.github/workflows/wolfCrypt-Wconversion.yml: Add -Wcast-qual to all scenarios.
wolfssl/wolfcrypt/signature.h, wolfcrypt/src/signature.c, doc/dox_comments/header_files/signature.h:
Remove incorrect const qualifier on the key argument in
* wc_SignatureVerifyHash()
* wc_SignatureVerify()
* wc_SignatureGenerateHash()
* wc_SignatureGenerateHash_ex()
* wc_SignatureGenerate()
* wc_SignatureGenerate_ex()
This fixes UB code patterns throughout signature.c. key is inherently
accessed readwrite by the underlying low level crypto. Fortunately, wolfCrypt
has no APIs/methods to allow actual const MPI key objects, therefore these
seeming breaking API changes can't actually break any users.
globally:
* Add const qualifiers to all struct pointer members that are assigned values
computed from const pointers.
* Add const qualifiers to intermediate casts for accessors and read-only
dereference constructs, as needed for -Wcast-qual hygiene, e.g. for a macro
GET_U16(a), use (*(const word16*)(a)) rather than (*(word16*)(a)).
* Add const qualifiers to internal declarations, and remove illegal casts, as
needed for -Wcast-qual hygiene.
* Add missing const qualifiers to all casts for argument, operand, and
assignment type agreement, as needed for -Wcast-qual hygiene, e.g.
"*data = (const byte*)dataASN->data.ref.data" rather than
"*data = (byte*)dataASN->data.ref.data".
wolfssl/wolfcrypt/asn.h, wolfssl/wolfcrypt/asn_public.h, wolfcrypt/src/asn.c, wolfcrypt/src/asn_orig.c:
* Add additional lifecycle management for object members that are only sometimes locally allocated:
DNS_entry.nameStored
DNS_entry.ipStringStored
DNS_entry.ridStringStored
wolfssl/wolfcrypt/types.h: add WC_BARRIER() macro -- a portable construct that
prevents compiler optimizers from reordering operations across the barrier.
wolfssl/wolfcrypt/blake2-impl.h, wolfcrypt/src/blake2s.c, wolfcrypt/src/blake2b.c:
* In blake2b_init(), blake2b_init_key(), blake2s_init(), and
blake2s_init_key(), refactor blake2b_param initialization using WC_BARRIER()
(fixes volatile abuse that triggered -Wcast-qual).
* Remove the residual and unused WOLFSSL_BLAKE2[BS]_INIT_EACH_FIELD code.
wolfcrypt/src/ecc.c and wolfssl/wolfcrypt/ecc.h:
Remove incorrect const qualifier on curve arg to wc_ecc_free_curve() (internal function).
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.
Added bunch of OID names into asn1 example.
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
several fixes for defects reported by cppcheck:
wolfcrypt/src/ecc.c: fix for cppcheck oppositeInnerCondition from cppcheck-2.16.0 in _ecc_make_key_ex(), and fixes for related unhandled errors discovered by manual inspection;
wolfcrypt/test/test.c: fix XREALLOC call in memcb_test() to resolve cppcheck-detected memleak.
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
file/buffer
* More API support for alternative private keys
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>