Time-Stamp Protocol (RFC 3161)

[SparkiDev]

Description

Implementation in wolfCrypt
OpenSSL compatibility layer in wolfSSL
Added tests, certificates, examples.

Testing

Different configuration with --enable-tsp.

[github-actions]

MemBrowse Memory Report

gcc-arm-cortex-m0plus

• FLASH: .text +40 B (+0.1%, 63,535 B / 262,144 B, total: 24% used)

gcc-arm-cortex-m3

• FLASH: .text +32 B (+0.0%, 121,441 B / 262,144 B, total: 46% used)

gcc-arm-cortex-m4

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +64 B (+0.1%, 199,178 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m4-baremetal

• FLASH: .text +64 B (+0.1%, 66,123 B / 262,144 B, total: 25% used)

gcc-arm-cortex-m4-crypto-only

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B (+0.0%, 173,736 B / 262,144 B, total: 66% used)

gcc-arm-cortex-m4-dtls13

• FLASH: .text +64 B (+0.0%, 179,864 B / 1,048,576 B, total: 17% used)

gcc-arm-cortex-m4-openssl-compat

• FLASH: .rodata +56 B, .text +128 B (+0.0%, 768,316 B / 1,048,576 B, total: 73% used)

gcc-arm-cortex-m4-pkcs7

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +64 B (+0.1%, 211,499 B / 262,144 B, total: 81% used)

gcc-arm-cortex-m4-pq

• FLASH: .rodata +68 B, .text +64 B (+0.0%, 278,068 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m4-rsa-only

• FLASH: .rodata +64 B, .text +64 B (+0.0%, 323,600 B / 1,048,576 B, total: 31% used)

gcc-arm-cortex-m4-tls13

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B (+0.0%, 234,812 B / 262,144 B, total: 90% used)

gcc-arm-cortex-m7

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B (+0.0%, 199,114 B / 262,144 B, total: 76% used)

gcc-arm-cortex-m7-pq

• FLASH: .rodata +68 B, .text +64 B (+0.0%, 278,644 B / 1,048,576 B, total: 27% used)

gcc-arm-cortex-m7-tls13

• FLASH: .rodata.CSWTCH.1 +4 B, .rodata.str1.1 +58 B, .text +64 B (+0.1%, 234,876 B / 262,144 B, total: 90% used)

linuxkm-standard

• Data: __patchable_function_entries +8 B (+0.0%, 46,016 B)

stm32-sim-stm32h753

• FLASH: .text +256 B (+0.1%, 181,940 B / 2,097,152 B, total: 9% used)
  No memory changes detected for:
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12
• linuxkm-pie

[SparkiDev]

Jenkins: retest this please

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10778

Scan targets checked: wolfcrypt-bugs, wolfcrypt-port-bugs, wolfcrypt-rs-bugs, wolfcrypt-src, wolfssl-bugs, wolfssl-src
Findings: 2
1 finding(s) posted as inline comments (see file-level comments below)

Low (1)

asn_orig.c DecodeExtKeyUsage skips counting unrecognized OIDs

File: wolfcrypt/src/asn_orig.c:3959
Function: DecodeExtKeyUsage
Category: Copy-paste errors

The original-parser DecodeExtKeyUsage does continue on ASN_UNKNOWN_OID_E, bypassing the extExtKeyUsageOidCnt increment, so unknown KeyPurposeIds are not counted — contradicting its own comment and diverging from the template version in asn.c which does count them. A cert with timeStamping plus an extra unknown EKU would report count 1 and wrongly pass Tsp_CheckSignerCert's extExtKeyUsageOidCnt != 1 gate.

Recommendation: Count the OID before continue (or increment in the unknown-OID branch) so the original parser matches the template version's count semantics.

Referenced code: wolfcrypt/src/asn_orig.c:3959-3965 (7 lines)

---

This review was generated automatically by Fenrir. Findings are non-blocking.

[SparkiDev]

DecodeExtKeyUsage fixed