CRL APIs not usable when NO_ASN_TIME defined.
WOLFSSL_TLS13 needs to be defined with HAVE_ECH.
When session ticket encrypted with CBC, must be a multiple of block
size.
Fix test define protection.
Fix ML-DSA protection of reduction functions.
Need !NO_RSA with WC_RSA_PSS.
Connection ID is not a DTLS 1.3 only extension.
wc_lms_treehash_init() writes leaf node hashes into the leaf cache
using an absolute index (i * hash_len), but the cache is only
max_cb entries starting from leaf->idx. When leaf->idx > 0 (which
occurs when wc_LmsKey_Reload is called after signing more than
max_cb times), the write goes past the end of the cache buffer.
Fix by using the relative offset (i - leaf->idx) * hash_len instead.
Added unit tests (test_lms.c):
- test_wc_LmsKey_sign_verify: basic sign/verify sanity check
- test_wc_LmsKey_reload_cache: (TDD) reproduces the overflow by
signing 33 times then reloading the key
OCSP Responder Core API:
- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM
Header Cleanup:
- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h
OCSP Responder Example (examples/ocsp_responder/):
- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client
Test Scripts (scripts/):
- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling
Certificate Infrastructure (certs/ocsp/):
- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions
Known Limitations (documented in src/ocsp.c header comment):
- Single request/response per OCSP exchange only
- Key-hash responder ID only (no name-based responder ID)
- No singleExtensions support
wc_MlKemKey_SharedSecretSize: Check len is not NULL before use.
wc_MlKemKey_DecodePrivateKey:
Don't set flags when public key hash fails.
ForceZero the private key on failure if copied.
wolfcrypt/src/wc_slhdsa.c:
* refactor SAVE_VECTOR_REGISTERS2() in slhdsakey_fors_sign() as
CAN_SAVE_VECTOR_REGISTERS(), with local save-restore wrappers around the
rest of the vector calls deeper in the call stack, to avoid failing
GFP_ATOMIC allocations and long spans with interrupts disabled.
* fix numerous bugprone-macro-parentheses and bugprone-signed-char-misuses.
* use readUnalignedWord64() in SHAKE256_SET_SEED_HA_X4_*() and
slhdsakey_shake256_set_seed_ha_x4() to avoid benign unaligned access warnings
from sanitizers.
wolfcrypt/test/test.c:
* in TestDumpData(), use WOLFSSL_DEBUG_PRINTF(), not fprintf(stderr, ...), for
portability.
* in slhdsa_test_param() and slhdsa_test(), use WC_DECLARE_VAR() and friends
for SlhDsaKey allocations, and use ERROR_OUT() and single-return-point
refactors to fix error path memory leaks.