* Add TLSv1.3 stateful support
Fix internal and external session cache
* session cache fixes
* Refactor
- implement wolfSSL_CTX_flush_sessions
- use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic
- add dtls to test_wolfSSL_CTX_add_session_ext
- DoClientTicket_ex does not modify ssl object
- only call session remove callback on:
- timeout
- session is being overwritten/removed from the cache
* Session fixes
- restore bogus ID on session duplicate
- don't evict on overwrite
- use memmove instead on memcpy as `ssl->session == session` is possible
- ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF
- use sessionID when altSessionID not present
* Session fixes
- DoClientTicketFinalize: always copy in the ID as teh altSessionID
- don't overwrite ex_data when overwriting cacheSession and cacheSession owns it
* Callback wants to retain a copy
* wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here
* test_wolfSSL_CTX_add_session_ext
gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME
* TlsSessionIdIsValid: copy return can't be ignored
* Silence unused parameter
* test_wolfSSL_CTX_add_session_ext: handle async case
* Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE
* ssl.c: style fixes
* Add twcase_get_sessionCb_cleanup to free external cache
* Remove hard tab
* Correct build error in wolfSSL_CTX_flush_sessions
* Jenkins fixes:
- altSessionID only available with WOLFSSL_TICKET_HAVE_ID
- slim out psk_sess_free_cb_ctx
* Stateful dtls case has 2 accesses. Stateless just one.
* Add version numbering to hostap logs
* Import internal.h for test_wolfSSL_SESSION_get_ex_new_index
* wolfSSL_SetSession: don't check SslSessionCacheOff for session setting
* wolfSSL_SetSession: fully set expired session for OpenSSL compatibility
* wolfSSL_SetSession: check if setting same object
* AddSession: always populate the session object to allow re-use
* Add logging to wolfSSL_NewSession and wolfSSL_FreeSession
* Always setup session object
* Check if session has been setup before setting it
* Print errors in async test
* Make SetupSession available outside NO_SESSION_CACHE
* Review comments
* Fix ticBuf leak and TlsSessionIdIsValid logic
* Fix unmatched curly brackets
* TlsSessionIdIsValid: always need to check copy var
* TlsResumptionIsValid: set resume to FALSE default
* wolfSSL_SetSession: remove now variable since only used in one place
* Move internalCacheLookupOff into HAVE_EXT_CACHE block
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
The order may be 1 bit larger than prime for some curves.
Handle this in calculation of maximum size of curve.
SP int _sp_mont_red(): ensure m->used is never 0 when doing default
implementaion.
Ed25519CheckPubKey/Ed448CheckPubKey: get the public key from certificate
in a new function, wc_CertGetPubKey, that uses less memory.
Set the ENCRYPT_BASE_BITS to minimal values when Curve448/Curve25519 are
the largest public key algorithms.
Move declaration of sp_ints until after checks of valid parameters.
In particular, whether used field of input/s are valid.
Pull implementations of algorithms out into separate functions as a
pattern to fix.
SP int should be able to calculate size of encoded number for a radix of
10 when mp_int has all digits used.
sp_radix_size declared a temporary mp_int of 1 greater than input. Don't
need it 1 greater. Stack declaration of maximum plus one caused address
sanitizer error.
Changed temporary mp_int to be same size as input mp_int.
fix for benign clang-analyzer-deadcode.DeadStores in aes.c:wc_AesFeedbackEncrypt();
fix for cppcheck:selfAssignment in chacha.c:wc_Chacha_wordtobyte().
- Add CONFIG_PTHREAD_IPC when using threads
- Add logging config suggestions
- test.c: fix undefined `ret` error
- Increase stack size for samples
- Ignore ASN_BEFORE_DATE_E in examples
- wc_port.h: add missing posix thread includes
- wc_port.h: move definitions to relevant section
- benchmark.c: fix missing `arc` and `argv` errors
- benchmark.c: fflush does not work on stdout in Zephyr
- Update z_fs_open implementation to support flags
CheckCertSignature
Free the dataASN before calling ConfirmSignature.
dataASN not needed at this point and ConfirmSignature uses lots of
memory.
DecodeCertInternal:
Free the dataASN before calling DecodeCertExtensions,
dataASN not needed at this point and DecodeCertExtensions uses more
memory.
ecc_verify_hash:
v doesn't need to be a new allocated variable - reuse w.
v is the modular reduction of x-ordinate to prime calculated at end.
