Allow encoding and verifying a CMS SignedData whose encapContentInfo
carries no eContent, that is, a signed-attributes-only signature over
empty content (RFC 5652 makes eContent OPTIONAL). This is required for
SCEP CertRep PENDING and FAILURE messages (RFC 8894 section 3.2.2),
which must omit the pkcsPKIEnvelope entirely.
Encode: wc_PKCS7_EncodeSignedData computes the messageDigest over the
empty content when detached is set and contentSz is 0, since there is no
eContent to drive the normal content-hashing pass.
Verify: PKCS7_VerifySignedData no longer rejects an absent eContent when
no external content or hash was supplied. It is processed as a detached
signature over empty content, and wc_PKCS7_VerifyContentMessageDigest
computes the digest of zero-length content using the parsed digest
algorithm. The messageDigest comparison still rejects a stripped
non-empty eContent.
Add pkcs7_signed_no_content_test, a round-trip over a CMS SignedData
whose encapContentInfo carries no eContent (a detached signature over
empty content, signed-attributes-only), as produced by SCEP CertRep
PENDING/FAILURE messages. The encode omits the eContent and the verify
accepts it without any caller-supplied content or hash, checking the
messageDigest against the hash of empty content. Run for RSA/SHA-256.
wolfSSL_EVP_EncodeUpdate did not validate the input length. A large
inl caused the block loop and the residual copy to read far past the
caller's input buffer, and a negative inl was silently treated as
success. Reject negative lengths and lengths whose base64 output would
overflow a positive int before processing any data.
wolfSSL_EVP_EncodeBlock rejected negative input lengths but passed any
large positive length straight to Base64_Encode_NoNl, which read that
many bytes from the caller input buffer and ran past its allocation.
Reject input lengths whose base64 output would overflow a positive int,
which also bounds the read against the caller allocation. The encoded
length is the int return value, so the safe maximum input is
(INT_MAX / 4) * 3.
The RC2 encrypt and decrypt operations used the expanded key schedule
without checking that a key had ever been configured. On a zeroed or
otherwise unkeyed context the ECB ops ran over an all-zero schedule and
returned success, and the CBC wrappers inherited the same behavior, so
a caller who skipped wc_Rc2SetKey received ciphertext under an
unintended key with no error signalled.
Guard wc_Rc2EcbEncrypt and wc_Rc2EcbDecrypt on a zero keylen and return
MISSING_KEY when no key has been set. The CBC wrappers call these and
propagate the error. Mirrors the existing 3DES keySet guard.
Add a regression test covering the unkeyed path for all four ops.
The Camellia encrypt and decrypt operations used the key schedule
without checking that a key had ever been configured. A zeroed or
otherwise unkeyed context has a keySz that does not match 128, 192,
or 256, so the underlying block transform hit the default no-op case
and CBC emitted an easily reversible XOR chain while still returning
success. A caller who forgot wc_CamelliaSetKey received a success
code with effectively unencrypted output.
Add a key-state check that accepts only valid Camellia key sizes and
have wc_CamelliaEncryptDirect, wc_CamelliaDecryptDirect,
wc_CamelliaCbcEncrypt, and wc_CamelliaCbcDecrypt return MISSING_KEY
when no key has been set. Mirrors the existing 3DES keySet guard.
Add a regression test covering the unkeyed and garbage key-size paths.
linuxkm/linuxkm_wc_port.h: strcpy() takes 2 args.
wolfcrypt/src/aes.c: add VECTOR_REGISTERS_PUSH2() and use it to free tmp in smallstack path if the push fails.
AesCbcEncryptBlocks(), AesCbcDecryptBlocks(), and AesCtrEncryptBlocks(), to
fix -Wunused-functions in default build with --enable-aesni under clang.
* in AesCfbDecrypt_C(), add smallstack implementation for fast inner loop on
intelasm/armasm.
cpuid.h — added CPUID_ASIMD flag + IS_AARCH64_ASIMD() macro (NEON detection).
cpuid.c — added NEON/ASIMD detection fixed FreeBSD/OpenBSD to use HWCAP_*
sha256.c — runtime dispatch SHA256-crypto → NEON → software
sha512.c — replaced the #error with the same crypto → NEON → software dispatch.
chacha.c: add AArch64 runtime fallback to C.
poly1305.c: add AArch64 runtime fallback to C.
Fixes
test_tls.c: don't memcpy into buffer if length is too long.
sha256.c: even if data is not NULL, return immediately when length is 0.
wolfcrypt/src/coding.c: in Base64_Decode() and Base64_Decode_nonCT(), check for non-whitespace characters past the end and return ASN_INPUT_E if found;
wolfcrypt/test/test.c: in base64_test(), remove ';' from goodChar[], and add trailing*[] test strings and N_BYTE_TRAILING_TEST(), for positive and negative testing of new checks.
PPC64:
- Added AES-ECB/CBC/CTR/GCM/XTS using crypto instructions
- Added SHA-256/512 using base scalar and crypto instructions
- Added SHA-3 using base scalar and POWER8 VSX
- Added SHA-3 x2/x3 but disabled compilation.
- Added CPU id flags.
- Changed the constant data format to be consistent with other platforms.
PPC32:
- Added AES-ECB/CBC/CTR/GCM/XTS using base scalar
- Added SHA-256/512 using base scalar
- Added SHA-3 using base scalar
Fix Thumb2 Curve25519 asm to do full reduce.
Change ARM32 to simpler carry/overflow processing.
Minor optimizations - use ubfx, no need to move register into temporary, cache value instead of loading again later.
Reduce the register push and pops in Thumb2 generated code.
Fix Thumb2 to have values less than 64 in decimal.
Expose the internal SAN-list helpers as public wc_ APIs so callers can build a
DNS_entry list, encode it into a DER GeneralNames SEQUENCE, and populate a Cert
directly:
- wc_SetDNSEntry() - append a typed alt-name entry to a list
- wc_FlattenAltNames() - encode a list into a buffer (thin wrapper)
- wc_SetAltNamesFromList() - encode a list straight into cert->altNames/Sz
Declarations live in asn.h (they use the DNS_entry type) and are gated by the
existing WOLFSSL_ASN_API export macro; doxygen notes the WOLFSSL_PUBLIC_ASN/
OPENSSL_EXTRA export requirement. Adds a wolfCrypt test covering the success,
NULL-list, NULL-output, BUFFER_E, and Cert paths.