api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
Initial wolfSSL implementation of LMS.
Changed LMS benchmarking to time making a key and reloading.
SHA-256:
Added wc_Sha256HashBlock to make hashing a block fast.
Fixed assembly code to be able to hash a block from an external
buffer.
Simplified code were possible.
Moved byte reversal decision logic to one place instead of replicating
length checks.
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().
src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().
tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it. smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails. by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.
ED448: smallstack refactor of ge448_scalarmult_base().
src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.
wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.
wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.
linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.
linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.
linuxkm/module_hooks.c: remove inline include of benchmark.c.
- wc_ecc_shared_secret_ssh should either be declared or not. Having two different signatures for the same function is error prone.
- Don't use wc_ecc_shared_secret_ssh in our code. Use wc_ecc_shared_secret directly.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.
linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.
wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.
wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
* add srtp to enable-all
* add srtp-kdf to enable-all-crypto
* fix typo in enable-all[-crypto] where ENABLED_FIPS was used when FIPS_VERSION was needed.
* in enable-all[-crypto], conditionalize aesxts on !FIPS || FIPS_VERSION == dev.
* move AES-XTS CFLAG setup after FIPS settings, to allow non-dev FIPS to force it off, and add clause to FIPS v5 setup to do that.
* in FIPS v5 setup, add AES-XTS to the list of modes that forces -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB.
wolfcrypt/src/kdf.c: fix several benign -Wconversions.
wolfcrypt/test/test.c: add aes_cfb_test() and aes_xts_test() as top-level tests with separate "pass" messages, for transparency that those modes have indeed been tested in builds that activate them.
* support AES_ENCRYPTION_AND_DECRYPTION only if WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS is defined, and define it in linuxkm_wc_port.h if LINUXKM_LKCAPI_REGISTER.
* fix a typo in km_AesInitCommon().
* remove #if 0 code in lkcapi_glue.c.
linuxkm/lkcapi_glue.c (added in earlier commit):
implement linuxkm_lkcapi_register() and linuxkm_lkcapi_unregister() with idempotency.
add AES-XTS algorithm glue and self-test implementations.
add per-algorithm gating: LINUXKM_LKCAPI_REGISTER_AESCBC, _AESCFB, _AESGCM, and _AESXTS.
carry forward philljj's implementations for AES-CBC, AES-CFB, and AES-GCM, with various cleanups.
linuxkm/module_hooks.c:
print the "wolfCrypt container hashes" message only if DEBUG_LINUXKM_PIE_SUPPORT is set.
render the FIPS version for the self-test success message using the HAVE_FIPS_VERSION* macros.
add a "skipping full wolfcrypt_test() ..." message for --disable-crypttests builds.
add CONFIG_FORTIFY_SOURCE gates.
configure.ac:
add support for --enable-linuxkm-lkcapi-register;
add AES-XTS to output config summary;
rename --enable-xts to --enable-aesxts (retaining old option for backward compatibility).
linuxkm/linuxkm_wc_port.h: add support for CONFIG_FORTIFY_SOURCE.
linuxkm/linuxkm_memory.c:
fix retvals in save_vector_registers_x86() (wc-style MEMORY_E, not sys-style ENOMEM).
add __my_fortify_panic() implementation.
linuxkm/Kbuild: for ENABLED_LINUXKM_PIE in rename-pie-text-and-data-sections recipe, create an .rodata.wolfcrypt section.
linuxkm/include.am: add linuxkm/lkcapi_glue.c to EXTRA_DIST.
wolfcrypt/test/test.c:
when defined(HAVE_FIPS_VERSION), inhibit a test clause in aes_xts_128_test() disallowed by FIPS ("FIPS AES-XTS main and tweak keys must differ").
fix out-of-order user message in ecc_test().
* add explanation in DoSessionTicket() re autoVariables.
* re-refactor ECC_KEY_MAX_BITS() in ecc.c to use two separate macros, ECC_KEY_MAX_BITS() with same definition as before, and ECC_KEY_MAX_BITS_NONULLCHECK().
* in rsip_vprintf() use XVSNPRINTF() not vsnprintf().
* in types.h, fix fallthrough definition of WC_INLINE macro in !NO_INLINE cascade to be WC_MAYBE_UNUSED as it is when NO_INLINE.
* fix null pointer derefs in wc_InitRsaKey_Id() and wc_InitRsaKey_Label() (nullPointerRedundantCheck).
* fix use of wrong printf variant in rsip_vprintf() (wrongPrintfScanfArgNum).
* fix wrong printf format in bench_xmss_sign_verify() (invalidPrintfArgType_sint).
* add missing WOLFSSL_XFREE_NO_NULLNESS_CHECK variants of XFREE() (WOLFSSL_LINUXKM, FREESCALE_MQX, FREESCALE_KSDK_MQX).
* suppress false-positive uninitvar on "limit" in CheckTLS13AEADSendLimit().
* suppress true-but-benign-positive autoVariables in DoClientHello().
* in wolfcrypt/src/ecc.c, refactor ECC_KEY_MAX_BITS() as a local function to resolve true-but-benign-positive identicalInnerCondition.
* refactor flow in wc_ecc_sign_hash_ex() to resolve true-but-benign-positive identicalInnerCondition.
* in wolfssl/ssl.h, add missing arg names to wolfSSL_CTX_set_tlsext_use_srtp(), wolfSSL_set_tlsext_use_srtp(), and wolfSSL_export_dtls_srtp_keying_material();
* in wolfcrypt/src/kdf.c, call wc_AesFree if and only if wc_AesInit() succeeded;
* in src/ssl.c:DtlsSrtpSelProfiles(), fix bugprone-inc-dec-in-conditions;
* in tests/suites.c:execute_test_case(), fix several -Wdeclaration-after-statement and -Wmissing-field-initializers;
* in wolfcrypt/test/test.c, fix a shiftTooManyBitsSigned warning in srtpkdf_test(), and fix a typo (kaSz/ksSz).
Sean Parkinson
Daniel Pouzzner
Brett Nicholas
gojimmypi
JacobBarthelmeh
Anthony Hu
Juliusz Sosinowicz
David Garske
jordan
Brett Nicholas
Lealem Amedie
Chris Conlon
Eric Blankenhorn