* implement legacy compatibility in settings.h and configure.ac (adds --enable-blake2b while retaining --enable-blake2);
* fix incorrect Blake2 gates in wolfcrypt/src/hash.c wc_HashGetDigestSize() and wc_HashGetBlockSize();
* in wolfcrypt/test/test.c hash_test(), backfill missing Blake2 test coverage and separate blake2b from blake2s in typesHashBad[];
* in tests/api/test_hash.c, separate blake2b from blake2s in notCompiledHash[], sizeSupportedHash[], and sizeNotCompiledHash[].
.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.
wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:
Remove incorrect const qualifier on the key argument in
* wc_SignatureVerifyHash()
* wc_SignatureVerify()
* wc_SignatureGenerateHash()
* wc_SignatureGenerateHash_ex()
* wc_SignatureGenerate()
* wc_SignatureGenerate_ex()
This fixes UB code patterns throughout signature.c. key is inherently
accessed readwrite by the underlying low level crypto. Fortunately, wolfCrypt
has no APIs/methods to allow actual const MPI key objects, therefore these
seeming breaking API changes can't actually break any users.
globally:
* Add const qualifiers to all struct pointer members that are assigned values
computed from const pointers.
* Add const qualifiers to intermediate casts for accessors and read-only
dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).
* Add const qualifiers to internal declarations, and remove illegal casts, as
needed for -Wcast-qual hygiene.
* Add missing const qualifiers to all casts for argument, operand, and
assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
"*data = (const byte*)dataASN->data.ref.data" rather than
"*data = (byte*)dataASN->data.ref.data".
wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:
* Add additional lifecycle management for object members that are only sometimes locally allocated:
DNS_entry.nameStored
DNS_entry.ipStringStored
DNS_entry.ridStringStored
wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
prevents compiler optimizers from reordering operations across the barrier.
wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:
* In blake2b_init(), blake2b_init_key(), blake2s_init(), and
blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
(fixes volatile abuse that triggered -Wcast-qual).
* Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.
wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:
Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
Make testing digests consistent.
Add KATs for all digests.
Check unaligned input and output works.
Perform chunking tests for all digests.
Fix Blake2b and Blake2s to checkout parameters in update and final
functions.
Fix Shake256 and Shake128 to checkout parameters in absorb and squeeze
blocks functions.
Add default digest size enums for Blake2b and Blake2s.
wolfssl/wolfcrypt/types.h: add 'U' suffix to W64LIT() macro defs, and add SW64LIT() macro defs (not yet used anywhere);
wolfcrypt/src/asn.c: add !WOLFSSL_ECC_CURVE_STATIC gate around DataToHexStringAlloc() to resolve -Wunused;
wolfcrypt/src/ecc.c: guard against zero-valued "len" arg to wc_ecc_get_curve_id_from_oid();
wolfcrypt/src/wc_port.c: fix several argument implicit sign changes in USE_WINDOWS_API paths;
wolfssl/wolfcrypt/ecc.h: remove const attribute from inline buffers in WOLFSSL_ECC_CURVE_STATIC struct ecc_set_type.