* uses libbacktrace to enhance existing "ERR TRACE" messages with backtraces, rendered in same format as the sanitizers.
* adds wc_backtrace_render() and some related callbacks to wolfcrypt/src/logging.c.
* adds an overrideable WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE to the WC_ERR_TRACE() mechanism in wolfssl/wolfcrypt/error-crypt.h.
With --enable-dtlscid, a client sending a Client Hello to a DLTS1.2
server that supports CID, the server provides the appropriate CID and
assumes that CID has been negotiated.
However, in the case of MbedTLS, it then rejects packets that do not
match its expected CID from the client - as wolfSSL no longer sends
the CID as it is not DTLS1.2.
https://datatracker.ietf.org/doc/html/rfc9147#section-4
If a Connection ID is negotiated, then it MUST be contained in all datagrams.
This fix drops the CID if a Hello Verify Request is received, so the
second Client Hello does not include the CID.
https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1
When responding to a HelloVerifyRequest, the client MUST use the same
parameter values (version, random, session_id, cipher_suites,
compression_method) as it did in the original ClientHello.
Dropping the CID extension does not violate this.
If the server sends Server Hello, Server Key Exchange and Server Hello Done
in a single DTLS packet, but for DTLS1.2 in response to a client DTLS1.3
request, then FIRST_REPLAY state does not occur until the server re-sends
the packet. At this point wolfSSLconnect() gets used and all bursts into
life.
When processing handshakes in wolfSSL_connect_TLSv13() for case
HELLO_AGAIN_REPLY, downgrade to using wolfSSLconnect() to continue
processing the remaining handshakes in the packet.
Found when using Mbed TLS for the server.
As the WolfSSL implementation of the PQC KEM algorithm kyber also
supports the ML-KEM draft version (enabled by `WOLFSSL_ML_KEM`), we have
to update the groups code point to be compatible with other TLS
implementations (e.g. OQS provider).
Also updated the reference to the source of the values to the current
OQS Github.
Signed-off-by: Tobias Frauenschläger
<tobias.frauenschlaeger@oth-regensburg.de>
Daniel Pouzzner
Hideki Miyazaki
Sean Parkinson
Andras Fekete
Colton Willey
David Garske
Anthony Hu
Eric Blankenhorn
Jon Shallow
JacobBarthelmeh
S-P Chan
Tobias Frauenschläger
oltolm