1. Changed the _InitHmac() function in ssl.c to have a different name.
2. Added switch in ssl.c to use _InitHmac or _HMAC_Init depending on FIPS option.
1. Update gitignore with some more VS outputs.
2. Update the Windows IDE user settings with FIPSv2 settings.
3. Remove redundant _InitHmac() function from ssl.c.
4. In wc_DhGenerateParams(), initialize the groupSz and bufSz to 0.
5. In wc_DhExportParamsRaw(), initialize pLen, qLen, and gLen to 0.
6. In wc_MakeRsaKey(), initialize isPrime to 0.
7. In ecc_test_make_pub(), initialize exportBuf and tmp to NULL and initialize the ECC key before any chance of trying to free it.
8. In fips_test.h header, update types.h include to use the wolfCrypt types rather than ctaocrypt types.
9. In fips_test.h header, change the visibility tags on all the function prototypes to use the WOLFSSL tags rather than CYASSL.
10. Change the wolfCrypt visibility tags to use CyaSSL's tags for old FIPS and the regular tags for new FIPS and non-FIPS builds.
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
* The `SANITY_MSG_E` responses in `TLSX_SupportedVersions_GetSize`, `TLSX_SupportedVersions_Write`, `TLSX_Cookie_GetSize` and `TLSX_Cookie_Write` would incorrectly be handled.
* Added build-time checks in `tls13.c` for dependencies on `HAVE_HKDF` and `WC_RSA_PSS`.
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
Some versions of GCC on the Mac will not run the file aes_asm.s through the preprocessor. There are some ifdefs in the file that are included when they shouldn't be. This is not a problem on Linux. Renaming the file to have a capital S extension forces the assembler to run with the preprocessor.
* More cleanup to move PEM functions from ssl.c to asn.c (`wolfSSL_CertPemToDer`, `wolfSSL_KeyPemToDer`, `wolfSSL_PubKeyPemToDer`). Renamed these API's to `wc_` and added backwards compatability macro for old function names.
