wolfPKCS11 Release 1.2 (Dec 26, 2023)

Summary

Adds backend support for TPM 2.0 using wolfTPM. Adds AES CBC key wrap / unwrap support. Portability improvements. Improved testing with GitHub Actions.

Detail

• Cleanups for minor cast warning, spelling and ignore for generated test files (PR #14)
• Added support for wrap/unwrap RSA with aes_cbc_pad. (PR #15)
• Fixed setting of label for public key after creation (init ECC objects before decoding) (PR #16)
• Flush writes in key store. (PR #17)
• Added build options for embedded use (PR #18)
  • WOLFSSL_USER_SETTINGS to avoid including wolfssl/options.h
  • WOLFPKCS11_USER_SETTINGS to avoid including wolfPKCS11/options.h
  • WOLFPKCS11_NO_TIME to make wc_GetTime() optional (it disables brute-force protections on token login)
• Reset failed login counter only with WOLFPKCS11_NO_TIME (PR #18)
• Fixed argument passing in SetMPI/GetMPIData (PR #19)
• Fixed NO_DH ifdef gate when freeing PKCS11 object (PR #20)
• Added GitHub CI action (PR #21)
• Fixed warnings from ./autogen.sh. Updated m4 macros. (PR #21)
• Added additional GitHub CI action tests. (PR #22)
• Added wolfPKCS11 support for using TPM 2.0 module as backend. Uses wolfTPM and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 (PR #23)
• Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded. (PR #23)
• Added PKCS11 TPM NV store (enabled with WOLFPKCS11_TPM_STORE). Allow WOLFPKCS11_NO_STORE for TPM use case. (PR #23)
• Fixed compiler warnings from mingw. (PR #23)
• Added portability macro WOLFPKCS11_NO_ENV when setenv/getenv are not available. (PR #23)
• Fix to only require -ldl for non-static builds. (PR #23)
• Portability fixes. Added NO_MAIN_DRIVER. Support for SINGLE_THREADED. Add static to some globals. (PR #24)
• Fixes for portability where XREALLOC is not available. (PR #25)
• Added support for custom setenv/get env using WOLFPKCS11_USER_ENV. (PR #25)
• Fix for final not being called after init in edge case pin failure. (PR #25)
• Added support for hashing PIN with SHA2-256.
  • PKS11 uses scrypt, which uses multiple MB of memory and is not practical for embedded systems. (PR #25)