Merge pull request #474 from danielinux/update-submodules-5.7.2

Prepare release 2.2.0
wolfSSL · Jul 22, 2024 · 8b1babb · 8b1babb
2 parents 8a5c039 + 51fe05c
commit 8b1babb
Show file tree

Hide file tree

Showing 8 changed files with 66 additions and 26 deletions.
diff --git a/.github/workflows/footprint.yml b/.github/workflows/footprint.yml
@@ -8,7 +8,7 @@ on:
 
 jobs:
   footprint_test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v2

diff --git a/README.md b/README.md
@@ -588,3 +588,37 @@ Use `make keysclean` to delete keys and regenerate.
     * wolfSSL v5.7.0
     * wolfPKCS11 v1.3.0
     * wolfTPM v3.2.0
+
+### V 2.2.0 - (2024-07-22)
+  * New hardware targets
+    * Add STM32H5 port with support for Dual-bank, OTP, TrustZone-M
+    * Add native support for Renesas RX family, using gcc toolchain
+  * Improvements to supported targets
+    * NXP i.MX-RT:
+      * New flash geometry configurations
+      * Support for LPUART4
+      * Add port for RT1061
+      * Disable DCACHE upon flash access
+      * Support for building with HAB
+    * STM32:
+      * Refactoring of TrustZone-M support
+      * OTP driver for STM32H5/H7
+      * Full firmware update demo on STM32H5
+      * Add support for QSPI in STM32U5
+    * Renesas RZ:
+      * Add support for RSIP
+    * x86-64 (FSP):
+      * Improve x86-64 specific code, add features
+      * Clean-up and re-arrange scripts for qemu demo
+  * Post-quantum crypto
+    * LMS and XMSS support now using native wolfCrypt implementation
+  * Tools improvements
+    * Keystore: now supports .der ECC key via `--der`
+    * Add `otp_primer` firmware, to provision keystores in OTP
+    * Add `otp_gen` tool to provide a pre-assembled keystore to flash into OTP
+  * Bug fixes
+    * Fix regression in x86-EFI builds
+    * Fix setting `VTOR_NS` when staging a non-secure app/os from TrustZone
+    * Fix delta updates: patches with invalid base versions were not discarded
+    * Fix potential array bound overflow in `NVM_FLASH_WRITEONCE` mode
+    * Fix dereferencing type-punned pointer in flash update
diff --git a/include/wolfboot/version.h b/include/wolfboot/version.h
@@ -29,8 +29,8 @@ extern "C" {
 #endif
 
 
-#define LIBWOLFBOOT_VERSION_STRING "2.1.0"
-#define LIBWOLFBOOT_VERSION_HEX 0x02010000
+#define LIBWOLFBOOT_VERSION_STRING "2.2.0"
+#define LIBWOLFBOOT_VERSION_HEX 0x02020000
 
 #ifndef WOLFBOOT_VERSION
     #define WOLFBOOT_VERSION LIBWOLFBOOT_VERSION_HEX

diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11
diff --git a/lib/wolfTPM b/lib/wolfTPM
diff --git a/lib/wolfssl b/lib/wolfssl
diff --git a/tools/test.mk b/tools/test.mk
@@ -983,29 +983,37 @@ test-all: clean
 
 
 test-size-all:
-	make test-size SIGN=NONE LIMIT=4913
+	make test-size SIGN=NONE LIMIT=4816
 	make keysclean
-	make test-size SIGN=ED25519 LIMIT=11529
+	make test-size SIGN=ED25519 LIMIT=11396
 	make keysclean
-	make test-size SIGN=ECC256  LIMIT=17857
+	make test-size SIGN=ECC256  LIMIT=17936
+	make clean
+	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13480
 	make keysclean
-	make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13593
+	make test-size SIGN=RSA2048 LIMIT=11124
+	make clean
+	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11696
 	make keysclean
-	make test-size SIGN=RSA2048 LIMIT=11217
+	make test-size SIGN=RSA4096 LIMIT=11408
+	make clean
+	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11984
 	make keysclean
-	make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11797
+	make test-size SIGN=ECC384 LIMIT=17504
+	make clean
+	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14872
 	make keysclean
-	make test-size SIGN=RSA4096 LIMIT=11497
+	make test-size SIGN=ED448 LIMIT=13408
 	make keysclean
-	make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12093
+	make test-size SIGN=RSA3072 LIMIT=11264
+	make clean
+	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11804
 	make keysclean
-	make test-size SIGN=ECC384 LIMIT=17309
+	make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \
+		WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \
+		IMAGE_HEADER_SIZE?=5288 LIMIT=7424
 	make keysclean
-	make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15013
-	make keysclean
-	make test-size SIGN=ED448 LIMIT=13645
-	make keysclean
-	make test-size SIGN=RSA3072 LIMIT=11353
-	make keysclean
-	make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11905
+	make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \
+		IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \
+		LIMIT=8220
 	make keysclean
diff --git a/tools/xmss/xmss_common.h b/tools/xmss/xmss_common.h
@@ -48,8 +48,7 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co
         /* Create the file if it didn't exist. */
         file = fopen(filename, "w+");
         if (!file) {
-            fprintf(stderr, "error: fopen(%s, \"w+\") failed: %d\n", filename,
-                    ferror(file));
+            fprintf(stderr, "error: fopen(%s, \"w+\") failed.\n", filename);
             return WC_XMSS_RC_WRITE_FAIL;
         }
     }
@@ -72,8 +71,7 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co
      * storage correctly. */
     file = fopen(filename, "r+");
     if (!file) {
-        fprintf(stderr, "error: fopen(%s, \"r+\") failed: %d\n", filename,
-                ferror(file));
+        fprintf(stderr, "error: fopen(%s, \"r+\") failed.\n", filename);
         return WC_XMSS_RC_WRITE_FAIL;
     }