configure.ac: Get rid of v5-RC8, v5-RC9, v5-RC10, v5-RC11, v5-ready, and v5-dev.
v5-ready is now just ready and v5-dev just dev.
IDE/WIN10/user_settings.h: Make the FIPS blocks define HAVE_FIPS. Change WCv5.0
block to WCv5.0-RC12. Change FIPS Ready block to use HAVE_FIPS_VERSION_MINOR 3
instead of HAVE_FIPS_VERSION_MINOR 2.
Change to build assembly code for ARMv7a with NEON instruction set.
./configure -host=armv7a --enable-armasm
Added ARM32 SHA-256 NEON only implementation.
Add x86_64 assembly code:
- BMI2
- AVX2 (using ymm, slower than BMI2)
- AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
added numerous missing _SMALL_STACK code paths (PK objects on the stack);
in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);
fixes for unsafe strcat()s in tests/quic.c;
fix for unsafe macro WOLFSSL_IS_QUIC();
fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);
fix for signed/unsigned clash in wolfSSL_quic_receive().
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
don't enable sp-math-all asm gates when !ENABLED_ASM;
add --with-arm-target to allow selecting thumb or cortex in conjunction with a full --host tuple (e.g. --host=armv6zk-softfloat-linux-gnueabi --with-arm-target=thumb).
