Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.
Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.
WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
Use the Ed25519 base smul in Curve25519 base mul and covert to
Montogmery curve for a faster implementation.
Only when Ed25519 is compiled in or WOLFSSL_CURVE25519_USE_ED25519 is
defined.
When compiling Intel x64 assembly and Aarch64 assembly, always define
WOLFSSL_CURVE25519_USE_ED25519.
Can't use with blinding - normal C implementation.
Optimized the Curve25519 smul slightly for Intel x64 and Aarch64.
Improved the conditional table lookup on Intel x64 to use AVX2 when
available.
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
Adds two features for SE050:
1. `WOLFSSL_SE050_AUTO_ERASE`. When enabled, this will automatically
erase a key from the SE050 when `wc_ecc_free()` and friends are
called.
2. `WOLFSSL_SE050_NO_RSA`. This stops RSA offloading onto the SE050,
useful for the SE050E which does not have RSA support.
wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs: update for new calling conventions around wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey, and the corresponding delete functions.
wolfssl/wolfcrypt/aes.h: add Aes.streamData_sz;
src/tls13.c: fix devId passed to wc_HmacInit() in CreateCookieExt() and TlsCheckCookie();
src/keys.c: in SetKeys(), call wc_HmacInit() on hmacs only if newly allocated;
wolfcrypt/src/aes.c:
* in wc_Gmac(), wc_GmacVerify(), and AesSivCipher(), use wc_AesNew() and wc_AesDelete();
* in wc_AesInit(), zero the object on entry, and remove superseded piecemeal initializations to zero;
* in wc_AesFree(), zero aes->streamData, and zero the entire object as final cleanup;
wolfcrypt/src/curve25519.c: in wc_curve25519_free(), zero the entire object rather than zeroing piecemeal;
wolfcrypt/test/test.c:
* add fallback implementations (for old FIPS) of wc_HashNew(), wc_HashDelete(), wc_curve25519_new(), wc_curve25519_delete(), wc_ed25519_new(), and wc_ed25519_delete();
* update constructor calls throughout for new semantics;
* refactor ed25519_test() for proper cleanup and error encoding.
add delete APIs, matching recently added wc_AesNew, wc_curve25519_new, wc_ed25519_new, wc_HashNew, and wc_NewRsaKey:
* wc_AesDelete()
* wc_HashDelete()
* wc_DeleteRsaKey()
* wc_curve25519_delete()
* wc_ed25519_delete()
* remove handling in corresponding preexisting free APIs for recently added .isAllocated member -- this restores preexisting semantics;
* add WC_NO_CONSTRUCTORS gate, and auto-activate it when NO_WOLFSSL_MEMORY && WOLFSSL_NO_MALLOC (unless preempted by XMALLOC_USER or XMALLOC_OVERRIDE);
* exclude recently added .isAllocated members from wolfcrypt structs when defined(WC_NO_CONSTRUCTORS);
* adjust wolfcrypt/test/test.c for consistency with the above, and fix cleanup codes/dynamics in several tests.
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
Check that the Ed25519 and Ed448 public key is valid even without
private key.
Perform pairwise consistency test, only in FIPS, when making a key i
Ed25519 and Ed448.
Add support for compiling ASM for Thumb2
Add Curve25519 ASM for Thumb2
Limit assembly code compiled when Ed25519 not required.
Rework all assembly implementations to replace ge_*() functions instead
of having fe_ge_*() versions that take many parameters.
Get ARM32 inline asm working.
Ed25519 and Ed448 make public key APIs now check whether the private key
was set.
The private key and public key flags setting and clearing also updated.
Testing of unset private key and calling make public key added for
Ed25519 and Ed448.
In defense against attack, assume the imported public key is not trusted
and check it matches the private key if set.
Added APIs that allow application to explicitly trust public key.
Original APIs default to not trusting public key.
Add a define WOLFSSL_CHECK_MEM_ZERO to turn on code that checks that
memory that must be zeroized before going out of use is zero.
Everytime sensitive data is put into a allocated buffer or stack buffer;
the address, its length and a name is stored to be checked later.
Where the stack buffer is about to go out of use, a call is added to
check that the required parts are zero.
wc_MemZero_Add() adds an address with length and name to a table of
addressed to be checked later.
wc_MemZero_Check() checks that the memory associated with the address is
zeroized where required.
mp_memzero_add() adds mp_int's data pointer with length and name to
table.
mp_memzero_check() checks that the data pointer is zeroized where
required.
Freeing memory will check the address. The length was prepended on
allocation.
Realloction was changed for WOLFSSL_CHECK_MEM_ZERO to perform an
allocate, check, copy, free.