Ed25519 and Ed448 make public key APIs now check whether the private key
was set.
The private key and public key flags setting and clearing also updated.
Testing of unset private key and calling make public key added for
Ed25519 and Ed448.
Detect when certificate's RSA public key size is too big and fail on
loading of certificate.
Fix unit test to only attempt to use 3072 bit RSA-PSS keys when
RSA_MAX_SIZE supports it.
* Add test case for OpenSSLs capability to init a evp context partially in several calls.
* EVP handling of CHACHA20_POLY1305 improvment
- save key at ctx for Init()s without IV
- reuse stored key for Init()s with new IV, reusing ctx
- free and zero key on ctx clenaup
* Adding type cast to XMALLOC to force compiler compatibility.
* EVP: using same DYNAMIC_TYPE in alloc and free of chacha20_poly1305 key.
Co-authored-by: Stefan Eissing <stefan.eissing@greenbytes.de>
in api.c test_wolfSSL_dtls12_fragments_spammer(), inhibit clang-analyzer-deadcode.DeadStores;
in asn.c ParseCRL_Extensions() old (!WOLFSSL_ASN_TEMPLATE) version, fix bounds check to prevent overshift;
in misc.c ctMaskCopy(), use `*(x + i)`, not x[i], to tiptoe around cppcheck-2.9 objectIndex bug.
This function was just freeing the stack object itself of GENERAL_NAMES with
wolfSSL_sk_free, but this doesn't free the data in the items of the stack. The
fix is to replace wolfSSL_sk_free with wolfSSL_sk_GENERAL_NAME_free.
1. In api.c, change the name of the devId global to testDevId.
2. In api.c, for the SNI test, some of the pointers were multiply
typecast eventually to `void **`. An older compiler didn't like
that. Just use void pointer.
- PR #5486 had test failures in tls13.test and quit unit.test
- the extension was no longer added in SessionTicket messages
- added extra parameter to clarify how the TLSX is used
OpenSSL compat expects ASN_SELF_SIGNED_E when a self signed cert can't be verified. This is useful when translating the error with GetX509Error into a X509_V_ERR_* error.
- add wolfSSL_CTX_curve_is_disabled() and wolfSSL_curve_is_disabled()
to have common checks on wether a curve has been disabled by user
- add macros returning 0 for above function when OPENSSL_EXTRA is not
defined, enabling use without #fidef check
- add macros for checking if named groups are in a certain range
WOLFSSL_NAMED_GROUP_IS_FFHDE()
WOLFSSL_NAMED_GROUP_IS_PQC()
Fixed QuicTransportParam_free() use without case when compiling
with c++.
fix TLS version gating in tests/quic.c;
fix gating in src/ssl.c for wolfSSLv2_client_method() and wolfSSLv2_server_method();
reorganize prototypes in wolfssl/ssl.h for wolf*_method*() to group systematically by protocol version and gate correctly on support for that version in the build.
- new internal field for keeping early data enabled status,
as QUIC does not call SSL_write_early_data() itself.
- using read_/write_early_data() methods in QUIC handshake
when early data is enabled. This triggers the internals
that emit the proper early data indication handlings.
Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or
X448 only defined.
Don't recognize X25519 or X448 if corresponding define is not set.
Enable test in api.c.
Sean Parkinson
Satoshi Yamaguchi
David Garske
Stefan Eissing
Marco Oliverio
Daniel Pouzzner
Juliusz Sosinowicz
JacobBarthelmeh
Hayden Roche
Stanislav Klima
John Safranek
Lealem Amedie
Stefan Eissing
Chris Conlon