Require the ciphertext length to match the RSA modulus before copying into the AF_ALG Xilinx stack buffer, preventing oversized inputs from overflowing the aligned scratch space.
Implementation of FinalRaw for SE050 was not usable - TLS_hmac did not
produce valid results.
Removed implementations and defining WOLFSSL_NO_HASH_RAW to compile to
not require FinalRaw APIs.
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.
tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.
aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.
Fix tests to have better pre-processor protection.
Add macros to make the code simpler around allocating from dynamic
memory when WOLFSSL_SP_SMALL_STACK is defined.
Change over to using macros where it makes sense.
- Introduced conditional compilation for PSoC6 crypto support across SHA1, SHA2, SHA3 implementations.
- Ensured proper mutex locking for concurrent access to hardware resources during hash operations.
- Added public key creation functionality if only private key is provided in ECDSA verify function (psoc6_ecc_verify_hash_ex).
- Updated ECC parameter size handling to fix incorrect endianness conversions in psoc6_ecc_verify_hash_ex().
- Added README for PSOC6 port.
configure.ac:
* add ML-KEM, ML-DSA, XMSS, and LMS to --enable-all-crypto when !ENABLED_FIPS.
* swap order of --enable-kyber and --enable-mlkem handler code to put mlkem first.
* add --enable-mldsa hander code.
* remove setup code that was adding -DWOLFSSL_NO_TLS12 and -DNO_OLD_TLS to
AM_CFLAGS when ENABLED_CRYPTONLY -- NO_OLD_TLS is already defined earlier for
when ENABLED_CRYPTONLY, and WOLFSSL_NO_TLS12 breaks wc_PRF_TLS(), which is
inside-the-FIPS-boundary crypto.
linuxkm/linuxkm_wc_port.h:
* adopt the WC_SANITIZE_DISABLE and WC_SANITIZE_ENABLE setup code from
settings.h (where it didn't belong).
* fix FIPS remapping of wc_InitMutex&friends to InitMutex&friends -- inhibit
when WOLFSSL_API_PREFIX_MAP.
wolfcrypt/src/ge_operations.c: add _wc_curve25519_dummy() to fix visibility of
curve25519().
wolfcrypt/src/poly1305.c: fix visibility of several unprefixed helper routines.
wolfcrypt/test/test.c: fix gating on tls12_kdf_test() and prf_test() (both
require !WOLFSSL_NO_TLS12).
wolfssl/internal.h, wolfssl/wolfio.h: add several WOLFSSL_API_PREFIX_MAPs.
wolfssl/wolfcrypt/ge_operations.h: fix visibility of several internal asm
functions.
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, add gates to avoid redef
warnings for various settings, and remove the setup for
WC_SANITIZE_{DISABLE,ENABLE} (moved to linuxkm_wc_port.h as noted above).
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API_PREFIX_MAPs for InitMutex() and
friends.
define WOLFSSL_API_PREFIX_MAP in WOLFSSL_LINUXKM setup in settings.h;
fix gates on WOLFSSL_HAVE_PRF and WOLFSSL_NO_CT_OPS setup in settings.h;
linuxkm/: add support for FIPS_OPTEST.
