- Support using MAXQ for:
- AES-ECB
- AES-CCM
- AES-CBC
- ECC Key Generation and ECDH
- in wc_ecc_import_private_key_ex():
- check to make sure devId is not invalid before calling wc_MAXQ10XX_EccSetKey().
- This is because the raspberry pi sometimes need to sign stuff.
- in aes_set_key() and ecc_set_key():
- delete a key in case it already exists; ignore error since it might not exist.
- unlock, lock the HW mutex around ECDSA_sign() because it needs access to rng
- in wolfSSL_MAXQ10XX_CryptoDevCb:
- allow maxq1065 to call the crypto callback.
- do not set the key during signing; use pre provisioned one instead (DEVICE_KEY_PAIR_OBJ_ID)
wolfcrypt/src/integer.c: add additional guards against OOB access from uint wraps and null derefs of mp_int.dp, and refactor mp_grow() and mp_init_size() to use XMEMSET, for the benefit of clang-tidy. in mp_grow(), fix the condition for the realloc to assure always evaluated if a->alloc == 0.
wolfcrypt/src/asn.c: fix wc_CreatePKCS8Key() so that *outSz is always assigned when LENGTH_ONLY_E is returned.
wolfcrypt/src/pkcs7.c: remove redundant inner condition in wc_PKCS7_EncodeAuthEnvelopedData(), added in previous commit and caught on review by Jacob (thanks!).
wolfcrypt/src/sp_int.c: in sp_mont_norm(), add another suppression for the same false positive in sp_mul() suppressed in previous commit.
wolfcrypt/src/srp.c: refactor SrpHashSize() to return ALGO_ID_E rather than 0 when unknown/uncompiled alg is requested.
several fixes for defects reported by cppcheck:
wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;
wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
wolfcrypt/test/test.c: in dh_ffdhe_test(), when defined(HAVE_PUBLIC_FFDHE), use wc_DhSetKey_ex() rather than wc_DhSetKey() to exercise the primality check in _DhSetKey().
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.
Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.
Improved array data format for inline assembly code.
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
