Make logic to avoid masking return error conditionally compiled based on STSAFE configuration
Update logic at second crypto-callback location to return error code rather than mask it
configure.ac: Get rid of v5-RC8, v5-RC9, v5-RC10, v5-RC11, v5-ready, and v5-dev.
v5-ready is now just ready and v5-dev just dev.
IDE/WIN10/user_settings.h: Make the FIPS blocks define HAVE_FIPS. Change WCv5.0
block to WCv5.0-RC12. Change FIPS Ready block to use HAVE_FIPS_VERSION_MINOR 3
instead of HAVE_FIPS_VERSION_MINOR 2.
In async mode, we always store all handshake messages before processing them. The server hello done message has a length of 0 but we still need to store it to process it.
in DtlsMsgNew(), iff WOLFSSL_ASYNC_CRYPT, allow sz==0 allocation, to fix infinite loop in ProcessReplyEx() around DoDtlsHandShakeMsg();
in DtlsMsgAssembleCompleteMessage() restore fix from 0603031362 for pointerOutOfBounds (undefined behavior) construct;
in ProcessReplyEx(), in WOLFSSL_DTLS13 case ack, check and propagate error from DoDtls13Ack() (fix from @guidovranken).
Check size passed to mp_init_size() 1..SP_INT_DIGITS.
More checks of parameters to SP int functions to ensure result is big
enough to hold value calculated.
- Mark old epochs as invalid so we don't attempt to decrypt with them
- Return a non-zero value if possible in unit tests
- Move Dtls13CheckAEADFailLimit to dtls13.c
- Reset state in processreply
wolfSSL_clear: check return from InitSSL_Suites() call.
TLS13: check ClientHello cipher suite length is even.
Silently remove duplicate cipher suites from user input.
Add tests of duplicate cipher suite removal.
Don't define WOLFSSL_HAVE_KYBER unless configured.
Only compile code in ext_kyber.c when WOLFSSL_HAVE_KYBER defined.
Include config.h and settings in ext_kyber.c. This allowed
HAVE_VISIBILITY to be defined.
Cleanup kyber.h.
Handle multiple instances of the same cipher suite being in the server's
list.
Fix client order negotiation of cipher suite when doing pre-shared keys.
- Use wolfSSL API wolfSSL_set_groups() and wolfSSL_CTX_set_groups()
to configure curves list
- This sets ssl->groups and ctx->groups accordingly and makes
TLSX_KEY_SHARE generation respect the selection and precedence.
- Add tests in quic to assert the order of selections.
Fix Small Stack Cache option so that it works with various options
including ALT_ECC_SIZE.
Allow ALT_ECC_SIZE when SP math all or SP math is compiled in.
Cortex-A5 - Cortex-A9 only support 64-bit wide NEON.
Remove use of WOLFSSL_ARM_ARCH_NO_VREV.
Use WOLFSSL_ARM_ARCH_NEON_64BIT to indicate to use 64-bit NEON registers
and not 128-bit NEON registers.
fix bugprone-macro-parentheses in wolfssl/ssl.h;
fix pointerOutOfBounds and declaration-after-statement in src/internal.c DtlsMsgAssembleCompleteMessage().
- Use WOLF_SK_COMPARE_CB() to generate the correct types instead of using void* for the callback parameters.
- Remove WOLFSSL_STACK.comp entirely since it is not used anywhere. Ignore input parameters that used to set this member.
This function would only accept the string "SHA" for SHA-1-based HMAC, but it
should also accept "SHA1." This is similar to how wolfSSL_EVP_get_digestbyname
allows both "SHA" and "SHA1." We didn't have a test for this in api.c. I added
one, and it failed before my fix here.
Don't reserve the full message length of memory. Instead we only allocate memory for the fragments that we have already received. We also dynamically combine memory fragments when we receive overlap.
Change to build assembly code for ARMv7a with NEON instruction set.
./configure -host=armv7a --enable-armasm
Added ARM32 SHA-256 NEON only implementation.
- wire the wc_ChaCha_* implementation into the EVP API
as `wolfSSL_EVP_chacha20`
- follow IV conversions of OpenSSL
- add test case
- have QUIC support use this for header protection when
CHACHA20_POLY1305 has been negotiated in the handshake.
Checking WOLFSSL_MAX_RSA_BITS against SP_INT_BITS even though RSA is
disabled.
/configure --disable-shared --enable-sp --enable-sp-math --disable-rsa
--disable-dh --enable-ecc
Ed25519 and Ed448 make public key APIs now check whether the private key
was set.
The private key and public key flags setting and clearing also updated.
Testing of unset private key and calling make public key added for
Ed25519 and Ed448.
Change to use 64-bits for types stored - use WOLFSSL_32BIT_MILLI_TIME if
a 64-bit type is not available.
TimeNowInMill() returns 0 on error instead of GETTIME_ERROR.
Detect when certificate's RSA public key size is too big and fail on
loading of certificate.
Fix unit test to only attempt to use 3072 bit RSA-PSS keys when
RSA_MAX_SIZE supports it.
* Add test case for OpenSSLs capability to init a evp context partially in several calls.
* EVP handling of CHACHA20_POLY1305 improvment
- save key at ctx for Init()s without IV
- reuse stored key for Init()s with new IV, reusing ctx
- free and zero key on ctx clenaup
* Adding type cast to XMALLOC to force compiler compatibility.
* EVP: using same DYNAMIC_TYPE in alloc and free of chacha20_poly1305 key.
Co-authored-by: Stefan Eissing <stefan.eissing@greenbytes.de>
Add x86_64 assembly code:
- BMI2
- AVX2 (using ymm, slower than BMI2)
- AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
in api.c test_wolfSSL_dtls12_fragments_spammer(), inhibit clang-analyzer-deadcode.DeadStores;
in asn.c ParseCRL_Extensions() old (!WOLFSSL_ASN_TEMPLATE) version, fix bounds check to prevent overshift;
in misc.c ctMaskCopy(), use `*(x + i)`, not x[i], to tiptoe around cppcheck-2.9 objectIndex bug.
P-256/384/521.
New functions:
- sp_ecc_make_key_256_nb
- sp_ecc_make_key_384_nb
- sp_ecc_make_key_521_nb
- sp_ecc_secret_gen_256_nb
- sp_ecc_secret_gen_384_nb
- sp_ecc_secret_gen_521_nb
This commit also tweaks the testing for ECDSA testing in test.c. Instead of
testing with one of P-256/384/521, we test with all that are available.
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
1. In api.c, change the name of the devId global to testDevId.
2. In api.c, for the SNI test, some of the pointers were multiply
typecast eventually to `void **`. An older compiler didn't like
that. Just use void pointer.
Fix handling of counter to support incrementing across all bytes in
ARM32 crypto asm.
Added test cases for wrapping of counter when 2 blocks are being
encrypted to check assembly alternative path.
Verifying gnerated ECC signature in TLS handshake code to mitigate when
an attacker can gain knowledge of the private key through fault
injection in the signing process.
Requires WOLFSSL_CHECK_SIG_FAULTS to be defined.
Fix handling of counter to support incrementing across all bytes in ARM
crypto asm.
Added test cases for wrapping of counter.
Extracted ARM ASM for AES-CTR.
Use ASM to created encrypted temporary block.
- PR #5486 had test failures in tls13.test and quit unit.test
- the extension was no longer added in SessionTicket messages
- added extra parameter to clarify how the TLSX is used
- Optimize memory usage. Write directly to ssl->session->ticket in CreateTicket() and use a hash to make sure the InternalTicket was encrypted.
- DoClientTicket does not fatally error out anymore. Errors in the ticket result in the ticket being rejected instead.
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
- add wolfSSL_CTX_curve_is_disabled() and wolfSSL_curve_is_disabled()
to have common checks on wether a curve has been disabled by user
- add macros returning 0 for above function when OPENSSL_EXTRA is not
defined, enabling use without #fidef check
- add macros for checking if named groups are in a certain range
WOLFSSL_NAMED_GROUP_IS_FFHDE()
WOLFSSL_NAMED_GROUP_IS_PQC()
Fixed QuicTransportParam_free() use without case when compiling
with c++.
* PSA: set AES key bits, define PSA_ALG_NONE/PSA_KEY_ID_NULL if needed
* Zephyr: add TimeNowInMilliseconds() for tls13.c, clock_settime() for test.c, update CMakeLists.txt
* Skip including unistd.h for Zephyr in benchmark.c
* Zephyr: update README, add nRF5340dk support to wolfssl_test sample app
* Zephyr: add wolfCrypt benchmark sample app
* Zephyr: add nRF5340 support to tls_thread sample app
* PSA: use specific hash algo with psa_sign/verify_hash()
* Zephyr: add support for PSA Crypto API with PK callbacks to wolfssl_tls_threaded sample app
* Zephyr: add new files to zephyr/include.am
fix TLS version gating in tests/quic.c;
fix gating in src/ssl.c for wolfSSLv2_client_method() and wolfSSLv2_server_method();
reorganize prototypes in wolfssl/ssl.h for wolf*_method*() to group systematically by protocol version and gate correctly on support for that version in the build.
- new internal field for keeping early data enabled status,
as QUIC does not call SSL_write_early_data() itself.
- using read_/write_early_data() methods in QUIC handshake
when early data is enabled. This triggers the internals
that emit the proper early data indication handlings.
Also:
* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3
Tested with the following commands:
examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
with permutations of SHAKE,AES variants and levels 2,3,5
Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or
X448 only defined.
Don't recognize X25519 or X448 if corresponding define is not set.
Enable test in api.c.
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
added numerous missing _SMALL_STACK code paths (PK objects on the stack);
in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);
fixes for unsafe strcat()s in tests/quic.c;
fix for unsafe macro WOLFSSL_IS_QUIC();
fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);
fix for signed/unsigned clash in wolfSSL_quic_receive().
In test with ngtcp2 example client using openssl, session resumption
against a QUIC wolfssl server failed. The error was tracked down to
wolfSSL believing EaryData needs to be handled and returning SUCCESS
from wolfSSL_SSL_do_handshake() after the server Finished had been
sent.
However the handshake was not complete and ngtcp2 invoked the
post_handshake processing for new data arriving from the client.
This failed a check in post processing that the ssl->handShakeState
actually was HANDSHAKE_DONE.
The workaround in this PR repeats do_handshake until the ssl
state acually says it is complete. This way, session resumption works.
Either this alternative do_handshake() is merged for QUIC protocol
hanlders. Or we need to fix the 'normal' do_handshake() to no return
SUCCESS when early data is expected on a QUIC WOLFSSL.
use camel case not underscores in variable names;
restore use of const int variables for buffer sizes in several spots (for ease of smallstack code paths should they be needed);
use more MISRAish flow control in X509PrintSignature().
also, capture the retval from several more snprintf()s to pass directly to wolfSSL_BIO_write(), avoiding frivolous strlen()s.
fix various possible buffer overruns;
fix various runtime-error-driven memory leaks;
various refactors for efficiency, clarity, and safety, including refactors to eliminate unsafe XSTRNCAT() calls.
wc_CertNew() and wc_CertFree() is for use by ABI type aplications, and
others, for having wolfCrypt perform the new/free of the certification
structure w/o the application needing too, and more importantly, needing
to contain knowledge of the structure.
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
- can be reverted to previous style by defining NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
- QUIC interop testing reveals that at least QUIC stacks refrain from
issuing session tickets unless the ClientHello shows this extension.
The call to FreeAsyncCtx after SendBuffered was added to clean up state when we are ready to advance state. If we do not advance state, then clean up should be handled in the relevant state.
The error is due to the message triggered by the processing of the
message (Connect()->SendTls13Certificate/SendTls13CertificateVerify/SendTls13Verify). Consider
the message processed to avoid double processing.
- Modify all existing tests to return an int. This moves us in the direction of
being able to return error/success from a test rather than just calling abort
when something fails. Also, all tests now have the same signature, so they can
easily be members of an array of test cases.
- Wrap each test in a TEST_CASE struct, which just stores a pointer to the test
function and the name of the test, for now. In the future, other metadata can
be added (e.g. should this test be run/skipped) to TEST_CASE, if desired.
- Modify all tests to return 0 on success. Right now, this doesn't do us much
good because the failure mechanism isn't returning some value != 0, it's
abort.
- Add TestSetup and TestCleanup functions that run before and after each test,
respectively. The former does nothing right now, and the latter clears the
error queue, if the error queue is compiled in.
During post-handshake authentication async code mistakes connect() error code
with the error code of DoTls13CertificateRequest and wrongly rewinds the buffer.
The bug was never triggered because of side effects of ShrinkBuffer (removed in
40cb6e0853)
wolfSSL_ERR_get_error and wolfSSL_ERR_peek_error_line_data should return the
earliest error in the queue (i.e. the error at the front), but prior to this
commit, they returned the latest/most recent one instead.
In DoAlert, we were adding an error to the queue for all alerts. However, a
close_notify isn't really an error. This commit makes it so DoAlert only adds
errors to the queue for non-close_notify alerts. In ReceiveData, similarly, we
were adding an error to the queue when the peer sent a close_notify, as
determined by ssl->error == ZERO_RETURN. Now, we don't add an error in this
case.
Don't assume that the underlying medium of DTLS provides the full message in a
single operation. This is usually true for message-based socket (eg. using UDP)
and false for stream-based socket (eg. using TCP).
Commit changes:
- Do not error out if we don't have the full message while parsing the header.
- Do not assume that the record header is still in the buffer when decrypting
the message.
- Try to get more data if we didn't read the full DTLS header.
Improve not to use forward declaration struct definition
- include ssl.h rather than forward declaration struct to resolve struct name
- to include ssl.h, it needs to avoid cyclic reference for crypt structure. therefore, Sha and Aes definitions are moved to another header file
add wolfCrypt error codes IO_FAILED_E "Input/output failure" and SYSLIB_FAILED_E "System/library call failed";
tests/api.c and tests/unit.c: flush stdout for error message in Fail() macro, add fflush(stdout) after printf()s, print success message at end of unit_test(), and send several error messages to stderr instead of stdout;
wolfcrypt/test/test.c: add fallthrough macro definition of printf() that pairs it with fflush(stdout);
unit.h: in definition of macro AssertPtr(), add PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"");
sp_int.c: refactor several lingering instances of "if (0) { ... }" code pattern to #if 0 ... #endif.
From the man page
If sendto() is used on a connection-mode (SOCK_STREAM, SOCK_SEQPACKET) socket, the arguments dest_addr and
addrlen are ignored (and the error EISCONN may be returned when they are not NULL and 0), and the error
ENOTCONN is returned when the socket was not actually connected.
When in and out aren't the same pointer, for multiples of block size
input:
- generate the counters into the output buffer
- encrypt output buffer
- XOR in the input
Faster than encrypting a block at a time.
On raw import, don't import ordinates that are larger than the curve
size.
On export of compressed point, don't export ordinate if it is larger
than the curve size.
This fixes the following things:
* Memory leaks in SE050 SHA messages
* Add key to SE050 for ECC sign hash function
* Remove circular include
* Correct prototype for `se050_hash_final`
* A few defined check fixes
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
1. Rename _DtlsUpdateWindow() as wolfSSL_Dtls_UpdateWindow() and make
it public so it may be tested.
2. Rename the internal functions DtlsWindowUpdate(), DtlsWindowCheck(),
and DtlsUpdateWindowGTSeq() as _DtlsWindowUpdate() and
_DtlsWindowCheck(), and _DtlsUpdateWindowGTSeq().
3. When updating the DTLS sequence window, and the next sequence
number (lo) wraps to zero, increment the next sequence number (hi)
by 1.
4. Fix an off-by-one error that wrapped around when saving the
packet sequence number in the bit-field window.
5. Adding a test for wolfSSL_DtlsUpdateWindow() function. With many test
cases. It is set up in a table format with running check values.
6. Change location of incrementing the difference when calculating the
location for setting the bit.
7. Updated the check of the sequence difference in the GT scenario.
8. In the DTLS window update functions remove newDiff and just use diff.
9. Handle the cases where the DTLS window crosses the high order word
sequence number change.
10. Add a debug option to print out the state of the DTLS sequence number
window.
In defense against attack, assume the imported public key is not trusted
and check it matches the private key if set.
Added APIs that allow application to explicitly trust public key.
Original APIs default to not trusting public key.
don't enable sp-math-all asm gates when !ENABLED_ASM;
add --with-arm-target to allow selecting thumb or cortex in conjunction with a full --host tuple (e.g. --host=armv6zk-softfloat-linux-gnueabi --with-arm-target=thumb).
1. _WIN64 doesn't have 128-bit type but now can use 64-bit sp_int_digit
when assembly code snippets are being used.
2. Fix sp_div() to support values closer to maximum size.
3. Fix builds to work for more configurations.
4. Have ECC uncompressed code keep intermediate values in range of
maximum (x^3 calculation fixed).
5. Fix configuation.ac's check of FIPS for using signed SP Math All.
Default now not signed as intended.
When HAVE_OID_ENCODING is defined, the named curve OID is encoded rather
than the full OID.
Use SetCurve to get the OID encoding in ASN template implemenation.
FIPS v5-dev follows the non-FIPS default (now sp-math-all);
add -DWC_NO_CACHE_RESISTANT to AM_CFLAGS when $ENABLED_HARDEN != yes;
add ENABLED_BIGNUM sensor and use it in linuxkm math back end assert;
add configuration callout for "Side-channel Hardening" reporting value of $ENABLED_HARDEN.
fasthugemath means turn on fastmath
Use sp_int_digit and not sp_digit in sp_int.c.
test.c needs to use large static buffer when SP Math used like fastmath.
When building static memroy, SP math all without WOLFSSL_SP_NO_MALLOC is
a valid configuration.
Fix freeing of bigint in sp_int.c.
Cast x to a signed value to negate and then back to unsigned. (For
Windows builds.)
Remove warning about empty file on Windows about integer.obj.
Allow RSA verify only and RSA public only to be used with other public
key algorithms.
If building for FIPS, then older versions of RSA and ECC require SP Math
to support negative numbers.
Get old FIPS files building with SP int.
Disallow --enable-sp-math and --enable-sp-math-all.
When just --enable-sp-math on configuration line then disable SP Math
all.
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.
wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.
Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.
This commits add some new options to examples/[server,client] to support testing
of DTLS v1.3.
client: add waitTicket option
If this option is used, the client will wait until it receives a sessionTicket
from the server. This is useful when testing DTLS retransmission.
client: add waitKeyUpdate option
When this option is set, the client waits until the UpdateKey message is
acknowledged by the server. This is useful to test DTLS retransmission logic
This way we can use wolfSSL_Peek() invoked with sz == 0 to process pending
records and, if none of this records is an application data record, we will not
block.
Introduce ACK and retransmission logic, encapsulated in a Dtls13RtxFsm
object. The retransmission or the sending of an ACK is scheduled by setting the
appropriate flag inside the Dtls13RtxFSM object but the actual writing on the
socket is deferred and done in wolfSSL_Accept/Connect.
* Retransmission
Each sent message is encapsulated in a Dtl13RtxRecord and saved on a list. If we
receive an ACK for at record, we remove it from the list so it will be not
retransmitted further, then we will retransmit the remaining
ones. Retransmission is throttled: beside link congestion, this also avoid too
many sequence numbers bounded with a record.
* ACK
For each received record we save the record sequence number, so we can send an
ACK if needed. We send an ACK either if explicitly needed by the flight or if we
detect a disruption.
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
This commit implements the core of the header parsing, building, and the sending
and receiving routines that handle fragmentation and defragmentation.
* In DTLSv1.3 the header used for protected messages is a variable-length header,
and it is described RFC9147 Section 4.
* Fragmentation happens after building the full message, if necessary. If the
underlying I/O can't send a fragment because of a WANT_WRITE error, the sending
of fragments will continue in the next invocation of
wolfSSL_connect/wolfSSL_accept/wolfSSL_write. In this case the message is saved
in a buffer inside the WolfSSL object.
* Defragmentation works like DTLSv1.2 defragmentation, and re-use
most of the same code.
* The Dtls13AddHeaders() function does not add the record layer header, but it
lefts space for it. It is eventually placed by BuildTls13Message() to allow
easier management of sequence numbers.
In DTLSv1.3, because of retransmission and reordering, we may need to encrypt or
decrypt records with older keys. As an example, if the server finished message
is lost, the server will need to retransmit that message using handshake traffic
keys, even if he already used the traffic0 ones (as, for example, to send
NewSessionTicket just after the finished message).
This commit implements a way to save the key bound to a DTLS epoch and setting
the right key/epoch when needed.
as word64 is not always available, introduce an abstract type and companion
operations. They use a word64 if available and fallback on word32[2] otherwise.
Also fixed some small errors during shutdown in benchmarks.
Tested with:
./configure --enable-psk CFLAGS=-DWOLFSSL_STATIC_PSK
make all check
./examples/benchmark/tls_bench
Adds support for embOS memory and mutex functions. Also adds support for
emNET's error codes, it uses a BSD compatible TCP/IP stack for network
functions.
There is no easy native way to detect that you are compiling with emNET
or embOS so these require the user to define WOLFSSL_EMBOS /
WOLFSSL_EMNET.
With PR 5170, I added logic that requires a EVP_CTRL_GCM_SET_IV_FIXED command be
issued before a EVP_CTRL_GCM_IV_GEN command. This matches OpenSSL's behavior.
However, OpenSSL also clears the flag enabling EVP_CTRL_GCM_IV_GEN after
EVP_CTRL_GCM_SET_IV_FIXED if EVP_CipherInit is called with a NULL key.
Otherwise, the flag retains its value. We didn't mirror this logic, and that
caused problems in OpenSSH unit testing. This commit aligns our logic with
OpenSSL's and adds a regression test to test_evp_cipher_aes_gcm for this case.
* PKCS7 should use allocated buffer for RSA.
* PKCS7 small stack typo for `keyAlgArray` size in `wc_PKCS7_AddRecipient_KTRI`.
* Fix for use of `free`, which should be `XFREE` in api.c.
* Cleanup old RSA benchmarking MDK5/WINCE code no longer needed with `WC_DECLARE_ARRAY_DYNAMIC_DEC` and `WC_DECLARE_ARRAY_DYNAMIC_EXE`.
- Fix case where message grouping can make CheckAvailableSize return a WANT_WRITE
- CheckAvailableSize in tls13.c will not return a WANT_WRITE since it only does so for DTLS <=1.2
Testing:
./autogen.sh
./configure --enable-psk
make all check
$ ./examples/server/server -j -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!
$ ./examples/client/client -s -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!
- Async I/O can be turned off with WOLFSSL_NO_ASYNC_IO
- WOLFSSL_ASYNC_IO functionality enabled in SendCertificateVerify() and SendServerKeyExchange() to allow safe re-entry into SendHandshakeMsg()
- Testing size of structs is refactored int WOLFSSL_ASSERT_SIZEOF_GE()
Discovered the AES-GCM flow using this command didn't work in our OpenSSH port.
This commit makes the behavior match OpenSSL and adds testing using known
OpenSSL-generated test vectors to prevent regressions. This was one of those
problems where two ends of a connection would work fine if they were both using
wolfSSL but not if one was using OpenSSL (i.e. OpenSSH interop with AES-GCM
was broken).
1. Add some OIDs used in the Federal PKI Policy Authority standard.
2. Added the SubjectDirectoryAttributes extension to certificate
parsing. (limited to country of citizenship)
3. Rename constant label SUBJECT_INFO_ACCESS to SUBJ_INFO_ACC_OID
4. Added the SubjectInfoAccess extension to certificate parsing.
(limited to one URL)
5. Add the SSH extended key usage flags.
6. Use some of the template changes on the new certificate items.
Change ldrd to either have even first register or change over to ldm
with even first register.
Ensure shift value in ORR instruction has a hash before it.
Don't index loads and stores by 256 or more - make them post-index.
div2 for P521 simplified.
Prior to this commit, if you wanted access to the Finished messages from a
handshake, you needed to turn on the compatibility layer, via one of
OPENSSL_ALL, WOLFSSL_HAPROXY, or WOLFSSL_WPAS. With this commit, defining any
of these causes WOLFSSL_HAVE_TLS_UNIQUE to be defined (a reference to the
tls-unique channel binding which these messages are used for) in settings.h.
This allows a user to define WOLFSSL_HAVE_TLS_UNIQUE to access the Finished
messages without bringing in the whole compat layer.
We should never encounter this bug under normal circumstances. But if we enter
processReplyEx with a wrongly `ssl->options.processReply` set to
`runProcessingOneMessage` we check that we have some data.
This is turned on when `WOLFSSL_HAVE_ISSUER_NAMES` is defined. This allows the
user to inspect various issuer name components (e.g. locality, organization,
etc.) by using these new fields in a `DecodedCert`.
Ignore packet if coming from a peer of a different size *or* from a different
peer. Avoid whole memcmp of sockaddr_in[6] struct because is not portable (there
are optional fields in struct sockaddr_in).
- Do UDP connect only with simulateWantWrite to accommodate macOS that doesn't like sendto being called on connected UDP sockets
- Call wolfSSL_dtls_get_current_timeout only on a DTLS connection
- WANT_WRITE could be returned in unexpected places. This patch takes care of that.
- Change state after SendBuffered only if in a sending state to begin with.
- Adapt client and server to simulate WANT_WRITE with DTLS
Fix the check to see if the cookie has key_share information or not (needed to
reconstruct the HelloRetryRequest). At the moment, it looks like we never send a
cookie without KeyShare extension. Indeed the HelloRetryRequest is sent only
because the client didn't provide a good KeyShareEntry in the first
ClientHello. When we will support DTLSv1.3, the HelloRetryRequest will be used
as a return-routability check and it may be sent without the KeyShare extension.
otherwise statement of the type:
if (condtion)
WOLFSSL_MSG("");
after preprocessing will become:
if (condition)
;
The empty body emits a warning from the compiler.
The wolfCrypt and wolfSSL Python wrappers are maintained in the
wolfCrypt-py and wolfSSL-py trees respectively. The duplicates in this
tree are stale. The content has been checked and any important changes
have been ported over to their respective trees.
This commit allows the examples to perform a bidirectional shutdown also when
using UDP. It is useful to test DTLS retransmission.
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
Allow the user to register a session remove callback with wolfSSL_CTX_sess_set_remove_cb() that will be called when the session is about to be free'd or evicted from cache.
Implement div words for different platforms.
Use implementation not using a divide instruction unless
SP_DIV_WORD_USE_DIV or we know there is a div instruction.
Fix Thumb implementation of div word.
GCM: make borrow constant time.
AES-GCM decrypt: compare at end and constant time.
Random: array_add touchs all elements every time.
RSA-OAEP: look for padding byte in constant time (look at every byte in
array).
SP
- reduce conditional use (make them bit ops)
- Fix point adds to not use double when adding infinity to infinity
- Implement signed div as __divi3 is not constant time.
- Move check sof input variables to API.
Prior to this commit, these were guarded by OPENSSL_EXTRA ||
OPENSSL_EXTRA_X509_SMALL. Adding them into the struct for non-compatibility
layer builds only increases memory usage slightly and is useful for the user.
The test for certificate extensions requires both the test certs option
and the certificate generation option to run. The certs for the test are
generated by wolfCrypt. This disables the extensions test if
certificate generation is disabled.
CBIORecv/Send are only assigned once.
IOCB_ReadCtx/WriteCtx only assigned once.
BuildMessage checks output and input wiht sizeOnly every call - state
machine doesn't cache these.
Renamed alias_tbl variables to something unique.
Other cppcheck fixes.
Also reworked pem_read_bio_key().
* Fix wolfSSL_RSA_public_decrypt() return value to match Openssl
* Add support for EVP_PKEY_verify_init() and EVP_PKEY_verify()
* wpa_supplicant SAE public key functionality requires this function.
* Add DSA support for EVP_PKEY_sign/verify()
* Add ECDSA support for EVP_PKEY_sign/verify()
* Add tests for EVP_PKEY_sign_verify()
* Fix "siglen = keySz" at error cases
* Fix wolfSSL_DSA_do_sign() usage
1. Check wolfSSL_BN_num_bytes() return value
2. Check siglen size
3. Double the siglen
* Check return code of wolfSSL_i2d_ECDSA_SIG() in wolfSSL_EVP_DigestSignFinal()
* Add size calculations to `wolfSSL_EVP_PKEY_sign`
* Add size checks to wolfSSL_EVP_PKEY_sign before writing out signature
* Use wc_ecc_sig_size() to calculate ECC signature size
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
Passing in x=0 and y=0 meant to return ECC_INF_E.
Passing in x=0, y=not 0 or x=not 0, y=0 now checks whether the point is
valid and forces a return of BAD_FUNC_ARG when IS_POINT_E is returned
from check.
- Add support for ASN1_TIME_compare, DH_new_by_nid, OBJ_length, OBJ_get0_data,
and ChaCha20-Poly1305 and HKDF in the EVP layer.
- Map EC_POINT_get_affine_coordinates to
wolfSSL_EC_POINT_get_affine_coordinates_GFp and EC_POINT_set_affine_coordinates
to wolfSSL_EC_POINT_set_affine_coordinates_GFp.
- Add kdf.h compatibility header.
Curve25519: reduce to less than mod at end of curve25519, optimize to
not use imulq when andq can be used instead.
x86_64 Karatsuba Mul: Don't put add carry into overflow and then
continue adding zero. Overflow is lost.
* Fix include.am missing line
* Fix macros
* Add "static" keyword where needed
* Make compatible with MSP430 GCC
* Add MSP430 GCC Makefile
* Fix watchdog issue with GCC, also fixes IAR when large data model is
used
* Fix comment style
* Fix typo in RNG (makes it ever so slightly more random)
* Add example output to README
EC point add is a double if affine ordinates are the same.
Fix AVX2 implementation of mod inv to do conversion from 26 bits in
32-bit registers to 64 bits in 64-bit registers. Also handle negative
value.
RSA OAEP: loop down to last byte. Must have a separator.
Div for x86_64: fix to have all 1s when high word equals divisor.
Allow Chachac20-Poly1305 to take an empty msg.
Allow AES-SIV to have an empty nonce.
Don't allow the length to be malleable. Must use the smallest number of
bytes to represent value.
ECDSA and DSA signature values are positive.
Add Sha512-224 and Sha512-256 OIDs.
ASN template - ensure the ECDSA/DSA signature uses all data.
Curve25519/Curve448 - WOLFSSL_ECDHX_SHARED_NOT_ZERO means shared secret
can't be 0.
Curve25519/Curve448 - check public value is less than order.
ECC - x or y may be zero but not both.
Ed25519/Ed448 - check S is less than order.
Ed448 - ge_p3_dbl can be simplified for ASM.
Prime check (integer.c/tfm.c/sp_int.c): Don't allow negative values and
make sure random candidate doesn't have bits higher than those in a set
when bits not a multiple of 8.
RSA: support Sha512-224 and Sha512-256.
RSA: Fix check for invalid in decryption. Affects plaintexts 256 bytes
and longer.
RSA: Don't allow base be larger than modulus.
RSA: Check small ciphertext (1 or 0) on decrypt when not using OAEP.
RSA: WOLFSSL_RSA_DECRYPT_TO_0_LEN allows decrypted value to be 0.
SP math all: fix div to handle large a and d when checking size of
remainder.
SP math all: set sign of result in sp_mod_2d()
Added a test for the TLSv1.3 KDF to the wolfcrypt test. It uses 6
different test cases from the CAVP tests. A set of 8 session keys are
generated using multiple exporters.
Prior to this commit, this function used XMKTIME (mktime) to convert the
passed in WOLFSSL_ASN1_TIMEs to Unix timestamps. On platforms where time_t is
32 bits long, times after the year 2038 can't be represented with this type. To
fix this, we need to not use XMKTIME. With this commit, the static function
time2epoch is added to ssl.c, which uses the date time information to compute
seconds since the Unix epoch without the use of mktime. It returns the seconds
as a long long. This is sufficient to make the function work for years > 2038 on
the platform of the user who discovered this problem in the first place (Yocto
Linux on ARMv7).
- Previously, this function would round up the requested bits to the next
multiple of 8. With this commit, the function returns a number of exactly the
number of bits requested, which is the same behavior as OpenSSL. This problem
was discovered by a user using the compatibility layer with OpenSSH's ssh-keygen
utility.
- This function now respects the top and bottom parameters.
- Improved unit testing.
# Description
This is a replacement to https://github.com/wolfSSL/wolfssl/pull/4989, per the [comment](https://github.com/wolfSSL/wolfssl/pull/4989#issuecomment-1080998040)
Overhauled `win_setup.bat` for more robust and flexible install of wolfSSL to ESP-IDF `component` directory.
Functionally, there are no significant changes. However this version:
- more verbose output
- show directories used
- more error checking
- check for existing wolfSSL component; prompt to purge or update
- save and optionally re-use `config.h` and `user_settings.h`
- optionally target an alternate ESP-IDF path (useful for VisualGDB)
- offer tips and reminders upon completion
# Testing
Tested on Windows 10 with both ESP-IDF command prompt and stand-alone DOS prompt (e.g. for VisualGDB)
# Checklist
- [ ] added tests
- [ ] updated/added doxygen
- [ ] updated appropriate READMEs
- [ ] Updated manual and documentation
cc: @dgarske
Change Karatsuba implementations for x86_64.
Fix ECC code to better handle corner cases.
Add 'lower' versions of functions wehn an input is known to be less than m.
Add mont_add/dbl/tpl/sub for P384.
Change ECC point add to be cache-attack resistant.
Change mod_exp to be cache-attack resistant.
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44);
fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);
src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;
scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
`WOLFSSL_ERROR_CODE_OPENSSL` breaks ABI compatiblity due to changing the expected return code. Let's only do this when building with the full compatibility layer.
- use the `WOLFSSL_BUF_MEM` struct to resize the internal memory buffer
- add a `WOLFSSL_BIO_RESIZE_THRESHOLD` define that will be used to determine how often to shrink the internal buffer. This should cut down on the number of free/malloc calls made significantly. This should help with our inefficient 1 byte reads in `loadX509orX509REQFromPemBio`.
- implement `wolfSSL_BUF_MEM_resize` which allows bi-directional buffer size manipulation
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
Recommend using `wolfSSL_get1_session` and `NO_SESSION_CACHE_REF` for session resumption purposes. `wolfSSL_get_session` should not be used unless to inspect the current session object.
When WOLFSSL_PSK_MULTI_ID_PER_CS is defined, multiple identities can be
returned for a cipher suite.
The first byte of the identity is the count of identites that have been
seen so far for the cipher suite.
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
This function should not error out if one of the passed in times is the Unix
epoch. This amounts to erroring out when the XMKTIME returns < 0, rather than
<= 0.
1. Remove the v3 FIPS build from configure and automake. This was for
the old FIPS Ready build, which is now fixed to the certificate 3389
configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
getting reenabled later in the configure.
The following config would fail `../configure --enable-opensslall CFLAGS="-DOPENSSL_COMPATIBLE_DEFAULTS" && make -j check`. This is because `test-fails.conf` `ECC no signer error` test expects a failure while the ECC CA was being added as a trusted cert due to `OPENSSL_COMPATIBLE_DEFAULTS`.
We defined these codes to values that didn't match those in OpenSSL. This is a
problem if a user is porting code from OpenSSL to wolfSSL that uses hardcoded
versions of these values. While the user's code should be fixed to not use
hardcoded values, we can make the port smoother by syncing the values up.
in scripts/tls13.test, use fips-compatible server-side cipher suite for "TLS v1.3 cipher suite mismatch" test, and modernize some syntax;
in configure.ac, omit earlydata from enable-all when asynccrypt, pending fix;
also in configure.ac, fix AC_CHECK_DECLS()-overriding-AC_CHECK_FUNCS() kludge, to fix CPPFLAGS=-std=c99 builds.
The pending check was forcing a `WOLFSSL_CBIO_ERR_WANT_WRITE` return even though the underlying socket was closed and `WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY` was not set. The `wolfSSL_BIO_ctrl_pending(ssl->biord) == 0` is old and I can't find a reason to keep checking it. I left it just in the case where there is output data pending.
Need to right shift number down when hash is more than 521 bits.
Previously handled at a byte level and now at bit level.
Always return err from sp_*_ecc_mulmod_add_only_*().
When ECC add and double points are public and only have SP
implementation, check that the point ordinates are the right size.
Like other i2d functions, these functions should be able to take a NULL output
parameter and return the necessary output buffer size. This commit adds this
ability. This commit also removes some redundant code in wolfSSL_i2d_X509_NAME.
cert_asn1_test was constructing a BER encoding of a certificate that
didn't have all the components. It was trying to test putting in a bad
OID in the certificate name.
The original ASN.1 parsing code stopped at the bad name. ASN.1 template
code does the whole structure and then digs into the name.
A complete certificate should have always been used.
Currently, it only supports ECC, which is all we need it for for the OpenSplice
port we're working on. In the ECC case, all it needs to do is set the group
appropriately. The logic is very similar to `wolfSSL_EVP_PKEY_keygen`, minus
the final step of actually generating the key.
`wolfSSL_CTX_up_ref` is a small and potentially useful API for users so it doesn't need to be restricted only to the compatibility layer. The reference counting mechanisms are always available anyway. This just exposes the functionality to the user.
Before this pull request, `wolfSSL_get_session` always returned a pointer to the internal session cache. The user can't tell if the underlying session hasn't changed before it calls `wolfSSL_set_session` on it. This PR adds a define `NO_SESSION_CACHE_REF` (for now only defined with `OPENSSL_COMPATIBLE_DEFAULTS`) that makes wolfSSL only return a pointer to `ssl->session`. The issue is that this makes the pointer returned non-persistent ie: it gets free'd with the `WOLFSSL` object. This commit leverages the lightweight `ClientCache` to "increase" the size of the session cache. The hash of the session ID is checked to make sure that the underlying session hasn't changed.
- Adding and getting sessions to and from the local cache is now atomic.
- The new internal `wolfSSL_GetSessionFromCache` requires a destination object to be supplied when retrieving from the cache so that items can be retrieved independently from the cache. For most existing calls, the destination is `ssl->session`.
-`PREALLOC_SESSION_TICKET_LEN` defines how much memory is temporarily allocated for the ticket if it doesn't fit in the static session buffer.
- New/Implemented API
- `SSL_has_pending`
- `wolfSSL_CertManagerLoadCRLFile`
- `wolfSSL_LoadCRLFile`
- `wolfSSL_CTX_LoadCRLFile`
- `wolfSSL_CTX_add_session`
- Calling chain certificate API (for example `wolfSSL_CTX_use_certificate_chain_file`) no longer requires an actual chain certificate PEM file to be passed in as input. `ProcessUserChain` error in `ProcessBuffer` is ignored if it returns that it didn't find a chain.
- Add `WOLFSSL_TICKET_HAVE_ID` macro. When defined tickets will include the original session ID that can be used to lookup the session in internal cache. This is useful for fetching information about the peer that doesn't get sent in a resumption (such as the peer's certificate chain).
- Add `ssl->ticketSessionID` field because `ssl->session.sessionID` is used to return the "bogus" session ID sent by the client in TLS 1.3
- `OPENSSL_COMPATIBLE_DEFAULTS` changes
- Define `WOLFSSL_TRUST_PEER_CERT` and certificates added as CA's will also be loaded as trusted peer certificates
- Define `WOLFSSL_TLS13_MIDDLEBOX_COMPAT`
- Seperate `internalCacheOff` and `internalCacheLookupOff` options to govern session addition and lookup
- `VerifyServerSuite` now determines if RSA is available by checking for it directly and not assuming it as the default if static ECC is not available
- `WOLFSSL_SESSION` changes
- `ssl->extSession` added to return a dynamic session when internalCacheOff is set
- `ssl->session.refPtr` made dynamic and gets free'd in `SSL_ResourceFree`
- If `SSL_MODE_AUTO_RETRY` is set then retry should only occur during a handshake
- `WOLFSSL_TRUST_PEER_CERT` code now always uses `cert->subjectHash` for the `cm->tpTable` table row selection
- Change some error message names to line up with OpenSSL equivalents
- Run `MatchSuite` again if certificate setup callback installed and successful
- Refactor clearing `ASN_NO_PEM_HEADER` off the error queue into a macro
- `wolfSSL_get_peer_certificate` now returns a duplicated object meaning that the caller needs to free the returned object
- Allign `wolfSSL_CRYPTO_set_mem_functions` callbacks with OpenSSL API
- `wolfSSL_d2i_PKCS12_bio` now consumes the input BIO. It now supports all supported BIO's instead of only memory BIO.
- stunnel specific
- Always return a session object even if we don't have a session in cache. This allows stunnel to save information in the session external data that will be transfered to new connections if the session is reused
- When allocating a dynamic session, always do `wolfSSL_SESSION_set_ex_data(session, 0, (void *)(-1)`. This is to mimic the new index callback set in `SSL_SESSION_get_ex_new_index`.
- Fix comment in `wolfSSL_AES_cbc_encrypt`
- Trusted peer certificate suite tests need to have CRL disabled since we don't have the issuer certificate in the CA store if the certificates are only added as trusted peer certificates.
tested
When exponent bit length is a multiple of the window size and the top
word has only window bits in it, then n is shifted down by an undefined
value (size of a word). The n value is not used after this.
Check for this condition and don't attempt to shift n.
Found with the configuration running the unit test through valgrind.
% ./configure CFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST \
--enable-all --disable-fastmath --enable-debug --disable-shared
1. ssl.c: In wolfSSL_DSA_generate_key(), we initialize (and allocate)
all the parameters in the key (p, q, g, x, y), and then we generate a
key, initializes (and allocates) x and y, again. mp_clear them
first.
2. evp.c: When printing public keys, the temporary mp_int wasn't getting
correctly freed.
3. evp.c: When printing public keys, modified the utility functions to
return once with a do-while-0 loop.
A sizeof wasn't dereferencing a pointer using the sizeof the pointer and
not the actual struct. This is limited to setting the key for an AES
operation only when using SILABS SE2 acceleration.
Improve performance for ECC curves when all bits in words are used (mask
is 0).
On 64-bit platforms, improves performance for 256 and 384 bit curves.
On 32-bit platforms, improves performance for 224, 256, 384 bit curves.
pskNegotiated field added to indicate Session Ticket or PSK negotiated.
peerAuthGood field added to indicate that any require peer
authentication (certificate, if required, or PSK) have been performed.
in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);
in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);
in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
Cortex builds needed # before number. Arm32 works with or without.
Thumb div_word needed to shift up if divisor too small (like other ARM
implementations).
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.
The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.
ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
* whitespace in src/ssl.c, tests/api.c, wolfssl/openssl/fips_rand.h.
* clang-analyzer-core.StackAddressEscape from llvm-15 clang-tidy, in tests/suites.c:execute_test_case().
* bugprone-suspicious-memory-comparison from llvm-15 clang-tidy, in src/internal.c:DoSessionTicket() and src/ssl.c:wolfSSL_sk_push().
Currently, wolfssl.vcxproj and IDE/WIN10/wolfssl-fips.vcxproj do not use the
same scheme for their output and intermediate directories. Further, across
configuration/platform combinations, wolfssl.vcxproj isn't consistent, either.
For example:
```
Release|x64
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Platform)\$(Configuration)\obj\
Release|Win32
OutDir: $(SolutionDir)$(Configuration)\
IntDir: $(Configuration)\obj\
```
This commit makes every configuration/platform combo for all Visual Studio
projects follow the same pattern:
```
OutDir: $(SolutionDir)$(Platform)\$(Configuration)\
IntDir: $(Configuration)\$(Platform)\$(ProjectName)_obj\
```
The `$(ProjectName)_obj` piece gets rid of a Visual Studio warning about not
mingling the intermediate objects of disparate builds.
ASM code is dividing by top half of divisor. If this value is very small
then bad results are calculated.
Moved the divisor up by a quarter of the width if top quarter of divisor
is 0.
In `wolfSSL_EVP_CipherInit`, `ctx`'s `ivSz` field isn't being accounted for.
A common OpenSSL EVP AES-GCM flow looks like this:
- `EVP_CIPHER_CTX_new`
- `EVP_EncryptInit_ex`
- `EVP_CIPHER_CTX_ctrl` with command `EVP_CTRL_GCM_SET_IVLEN` to set the IV
length to 16 (AES block size) instead of the default 12
- `EVP_EncryptInit_ex` again to set the key and IV
- `EVP_EncryptUpdate` however many times
- `EVP_EncryptFinal`
In fact, we test this flow in our unit test `test_wolfssl_EVP_aes_gcm`. However,
in our implementation, the second call to `EVP_EncryptInit_ex` unconditionally
resets the IV length back to 12. This doesn't cause a test failure because
decryption has the same problem, so both sides of the equation have the same
wrong view of the IV.
The solution is to preserve the IV length in wolfSSL_EVP_CipherInit if ctx->ivSz
is non-zero. Otherwise, use the default of 12 (`GCM_NONCE_MID_SZ`).
This was discovered by a user migrating to the compatibility layer. As I
mentioned, it isn't exposed by our testing. It is exposed if you try to use the
same key and IV with OpenSSL and compare the resulting ciphertext with wolfSSL.
They won't be the same and thus won't interoperate.
At the start of this function, it attempts to find an ALPN extension in the
ssl object's extensions with `TLSX_Find`. If an ALPN select callback has been
set (i.e. via `wolfSSL_CTX_set_alpn_select_cb`), that gets called next. If that
callback finds a match, it removes all existing ALPN extensions found in the
ssl object. It then uses the new protocol name like this:
```
if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
== WOLFSSL_SUCCESS) {
if (extension == NULL) {
extension = TLSX_Find(ssl->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
}
}
```
The bug is exposed if `extension` is not NULL, i.e. it was found on that initial
`TLSX_Find` call. `extension` is not NULL but it now points to garbage because
all the old ALPN extensions were just removed. It won't have it's value assigned
to the new extension that just got pushed via `TLSX_UseALPN` because of this
NULL check. This results in a segfault later in the function.
The solution is to remove the NULL check and always update `extension` after the
`TLSX_UseALPN` call.
This bug was discovered by a customer when using nginx + wolfSSL. I was able to
reproduce locally with curl acting as the client
Add `WOLFSSL_KEYGEN` option and override enable when `WOLFTPM` is
enabled
Also major reduction of variables for help messages. Override only
updates `VALUE`
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
Fixups from updating scripts that generate the files.
Include settings.h for ARM32 assembly.
ARM32 SHA-512 ASM has only one function, Transform_Sha512_Len(). The
implementation is dependent on defines.
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
subjectCN and publicKey in a DecodedCert are needed by the certificate
store in some cases. For embedded, allow them to be allocated even with
WOLFSSL_NO_MALLOC defined.
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
otherwise if profile_str_len is > strlen(gSrtpProfiles[i].name) we end up
comparing memory past gSrtpProfiles[i].name. -fsanitize=address catches this:
```
==100159==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f40d8d533b2 at pc 0x7f40d8eb014f bp 0x7f40d50fe240 sp 0x7f40d50fd9e8
READ of size 21 at 0x7f40d8d533b2 thread T107
#0 0x7f40d8eb014e in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
#1 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
#2 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
#3 0x7f40d8c2e830 in DtlsSrtpFindProfile src/ssl.c:1310
#4 0x7f40d8c2e9ed in DtlsSrtpSelProfiles src/ssl.c:1347
#5 0x7f40d8c2eada in wolfSSL_CTX_set_tlsext_use_srtp src/ssl.c:1359
#6 0x563bf381b4c5 in server_test examples/server/server.c:2278
#7 0x7f40d88f0258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
#8 0x7f40d88195e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)
```
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
Fixed a lot of shadowed global values. Some were prototype and function
declaration parameter name conflicts. Some conflicted with typenames.
Some conflicted with globals in libc.
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.
Fixes ZD13476
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
Directive needed on Apple to indicate SHA3 extensions available.
Fixup C file as well - remove unused constants not avaiable and
prototype function that is extern elsewhere.
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
Fixup up formatting.
Fix comments.
Aarch64: don't use variable r when hi can be used.
ARM 32-bit: Add a version that uses udiv - not available on all chips
and can be slower anyway.
linuxkm: when -DWOLFCRYPT_ONLY, don't include ssl.h in module_exports.c.template and module_hooks.c, and fix gating to work right with that;
wolfssl/wolfcrypt/types.h: add support for a WOLFSSL_XFREE_NO_NULLNESS_CHECK gate (used in cppcheck analysis).
Increasing cmake version required to allow use of more recent
additions in the future.
Reported issue is that Homebrew use different compiler than AppleClang
(from XCode). Correctly test for AppleClang to set xcode specific `ar`
and `ranlib` flags. It may also be appropraite to use for ANDROID as
well see
7d057b2738 (diff-6f7a068f87ca22bd0105fef2143b0960e4993854863fd20c9416c677ee33a737R61-R67)
* Flow control failed on wrap around when there is going to be no more
flow control packets.
* If ISOTP_Send is provided more than 4095 bytes, limit it to 4095 bytes
as wolfSSL will retry with the rest.
* Set the default receive size to the max ISO-TP data size.
* A few other cleanups.
ISO-TP is a commonly used simple transport layer for CAN bus which
allows larger than the 1-8 bytes payload than the CAN bus protocol
allows.
This implements our own ISO-TP transport layer for wolfSSL when compiled
with `WOLFSSL_ISOTP`.
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
When `OPENSSL_COMPATIBLE_DEFAULTS` is defined then `SSL_MODE_AUTO_RETRY` is set on context creation. For this test we need to clear this mode so that the `WOLFSSL_CBIO_ERR_WANT_READ` can propagate up to the user.
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
Currently, the `ParseCert` function is only available if `WOLFSSL_ASN_API` is
defined to `WOLFSSL_API`. The only way to achieve this without enabling the
compatibility layer is to define `WOLFSSL_TEST_CERT`. There are users defining
this so that they can parse certs with wolfCrypt, even though this doesn't seem
to be the original intent of the define. This commit adds the function
`wc_ParseCert` to the public wolfCrypt API. It's simply a wrapper around
`ParseCert`. Similarly, this commit adds `wc_InitDecodedCert` and
`wc_FreeDecodedCert` to the public API, which are wrappers around
`InitDecodedCert` and `FreeDecodedCert`, respectively.
- Tested with a different SIM:
- 16bit IDs
- Directly retrieving public key from keygen function
- larger response buffers (up to 256 bytes in ReadFile)
- Fixed hardcoded length in ID buffers
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.
On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.
int main(void)
{
ASN1_INTEGER *a;
long val;
int ret;
a = ASN1_INTEGER_new();
val = 0x7fffffff;
ret = ASN1_INTEGER_set(a, val);
if (ret != 1) {
printf("ret=%d\n", ret);
}
if (ASN1_INTEGER_get(a) != val) {
printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
}
ASN1_INTEGER_free(a);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
./configure --with-liboqs --enable-all --disable-psk --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm CFLAGS="-O3"
Yeilds the following erorr:
src/internal.c: In function ‘DoServerKeyExchange’:
src/internal.c:24487:28: error: ‘sigAlgo’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
24487 | if (sigAlgo == ed448_sa_algo &&
| ^
This fixes it.
Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
## Vulnerabilities
* [Med] Denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin.
## New Feature Additions
* Add support for non-blocking ECC key gen and shared secret gen for P-256/384/521
* Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
* Port to NXP RT685 with FreeRTOS
* Add option to build post quantum Kyber API (--enable-kyber)
* Add post quantum algorithm sphincs to wolfCrypt
* Config. option to force no asm with SP build (--enable-sp=noasm)
* Allow post quantum keyshare for DTLS 1.3
## Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve `wc_SetCustomExtension` documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
* Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading of certificate
## Fixes
* Fix for async with OCSP non-blocking in `ProcessPeerCerts`
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
* Fix DTLS 1.3 do not negotiate ConnectionID in HelloRetryRequest
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
# wolfSSL Release 5.5.0 (Aug 30, 2022)
Note:
** If not free’ing FP_ECC caches per thread by calling wc_ecc_fp_free there is a possible memory leak during TLS 1.3 handshakes which use ECC. Users are urged to confirm they are free’ing FP_ECC caches per thread if enabled to avoid this issue.
Release 5.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
## Vulnerabilities
* [Low] Fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users doing operations with private ECC keys such as server side TLS connections and creating ECC signatures, who also have hardware that could be targeted with a sophisticated Rowhammer attack should update the version of wolfSSL and compile using the macro WOLFSSL_CHECK_SIG_FAULTS. Thanks to Yarkin Doroz, Berk Sunar, Koksal Must, Caner Tol, and Kristi Rahman all affiliated with the Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute for the report.
* [Low] In wolfSSL version 5.3.0 if compiled with --enable-session-ticket and the client has non-empty session cache, with TLS 1.2 there is the possibility of a man in the middle passing a large session ticket to the client and causing a crash due to an invalid free. There is also the potential for a malicious TLS 1.3 server to crash a client in a similar manner except in TLS 1.3 it is not susceptible to a man in the middle attack. Users on the client side with –enable-session-ticket compiled in and using wolfSSL version 5.3.0 should update their version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin.
* [Low] If using wolfSSL_clear to reset a WOLFSSL object (vs the normal wolfSSL_free/wolfSSL_new) it can result in runtime issues. This exists with builds using the wolfSSL compatibility layer (--enable-opnesslextra) and only when the application is making use of wolfSSL_clear instead of SSL_free/SSL_new. In the case of a TLS 1.3 resumption, after continuing to use the WOLFSSH object after having called wolfSSL_clear, an application could crash. It is suggested that users calling wolfSSL_clear update the version of wolfSSL used. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin.
* Potential DoS attack on DTLS 1.2. In the case of receiving a malicious plaintext handshake message at epoch 0 the connection will enter an error state reporting a duplicate message. This affects both server and client side. Users that have DTLS enabled and in use should update their version of wolfSSL to mitigate the potential for a DoS attack.
## New Feature Additions
* QUIC support added, for using wolfSSL with QUIC implementations like ngtcp2
* SE050 port additions and fixes
* Added support for Dilithium post quantum algorithm use with TLS
* Support for RSA-PSS signed certificates
* Support for Infineon AURIX IDE
* Add Zephyr support for nRF5340 with CryptoCell-312
## Enhancements
* Expanded ABI support by 50 APIs to include wolfCrypt and Certificates making a total of 113 ABIs controlled and maintained
* DTLS 1.3 partial support for ConnectionID as described by RFC9146 and RFC9147
* Added support for X509_CRL_print function
* Remove deprecated algorithms in Renesas cs+ project
* Support more build options disable/enable with i.MX CAAM build
* wolfSSL_CTX_set_options and wolfSSL_CTX_get_options functions added to non compatibility layer builds
* TFM: change inline x86 asm code to compile with clang
* Improvements to error queue and fix for behavior of wolfSSL_ERR_get_error
* scripts/makedistsmall.sh script added for creating a small source/header only package
* TLS 1.3: restrict extension validity by message, Extensions ServerName, SupportedGroups and ALPN must not appear in server_hello
* Add liboqs integration to CMake build system
* Adds wolfSSL_PEM_read_RSAPrivateKey() to the OpenSSL compatible API
* Added support for P384 pre-share in bundled example server
* Replace clz assembly instruction in ARM 32 builds when not supported
* Integrate chacha20-poly1305 into the EVP interface
* Additional validation that extensions appear in correct messages
* Allow SAN to be critical with ASN template build
* Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or X448 only defined
* Adds wolfSSL_PEM_read_RSA_PUBKEY() to the OpenSSL compatible API
* Match OpenSSL self signed error return with compatibility layer build
* Added wolfSSL_dtls_create_peer and wolfSSL_dtls_free_peer to help with Python and Go wrappers for DTLS
## Fixes
* DTLS 1.3 asynchronous use case fixes
* Fix handling of counter to support incrementing across all bytes in ARM crypto asm
* Fixes for ED25519/ED448 private key with public key export (RFC8410)
* Fix for build with NO_TLS macro
* Fix for write dup function to copy over TLS version
* Fix to handle path lengths of 0 when checking certificate CA path lengths
* Fix for CMake not installing sp_int.h for SP math all
* When WOLFSSL_VALIDATE_ECC_IMPORT is defined ECC import validates private key value is less than order
* PSA crypto fixes
* Fix for not having default pkcs7 signed attributes
* DTLS socket and timeout fixes
* SP int: exptmod ensure base is less than modulus
* Fix for AddPacketInfo with WOLFSSL_CALLBACKS to not pass encrypted TLS 1.3 handshake messages to callbacks
* Fix for sniffer to ensure the session was polled before trying to reprocess it
# wolfSSL Release 5.4.0 (July 11, 2022)
Note:
** Future releases of wolfSSL will turn off TLS 1.1 by default
** Release 5.4.0 made SP math the default math implementation. To make an equivalent build as –disable-fastmath from previous versions of wolfSSL, now requires using the configure option –enable-heapmath instead.
Release 5.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
## Vulnerabilities
* [High] Potential for DTLS DoS attack. In wolfSSL versions before 5.4.0 the return-routability check is wrongly skipped in a specific edge case. The check on the return-routability is there for stopping attacks that either consume excessive resources on the server, or try to use the server as an amplifier sending an excessive amount of messages to a victim IP. If using DTLS 1.0/1.2 on the server side users should update to avoid the potential DoS attack. CVE-2022-34293
* [Medium] Ciphertext side channel attack on ECC and DH operations. Users on systems where rogue agents can monitor memory use should update the version of wolfSSL and change private ECC keys. Thanks to Sen Deng from Southern University of Science and Technology (SUSTech) for the report.
* [Medium] Public disclosure of a side channel vulnerability that has been fixed since wolfSSL version 5.1.0. When running on AMD there is the potential to leak private key information with ECDSA operations due to a ciphertext side channel attack. Users on AMD doing ECDSA operations with wolfSSL versions less than 5.1.0 should update their wolfSSL version used. Thanks to professor Yinqian Zhang from Southern University of Science and Technology (SUSTech), his Ph.D. student Mengyuan Li from The Ohio State University, and his M.S students Sen Deng and Yining Tang from SUStech along with other collaborators; Luca Wilke, Jan Wichelmann and Professor Thomas Eisenbarth from the University of Lubeck, Professor Shuai Wang from Hong Kong University of Science and Technology, Professor Radu Teodorescu from The Ohio State University, Huibo Wang, Kang Li and Yueqiang Cheng from Baidu Security and Shoumeng Yang from Ant Financial Services Group.
* Support for using the new DTLSv1.3 protocol was added
* Enhancements to bundled examples for an event driven server with DTLS 1.3 was added
### Ports
* Update for the version of VxWorks supported, adding in support for version 6.x
* Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
* Update for TSIP version support, adding support for version 1.15 for RX65N and RX72N
* Improved TSIP build to handle having the options WOLFSSL_AEAD_ONLY defined or NO_AES_CBC defined
* Added support for offloading TLS1.3 operations to Renesas RX boards with TSIP
### Misc.
* Constant time improvements due to development of new constant time tests
* Initial translation of API headers to Japanese and expansion of Japanese help message support in example applications
* Add support for some FPKI (Federal PKI) certificate cases, UUID, FASC-N, PIV extension for use with smart cards
* Add support for parsing additional CSR attributes such as unstructured name and content type
* Add support for Linux getrandom() when defining the macro WOLFSSL_GETRANDOM
* Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442
* Expand CAAM support with QNX to include i.MX8 boards and add AES-CTR support
* Enhanced glitching protection by hardening the TLS encrypt operations
## Math and Performance
### SP Math Additions
* Support for ARMv3, ARMv6 and ARMv7a
- Changes and improvements to get SP building for armv7-a
- Updated assembly for moving large immediate values on ARMv6
- Support for architectures with no ldrd/strd and clz
* Reworked generation using common asm ruby code for 32bit ARM
* Enable wolfSSL SP math all by default (sp_int.c)
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
### SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
* Fix for SP math ECC non-blocking to always check `hashLen`
* Fix for SP math handling edge case with submod
## Improvements and Optimizations
### Compatibility Layer
* Provide access to "Finished" messages outside of compatibility layer builds
* Remove unneeded FIPS guard on wolfSSL_EVP_PKEY_derive
* Fix control command issues with AES-GCM, control command EVP_CTRL_GCM_IV_GEN
* Add support for importing private only EC key to a WOLFSSL_EVP_PKEY struct
* Add support for more extensions to wolfSSL_X509_print_ex
* Update for internal to DER (i2d) AIPs to move the buffer pointer when passed in and the operation is successful
* Return subject and issuer X509_NAME object even when not set
### Ports
* Renesas RA6M4 example update and fixes
* Support multi-threaded use cases with Renesas SCE protected mode and TSIP
* Add a global variable for heap-hint for use with TSIP
* Changes to support v5.3.0 cube pack for STM32
* Use the correct mutex type for embOS
* ESP-IDF build cleanup and enhancements, adding in note regarding ESP-IDF Version
* Support for SEGGER embOS and emNET
* Fix to handle WOLFSSL_DTLS macro in Micrium build
### Build Options
* Support for verify only and no-PSS builds updated
* Add the enable options wolfssh (mapped to the existing –enable-ssh)
* Remove WOLFSSL_ALT_NAMES restriction on notBefore/notAfter use in Cert struct
* Move several more definitions outside the BUILDING_WOLFSSL gate with linux kernel module build
* Modify --enable-openssh to not enable non-FIPS algos for FIPS builds
* Remove the Python wrappers from wolfSSL source (use pip install instead of using wolfSSL with Python and our separate Python repository)
* Add --enable-openldap option to configure.ac for building the OpenLDAP port
* Resolve DTLS build to handle not having –enable-hrrcookie when not needed
* Add an --enable-strongswan option to configure.ac for building the Strongswan port
* Improve defaults for 64-bit BSDs in configure
* Crypto only build can now be used openssl extra
* Update ASN template build to properly handle WOLFSSL_CERT_EXT and HAVE_OID_ENCODING
* Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary
* Add the build option --enable-dh=const which replaces setting the macro WOLFSSL_DH_CONST and now conditionally link to -lm as needed
* Add the macro WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY which is used to verify hostname/ip address using alternate name (SAN) only and does not use the common name
* WOLFSSL_DTLS_NO_HVR_ON_RESUME macro added (off by default to favor more security). If defined, a DTLS server will not do a cookie exchange on successful client resumption: the resumption will be faster (one RTT less) and will consume less bandwidth (one ClientHello and one HelloVerifyRequest less). On the other hand, if a valid SessionID is collected, forged clientHello messages will consume resources on the server.
* Misc.
* Refactoring of some internal TLS functions to reduce the memory usage
* Make old less secure TimingPadVerify implementation available
* Add support for aligned data with clang LLVM
* Remove subject/issuer email from the list of alt. Email names in the DecodedCerts struct
* Zeroizing of pre-master secret buffer in TLS 1.3
* Update to allow TLS 1.3 application server to send session ticket
* Improve the sniffer asynchronous test case to support multiple concurrent streams
* Clean up wolfSSL_clear() and add more logging
* Update to not error out on bad CRL next date if using NO_VERIFY when parsing
* Add an example C# PSK client
* Add ESP-IDF WOLFSSL_ESP8266 setting for ESP8266 devices
* Support longer sigalg list for post quantum use cases and inter-op with OQS's OpenSSL fork
* Improve AES-GCM word implementation of GMULT to be constant time
* Additional sanity check with Ed25519/Ed448, now defaults to assume public key is not trusted
* Support PSK ciphersuites in benchmark apps
* FIPS in core hash using SHA2-256 and SHA2-384
* Add ability to store issuer name components when parsing a certificate
* Make the critical extension flags in DecodedCert always available
* Updates to the default values for basic constraint with X509’s
* Support using RSA OAEP with no malloc and add additional sanity checks
* Leverage async code paths to support WANT_WRITE while sending packet fragments
* New azsphere example for continuous integration testing
* Update RSA key generation function to handle pairwise consistency tests with static memory pools used
* Resolve build time warning by passing in and checking output length with internal SetCurve function
* Support DTLS bidirectional shutdown in the examples
* Improve DTLS version negotiation and downgrade capability
### General Fixes
* Fixes for STM32 Hash/PKA, add some missing mutex frees, and add an additional benchmark
* Fix missing return checks in KSDK ED25519 code
* Fix compilation warnings from IAR
* Fixes for STM32U5/H7 hash/crypto support
* Fix for using track memory feature with FreeRTOS
* Fixup XSTR processing for MICRIUM
* Update Zephyr fs.h path
* DTLS fixes with WANT_WRITE simulations
* Fixes for BER use with PKCS7 to have additional sanity checks and guards on edge cases
* Fix to handle exceptional edge case with TFM mp_exptmod_ex
* Fix for stack and heap measurements of a 32-bit build
* Fix to allow enabling AES key wrap (direct) with KCAPI
* Fix --enable-openssh FIPS detection syntax in configure.ac
* Fix to move wolfSSL_ERR_clear_error outside gate for OPENSSL_EXTRA
* Remove MCAPI project's dependency on zlib version
* Only use __builtin_offset on supported GCC versions (4+)
* Fix for c89 builds with using WOLF_C89
* Fix 64bit postfix for constants building with powerpc
* Fixed async Sniffer with TLS v1.3, async removal of `WC_HW_WAIT_E` and sanitize leak
* Fix for QAT ECC to gate use of HW based on marker
* Fix the supported version extension to always check minDowngrade
* Fix for TLS v1.1 length sanity check for large messages
* Fixes for loading a long DER/ASN.1 certificate chain
* Fix to expose the RSA public DER export functions with certgen
* Fixes for building with small version of SHA3
* Fix configure with WOLFSSL_WPAS_SMALL
* Fix to free PKCS7 recipient list in error cases
* Sanity check to confirm ssl->hsHashes is not NULL before attempting to dereference it
* Clear the leftover byte count in Aes struct when setting IV
# wolfSSL Release 5.3.0 (May 3rd, 2022)
Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
## New Feature Additions
### Ports
* Updated support for Stunnel to version 5.61
* Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Allow encrypt then mac with Apache port
* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
* Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
* Update the bind port to version 9.18.0
### Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
### Compatibility Layer Additions
* Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
- ASN1_TIME_compare
- DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
### Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key) callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
* wolfRand for AMD --enable-amdrand
## Fixes
### PORT Fixes
* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0’s and for ECC signatures
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
* Fix for PKCS#7 with Crypto Callbacks
* Fix for larger curve sizes with deterministic ECC sign
* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
* Remove extra padding when AES-CBC encrypted with PemToDer
* Fixes for TLS v1.3 early data with async.
* Fixes for async disables around the DevCopy calls
* Fixes for Windows AES-NI with clang compiler
* Fix for handling the detection of processing a plaintext TLS alert packet
* Fix for potential memory leak in an error case with TLSX supported groups
* Sanity check on `input` size in `DecodeNsCertType`
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
## Improvements/Optimizations
### Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
* Enable TLS 1.3 early data when specifying `--enable-all` option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version 2.4.7
* Fixes for Diab C89 and armclang
* Fix `mcapi_test.c` to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
### Math Libraries
* Add RSA/DH check for even modulus
* Enhance TFM math to handle more alloc failure cases gracefully
* SP ASM performance improvements mostly around AArch64
* SP ASM improvements for additional cache attack resistance
* Add RSA check for small difference between p and q
* 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
### Testing and Validation
* All shell scripts in source tree now tested for correctness using shellcheck and bash -n
* Added build testing under gcc-12 and -std=c++17 and fixed warnings
* TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
### Misc.
* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
* Modify example app to work with FreeRTOS+IoT
* Ease of access for cert used for verifying a PKCS#7 bundle
* Clean up Visual Studio output and intermediate directories
* With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
* Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* Don't force a ECC CA when a custom CA is passed with `-A`
* Add peer authentication failsafe for TLS 1.2 and below
* Improve parsing of UID from subject and issuer name with the compatibility layer by
* Fallback to full TLS handshake if session ticket fails
* Internal refactoring of code to reduce ssl.c file size
# wolfSSL Release 5.2.0 (Feb 21, 2022)
## Vulnerabilities
* \[High\] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify
message a client can connect without presenting a certificate even
if the server requires one. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
* \[High\] A TLS v1.3 client attempting to authenticate a TLS v1.3
server can have its certificate check bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
## New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT
* Renesas FSP 3.5.0 support for RA6M3
* For TLS 1.3, improved checks on order of received messages.
* Support for use of SHA-3 cryptography instructions available in
ARMv8.2-A architecture extensions. (For Apple M1)
* Support for use of SHA-512 cryptography instructions available in
ARMv8.2-A architecture extensions. (For Apple M1)
* Fixes for clang -Os on clang >= 12.0.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed
to build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXP’s SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
## ARM PSA Support (Platform Security Architecture) API
* Initial support added for ARM’s Platform Security Architecture (PSA)
API in wolfCrypt which allows support of ARM PSA enabled devices by
wolfSSL, wolfSSH, and wolfBoot and wolfCrypt FIPS.
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
AES-256-CTR
* Support for compressed public keys in messages.
## Math Improvements
* Improved performance of X448 and Ed448 through inlining Karatsuba in
square and multiplication operations for 128-bit implementation
(64-bit platforms with 128-bit type support).
* SP Math C implementation: fix for corner case in curve specific
implementations of Montgomery Reduction (P-256, P-384).
* SP math all: assembly snippets added for ARM Thumb. Performance
improvement on platform.
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
dependency on __udiv3.
* SP C implementation: multiplication of two signed types with overflow
is undefined in C. Now cast to unsigned type before multiplication is
performed.
* SP C implementation correctly builds when using CFLAG: -m32
## OpenSSL Compatibility Layer
* Added DH_get_2048_256 to compatibility layer.
* wolfSSLeay_version now returns the version of wolfSSL
* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows
better compatibility when building with a C++ compiler.
* Fix for OpenSSL x509_NAME_hash mismatch
* Implement FIPS_mode and FIPS_mode_set in the compat layer.
* Fix for certreq and certgen options with openssl compatibility
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
* Fix IV length bug in EVP AES-GCM code.
* Add new ASN1_INTEGER compatibility functions.
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
## CMake Updates
* Check for valid override values.
* Add `KEYGEN` option.
* Cleanup help messages.
* Add options to support wolfTPM.
## VisualStudio Updates
* Remove deprecated VS solution
* Fix VS unreachable code warning
## New Algorithms and Protocols
* AES-SIV (RFC 5297)
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new
real-time session keys
* SipHash MAC/PRF for hash tables. Includes inline assembly for
x86_64 and Aarch64.
## Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
# wolfSSL Release 5.1.1 (Jan 3rd, 2022)
Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix:
### Vulnerabilities
* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. (CVE-2022-23408)
# wolfSSL Release 5.1.0 (Dec 27, 2021)
Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* \[Low\] Potential for DoS attack on a wolfSSL client due to processing hello packets of the incorrect side. This affects only connections using TLS v1.2 or less that have also been compromised by a man in the middle attack. Thanks to James Henderson, Mathy Vanhoef, Chris M. Stone, Sam L. Thomas, Nicolas Bailleut, and Tom Chothia (University of Birmingham, KU Leuven, ENS Rennes for the report.
* \[Low\] Client side session resumption issue once the session resumption cache has been filled up. The hijacking of a session resumption has been demonstrated so far with only non verified peer connections. That is where the client is not verifying the server’s CA that it is connecting to. There is the potential though for other cases involving proxies that are verifying the server to be at risk, if using wolfSSL in a case involving proxies use wolfSSL_get1_session and then wolfSSL_SESSION_free when done where possible. If not adding in the session get/free function calls we recommend that users of wolfSSL that are resuming sessions update to the latest version (wolfSSL version 5.1.0 or later). Thanks to the UK's National Cyber Security Centre (NCSC) for the report.
### New Feature Additions
###### Ports
* Curve25519 support with NXP SE050 added
* Renesas RA6M4 support with SCE Protected Mode and FSP 3.5.0
* Renesas TSIP 1.14 support for RX65N/RX72N
###### Post Quantum
* Post quantum resistant algorithms used with Apache port
* NIST round 3 FALCON Signature Scheme support added to TLS 1.3 connections
* FALCON added to the benchmarking application
* Testing of cURL with wolfSSL post quantum resistant build
###### Compatibility Layer Additions
* Updated NGINX port to NGINX version 1.21.4
* Updated Apache port to Apache version 2.4.51
* Add support for SSL_OP_NO_TLSv1_2 flag with wolfSSL_CTX_set_options function
* Support added for the functions
- SSL_CTX_get_max_early_data
- SSL_CTX_set_max_early_data
- SSL_set_max_early_data
- SSL_get_max_early_data
- SSL_CTX_clear_mode
- SSL_CONF_cmd_value_type
- SSL_read_early_data
- SSL_write_early_data
###### Misc.
* Crypto callback support for AES-CCM added. A callback function can be registered and used instead of the default AES-CCM implementation in wolfSSL.
* Added AES-OFB to the FIPS boundary for future FIPS validations.
* Add support for custom OIDs used with CSR (certificate signing request) generation using the macro WOLFSSL_CUSTOM_OID
* Added HKDF extract callback function for use with TLS 1.3
* Add variant from RFC6979 of deterministic ECC signing that can be enabled using the macro WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
* Added the function wc_GetPubKeyDerFromCert to get the public key from a DecodedCert structure
* Added the functions wc_InitDecodedCert, wc_ParseCert and wc_FreeDecodedCert for access to decoding a certificate into a DecodedCert structure
* Added the macro WOLFSSL_ECC_NO_SMALL_STACK for hybrid builds where the numerous malloc/free with ECC is undesired but small stack use is desired throughout the rest of the library
* Added the function wc_d2i_PKCS12_fp for reading a PKCS12 file and parsing it
### Fixes
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
* Check return values on TFM library montgomery function in case the system runs out of memory. This resolves an edge case of invalid ECC signatures being created.
* SP math library sanity check on size of values passed to sp_gcd.
* SP math library sanity check on exponentiation by 0 with mod_exp
* Update base ECC mp_sqrtmod_prime function to handle an edge case of zero
* TFM math library with Intel MULX multiply fix for carry in assembly code
###### Misc.
* Fix for potential heap buffer overflow with compatibility layer PEM parsing
* Fix for edge memory leak case with an error encountered during TLS resumption
* Fix for length on inner sequence created with wc_DhKeyToDer when handling small DH keys
* Fix for sanity check on input argument to DSA sign and verify
* Fix for setting of the return value with ASN1 integer get on an i386 device
* Fix for BER to DER size checks with PKCS7 decryption
* Fix for memory leak with PrintPubKeyEC function in compatibility layer
* Edge case with deterministic ECC key generation when the private key has leading 0’s
* Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
* Use page aligned memory with ECDSA signing and KCAPI
* Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
* Fix for DTLS handling dropped or retransmitted messages
### Improvements/Optimizations
###### Build Options and Warnings
* Bugfix: could not build with liboqs and without DH enabled
* Build with macro NO_ECC_KEY_EXPORT fixed
* Fix for building with the macro HAVE_ENCRYPT_THEN_MAC when session export is enabled
* Building with wolfSentry and HAVE_EX_DATA macro set
###### Math Libraries
* Improvement for performance with SP C implementation of montgomery reduction for ECC (P256 and P384) and SP ARM64 implementation for ECC (P384)
* With SP math handle case of dividing by length of dividend
* SP math improvement for lo/hi register names to be used with older GCC compilers
###### Misc.
* ASN name constraints checking code refactor for better efficiency and readability
* Refactor of compatibility layer stack free’ing calls to simplify and reduce code
* Scrubbed code for trailing spaces, hard tabs, and any control characters
* Explicit check that leaf certificate's public key type match cipher suite signature algorithm
* Additional NULL sanity checks on WOLFSSL struct internally and improve switch statement fallthrough
* Retain OCSP error value when CRL is enabled with certificate parsing
* Update to NATIVE LwIP support for TCP use
* Sanity check on PEM size when parsing a PEM with OpenSSL compatibility layer API.
* SWIG wrapper was removed from the codebase in favor of dedicated Java and Python wrappers.
* Updates to bundled example client for when to load the CA, handling print out of IP alt names, and printing out the peers certificate in PEM format
* Handling BER encoded inner content type with PKCS7 verify
* Checking for SOCKET_EPIPE errors from low level socket
* Improvements to cleanup in the case that wolfSSL_Init fails
* Update test and example certificates expiration dates
# wolfSSL Release 5.0.0 (Nov 01, 2021)
Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
@ -13,21 +19,16 @@ Including the following examples:
## Requirements
1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
Note: This expects to use Linux version.
## Setup for Linux
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
For Windows : Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
4. Uncomment out `#define WOLFSSL_ESPIDF` in _/path/to/esp_`/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h`
Uncomment out `#define WOLFSSL_ESPWROOM32` in _/path/to/esp_`/esp-idf/components/wolfssl/wolfssl/wolfcrypt/settings.h`
1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
3. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
4. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
## Configuration
1. The `user_settings.h` can be found in _/path/to/esp_`/esp-idf/components/wolfssl/include/user_settings.h`
@ -39,7 +40,6 @@ Including the following examples:
For question please email [support@wolfssl.com]
Note: This is tested with :
- OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041 and well as WSL Ubuntu
- ESP-IDF: v4.1 and v4.0.1
- OS: Ubuntu 20.04.3 LTS and Microsoft Windows 10 Pro 10.0.19041 and well as WSL Ubuntu
This example was designed to be used with the MSP430F5359/MSP430F5659 but can be ported to any similar MSP platform. It will take ~50KB of ROM space and a 8KB of statically allocated RAM (nearly half for constants).
The example runs at 8MHz and executes a benchmark of ECC key generations, shared secrets and 1KB ChaCha20/Poly1305 encryption.
At 8MHz the ECC steps will take 13-15 seconds each and 1000 iterations of ChaCha20/Poly1305 will take about 45 seconds.
## Hardware Setup
A basic development board / ISP combination will work fine, such as the MSP-TS430PZ100 series with the MSP-FET430 series programmer.
The example will output text via UART 1, on the MSP430 which is port 8 bits 2&3 (pins 60/61) on the MSP430F5359. The UART will run at 57600 baud.
In addition every second port 1 bit 1 will be toggled on/off (typically an LED would be here).
## IDE setup
When setting up the IDE, copy the wolfSSL source code to your project's directory and add all the .c and .h files from `wolfcrypt/src` to your project.
Use the `main.c` provided here and copy the `user_settings.h` file to the `wolfssl/wolfcrypt` subdirectory of wolfSSL.
You will need to set at least 700 bytes of stack, no heap is required. You will also need to change the "Library Configuration" to "Full DLIB" so the `printf()` functions work correctly.
Make sure to add the definition `WOLFSSL_USER_SETTINGS` to the preprocessor settings in your project to that `user_settings.h` is loaded in. You will also need to add the wolfSSL root directory to the "Additional include directories".
From here you can set any optimizer settings you need.
## MSP430 GCC Makefile
Also included is a `Makefile` for TI's GCC, when compiling with GCC the code size will be larger and the application will be ~2x slower.
To use this Makefile you will need [TI's MSP430 GCC](https://www.ti.com/tool/MSP430-GCC-OPENSOURCE) installed as well as `mspdebug` with the `libmsp430.so` accessible to it. You will need to edit the `Makefile` to set the `TI_COMPILER_PATH` to where you have installed this.
Once everything is in place you can run `make` to build it and `make install` to flash the MSP430 with it.
**Note**: this will not work with the much older version of MSP430 GCC that comes in Linux distribution repositories.
## Example Output
This is an example output for the demo application when compiled with IAR.
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include<wolfssl/wolfcrypt/settings.h>
#include<wolfssl/wolfcrypt/wc_port.h>
#include<wolfssl/wolfcrypt/types.h>
#include<wolfssl/wolfcrypt/random.h>
#include<wolfssl/wolfcrypt/ecc.h>
#include<wolfssl/wolfcrypt/curve25519.h>
#include<wolfssl/wolfcrypt/chacha20_poly1305.h>
#include<stdio.h>
#include<stdlib.h>
#include<stdint.h>
#include<msp430f5659.h>
/* Without __root on some of the functions, IAR's "Discard Unused Publics"
will optimze out some of the functions
*/
#if defined(__IAR_SYSTEMS_ICC__)
#define IAR_KEEP __root
#else
#define IAR_KEEP
#endif
#define ECC_256_BIT_FIELD 32 /* 256-bit curve field */
#define WOLF_GEN_MEM (2*1024)
#define CHACHA_TEST_LEN 1024
staticbytegWolfMem[WOLF_GEN_MEM];
staticbytegeneratedCiphertext[CHACHA_TEST_LEN];
staticbytegeneratedPlaintext[CHACHA_TEST_LEN];
#define MCLK_FREQ_MHZ 8 /* MCLK = 8MHz */
staticconstbytekey[]={
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,
0x88,0x89,0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,
0x90,0x91,0x92,0x93,0x94,0x95,0x96,0x97,
0x98,0x99,0x9a,0x9b,0x9c,0x9d,0x9e,0x9f
};
staticconstbyteplaintext[]="Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
staticconstbyteiv[]={
0x07,0x00,0x00,0x00,0x40,0x41,0x42,0x43,
0x44,0x45,0x46,0x47
};
staticconstbyteaad[]={/* additional data */
0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
0xc4,0xc5,0xc6,0xc7
};
volatileunsignedintseconds;
IAR_KEEPunsignedintmsp430_time(long*x)
{
returnseconds;
}
staticvoidprint_secret(char*who,byte*s,intsLen)
{
inti;
printf("%ss' Secret: ",who);
for(i=0;i<sLen;i++){
printf("%02x",s[i]);
}
printf("\r\n");
}
/* This is a very crude RNG, do not use in production */
IAR_KEEPunsignedintmsp430_rnd(void)
{
unsignedintresult=TA0R^TA2R;
printf("Rand generated: %d\r\n",result);
returnresult;
}
staticvoiduart_init()
{
P8SEL|=BIT3+BIT2;
UCA1CTLW0=UCSWRST;/* Put eUSCI in reset */
UCA1CTLW0|=UCSSEL__SMCLK;/* CLK = SMCLK */
/* Baud Rate calculation
This was calculated to produce 115200 for a 16MHz clock, so it produces
- Open MCUEXPRESSO and set the workspace to wolfssl/IDE/MCUEXPRESSO
- File -> Open Projects From File System... -> Directory : and set the browse to wolfssl/IDE/MCUEXPROSSO directory then click "select directory"
- Select MCUEXPRESSO\wolfssl, MCUEXPRESSO\benchmark and MCUEXPRESSO\wolfcrypt_test then click "Finish"
- Right click the projects -> SDK Management -> Refresh SDK Components and click "yes"
- MCUEXPRESSO fails to generate the fils for wolfssl/MIMXRT685S, just copy the files from either benchmark or wolfcrypt_test into the directory
- increase the size of configTOTAL_HEAP_SIZE in FreeRTOSConfig.h to be 200000 for wolfcrypt_test and benchmark projects
- (note board files need to be recreated .... this can be done by creating a new project that has the same settings and copying over the generated board/* files)
<option id="gnu.cpp.compiler.option.preprocessor.nostdinc.337557687" name="Do not search system directories (-nostdinc)" superClass="gnu.cpp.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.preprocessor.preprocess.105687278" name="Preprocess only (-E)" superClass="gnu.cpp.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.debugging.sanitthread.46061549" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.cpp.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastalign.1228001774" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.cpp.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastqual.1829700747" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.cpp.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wctordtorprivacy.1703660869" name="All ctor and dtor private (-Wctor-dtor-privacy)" superClass="gnu.cpp.compiler.option.warnings.wctordtorprivacy" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wdisabledopt.1581102527" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.cpp.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wlogicalop.1199752437" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.cpp.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingdecl.1200044165" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.cpp.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingincdir.1468133471" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.cpp.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wnoexccept.1809240449" name="Noexcept false but never throw exception (-Wnoexcept)" superClass="gnu.cpp.compiler.option.warnings.wnoexccept" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woldstylecast.81998190" name="C-style cast used (-Wold-style-cast)" superClass="gnu.cpp.compiler.option.warnings.woldstylecast" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woverloadedvirtual.738186915" name="Function hides virtual functions from base class (-Woverloaded-virtual)" superClass="gnu.cpp.compiler.option.warnings.woverloadedvirtual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wredundantdecl.2119054557" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.cpp.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wshadow.459677219" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.cpp.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignconv.847632167" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.cpp.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignpromo.692373891" name="Overload resolution promotes unsigned to signed type (-Wsign-promo)" superClass="gnu.cpp.compiler.option.warnings.wsignpromo" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wstrictnullsent.63325306" name="Use of an uncasted NULL as sentinel (-Wstrict-null-sentinel)" superClass="gnu.cpp.compiler.option.warnings.wstrictnullsent" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wswitchdef.1343187722" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.cpp.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wundef.1217552459" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.cpp.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.weffcpp.314771363" name="Effective C++ guidelines (-Weffc++)" superClass="gnu.cpp.compiler.option.warnings.weffcpp" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.nostdinc.69915039" name="Do not search system directories (-nostdinc)" superClass="gnu.c.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.preprocess.828997020" name="Preprocess only (-E)" superClass="gnu.c.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.debugging.sanitthread.1728404666" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.c.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastalign.1029844013" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.c.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastqual.896706854" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.c.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wdisabledopt.418459364" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.c.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wlogicalop.953697628" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.c.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingdecl.1135408644" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.c.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingincdir.63895246" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.c.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wredundantdecl.1942311937" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.c.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wshadow.8220331" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.c.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wsignconv.581479856" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.c.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wswitchdef.1458509345" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.c.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wundef.1695266677" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.c.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wwritestrings.1911496737" name="Treat strings always as const (-Wwrite-strings)" superClass="gnu.c.compiler.option.warnings.wwritestrings" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.link.cpp.crpenable.420071128" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.cpp.crpenable"/>
<option id="com.crt.advproject.link.cpp.flashconfigenable.2102469469" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.cpp.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.cpp.multicore.empty.920385802" name="No Multicore options for this project" superClass="com.crt.advproject.link.cpp.multicore.empty"/>
<option id="com.crt.advproject.link.crpenable.1338899499" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.crpenable"/>
<option id="com.crt.advproject.link.flashconfigenable.264454903" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.gcc.multicore.empty.406463450" name="No Multicore options for this project" superClass="com.crt.advproject.link.gcc.multicore.empty"/>
<option id="com.crt.advproject.miscellaneous.end_of_heap.1905162588" name="Last used address of the heap" superClass="com.crt.advproject.miscellaneous.end_of_heap"/>
<option id="com.crt.advproject.miscellaneous.pvHeapStart.1877580926" name="First address of the heap" superClass="com.crt.advproject.miscellaneous.pvHeapStart"/>
<option id="com.crt.advproject.miscellaneous.pvHeapLimit.1613722550" name="Maximum extent of heap" superClass="com.crt.advproject.miscellaneous.pvHeapLimit"/>
<option id="com.crt.advproject.debugger.security.nonsecureimageenable.1557056464" name="Enable pre-programming of Non-Secure Image" superClass="com.crt.advproject.debugger.security.nonsecureimageenable"/>
<option id="gnu.cpp.compiler.option.preprocessor.nostdinc.340349660" name="Do not search system directories (-nostdinc)" superClass="gnu.cpp.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.preprocessor.preprocess.1861742763" name="Preprocess only (-E)" superClass="gnu.cpp.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.debugging.sanitthread.1608478861" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.cpp.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastalign.143940814" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.cpp.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastqual.439067159" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.cpp.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wctordtorprivacy.2094011350" name="All ctor and dtor private (-Wctor-dtor-privacy)" superClass="gnu.cpp.compiler.option.warnings.wctordtorprivacy" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wdisabledopt.654230214" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.cpp.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wlogicalop.1815306810" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.cpp.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingdecl.1729418253" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.cpp.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingincdir.185924875" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.cpp.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wnoexccept.1878055190" name="Noexcept false but never throw exception (-Wnoexcept)" superClass="gnu.cpp.compiler.option.warnings.wnoexccept" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woldstylecast.457648019" name="C-style cast used (-Wold-style-cast)" superClass="gnu.cpp.compiler.option.warnings.woldstylecast" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woverloadedvirtual.1045946724" name="Function hides virtual functions from base class (-Woverloaded-virtual)" superClass="gnu.cpp.compiler.option.warnings.woverloadedvirtual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wredundantdecl.1244798711" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.cpp.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wshadow.369412473" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.cpp.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignconv.2040300034" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.cpp.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignpromo.1792401758" name="Overload resolution promotes unsigned to signed type (-Wsign-promo)" superClass="gnu.cpp.compiler.option.warnings.wsignpromo" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wstrictnullsent.1245260859" name="Use of an uncasted NULL as sentinel (-Wstrict-null-sentinel)" superClass="gnu.cpp.compiler.option.warnings.wstrictnullsent" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wswitchdef.694053113" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.cpp.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wundef.1116691008" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.cpp.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.weffcpp.109401632" name="Effective C++ guidelines (-Weffc++)" superClass="gnu.cpp.compiler.option.warnings.weffcpp" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.nostdinc.1894186839" name="Do not search system directories (-nostdinc)" superClass="gnu.c.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.preprocess.1649307310" name="Preprocess only (-E)" superClass="gnu.c.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.debugging.sanitthread.351493737" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.c.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastalign.761219473" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.c.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastqual.963206139" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.c.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wdisabledopt.869445852" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.c.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wlogicalop.1135115747" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.c.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingdecl.1734363639" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.c.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingincdir.1554160996" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.c.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wredundantdecl.1694758444" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.c.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wshadow.1533146979" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.c.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wsignconv.416622348" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.c.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wswitchdef.1751356714" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.c.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wundef.1900048974" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.c.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wwritestrings.1223814403" name="Treat strings always as const (-Wwrite-strings)" superClass="gnu.c.compiler.option.warnings.wwritestrings" useByScannerDiscovery="false"/>
<option id="gnu.cpp.link.option.nostart.1854221575" name="Do not use standard start files (-nostartfiles)" superClass="gnu.cpp.link.option.nostart"/>
<option id="gnu.cpp.link.option.nodeflibs.2129253795" name="Do not use default libraries (-nodefaultlibs)" superClass="gnu.cpp.link.option.nodeflibs"/>
<option id="com.crt.advproject.link.cpp.crpenable.1776809668" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.cpp.crpenable"/>
<option id="com.crt.advproject.link.cpp.flashconfigenable.791633804" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.cpp.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.cpp.multicore.empty.502395422" name="No Multicore options for this project" superClass="com.crt.advproject.link.cpp.multicore.empty"/>
<option id="com.crt.advproject.link.crpenable.1402901021" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.crpenable"/>
<option id="com.crt.advproject.link.flashconfigenable.849305138" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.gcc.multicore.empty.1635347828" name="No Multicore options for this project" superClass="com.crt.advproject.link.gcc.multicore.empty"/>
<option id="com.crt.advproject.miscellaneous.end_of_heap.902679891" name="Last used address of the heap" superClass="com.crt.advproject.miscellaneous.end_of_heap"/>
<option id="com.crt.advproject.miscellaneous.pvHeapStart.530261686" name="First address of the heap" superClass="com.crt.advproject.miscellaneous.pvHeapStart"/>
<option id="com.crt.advproject.miscellaneous.pvHeapLimit.1858139259" name="Maximum extent of heap" superClass="com.crt.advproject.miscellaneous.pvHeapLimit"/>
<option id="com.crt.advproject.debugger.security.nonsecureimageenable.194966293" name="Enable pre-programming of Non-Secure Image" superClass="com.crt.advproject.debugger.security.nonsecureimageenable"/>
<option id="gnu.cpp.compiler.option.preprocessor.nostdinc.82696774" name="Do not search system directories (-nostdinc)" superClass="gnu.cpp.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.preprocessor.preprocess.1800760632" name="Preprocess only (-E)" superClass="gnu.cpp.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.debugging.sanitthread.414411965" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.cpp.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastalign.1358686601" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.cpp.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastqual.434377510" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.cpp.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wctordtorprivacy.592969326" name="All ctor and dtor private (-Wctor-dtor-privacy)" superClass="gnu.cpp.compiler.option.warnings.wctordtorprivacy" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wdisabledopt.473135479" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.cpp.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wlogicalop.273876437" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.cpp.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingdecl.1205074478" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.cpp.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingincdir.2040815548" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.cpp.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wnoexccept.74710865" name="Noexcept false but never throw exception (-Wnoexcept)" superClass="gnu.cpp.compiler.option.warnings.wnoexccept" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woldstylecast.1450357324" name="C-style cast used (-Wold-style-cast)" superClass="gnu.cpp.compiler.option.warnings.woldstylecast" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woverloadedvirtual.520624464" name="Function hides virtual functions from base class (-Woverloaded-virtual)" superClass="gnu.cpp.compiler.option.warnings.woverloadedvirtual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wredundantdecl.589509567" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.cpp.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wshadow.1128444083" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.cpp.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignconv.851101439" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.cpp.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignpromo.2136361811" name="Overload resolution promotes unsigned to signed type (-Wsign-promo)" superClass="gnu.cpp.compiler.option.warnings.wsignpromo" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wstrictnullsent.1382679663" name="Use of an uncasted NULL as sentinel (-Wstrict-null-sentinel)" superClass="gnu.cpp.compiler.option.warnings.wstrictnullsent" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wswitchdef.578214758" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.cpp.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wundef.2100715848" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.cpp.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.weffcpp.1610531155" name="Effective C++ guidelines (-Weffc++)" superClass="gnu.cpp.compiler.option.warnings.weffcpp" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.nostdinc.1003092082" name="Do not search system directories (-nostdinc)" superClass="gnu.c.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.preprocess.417681331" name="Preprocess only (-E)" superClass="gnu.c.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.debugging.sanitthread.1244541954" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.c.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastalign.1503828451" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.c.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastqual.782800922" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.c.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wdisabledopt.1505030224" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.c.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wlogicalop.1063817591" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.c.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingdecl.145383728" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.c.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingincdir.1744730966" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.c.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wredundantdecl.407886108" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.c.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wshadow.1778748640" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.c.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wsignconv.1280387001" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.c.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wswitchdef.1812383408" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.c.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wundef.1728710287" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.c.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wwritestrings.695518648" name="Treat strings always as const (-Wwrite-strings)" superClass="gnu.c.compiler.option.warnings.wwritestrings" useByScannerDiscovery="false"/>
<option id="gnu.cpp.link.option.nostart.625346204" name="Do not use standard start files (-nostartfiles)" superClass="gnu.cpp.link.option.nostart"/>
<option id="gnu.cpp.link.option.nodeflibs.1297096548" name="Do not use default libraries (-nodefaultlibs)" superClass="gnu.cpp.link.option.nodeflibs"/>
<option id="com.crt.advproject.link.cpp.crpenable.667985114" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.cpp.crpenable"/>
<option id="com.crt.advproject.link.cpp.flashconfigenable.1728278497" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.cpp.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.cpp.multicore.empty.786118577" name="No Multicore options for this project" superClass="com.crt.advproject.link.cpp.multicore.empty"/>
<option id="gnu.c.link.option.nostart.1998838580" name="Do not use standard start files (-nostartfiles)" superClass="gnu.c.link.option.nostart" useByScannerDiscovery="false"/>
<option id="gnu.c.link.option.nodeflibs.1101569168" name="Do not use default libraries (-nodefaultlibs)" superClass="gnu.c.link.option.nodeflibs" useByScannerDiscovery="false"/>
<option id="gnu.c.link.option.strip.517306114" name="Omit all symbol information (-s)" superClass="gnu.c.link.option.strip" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.link.crpenable.1582261920" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.crpenable" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.link.flashconfigenable.1561972634" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.flashconfigenable" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.gcc.multicore.empty.1577283265" name="No Multicore options for this project" superClass="com.crt.advproject.link.gcc.multicore.empty" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.miscellaneous.end_of_heap.1700873648" name="Last used address of the heap" superClass="com.crt.advproject.miscellaneous.end_of_heap" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.miscellaneous.pvHeapStart.35778762" name="First address of the heap" superClass="com.crt.advproject.miscellaneous.pvHeapStart" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.miscellaneous.pvHeapLimit.986324885" name="Maximum extent of heap" superClass="com.crt.advproject.miscellaneous.pvHeapLimit" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.debugger.security.nonsecureimageenable.1213866409" name="Enable pre-programming of Non-Secure Image" superClass="com.crt.advproject.debugger.security.nonsecureimageenable" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.preprocessor.nostdinc.1493925046" name="Do not search system directories (-nostdinc)" superClass="gnu.cpp.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.preprocessor.preprocess.1821168859" name="Preprocess only (-E)" superClass="gnu.cpp.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.debugging.sanitthread.140955800" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.cpp.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastalign.90168539" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.cpp.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wcastqual.1721326128" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.cpp.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wctordtorprivacy.1144164747" name="All ctor and dtor private (-Wctor-dtor-privacy)" superClass="gnu.cpp.compiler.option.warnings.wctordtorprivacy" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wdisabledopt.2024294384" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.cpp.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wlogicalop.70434452" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.cpp.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingdecl.1437065273" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.cpp.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wmissingincdir.1558961712" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.cpp.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wnoexccept.1462971991" name="Noexcept false but never throw exception (-Wnoexcept)" superClass="gnu.cpp.compiler.option.warnings.wnoexccept" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woldstylecast.350890521" name="C-style cast used (-Wold-style-cast)" superClass="gnu.cpp.compiler.option.warnings.woldstylecast" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.woverloadedvirtual.1682534740" name="Function hides virtual functions from base class (-Woverloaded-virtual)" superClass="gnu.cpp.compiler.option.warnings.woverloadedvirtual" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wredundantdecl.2017541834" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.cpp.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wshadow.514941421" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.cpp.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignconv.292142194" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.cpp.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wsignpromo.1608314467" name="Overload resolution promotes unsigned to signed type (-Wsign-promo)" superClass="gnu.cpp.compiler.option.warnings.wsignpromo" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wstrictnullsent.787652795" name="Use of an uncasted NULL as sentinel (-Wstrict-null-sentinel)" superClass="gnu.cpp.compiler.option.warnings.wstrictnullsent" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wswitchdef.88894600" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.cpp.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.wundef.1575666030" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.cpp.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.cpp.compiler.option.warnings.weffcpp.1570602172" name="Effective C++ guidelines (-Weffc++)" superClass="gnu.cpp.compiler.option.warnings.weffcpp" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.nostdinc.579712622" name="Do not search system directories (-nostdinc)" superClass="gnu.c.compiler.option.preprocessor.nostdinc" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.preprocessor.preprocess.117420900" name="Preprocess only (-E)" superClass="gnu.c.compiler.option.preprocessor.preprocess" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.debugging.sanitthread.1457837392" name="Sanitize data race in multi-thread (-fsanitize=thread)" superClass="gnu.c.compiler.option.debugging.sanitthread" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastalign.1953802639" name="Pointer cast with different alignment (-Wcast-align)" superClass="gnu.c.compiler.option.warnings.wcastalign" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wcastqual.1102103551" name="Removing type qualifier from cast target type (-Wcast-qual)" superClass="gnu.c.compiler.option.warnings.wcastqual" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wdisabledopt.344469284" name="Requested optimization pass is disabled (-Wdisabled-optimization)" superClass="gnu.c.compiler.option.warnings.wdisabledopt" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wlogicalop.1914173449" name="Suspicious uses of logical operators (-Wlogical-op)" superClass="gnu.c.compiler.option.warnings.wlogicalop" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingdecl.249738473" name="Global function without previous declaration (-Wmissing-declarations)" superClass="gnu.c.compiler.option.warnings.wmissingdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wmissingincdir.866563367" name="User-supplied include directory does not exist (-Wmissing-include-dirs)" superClass="gnu.c.compiler.option.warnings.wmissingincdir" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wredundantdecl.250452036" name="More than one declaration in the same scope (-Wredundant-decls)" superClass="gnu.c.compiler.option.warnings.wredundantdecl" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wshadow.146012654" name="Local symbol shadows upper scope symbol (-Wshadow)" superClass="gnu.c.compiler.option.warnings.wshadow" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wsignconv.1923074130" name="Implicit conversions that may change the sign (-Wsign-conversion)" superClass="gnu.c.compiler.option.warnings.wsignconv" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wswitchdef.81329178" name="A switch statement does not have a default case (-Wswitch-default)" superClass="gnu.c.compiler.option.warnings.wswitchdef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wundef.1725600097" name="An undefined identifier is evaluated in an #if directive (-Wundef)" superClass="gnu.c.compiler.option.warnings.wundef" useByScannerDiscovery="false"/>
<option id="gnu.c.compiler.option.warnings.wwritestrings.2074558097" name="Treat strings always as const (-Wwrite-strings)" superClass="gnu.c.compiler.option.warnings.wwritestrings" useByScannerDiscovery="false"/>
<option id="com.crt.advproject.link.cpp.crpenable.1725851883" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.cpp.crpenable"/>
<option id="com.crt.advproject.link.cpp.flashconfigenable.1448847636" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.cpp.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.cpp.multicore.empty.1113293229" name="No Multicore options for this project" superClass="com.crt.advproject.link.cpp.multicore.empty"/>
<option id="com.crt.advproject.link.crpenable.25663194" name="Enable automatic placement of Code Read Protection field in image" superClass="com.crt.advproject.link.crpenable"/>
<option id="com.crt.advproject.link.flashconfigenable.836250930" name="Enable automatic placement of Flash Configuration field in image" superClass="com.crt.advproject.link.flashconfigenable" value="true" valueType="boolean"/>
<option id="com.crt.advproject.link.gcc.multicore.empty.1040352495" name="No Multicore options for this project" superClass="com.crt.advproject.link.gcc.multicore.empty"/>
<option id="com.crt.advproject.miscellaneous.end_of_heap.872599437" name="Last used address of the heap" superClass="com.crt.advproject.miscellaneous.end_of_heap"/>
<option id="com.crt.advproject.miscellaneous.pvHeapStart.1704955883" name="First address of the heap" superClass="com.crt.advproject.miscellaneous.pvHeapStart"/>
<option id="com.crt.advproject.miscellaneous.pvHeapLimit.1092056183" name="Maximum extent of heap" superClass="com.crt.advproject.miscellaneous.pvHeapLimit"/>
<option id="com.crt.advproject.debugger.security.nonsecureimageenable.1231705536" name="Enable pre-programming of Non-Secure Image" superClass="com.crt.advproject.debugger.security.nonsecureimageenable"/>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
