1. Changed the bounds of checking the key from comparisons to constants
to comparisons against WOLFSSL object settings for the DH key bounds.
2. Removed redundant bounds check on the server's prime.
1. Check the length values for the DH key domain and public key in the
server key exchange message to make sure they are within the bounds
set by the configuration. (Minimum key size is 2048 bits for DH.)
These changes fix several fuzz testing reports. (ZD 11088 and ZD 11101)
1. In GetDhPublicKey(), the DH Pubkey is owned by the SSL session. It
doesn't need to be in the check for weOwnDh before freeing. There
could be a chance it leaks.
2. In GeneratePublicDh() and GeneratePrivateDh(), the size of the
destination buffer should be stored at the location pointed to by the
size pointer. Check that before writing into the destination buffer.
3. Ensure the size of the private and public key values are in the size
value before generating or getting the DH keys.
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
GetPublicDhKey() assumes the ssl session owns the DH public key parts, and
tries to free them. They belong to the CTX initially, so it shouldn't be
freeing them, necessarily.
1. Add a check for weOwnDh first, then free the buffers if needed.
2. If there is a problem reading the keys, free the new buffers before exiting.
3. Set weOwnDh once the buffers and values have been stored
successfully.
Change implementation of timing resistant scalar multiplication to use
Joye double-add ladder.
No longer have fake operations being performed therefore can remove the
order adding operations.
Still need to check for boundary condition: order-1 wil not work with
SECP256K1 as it results in an add of order/2 and (order/2)+1 times base
point which are the negatives of each other. The sum is infinity and not
handled by maths.
Added mp_cond_swap_t - Conditionally swap in constant time.
When building the list of ciphers with wolfSSL_get_ciphers_compat(),
skip the fake indicator ciphers like the renegotiation indication
and the quantum-safe hybrid since they do not have encryption or mac
algorithms associated to them.
1. The test_wolfSSL_X509V3_EXT_print() test was using stderr for output,
changed to stdout.
2. A call to XFREAD wasn't typecasting its output to the size of the
variable getting the output in decodedCertCache_test().
