TLS 1.3 Early Data can be used with PSK and not session tickets.
If only TLS 1.3 and no session tickets then no resumption.
External sites don't support TLS 1.3 yet.
1. Define Timeval in callbacks.h if the file sys/time.h is missing.
2. When picking the correct strtok() function, take into account MINGW64.
3. In the example server, changed the call to SSL_accept_ex() as it doesn't exist. Using wolfSSL_accept_ex(). Only a problem when setting WOLFSSL_CALLBACKS.
4. PickHashSigAlgo() is missing a ; when WOLFSSL_CALLBACKS is set.
It is highly recommended that the PSK be different for each protocol.
Example callback already returns a different key for TLS 1.3.
New callback includes the ciphersuite, as a string, to use with the key.
1. Modify the other OCSP Stapling scripts to better manage the OCSP responder.
2. Modify the client's W option to take:
- 1 for Stapling v1
- 2 for Stapling v2
- 3 for Stapling v2 MULTI
3. Modify the client to disallow stapling v2 with TLSv1.3.
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
1. strncat() does not like to copy single byte strings with "n = 1", as it won't null-terminate.
2. strncpy()'s len parameter is the size of the dst not the src.
3. Replaced the echoserver HTTP response composition of const strings with a copy of a single string.
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
Fix states in TLS 1.3 connect and accept to be monotonically increasing
by 1.
Always have a new state after a buffer is constructed to be sent.
Add non-blocking support into TLS benchmark and support TLS 1.3.
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
