wolfcrypt/src/port/af_alg/afalg_aes.c: check for null key arg;
configure.ac: rename BUILD_FIPS_CURRENT to BUILD_FIPS_V2_PLUS (no functional change), and remove unused ARMASM_DIST_SOURCES set up code added in #9332;
src/include.am:
* set up $(ARMASM_SHA256_C), and use it to properly include wolfcrypt/src/sha256.c alongside armasm when appropriate;
* fix gating on Curved25519 armasm (BUILD_FIPS_V6_PLUS, not BUILD_FIPS_V6);
tests/api/test_aes.c and wolfcrypt/test/test.c: gate out incompatible coverage for WOLFSSL_AFALG and WOLFSSL_KCAPI (test_wc_AesCbcEncryptDecrypt_MultiBlocks(), test_wc_AesCtrSetKey*(), test_wc_AesCtrEncrypt*(), test_wc_AesGcmEncryptDecrypt_Sizes()).
x509.c: realloc may fail and therefore need to store result in a
temporary so the old pointer is not lost.
tls.c: free the name if it is not pushed on to the stack of peer CA
names. Failure to push can be from memory allocation failure.
aes.c: Don't compile XTS decrypt functions without HAVE_AES_DECRYPT.
Fix tests to have better pre-processor protection.
configure.ac:
* add ML-KEM, ML-DSA, XMSS, and LMS to --enable-all-crypto when !ENABLED_FIPS.
* swap order of --enable-kyber and --enable-mlkem handler code to put mlkem first.
* add --enable-mldsa hander code.
* remove setup code that was adding -DWOLFSSL_NO_TLS12 and -DNO_OLD_TLS to
AM_CFLAGS when ENABLED_CRYPTONLY -- NO_OLD_TLS is already defined earlier for
when ENABLED_CRYPTONLY, and WOLFSSL_NO_TLS12 breaks wc_PRF_TLS(), which is
inside-the-FIPS-boundary crypto.
linuxkm/linuxkm_wc_port.h:
* adopt the WC_SANITIZE_DISABLE and WC_SANITIZE_ENABLE setup code from
settings.h (where it didn't belong).
* fix FIPS remapping of wc_InitMutex&friends to InitMutex&friends -- inhibit
when WOLFSSL_API_PREFIX_MAP.
wolfcrypt/src/ge_operations.c: add _wc_curve25519_dummy() to fix visibility of
curve25519().
wolfcrypt/src/poly1305.c: fix visibility of several unprefixed helper routines.
wolfcrypt/test/test.c: fix gating on tls12_kdf_test() and prf_test() (both
require !WOLFSSL_NO_TLS12).
wolfssl/internal.h, wolfssl/wolfio.h: add several WOLFSSL_API_PREFIX_MAPs.
wolfssl/wolfcrypt/ge_operations.h: fix visibility of several internal asm
functions.
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM setup, add gates to avoid redef
warnings for various settings, and remove the setup for
WC_SANITIZE_{DISABLE,ENABLE} (moved to linuxkm_wc_port.h as noted above).
wolfssl/wolfcrypt/wc_port.h: add WOLFSSL_API_PREFIX_MAPs for InitMutex() and
friends.
define WOLFSSL_API_PREFIX_MAP in WOLFSSL_LINUXKM setup in settings.h;
fix gates on WOLFSSL_HAVE_PRF and WOLFSSL_NO_CT_OPS setup in settings.h;
linuxkm/: add support for FIPS_OPTEST.
Order of preference, based on algorithms compiled in, to use with HMAC
for TLS 1.3 cookie:
1. SHA-256
2. SHA-384
3. SHA-512
4. SM3
Make code compile and unittest pass when SHA-256 not compiled in.
Certificates used for testing require SHA-256 so handshake testing
fails.
rename WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS to WOLFSSL_USE_SAVE_VECTOR_REGISTERS, and wherever appropriate, replace defined(WOLFSSL_LINUXKM) with defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS).
rename WC_WANT_FLAG_DONT_USE_AESNI to WC_WANT_FLAG_DONT_USE_VECTOR_OPS.
rename lkm_printf() to wc_km_printf().
replace WOLFSSL_LINUXKM gates on kernel-incompatible includes with header-specific gates NO_STRING_H, NO_STDINT_H, NO_LIMITS_H, NO_CTYPE_H, NO_STDLIB_H
remove low level threading setup section of wolfssl/internal.h, which duplicated existing logic in wc_port.h, except for off-topic WOLFSSL_APACHE_MYNEWT TLS-layer setup, which is preserved, and a defined(__NT__) clause, which is now merged into the existing section in wc_port.h.
The `ACVP_VECTOR_TESTING` blocks the clearing of the output when an auth
tag check fails. This causes a test for that scenario to fail, so don't
do that test whcn `ACVP_VECTOR_TESTING` is defined.
