Check that the Ed25519 and Ed448 public key is valid even without
private key.
Perform pairwise consistency test, only in FIPS, when making a key i
Ed25519 and Ed448.
api.c: z and ret no longer only when !NO_ASN_TIME.
benchmark.c: rsaKey array type has changed and unusual code path needsed
updating.
cmac.c: Zeroization test failed when checkSz was zero as called function
didn't zero out cmac. checkSz is invalid.
test.c: rsaCaCertDerFile used even when NO_ASN_TIME.
test.h: --enable-sp-math only supports DH of 2048 bits and above. Change
default DH parameters to be 2048 bits.
Initial wolfSSL implementation of LMS.
Changed LMS benchmarking to time making a key and reloading.
SHA-256:
Added wc_Sha256HashBlock to make hashing a block fast.
Fixed assembly code to be able to hash a block from an external
buffer.
Simplified code were possible.
Moved byte reversal decision logic to one place instead of replicating
length checks.
wolfcrypt/test/test.c: fix gating for verify4 in scrypt_test(), and fix WOLFSSL_SMALL_STACK -Wframe-larger-than=2048 warnings in sha256_test() and sha512_test().
src/ssl.c: fix for true-but-benign nullPointerRedundantCheck in ProcessBufferTryDecodeEd25519().
tests/api.c: fix for -Wmaybe-uninitialized in test_wc_PKCS7_VerifySignedData_RSA() identified via cross-m68k-all-asm.
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it. smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails. by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.
ED448: smallstack refactor of ge448_scalarmult_base().
src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.
wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.
wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.
linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.
linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.
linuxkm/module_hooks.c: remove inline include of benchmark.c.
- wc_ecc_shared_secret_ssh should either be declared or not. Having two different signatures for the same function is error prone.
- Don't use wc_ecc_shared_secret_ssh in our code. Use wc_ecc_shared_secret directly.
configure.ac: move enable_aesgcm_stream=yes clauses in enable-all and enable-all-crypto to the main section, from the !ENABLED_LINUXKM_DEFAULTS section, and in ENABLED_LINUXKM_LKCAPI_REGISTER setup, remove the !ENABLED_AESNI from the condition for forcing on ENABLED_AESGCM_STREAM.
linuxkm/lkcapi_glue.c:
* remove all special-casing for AES-GCM with AESNI.
* add support for a LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING macro.
wolfssl/wolfcrypt/memory.h: add missing definition of SAVE_VECTOR_REGISTERS2() when DEBUG_VECTOR_REGISTER_ACCESS_FUZZING && !DEBUG_VECTOR_REGISTER_ACCESS.
wolfcrypt/src/memory.c:
* define SAVE_VECTOR_REGISTERS2_fuzzer() if DEBUG_VECTOR_REGISTER_ACCESS_FUZZING, regardless of DEBUG_VECTOR_REGISTER_ACCESS.
* add a DEBUG_VECTOR_REGISTER_ACCESS clause to the !HAVE_THREAD_LS version of SAVE_VECTOR_REGISTERS2_fuzzer().
wolfcrypt/test/test.c: remove several errant wc_AesFree()s in aes256_test().
