linuxkm/module_exports.c.template: include wolfssl/wolfcrypt/wolfmath.h, to bring in wc_GetMathInfo() prototype;
src/ssl.c: move "Global pointer to constant BN on" to src/ssl_bn.c; and in wolfSSL_Cleanup(), call the new wolfSSL_BN_free_one() rather than using ad hoc cleanup logic;
src/ssl_bn.c: add bn_one and wolfSSL_BN_free_one();
src/ssl_asn1.c: fix bugprone-macro-parentheses in bufLenOrNull(); refactor wolfSSL_ASN1_TIME_diff() to avoid floating point math; use intermediate tm_year variable in wolfssl_asn1_time_to_tm() to avoid target-specific type conflicts on tm->tm_year; use "FALL_THROUGH", not "/* fall-through */", in wolfSSL_ASN1_TYPE_set (clang-diagnostic-implicit-fallthrough);
wolfcrypt/src/ecc.c: fix identicalInnerCondition in ecc_mul2add();
wolfcrypt/src/integer.c: refactor OPT_CAST()s in mp_grow() to unconditional casts as elsewhere, to mollify a confused cppcheck-all-intmath;
tests/api.c: reformat some overlong lines.
configure.ac: remove implied --disable-examples when --disable-inline;
tests/api.c: always include wolfcrypt/src/misc.c;
wolfcrypt/src/misc.c: use WC_MISC_STATIC to designate staticness of the misc functions;
wolfssl/wolfcrypt/misc.h: define WC_MISC_STATIC to empty or static depending on #ifdef NO_INLINE or not (respectively);
wolfssl/wolfcrypt/types.h: #ifdef NO_INLINE, #define WC_INLINE WC_MAYBE_UNUSED, and move the definitions of WARN_UNUSED_RESULT and WC_MAYBE_UNUSED above the definition of WC_INLINE for clarity;
wolfssl/wolfcrypt/mem_track.h: always declare TrackMalloc() et al static (no functional change, because the state and callback bindings were and remain unconditionally static, but previously #ifdef NO_INLINE the functions were globals, leading to multiple definitions.
* Check for circular dependencies in compatibility headers
* Run header check only when ENABLED_OPENSSLEXTRA
* Add missing include
* Pedantic compilers don't like empty translation units
* Fix macro guards
* wolfcrypt/test/test.{c,h}: refactor to capture and encode error retvals using WC_TEST_RET_*() macros (based on line numbers), and print line and return code in err_sys().
* wolfcrypt/test/test.h: cast back to int in WC_TEST_RET_ENC(), to fix MSVC warning.
* configure.ac: add shake128 and shake256 to enable-all and enable-all-crypto;
* wolfcrypt/benchmark/benchmark.c: fix gating for bench_shake128() from !defined(WOLFSSL_NO_SHAKE128) to defined(WOLFSSL_SHAKE128).
* wolfcrypt/test/test.h: add WC_TEST_RET_TAG_* and WC_TEST_RET_DEC_TAG(), and refactor WC_TEST_RET_{ENC,DEC}_*() macros to implement the tag mechanism;
* add render_error_message() with tag-specific rendering of error strings;
* wolfcrypt/test/test.c: smallstack refactor of shake128_test() and shake128_absorb_test();
* wolfcrypt/test/test.c: change gating around mp_test() and related routines from defined(HAVE_VALGRIND) to defined(WOLFSSL_PUBLIC_MP);
* smallstack refactor of mp_test();
* refactor a slew of WC_TEST_RET_ENC_NC associated with XFOPEN/XFREAD to be WC_TEST_RET_ENC_ERRNO, and add error detection for XFREAD (previously silently tolerating zero retvals).
* wolfcrypt/test/test.c: build mp_test() only if WOLFSSL_SP_MATH_ALL or USE_FAST_MATH (in addition to WOLFSSL_PUBLIC_MP), because many general purpose functions such as sp_mulmod() are gated out in SP builds without WOLFSSL_SP_MATH_ALL.
* wolfcrypt/test/test.c: fix array bounds flubs in shake128_test();
* don't print_fiducials() in wolfcrypt_test() header, but rather, after render_error_message() in err_sys().
* wolfcrypt/test/test.{c,h}: wrap some overlong lines, and fix an unused-variable warning in mp_test_set_is_bit().
* wolfcrypt/test/test.c: fixes for several misplaced and several missing WC_TEST_RET_ENC_EC()s.
* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
* Support rwlock
* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE
* Implement read lock
- Use read lock for the SessionCache
- Don't copy the
* TLS 1.3: Don't push ticket to cache if we don't retrieve from it
* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER
* Implement explicit rwlocks
- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.
* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock
* condLock not necessary after all
* Use configure.ac to check for pthread_rwlock_destroy support
* Can't include config.h in wc_port.h as that breaks make distcheck
* Check for pthread_rwlock_t to determine if rwlock is available
* Code review
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
./configure --enable-wolfssh --enable-cryptonly \
--disable-asn --disable-rsa --disable-ecc
./configure --disable-asn --disable-rsa --disable-ecc --enable-psk
./configure --enable-cryptonly --disable-asn --disable-rsa --disable-ecc
1. Fails compiling the KDF file, can't find c32toa inline function.
2. In configure, move the check for ECC when ASN is disabled up to the
other ASN checks. It also needs to be checked with cryptonly is
disabled.
add support for EXTRA_CPPFLAGS, EXTRA_CCASFLAGS, and EXTRA_LDFLAGS;
fix typo in setup for CFLAG_VISIBILITY;
lightly refactor handling of CPPFLAGS/AM_CPPFLAGS in handlers for --with-liboqs, --with-wnr, and --with-cavium;
refactor+enhance options.h generation to handle -U directives.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
David Garske
Daniel Pouzzner
Jacob Barthelmeh
Sean Parkinson
Juliusz Sosinowicz
Lealem Amedie
Juliusz Sosinowicz
Kaleb Himes
tmael
jordan
Eric Blankenhorn
John Safranek
Chris Conlon