Implementations of ASN.1 APIs reworked.
Added tests.
Added wolfssl_bn_set_neg for ASN.1 code.
Added wolfssl_sk_new_type() and wolfssl_sk_pop_type() to generically
handle creating and popping a stack of elements of a type.
No longer freeing pathlen field of ASN1 OBJECT in
wolfSSL_X509_EXTENSION_free(). This is happening in
wolfSSL_ASN1_OBJECT_free().
Stop wolfSSL_i2d_X509_NAME_canon from double freeing ASN.1 STRING's data
field.
Fixed up GetFormattedTime() to be better code.
Added ASN_CLASS_MASK to mask off the class part of an ASN.1 tag.
NO_ASN_TIME means no implementation to get the current time. Disable
features that won'r work without time.
BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
Added new x86 assembly for AES.
AES-CBC decrypt only 4 blocks at a time (not 6 or 8) due to reduces
register count.
GCM implementation for AVX2, AVX1 and AESNI only.
Disabled looking for other assembly files for x86.
Change to build assembly code for ARMv7a with NEON instruction set.
./configure -host=armv7a --enable-armasm
Added ARM32 SHA-256 NEON only implementation.
Add x86_64 assembly code:
- BMI2
- AVX2 (using ymm, slower than BMI2)
- AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
Also:
* added HAVE_FALCON guards as needed.
* corrected minor falcon bugs as I found them.
* handling OID sum collision between DILITHIUM_LEVEL5 and DILITHIUM_AES_LEVEL3
Tested with the following commands:
examples/server/server -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
-c ~/tmp/dilithium_aes_level5_entity_cert.pem \
-k ~/tmp/dilithium_aes_level5_entity_key.pem \
-A ~/tmp/dilithium_aes_level5_root_cert.pem --pqc P521_KYBER_LEVEL5
with permutations of SHAKE,AES variants and levels 2,3,5
1. Remove the v3 FIPS build from configure and automake. This was for
the old FIPS Ready build, which is now fixed to the certificate 3389
configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
getting reenabled later in the configure.
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.
The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.
ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;
add support for EXTRA_CFLAGS on the make command line;
in FIPS builds, exclude pkcallbacks from --enable-all;
linuxkm: move test.o out of PIE container (uses function pointers as operands).
