1. Remove redundant calls to the generate function when instantiating
and reseeding the DRBG.
2. Added note to the apparently redundant extra call to the generate
function when running the self test. This extra call is there to make
sure the internal state is updating correctly as a part of the KAT.
3. Removed duplicate enable argument clause for rng from configure.ac.
Consolidate all the AM_CONDITIONAL statements in one place in the
configure process. This replaces the set of repeat checks of enable
flags to conditionally check the AM_CONDITIONAL.
New compile time option WOLFSSL_PSK_ONE_ID. Indicates one identity
available. No need for client to call callback when generating binder -
already cached.
* Fixes for building wolfSSL from GitHub sources download, where .git does exist. The autogen.sh still needs to "touch" files for the build to work.
* Fix for FIPS case where `wc_RsaSetRNG` is not available.
* Added new `./configure --enable-usersettings` option to not populate the Makefile with build options and instead define `WOLFSSL_USER_SETTINGS` and expect a user provided `user_settings.h` file.
* Fix for `HAVE___UINT128_T` to match config.h generated value to eliminate warning.
1. Rearrange the deprecation cryptodev option so it doesn't overwrite the cryptocb option, and so it doesn't break its case in the build-test.
2. Fix the content length in the sample HTTP used by the example server.
3. Disable OCSP stapling in the example server if RSA is disabled.
4. Fix a variable in asn.c that was declared in the middle of its scope.
5. Retag the xmalloc, xrealloc, xfree functions used in the memory test as WOLFSSL_API like all the other allocators, instead of extern.
Bump the version number in configure.ac and updated the version.h. The
library version wasn't updated between v3.15.7-stable and the snapshot
v3.15.8, so I bumped it for this release.
One of the external sites contacted for the OCSP stapling test
increased the size of one of their intermediate certificates. The test
failed silently as the certificate was ignored. Increased the
FP_MAX_BITS so that the test can pass with the enable-all option. That
option was setting the FP_MAX_BITS for 3072-bit certificates, and the
site in question is using a 4096-bit certificate.
Added an API for enabling the Trusted CA Key Indication extension from
RFC6066 section 6. If the server doesn't have a match for the client,
the client will abandon the session.
In at least one environment the check for particular AR options was
failing due to a bash script bug. Deleted an extra pair of parenthesis
triggering an arithmetic statement when redundant grouping was desired.
Fix wc_ecc_fp_free() to be called when using HAVE_STACK_SIZE.
Increase size of replyin client.c so all HTTP reply is displayed.
Fix api.c to support only Ed25519 (not RSA and ECC)
Fix suites.c to detect when CA for client won't work (Ed25519 only)
For Static Memory add debugging and small profile.
Also allow realloc to be called with NULL.
Add more Ed25519 certs and keys.
Fix names of Ed25519 filenames for client and server.
Do NOT turn on ECC_SHAMIR by default with lowresource.
Enable WOLFSSL_STATIC_MEMORY_SMALL if low resource and no RSA.
Add support for the fixed FFDHE curves to TLS 1.2. Same curves in TLS
1.3 already. On by default - no checking of prime required.
Add option to require client to see FFDHE parameters from server as per
'may' requirements in RFC 7919.
Change TLS 1.3 ClientHello and ServerHello parsing to find the
SupportedVersions extension first and process it. Then it can handle
other extensions knowing which protocol we are using.
hardware acceleration with RSA
add AES-GCM hardware acceleration
refactor setting RSA IV flag
check and set AF_ALG flags
fix for default AF_ALG use
set buffer alignment with Xilinx RSA
macro guard after rebase
use ALIGN64
clean up test cases
