Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
./configure --disable-rsa --disable-ecc --disable-dsa
--enable-curve25519 --disable-ed25519 --disable-curve448
--disable-ed448 --enable-cryptonly
suites.c, testsuite.c: ensure port is an integer for snprintf.
unit.c: make memFailCount an integer for printf.
aes.c:
Reduce variable scope.
Check aes is not NULL before use in GHASH implementations.
XTS check sz is greater than or equal to a AES_BLOCK_SIZE rather than
0 as another block is processed.
wc_AesXtsEncrypt, wc_AesXtsEncrypt - simplify braces and ifdefs
wc_AesEcbEncrypt - subtracting from sz is unnecessary as is unused
after.
asn.c:
StoreKey, StoreEccKey - compiler doesn't see ret != 0 when publicKey
is NULL.
DecodeAuthInfo - count is not used when after break.
DecodeSubtree - don't use min and max as variables (already macros).
SetEccPublicKey - initialize pubSz and set sz regardless for
compiler's sake.
wc_EncodeName_ex - use unique variable 'namesASN'; ret isn't set after
last check.
SetEccPublicKey - simplify code by using else rather than check ret
wasn't set.
DecodeAsymKey - ret not modified in non-template implementaiton.
SetAsymKeyDer - ret still at initialized value here.
DecodeResponseData - ensure dataASN is freed when single->next->status
failed to allocate.
test.c:
curve255519_der_test() can't be compiled when NO_ASN is defined.
types.h:
cast to the appropriate type in EXIT_TEST
test.h
don't return anything when THREAD_RETURN is void and EXIT_TEST is for
threading with stack size.
* Fix for missing heap hint with RSA PSS and `WOLFSSL_PSS_LONG_SALT`. This fix will only allocate buffer if it exceeds the local buffer. Added `wc_RsaPSS_CheckPadding_ex2` to support heap hint if required. Fixed asn.c build issue with `NO_CERTS`. Fixed several spelling errors in asn.c. ZD12855.
* Improve the dynamic memory NULL checking in `wc_RsaPSS_CheckPadding_ex2` with `WOLFSSL_PSS_LONG_SALT` defined.
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
* Adds `--enable-linuxkm-pie` and associated infrastructure, to support FIPS mode in the Linux kernel module.
* Adds `tests/api.c` missing (void) arglist to `test_SSL_CIPHER_get_xxx()`.
Default is SEC 1.
To use old ECIES implementation: --enable-eccencrypt=old or define
WOLFSSL_ECIES_OLD
To use ISO-18033 implememtation: --enable-eccencrypt=iso18033 or
define WOLFSSL_ECIES_ISO18033
Support passing NULL for public key into wc_ecc_decrypt().
Support not having public key in privKey passed into wc_ecc_encrypt() -
public key is calculated and stored in priKey.
Add decrypt KAT test for ECIES.
refactor ED routines to pivot on WOLFSSL_ED*_PERSISTENT_SHA and WOLFSSL_ED*_STREAMING_VERIFY macros, with sha state in the key struct only when WOLFSSL_ED*_PERSISTENT_SHA, otherwise on the stack as before;
add ed*_hash_init() and ed*_hash_free() local helpers;
ED* peer review: fix line lengths, remove superfluous retval checks, tweaks for efficiency, and add ED448_PREHASH_SIZE to ed448.h.
harmonize the ED448 API with the ED25519 API by making wc_ed448_verify_msg_ex() and wc_ed448_init_ex() public functions;
track devId and heap pointer in ed*_key.{devId,heap}, and pass them through to sha init functions;
add ed*_key.{sha,sha_clean_flag}, and ed*_hash_{reset,update,final} functions, and use them for all ED hashing ops, to support streaming API and for optimally efficient reuse for the preexisting ED calls;
add ed448_hash() akin to ed25519_hash(), and use it in place of wc_Shake256Hash(), for .sha_clean_flag dynamics.
add to wc_ed*_import_private_key() the ability to import the combined key generated by wc_ed*_export_private() without supplying the redundant public key;
add macro asserts near top of ed*.h to assure the required hash functions are available;
fix {NO,HAVE}_ED*_{SIGN,VERIFY};
wolfcrypt/test/test.c: add missing key initializations in ed*_test();
wolfcrypt/test/test.c: fix unaligned access in myDecryptionFunc() detected by -fsanitize=address,undefined.
