BN APIs from ssl.c have been moved out to ssl_bn.c that is included in
ssl.c.
Added defines for BN_rand() and BN_pseudo_rand() to indicate which bits
are to be set.
'internal' field now always maps to the ;mpi' field that is a MP
integer.
SetIndividualInternal/External renamed to wolfssl_bn_get/set_value.
Fixed BN APIs to work as closely to OpenSSL as possible.
Added tests.
Moved wolfssl_make_rng out to ssl.c as BN APIs are using it now.
SP int and TFM now check trials are in a valid range for
mp_prime_is_prime_ex().
When a certificate is loaded then the private key type and size is set
based on the public key.
Always set, even if previously set.
Use case is setting an RSA certificate against ctx and then setting EC
certificate against ssl.
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;
properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
* Support rwlock
* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE
* Implement read lock
- Use read lock for the SessionCache
- Don't copy the
* TLS 1.3: Don't push ticket to cache if we don't retrieve from it
* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER
* Implement explicit rwlocks
- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.
* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock
* condLock not necessary after all
* Use configure.ac to check for pthread_rwlock_destroy support
* Can't include config.h in wc_port.h as that breaks make distcheck
* Check for pthread_rwlock_t to determine if rwlock is available
* Code review
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;
fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();
fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);
fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());
also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
Reworked the implementations of the EC APIs including:
wolfSSL_EC_curve, wolfSSL_EC_METHOD, wolfSSL_EC_GROUP,
wolfSSL_EC_POINT, wolfSSL_EC_KEY, wolfSSL_ECDSA_SIG, wolfSSL_ECDSA and
wolfSSL_ECDH.
Added support for EC parameters to PEM decoding.
EccEnumToNID() moved out of wolfCrypt - it maps NIDs defined in
wolfssl/openssl/ec.h to those in wolfssl/wolfcrypt/ecc.h.
Moved wc_OBJ_sn2nid() out of wolfCrypt - implementation uses
EccEnumToNID().
Changed reference counding to use wolfSSL_Ref.
Added tests to api.c that increase coverage of EC APIs.
