MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-14 22:35:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

wolfssl: upgrade 5.8.0 -> 5.8.4

Browse Source 
License-Update: the project was relicensed from GPL-2 to GPL-3

Inludes fixes for the following vulnerabilities:
CVE-2025-7394, CVE-2025-7395, CVE-2025-7396, CVE-2025-12888, CVE-2025-11936,
CVE-2025-11935, CVE-2025-11934, CVE-2025-11933, CVE-2025-11932, CVE-2025-11931,
CVE-2025-12889

Drop patch that is incorporated in this release.

Changelog: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md

Ptests passed:

START: ptest-runner
2025-12-09T18:23
BEGIN: /usr/lib/wolfssl/ptest
Wolfssl ptest logs are stored in /tmp/wolfss_temp.6rsnys/ptest.log
Test script returned: 0
unit_test: Success for all configured tests.
PASS: Wolfssl
DURATION: 13
END: /usr/lib/wolfssl/ptest
2025-12-09T18:23
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-12-09 19:26:28 +01:00 committed by Khem Raj
parent 1feb12a4bc
commit f2b8b47e45
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 4 additions and 796 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

791
meta-networking/recipes-connectivity/wolfssl/files/0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch
View File

@ -1,791 +0,0 @@
From 04975ac158e6d33875c2855f74792efb2258bb93 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Tue, 13 May 2025 20:30:48 -0500
Subject: [PATCH] wolfssl/wolfcrypt/logging.h and wolfcrypt/src/logging.c: add
WOLFSSL_DEBUG_PRINTF() macro adapted from wolfssl_log(), refactor
wolfssl_log() to use it, and move printf setup includes/prototypes from
logging.c to logging.h;
src/ssl_load.c: add source_name arg and WOLFSSL_DEBUG_CERTIFICATE_LOADS clauses
to ProcessBuffer() and ProcessChainBuffer(), and pass reasonable values from
callers;
remove expired "Baltimore CyberTrust Root" from certs/external/ca_collection.pem
and certs/external/baltimore-cybertrust-root.pem.
Upstream-Status: Backport [https://github.com/wolfSSL/wolfssl/commit/55460a52619626f614e86d528b9a60445562eb34]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
certs/external/baltimore-cybertrust-root.pem | 21 ---
certs/external/ca_collection.pem | 77 ----------
src/ssl_load.c | 111 +++++++++++----
wolfcrypt/src/error.c | 4 +-
wolfcrypt/src/logging.c | 142 ++-----------------
wolfssl/internal.h | 3 +-
wolfssl/wolfcrypt/logging.h | 93 +++++++++++-
7 files changed, 190 insertions(+), 261 deletions(-)
delete mode 100644 certs/external/baltimore-cybertrust-root.pem
diff --git a/certs/external/baltimore-cybertrust-root.pem b/certs/external/baltimore-cybertrust-root.pem
deleted file mode 100644
index 519028c63..000000000
--- a/certs/external/baltimore-cybertrust-root.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
------END CERTIFICATE-----
diff --git a/certs/external/ca_collection.pem b/certs/external/ca_collection.pem
index ddfdf9cee..c76d6c605 100644
--- a/certs/external/ca_collection.pem
+++ b/certs/external/ca_collection.pem
@@ -1,80 +1,3 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 33554617 (0x20000b9)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
- Validity
- Not Before: May 12 18:46:00 2000 GMT
- Not After : May 12 23:59:00 2025 GMT
- Subject: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public-Key: (2048 bit)
- Modulus:
- 00:a3:04:bb:22:ab:98:3d:57:e8:26:72:9a:b5:79:
- d4:29:e2:e1:e8:95:80:b1:b0:e3:5b:8e:2b:29:9a:
- 64:df:a1:5d:ed:b0:09:05:6d:db:28:2e:ce:62:a2:
- 62:fe:b4:88:da:12:eb:38:eb:21:9d:c0:41:2b:01:
- 52:7b:88:77:d3:1c:8f:c7:ba:b9:88:b5:6a:09:e7:
- 73:e8:11:40:a7:d1:cc:ca:62:8d:2d:e5:8f:0b:a6:
- 50:d2:a8:50:c3:28:ea:f5:ab:25:87:8a:9a:96:1c:
- a9:67:b8:3f:0c:d5:f7:f9:52:13:2f:c2:1b:d5:70:
- 70:f0:8f:c0:12:ca:06:cb:9a:e1:d9:ca:33:7a:77:
- d6:f8:ec:b9:f1:68:44:42:48:13:d2:c0:c2:a4:ae:
- 5e:60:fe:b6:a6:05:fc:b4:dd:07:59:02:d4:59:18:
- 98:63:f5:a5:63:e0:90:0c:7d:5d:b2:06:7a:f3:85:
- ea:eb:d4:03:ae:5e:84:3e:5f:ff:15:ed:69:bc:f9:
- 39:36:72:75:cf:77:52:4d:f3:c9:90:2c:b9:3d:e5:
- c9:23:53:3f:1f:24:98:21:5c:07:99:29:bd:c6:3a:
- ec:e7:6e:86:3a:6b:97:74:63:33:bd:68:18:31:f0:
- 78:8d:76:bf:fc:9e:8e:5d:2a:86:a7:4d:90:dc:27:
- 1a:39
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
- X509v3 Basic Constraints: critical
- CA:TRUE, pathlen:3
- X509v3 Key Usage: critical
- Certificate Sign, CRL Sign
- Signature Algorithm: sha1WithRSAEncryption
- 85:0c:5d:8e:e4:6f:51:68:42:05:a0:dd:bb:4f:27:25:84:03:
- bd:f7:64:fd:2d:d7:30:e3:a4:10:17:eb:da:29:29:b6:79:3f:
- 76:f6:19:13:23:b8:10:0a:f9:58:a4:d4:61:70:bd:04:61:6a:
- 12:8a:17:d5:0a:bd:c5:bc:30:7c:d6:e9:0c:25:8d:86:40:4f:
- ec:cc:a3:7e:38:c6:37:11:4f:ed:dd:68:31:8e:4c:d2:b3:01:
- 74:ee:be:75:5e:07:48:1a:7f:70:ff:16:5c:84:c0:79:85:b8:
- 05:fd:7f:be:65:11:a3:0f:c0:02:b4:f8:52:37:39:04:d5:a9:
- 31:7a:18:bf:a0:2a:f4:12:99:f7:a3:45:82:e3:3c:5e:f5:9d:
- 9e:b5:c8:9e:7c:2e:c8:a4:9e:4e:08:14:4b:6d:fd:70:6d:6b:
- 1a:63:bd:64:e6:1f:b7:ce:f0:f2:9f:2e:bb:1b:b7:f2:50:88:
- 73:92:c2:e2:e3:16:8d:9a:32:02:ab:8e:18:dd:e9:10:11:ee:
- 7e:35:ab:90:af:3e:30:94:7a:d0:33:3d:a7:65:0f:f5:fc:8e:
- 9e:62:cf:47:44:2c:01:5d:bb:1d:b5:32:d2:47:d2:38:2e:d0:
- fe:81:dc:32:6a:1e:b5:ee:3c:d5:fc:e7:81:1d:19:c3:24:42:
- ea:63:39:a9
------BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
-RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
-VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
-DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
-ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
-VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
-mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
-IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
-mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
-XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
-dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
-jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
-BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
-DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
-9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
-jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
-Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
-ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
-R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
------END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
diff --git a/src/ssl_load.c b/src/ssl_load.c
index 24c8af1be..d803b4093 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -2352,11 +2352,13 @@ static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
* @param [out] used Number of bytes consumed.
* @param [in[ userChain Whether this certificate is for user's chain.
* @param [in] verify How to verify certificate.
+ * @param [in] source_name Associated filename or other source ID.
* @return 1 on success.
* @return Less than 1 on failure.
*/
int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
- int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify)
+ int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify,
+ const char *source_name)
{
DerBuffer* der = NULL;
int ret = 0;
@@ -2367,6 +2369,11 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
EncryptedInfo info[1];
#endif
int algId = 0;
+#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
+ long usedAtStart = used ? *used : 0L;
+#else
+ (void)source_name;
+#endif
WOLFSSL_ENTER("ProcessBuffer");
@@ -2444,6 +2451,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
ret = 0;
}
+#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
+ if (ret < 0) {
+#ifdef NO_ERROR_STRINGS
+ WOLFSSL_DEBUG_PRINTF(
+ "ERROR: ProcessUserChain: certificate from %s at offset %ld"
+ " rejected with code %d\n",
+ source_name, usedAtStart, ret);
+#else
+ WOLFSSL_DEBUG_PRINTF(
+ "ERROR: ProcessUserChain: certificate from %s at offset %ld"
+ " rejected with code %d: %s\n",
+ source_name, usedAtStart, ret,
+ wolfSSL_ERR_reason_error_string(ret));
+#endif
+ }
+#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
}
#ifdef WOLFSSL_SMALL_STACK
@@ -2455,6 +2478,22 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
/* Process the different types of certificates. */
ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type,
verify);
+#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
+ if (ret < 0) {
+#ifdef NO_ERROR_STRINGS
+ WOLFSSL_DEBUG_PRINTF(
+ "ERROR: ProcessBufferCertTypes: certificate from %s at"
+ " offset %ld rejected with code %d\n",
+ source_name, usedAtStart, ret);
+#else
+ WOLFSSL_DEBUG_PRINTF(
+ "ERROR: ProcessBufferCertTypes: certificate from %s at"
+ " offset %ld rejected with code %d: %s\n",
+ source_name, usedAtStart, ret,
+ wolfSSL_ERR_reason_error_string(ret));
+#endif
+ }
+#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
}
else {
FreeDer(&der);
@@ -2515,12 +2554,14 @@ static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff,
* @param [in] sz Size of data in buffer.
* @param [in] type Type of data.
* @param [in] verify How to verify certificate.
+ * @param [in] source_name Associated filename or other source ID.
* @return 1 on success.
* @return 0 on failure.
* @return MEMORY_E when dynamic memory allocation fails.
*/
static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
- const unsigned char* buff, long sz, int type, int verify)
+ const unsigned char* buff, long sz, int type, int verify,
+ const char *source_name)
{
int ret = 0;
long used = 0;
@@ -2529,11 +2570,11 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
WOLFSSL_MSG("Processing CA PEM file");
/* Keep processing file while no errors and data to parse. */
while ((ret >= 0) && (used < sz)) {
- long consumed = 0;
+ long consumed = used;
/* Process the buffer. */
ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM,
- type, ssl, &consumed, 0, verify);
+ type, ssl, &consumed, 0, verify, source_name);
/* Memory allocation failure is fatal. */
if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
gotOne = 0;
@@ -2665,6 +2706,12 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
{
/* Not a header that we support. */
WOLFSSL_MSG("Failed to detect certificate type");
+#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
+ WOLFSSL_DEBUG_PRINTF(
+ "ERROR: ProcessFile: Failed to detect certificate type"
+ " of \"%s\"\n",
+ fname);
+#endif
ret = WOLFSSL_BAD_CERTTYPE;
}
}
@@ -2673,7 +2720,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
(format == WOLFSSL_FILETYPE_PEM)) {
ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
- verify);
+ verify, fname);
}
#ifdef HAVE_CRL
else if (type == CRL_TYPE) {
@@ -2690,18 +2737,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
long consumed = 0;
ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
- &consumed, userChain, verify);
+ &consumed, userChain, verify, fname);
if ((ret == 1) && (consumed < sz)) {
ret = ProcessBuffer(ctx, content.buffer + consumed,
sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0,
- verify);
+ verify, fname);
}
}
#endif
else {
/* Load all other certificate types. */
ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
- NULL, userChain, verify);
+ NULL, userChain, verify, fname);
}
}
@@ -3030,7 +3077,8 @@ static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
CA_TYPE, NULL, NULL, 0,
- GET_VERIFY_SETTING_CTX(ctx)) == 1) {
+ GET_VERIFY_SETTING_CTX(ctx),
+ storeNames[i]) == 1) {
/*
* Set "loaded" as long as we've loaded one CA
* cert.
@@ -3105,7 +3153,8 @@ static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
CA_TYPE, NULL, NULL, 0,
- GET_VERIFY_SETTING_CTX(ctx)) == 1) {
+ GET_VERIFY_SETTING_CTX(ctx),
+ "MacOSX trustDomains") == 1) {
/*
* Set "loaded" as long as we've loaded one CA
* cert.
@@ -3644,7 +3693,8 @@ int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
/* Get DER encoded certificate data from X509 object. */
ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
- GET_VERIFY_SETTING_SSL(ssl));
+ GET_VERIFY_SETTING_SSL(ssl),
+ "x509 buffer");
}
/* Return 1 on success or 0 on failure. */
@@ -3676,7 +3726,8 @@ int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
long idx = 0;
ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
- ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl));
+ ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl),
+ "asn1 buffer");
}
/* Return 1 on success or 0 on failure. */
@@ -3884,12 +3935,13 @@ int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in,
/* When PEM, treat as certificate chain of CA certificates. */
if (format == WOLFSSL_FILETYPE_PEM) {
- ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify);
+ ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify,
+ "PEM buffer");
}
/* When DER, load the CA certificate. */
else {
ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
- userChain, verify);
+ userChain, verify, "buffer");
}
#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
if (ret == 1) {
@@ -3973,12 +4025,12 @@ int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
/* When PEM, treat as certificate chain of trusted peer certificates. */
if (format == WOLFSSL_FILETYPE_PEM) {
ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE,
- verify);
+ verify, "peer");
}
/* When DER, load the trusted peer certificate. */
else {
ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
- NULL, 0, verify);
+ NULL, 0, verify, "peer");
}
}
@@ -4004,7 +4056,7 @@ int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
- GET_VERIFY_SETTING_CTX(ctx));
+ GET_VERIFY_SETTING_CTX(ctx), "buffer");
WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
return ret;
@@ -4030,7 +4082,7 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed,
- 0, GET_VERIFY_SETTING_CTX(ctx));
+ 0, GET_VERIFY_SETTING_CTX(ctx), "key buffer");
#ifdef WOLFSSL_DUAL_ALG_CERTS
if ((ret == 1) && (consumed < sz)) {
/* When support for dual algorithm certificates is enabled, the
@@ -4038,7 +4090,8 @@ int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
* private key. Hence, we have to parse both of them.
*/
ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format,
- ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+ ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
+ "key buffer");
}
#endif
@@ -4056,7 +4109,7 @@ int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer");
ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL,
- NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+ NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer");
WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret);
return ret;
@@ -4271,7 +4324,8 @@ static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
}
ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
- CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
+ CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
+ label ? label : "cert buffer");
exit:
XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
@@ -4333,7 +4387,7 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
{
WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
- GET_VERIFY_SETTING_CTX(ctx));
+ GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer");
}
/* Load a PEM encoded certificate chain in a buffer into SSL context.
@@ -4376,7 +4430,7 @@ int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
- GET_VERIFY_SETTING_SSL(ssl));
+ GET_VERIFY_SETTING_SSL(ssl), "cert buffer");
}
return ret;
@@ -4407,7 +4461,7 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl,
- &consumed, 0, GET_VERIFY_SETTING_SSL(ssl));
+ &consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer");
#ifdef WOLFSSL_DUAL_ALG_CERTS
if ((ret == 1) && (consumed < sz)) {
/* When support for dual algorithm certificates is enabled, the
@@ -4415,7 +4469,8 @@ int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
* private key. Hence, we have to parse both of them.
*/
ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format,
- ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
+ ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl),
+ "key buffer");
}
#endif
}
@@ -4431,7 +4486,7 @@ int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer");
ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl,
- NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
+ NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer");
WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret);
return ret;
@@ -4669,7 +4724,7 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
}
else {
ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1,
- GET_VERIFY_SETTING_SSL(ssl));
+ GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer");
}
return ret;
@@ -4826,7 +4881,7 @@ long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
/* Process buffer makes first certificate the leaf. */
ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
- NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
+ NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer");
if (ret != 1) {
ret = 0;
}
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index af5ba36b4..9ec9484d4 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -182,10 +182,10 @@ const char* wc_GetErrorString(int error)
return "ASN date error, bad size";
case ASN_BEFORE_DATE_E :
- return "ASN date error, current date before";
+ return "ASN date error, current date is before start of validity";
case ASN_AFTER_DATE_E :
- return "ASN date error, current date after";
+ return "ASN date error, current date is after expiration";
case ASN_SIG_OID_E :
return "ASN signature error, mismatched oid";
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 29b9221df..b80fc3a56 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -230,42 +230,6 @@ void WOLFSSL_TIME(int count)
#ifdef DEBUG_WOLFSSL
-#if defined(ARDUINO)
- /* see Arduino wolfssl.h for wolfSSL_Arduino_Serial_Print */
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- /* see wc_port.h for fio.h and nio.h includes */
-#elif defined(WOLFSSL_SGX)
- /* Declare sprintf for ocall */
- int sprintf(char* buf, const char *fmt, ...);
-#elif defined(WOLFSSL_DEOS)
-#elif defined(MICRIUM)
- #if (BSP_SER_COMM_EN == DEF_ENABLED)
- #include <bsp_ser.h>
- #endif
-#elif defined(WOLFSSL_USER_LOG)
- /* user includes their own headers */
-#elif defined(WOLFSSL_ESPIDF)
- #include "esp_types.h"
- #include "esp_log.h"
-#elif defined(WOLFSSL_TELIT_M2MB)
- #include <stdio.h>
- #include "m2m_log.h"
-#elif defined(WOLFSSL_ANDROID_DEBUG)
- #include <android/log.h>
-#elif defined(WOLFSSL_XILINX)
- #include "xil_printf.h"
-#elif defined(WOLFSSL_LINUXKM)
- /* the requisite linux/kernel.h is included in wc_port.h, with incompatible warnings masked out. */
-#elif defined(FUSION_RTOS)
- #include <fclstdio.h>
- #define fprintf FCL_FPRINTF
-#else
- #include <stdio.h> /* for default printf stuff */
-#endif
-
-#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
- int dc_log_printf(char*, ...);
-#endif
#ifdef HAVE_STACK_SIZE_VERBOSE
#include <wolfssl/wolfcrypt/mem_track.h>
@@ -281,106 +245,30 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
else {
#if defined(WOLFSSL_USER_LOG)
WOLFSSL_USER_LOG(logMessage);
-#elif defined(ARDUINO)
- wolfSSL_Arduino_Serial_Print(logMessage);
-#elif defined(WOLFSSL_LOG_PRINTF)
- if (file_name != NULL)
- printf("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- printf("%s\n", logMessage);
-#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
- if (file_name != NULL)
- dc_log_printf("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- dc_log_printf("%s\n", logMessage);
-#elif defined(WOLFSSL_DEOS)
- if (file_name != NULL)
- printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
- else
- printf("%s\r\n", logMessage);
-#elif defined(MICRIUM)
- if (file_name != NULL)
- BSP_Ser_Printf("[%s L %d] %s\r\n",
- file_name, line_number, logMessage);
- else
- BSP_Ser_Printf("%s\r\n", logMessage);
-#elif defined(WOLFSSL_MDK_ARM)
- fflush(stdout) ;
- if (file_name != NULL)
- printf("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- printf("%s\n", logMessage);
- fflush(stdout) ;
-#elif defined(WOLFSSL_UTASKER)
- fnDebugMsg((char*)logMessage);
- fnDebugMsg("\r\n");
-#elif defined(MQX_USE_IO_OLD)
- if (file_name != NULL)
- fprintf(_mqxio_stderr, "[%s L %d] %s\n",
- file_name, line_number, logMessage);
- else
- fprintf(_mqxio_stderr, "%s\n", logMessage);
-#elif defined(WOLFSSL_APACHE_MYNEWT)
- if (file_name != NULL)
- LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "[%s L %d] %s\n",
- file_name, line_number, logMessage);
- else
- LOG_DEBUG(&mynewt_log, LOG_MODULE_DEFAULT, "%s\n", logMessage);
-#elif defined(WOLFSSL_ESPIDF)
- if (file_name != NULL)
- ESP_LOGI("wolfssl", "[%s L %d] %s",
- file_name, line_number, logMessage);
- else
- ESP_LOGI("wolfssl", "%s", logMessage);
-#elif defined(WOLFSSL_ZEPHYR)
- if (file_name != NULL)
- printk("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- printk("%s\n", logMessage);
-#elif defined(WOLFSSL_TELIT_M2MB)
- if (file_name != NULL)
- M2M_LOG_INFO("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- M2M_LOG_INFO("%s\n", logMessage);
-#elif defined(WOLFSSL_ANDROID_DEBUG)
- if (file_name != NULL)
- __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "[%s L %d] %s",
- file_name, line_number, logMessage);
- else
- __android_log_print(ANDROID_LOG_VERBOSE, "[wolfSSL]", "%s",
- logMessage);
-#elif defined(WOLFSSL_XILINX)
- if (file_name != NULL)
- xil_printf("[%s L %d] %s\r\n", file_name, line_number, logMessage);
- else
- xil_printf("%s\r\n", logMessage);
-#elif defined(WOLFSSL_LINUXKM)
- if (file_name != NULL)
- printk("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- printk("%s\n", logMessage);
-#elif defined(WOLFSSL_RENESAS_RA6M4)
- if (file_name != NULL)
- myprintf("[%s L %d] %s\n", file_name, line_number, logMessage);
- else
- myprintf("%s\n", logMessage);
-#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
- defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
- STACK_SIZE_CHECKPOINT_MSG(logMessage);
-#else
+#elif defined(WOLFSSL_DEBUG_PRINTF)
if (log_prefix != NULL) {
if (file_name != NULL)
- fprintf(stderr, "[%s]: [%s L %d] %s\n",
+ WOLFSSL_DEBUG_PRINTF("[%s]: [%s L %d] %s\n",
log_prefix, file_name, line_number, logMessage);
else
- fprintf(stderr, "[%s]: %s\n", log_prefix, logMessage);
+ WOLFSSL_DEBUG_PRINTF("[%s]: %s\n", log_prefix, logMessage);
} else {
if (file_name != NULL)
- fprintf(stderr, "[%s L %d] %s\n",
+ WOLFSSL_DEBUG_PRINTF("[%s L %d] %s\n",
file_name, line_number, logMessage);
else
- fprintf(stderr, "%s\n", logMessage);
+ WOLFSSL_DEBUG_PRINTF("%s\n", logMessage);
}
+#elif defined(ARDUINO)
+ wolfSSL_Arduino_Serial_Print(logMessage);
+#elif defined(WOLFSSL_UTASKER)
+ fnDebugMsg((char*)logMessage);
+ fnDebugMsg("\r\n");
+#elif defined(STACK_SIZE_CHECKPOINT_MSG) && \
+ defined(HAVE_STACK_SIZE_VERBOSE) && defined(HAVE_STACK_SIZE_VERBOSE_LOG)
+ STACK_SIZE_CHECKPOINT_MSG(logMessage);
+#else
+ #error No log method defined.
#endif
}
}
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 9cdbdb697..dd191fb1a 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -6389,7 +6389,8 @@ WOLFSSL_TEST_VIS void wolfSSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */
WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
long sz, int format, int type, WOLFSSL* ssl,
- long* used, int userChain, int verify);
+ long* used, int userChain, int verify,
+ const char *source_name);
WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
int type, WOLFSSL* ssl, int userChain,
WOLFSSL_CRL* crl, int verify);
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index 49de70147..8b3cf0fd8 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -89,11 +89,6 @@ enum wc_FuncNum {
};
#endif
-#if defined(ARDUINO)
-/* implemented in Arduino wolfssl.h */
-extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
-#endif /* ARDUINO */
-
typedef void (*wolfSSL_Logging_cb)(const int logLevel,
const char *const logMessage);
@@ -157,6 +152,10 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
#define WOLFSSL_TIME(n) WC_DO_NOTHING
#endif
+#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_CERTIFICATE_LOADS)
+ #define WOLFSSL_DEBUG_CERTIFICATE_LOADS
+#endif
+
#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
#if defined(_WIN32)
#if defined(INTIME_RTOS)
@@ -268,6 +267,90 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
extern WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer;
#endif
+/* Port-specific includes and printf methods: */
+
+#if defined(ARDUINO)
+ /* implemented in Arduino wolfssl.h */
+ extern WOLFSSL_API int wolfSSL_Arduino_Serial_Print(const char* const s);
+#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
+ /* see wc_port.h for fio.h and nio.h includes */
+#elif defined(WOLFSSL_SGX)
+ /* Declare sprintf for ocall */
+ int sprintf(char* buf, const char *fmt, ...);
+#elif defined(WOLFSSL_DEOS)
+#elif defined(MICRIUM)
+ #if (BSP_SER_COMM_EN == DEF_ENABLED)
+ #include <bsp_ser.h>
+ #endif
+#elif defined(WOLFSSL_USER_LOG)
+ /* user includes their own headers */
+#elif defined(WOLFSSL_ESPIDF)
+ #include "esp_types.h"
+ #include "esp_log.h"
+#elif defined(WOLFSSL_TELIT_M2MB)
+ #include <stdio.h>
+ #include "m2m_log.h"
+#elif defined(WOLFSSL_ANDROID_DEBUG)
+ #include <android/log.h>
+#elif defined(WOLFSSL_XILINX)
+ #include "xil_printf.h"
+#elif defined(WOLFSSL_LINUXKM)
+ /* the requisite linux/kernel.h is included in linuxkm_wc_port.h, with
+ * incompatible warnings masked out.
+ */
+#elif defined(FUSION_RTOS)
+ #include <fclstdio.h>
+ #define fprintf FCL_FPRINTF
+#else
+ #include <stdio.h> /* for default printf stuff */
+#endif
+
+#if defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
+ int dc_log_printf(char*, ...);
+#endif
+
+#ifdef WOLFSSL_DEBUG_PRINTF
+ /* user-supplied definition */
+#elif defined(ARDUINO)
+ /* ARDUINO only has print and sprintf, no printf. */
+#elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
+ #define WOLFSSL_DEBUG_PRINTF(...) printf(__VA_ARGS__)
+#elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
+ #define WOLFSSL_DEBUG_PRINTF(...) dc_log_printf(__VA_ARGS__)
+#elif defined(MICRIUM)
+ #define WOLFSSL_DEBUG_PRINTF(...) BSP_Ser_Printf(__VA_ARGS__)
+#elif defined(WOLFSSL_MDK_ARM)
+ #define WOLFSSL_DEBUG_PRINTF(...) do { \
+ fflush(stdout); \
+ printf(__VA_ARGS__); \
+ fflush(stdout); \
+ } while (0)
+#elif defined(WOLFSSL_UTASKER)
+ /* WOLFSSL_UTASKER only has fnDebugMsg and related primitives, no printf. */
+#elif defined(MQX_USE_IO_OLD)
+ #define WOLFSSL_DEBUG_PRINTF(...) fprintf(_mqxio_stderr, __VAR_ARGS)
+#elif defined(WOLFSSL_APACHE_MYNEWT)
+ #define WOLFSSL_DEBUG_PRINTF(...) LOG_DEBUG(&mynewt_log, \
+ LOG_MODULE_DEFAULT, __VA_ARGS__)
+#elif defined(WOLFSSL_ESPIDF)
+ #define WOLFSSL_DEBUG_PRINTF(...) ESP_LOGI("wolfssl", __VA_ARGS__)
+#elif defined(WOLFSSL_ZEPHYR)
+ #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
+#elif defined(WOLFSSL_TELIT_M2MB)
+ #define WOLFSSL_DEBUG_PRINTF(...) M2M_LOG_INFO(__VA_ARGS__)
+#elif defined(WOLFSSL_ANDROID_DEBUG)
+ #define WOLFSSL_DEBUG_PRINTF(...) __android_log_print(ANDROID_LOG_VERBOSE, \
+ "[wolfSSL]", __VA_ARGS__)
+#elif defined(WOLFSSL_XILINX)
+ #define WOLFSSL_DEBUG_PRINTF(...) xil_printf(__VA_ARGS__)
+#elif defined(WOLFSSL_LINUXKM)
+ #define WOLFSSL_DEBUG_PRINTF(...) printk(__VA_ARGS__)
+#elif defined(WOLFSSL_RENESAS_RA6M4)
+ #define WOLFSSL_DEBUG_PRINTF(...) myprintf(__VA_ARGS__)
+#else
+ #define WOLFSSL_DEBUG_PRINTF(...) fprintf(stderr, __VA_ARGS__)
+#endif
+
#ifdef __cplusplus
}
#endif

9
meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.0.bb → meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb
View File

@ -6,19 +6,18 @@ DESCRIPTION = "wolfSSL, formerly CyaSSL, is a lightweight SSL library written \
HOMEPAGE = "https://www.wolfssl.com/products/wolfssl" HOMEPAGE = "https://www.wolfssl.com/products/wolfssl"
BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues" BUGTRACKER = "https://github.com/wolfssl/wolfssl/issues"
SECTION = "libs" SECTION = "libs"
LICENSE = "GPL-2.0-only" LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
PROVIDES += "cyassl" PROVIDES += "cyassl"
RPROVIDES:${PN} = "cyassl" RPROVIDES:${PN} = "cyassl"
SRC_URI = " \ SRC_URI = " \
git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master \ git://github.com/wolfSSL/wolfssl.git;protocol=https;branch=master;tag=v${PV}-stable \
file://0001-wolfssl-wolfcrypt-logging.h-and-wolfcrypt-src-loggin.patch \
file://run-ptest \ file://run-ptest \
" "
SRCREV = "b077c81eb635392e694ccedbab8b644297ec0285" SRCREV = "59f4fa568615396fbf381b073b220d1e8d61e4c2"
inherit autotools ptest inherit autotools ptest