +#if !defined(NO_SHA) && defined(NO_SHA256) + cookieType = SHA; + macSz = WC_SHA_DIGEST_SIZE; +#endif /* NO_SHA */ +#ifndef NO_SHA256 + cookieType = WC_SHA256; + macSz = WC_SHA256_DIGEST_SIZE; +#endif /* NO_SHA256 */ + + ret = wc_HmacSetKey(&cookieHmac, cookieType, + ssl->buffers.tls13CookieSecret.buffer, + ssl->buffers.tls13CookieSecret.length); + if (ret != 0) + return ret; + if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0) + return ret; + if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) + return ret; + + /* The cookie data is the hash and the integrity check. */ + return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1); +} +#endif + +/* Restart the Hanshake hash with a hash of the previous messages. + * + * ssl The SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +static int RestartHandshakeHash(WOLFSSL* ssl) +{ + int ret; + Hashes hashes; + byte header[HANDSHAKE_HEADER_SZ]; + byte* hash = NULL; + byte hashSz = 0; + + ret = BuildCertHashes(ssl, &hashes); + if (ret != 0) + return ret; + switch (ssl->specs.mac_algorithm) { + #ifndef NO_SHA256 + case sha256_mac: + hash = hashes.sha256; + break; + #endif + #ifdef WOLFSSL_SHA384 + case sha384_mac: + hash = hashes.sha384; + break; + #endif + #ifdef WOLFSSL_TLS13_SHA512 + case sha512_mac: + hash = hashes.sha512; + break; + #endif + } + hashSz = ssl->specs.hash_size; + AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); + + WOLFSSL_MSG("Restart Hash"); + WOLFSSL_BUFFER(hash, hashSz); + +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) + if (ssl->options.sendCookie) { + byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; + TLSX* ext; + word32 idx = 0; + + /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ + cookie[idx++] = hashSz; + XMEMCPY(cookie + idx, hash, hashSz); + idx += hashSz; + cookie[idx++] = ssl->options.cipherSuite0; + cookie[idx++] = ssl->options.cipherSuite; + if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) { + KeyShareEntry* kse = (KeyShareEntry*)ext->data; + c16toa(kse->group, cookie + idx); + idx += OPAQUE16_LEN; + } + return CreateCookie(ssl, cookie, idx); + } +#endif + + ret = InitHandshakeHashes(ssl); + if (ret != 0) + return ret; + ret = HashOutputRaw(ssl, header, sizeof(header)); + if (ret != 0) + return ret; + return HashOutputRaw(ssl, hash, hashSz); +} + +/* The value in the random field of a ServerHello to indicate + * HelloRetryRequest. + */ +static byte helloRetryRequestRandom[] = { + 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C +}; +#endif /* WOLFSSL_TLS13_DRAFT_18 */ + #ifndef NO_WOLFSSL_CLIENT #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) /* Setup pre-shared key based on the details in the extension data. @@ -2540,117 +2661,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) return ret; } -#ifndef WOLFSSL_TLS13_DRAFT_18 -#ifdef WOLFSSL_SEND_HRR_COOKIE -/* Create Cookie extension using the hash of the first ClientHello. - * - * ssl SSL/TLS object. - * hash The hash data. - * hashSz The size of the hash data in bytes. - * returns 0 on success, otherwise failure. - */ -static int CreateCookie(WOLFSSL* ssl, byte* hash, byte hashSz) -{ - int ret; - byte mac[WC_MAX_DIGEST_SIZE]; - Hmac cookieHmac; - byte cookieType; - byte macSz; - -#if !defined(NO_SHA) && defined(NO_SHA256) - cookieType = SHA; - macSz = WC_SHA_DIGEST_SIZE; -#endif /* NO_SHA */ -#ifndef NO_SHA256 - cookieType = WC_SHA256; - macSz = WC_SHA256_DIGEST_SIZE; -#endif /* NO_SHA256 */ - - ret = wc_HmacSetKey(&cookieHmac, cookieType, - ssl->buffers.tls13CookieSecret.buffer, - ssl->buffers.tls13CookieSecret.length); - if (ret != 0) - return ret; - if ((ret = wc_HmacUpdate(&cookieHmac, hash, hashSz)) != 0) - return ret; - if ((ret = wc_HmacFinal(&cookieHmac, mac)) != 0) - return ret; - - /* The cookie data is the hash and the integrity check. */ - return TLSX_Cookie_Use(ssl, hash, hashSz, mac, macSz, 1); -} -#endif - -/* Restart the Hanshake hash with a hash of the previous messages. - * - * ssl The SSL/TLS object. - * returns 0 on success, otherwise failure. - */ -static int RestartHandshakeHash(WOLFSSL* ssl) -{ - int ret; - Hashes hashes; - byte header[HANDSHAKE_HEADER_SZ]; - byte* hash = NULL; - byte hashSz = 0; - - ret = BuildCertHashes(ssl, &hashes); - if (ret != 0) - return ret; - switch (ssl->specs.mac_algorithm) { - #ifndef NO_SHA256 - case sha256_mac: - hash = hashes.sha256; - break; - #endif - #ifdef WOLFSSL_SHA384 - case sha384_mac: - hash = hashes.sha384; - break; - #endif - #ifdef WOLFSSL_TLS13_SHA512 - case sha512_mac: - hash = hashes.sha512; - break; - #endif - } - hashSz = ssl->specs.hash_size; - AddTls13HandShakeHeader(header, hashSz, 0, 0, message_hash, ssl); - - WOLFSSL_MSG("Restart Hash"); - WOLFSSL_BUFFER(hash, hashSz); - -#ifdef WOLFSSL_SEND_HRR_COOKIE - if (ssl->options.sendCookie) { - byte cookie[OPAQUE8_LEN + WC_MAX_DIGEST_SIZE + OPAQUE16_LEN * 2]; - TLSX* ext; - word32 idx = 0; - - /* Cookie Data = Hash Len | Hash | CS | KeyShare Group */ - cookie[idx++] = hashSz; - XMEMCPY(cookie + idx, hash, hashSz); - idx += hashSz; - cookie[idx++] = ssl->options.cipherSuite0; - cookie[idx++] = ssl->options.cipherSuite; - if ((ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE)) != NULL) { - KeyShareEntry* kse = (KeyShareEntry*)ext->data; - c16toa(kse->group, cookie + idx); - idx += OPAQUE16_LEN; - } - return CreateCookie(ssl, cookie, idx); - } -#endif - - ret = InitHandshakeHashes(ssl); - if (ret != 0) - return ret; - ret = HashOutputRaw(ssl, header, sizeof(header)); - if (ret != 0) - return ret; - return HashOutputRaw(ssl, hash, hashSz); -} -#endif - #ifdef WOLFSSL_TLS13_DRAFT_18 /* handle rocessing of TLS 1.3 hello_retry_request (6) */ /* Parse and handle a HelloRetryRequest message. @@ -2720,18 +2730,6 @@ static int DoTls13HelloRetryRequest(WOLFSSL* ssl, const byte* input, #endif -#ifndef WOLFSSL_TLS13_DRAFT_18 -/* The value in the random field of a ServerHello to indicate - * HelloRetryRequest. - */ -static byte helloRetryRequestRandom[] = { - 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, - 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, - 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, - 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C -}; -#endif - /* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */ /* Handle the ServerHello message from the server. * Only a client will receive this message. @@ -7306,6 +7304,7 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, return ret; } +#ifndef NO_WOLFSSL_CLIENT /* The client connecting to the server. * The protocol version is expecting to be TLS v1.3. @@ -7532,8 +7531,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; /* unknown connect state */ } } +#endif -#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +#if defined(WOLFSSL_SEND_HRR_COOKIE) /* Send a cookie with the HelloRetryRequest to avoid storing state. * * ssl SSL/TLS object. @@ -7551,6 +7551,7 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; + #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; @@ -7597,7 +7598,15 @@ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, ssl->options.sendCookie = 1; - return WOLFSSL_SUCCESS; + ret = WOLFSSL_SUCCESS; +#else + (void)secret; + (void)secretSz; + + ret = SIDE_ERROR; +#endif + + return ret; } #endif @@ -7783,10 +7792,13 @@ int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl) int wolfSSL_request_certificate(WOLFSSL* ssl) { int ret; +#ifndef NO_WOLFSSL_SERVER CertReqCtx* certReqCtx; +#endif if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; if (ssl->options.handShakeState != HANDSHAKE_DONE) @@ -7814,12 +7826,15 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; +#else + ret = SIDE_ERROR; +#endif return ret; } #endif /* !NO_CERTS && WOLFSSL_POST_HANDSHAKE_AUTH */ -#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) +#if !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) /* Get the preferred key exchange group. * * ssl The SSL/TLS object. @@ -7829,19 +7844,19 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) */ int wolfSSL_preferred_group(WOLFSSL* ssl) { - int ret; - if (ssl == NULL || !IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; if (ssl->options.handShakeState != HANDSHAKE_DONE) return NOT_READY_ERROR; /* Return supported groups only. */ - ret = TLSX_SupportedCurve_Preferred(ssl, 1); - - return ret; + return TLSX_SupportedCurve_Preferred(ssl, 1); +#else + return SIDE_ERROR; +#endif } #endif @@ -8258,6 +8273,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; @@ -8272,6 +8288,9 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) if (ret > 0) *outSz = ret; } +#else + return SIDE_ERROR; +#endif WOLFSSL_LEAVE("SSL_write_early_data()", ret); @@ -8292,7 +8311,7 @@ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) */ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) { - int ret; + int ret = 0; WOLFSSL_ENTER("wolfSSL_read_early_data()"); @@ -8302,6 +8321,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; +#ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_CLIENT_END) return SIDE_ERROR; @@ -8320,6 +8340,9 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) } else ret = 0; +#else + return SIDE_ERROR; +#endif WOLFSSL_LEAVE("wolfSSL_read_early_data()", ret); diff --git a/tests/api.c b/tests/api.c index faf006ff9e..dbb8ef2b16 100644 --- a/tests/api.c +++ b/tests/api.c @@ -465,8 +465,12 @@ static void test_wolfSSL_Method_Allocators(void) TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); #endif - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); - TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); + #endif #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER @@ -1181,7 +1185,7 @@ static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) } #endif -#ifndef NO_WOLFSSL_SERVER +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; @@ -1339,7 +1343,6 @@ done: return 0; #endif } -#endif /* !NO_WOLFSSL_SERVER */ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); @@ -1488,6 +1491,7 @@ done2: return; } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ /* SNI / ALPN / session export helper functions */ #if defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLFSSL_SESSION_EXPORT) @@ -1742,7 +1746,7 @@ static void run_wolfssl_client(void* args) defined(WOLFSSL_SESSION_EXPORT) */ #endif /* io tests dependencies */ - +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static void test_wolfSSL_read_write(void) { #ifdef HAVE_IO_TESTS_DEPENDENCIES @@ -1803,6 +1807,7 @@ static void test_wolfSSL_read_write(void) #endif } +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ @@ -2972,10 +2977,18 @@ static void test_wolfSSL_PKCS8(void) /* Note that wolfSSL_Init() or wolfCrypt_Init() has been called before these * function calls */ -#ifndef WOLFSSL_NO_TLS12 - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#ifndef NO_WOLFSSL_CLIENT + #ifndef WOLFSSL_NO_TLS12 + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #endif #else - AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #ifndef WOLFSSL_NO_TLS12 + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + #else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif #endif wolfSSL_CTX_set_default_passwd_cb(ctx, &PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); @@ -3115,11 +3128,19 @@ static int test_wolfSSL_UseOCSPStapling(void) WOLFSSL* ssl; wolfSSL_Init(); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + #endif +#endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStapling()"); @@ -3159,11 +3180,19 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void) WOLFSSL* ssl; wolfSSL_Init(); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + #else + ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); + #endif +#endif ssl = wolfSSL_new(ctx); printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()"); @@ -16161,6 +16190,7 @@ static void test_wolfSSL_CTX_add_extra_chain_cert(void) } +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static void test_wolfSSL_ERR_peek_last_error_line(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ @@ -16264,6 +16294,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ } +#endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) @@ -16742,7 +16773,8 @@ static void test_wolfSSL_msgCb(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; @@ -18999,7 +19031,7 @@ static void test_wc_ecc_get_curve_id_from_params(void) #endif /* NO_CERTS */ #ifdef WOLFSSL_TLS13 -#ifdef WOLFSSL_SEND_HRR_COOKIE +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; #endif #ifdef WOLFSSL_EARLY_DATA @@ -19011,19 +19043,27 @@ static int test_tls13_apis(void) { int ret = 0; #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; +#endif +#ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; #endif +#endif +#ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; +#endif +#ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverCtx; WOLFSSL* serverSsl; #ifndef NO_CERTS const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; #endif +#endif #ifdef WOLFSSL_EARLY_DATA int outSz; #endif @@ -19031,8 +19071,11 @@ static int test_tls13_apis(void) int numGroups = 1; #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); +#endif +#ifndef NO_WOLFSSL_SERVER serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); @@ -19040,19 +19083,27 @@ static int test_tls13_apis(void) #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); #endif +#endif +#ifndef NO_WOLFSSL_CLIENT clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); +#endif +#ifndef NO_WOLFSSL_SERVER serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #ifndef NO_CERTS wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverSsl = wolfSSL_new(serverCtx); +#endif #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); #endif @@ -19061,117 +19112,171 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), WOLFSSL_SUCCESS); #endif +#endif #ifdef HAVE_ECC AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), WOLFSSL_SUCCESS); +#endif #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); +#endif #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); +#endif #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); +#endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); +#endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); +#endif AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); +#endif AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); #endif - AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER + AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); +#endif #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); +#endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); +#endif AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif +#endif #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); +#endif #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); @@ -19181,12 +19286,18 @@ static int test_tls13_apis(void) BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), WOLFSSL_SUCCESS); +#endif AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); +#endif AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); @@ -19195,27 +19306,39 @@ static int test_tls13_apis(void) WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), WOLFSSL_SUCCESS); +#endif #ifdef WOLFSSL_EARLY_DATA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0); +#endif AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0); +#endif AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), @@ -19223,9 +19346,13 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), NULL), BAD_FUNC_ARG); +#endif +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), @@ -19234,10 +19361,12 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); +#endif AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); +#ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); @@ -19246,9 +19375,13 @@ static int test_tls13_apis(void) AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG); +#endif +#ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); +#endif +#ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), @@ -19258,17 +19391,26 @@ static int test_tls13_apis(void) sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); #endif +#endif +#ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverSsl); wolfSSL_CTX_free(serverCtx); +#endif +#ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); +#endif #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); +#endif +#ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); +#endif #endif return ret; @@ -19352,7 +19494,11 @@ static void test_DhCallbacks(void) printf(testingFmt, "test_DhCallbacks"); +#ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback); /* load client ca cert */ @@ -19709,7 +19855,9 @@ void ApiTest(void) test_client_wolfSSL_new(); test_wolfSSL_SetTmpDH_file(); test_wolfSSL_SetTmpDH_buffer(); +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_read_write(); +#endif test_wolfSSL_dtls_export(); AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS); AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS); @@ -19750,7 +19898,9 @@ void ApiTest(void) test_wolfSSL_EVP_PKEY_new_mac_key(); test_wolfSSL_EVP_MD_hmac_signing(); test_wolfSSL_CTX_add_extra_chain_cert(); +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_ERR_peek_last_error_line(); +#endif test_wolfSSL_set_options(); test_wolfSSL_X509_STORE_CTX(); test_wolfSSL_msgCb(); diff --git a/tests/unit.c b/tests/unit.c index 0f1e09adba..aef46d9e4b 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -71,11 +71,13 @@ int unit_test(int argc, char** argv) goto exit; } +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED if ( (ret = SuiteTest()) != 0){ printf("suite test failed with %d\n", ret); goto exit; } +#endif #endif SrpTest(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 82d4e2fa63..9c5beadbf7 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1980,7 +1980,7 @@ WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest); -#ifndef NO_WOLFSSL_CLIENT +#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word16* pLength); WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, @@ -2144,9 +2144,9 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second); WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); +#endif WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported); -#endif #endif /* HAVE_SUPPORTED_CURVES */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 713ca514fa..93a5c39043 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2347,7 +2347,6 @@ WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL*, CallbackSessionTicket, void*); #endif /* NO_WOLFSSL_CLIENT */ -#ifndef NO_WOLFSSL_SERVER #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 @@ -2360,6 +2359,8 @@ enum TicketEncRet { WOLFSSL_TICKET_RET_CREATE /* existing ticket ok and create new one */ }; +#ifndef NO_WOLFSSL_SERVER + typedef int (*SessionTicketEncCb)(WOLFSSL*, unsigned char key_name[WOLFSSL_TICKET_NAME_SZ], unsigned char iv[WOLFSSL_TICKET_IV_SZ], From 1db5d6ebd6f9d46d034cc7d0834f75db4d64e41f Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Wed, 13 Jun 2018 09:55:16 -0600 Subject: [PATCH 52/63] fix CAVP self test build with newer raw hash functions --- src/tls.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/tls.c b/src/tls.c index d6e947c196..c47ba18d2f 100644 --- a/src/tls.c +++ b/src/tls.c @@ -852,7 +852,8 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, } -#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) /* Update the hash in the HMAC. * @@ -1163,7 +1164,8 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, #endif -#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || defined(HAVE_BLAKE2) +#if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \ + defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2) /* Calculate the HMAC of the header + message data. * Constant time implementation using normal hashing operations. @@ -1314,7 +1316,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, if (ret == 0) { /* Constant time verification required. */ if (verify && padSz >= 0) { -#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) +#if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) #ifdef HAVE_BLAKE2 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, sz + From 61056829c572d3ce2152dab8ae4fe684839cebfe Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 13 Jun 2018 09:26:54 -0700 Subject: [PATCH 53/63] Added success test cases for domain name match (SNI) in common name and alternate name. --- certs/crl/server-goodaltCrl.pem | 38 ++++++++++++++++ certs/crl/server-goodcnCrl.pem | 38 ++++++++++++++++ certs/test/gen-testcerts.sh | 6 +++ certs/test/include.am | 8 +++- certs/test/server-goodalt.der | Bin 0 -> 933 bytes certs/test/server-goodalt.pem | 74 ++++++++++++++++++++++++++++++++ certs/test/server-goodcn.der | Bin 0 -> 893 bytes certs/test/server-goodcn.pem | 70 ++++++++++++++++++++++++++++++ tests/test.conf | 28 ++++++++++++ 9 files changed, 260 insertions(+), 2 deletions(-) create mode 100644 certs/crl/server-goodaltCrl.pem create mode 100644 certs/crl/server-goodcnCrl.pem create mode 100644 certs/test/server-goodalt.der create mode 100644 certs/test/server-goodalt.pem create mode 100644 certs/test/server-goodcn.der create mode 100644 certs/test/server-goodcn.pem diff --git a/certs/crl/server-goodaltCrl.pem b/certs/crl/server-goodaltCrl.pem new file mode 100644 index 0000000000..1a2a082a4c --- /dev/null +++ b/certs/crl/server-goodaltCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=www.nomatch.com/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + 60:64:8d:80:20:c1:5e:48:cc:61:ba:31:b1:59:13:21:8c:d0: + ff:a3:ed:70:b0:ba:04:67:df:bb:f0:aa:db:71:85:2d:c3:ae: + ab:79:a0:83:68:df:70:f5:85:1a:8e:7c:6d:91:89:a3:af:ae: + 4f:72:05:37:d9:aa:76:a5:86:10:0a:89:7a:d9:06:6a:6b:43: + 51:8c:b3:ce:28:79:0c:70:d0:9a:f7:89:a5:ff:5f:4a:08:2f: + ca:3c:83:3e:d2:74:c1:02:37:f9:5d:e8:10:d2:7a:d1:df:b7: + 13:40:34:2c:c5:61:71:d7:24:79:46:26:f7:b7:6f:b5:05:8a: + 96:d6:a8:89:73:e6:ac:5b:96:df:be:08:6d:2b:2e:da:00:c8: + dc:11:54:c2:b9:f5:80:21:79:98:12:5d:91:bb:54:61:d8:d0: + c1:42:3d:9c:24:d5:11:0e:33:ea:3e:84:66:6e:65:2c:59:c5: + c9:b8:7b:e8:b3:ce:fc:66:d8:cc:68:98:55:9a:ff:54:fe:b0: + 74:1f:d7:cc:af:f8:76:b9:ed:cf:46:07:2e:74:0e:50:b9:e9: + 46:28:22:82:d7:2b:3c:81:81:e8:12:f1:5c:6e:88:ac:c7:c5: + 3c:1d:46:95:ff:9e:fe:7f:38:6c:a6:4d:ac:75:86:d4:4c:8a: + 75:e9:a2:88 +-----BEGIN X509 CRL----- +MIIB3DCBxQIBATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVy +aW5nMRgwFgYDVQQDDA93d3cubm9tYXRjaC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu +Zm9Ad29sZnNzbC5jb20XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2MDI1MVqgDjAM +MAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUAA4IBAQBgZI2AIMFeSMxhujGxWRMh +jND/o+1wsLoEZ9+78KrbcYUtw66reaCDaN9w9YUajnxtkYmjr65PcgU32ap2pYYQ +Col62QZqa0NRjLPOKHkMcNCa94ml/19KCC/KPIM+0nTBAjf5XegQ0nrR37cTQDQs +xWFx1yR5Rib3t2+1BYqW1qiJc+asW5bfvghtKy7aAMjcEVTCufWAIXmYEl2Ru1Rh +2NDBQj2cJNURDjPqPoRmbmUsWcXJuHvos878ZtjMaJhVmv9U/rB0H9fMr/h2ue3P +RgcudA5QuelGKCKC1ys8gYHoEvFcboisx8U8HUaV/57+fzhspk2sdYbUTIp16aKI +-----END X509 CRL----- diff --git a/certs/crl/server-goodcnCrl.pem b/certs/crl/server-goodcnCrl.pem new file mode 100644 index 0000000000..9ebfb08383 --- /dev/null +++ b/certs/crl/server-goodcnCrl.pem @@ -0,0 +1,38 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: /C=US/ST=Montana/L=Bozeman/OU=Engineering/CN=localhost/emailAddress=info@wolfssl.com + Last Update: Jun 13 16:02:51 2018 GMT + Next Update: Mar 9 16:02:51 2021 GMT + CRL extensions: + X509v3 CRL Number: + 1 +No Revoked Certificates. + Signature Algorithm: sha1WithRSAEncryption + b9:a1:1b:20:dd:23:b2:20:e4:b5:97:84:21:44:e6:f1:98:0b: + 6b:30:22:d2:85:8e:11:19:17:e9:8a:0c:4d:cd:12:61:b0:a1: + 62:a0:4a:58:05:e2:b7:ba:50:86:41:8e:46:ae:c5:8a:36:7c: + c8:ea:94:f3:30:53:46:2b:0f:1c:b3:d0:01:f1:ad:47:e1:a8: + 18:65:e1:b2:32:8d:4d:31:32:f3:54:92:39:e3:f2:cc:2d:a1: + 90:f2:51:79:69:c7:f8:28:ac:53:a9:c2:49:a7:d3:b7:cc:cb: + ac:6f:7d:d5:e5:8e:a1:8f:a6:51:8a:e9:b2:43:e6:5b:7e:e8: + dd:19:a0:00:ba:a3:71:ce:33:a2:bb:77:9c:6d:75:89:fd:1a: + 19:da:0a:b4:6a:12:36:e9:cf:e3:83:e1:33:be:41:5b:72:45: + 21:11:69:90:aa:72:f7:09:50:cb:d2:d5:df:63:da:7d:0b:29: + 5e:c1:cf:cc:d5:11:07:40:92:04:6a:3b:8e:0a:7a:5f:12:f3: + 36:d5:fd:af:84:5f:4c:bd:a1:b4:b1:f4:db:d1:03:5a:38:22: + bc:17:7a:ff:39:78:4a:c0:c7:b3:f3:3c:02:84:cd:93:30:5b: + aa:94:11:32:b8:6f:d3:54:7f:16:e8:b4:d7:54:1b:65:2e:7b: + d1:70:bb:e9 +-----BEGIN X509 CRL----- +MIIB1TCBvgIBATANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQGEwJVUzEQMA4GA1UE +CAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJp +bmcxEjAQBgNVBAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm +c3NsLmNvbRcNMTgwNjEzMTYwMjUxWhcNMjEwMzA5MTYwMjUxWqAOMAwwCgYDVR0U +BAMCAQEwDQYJKoZIhvcNAQEFBQADggEBALmhGyDdI7Ig5LWXhCFE5vGYC2swItKF +jhEZF+mKDE3NEmGwoWKgSlgF4re6UIZBjkauxYo2fMjqlPMwU0YrDxyz0AHxrUfh +qBhl4bIyjU0xMvNUkjnj8swtoZDyUXlpx/gorFOpwkmn07fMy6xvfdXljqGPplGK +6bJD5lt+6N0ZoAC6o3HOM6K7d5xtdYn9GhnaCrRqEjbpz+OD4TO+QVtyRSERaZCq +cvcJUMvS1d9j2n0LKV7Bz8zVEQdAkgRqO44Kel8S8zbV/a+EX0y9obSx9NvRA1o4 +IrwXev85eErAx7PzPAKEzZMwW6qUETK4b9NUfxbotNdUG2Uue9Fwu+k= +-----END X509 CRL----- diff --git a/certs/test/gen-testcerts.sh b/certs/test/gen-testcerts.sh index 655dd74923..634b621661 100755 --- a/certs/test/gen-testcerts.sh +++ b/certs/test/gen-testcerts.sh @@ -71,6 +71,12 @@ function generate_test_cert { } +# Generate Good CN=localhost, Alt=None +generate_test_cert server-goodcn localhost "" 1 + +# Generate Good CN=www.nomatch.com, Alt=localhost +generate_test_cert server-goodalt www.nomatch.com localhost 1 + # Generate Good CN=*localhost, Alt=None generate_test_cert server-goodcnwild *localhost "" 1 diff --git a/certs/test/include.am b/certs/test/include.am index c1f4a447d9..fd8bc9e1f0 100644 --- a/certs/test/include.am +++ b/certs/test/include.am @@ -20,9 +20,12 @@ EXTRA_DIST += \ EXTRA_DIST += \ certs/test/gen-testcerts.sh \ + certs/test/server-goodcn.pem \ + certs/test/server-goodcn.der \ + certs/test/server-goodalt.pem \ + certs/test/server-goodalt.der \ certs/test/server-goodcnwild.pem \ certs/test/server-goodcnwild.der \ - certs/test/server-goodcnwild.csr \ certs/test/server-goodaltwild.pem \ certs/test/server-goodaltwild.der \ certs/test/server-badcnnull.pem \ @@ -33,10 +36,11 @@ EXTRA_DIST += \ certs/test/server-badaltnull.der \ certs/test/server-badaltname.der \ certs/test/server-badaltname.pem \ + certs/crl/server-goodaltCrl.pem \ + certs/crl/server-goodcnCrl.pem \ certs/crl/server-goodaltwildCrl.pem \ certs/crl/server-goodcnwildCrl.pem - EXTRA_DIST += \ certs/test/crit-cert.pem \ certs/test/crit-key.pem \ diff --git a/certs/test/server-goodalt.der b/certs/test/server-goodalt.der new file mode 100644 index 0000000000000000000000000000000000000000..7ec7392c99b65c2d952f38bcb5fa5678a03b33a9 GIT binary patch literal 933 zcmXqLVqR#_#MHTfnTe5!iId^f<&7J*m>BU@~cvF6Y~s341_>xxOuo;^U^c(Qd5gE z^U@6^48%a9%sl+%<>h*L`MHTD$r*ad`MHMj2C{HVIT^(SGV{{%9m?}_(u#|7Kne`x z#CZ)Z49pCT4b2RUObw&Nd5sJWj14TI+`-|r)N}fN*S^Vg?5UamdqsNvznD3JrQf?wu|GG} z?|-Xa4Ye@?|#?|Pv4v`8;sukFUv;#+H^gLlT;Uzg-n^?#V09N5jBV!zgT z$5NRXlg;ZG79=12R?i)oQBl0CM`9&Y?)t-$jCwl+9v?g7uqAV`n{j4)-jUtn%Raxj zyS8{wwZ7ukziELydqXxq%#D}Xqg;HEletsmlEBWC!&(;>PV?IH@QPIQ@dXDCCRgyg zm>U>PYcNuty0Cng@TKX+k789%X7L`jOjxpIL#C4x=gS)$dyEw}M<^{{_4>%eXNk>6 zFHO6D^Me1{>rBjy42+8<48#mX*qB3Q1zC6vxSKe0@{<#DGV+T{ki(7}9CnNhQ5=81 zHgPYW-FIQ?B)9tu&vrdM8eVuM|I5wdv^{k<)0U?n*OckKVmvA2bM4>Q_ZwHRFMD@? z=C^{dOW(LfxeM}d?LA`te&)~ZpCb!|9KROHB+3TnDjn_VuJ}>TAozIGvh6P!m_9u3 ze;jaHq5J<=!*kUK*Yz*9Noc%fk{^G;HFy7^%#f&v%i)@F{H@oEAKu<5sp!RagO z1;4+0nj1X9Ajgs`oA+AZYm51NI1m0w*YNrqnQ;GtT!G;0`d>{@754&%EUP)qJB20vxhutZ^Dm6DT&rrlb2&9IahubwTJu@#gwJ0+$ z-B8Ft03^!H!7H>MWfS|c62Gv5BXB(JLf!{p?^ZtfKOwaz=1%EXv# zUdON?`RKQL?#PUa;$=M&E17cFAC_d)+ad7y*cpc{nTy?wGu!iy>=s}4`NiF}#e1st z6}SFP3*^}wviV_dyv!cu;)|Tjog$Y6cBUNGy0CDX*Pe%0q@s^6IB+nzg5Sm5z-U^7 zk@D1q<-3G0O)q{Ft9mkv_poKck}VrDot!vd-r(3{tgtykY5A(xM;<;)Y(9Ev+Wngs z{MTM*VrFDuL=GWta0oFnF#J1xcXnV;__G(?( literal 0 HcmV?d00001 diff --git a/certs/test/server-goodcn.pem b/certs/test/server-goodcn.pem new file mode 100644 index 0000000000..3bcd40ee42 --- /dev/null +++ b/certs/test/server-goodcn.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9494820020802705564 (0x83c46080d236589c) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Validity + Not Before: Jun 13 16:02:51 2018 GMT + Not After : Mar 9 16:02:51 2021 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost/emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 00:fe:cb:dd:9b:51:8c:57:e6:e8:8b:96:92:70:0b:c3:e8:15: + c4:f1:fd:e6:39:c7:f8:d5:0d:8e:ae:f7:27:17:46:e3:fd:70: + 26:24:d3:61:a7:8b:7e:7b:97:f6:21:30:f4:24:f9:c3:22:76: + a6:68:83:40:ce:9d:69:d7:e4:9e:e5:ff:cf:a3:3e:c0:52:a8: + 7e:93:7f:d5:5b:63:37:45:fd:ca:f4:8f:8e:2a:50:ac:80:ce: + 4e:2c:1a:3b:ec:ed:8f:ae:4f:09:54:9d:b1:3f:05:bc:cf:24: + 3f:f4:9a:1d:4d:dc:ba:33:b0:b4:7a:a6:54:38:de:dc:b4:f1: + 27:ce:6f:2c:d0:7e:62:8a:84:af:40:af:d2:2a:1f:40:fe:5e: + 14:9d:05:30:2b:4f:7b:95:86:2d:9b:a9:fb:00:eb:1b:a1:fd: + 0b:67:de:66:9d:e3:b8:3e:e7:8a:b1:7e:38:3f:0e:db:53:c5: + 5d:18:a7:66:49:8e:51:03:3c:6a:cb:fa:1a:ef:83:a7:7b:f2: + 23:f9:fb:7d:30:91:7d:c0:3a:63:b9:89:19:9c:bf:8d:f8:5d: + 4a:9b:a6:48:02:35:f0:19:ea:92:09:8a:78:7a:09:eb:8c:61: + e7:6a:11:85:a9:a6:a6:fb:94:48:ff:86:4e:c1:13:49:13:a5: + 72:b6:25:c8 +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIJAIPEYIDSNlicMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYD +VQQLDAtFbmdpbmVlcmluZzESMBAGA1UEAwwJbG9jYWxob3N0MR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTE4MDYxMzE2MDI1MVoXDTIxMDMwOTE2 +MDI1MVowfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcM +B0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhv +c3QxHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu8rwkMLiVzi9O +1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu64CHlci5vLobY +lXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZaHhzpowYqQJt +r8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1Us+FtXxy8I3PR +CQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT0pdz4l0lyWoN +wzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMBAAEwDQYJKoZI +hvcNAQELBQADggEBAAD+y92bUYxX5uiLlpJwC8PoFcTx/eY5x/jVDY6u9ycXRuP9 +cCYk02Gni357l/YhMPQk+cMidqZog0DOnWnX5J7l/8+jPsBSqH6Tf9VbYzdF/cr0 +j44qUKyAzk4sGjvs7Y+uTwlUnbE/BbzPJD/0mh1N3LozsLR6plQ43ty08SfObyzQ +fmKKhK9Ar9IqH0D+XhSdBTArT3uVhi2bqfsA6xuh/Qtn3mad47g+54qxfjg/DttT +xV0Yp2ZJjlEDPGrL+hrvg6d78iP5+30wkX3AOmO5iRmcv434XUqbpkgCNfAZ6pIJ +inh6CeuMYedqEYWppqb7lEj/hk7BE0kTpXK2Jcg= +-----END CERTIFICATE----- diff --git a/tests/test.conf b/tests/test.conf index fdc2b7f5f2..96f94b7d00 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2247,6 +2247,34 @@ -c certs/client-cert-3072.pem -k certs/client-key-3072.pem +# server good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcn.pem +-d + +# client good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcn.pem +-m + +# server good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodalt.pem +-d + +# client good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodalt.pem +-m + # server good certificate common name wild -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 From 5b2bb44bc896014b5adf376e3cafca72320c7b63 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 13 Jun 2018 20:10:01 -0700 Subject: [PATCH 54/63] Fixes for build with `WOLFSSL_ATECC508A` defined. --- src/ssl.c | 2 ++ tests/api.c | 4 ++-- wolfcrypt/src/ecc.c | 27 ++++++++++++++++++++------- wolfssl/wolfcrypt/ecc.h | 2 +- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ca005eb191..185d4c0327 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -26569,6 +26569,7 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, return WOLFSSL_SUCCESS; } +#ifndef WOLFSSL_ATECC508A /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -26633,6 +26634,7 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, return ret; } +#endif void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p) { diff --git a/tests/api.c b/tests/api.c index faf006ff9e..2010210ee6 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14019,7 +14019,7 @@ static int test_wc_ecc_mulmod (void) { int ret = 0; -#if defined(HAVE_ECC) +#if defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) ecc_key key1, key2, key3; WC_RNG rng; @@ -14086,7 +14086,7 @@ static int test_wc_ecc_mulmod (void) wc_ecc_free(&key3); -#endif +#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */ return ret; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 6bfd210581..8daa52e639 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3291,6 +3291,8 @@ static int wc_ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn, wc_ecc_curve_free(curve); } +#else + (void)curveIn; #endif /* WOLFSSL_ATECC508A */ /* change key state if public part is cached */ @@ -3367,7 +3369,7 @@ int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id) /* populate key->pubkey */ err = mp_read_unsigned_bin(key->pubkey.x, key->pubkey_raw, ECC_MAX_CRYPTO_HW_SIZE); - if (err = MP_OKAY) + if (err == MP_OKAY) err = mp_read_unsigned_bin(key->pubkey.y, key->pubkey_raw + ECC_MAX_CRYPTO_HW_SIZE, ECC_MAX_CRYPTO_HW_SIZE); @@ -3580,7 +3582,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, if (key->devId != INVALID_DEVID) /* use hardware */ #endif { - int keysize = key->dp->size; + word32 keysize = (word32)key->dp->size; /* Check args */ if (keysize > ECC_MAX_CRYPTO_HW_SIZE || inlen != keysize || @@ -3625,6 +3627,7 @@ static int wc_ecc_sign_hash_hw(const byte* in, word32 inlen, err = wc_ecc_sign_hash_ex(in, inlen, rng, key, r, s); } #endif + (void)rng; return err; } @@ -4088,7 +4091,7 @@ int wc_ecc_free(ecc_key* key) return 0; } -#ifndef WOLFSSL_SP_MATH +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_ATECC508A) #ifdef ECC_SHAMIR /** Computes kA*A + kB*B = C using Shamir's Trick @@ -4313,7 +4316,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, } #endif /* ECC_SHAMIR */ -#endif +#endif /* !WOLFSSL_SP_MATH && !WOLFSSL_ATECC508A */ #ifdef HAVE_ECC_VERIFY @@ -4502,7 +4505,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, err = atcatls_verify(hash, sigRS, key->pubkey_raw, (bool*)res); if (err != ATCA_SUCCESS) { return BAD_COND_E; - } + } + (void)hashlen; #else @@ -4735,12 +4739,12 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, #endif /* HAVE_ECC_VERIFY */ #ifdef HAVE_ECC_KEY_IMPORT -#ifndef WOLFSSL_ATECC508A /* import point from der */ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point) { int err = 0; +#ifndef WOLFSSL_ATECC508A int compressed = 0; int keysize; byte pointType; @@ -4871,9 +4875,16 @@ int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, mp_clear(point->z); } +#else + err = NOT_COMPILED_IN; + (void)in; + (void)inLen; + (void)curve_idx; + (void)point; +#endif /* !WOLFSSL_ATECC508A */ + return err; } -#endif /* !WOLFSSL_ATECC508A */ #endif /* HAVE_ECC_KEY_IMPORT */ #ifdef HAVE_ECC_KEY_EXPORT @@ -5906,6 +5917,8 @@ static int wc_ecc_import_raw_private(ecc_key* key, const char* qx, #ifdef WOLFSSL_ATECC508A /* TODO: Implement equiv call to ATECC508A */ err = BAD_COND_E; + (void)d; + (void)encType; #else diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 7554c2963f..54c92aa096 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -122,7 +122,7 @@ enum { /* max crypto hardware size */ #ifdef WOLFSSL_ATECC508A ECC_MAX_CRYPTO_HW_SIZE = ATECC_KEY_SIZE, /* from port/atmel/atmel.h */ - ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2) + ECC_MAX_CRYPTO_HW_PUBKEY_SIZE = (ATECC_KEY_SIZE*2), #elif defined(PLUTON_CRYPTO_ECC) ECC_MAX_CRYPTO_HW_SIZE = 32, #endif From c03c10e1d4a422aeab5845380350ecf656e3af36 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Thu, 14 Jun 2018 14:38:15 -0600 Subject: [PATCH 55/63] move location of wolfSSL_d2i_RSA_PublicKey to fix x509 small build --- src/ssl.c | 8 ++++---- tests/api.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ca005eb191..c9e3ab1371 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -27649,10 +27649,6 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* NO_FILESYSTEM */ -#endif /* !NO_RSA */ -#endif /* OPENSSL_EXTRA */ - -#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len) { WOLFSSL_RSA *rsa = NULL; @@ -27708,6 +27704,10 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) } #endif /* #if !defined(HAVE_FAST_RSA) */ +#endif /* !NO_RSA */ +#endif /* OPENSSL_EXTRA */ + +#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { diff --git a/tests/api.c b/tests/api.c index dbb8ef2b16..8d4d6e1230 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3039,7 +3039,7 @@ static void test_wolfSSL_URI(void) { #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + defined(OPENSSL_EXTRA)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; const char badUri[] = "./certs/client-relative-uri.pem"; From b90fa909ef82179f8b83196f386005f1950d48dc Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 15 Jun 2018 11:40:05 -0600 Subject: [PATCH 56/63] add warning for source of entropy --- wolfcrypt/src/random.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 4f6e5c9515..0a9bafbb73 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -1502,6 +1502,8 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(WOLFSSL_NUCLEUS) #include "nucleus.h" #include "kernel/plus_common.h" + +#warning "potential for not enough entropy, currently being used for testing" int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { int i; From a1295b31484cad56bbab7a15b1908c7561e87f61 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 15 Jun 2018 15:43:42 -0600 Subject: [PATCH 57/63] memory management with test cases --- src/ssl.c | 4 +- tests/api.c | 62 +++++++++++++--------- wolfcrypt/test/test.c | 121 +++++++++++++++++++++++++++--------------- 3 files changed, 118 insertions(+), 69 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 623ba1c9a1..1a34d798f7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -28654,8 +28654,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) return NULL; i = 0; - if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) + if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) { + XFREE(pem, 0, DYNAMIC_TYPE_PEM); return NULL; + } /* TODO: Inefficient * reading in one byte at a time until see "END CERTIFICATE" diff --git a/tests/api.c b/tests/api.c index 783af90bfe..baec67e45b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14651,23 +14651,25 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) /* RSA certs and keys. */ #if defined(USE_CERT_BUFFERS_1024) /* Allocate buffer space. */ - rsaCert = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_1024; XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); - rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_1024; XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); #elif defined(USE_CERT_BUFFERS_2048) /* Allocate buffer */ - rsaCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ rsaCertSz = (word32)sizeof_client_cert_der_2048; XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); - rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)sizeof_client_key_der_2048; XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); @@ -14676,13 +14678,14 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) certFile = fopen(rsaClientCert, "rb"); AssertNotNull(certFile); rsaCertSz = (word32)FOURK_BUF; - rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaCert = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaCertSz = (word32)fread(rsaCert, 1, rsaCertSz, certFile); fclose(certFile); keyFile = fopen(rsaClientKey, "rb"); AssertNotNull(keyFile); - rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)FOURK_BUF; rsaPrivKeySz = (word32)fread(rsaPrivKey, 1, rsaPrivKeySz, keyFile); fclose(keyFile); @@ -14694,26 +14697,28 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) !defined(NO_SHA256) || !defined(NO_SHA512))) #ifdef USE_CERT_BUFFERS_256 - eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccCert = + (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ - eccCertSz = (word32)sizeof_cliecc_cert_der_256; + eccCertSz = (word32)sizeof_cliecc_cert_der_256; XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); - eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); #else /* File system. */ certFile = fopen(eccClientCert, "rb"); AssertNotNull(certFile); eccCertSz = (word32)FOURK_BUF; - eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccCert = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccCertSz = (word32)fread(eccCert, 1, eccCertSz, certFile); fclose(certFile); keyFile = fopen(eccClientKey, "rb"); AssertNotNull(keyFile); eccPrivKeySz = (word32)FOURK_BUF; - eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)fread(eccPrivKey, 1, eccPrivKeySz, keyFile); fclose(keyFile); #endif /* USE_CERT_BUFFERS_256 */ @@ -18654,14 +18659,16 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()"); /* UTC Time test */ - t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(t = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), + NULL, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); - out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(out = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), + NULL, DYNAMIC_TYPE_TMP_BUFFER)); t->data[0] = ASN_UTC_TIME; t->data[1] = ASN_UTC_TIME_SIZE; XMEMCPY(t->data + 2,"050727123456Z",ASN_UTC_TIME_SIZE); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); @@ -18673,7 +18680,7 @@ static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){ t->data[0] = ASN_GENERALIZED_TIME; t->data[1] = ASN_GENERALIZED_TIME_SIZE; XMEMCPY(t->data + 2,"20050727123456Z",ASN_GENERALIZED_TIME_SIZE); - gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); + AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); AssertIntEQ(gtime->data[0], ASN_GENERALIZED_TIME); AssertIntEQ(gtime->data[1], ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data + 2, "20050727123456Z"); @@ -19757,7 +19764,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->intData[2] = 40; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19771,7 +19779,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->intData[2] = 128; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19787,7 +19796,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19802,7 +19812,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 1); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); @@ -19817,7 +19828,8 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() a->negative = 1; ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL); AssertIntEQ(ret, 2); - pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); wolfSSL_i2c_ASN1_INTEGER(a, &pp); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b534468dc1..dc7a749d39 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13009,8 +13009,8 @@ int openssl_test(void) int openSSL_evpMD_test(void) { + int ret = 0; #if !defined(NO_SHA256) && !defined(NO_SHA) - int ret ; WOLFSSL_EVP_MD_CTX* ctx; WOLFSSL_EVP_MD_CTX* ctx2; @@ -13019,45 +13019,56 @@ int openSSL_evpMD_test(void) ret = EVP_DigestInit(ctx, EVP_sha256()); if (ret != SSL_SUCCESS) { - return -7600; + ret = -7600; + goto openSSL_evpMD_test_done; } ret = EVP_MD_CTX_copy(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -7601; + ret = -7601; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -7602; + ret = -7602; + goto openSSL_evpMD_test_done; } ret = EVP_DigestInit(ctx, EVP_sha1()); if (ret != SSL_SUCCESS) { - return -7603; + ret = -7603; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - return -7604; + ret = -7604; + goto openSSL_evpMD_test_done; } ret = EVP_MD_CTX_copy_ex(ctx2, ctx); if (ret != SSL_SUCCESS) { - return -7605; + ret = -7605; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - return -7606; + ret = -7606; + goto openSSL_evpMD_test_done; } if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - return -7607; + ret = -7607; + goto openSSL_evpMD_test_done; } + ret = 0; /* got to success state without jumping to end with a fail */ + +openSSL_evpMD_test_done: EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx2); #endif /* NO_SHA256 */ - return 0; + return ret; } #ifdef DEBUG_SIGN @@ -13078,19 +13089,19 @@ static void show(const char *title, const char *p, unsigned int s) { #define ERR_BASE_PKEY -5000 int openssl_pkey0_test(void) { + int ret = 0; #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA) byte* prvTmp; byte* pubTmp; int prvBytes; int pubBytes; - RSA *prvRsa; - RSA *pubRsa; - EVP_PKEY *prvPkey; - EVP_PKEY *pubPkey; - EVP_PKEY_CTX *enc; - EVP_PKEY_CTX *dec; + RSA *prvRsa = NULL; + RSA *pubRsa = NULL; + EVP_PKEY *prvPkey = NULL; + EVP_PKEY *pubPkey = NULL; + EVP_PKEY_CTX *enc = NULL; + EVP_PKEY_CTX *dec = NULL; - int ret; byte in[] = "Everyone gets Friday off."; byte out[256]; size_t outlen; @@ -13107,8 +13118,10 @@ int openssl_pkey0_test(void) if (prvTmp == NULL) return ERR_BASE_PKEY-1; pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-2; + } #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); @@ -13123,41 +13136,46 @@ int openssl_pkey0_test(void) #else keyFile = fopen(cliKey, "rb"); if (!keyFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", ERR_BASE_PKEY-3); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-3; } prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); fclose(keyFile); keypubFile = fopen(cliKeypub, "rb"); if (!keypubFile) { + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-cert.der, " "Please run from wolfSSL home dir", -4); - XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_PKEY-4; } pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile); fclose(keypubFile); - #endif /* USE_CERT_BUFFERS */ +#endif /* USE_CERT_BUFFERS */ prvRsa = wolfSSL_RSA_new(); pubRsa = wolfSSL_RSA_new(); if((prvRsa == NULL) || (pubRsa == NULL)){ - printf("error with RSA_new\n"); - return ERR_BASE_PKEY-10; + printf("error with RSA_new\n"); + ret = ERR_BASE_PKEY-10; + goto openssl_pkey0_test_done; } ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_PKEY-11; + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-11; + goto openssl_pkey0_test_done; } ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); if(ret != SSL_SUCCESS){ - printf("error with RSA_LoadDer_ex\n"); - return ERR_BASE_PKEY-12; + printf("error with RSA_LoadDer_ex\n"); + ret = ERR_BASE_PKEY-12; + goto openssl_pkey0_test_done; } keySz = (size_t)RSA_size(pubRsa); @@ -13165,37 +13183,43 @@ int openssl_pkey0_test(void) pubPkey = wolfSSL_PKEY_new(); if((prvPkey == NULL) || (pubPkey == NULL)){ printf("error with PKEY_new\n"); - return ERR_BASE_PKEY-13; + ret = ERR_BASE_PKEY-13; + goto openssl_pkey0_test_done; } ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); if(ret != 2){ printf("error with PKEY_set1_RSA\n"); - return ERR_BASE_PKEY-14; + ret = ERR_BASE_PKEY-14; + goto openssl_pkey0_test_done; } dec = EVP_PKEY_CTX_new(prvPkey, NULL); enc = EVP_PKEY_CTX_new(pubPkey, NULL); if((dec == NULL)||(enc==NULL)){ printf("error with EVP_PKEY_CTX_new\n"); - return ERR_BASE_PKEY-15; + ret = ERR_BASE_PKEY-15; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_decrypt_init(dec); if (ret != 1) { printf("error with decrypt init\n"); - return ERR_BASE_PKEY-16; + ret = ERR_BASE_PKEY-16; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_encrypt_init(enc); if (ret != 1) { printf("error with encrypt init\n"); - return ERR_BASE_PKEY-17; + ret = ERR_BASE_PKEY-17; + goto openssl_pkey0_test_done; } XMEMSET(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); - return ERR_BASE_PKEY-18; + ret = ERR_BASE_PKEY-18; + goto openssl_pkey0_test_done; } show("encrypted msg", out, outlen); @@ -13204,7 +13228,8 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); - return ERR_BASE_PKEY-19; + ret = ERR_BASE_PKEY-19; + goto openssl_pkey0_test_done; } show("decrypted msg", plain, outlen); @@ -13212,28 +13237,33 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt_init(dec); if (ret != 1) { printf("error with decrypt init\n"); - return ERR_BASE_PKEY-30; + ret = ERR_BASE_PKEY-30; + goto openssl_pkey0_test_done; } ret = EVP_PKEY_encrypt_init(enc); if (ret != 1) { printf("error with encrypt init\n"); - return ERR_BASE_PKEY-31; + ret = ERR_BASE_PKEY-31; + goto openssl_pkey0_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { - printf("first set rsa padding error\n"); - return ERR_BASE_PKEY-32; + printf("first set rsa padding error\n"); + ret = ERR_BASE_PKEY-32; + goto openssl_pkey0_test_done; } #ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ printf("second set rsa padding error\n"); - return ERR_BASE_PKEY-33; + ret = ERR_BASE_PKEY-33; + goto openssl_pkey0_test_done; } if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { printf("third set rsa padding error\n"); - return ERR_BASE_PKEY-34; + ret = ERR_BASE_PKEY-34; + goto openssl_pkey0_test_done; } #endif @@ -13241,7 +13271,8 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); if (ret != 1) { printf("error encrypting msg\n"); - return ERR_BASE_PKEY-35; + ret = ERR_BASE_PKEY-35; + goto openssl_pkey0_test_done; } show("encrypted msg", out, outlen); @@ -13250,11 +13281,14 @@ int openssl_pkey0_test(void) ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); if (ret != 1) { printf("error decrypting msg\n"); - return ERR_BASE_PKEY-36; + ret = ERR_BASE_PKEY-36; + goto openssl_pkey0_test_done; } show("decrypted msg", plain, outlen); +openssl_pkey0_test_done: + wolfSSL_RSA_free(prvRsa); wolfSSL_RSA_free(pubRsa); EVP_PKEY_free(pubPkey); @@ -13467,9 +13501,10 @@ int openssl_evpSig_test() #else keyFile = fopen(cliKey, "rb"); if (!keyFile) { + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); - XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); return ERR_BASE_EVPSIG-3; } prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); From 0f9063d2a90724584e8703e726884be2c15bd3a1 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 15 Jun 2018 16:14:22 -0600 Subject: [PATCH 58/63] fix for implicit declaration error --- wolfcrypt/test/test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b27e0b51da..e3ad8be2aa 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -43,7 +43,7 @@ #include #include -#ifdef WOLFSSL_TEST_CERT +#if defined(WOLFSSL_TEST_CERT) || defined(ASN_BER_TO_DER) #include #else #include From bade35bd760dd2ecd2234941c8b5843ab4b1df82 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 15 Jun 2018 16:25:09 -0600 Subject: [PATCH 59/63] update return value --- wolfcrypt/test/test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index dc7a749d39..932cf2197f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13287,6 +13287,7 @@ int openssl_pkey0_test(void) show("decrypted msg", plain, outlen); + ret = 0; /* made it to this point without error then set success */ openssl_pkey0_test_done: wolfSSL_RSA_free(prvRsa); @@ -13299,8 +13300,7 @@ openssl_pkey0_test_done: XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif /* NO_RSA */ - return 0; - + return ret; } From c98aca32c486009b21031e71f641531b927ff257 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 15 Jun 2018 17:00:45 -0600 Subject: [PATCH 60/63] static analysis report fixes --- src/ssl.c | 2 +- wolfcrypt/src/asn.c | 4 +++- wolfcrypt/src/pkcs7.c | 1 + 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 1a34d798f7..4bd9e1b5ec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15613,8 +15613,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_RSA_LoadDer_ex(key->rsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); wolfSSL_RSA_free(key->rsa); + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); return NULL; } } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5002960888..d4ebf7b4db 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10885,8 +10885,10 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap); - if (sigSz == WC_PENDING_E) + if (sigSz == WC_PENDING_E) { + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); return sigSz; + } if (sigSz >= 0) { if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 5e7af23dae..bbd85b6085 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -5048,6 +5048,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* go back and check the version now that attribs have been processed */ if ((haveAttribs == 0 && version != 0) || (haveAttribs == 1 && version != 2) ) { + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); WOLFSSL_MSG("Wrong PKCS#7 EncryptedData version"); return ASN_VERSION_E; } From 2fd000532ab5a711d4f83196388db70bd4446e02 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 18 Jun 2018 11:48:45 -0700 Subject: [PATCH 61/63] A length value was set to zero in a situation where the existing value was needed. --- wolfcrypt/src/pkcs7.c | 1 - 1 file changed, 1 deletion(-) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 5e7af23dae..1a53a7eda9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -1864,7 +1864,6 @@ int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) pkcs7->der = (byte*)XMALLOC(len, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->der == NULL) return MEMORY_E; - len = 0; ret = wc_BerToDer(pkiMsg, pkiMsgSz, pkcs7->der, &len); if (ret < 0) return ret; From d3cd0b6b2e15b264975285d959dc697f92a8a7e0 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 18 Jun 2018 16:10:45 -0600 Subject: [PATCH 62/63] disable CRL with additional cn/alt test certs --- tests/test.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/test.conf b/tests/test.conf index 96f94b7d00..2bee587aee 100644 --- a/tests/test.conf +++ b/tests/test.conf @@ -2260,6 +2260,7 @@ -h localhost -A ./certs/test/server-goodcn.pem -m +-C # server good certificate alt name -v 3 @@ -2274,6 +2275,7 @@ -h localhost -A ./certs/test/server-goodalt.pem -m +-C # server good certificate common name wild -v 3 @@ -2288,6 +2290,7 @@ -h localhost -A ./certs/test/server-goodcnwild.pem -m +-C # server good certificate alt name wild -v 3 @@ -2302,3 +2305,4 @@ -h localhost -A ./certs/test/server-goodaltwild.pem -m +-C From d8e278b6b3afe1dbba8a2dff4f519ef5597794f8 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 18 Jun 2018 18:15:26 -0600 Subject: [PATCH 63/63] revert free on sig and add comment --- wolfcrypt/src/asn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d4ebf7b4db..3c74d2f656 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10886,7 +10886,8 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig, MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap); if (sigSz == WC_PENDING_E) { - XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); + /* Not free'ing certSignCtx->sig here because it could still be in use + * with async operations. */ return sigSz; }