Tested with `./configure --disable-asm --enable-32bit --enable-asn=original --enable-cryptonly CFLAGS="-Wconversion -pedantic" && make`. Some progress with ASN template, but not complete.
* Update to ensure full blocks for crypto in En/DecodeAuthEnvelopedData.
* Corrected spacing and comments
* Set plain to NULL after free on non-error path.
* refactor error-checking cascade in wc_PemCertToDer_ex() as in wc_PemPubKeyToDer_ex(),
* refactor staticBuffer gating/dynamics in wc_PemPubKeyToDer_ex() as in wc_PemCertToDer_ex(),
* and use IO_FAILED_E, not BUFFER_E, for I/O errors on the file handles, in both routines;
fix smallstack null pointer dereferences in src/pk.c:wolfSSL_RSA_GenAdd() and src/ssl.c:set_curves_list().
Minimize use of stack.
Make very large stack allocations dynamic memory allocations unless
WOLFSSL_SP_NO_MALLOC.
ProcessBufferTryDecode() split up into a function for each type.
ProcessBufferTryDecodeRsa() decodes the data and gets key size rather
than having or allocating an RsaKey.
Added wc_RsaPrivateKeyValidate() that only validates the encoding is an
RSA key and returns the key size in bytes.
For SP int, only create sp_ints of required size in RSA and ECC
implementation. For WOLFSSL_SMALL_STACK, memory is allocated to have
just enough bytes and size is set to maximum supported. Otherwise,
relies on dynamic stack variables.
For ECC, MAX_ECC_BITS_USE used when dynamic stack variables not
supported. Significantly reduces memory usage when RSA/DH is also built.
Add macros to sp_int.h, tfm.h and integer.h to support declaring,
allocating, initializing and freeing mp_ints.
For integer.h, mp_int is always static as size is no more than 32 bytes.
For tfm.h, WOLFSSL_SMALL_STACK has a full mp_int allocated, otherwise
the full mp_int is put on the stack.
For sp_int.h with new macros, dynamically allocate sp_int to minimal
size when WOLFSSL_SMALL_STACK, or when dynamic stack variables, declare
them to be of minimal size or otherwise declare with a fixed max.
Added mp_bitsused(), for all implementations, to get the number of bits
available based on used. Included for RSA to get the size of the
modulus.
SP int now always uses dynamic stack variables if possible rather than
for builds with WOLFSSL_SP_SMALL.
Moved code out into separate functions so that stack allocations don't
happen when not going down code path.
linuxkm/module_exports.c.template: include wolfssl/wolfcrypt/wolfmath.h, to bring in wc_GetMathInfo() prototype;
src/ssl.c: move "Global pointer to constant BN on" to src/ssl_bn.c; and in wolfSSL_Cleanup(), call the new wolfSSL_BN_free_one() rather than using ad hoc cleanup logic;
src/ssl_bn.c: add bn_one and wolfSSL_BN_free_one();
src/ssl_asn1.c: fix bugprone-macro-parentheses in bufLenOrNull(); refactor wolfSSL_ASN1_TIME_diff() to avoid floating point math; use intermediate tm_year variable in wolfssl_asn1_time_to_tm() to avoid target-specific type conflicts on tm->tm_year; use "FALL_THROUGH", not "/* fall-through */", in wolfSSL_ASN1_TYPE_set (clang-diagnostic-implicit-fallthrough);
wolfcrypt/src/ecc.c: fix identicalInnerCondition in ecc_mul2add();
wolfcrypt/src/integer.c: refactor OPT_CAST()s in mp_grow() to unconditional casts as elsewhere, to mollify a confused cppcheck-all-intmath;
tests/api.c: reformat some overlong lines.
Fix checking of negative with unsigned variables.
Check digestSz for 0 in wc_SSH_KDF() so that no possibility of dividing
by zero.
Change XMEMCPY to XMEMSET in renesas_sce_util.c.
Fix test.c to free prvTmp and pubTmp on read error.
Remove unused variables.
XFREE checks for NULL so don't check before call.
Move variable declarations to reduce scope.
Implementations of ASN.1 APIs reworked.
Added tests.
Added wolfssl_bn_set_neg for ASN.1 code.
Added wolfssl_sk_new_type() and wolfssl_sk_pop_type() to generically
handle creating and popping a stack of elements of a type.
No longer freeing pathlen field of ASN1 OBJECT in
wolfSSL_X509_EXTENSION_free(). This is happening in
wolfSSL_ASN1_OBJECT_free().
Stop wolfSSL_i2d_X509_NAME_canon from double freeing ASN.1 STRING's data
field.
Fixed up GetFormattedTime() to be better code.
Added ASN_CLASS_MASK to mask off the class part of an ASN.1 tag.
NO_ASN_TIME means no implementation to get the current time. Disable
features that won'r work without time.
* Add introspection for math build.
* Raise build error if more than one multi-precision math library used.
* Fix ESP32 to support using any multi-precision math option.
* Refactor math headers to use `wolfmath.h`
* Refactor of the opaque math variable type `MATH_INT_T` used by crypto hardware (QuickAssist, SE050, ESP32 and STM32).
* Cleanups for building with `WOLFCRYPT_ONLY` and `NO_BIG_INT`.
* Stop forcing use of fast math by default for platforms in settings.h. Note: For users that still want to use fast math (tfm.c) they will need to add USE_FAST_MATH to their build settings.
Applies To:
```
WOLFSSL_ESPWROOM32
WOLFSSL_ESPWROOM32SE
MICROCHIP_PIC32
WOLFSSL_PICOTCP_DEMO
WOLFSSL_UTASKER
WOLFSSL_NRF5x
FREERTOS_TCP
WOLFSSL_TIRTOS
EBSNET
FREESCALE_COMMON
FREESCALE_KSDK_BM
WOLFSSL_DEOS
MICRIUM
WOLFSSL_SGX
```
ForceZero the client and server secret regardless of whether TLS 1.3 as
it may change but have been copied in.
ForceZero the input buffer in wolfSSL_Clear() when encryption was on.
Changed wc_PRF_TLS to only check the parts of data used.
Changed where scatch is added for checking in wc_AesCtrEncrypt.
Change wc_MakeRsaKey to memset p, q, tmp1, tmp2 and tmp3 to all zeros so
that MemZero check works. Memset not needed otherwise.
Changes for new compiler - thinks uninitialized.
