wolfcrypt/src/logging.c:WOLFSSL_MSG_CERT_EX(), add missing gating on
defined(XVSNPRINTF);
in src/crl.c:CRL_Entry_new(), fix true-positive nullPointerRedundantCheck;
in src/pk.c:_DH_compute_key(), add bounds checking to ForceZero(priv).
the new implementation of wc_ForceZero from wolfcrypt/src/memory.c to inline in
wolfcrypt/src/misc.c replacing old ForceZero() implementation, and add a wrapper
wc_ForceZero() to wolfcrypt/src/memory.c.
* Store in extensions the full octet string
Store in WOLFSSL_X509_EXTENSION.value always the full contents of the
OCTET STRING of the extension, instead of different type of data
depending on the type of extension. Previously this was only done for
unknown extensions.
* Avoid local variables in 'DecodeExtKeyUsageInternal'
There is a great performance loss on configs using 'WOLFSSL_NO_MALLOC',
'WOLFSSL_STATIC_MEMORY' and 'USE_FAST_MATH' if function
'DecodeExtKeyUsageInternal' uses intermediate variables. This can be
observed running the Zephyr test 'wolfssl_test/prj-no-malloc.conf'.
Avoid using intermediate variables, and use raw pointers to the final
destination instead.
* Add missing calls to 'FreeDecodedCert'
* Return error code from 'wolfSSL_ASN1_STRING_into_old_ext_fmt'
* Fix lines larger than 80
* Allow NULL parameters for 'DecodeAuthKeyId'
* Add comment explaining build option '--enable-old-extdata-fmt'
* Test full OCTET STRING in tests/api.c
* wolfSSL_X509V3_EXT_d2i: Honor 'WOLFSSL_SMALL_STACK'
* zephyr/wolfssl_test_no_malloc: Increase test timeout
* wolfSSL_X509V3_EXT_d2i: Extract repeated code into common part
* wolfcrypt: Remove 'WOLFSSL_LOCAL' from .c files
* wolfcrypt: Change location of functions to make diff easier
Optimize code knowing it is for Intel x64.
Change signing to calculate one polynomial at a time so that if it isn't
valid then we fail early.
Other minor improvements.
Move the SHA-3 4 blocks at a time assembly into SHA-3 asm file.
Make constants in assembly the same length (front pad with zeros).
wolfcrypt/benchmark/benchmark.c:
* use WC_RELAX_LONG_LOOP() as default definition of TEST_SLEEP(), and remove WC_RELAX_LONG_LOOP() from bench_stats_sym_finish()/bench_stats_asym_finish_ex();
* when WOLFSSL_LINUXKM but !WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS., properly wrap kernel_fpu_begin...end around floating point ops.
Original ASN.1 code wasn't checking that data in a sequence didn't
exceed the length of the sequence.
In particular, the contents of the parameters and the PKCS#5 parameters.
Instead of loading 64-bits with alignment protection, use xorbuf which
has built in protection.
Only XOR in as much data as cached and XOR padding and rate bit directly
rather than XORing maximum amount after clearing out rest of array and
adding in padding and rate bit.
* move enum wc_svr_flags out of BUILDING_WOLFSSL guard;
* add DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS() definitions for !BUILDING_WOLFSSL;
* add #include <linux/spinlock.h> to !WOLFSSL_LINUXKM_USE_MUTEXES implementation to fix compilation (and add usability) to caller code;
linuxkm/lkcapi_sha_glue.c: in wc_linuxkm_drbg_ctx_clear(), fix error-path deallocation of locked object;
wolfcrypt/benchmark/benchmark.c:
* in FIPS v6+ builds, and FIPS linuxkm v5+, check retval from wc_AesEncryptDirect() and wc_AesDecryptDirect();
* add WC_RELAX_LONG_LOOP() in bench_stats_sym_finish() and bench_stats_asym_finish_ex();
wolfcrypt/test/test.c: fix rng_seed_test() with correct test vectors for the relevant combinations of features, and gate the test out if there are user override defines for ENTROPY_SCALE_FACTOR or SEED_BLOCK_SZ.
