SP ECC signing code was generating signatures with r of 0.
This is not allowed by the algorithm description.
Retry sig gen when r is 0 like when s is 0.
move typedefs for WOLFSSL_CRYPTO_EX_*() from wolfssl/openssl/compat_types.h to wolfssl/wolfcrypt/types.h, grouped with the other EX_DATA-related typedefs, as they are needed whenever defined(HAVE_EX_DATA) regardless of openssl compatness;
properly gate wolfSSL_CTX_get_ex_new_index() and wolfSSL_X509_get_ex_new_index() prototypes on defined(HAVE_EX_DATA).
* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
* Espressif examples run with local wolfSSL (no setup!)
* include.am Espressif local no-setup component files
* cleanup Espressif Example CMakeLists.txt, use function
* multiple wolfSSL installs is now a fatal Espressif build error
* Examples no longer need setup
* CompileAll builds local examples, not IDF_PATH ones
* Espressif compileAllExamples both local & ESP-IDF components
* add wolfssl_test_idf test project
* move VisualGDB projects to subdirectories
* move VisualGDB wolfssl_server to subdirectory
* update include.am for moved VisualGDB project files
* Support rwlock
* Fix typo, ENABLE_SESSION_CACHE_ROW_LOCK with TITAN_SESSION_CACHE
* Implement read lock
- Use read lock for the SessionCache
- Don't copy the
* TLS 1.3: Don't push ticket to cache if we don't retrieve from it
* Detect rwlock support with PTHREAD_RWLOCK_INITIALIZER
* Implement explicit rwlocks
- Mutex's still necessary for signals. Implement explicit rwlocks and we can migrate critical mutexs to rwlocks when necessary.
* Remove WOLFSSL_USE_RWLOCK guard around mutex condLock
* condLock not necessary after all
* Use configure.ac to check for pthread_rwlock_destroy support
* Can't include config.h in wc_port.h as that breaks make distcheck
* Check for pthread_rwlock_t to determine if rwlock is available
* Code review
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
* set the client state correctly when wc_ecc_ctx_set_kdf_salt is called
* add test that covers wc_ecc_ctx_set_kdf_salt
* use shared key and smallstack to reduce test stack usage
Add NIDs for RSA-PSS to OpenSSL compat layer.
Have wc_RsaPublicKeyDecode call wc_RsaPublicKeyDecode_ex where logic for
RSA-PSS handling is already done.
