1. Split the wolfSSL_Rehandshake() function into wolfSSL_Rehadshake()
which performs a full handshake on secure renegotiation and
wolfSSL_SecureResume() which performs a session resumption on a
secure renegotiation.
2. Add option to example client to perform a secure resumption instead
of a full secure handshake.
OCSP uses an identified hash of the issuer's public key to identify the
certificate's signer. (Typically this is SHA-1, but can be any SHA
hash.) The AKID/SKID for the certificates usually are the SHA-1 hash of
the public key, but may be anything. We cannot depend on the AKID for
OCSP purposes. For OCSP lookups, wolfSSL calculates the hash of the
public key based on the copy saved for use with the handshake signing.
For RSA, that was fine. For ECDSA, we use the whole public key including
the curve ID, but for OCSP the curve ID isn't hashed. Stored the hash of
the public key at the point where we are looking at the key when reading
in the certificate, and saving the hash in the signer record.
1. Add error code for trying to retransmit a flight when transmitting
the flight hasn't finished.
2. Add function to retransmit the stored flight without updating the
timeout count.
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
1. Add an extra guard check around a call to SendHelloRequest() in the case where server renegotiation is disabled.
2. Replaced an accidental deletion of an include of the misc.h header for no inline builds.
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
1. Fix an incorrect function entry log string.
2. Restart the server's accept state assuming the client hello was
received when the client initiates renegotiation.
1. Add enables to the example server for turning on secure renegotiation.
2. Add encryption assists to the handhshake message handler functions.
3. Add a hello request message function. Includes handshake timing pre/postambles.
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
Fixed wrong error checks, changed return value to the size of the derived key, added support for the case where data == NULL and removed the assignment of constant value to info->ivSz (the correct value is assigned to it inside 'wc_EncryptedInfoGet')
