- Use unions for type punning in xor API
- Initialise potentially uninitialised variables
- Use `LL` suffix to specify a larger integer type
- Don't use `max` as it can shadow other definitions
Add support for:
- SM2 elliptic curve and SM2 sign/verify
- SM3 digest
- SM4 cipher with modes ECB/CBC/CTR/GCM/CCM
Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
Tested with `./configure --disable-asm --enable-32bit --enable-asn=original --enable-cryptonly CFLAGS="-Wconversion -pedantic" && make`. Some progress with ASN template, but not complete.
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
configure.ac: remove implied --disable-examples when --disable-inline;
tests/api.c: always include wolfcrypt/src/misc.c;
wolfcrypt/src/misc.c: use WC_MISC_STATIC to designate staticness of the misc functions;
wolfssl/wolfcrypt/misc.h: define WC_MISC_STATIC to empty or static depending on #ifdef NO_INLINE or not (respectively);
wolfssl/wolfcrypt/types.h: #ifdef NO_INLINE, #define WC_INLINE WC_MAYBE_UNUSED, and move the definitions of WARN_UNUSED_RESULT and WC_MAYBE_UNUSED above the definition of WC_INLINE for clarity;
wolfssl/wolfcrypt/mem_track.h: always declare TrackMalloc() et al static (no functional change, because the state and callback bindings were and remain unconditionally static, but previously #ifdef NO_INLINE the functions were globals, leading to multiple definitions.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
in api.c test_wolfSSL_dtls12_fragments_spammer(), inhibit clang-analyzer-deadcode.DeadStores;
in asn.c ParseCRL_Extensions() old (!WOLFSSL_ASN_TEMPLATE) version, fix bounds check to prevent overshift;
in misc.c ctMaskCopy(), use `*(x + i)`, not x[i], to tiptoe around cppcheck-2.9 objectIndex bug.
as word64 is not always available, introduce an abstract type and companion
operations. They use a word64 if available and fallback on word32[2] otherwise.
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;
wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);
configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;
configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;
tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;
tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);
wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;
wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;
src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
For byte order reverse and rotation we have builtins
in the CC-RX compiler.
Especially when rotating registers with fixed amounts
this can be compiled efficiently into opcodes with
embedded values for shift (without needing other registers).
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
Right shift of a negative value is undefined.
Add an 'int' return version of constant time greater than equal.
Change equal and not equal to be constant time in more situations.
Sean Parkinson
Juliusz Sosinowicz
Daniel Pouzzner
David Garske
Jacob Barthelmeh
Anthony Hu
Marco Oliverio
Elms
René Liebscher
John Safranek
Chris Conlon
Tesfa Mael
DKubasekRA
Takashi Kojo