- Hash of fragmented certificate was not calculated as a single message and instead we were hashing individual fragments which produced the wrong digest, shared secret, etc...
- Reset handshake number after server Finished packet is sent or received (depending on side)
- Reserve space in buffer for cipher stuff
- Take `DTLS_RECORD_EXTRA` and `DTLS_HANDSHAKE_EXTRA` into size and offset calculations for DTLS path
- Fix renegotiation in DTLS with AES128-SHA
- Fix renegotiation in DTLS with AES-GCM
- Support HelloVerify request during secure renegotiation
- Save renegotiation handshake messages for retransmission in timeout
- Handle cipher parameters from different epochs. DTLS may need to resend and receive messages from previous epochs so handling different sets of encryption and decryption parameters is crucial.
Added PRIVATE_D version of rsa private key operation for SP
implementation for specific platforms.
WC_NO_RNG results in warnings when RNG calls don't do anything.
Added ifdef checks for variables not used otherwise.
Remove superfluous if statements like when checking ret == 0.
Change names of globals that are generic and are used locally before
global definition.
Remove definition of variable len that isn't used except as a
replacement for sz which is parameter.
Don't subtract two variables when one has just been assigned the value
of the other.
Fix shifting of signed value.
Fix parameter checking in aes.c and des3.c for platform specific code.
merged from private repo
removed unneccessary #include
make line as 80 characters
added simple tls server
Disable TLS-linked API use when being SERVER SIDE, still use certificate verify API
Added utility tools, generate signature arrays etc
added vars to store tsip hmac keys
fix build failure when disabling dc_printf
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
1. When setting the key data, use same keys for server and client
sides of the different keys. This feels a little kludgey, and
won't work when using separate senders and listeners who may
use unicast messages. But this works for the all peers are
multicast senders case.
1. Added new cipher suite for use with Multicast DTLS,
WDM_WITH_NULL_SHA256. (It should be a private suite.)
2. Update the API test to use the new suite.
Support TLS v1.3 clients connecting to Nginx.
Fix for PSS to not advertise hash unless the signature fits the private
key size.
Allow curves to be chosen by user.
Support maximum verification depth (maximum number of untrusted certs in
chain.)
Add support for SSL_is_server() API.
Fix number of certificates in chain when using
wolfSSL_CTX_add_extra_chain_cert().
Allow TLS v1.2 client hello parsing to call TLS v1.3 parsing when
SupportedVersions extension seen.
Minor fixes.
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
