This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
1. For OCTEON builds, leave out the "-DCVMX_BUILD_FOR_LINUX_HOST" option
from CFLAGS by default so it makes standalone host builds.
2. Add a check of the variable OCTEON_HOST for linux to add back in the
"-DCVMX_BUILD_FOR_LINUX_HOST" to CFLAGS.
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
For the sync QAT, the QAT headers are included into the library after it
has been built and is being used. The actual headers should only be used
when building wolfSSL and should be hidden from the user.
1. Most of the functions in the sync QAT and OCTEON headers don't need
to be exported. Move all of that into the source files. Only export the
init and deinit functions.
2. Remove inline from the OCTEON support functions.
3. Remove the AES-ECB files for sync OCTEON as unused.
4. Configure defaults to OCTEON2 build, can be overridden with variable.
1. Add configure option for sync IntelQA that uses the crypto callback API.
2. Make a synchonous copy of the quickassist files.
3. Tie in the crypto device to the sniffer.
4. When making a sniffer build, define static DH enabled.
5. The readme files in the Cavium were being added to the distro optionally, changed to always add the readme files.
6. Added an include of the cavium_octeon header in the wc_ports.c.
7. Updated the Cavium OCTEON callback for AES-GCM.
8. Add the global tag to the list of crypto callback function pointers.
9. Add an accessor to the OCTEON crypto callback module to return the device ID of the OCTEON device.
10. Add a new version of ssl_SetWatchKeyCallback which takes an additional parameter of a device ID. This ID is used to set up the wolfSSL_CTXs in the sniffer session trackers.
11. Update the benchmark to use sync OCTEON and QAT.
1. Add --enable-libwebsockets option
2. Add OPENSSL_NO_EC (used in libwebsockets)
3. Add SSL_MODE_RELEASE_BUFFERS and debug message for when wolfSSL_CTX_set_mode doesn't recognize a mode.
