* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.
linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.
linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.
src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.
src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.
wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().
tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.
Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
.github/workflows/codespell.yml: remove */README_jp.txt from "skip" list.
IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt: convert from SHIFT_JIS to UTF-8.
cmake/options.h.in: use "#cmakedefine HAVE_PTHREAD 1" to avoid conflict with config.h.
configure.ac: add --enable-c89, and remove !ENABLED_OPENSSLEXTRA dependency from AM_CONDITIONAL([BUILD_CRYPTONLY],...).
wolfcrypt/src/asn.c: refactor SetOthername() for efficiency, and add PRAGMA_GCC to suppress false positive -Wstringop-overflow associated with -fstack-protector.
wolfssl/wolfcrypt/rsa.h: add WC_ prefixes to RSA_PKCS1_PADDING_SIZE and RSA_PKCS1_OAEP_PADDING_SIZE, and define unprefixed compat aliases only if !OPENSSL_COEXIST.
wolfssl/wolfcrypt/types.h:
#ifdef WOLF_C89, #define WC_BITFIELD unsigned;
enhance WOLF_ENUM_DUMMY_LAST_ELEMENT() to include the line number, to construct unique labels given a per-filename argument, to accommodate anonymous enums.
examples/asn1/asn1.c:
examples/client/client.c:
examples/pem/pem.c:
examples/server/server.c:
wolfcrypt/src/sp_dsp32.c:
wolfcrypt/src/wc_port.c:
wolfssl/test.h:
use XMALLOC/XREALLOC/XFREE consistently, not malloc/realloc/free.
wolfcrypt/benchmark/benchmark.c:
wolfcrypt/src/memory.c:
wolfcrypt/test/test.c:
wolfssl/wolfcrypt/mem_track.h:
wolfssl/wolfcrypt/settings.h:
wolfssl/wolfcrypt/types.h:
annotate intentional native heap access with "/* native heap */".
wolfcrypt/src/asn.c:
wolfssl/callbacks.h:
wolfssl/openssl/ec.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/hpke.h:
wolfssl/wolfcrypt/types.h:
fix enum trailing commas.
wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/rsa.h:
wolfssl/openssl/ssl.h:
use WC_BITFIELD in bitfield elements, not byte or word16, to allow for pedantic C89 conformant builds.
wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/pem.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/logging.h:
avoid variadic macros wherever possible, and where unavoidable, #ifdef WOLF_NO_VARIADIC_MACROS, define them with empty arg lists, rather than ..., to support Watcom compiler.
wolfssl/wolfcrypt/settings.h: if defined(__WATCOMC__), define WOLF_NO_VARIADIC_MACROS.
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
rename WOLFSSL_MAX_RSA_BITS to WC_MAX_RSA_BITS, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h, preceding setup for WC_MAX_CERT_VERIFY_SZ.
configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm."
wolfcrypt/src/asn.c: fix trailing comma in enum.
wolfcrypt/src/port/arm/armv8-aes.c: fix wc_AesCcmEncrypt() and wc_AesCcmDecrypt() for test_wolfssl_EVP_aes_ccm_zeroLen().
add config-time assert for "dual-alg-certs is incompatible with --enable-cryptonly.";
remove obsolete config-time check for "--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.";
linuxkm/linuxkm_wc_port.h: add fallback definitions for INT32_MAX and UINT32_MAX;
linuxkm/module_exports.c.template: add wolfssl/openssl/fips_rand.h;
wolfssl/wolfcrypt/settings.h: add #undef HAVE_ATEXIT to WOLFSSL_LINUXKM settings;
wolfssl/wolfcrypt/types.h: fix trailing comma in the DYNAMIC_TYPE_* enum.
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.
examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
No functional changes.
Several compat symbols that were formerly enums are now macros.
All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.
wolfcrypt/test/test.c is similarly refactored to use only native symbols.
examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
configure.ac and src/include.am: add ENABLED_ARM_THUMB, BUILD_ARM_THUMB, BUILD_ARM_NONTHUMB, ENABLED_ARM_64, BUILD_ARM_64, ENABLED_ARM_32. and BUILD_ARM_32, and use them to gate building of ARM asm files, to fix "ISO C forbids an empty translation unit" warnings (the warning only affects inline asm files, but the gating is deployed more widely).
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.
src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).
wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.
wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
Daniel Pouzzner
Sean Parkinson
David Garske
JacobBarthelmeh
Ruby Martin
Juliusz Sosinowicz
Andras Fekete
Hideki Miyazaki
Colton Willey