Updated release notes for added ec_point_formats extension. Fix for…

… setting serial number with random data where the MSB was cleared and resulted in a zero. Fix for build type mismatch error in wolfCrypt test with ed25519 and WOLFSSL_TEST_CERT defined.
wolfSSL · Oct 23, 2017 · 2dfad09 · 2dfad09
1 parent 96667b4
commit 2dfad09
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 4 deletions.
diff --git a/README b/README
@@ -35,12 +35,13 @@ before calling wolfSSL_new();  Though it's not recommended.
 *** end Notes ***
 
 
-********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/20/2017)
+********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 Release 3.12.2 of wolfSSL has bug fixes and new features including:
 
 This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
 
+- Added TLS extension for Supported Point Formats (ec_point_formats)
 - Fix to not send OCSP stapling extensions in client_hello when not enabled
 - Added new API's for disabling OCSP stapling
 - Add check for SIZEOF_LONG with sun and LP64

diff --git a/README.md b/README.md
@@ -38,12 +38,13 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
-# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/20/2017)
+# wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 ## Release 3.12.2 of wolfSSL has bug fixes and new features including:
 
 This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. New single precision math option to speedup RSA, DH and ECC. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A. AES now supports XTS mode for disk encryption. Certificate improvements for setting serial number, key usage and extended key usage. Refactor of SSL_ and hash types to allow openssl coexistence. Improvements for TLS 1.3. Fixes for OCSP stapling to allow disable and WOLFSSL specific user context for callbacks. Fixes for openssl and MySQL compatibility. Updated Micrium port. Fixes for asynchronous modes.
 
+* Added TLS extension for Supported Point Formats (ec_point_formats)
 * Fix to not send OCSP stapling extensions in client_hello when not enabled
 * Added new API's for disabling OCSP stapling
 * Add check for SIZEOF_LONG with sun and LP64

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -6417,9 +6417,13 @@ WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output)
     i += SetLength(snSzInt, &output[i]);
     XMEMCPY(&output[i], sn, snSzInt);
 
+    /* make sure number is positive */
     if (snSzInt > 0) {
-        /* ensure positive (MSB not set) */
+        /* clear MSB bit */
         output[i] &= ~0x80;
+        /* handle zero case... make 1 */
+        if (output[i] == 0)
+            output[i] = 0x01;
     }
 
     /* compute final length */

diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -12880,7 +12880,7 @@ static int ed25519_test_cert(void)
 #endif /* HAVE_ED25519_VERIFY */
     int          ret;
     byte*        tmp;
-    int          bytes;
+    size_t       bytes;
     FILE*        file;
 
     tmp = XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);