Found with the configuration running the unit test through valgrind.
% ./configure CFLAGS=-DNO_WOLFSSL_CIPHER_SUITE_TEST \
--enable-all --disable-fastmath --enable-debug --disable-shared
1. ssl.c: In wolfSSL_DSA_generate_key(), we initialize (and allocate)
all the parameters in the key (p, q, g, x, y), and then we generate a
key, initializes (and allocates) x and y, again. mp_clear them
first.
2. evp.c: When printing public keys, the temporary mp_int wasn't getting
correctly freed.
3. evp.c: When printing public keys, modified the utility functions to
return once with a do-while-0 loop.
A sizeof wasn't dereferencing a pointer using the sizeof the pointer and
not the actual struct. This is limited to setting the key for an AES
operation only when using SILABS SE2 acceleration.
pskNegotiated field added to indicate Session Ticket or PSK negotiated.
peerAuthGood field added to indicate that any require peer
authentication (certificate, if required, or PSK) have been performed.
in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);
in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);
in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
Cortex builds needed # before number. Arm32 works with or without.
Thumb div_word needed to shift up if divisor too small (like other ARM
implementations).
Add support to ECIES for AES-256-CBC, AES-128-CTR, AES-256-CTR.
Added new API wc_ecc_ctx_set_algo() that sets the encryption, KDF and
MAC algorithms.
Cleanup formatting of ECIES code.
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.
The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.
ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
* whitespace in src/ssl.c, tests/api.c, wolfssl/openssl/fips_rand.h.
* clang-analyzer-core.StackAddressEscape from llvm-15 clang-tidy, in tests/suites.c:execute_test_case().
* bugprone-suspicious-memory-comparison from llvm-15 clang-tidy, in src/internal.c:DoSessionTicket() and src/ssl.c:wolfSSL_sk_push().
ASM code is dividing by top half of divisor. If this value is very small
then bad results are calculated.
Moved the divisor up by a quarter of the width if top quarter of divisor
is 0.
In `wolfSSL_EVP_CipherInit`, `ctx`'s `ivSz` field isn't being accounted for.
A common OpenSSL EVP AES-GCM flow looks like this:
- `EVP_CIPHER_CTX_new`
- `EVP_EncryptInit_ex`
- `EVP_CIPHER_CTX_ctrl` with command `EVP_CTRL_GCM_SET_IVLEN` to set the IV
length to 16 (AES block size) instead of the default 12
- `EVP_EncryptInit_ex` again to set the key and IV
- `EVP_EncryptUpdate` however many times
- `EVP_EncryptFinal`
In fact, we test this flow in our unit test `test_wolfssl_EVP_aes_gcm`. However,
in our implementation, the second call to `EVP_EncryptInit_ex` unconditionally
resets the IV length back to 12. This doesn't cause a test failure because
decryption has the same problem, so both sides of the equation have the same
wrong view of the IV.
The solution is to preserve the IV length in wolfSSL_EVP_CipherInit if ctx->ivSz
is non-zero. Otherwise, use the default of 12 (`GCM_NONCE_MID_SZ`).
This was discovered by a user migrating to the compatibility layer. As I
mentioned, it isn't exposed by our testing. It is exposed if you try to use the
same key and IV with OpenSSL and compare the resulting ciphertext with wolfSSL.
They won't be the same and thus won't interoperate.
At the start of this function, it attempts to find an ALPN extension in the
ssl object's extensions with `TLSX_Find`. If an ALPN select callback has been
set (i.e. via `wolfSSL_CTX_set_alpn_select_cb`), that gets called next. If that
callback finds a match, it removes all existing ALPN extensions found in the
ssl object. It then uses the new protocol name like this:
```
if (TLSX_UseALPN(&ssl->extensions, (char*)out, outLen, 0, ssl->heap)
== WOLFSSL_SUCCESS) {
if (extension == NULL) {
extension = TLSX_Find(ssl->extensions,
TLSX_APPLICATION_LAYER_PROTOCOL);
}
}
```
The bug is exposed if `extension` is not NULL, i.e. it was found on that initial
`TLSX_Find` call. `extension` is not NULL but it now points to garbage because
all the old ALPN extensions were just removed. It won't have it's value assigned
to the new extension that just got pushed via `TLSX_UseALPN` because of this
NULL check. This results in a segfault later in the function.
The solution is to remove the NULL check and always update `extension` after the
`TLSX_UseALPN` call.
This bug was discovered by a customer when using nginx + wolfSSL. I was able to
reproduce locally with curl acting as the client
Add `WOLFSSL_KEYGEN` option and override enable when `WOLFTPM` is
enabled
Also major reduction of variables for help messages. Override only
updates `VALUE`
* Fix for `EVP_CIPHER_CTX_flags`, which mapped to a missing function (broke openvpn)
* Added stack of name entries for ipsec/racoon support.
* Added `X509_STORE_CTX_set_flags` stub.
* Added PKCS7 NID types.
* Improved FIPS "SHA" logic in `test_wolfSSL_SHA`
* Added some uncommon NID type definitions.
* Expose the DH `DH_set_length` and `DH_set0_pqg` with OPENSSL_ALL
ECIES messages have a public key/point at start of the data.
It can be either uncompressed or compressed.
Adding support for decrypting and encrypting of compressed point.
Fixups from updating scripts that generate the files.
Include settings.h for ARM32 assembly.
ARM32 SHA-512 ASM has only one function, Transform_Sha512_Len(). The
implementation is dependent on defines.
sp_invmod with even modulus requires a multiplication by modulus. Don't
let modulus overflow result variable 'r'.
Fix allocation of temporary sp_ints to be correct size.
Add test for maximum modulus size in test.c.
Remove leading spaces on functions so git correctly determines which
function has changed.
Put in Thumb code for more sizes of _sp_mul_*().
subjectCN and publicKey in a DecodedCert are needed by the certificate
store in some cases. For embedded, allow them to be allocated even with
WOLFSSL_NO_MALLOC defined.
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
otherwise if profile_str_len is > strlen(gSrtpProfiles[i].name) we end up
comparing memory past gSrtpProfiles[i].name. -fsanitize=address catches this:
```
==100159==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f40d8d533b2 at pc 0x7f40d8eb014f bp 0x7f40d50fe240 sp 0x7f40d50fd9e8
READ of size 21 at 0x7f40d8d533b2 thread T107
#0 0x7f40d8eb014e in MemcmpInterceptorCommon(void*, int (*)(void const*, void const*, unsigned long), void const*, void const*, unsigned long) /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:860
#1 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:892
#2 0x7f40d8eb06e6 in __interceptor_memcmp /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:887
#3 0x7f40d8c2e830 in DtlsSrtpFindProfile src/ssl.c:1310
#4 0x7f40d8c2e9ed in DtlsSrtpSelProfiles src/ssl.c:1347
#5 0x7f40d8c2eada in wolfSSL_CTX_set_tlsext_use_srtp src/ssl.c:1359
#6 0x563bf381b4c5 in server_test examples/server/server.c:2278
#7 0x7f40d88f0258 in start_thread (/usr/lib/libpthread.so.0+0x9258)
#8 0x7f40d88195e2 in __GI___clone (/usr/lib/libc.so.6+0xfe5e2)
```
This commit adds `wolfSSL_SetTimeCb` and `wolfSSL_time`. The former allows the
user to override the function wolfSSL uses to get the current time,
`wolfSSL_time`. If set, `wolfSSL_time` uses that function. If not set,
`wolfSSL_time` uses the `XTIME` macro by default. This functionality is needed
for the port of chrony to wolfSSL. chrony is an NTP implementation that uses
GnuTLS by default. For TLS, chrony uses the time it computes in place of the
default system time function.
test.c:
1. Removed pragma disabling the warning for unused functions.
2. Fixed the guards around the function that wasn't getting removed from
the build. And matched the guards to the call of the function. The
issue is a test that fails only in a cert 3389 build using Arm
assembly single-precision public keys.
3. Fixed the guards around a couple other functions.
Fixed a lot of shadowed global values. Some were prototype and function
declaration parameter name conflicts. Some conflicted with typenames.
Some conflicted with globals in libc.
wc_PKCS7_AddDataToStream() was called the first time prior to BERtoDER
conversion, subsequent times afterwards which meant the stream idx
pointer was incorrect. This patch restarts the stream after conversion.
Fixes ZD13476
When running the test with PKCS7 enabled, there's an additional option
that will save to disk the generated PKCS7 blobs for by-hand review.
(PKCS7_OUTPUT_TEST_BUNDLES) Fixed a couple compile errors that were
missed with that option enabled.
Directive needed on Apple to indicate SHA3 extensions available.
Fixup C file as well - remove unused constants not avaiable and
prototype function that is extern elsewhere.
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
Fixup up formatting.
Fix comments.
Aarch64: don't use variable r when hi can be used.
ARM 32-bit: Add a version that uses udiv - not available on all chips
and can be slower anyway.
linuxkm: when -DWOLFCRYPT_ONLY, don't include ssl.h in module_exports.c.template and module_hooks.c, and fix gating to work right with that;
wolfssl/wolfcrypt/types.h: add support for a WOLFSSL_XFREE_NO_NULLNESS_CHECK gate (used in cppcheck analysis).
Increasing cmake version required to allow use of more recent
additions in the future.
Reported issue is that Homebrew use different compiler than AppleClang
(from XCode). Correctly test for AppleClang to set xcode specific `ar`
and `ranlib` flags. It may also be appropraite to use for ANDROID as
well see
7d057b2738 (diff-6f7a068f87ca22bd0105fef2143b0960e4993854863fd20c9416c677ee33a737R61-R67)
* Flow control failed on wrap around when there is going to be no more
flow control packets.
* If ISOTP_Send is provided more than 4095 bytes, limit it to 4095 bytes
as wolfSSL will retry with the rest.
* Set the default receive size to the max ISO-TP data size.
* A few other cleanups.
ISO-TP is a commonly used simple transport layer for CAN bus which
allows larger than the 1-8 bytes payload than the CAN bus protocol
allows.
This implements our own ISO-TP transport layer for wolfSSL when compiled
with `WOLFSSL_ISOTP`.
Replace instances of SSL_OP_NO_COMPRESSION with WOLFSSL_OP_NO_COMPRESSION in
ssl.c. Only define SSL_OP_NO_COMPRESSION when using the compatibility layer.
Before these changes, wolfEngine builds were failing due to
SSL_OP_NO_COMPRESSION being defined in both wolfSSL and OpenSSL headers.
When `OPENSSL_COMPATIBLE_DEFAULTS` is defined then `SSL_MODE_AUTO_RETRY` is set on context creation. For this test we need to clear this mode so that the `WOLFSSL_CBIO_ERR_WANT_READ` can propagate up to the user.
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
Currently, the `ParseCert` function is only available if `WOLFSSL_ASN_API` is
defined to `WOLFSSL_API`. The only way to achieve this without enabling the
compatibility layer is to define `WOLFSSL_TEST_CERT`. There are users defining
this so that they can parse certs with wolfCrypt, even though this doesn't seem
to be the original intent of the define. This commit adds the function
`wc_ParseCert` to the public wolfCrypt API. It's simply a wrapper around
`ParseCert`. Similarly, this commit adds `wc_InitDecodedCert` and
`wc_FreeDecodedCert` to the public API, which are wrappers around
`InitDecodedCert` and `FreeDecodedCert`, respectively.
- Tested with a different SIM:
- 16bit IDs
- Directly retrieving public key from keygen function
- larger response buffers (up to 256 bytes in ReadFile)
- Fixed hardcoded length in ID buffers
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
* Adds new build option `WOLFSSL_CUSTOM_OID` for supplying a custom OID in a CSR
* Fixes in ASN template CSR generation.
* Fix to allow calling `wc_Ed25519PublicKeyToDer` and `wc_Ed448PublicKeyToDer` with NULL output buffer to get length only.
* Refactor of the certificate subject name encoding.
* Refactor of the OID's to consolidate.
* Improvements to the Domain Component API unit test.
ZD 12943
- implement `wolfSSL_PEM_X509_INFO_read`
- `wolfSSL_EVP_CipherUpdate` no-ops on `NULL` input
- add md4 support to `wolfSSL_EVP_MD_block_size` and `wolfSSL_EVP_MD_size`
WOLFSSL_PUBLIC_MP and disable algorithms didn't work because of api.c.
- mp_cond_copy not available unless ECC compiled in
- wc_export_int not available unless ECC compiled in
Enabling only DH and using SP with SP Math didn't work as the DH
parameters were too small.
sp_cmp is needed when only DH.
mp_set_int is was not available in SP math when RSA is not defined.
mp_set is close enough for the use cases.
Configure with SP and SP math but not RSA, DH and ECC didn't configure -
now default to small maths.
When DIGIT_BIT is less than SIZEOF_LONG * CHAR_BIT, ASN1_INTEGER_get() can
return invalid value. For example, with trailing program, ASN1_INTEGER_get()
unexpectedly returns -268435449 (0xf0000007) on i386.
On the i386 platform (DIGIT_BIT=28), the input value 0x7fffffff is separated
into 0xfffffff and 0x7 and stored in the dp array of mp_int. Previously,
wolfSSL_BN_get_word_1() returned 0xfffffff shifted by 28 bits plus 0x7, so this
patch fixed it to return 0xfffffff plus 0x7 shifted by 28 bits.
int main(void)
{
ASN1_INTEGER *a;
long val;
int ret;
a = ASN1_INTEGER_new();
val = 0x7fffffff;
ret = ASN1_INTEGER_set(a, val);
if (ret != 1) {
printf("ret=%d\n", ret);
}
if (ASN1_INTEGER_get(a) != val) {
printf("ASN1_INTEGER_get=%ld\n", ASN1_INTEGER_get(a));
}
ASN1_INTEGER_free(a);
return 0;
}
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
./configure --with-liboqs --enable-all --disable-psk --enable-intelasm --enable-aesni --enable-sp-math-all --enable-sp-asm CFLAGS="-O3"
Yeilds the following erorr:
src/internal.c: In function ‘DoServerKeyExchange’:
src/internal.c:24487:28: error: ‘sigAlgo’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
24487 | if (sigAlgo == ed448_sa_algo &&
| ^
This fixes it.
If NULL is passed as the digest argument of wc_DsaSign(), mp_clear() will be
called before mp_init() is called. This can cause segmentation fault.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
test_wc_DsaSignVerify() passes the tests but causes an error.
free(): invalid pointer
If NULL is passed as the digest argument of wc_DsaVerify(), mp_clear() will be
called before mp_init() is called. On qemu-i386, the dp field of the mp_int
structure is non-null by default, which causes a segmentation fault when calling
mp_clear(). However, if WOLFSSL_SMALL_STACK is enabled, this problem does not
occur.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Make `wc_PRF` return an error if it doesn't find a corresponding hash for the
passed in hash type. Currently, if `wc_PRF_TLS` is called with `NO_OLD_TLS`
defined, it will do nothing but still return success. Make it return an error
instead. These problems were uncovered when running the wolfEngine unit tests
with wolfSSL 5.0.0 FIPS Ready, which defines `NO_MD5` and `NO_OLD_TLS`.
Use the same logic for any type of name constraint.
It could be even cleaner if there were a altNamesByType[],
permittedNamesByType[] and excludedNamesByType[] in cert.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
HexCharToByte must be cast to a signed char as a char is unsigned on
some platforms.
Redefine the __asm__ and __volatile__ for ICC and KEIL in sp_int.c
mp_test: don't use large bit lengths if unsupported.
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;
add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;
add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);
add ssh, rc2 and srp to all-crypto;
reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;
add support for EXTRA_CFLAGS on the make command line;
in FIPS builds, exclude pkcallbacks from --enable-all;
linuxkm: move test.o out of PIE container (uses function pointers as operands).
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
1. When the seed callback is enabled, allow wc_GenerateSeed() to be used
as a default callback.
2. Modify all the tests and examples to use the default seed callback if
the seed callback is enabled.
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
for older FIPS builds only.
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
EccMakeKey().
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
version in the code, but that leaves DES3 out of the build. The code
was still including the header. Force DES3 disabled in FIPS Ready
builds.
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
Fix warnings in the usage of MMCAU_SHA256 routines, where digest is
expected to be `uint32_t*`, but is defined as `word32*`, which results
in:
```
expected 'uint32_t *' {aka 'long unsigned int *'} but argument is of
type 'word32 *' {aka 'unsigned int *'}
```
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fix comment mentioning the use of `ForceZero` besides `fp_clear`, which
uses `XMEMSET`, and puts it above `fp_forcezero` where it should belong.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
The Kinetis port implementation currently only supports SECP random
curves. This commit expands it to also support the accepted SECP
koblitz curves, based on user settings. The implementation also makes
it easy to add Brainpool curves.
Signed-off-by: Fabio Utzig <utzig@apache.org>
* Add syntax highlighting where appropriate
* Fix some markdown compliance issues
* Add some links for things
* Add some inline code quoting
* Fix some headings
* Fix copyright date in doxygen html output
* Not all STM32 RTCs support subseconds in the time struct, so this is
now ifdef'd using the only obvious define which exists when subseconds
exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.
* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.
* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.
* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.
* Fix to use proper devId in `ProcessBufferTryDecode`.
* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.
* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.
* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
* Reordered things so that the installation of the Cube Pack comes
before the Cube Pack usage.
* Added another way to find the pack installation menu (because I'm
blind to the box on the screen apparently).
* Two extra steps in the Cube Pack Usage that were missing (6 & 8)
* Added syntax highlighting to the markdown.
1. Remove mcast and jni from enable-all.
2. Add comment to DTLS section.
Testing `./configure --enable-all --disable-dtls` would leave DTLS still
enabled. enable-all was also enabling mcast, which it doesn't need to
do, that would force DTLS back on. JNI also forces DTLS on. The other
language wrappers are not included in enable-all, so leave JNI out.
Improve the generated instructions for multiplying 32 bits by 32 bits
and squaring 32 bits with 64 bit results.
Minimize loads in montgomery reduction, mul and sqr.
Pull conditional subtract into montgomery reduction assembly code.
Added unrolled square and multiply
Define WOLFSSL_SP_LARGE_CODE to use the unrolled versions.
* make ASN1_OBJECT arg const in OBJ_obj2txt
* add ERR_LIB values to openssl/ssl.h
* add missing alert type definitions in openssl/ssl.h
* add definition for X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, no support
* define value for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
* use correct CRYPTO_THREADID arg type for wolfSSL_THREADID_set_callback callback
* add handshake type defines for compat layer message callback types
* define ASN1_R_HEADER_TOO_LONG for compatibility builds
* use correct return type for wolfSSL_THREADID_set_callback, remove Qt code no longer needed
* add DIST_POINT compatibility functions
* switch X509_LU_* from enum to define, prevent compiler type warnings
* refactoring, adding in comments, and formating
* refactoring and a memory leak fix
* cast return value for g++ warning
* refactor wolfSSL_sk_DIST_POINT_pop_free and remove NULL assign after free
* fix get next DIST_POINT node for free function
Co-authored-by: Jacob Barthelmeh <jacob@wolfssl.com>
Also, fixes for the things they caught such as:
- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
because its already been done.
- Support longer curve/group names.
Prior to this commit, we only allowed CMake options to be specified according to
a finite set of values. For example if an option "WOLFSSL_FEATURE" was permitted
to take only the values "yes" and "no" and a user ran
`cmake -DWOLFSSL_FEATURE=ON`, that would fail because ON isn't in `[yes, no]`.
However, this behavior runs counter to CMake's way of evaluating boolean values,
which permits a variety of values that evaluate to true/false (see
https://cmake.org/cmake/help/latest/command/if.html#basic-expressions). This
commit will allow the user to specify any value for a build option. If it's not
in the predefined set of values, we use CMake's "if" logic to reduce the value
to yes or no.
* Remove NTRU and OQS
* Keep the DTLS serialization format backwards compatible.
* Remove n from mygetopt_long() call.
* Fix over-zealous deletion.
* Resolve problems found by @SparkiDev
smallstack refactors for wolfcrypt/src/rsa.c:wc_CheckProbablePrime_ex() and wolfcrypt/src/pwdbased.c:wc_PKCS12_PBKDF_ex();
add WARN_UNUSED_RESULT macro to types.h;
text format cleanup;
fix internal.c:LowResTimer() implementation.
refactor tls13.c:TimeNowInMilliseconds() for kernel 4.9 and 3.16 compat.
use ktime_get_coarse_real_ts64() only for kernel 5.x+. in kernel 4.x, use its older form, current_kernel_time64(), and in 3.x, use getnstimeofday().
linuxkm/module_hooks.c: fix wolfssl_init() pie code to be compatible with kernel 4.4-;
fix allocate_wolfcrypt_irq_fpu_states() return codes to all be wolfcrypt codes, and in calling code, pass up that code (suggested by dgarske peer review).
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;
wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);
configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;
configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;
tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;
tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);
wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;
wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;
src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
add build-time support for module signing using native Linux facility;
add support for alternative licenses using WOLFSSL_LICENSE macro;
improve load-time kernel log messages;
add support for sp-math-all asm/AVX2 acceleration;
add error-checking and return in SAVE_VECTOR_REGISTERS();
implement support for x86 accelerated crypto from interrupt handlers, gated on WOLFSSL_LINUXKM_SIMD_X86_IRQ_ALLOWED:
* wolfcrypt_irq_fpu_states
* am_in_hard_interrupt_handler()
* allocate_wolfcrypt_irq_fpu_states()
* free_wolfcrypt_irq_fpu_states()
* save_vector_registers_x86()
* restore_vector_registers_x86()
add WOLFSSL_LINUXKM_SIMD, WOLFSSL_LINUXKM_SIMD_X86, and WOLFSSL_LINUXKM_SIMD_ARM macros for more readable gating.
* `wolfSSL_PEM_write_bio_PUBKEY` needs to write only the public part
The `wolfSSL_PEM_write_bio_PUBKEY` output can't contain the private portion of the key. This output could be used to distribute the public key and if it contains the private part then it gets leaked to others.
* Add heap hint to `wolfSSL_RSA_To_Der`
* Correct function name in logs
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
configure --disable-shared --enable-opensslextra --enable-dsa
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
--enable-ocsp --enable-all --enable-asn=template
GetCertName() sets raw in ASN template code too.
GetBasicDate() not needed for template ASN.
SetAsymKeyDer() ASN template version now returns 0 when output is NULL
too.
./configure '--disable-shared' '--enable-curve25519' '--enable-ed25519'
'--disable-rsa' '--disable-ecc'
SetBitString() is needed now.
Close the file before return in wolfSSL_save_session_cache() and
wolfSSL_restore_session_cache().
On any failure, return `WOLFSSL_FAILURE`
If there was a failure and a successful processing of certs from the
same directory, the return value depended on the last cert processed
which not guarenteed to be the same order. If the last cert load
failed, it would return the specific wolfSSL error code. If it
succeeded, then WOLFSSL_FAILURE would be returned as a generic failure
due to a previous cert error.
When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.
Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().
Test TLSv1.3 with www.google.com if wolfSSL supports it.
CMAC: cannot cast size_t* to word32* when big-endian.
SP math all: Random prime - munge bits before moving them around for
big-endian.
BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
fp_submod_ct and fp_addmod_ct need modulus (c) words plus one.
Check that the modulus length is valid for fixed data array size.
Improved fp_submod_ct to only use as many words as necessary.
Added comments to fp_submod_ct and fp_addmod_ct.
* Fix for sniffer to better handle spurious retransmission edge case. ZD 12852
* Fix for sniffer to not send alerts during application data processing.
* Fix for missing semi-colon on XFREE.
* Fix for `bench_stats_print` with stack variable name used in `bench_ecc`. Improve benchmark thread cleanup, CPU count calcuation and stat blocking logic.
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
For example, if a user does
```
cmake -DCMAKE_C_FLAGS="-DWOLFSSL_AESGCM_STREAM -DFP_MAX_BITS=16384" ..
```
definitions for `WOLFSSL_AESGCM_STREAM` and `FP_MAX_BITS 16384` should wind up
in options.h (same as the autotools build).
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
* copy missing files from wolfssl/wolfcrypt/benchmark
* instead of GitHub copy, update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* update setup to perform the copy of ESP-IDF benchmark files; add --verbose option
* copy benchmark.c / benchmark.h at setup time
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
wolfSSL_Rehandshake(): don't set 'ret' unless HAVE_SESSION_TICKET
defined (otherwise compiler will complain: warning: Value stored to
'ret' is never read)
AES GCM streaming: fix 64-bit word version to compile and pass testing
Use '--enable-aesgcm=word' to get the word32 or word64 implementation
depending on the availabilty of 64-bit type.
- `EVP_PKEY_assign_RSA` should store the private key in DER format, not the
public key.
- The last call to `infoCb` in `wolfSSL_BIO_write` should provide the length of
the data to write.
- We should be able to parse RSA public keys starting with BEGIN RSA PUBLIC KEY
and ending with END RSA PUBLIC KEY.
Prototype is required when internal.h is not included and GetCA is not
defined.
wolfSSL_EVP_CIPHER_CTX_set_iv_length() is called with CBC cipher in
api.c. Function is not specificly for GCM, though not strictly needed
for CBC.
TFM:
Use register or memory for c0, c1, c2 in SQRADD and SQRADD2.
SP:
Use register or memory for vl, vh, vo in SP_ASM_MUL_ADD,
SP_ASM_MUL_ADD2 and SP_ASM_SQR_ADD.
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
- Remove FP_MAX_BITS and RSA_MAX_BITS definitions from rsyslog config. A user
configuring wolfSSL for rsyslog support should set them as they see fit (i.e.
based on the key sizes they need to support).
- After testing with wolfSSL FIPS, I discovered that some functions were missing
from the compatibility layer that rsyslog needs. Notably wolfSSL_DH_generate_key
and wolfSSL_DH_set0_pqg. These were gated out of compilation based on HAVE_FIPS.
However, they only need to be compiled out if WOLFSSL_DH_EXTRA is defined. This
is because these functions call SetDhInternal, which calls wc_DhImportKeyPair
if WOLFSSL_DH_EXTRA is defined. wc_DhImportKeyPair isn't available in the FIPS
module's dh.c. So, these functions can exist in the FIPS build provided
WOLFSSL_DH_EXTRA isn't defined. This commit accounts for this scenario.
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
accordance with OpenSSL documentation. Without this change, rsyslog was
failing to do the bidirectional shutdown properly because it was checking the
shutdown return value against 0. I'm keeping the old value when
`WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
wolfssl interface (it's in ssl.h).
- Handle case where output buffer is NULL. In this case, passed in output buffer
length pointer should be given the maximum output buffer size needed.
- Add better debug messages.
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list
# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
- Missing conversion from char to unsigned char caused any IP
address with a byte > 127 to be wrong
- IPv6 address was converted to wrong format XX:YY:...
(which also caused a buffer overrun)
- Anything that is not an IPv4 or IPv6 address should be ignored
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
When RsaKey is shared and RsaPublicEncryptEx is called simultaneously by multiple threads, the key->state may be incorrectly set in some threads. This side-steps the state logic when building for bind9.
Faster small code and fast code.
Allow fixed 4096-bit FFDHE parameters in benchmark.
Convert [u]int[32|64|128]*_t types to sp_[u]int[32|64|128].
Add a div for when top bits are all 1
WOLFSSL_SP_FAST_LARGE_CODE added to make mul_add function faster on
non-embedded platforms.
Change mod_exp window sizes for same performance but less memory.
P256 with c32 now 9 words instead of 10.
1. Configuration: If not fast math then don't set ALT_ECC_SIZE when
configuring.
2. ECC KeyShare: Key share entry's key was allocated with type
DYNAMIC_TYPE_PRIVATE_KEY, free with same type.
3. Ed25519: free the SHA-512 temporary object. WOLFSSL_SMALL_STACK_CACHE
builds have dynamicaly allocated data.
4. RSA: Don't keep allocating a new hash object in RsaMGF1 when compiled
with WOLFSSL_SMALL_STACK_CACHE.
* Fixes for handling PKCS8 in keys with EVP PKEY. Resolves QT test issues. Replacement to PR #3925.
* Improved code handling for PKCS 8 headers. Change PemToDer to not strip the PKCS8 header.
* Add support in the ECC/RSA/DH key import code to support detection / handling of the PKCS8 header.
* Fix for `wc_RsaKeyToDer` to be exposed with `OPENSSL_EXTRA`.
* Adds EVP PKCS8 test case for RSA and ECC.
* Refactor `test_wolfSSL_OPENSSL_hexstr2buf` to resolve g++ compiler warning.
* Added new `WOLFSSL_TRAP_MALLOC_SZ` build option to trap mallocs that are over a specified size.
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
Allow post-handshake peeking for handshaking messages to be disabled.
Not all customers want to handle this.
Clear WOLFSSL_ERROR_WANT_READ error on entry to ReceiveData which was
set when peeking found handshake message.
The macros setting up the timeout for the select used to timeout just
multiplied the ms by 1000 to make us. The BSD select used on macOS
doesn't like the us to be greater than 999999. Modified to carry the
excess us over into the seconds.
On a renegotiation the serverDH_Pub buffer may be too short. The previous DhGenKeyPair call may have generated a key that has a shorter binary representation (usually by one byte). Calling DhGenKeyPair with this shorter buffer results in a WC_KEY_SIZE_E error.
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
- `STACK_TYPE_X509_OBJ`
- `OCSP_id_cmp`
- `X509_STORE_get0_objects`
- `X509V3_EXT_nconf_nid`
- `X509V3_EXT_nconf`
- `X509_chain_up_ref`
- `X509_NAME_hash`
- `sk_X509_NAME_new_null`
- `X509_OBJECT_get0_X509`
- `X509_OBJECT_get0_X509_CRL`
- `ASN1_OCTET_STRING_free`
- `X509_LOOKUP_TYPE`
- `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
- WOLFSSL_CTX
- Enable all compiled in protocols
- Allow anonymous ciphers
- Set message grouping
- Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
- Return first that occured
- Set correct value on date error
- Set revoked error on OCSP or CRL error
- Save value in session and restore on resumption
- Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
Ensure first digit is 0 when zeroing a number.
Check size of output in _sp_mul_d() - only place to be sure of overflow.
Modify callers of _sp_mul_d() to check return.
Fix position of sp_1024_norm_18 now that div requires it:
./configure --disable-shared --enable-sakke --disable-eccsi
--enable-sp
Fix missing '{' in sp_mulmod_table_1024:
./configure --disable-shared --enable-sakke --enable-eccsi
--enable-smallstack --enable-sp
- Add doxygen documentation for wc_GetPkcs8TraditionalOffset, wc_CreatePKCS8Key,
wc_EncryptPKCS8Key, and wc_DecryptPKCS8Key.
- Add a new API function, wc_CreateEncryptedPKCS8Key, which handles both
creation of an unencrypted PKCS#8 key and the subsequent encrypting of said key.
This is a wrapper around TraditionalEnc, which does the same thing. This may
become a first-class function at some point (i.e. not a wrapper). TraditionalEnc
is left as is since it is used in the wild.
- Added a unit test which exercises wc_CreateEncryptedPKCS8Key and
wc_DecryptPKCS8Key. Testing wc_CreateEncryptedPKCS8Key inherently also tests
TraditionalEnc, wc_CreatePKCS8Key, and wc_EncryptPKCS8Key.
- Modified wc_EncryptPKCS8Key to be able to return the required output buffer
size via LENGTH_ONLY_E idiom.
- Added parameter checking to wc_EncryptPKCS8Key and wc_DecryptPKCS8Key.
This the second pass at this after seeing how fips is added to tree in later phases.
This allow autoreconf to be directly called which allows the Makefile to rebuild when seeing that changes have been ( having an autogen.sh is older convention which left to history in the way autotools are invoked )
This fixes "make distcheck" and "make maintainer-clean" which are required by most distributions packaging systems.
The files previously touched by autogen.sh are now properly placed into autoconf.
The include files files are generated by configure. ( There is a note placed in configure.ac as to why and reference to the automake documention for this ). Append to file was done on purpose, touch cannot be in configure safetly. Normally autoheader would be used for this but since the include files are created out of tree, care has to be taken to not overwrite those file.
For the source files, they were moved into the coresponding automake file. It is safe to use touch in automake. Since files can optionally copied from elsewhere, they have to be listed in BUILT_SOURCES. They are written srcdir in order to allow make to do VPATH builds ( which is configure by make distcheck ).
To show fips files are preserved without having the actual fips files, a C style comment can be echoed into the files.
There are a few current, but outstanding issues.
1) config.h needs to be fixed configure.ac to use autoheader in order to allow configure to know to rebuilt depencies on its changes. ( Out of scope for this patch. )
2) verion.h checked into the tree and it is a built file. A make maintainer-clean followed by "git status --ignored" will confirm this. ( Out of scope for this patch )
3) autogen.sh has not been updated to reflect fixes. I believe that for this patch, it should be left alone and checked for regression in Jenkins by itself.
4) There is an out of date .spec file for building RPM which should be updated now that distcheck is working.
5) maintainer-clean should have rule added to remove build-aux testdriver.
This has been tested on current Ubuntu testing, OSX, Fedora 34, and Debian 10.
Additionaly "make distcheck" should be added to regression testing, along with "make maintainer-check".
Other improvement possibilities:
A possible future improvement is to let autoconf handle build with optional out of dist files.
Modify fips configure.ac check to allow for an injection of comments into blank fips files in order to prove distribution of fips/non-fips builds.
Update git rules to use 'make maintainer-clean', 'autoreconf -if', 'make distcheck'.
Moving the `dtls_expected_peer_handshake_number` value along has been moved to one location. It has also been changed to not keep state before a cookie exchange has been completed.
* Added async support to `SendTls13ClientHello`, `DoTls13ServerHello` and `DoTls13ClientHello`.
* Cleanup of the example client/server use key share code.
* Fix some scan-build warnings.
ZD 12065
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
See RFC 8446: 4.2.11
With TLS 1.3 PSK callback, If the returned cipher suite isn't available,
use the hash from the cipher suite and choose from available list.
Require exact match when: WOLFSSL_TLS13_PSK_NO_MATCH_HASH
Alternative callback for client added that is passed a cipher suite
string. Called for each cipher suite that is to be negotiated.
If cipher suite to be used with PSK then return client identity.
Returning an identity based on cipher suite hash will result in
only one PSK extension being added per hash.
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2.
* Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`).
* Add Curve448 and ED448 key type to `enum wc_PkType`.
* Expand `dh_ffdhe_test` to include 4096 bit.
This resolves an error:
`ISO C forbids conversion of object pointer to function pointer type`
Instead of casting the function pointer, the extra
member contains the function pointer.
When the same table is used for both base point and public point (which
is not a valid thing to do) then a corner case occurs when the table
point can be added to the same point. This has to be a double operation
instead.
The table point isn't able to be doubled as it has a z-ordinate of 0 and
the original point is overwritten with the invalid add result.
Fix this case by:
- copying the table point into the result,
- setting z-ordinate to Montgomery form of 1,
- double the result point in place.
Small curves that are not commonly used do not work with scalars that
are the length of the order when the order is longer than the prime.
The table is generated based on modulus length not order length.
Simple fix is to not allow these curves to be used with FP_ECC.
Order isn't passed into the pseudo-public APIs.
PKCS#8-formatted key.
There's already a function wc_CreatePKCS8Key, but this only creates the
unencrypted PKCS#8 key. TraditionalEnc exists, which takes a non-PKCS#8 key,
converts it to PKCS#8 format, and encrypts it, but this function isn't in the
public-facing API. I've modified TraditionalEnc to use wc_EncryptPKCS8Key after
wc_CreatePKCS8Key. wc_EncryptPKCS8Key is essentially the encryption portion of
TraditionalEnc moved out into its own function. wc_EncryptPKCS8Key will be in
the API going forward so that users can do PKCS#8 encryption without relying on
the non-API TraditionalEnc. Next, I'll be adding a corresponding
wc_DecryptPKCS8Key to handle decryption.
mp_read_signed_bin, mp_signed_bin_size, mp_to_signed_bin - not
implemented anywhere. (Removed fp versions that were commented out too.)
mp_read_raw, mp_raw_size, mp_toraw - map to unimplemented mp_*_signed_*
APIs.
On switching over revision that added server target specific CFLAGS,
could receive: `error: #warning "For timing resistance / side-channel
attack prevention consider using harden options"`
- `SSL_CTX_set_min_proto_version` now allows setting not compiled in protocols but checks that the constraints leave any compiled in protocol available
- wolfSSL_HmacCopy return already returns `WOLFSSL_SUCCESS` or `WOLFSSL_FAILURE`
Unlike the autotools build, I've chosen NOT to make the build un-deterministic
if WOLFSSL_REPRODUCIBLE_BUILD is set to no (the default). Instead, I just use
whatever CMake's default is. On my system, ar and ranlib run in deterministic
mode by default, and the CMake defaults for the relevant ar and ranlib variables
are:
CMAKE_C_ARCHIVE_CREATE = <CMAKE_AR> qc <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_APPEND = <CMAKE_AR> q <TARGET> <LINK_FLAGS> <OBJECTS>
CMAKE_C_ARCHIVE_FINISH = <CMAKE_RANLIB> <TARGET>
So my builds are automatically deterministic. This is normal on my system so I
wouldn't want to make them not deterministic by default, hence the decision.
I validated with md5sum on libwolfssl.a that explicitly making the build not
deterministic indeed results in different checksums across multiple runs. The
checksums are the same when flipping back to deterministic mode.
This test broke once we went past the nextUpdate time in the static, raw OCSP
response being used. This change makes it so that response is valid until 2048.
For byte order reverse and rotation we have builtins
in the CC-RX compiler.
Especially when rotating registers with fixed amounts
this can be compiled efficiently into opcodes with
embedded values for shift (without needing other registers).
This is a better default for most users. Most users who make use of DTLS, allow messages from "too far into the future". It makes sense that DTLS may lose connection for a period of time and will lose all messages from this period. Losing connection effectively stalls the wolfSSL DTLS connection.
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
- wolfSSL_GetMaxRecordSize will now take additional cipher data into account
- The set MTU size is understood as the maximum size of a DTLS record. The WOLFSSL_MAX_MTU was adjusted to account for UDP/IP headers.
Tested with `./configure --enable-cryptonly --disable-examples --disable-rsa --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DBENCH_EMBEDDED" && make check`.
All ECC operations can work now with WOLFSSL_NO_MALLOC and variables will be on stack.
ZD 11829
* Fix for SNI callback on server to make sure the SNI data is stored even without setting a hostname. This makes sure the SNI extension is set when there is a registered SNI recv callback.
* Fix for Apache HTTPD to include `WOLFSSL_ALWAYS_KEEP_SNI`
Directory support allows CRL use with undefining `NO_WOLFSSL_DIR`
Also increase stack size to avoid page fault and add
`_USE_64BIT_TIME_T` to example project to pass ASN test
The current SHAKE256 implementation squeezes output bytes only up
to the rate limit of 136 bytes. This has been fixed to support
the output of an unlimited amount of bytes complying with the
NIST FIPS 202 standard.
- Modify reference data in test_wolfSSL_EVP_PKEY_print_public
- Remove test_wc_EccPublicKeyDecode_ex
- Rewrite test_wc_DhPublicKeyDecode to have Assert
For small code and not small stack, arrays are being defined with a size
dependent on the input parameters, where compiler supports it.
Disable this with: WOLFSSL_SP_NO_DYN_STACK
modinv AVX2: do quick norm on result twice and convert 32-bit signed to
64-bit signed before adding
P-256 mont_add, mont_dbl, mont_tpl, mont_sub x64: handle mul/sqr result
being greater than modulus but not greater than 1<<256.
sp_int.c:
- sp_addmod_ct(), sp_submod_ct(), sp_gcd() and sp_lcm() only support
positive numbers: updated comments.
- sp_mod(0, neg): fix to not add 0 and neg.
- sp_div(): set sign on rem when a is greater than d but same bit length
and fix sign setting on result when absolute values equal or
close.
- Modular exponentation functions: compare absolute values when
determining whether base needs to be reduced.
- Fix calculation of hex string when negative: add -ve nibble before
checking for need of extra 0.
- Fix size allocation in sp_mod when WOLFSSL_SP_INT_NEGATIVE defined
tfm.c:
- fp_mod(0, neg): fix to not add 0 and neg.
- fp_isone(): fixed to check for negative
- fp_add_d(): fix small stack version to support negative numbers
integer.c:
- mp_isone(): fixed to check for negative
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
- Use wolfSSL_d2i_X509. wolfSSL_CertManagerGetCerts duplicated a lot of work
that wolfSSL_d2i_X509 can do for us.
- This function gets the caLock from the CertManager and then calls ParseCert.
Ultimately, ParseCert calls GetCA, which attempts to acquire the same caLock.
Deadlock ensues. The solution is to get the caLock, make a copy of all the
certs, and release the lock. Then, we use the copy of the certs to build up
the stack of X509 objects. What happens if one of the certs is removed from
the CertManager between our copying and calling wolfSSL_d2i_X509? Nothing of
consequence for this use case. ParseCertRelative won't set the DecodedCert's ca
field, but we don't need that to be set here.
This commit makes all the binary CMake options (i.e. yes/no) conform to one
string convention: "yes/no." Previously, we had a mixture of yes/no and ON/OFF.
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
- OpenSSL uses an internal mechanism by default for session tickets. This is now implemented for OPENSSL_EXTRA in wolfSSL.
- Add testing of wolfSSL_CTX_set_tlsext_ticket_key_cb
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
AES-256-CTR
* Support for compressed public keys in messages.
## Math Improvements
* Improved performance of X448 and Ed448 through inlining Karatsuba in
square and multiplication operations for 128-bit implementation
(64-bit platforms with 128-bit type support).
* SP Math C implementation: fix for corner case in curve specific
implementations of Montgomery Reduction (P-256, P-384).
* SP math all: assembly snippets added for ARM Thumb. Performance
improvement on platform.
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
dependency on __udiv3.
* SP C implementation: multiplication of two signed types with overflow
is undefined in C. Now cast to unsigned type before multiplication is
performed.
* SP C implementation correctly builds when using CFLAG: -m32
## OpenSSL Compatibility Layer
* Added DH_get_2048_256 to compatibility layer.
* wolfSSLeay_version now returns the version of wolfSSL
* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows
better compatibility when building with a C++ compiler.
* Fix for OpenSSL x509_NAME_hash mismatch
* Implement FIPS_mode and FIPS_mode_set in the compat layer.
* Fix for certreq and certgen options with openssl compatibility
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
* Fix IV length bug in EVP AES-GCM code.
* Add new ASN1_INTEGER compatibility functions.
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
## CMake Updates
* Check for valid override values.
* Add `KEYGEN` option.
* Cleanup help messages.
* Add options to support wolfTPM.
## VisualStudio Updates
* Remove deprecated VS solution
* Fix VS unreachable code warning
## New Algorithms and Protocols
* AES-SIV (RFC 5297)
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new
real-time session keys
* SipHash MAC/PRF for hash tables. Includes inline assembly for
x86_64 and Aarch64.
## Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
# wolfSSL Release 5.1.1 (Jan 3rd, 2022)
Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix:
### Vulnerabilities
* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. (CVE-2022-23408)
# wolfSSL Release 5.1.0 (Dec 27, 2021)
Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* \[Low\] Potential for DoS attack on a wolfSSL client due to processing hello packets of the incorrect side. This affects only connections using TLS v1.2 or less that have also been compromised by a man in the middle attack. Thanks to James Henderson, Mathy Vanhoef, Chris M. Stone, Sam L. Thomas, Nicolas Bailleut, and Tom Chothia (University of Birmingham, KU Leuven, ENS Rennes for the report.
* \[Low\] Client side session resumption issue once the session resumption cache has been filled up. The hijacking of a session resumption has been demonstrated so far with only non verified peer connections. That is where the client is not verifying the server’s CA that it is connecting to. There is the potential though for other cases involving proxies that are verifying the server to be at risk, if using wolfSSL in a case involving proxies use wolfSSL_get1_session and then wolfSSL_SESSION_free when done where possible. If not adding in the session get/free function calls we recommend that users of wolfSSL that are resuming sessions update to the latest version (wolfSSL version 5.1.0 or later). Thanks to the UK's National Cyber Security Centre (NCSC) for the report.
### New Feature Additions
###### Ports
* Curve25519 support with NXP SE050 added
* Renesas RA6M4 support with SCE Protected Mode and FSP 3.5.0
* Renesas TSIP 1.14 support for RX65N/RX72N
###### Post Quantum
* Post quantum resistant algorithms used with Apache port
* NIST round 3 FALCON Signature Scheme support added to TLS 1.3 connections
* FALCON added to the benchmarking application
* Testing of cURL with wolfSSL post quantum resistant build
###### Compatibility Layer Additions
* Updated NGINX port to NGINX version 1.21.4
* Updated Apache port to Apache version 2.4.51
* Add support for SSL_OP_NO_TLSv1_2 flag with wolfSSL_CTX_set_options function
* Support added for the functions
- SSL_CTX_get_max_early_data
- SSL_CTX_set_max_early_data
- SSL_set_max_early_data
- SSL_get_max_early_data
- SSL_CTX_clear_mode
- SSL_CONF_cmd_value_type
- SSL_read_early_data
- SSL_write_early_data
###### Misc.
* Crypto callback support for AES-CCM added. A callback function can be registered and used instead of the default AES-CCM implementation in wolfSSL.
* Added AES-OFB to the FIPS boundary for future FIPS validations.
* Add support for custom OIDs used with CSR (certificate signing request) generation using the macro WOLFSSL_CUSTOM_OID
* Added HKDF extract callback function for use with TLS 1.3
* Add variant from RFC6979 of deterministic ECC signing that can be enabled using the macro WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
* Added the function wc_GetPubKeyDerFromCert to get the public key from a DecodedCert structure
* Added the functions wc_InitDecodedCert, wc_ParseCert and wc_FreeDecodedCert for access to decoding a certificate into a DecodedCert structure
* Added the macro WOLFSSL_ECC_NO_SMALL_STACK for hybrid builds where the numerous malloc/free with ECC is undesired but small stack use is desired throughout the rest of the library
* Added the function wc_d2i_PKCS12_fp for reading a PKCS12 file and parsing it
### Fixes
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
* Check return values on TFM library montgomery function in case the system runs out of memory. This resolves an edge case of invalid ECC signatures being created.
* SP math library sanity check on size of values passed to sp_gcd.
* SP math library sanity check on exponentiation by 0 with mod_exp
* Update base ECC mp_sqrtmod_prime function to handle an edge case of zero
* TFM math library with Intel MULX multiply fix for carry in assembly code
###### Misc.
* Fix for potential heap buffer overflow with compatibility layer PEM parsing
* Fix for edge memory leak case with an error encountered during TLS resumption
* Fix for length on inner sequence created with wc_DhKeyToDer when handling small DH keys
* Fix for sanity check on input argument to DSA sign and verify
* Fix for setting of the return value with ASN1 integer get on an i386 device
* Fix for BER to DER size checks with PKCS7 decryption
* Fix for memory leak with PrintPubKeyEC function in compatibility layer
* Edge case with deterministic ECC key generation when the private key has leading 0’s
* Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
* Use page aligned memory with ECDSA signing and KCAPI
* Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
* Fix for DTLS handling dropped or retransmitted messages
### Improvements/Optimizations
###### Build Options and Warnings
* Bugfix: could not build with liboqs and without DH enabled
* Build with macro NO_ECC_KEY_EXPORT fixed
* Fix for building with the macro HAVE_ENCRYPT_THEN_MAC when session export is enabled
* Building with wolfSentry and HAVE_EX_DATA macro set
###### Math Libraries
* Improvement for performance with SP C implementation of montgomery reduction for ECC (P256 and P384) and SP ARM64 implementation for ECC (P384)
* With SP math handle case of dividing by length of dividend
* SP math improvement for lo/hi register names to be used with older GCC compilers
###### Misc.
* ASN name constraints checking code refactor for better efficiency and readability
* Refactor of compatibility layer stack free’ing calls to simplify and reduce code
* Scrubbed code for trailing spaces, hard tabs, and any control characters
* Explicit check that leaf certificate's public key type match cipher suite signature algorithm
* Additional NULL sanity checks on WOLFSSL struct internally and improve switch statement fallthrough
* Retain OCSP error value when CRL is enabled with certificate parsing
* Update to NATIVE LwIP support for TCP use
* Sanity check on PEM size when parsing a PEM with OpenSSL compatibility layer API.
* SWIG wrapper was removed from the codebase in favor of dedicated Java and Python wrappers.
* Updates to bundled example client for when to load the CA, handling print out of IP alt names, and printing out the peers certificate in PEM format
* Handling BER encoded inner content type with PKCS7 verify
* Checking for SOCKET_EPIPE errors from low level socket
* Improvements to cleanup in the case that wolfSSL_Init fails
* Update test and example certificates expiration dates
# wolfSSL Release 5.0.0 (Nov 01, 2021)
Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [\Low\] Hang with DSA signature creation when a specific q value is used in a maliciously crafted key. If a DSA key with an invalid q value of either 1 or 0 was decoded and used for creating a signature, it would result in a hang in wolfSSL. Users that are creating signatures with DSA and are using keys supplied from an outside source are affected.
* [\Low\] Issue with incorrectly validating a certificate that has multiple subject alternative names when given a name constraint. In the case where more than one subject alternative name is used in the certificate, previous versions of wolfSSL could incorrectly validate the certificate. Users verifying certificates with multiple alternative names and name constraints, are recommended to either use the certificate verify callback to check for this case or update the version of wolfSSL used. Thanks to Luiz Angelo Daros de Luca for the report.
### New Feature Additions
###### New Product
* FIPS 140-3 -- currently undergoing laboratory testing, code review and ultimately CMVP validation. Targeting the latest FIPS standard.
###### Ports
* IoT-Safe with TLS demo
* SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519
* Support for Renesas TSIP v1.13 on RX72N
###### Post Quantum
* Support for OQS's (liboqs version 0.7.0) implementation of NIST Round 3 KEMs as TLS 1.3 groups --with-liboqs
* Hybridizing NIST ECC groups with the OQS groups
* Remove legacy NTRU and QSH
* Make quantum-safe groups available to the compatibility layer
###### Linux Kernel Module
* Full support for FIPS 140-3, with in-kernel power on self test (POST) and conditional algorithm self test(s) (CAST)
* --enable-linuxkm-pie -- position-independent in-kernel wolfCrypt container, for FIPS
* Vectorized x86 acceleration in PK algs (RSA, ECC, DH, DSA) and AES/AES-GCM
* Vectorized x86 acceleration in interrupt handlers
* Support for Linux-native module signatures
* Complete SSL/TLS and Crypto API callable from other kernel module(s)
* Support for LTS kernel lines: 3.16, 4.4, 4.9, 5.4, 5.10
* KCAPI: add support for using libkcapi for crypto (Linux Kernel)
* Configure option for --with-max-rsa-bits= and --with-max-ecc-bits=
* SP ARM Thumb support for Keil and performance improvements
* Add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode
* PKCS #11: support static linking with PKCS #11 library --enable-pkcs11=static LIBS=-l
* Add build option --enable-wolfclu for use with wolfCLU product
* Add support for X9.42 header i.e “BEGIN X9.42 DH PARAMETERS”
* Add --enable-altcertchains for configuring wolfSSL with alternate certificate chains feature enabled
* Add public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e)
* Add SNI and TLSx options to CMake build
### Fixes
###### PORT Fixes
* Add return value checking for FREESCALE_RNGA
* Fix MMCAU_SHA256 type warnings
* Fixes for building with Microchip XC32 and ATECC
###### Math Library Fixes
* TFM check that the modulus length is valid for fixed data array size
* TFM fp_submod_ct fix check for greater
* Check return value of mp_grow in mp_mod_2d
* Fix for ECC point multiply to error out on large multipliers
* SP ECC error on multiplier larger than curve order
###### TLS 1.3
* TLS1.3 sanity check for cases where a private key is larger than the configured maximum
* Fix early data max size handling in TLS v1.3
* Fixes for PK callbacks with TLS v1.3
* Check min downgrade when no extensions are sent with the ServerHello
###### Misc.
* Previously wolfSSL enum values were used as NID’s. Now only the compatibility layer NID enums are the NID values:
- CTC_SHAwDSA -> NID_dsaWithSHA1
- CTC_SHA256wDSA -> NID_dsa_with_SHA256
- CTC_MD2wRSA -> NID_md2WithRSAEncryption
- CTC_MD5wRSA -> NID_md5WithRSAEncryption
- CTC_SHAwRSA -> NID_sha1WithRSAEncryption
- CTC_SHA224wRSA -> NID_sha224WithRSAEncryption
- CTC_SHA256wRSA -> NID_sha256WithRSAEncryption
- CTC_SHA384wRSA -> NID_sha384WithRSAEncryption
- CTC_SHA512wRSA -> NID_sha512WithRSAEncryption
- CTC_SHA3_224wRSA -> NID_RSA_SHA3_224
- CTC_SHA3_256wRSA -> NID_RSA_SHA3_256
- CTC_SHA3_384wRSA -> NID_RSA_SHA3_384
- CTC_SHA3_512wRSA -> NID_RSA_SHA3_512
- CTC_SHAwECDSA -> NID_ecdsa_with_SHA1
- CTC_SHA224wECDSA -> NID_ecdsa_with_SHA224
- CTC_SHA256wECDSA -> NID_ecdsa_with_SHA256
- CTC_SHA384wECDSA -> NID_ecdsa_with_SHA384
- CTC_SHA512wECDSA -> NID_ecdsa_with_SHA512
- CTC_SHA3_224wECDSA -> NID_ecdsa_with_SHA3_224
- CTC_SHA3_256wECDSA -> NID_ecdsa_with_SHA3_256
- CTC_SHA3_384wECDSA -> NID_ecdsa_with_SHA3_384
- CTC_SHA3_512wECDSA -> NID_ecdsa_with_SHA3_512
- DSAk -> NID_dsa
- RSAk -> NID_rsaEncryption
- ECDSAk -> NID_X9_62_id_ecPublicKey
- BASIC_CA_OID -> NID_basic_constraints
- ALT_NAMES_OID -> NID_subject_alt_name
- CRL_DIST_OID -> NID_crl_distribution_points
- AUTH_INFO_OID -> NID_info_access
- AUTH_KEY_OID -> NID_authority_key_identifier
- SUBJ_KEY_OID -> NID_subject_key_identifier
- INHIBIT_ANY_OID -> NID_inhibit_any_policy
* Fix for DES IV size used with FIPSv2
* Fix signed comparison issue with serialSz
* Fix missing CBIOSend and properly guard hmac in DupSSL()
* Fix calculation of length of encoding in ssl.c
* Fix encoding to check proper length in asn.c
* Fix for wc_ecc_ctx_free and heap hint
* Fix for debug messages with AF_ALG build
* Fix for static memory with bucket size matching.
* Fixes for SRP with heap hint.
* Fixes for CAAM build macros and spelling for Keil build
* Sniffer fix for possible math issue around 64-bit pointer and 32-bit unsigned int
* Fix for sniffer TCP sequence rollover
* wolfSSL_PEM_write_bio_PUBKEY to write only the public part
* Fix for sending only supported groups in TLS extension
* Fix for sniffer to better handle spurious retransmission edge case
* SSL_set_alpn_protos and SSL_CTX_set_alpn_protos now returns 0 on successFixes issue with SSL_CTX_set1_curves_list and SSL_set1_curves_list not checking the last character of the names variable provided, non-0 on failure to better match expected return values
* Fixes and improvements for crypto callbacks with TLS (mutual auth)
* Fix for bad memory_mutex lock on static memory cleanup
* Zero terminate name constraints strings when parsing certificates
* Fix for verifying a certificate when multiple permitted name constraints are used
* Fix typo in ifdef for HAVE_ED448
* Fix typos in comments in SHA512
* Add sanity check on buffer size with ED25519 key decode
* Sanity check on PKCS7 stream amount read
* PKCS7 fix for double free on error case and sanity check on set serial number
* Sanity check on PKCS7 input size wc_PKCS7_ParseSignerInfo
* Forgive a DTLS session trying to send too much at once
### Improvements/Optimizations
###### Build Options and Warnings
* Rework of RC4 disable by default and depreciation
* wolfSSL as a Zephyr module (without setup.sh)
* Add include config.h to bio.c
* Support for PKCS7 without AES CBC.
* Fixes for building without AES CBC
* Added WOLFSSL_DH_EXTRA to --enable-all and --enable-sniffer
* Add a CMake option to build wolfcrypt test and bench code as libraries
* GCC makefile: allow overriding and provide more flexibility
###### Math Libraries
* Improve performance of fp_submod_ct() and fp_addmod_ct()
* Improve performance of sp_submod_ct() and sp_addmod_ct()
* SP int, handle even modulus with exponentiation
###### Misc.
* Cleanups for Arduino examples and memory documentation
* Refactor hex char to byte conversions
* Added GCC-ARM TLS server example
* Improvements to session locking to allow per-row
* Improved sniffer statistics and documentation
* EVP key support for heap hint and crypto callbacks
* Reduced stack size for dh_generation_test and Curve ASN functions
* AARCH64 SHA512: implementation using crypto instructions added
* wc_RsaPSS_CheckPadding_ex2 added for use with HEAP hint
* wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks on input and output sizes
* Add additional error handling to wolfSSL_BIO_get_len
* Add code to use popen and the command 'host', useful with qemu
* Adjustment to subject alt names order with compatibility layer to better match expected order
* Reduce BIO compatibility layer verbosity
* Set a default upper bound on error queue size with compatibility layer
* WOLFSSL_CRL_ALLOW_MISSING_CDP macro for Skip CRL verification in case no CDP in peer cert
* Fixes for scan-build LLVM-13 and expanded coverage
* Increase the default DTLS_MTU_ADDITIONAL_READ_BUFFER and make it adjustable
# wolfSSL Release 4.8.1 (July 16, 2021)
Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
### Vulnerabilities
* [High] OCSP verification issue when response is for a certificate with no relation to the chain in question BUT that response contains the NoCheck extension which effectively disables ALL verification of that one cert. Users who should upgrade to 4.8.1 are TLS client users doing OCSP, TLS server users doing mutual auth with OCSP, and CertManager users doing OCSP independent of TLS. Thanks to Jan Nauber, Marco Smeets, Werner Rueschenbaum and Alissa Kim of Volkswagen Infotainment for the report.
# wolfSSL Release 4.8.0 (July 09, 2021)
Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
### New Feature Additions
###### New Product
* Added wolfSentry build with --enable-wolfsentry and tie-ins to wolfSSL code for use with wolfSentry
###### Ports
* QNX CAAM driver added, supporting ECC black keys, CMAC, BLOBs, and TRNG use
* _WIN32_WCE wolfCrypt port added
* INTIME_RTOS directory support added
* Added support for STM32G0
* Renesas RX: Added intrinsics for rot[rl], revl (thanks @rliebscher)
* Added support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator to test DEVKITPRO port
* Zephyr project port updated to latest version 2.6.X
###### ASN1 and PKCS
* Storing policy constraint extension from certificate added
* Added support for NID_favouriteDrink pilot
* Added the API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key
###### Compatibility Layer Additions
* Open Source PORTS Added/Updated
- OpenVPN
- OpenLDAP
- socat-1.7.4.1
- Updated QT port for 5.15.2
* Changes to extend set_cipher_list() compatibility layer API to have set_ciphersuites compatibility layer API capability
* Added more support for SHA3 in the EVP layer
* API Added
- MD5/MD5_Transform
- SHA/SHA_Transform/SHA1_Transform
- SHA224/SHA256_Transform/SHA512_Transform
- SSL_CTX_get0_param/SSL_CTX_set1_param
- X509_load_crl_file
- SSL_CTX_get_min_proto_version
- EVP_ENCODE_CTX_new
- EVP_ENCODE_CTX_free
- EVP_EncodeInit
- EVP_EncodeUpdate
- EVP_EncodeFinal
- EVP_DecodeInit
- EVP_DecodeUpdate
- EVP_DecodeFinal
- EVP_PKEY_print_public
- BIO_tell
- THREADID_current
- THREADID_hash
- SSL_CTX_set_ecdh_auto
- RAND_set_rand_method()
- X509_LOOKUP_ctrl()
- RSA_bits
- EC_curve_nist2nid
- EC_KEY_set_group
- SSL_SESSION_set_cipher
- SSL_set_psk_use_session_callback
- EVP_PKEY_param_check
- DH_get0_pqg
- CRYPTO_get_ex_new_index
- SSL_SESSION_is_resumable
- SSL_CONF_cmd
- SSL_CONF_CTX_finish
- SSL_CTX_keylog_cb_func
- SSL_CTX_set_keylog_callback
- SSL_CTX_get_keylog_callback
###### Misc.
* Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value
* Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations
* Added implementation of AES-GCM streaming (--enable-aesgcm-stream)
* Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called
* Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer
* Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement
* Added crypto callback support for Ed/Curve25519 and SHA2-512/384
* TLS 1.3 wolfSSL_key_update_response function added to see if a update response is needed
### Fixes
* Fix for detecting extra unused bytes that are in an ASN1 sequence appended to the end of a valid ECC signature
* Fix for keyid with ktri CMS (breaks compatibility with previous keyid ASN1 syntax)
* Fix for failed handshake if a client offers more than 150 cipher suites. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
* Fix for default order of deprecated elliptic curves SECP224R1, SECP192R1, SECP160R1. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University
* Fix for corner TLS downgrade case where a TLS 1.3 setup that allows for downgrades but has TLS 1.3 set as the minimum version would still downgrade to TLS 1.2
###### PKCS7 (Multiple fixes throughout regarding memory leaks with SMIME and heap buffer overflows due to streaming functionality)
* Fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData
* Fix for heap buffer overflow on compare with wc_PKCS7_DecryptKtri
* Fix for heap buffer overflow with wc_PKCS7_VerifySignedData
* Fix for heap buffer overflow with wc_PKCS7_DecodeEnvelopedData
* Check size of public key used with certificate passed into wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow
* Fix for heap buffer overflow fix for wolfSSL_SMIME_read_PKCS7
* Fix to cleanly free memory in error state with wolfSSL_SMIME_read_PKCS7
* SMIME error checking improvements and canonicalize multi-part messages before hashing
###### DTLS Fixes
* DTLS fix to correctly move the Tx sequence number forward
* DTLS fix for sequence and epoch number with secure renegotiation cookie exchange
* Fix for Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation
###### PORT Fixes
* Fix AES, aligned key for the HW module with DCP port
* Added wolfSSL_CTX_get_ephemeral_key and wolfSSL_get_ephemeral_key for loading a constant key in place of an ephemeral one
* Improved checking of XSNPRINTF return value in DecodePolicyOID
###### Build Options and Warnings
* Added wolfSSL_CTX_set_verify to the ABI list
* Adjusted FP_ECC build to not allow SECP160R1, SECP160R2, SECP160K1 and SECP224K1. FP_ECC does not work with scalars that are the length of the order when the order is longer than the prime.
* Added CMake support for CURVE25519, ED25519, CURVE448, and ED448
* cmake addition to test paths when building
* Added support for session tickets in CMake
* Added support for reproducible builds with CMake
* Turn on reproducible-build by default when enable-distro
* Windows Project: Include the X448 and Ed448 files
* GCC-11 compile time warning fixes
* Fix for compiling build of ./configure '--disable-tlsv12' '-enable-pkcallbacks'
* Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled
* Updated building and running with Apple M1
* Apache httpd build without TLS 1.3 macro guard added
* Enable SHA3 and SHAKE256 requirements automatically when ED448 is enabled
* Added option for AES CBC cipher routines to return BAD_LENGTH_E when called with an input buffer length not a multiple of AES_BLOCK_SIZE
* Macro WOLFSSL_SP_INT_DIGIT_ALIGN added for alignment on buffers with SP build. This was needed for compiler building on a Renesas board.
* Build support with no hashes enabled an no RNG compiled in
* Allow use of FREESCALE hardware RNG without a specific port
* Resolved some warnings with Windows builds and PBKDF disabled
* Updated the version of autoconf and automake along with fixes for some new GCC-10 warnings
###### Math Libraries
* SP: Thumb implementation that works with clang
* SP math all: sp_cmp handling of negative values
* SP C ECC: mont sub - always normalize after sub before check for add
* TFM math library prime checking, added more error checks with small stack build
* Sanity checks on 0 value with GCD math function
* fp_exptmod_ct error checking and small stack variable free on error
* Sanity check on supported digit size when calling mp_add_d in non fastmath builds
* Support for mp_dump with SP Math ALL
* WOLFSSL_SP_NO_MALLOC for both the normal SP build and small SP build now
* WOLFSSL_SP_NO_DYN_STACK added for SP small code that is not small stack build to avoid dynamic stack
###### PKCS 7/8
* wc_PKCS7_DecodeCompressedData to optionally handle a packet without content wrapping
* Added setting of content type parsed with PKCS7 wc_PKCS7_DecodeAuthEnvelopedData and wc_PKCS7_DecodeEnvelopedData
* PKCS8 code improvements and refactoring
###### Misc.
* Sanity checks on null inputs to the functions wolfSSL_X509_get_serialNumber and wolfSSL_X509_NAME_print_ex
* Added ARM CryptoCell support for importing public key with wc_ecc_import_x963_ex()
* Improved checking for possible use of key->dp == NULL cases with ECC functions
* Updated SHAKE256 to compile with NIST FIPS 202 standard and added support for OID values (thanks to strongX509)
* Improved ECC operations when using WOLFSSL_NO_MALLOC
* Added WOLFSSL_SNIFFER_FATAL_ERROR for an return value when sniffer is in a fatal state
* Allow parsing spaces in Base64_SkipNewline
* Issue callback when exceeding depth limit rather than error out with OPENSSL_EXTRA build
* Added NXP LTC RSA key generation acceleration
# wolfSSL Release 4.7.0 (February 16, 2021)
Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
@ -7,6 +677,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
* Function wolfSSL_CTX_NoTicketTLSv12 added to enable turning off session tickets with TLS 1.2 while keeping TLS 1.3 session tickets available
* Implement RFC 5705: Keying Material Exporters for TLS
* Added --enable-reproducible-build flag for making more deterministic library outputs to assist debugging
* Added support for S/MIME (Secure/Multipurpose Internet Mail Extensions) bundles
### Fixes
* Fix to free mutex when cert manager is free’d
@ -44,7 +715,7 @@ Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
* Out of directory builds resolved, wolfSSL can now be built in a separate directory than the root wolfssl directory
### Vulnerabilities
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676.
* [HIGH] CVE-2021-3336: In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. For the code change see https://github.com/wolfSSL/wolfssl/pull/3676. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report.
* [LOW] In the case of using custom ECC curves there is the potential for a crafted compressed ECC key that has a custom prime value to cause a hang when imported. This only affects applications that are loading in ECC keys with wolfSSL builds that have compressed ECC keys and custom ECC curves enabled.
* [LOW] With TLS 1.3 authenticated-only ciphers a section of the server hello could contain 16 bytes of uninitialized data when sent to the connected peer. This affects only a specific build of wolfSSL with TLS 1.3 early data enabled and using authenticated-only ciphers with TLS 1.3.
@ -1659,9 +2330,9 @@ More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
- No filesystem build fixes for various configurations
- Certificate generation now supports several extensions including KeyUsage,
SKID, AKID, and Ceritifcate Policies
SKID, AKID, and Certificate Policies
- CRLs can be loaded from buffers as well as files now
You can enable the wolfSSL support for Deos RTOS available [here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using the `#define WOLFSSL_DEOS`.
Deos is a time & space partitioned, multi-core enabled, DO-178C DAL A certifiable RTOS.
You can enable the wolfSSL support for Deos RTOS available
[here](https://www.ddci.com/products_deos_do_178c_arinc_653/) using
the `#define WOLFSSL_DEOS`. Deos is a time & space partitioned,
multi-core enabled, DO-178C DAL A certifiable RTOS.
## Usage
You can start with your OpenArbor IDE-based example project for Deos with the network stack (lwip) to integrate wolfSSL source code.
You can start with your OpenArbor IDE-based example project for Deos
with the network stack (lwip) to integrate wolfSSL source code.
wolfSSL supports a compile-time user configurable options in the`IDE/ECLIPSE/DEOS/user_settings.h` file.
wolfSSL supports a compile-time user configurable options in the
`IDE/ECLIPSE/DEOS/user_settings.h` file.
The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test.
```
1. #undef NO_CRYPT_TEST
2. #undef NO_CRYPT_BENCHMARK
3. #undef NO_WOLFSSL_CLIENT
4. #undef NO_WOLFSSL_SERVER
```
Do one of the following steps for building and running wolfSSL with the Deos kernel examples, which are included in the DDS release:
If you want to create a project from scratch, skip the Importing the project section and follow the steps in the other sections.
### Importing the project
If you want to use an pre-configured example project, go to the Importing the project section, skip the other sections and follow the Building and Running section.
#### Importing the project
In this section you will import a pre-configured example project.
Note: To work wolfssl directory must not be under the workspace directory.
1. Launch the OpenArbor IDE as an administrator
2. In the Workspace Launcher dialog, in the Workspace field, enter your
workspace
2. In the Workspace Launcher dialog, in the Workspace field, enter
your workspace
3. Right-click in the Project Explorer view and select Import
4. In the Import dialog, select General > Existing Projects into Workspace, then click Next.
5. In the Import Projects dialog, select Select archive file, then browse to `IDE/ECLIPSE/DEOS/` and double-click `deosWolfssl.zip` file
4. In the Import dialog, select General > Existing Projects into
Workspace, then click Next.
5. In the Import Projects dialog, select `Select root directory` and
browse to `IDE/ECLIPSE/DEOS/deos_wolfssl` and select the wolfssl
project
6. In the Import Projects dialog, click Finish
#### Dependencies
* ansi
* gnu-language
* deos-time
### Setting up a Deos project with wolfSSL
The `tls_wolfssl.c` example application provides a simple function to
run the selected examples at compile time through the following four
`#defines` in `user_settings.h`. You can undefine any of these macro
options to run a test.
#### Setting up a Deos project with wolfSSL
1. Download the wolfSSL source code or a zip file from GitHub. You can remove all of the files except for these folders and its contents. The top folder for this example is wolfsslPort.
```
wolfsslPort
|-- IDE
| -- ECLIPSE
| -- DEOS
|-- src
|-- wolfcrypt
| -- benchmark
| -- src
| -- test
|-- wolfssl
|-- openssl
|-- wolfcrypt
|-- port
#undef NO_CRYPT_TEST
#undef NO_CRYPT_BENCHMARK
#undef NO_WOLFSSL_CLIENT
#undef NO_WOLFSSL_SERVER
```
2. Remove these two platform specific assembly source files:
- wolfsslPort/wolfcrypt/src/aes_asm.asm
- wolfsslPort/wolfcrypt/src/aes_asm.S
3. Launch the OpenArbor IDE as an administrator
4. Create a DDC-I Deos example project. In the main menu, go to File >DDC-I Deos example project > socket > udp-vs-tcp
5. Import the `wolfSSLPort` source code into your project.
- Right-click the ` udp-vs-tcp` project and choose File -> Import.
- Expand the General folder and select File System, then click Next. You should now see the Import File system dialog.
- Browse to the location containing the wolfSSL code and choose OK. Select the `wolfsslPort` folder and check the `Create top-level folder` button, then select Finish. You should see the folder hierarchy the same as wolfSSL folder structures.
6. Review the configuration in $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h
1. Launch the OpenArbor IDE
7. Review the custom malloc/realloc/free configuration $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/deos_malloc.c . Memory allocated with malloc() is never freed.
2.Create a DDC-I Deos example project. In the main menu, go to File >
DDC-I Deos example project > socket > udp-vs-tcp
3. Customize your config/udp-vs-tcp.pd.xml with the following changes:
#### Configuring the Deos Project
1. Customize your config/udp-vs-tcp.pd.xml with the following changes:
```
<processTemplate
mutexQuota = "5"
@ -90,35 +83,54 @@ wolfsslPort
</processTemplate>
```
Depending on your configuration, wolfSSL uses upto four mutexes. You also need to configure enough memory for the stack of each threads and the process logical memory pool.
Depending on your configuration, wolfSSL uses upto four mutexes. You
also need to configure enough memory for the stack of each threads and
the process logical memory pool.
4. Right click on the `udp-vs-tcp` project, select properties and add
the following macros in the DDC-I Options > C Compile >
Preprocessor
* WOLFSSL_USER_SETTINGS
5. Add the following directory paths in the DDC-I Options > C Compile >
Directories and in the DDC-I Options > C++ Compile > Directories
* $(PROJECT_DIR.wolfssl)/../../../..
* $(PROJECT_DIR.wolfssl)/..
* $(PROJECT_DIR.printx)/code
6. Add the following library dependencies in the
DDC-I Options > Deos > Dependencies
* math
* ansi
* deos-time
For benchmark and test code:
* printx - You must add printx into your workspace, File >DDC-I
Deos example project > training > printx
7. Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to
customize your configuration. For example, you can undef or define
these tests.
*`#undef NO_CRYPT_TEST`
*`#undef NO_CRYPT_BENCHMARK`
*`#undef NO_WOLFSSL_CLIENT`
*`#undef NO_WOLFSSL_SERVER`
8. Edit your application source file where main() thread is defined
and add the following:
*#include "printx.h"
*#include "tls_wolfssl.h"
* and a call to `wolfsslRunTests()`
2. Right click on the `udp-vs-tcp` project, select properties and add the following macros in the DDC-I Options > C Compile > Preprocessor
- DEOS_ALLOW_OBSOLETE_DEFINITIONS
- WOLFSSL_USER_SETTINGS
3. Add the following directory paths in the DDC-I Options > C Compile > Directories and in the DDC-I Options > C++ Compile > Directories
- $(PROJECT_DIR)/wolfsslPort
- $(PROJECT_DIR)/wolfsslPort/wolfssl
- $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS
- $(PROJECT_DIR.printx)/code
4. Change the optimization level in the DDC-I Options > C Compile > Code Generation > Optimization level:g
- g
5. Add the following library dependencies in the DDC-I Options > Deos > Dependencies
- math
- dart
- ansi
- printx
- You must add printx into your workspace, File >DDC-I Deos example project > training > printx
6. Edit $(PROJECT_DIR)/wolfsslPort/IDE/ECLIPSE/DEOS/user_setting.h to customize your configuration. For example, you can undef or define these tests.
-#undef NO_CRYPT_TEST
-#undef NO_CRYPT_BENCHMARK
-#undef NO_WOLFSSL_CLIENT
-#undef NO_WOLFSSL_SERVER
7. Edit your application source file where main() thread is defined and add the following:
AES-128-CBC-enc 5 MB took 1.000 seconds, 5.127 MB/s
AES-128-CBC-dec 5 MB took 1.000 seconds, 4.907 MB/s
AES-192-CBC-enc 5 MB took 1.000 seconds, 4.736 MB/s
AES-192-CBC-dec 5 MB took 1.000 seconds, 4.761 MB/s
...
```
This example doesn't show the whole output.
### `wolfssl_client_test()`
You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com.
You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros
in the `tls_wolfssl.c` file to configure the host address and
port. You will also need to define the server certificate. The example
client uses the GET request to get a web resource from the server at
https://google.com.
### `wolfssl_server_test()`
You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host.
Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections.
You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to
configure the port number to listen on a local-host. Once you start
the TLS server and `Listening for client connection` displays on the
serial console, the server is ready to accept client connections.
You can connect to the server using the wolfssl TLS client example
from your Linux or Windows host as follows:
You can connect to the server using the wolfssl TLS client example from your Linux or Windows host as follows:
1.[ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
## Setup for Linux
1. Run *setup.sh* at /path/to/wolfssl/IDE/Espressif/ESP-IDF/ to deploy files into ESP-IDF tree
For Windows : Run *setup_win.bat* at \IDE\Espressif\ESP-IDF\
2. Find Wolfssl files at /path/to/esp-idf/components/wolfssl/
3. Find Example programs under /path/to/esp-idf/examples/protocols/wolfssl_xxx
4. Uncomment out #define WOLFSSL_ESPIDF in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
Uncomment out #define WOLFSSL_ESPWROOM32 in /path/to/wolfssl/wolfssl/wolfcrypt/settings.h
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
## Setup for Windows
1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`
3. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
4. Find [Example programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
## Configuration
1. The *user_settings.h* can be found in /path/to/esp-idf/components/wolfssl/include/user_settings.h
1. The `user_settings.h` can be found in _/path/to/esp_`/esp-idf/components/wolfssl/include/user_settings.h`
## Build examples
1. See README in each example folder
@ -34,7 +34,6 @@ Including the following examples:
For question please email [support@wolfssl.com]
Note: This is tested with :
- OS: Ubuntu 18.04.1 LTS and Microsoft Windows 10 Pro 10.0.19041
- ESP-IDF: v4.1 and v4.0.1
- OS: Ubuntu 20.04.3 LTS and Microsoft Windows 10 Pro 10.0.19041 and well as WSL Ubuntu
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
