1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
1. Updated to the most recent copy of ax_pthread.m4.
2. Removed the darwin-clang check m4.
3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib.
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS.
2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
Change KeyShare number.
Support SignatureAlgorithmsCert extension - nothing done with
information as only one chain supported on server.
Compiling for Draft 22 supported: --enable-tls-draft22
Compiling for Draft 18 still supported.
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.