Multiple handshake messages in one record will fail the MsgCheckBoundary() check on the client side when the client is set to TLS 1.3 but allows downgrading.
--> ClientHello
<-- ServerHello + rest of TLS 1.2 flight
Client returns OUT_OF_ORDER_E because in TLS 1.3 the ServerHello has to be the last message in a record. In TLS 1.2 the ServerHello can be in the same record as the rest of the server's first flight.
1. For Mach and FreeBsd builds, add the function link_file() which makes
a hard link for a file.
2. Add a macro STAGE_FILE that either calls copy_file or link_file
depending on doing a Mach or FreeBSD build or not.
This is to work around how the CRL Monitor is detecting file changes
made by the CRL monitor test in the testsuite. Linux and Windows are
detecting the file copies and deletes, and how macOS detects them.
kevent sees the link as a single change to the parent directory and
reads it. When you copy the file, kevent sees the new file getting
opened and triggering the file update.
1. Add missing assignment of the WOLFSSL object's ecdhCurveOid value. It
is set correctly in the previous cases, but got missed for ECDHE-PSK.
2. Add test cases to the unit testing.
tests/suites.c: in SuiteTest(), swap order of (void)s and return.
wolfcrypt/src/chacha.c: gate out unreachable C wc_Chacha_encrypt_bytes() call in wc_Chacha_Process, and gate out unused implementations of wc_Chacha_wordtobyte() and wc_Chacha_encrypt_bytes(), when defined(USE_INTEL_CHACHA_SPEEDUP).
wolfcrypt/src/sha256.c and wolfcrypt/src/sha512.c: fix logic in Sha256_SetTransform() and Sha512_SetTransform() to make the AVX1_RORX implementations accessible. also add a missing Transform_Sha512_Len_p = NULL in the C path of Sha512_SetTransform().
wolfssl/internal.h: for the fallback definition of wolfSSL_curve_is_disabled, use an inline function instead of a compound-clause macro, because clang isn't smart enough to treat the compound expression as a bare constant zero, producing a lame-positive -Wunreachable-code.
* in wolfssl/ssl.h, add missing arg names to wolfSSL_CTX_set_tlsext_use_srtp(), wolfSSL_set_tlsext_use_srtp(), and wolfSSL_export_dtls_srtp_keying_material();
* in wolfcrypt/src/kdf.c, call wc_AesFree if and only if wc_AesInit() succeeded;
* in src/ssl.c:DtlsSrtpSelProfiles(), fix bugprone-inc-dec-in-conditions;
* in tests/suites.c:execute_test_case(), fix several -Wdeclaration-after-statement and -Wmissing-field-initializers;
* in wolfcrypt/test/test.c, fix a shiftTooManyBitsSigned warning in srtpkdf_test(), and fix a typo (kaSz/ksSz).
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
tests/api.c: modify test_wc_CmacFinal() to use wc_CmacFinalNoFree() except for the final call.
wolfcrypt/src/aes.c:
* fix wc_AesEaxEncryptAuth() and wc_AesEaxDecryptAuth() to call wc_AesEaxFree() only if wc_AesEaxInit() succeeded.
* fix wc_AesEaxInit() to free all resources on failure.
* revert wc_AesEaxEncryptFinal() and wc_AesEaxDecryptFinal() changes, then change wc_CmacFinal() calls in them to wc_CmacFinalNoFree() calls.
* wc_AesEaxFree(): add wc_CmacFree() calls.
* followup to https://github.com/wolfSSL/wolfssl/pull/7009 "20231128-misc-fixes" and https://github.com/wolfSSL/wolfssl/pull/7011 "Add missing wc_AesInit calls."
* adds WC_DEBUG_CIPHER_LIFECYCLE, which embeds asserts in low-level AES implementations for proper usage of wc_AesInit() and wc_AesFree().
* fixes native CMAC, AES-EAX, and AES-XTS implementations to assure resource release.
* adds missing wc_AesXtsInit() API, and adds a new wc_AesXtsSetKey_NoInit().
* fixes misspellings in EVP that unconditionally gated out AES-OFB and AES-XTS.
* fixes misspellings in EVP that unconditionally gated out AES-CBC and AES-CFB code in wolfSSL_EVP_CIPHER_CTX_cleanup_cipher().
* openssl compat AES low level cipher API has no counterpart to wc_AesFree(), so these compat APIs will now be gated out in configurations where they would otherwise leak memory or file descriptors (WOLFSSL_AFALG, WOLFSSL_DEVCRYPTO, WOLF_CRYPTO_CB, etc.). A new macro, WC_AESFREE_IS_MANDATORY, is defined in wolfcrypt/aes.h to streamline this dependency.
* fixes 40 missing EVP_CIPHER_CTX_cleanup()s and 11 wc_AesFree()s in src/ssl.c, src/ssl_crypto.c, tests/api.c, and wolfcrypt/test/test.c.
