- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key
- ToTraditionalInline_ex2: Add DH checking
- wc_ecc_get_curve_id: check index is not negative
- Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der
- wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free
- wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case
- pkcs8_encode: Add DSA and DH support
- wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer
- RSA_LOW_MEM: export all integers in compat layer
- Add softhsm action
- Define
- OPENSSL_DH_MAX_MODULUS_BITS
- OPENSSL_DSA_MAX_MODULUS_BITS
- OPENSSL_RSA_MAX_MODULUS_BITS
- Implement
- BN_mul_word
- i2d_ECPKParameters
- PEM_write_bio_PKCS8_PRIV_KEY_INFO
- PEM_read_bio_PKCS8_PRIV_KEY_INFO
- i2d_PKCS8_PRIV_KEY_INFO
- RSA_padding_add_PKCS1_PSS_mgf1
- RSA_verify_PKCS1_PSS_mgf1
Dtls13HashClientHello(): fix wc_HashType handling;
Dtls13SendFragment(): fix identicalConditionAfterEarlyExit;
GetDtlsRecordHeader(): fix error handling around GetDtls13RecordHeader() (incorrectLogicOperator);
test_wolfSSL_dtls_stateless_maxfrag(): fix a clang-analyzer-core.NullDereference,
test_dtls_frag_ch(): fix a clang-diagnostic-embedded-directive,
test_AEAD_limit_client(): fix an united-data defect found by valgrind.
Fix unit tests to not compile when NO_RSA is defined and RSA used.
test_wc_PKCS7_EncodeSignedData: only RSA supported with streaming.
test_wolfSSL_RSA when SP math and SP: CRT parameters required.
test_wolfSSL_OCSP_REQ_CTX to compile with NO_ASN_TIME.
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS: make sure all objects freed even
on memory allocation failure.
test_wolfSSL_error_cb: don't use bio if is NULL.
test_wolfSSL_BN_enc_dec: don't free a twice on memory allocation error.
test_wc_dilithium_der: remove debug printing
test_othername_and_SID_ext: make sid_oid NULL after free to ensure no
double free on later memory allocation failure.
test_wolfSSL_RSA: don't leak when BN_dup fails.
test_wolfSSL_i2d_ASN1_TYPE: free ASN1 string whn no ASN1 type to put it
into.
test_tls13_rpk_handshake: don't leak on failure
test_dtls_client_hello_timeout_downgrade: only move memory when test is
wolfSSL_certs_clear, wolfSSL_set_SSL_CTX, SetSSL_CTX: Check return from
AllocCopyDer.
d2i_generic: make sure impBuf is only freed once.
wolfSSL_BIO_write: don't dereference front unless it is not NULL.
wolfssl_dns_entry_othername_to_gn: don't free obj twice
wolfSSL_X509_REQ_add1_attr_by_NID: don't access reqAttributes if NULL.
succeeding.
* Adds RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and Hashing to the CSharp wrapper.
* Adds GitHub action for building the CSharp wrapper solution and running wolfCrypt test and a TLS server/client example.
* Adds "new" API's for wolfCrypt for platforms that cannot tolerate the structs directly.
* Fixes for several scan-build warnings.
Make draft version of ML-DSA compiled in with final.
Use WC_ML_DSA_44_DRAFT, WC_ML_DSA_65_DRAFT and WC_ML_DSA_87_DRAFT for
the level to get the draft implementation.
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API attribute to wolfSSL_Atomic_Int_Init, wolfSSL_Atomic_Int_FetchAdd, and wolfSSL_Atomic_Int_FetchAdd, and add fallback definitions for them, allowing elimination of SINGLE_THREADED implementations of wolfSSL_Ref*(), and allowing ungated use of wolfSSL_Atomic_* calls in api.c.
wolfcrypt/src/dh.c: in wc_DhAgree_ct(), remove frivolous XMEMSET() and stray semicolon.
wolfcrypt/benchmark/benchmark.c: fix bench_rsaKeyGen() to skip tests of key sizes below RSA_MIN_SIZE, and add 4096 bit benchmark if RSA_MAX_SIZE is big enough.
tests/unit.h:
* adopt definitions of TEST_FAIL, TEST_SUCCESS, and TEST_SKIPPED from unit.c, remap TEST_SKIPPED from -7777 to 3, and add TEST_SUCCESS_NO_MSGS, TEST_SKIPPED_NO_MSGS, EXPECT_DECLS_NO_MSGS(), and EXPECT_FAILURE_CODEPOINT_ID, to support existing and future expected-particular-failure test cases without log noise.
* rename outer gate from CyaSSL_UNIT_H to TESTS_UNIT_H.
tests/api.c:
* use EXPECT_DECLS_NO_MSGS() in test_ssl_memio_setup(), test_ssl_memio_read_write(), and test_wolfSSL_client_server_nofail_memio(), and globally update affected expected error codes to correspond.
* use atomics for {client,server}SessRemCount{Malloc,free} to fix races in SessRemCtxCb() and SessRemSslSetupCb().
