check-source-text flags error codes used as initializers without
WC_NO_ERR_TRACE() ("unescaped error code operands"). Fix the one
introduced in wolfSSL_EVP_PKEY_set1_encoded_public_key.
Implement wolfSSL_EVP_PKEY_set1_encoded_public_key and
wolfSSL_EVP_PKEY_get1_encoded_public_key in the OpenSSL compatibility
layer. Both the new OpenSSL 3.0 names and the deprecated
EVP_PKEY_{set1,get1}_tls_encodedpoint names map to these single
implementations.
Supported key types:
- EC: uncompressed octet point (0x04 || X || Y), reusing
i2o_ECPublicKey / o2i_ECPublicKey. set1 also syncs the internal
wolfCrypt key (SetECKeyInternal) so the key is usable by
EVP_PKEY_derive, and refreshes the cached DER.
- X25519 / X448: raw little-endian public key (RFC 7748).
set1 is failure-atomic for every key type: the replacement key is built
in a temporary and the existing key is only freed once the import
succeeds, so a failed set1 leaves the original EVP_PKEY intact. get1
NULLs out *ppub on entry (after validating ppub) so callers never use or
free a stale pointer when the function returns 0.
Both functions are compiled under OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL
(matching the OpenSSL-compat macros and the EVP_PKEY struct members they
use) rather than requiring a specific key type, avoiding undefined
references at link time in builds without HAVE_ECC / HAVE_CURVE25519 /
HAVE_CURVE448. Per-key-type #ifdefs gate which cases are supported; the EC
case additionally requires OPENSSL_EXTRA for its i2o/o2i helpers.
Adds test_wolfSSL_EVP_PKEY_encoded_public_key covering NULL handling, EC
encode/decode round-trip and ECDH agreement, X25519/X448 round-trips,
deprecated-name parity, and that a wrong-length set1 leaves the existing
X25519/X448 key intact and usable.
Change to ignore plaintext alerts when
WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC is defined only until first
encrypted message from peer is seen.
Negative testing added.
Leak fixes: free existing ssl->buffers.key before overwriting in SetSSL_CTX() (internal.c) and wolfSSL_set_SSL_CTX() (ssl.c)
UAF fix: wc_CheckRsaKey() — mp_memzero_check(tmp) moved before the free (rsa.c)
Build guards: #ifndef NO_ED25519/ED448_VERIFY around forged-sig test data (test_ed25519/ed448.c); guard equal()/cmov() for verify-only builds (ge_operations.c); guard unused pointers under WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC (wc_mldsa.c)
Test cleanups (test.c): fix UB from out-of-range enum in hash_test(), always free AES dec object, fix der buffer declaration under small-stack builds
Removed WOLFSSL_PSK_ID_PROTECTION from use as it is now on by default.
Always check whether the server has a certificate (not a CA chain).
If there is a certificate then continue, otherwise, report a binder
error.
Added test to ensure binder error returned and alert sent when no
NO_CERT. test_tls13_bad_psk_binder already tested no certificate.
Allowed memio test harness to be built when NO_CERT is defined.
F-1379
Better handling of the lazy mutex initialization to use atomics where
available.
Improved atomic code when no system support:
- add types
- used types in functions
Add --no-ec to unit.test to not run wolfCrypt tests.
1. Side-aware ML-KEM in TLS (tls.c, tls13.c, ssl.c, internal.h):
TLSX_IsGroupSupported/TLSX_UseSupportedCurve take a `side` arg; new
TLSX_IsMlKemGroupSupported + client/server support macros. A build only
capable of one ML-KEM op no longer advertises groups it can't use for
its role.
2. NO_ASN_TIME support (ssl_asn1.c, ssl.h, settings.h): data-only
ASN1_TIME APIs now compile without system time; OCSP responder
auto-disabled under NO_ASN_TIME.
3. SP ECC (sp_*.c, sp_x86_64_asm.asm): curve `b` constants and
sp_ecc_is_point_* always compiled (point-check available in more
configs); asm movsxd -> movsx.
4. configure.ac: BUILD_MEMUSE fixed to trigger on != "xno".
5. Test fixes: HRR-aware TLS 1.3 memio tests (new
test_memio_msg_is_hello_retry_request); tightened build guards
(Ed25519/Ed448 key-import, AES decrypt, XMSS heights, SP sizes,
static-PSK).