Re-implemented wc_PKCS12_PBKDF() to not use MP. Added tests to
unit.test.
sp_int.c:
Fixes to comments.
Added more define build options documentation to top of file.
Fixes for builds with WOLFSSL_SP_INT_NEGATIVE defined.
Fixes for when a->used is 0 and no underflow - not actually a problem
but cleaner code.
sp_sub has different checks on a->used when values are only positive.
sp_dic_2d missing check for e less than zero.
sp_to_unsigned_bin_len_ct: remove redundant check of outSz. Change i
to int to handle a->used of 0 and make code tidier.
Configuration testing fixes.
Fix formatting in test.c.
Added 128-bit types word128 and sword128 for cleaner PKCS#12 code.
Forward declarations in asn.c and asn_orig.c now use guard transitions
(same mechanism as the function bodies) so consecutive declarations with
the same feature guard are grouped in a single #ifdef/#endif block rather
than each having its own open/close pair.
Also removed the now-redundant _find_func_outer_guards calls from
_emit_split_body_orig; outer feature guard context is emitted at the
generate_asn_orig loop level, not inside the per-block emitters.
Both modes still build and pass tests (5 PASS, 0 FAIL each).
Three fixes for guard-context correctness in the ASN.1 code split:
1. Strip WOLFSSL_ASN_ORIG_INCLUDED from forward declaration wrappers.
The file-guard was being applied to fwd decls in asn.c, but at the
fwd-decl site that macro is not yet defined, so #ifndef ... #else
inverted the condition and hid all declarations.
2. Add outer feature guard tracking. Large feature sections (HAVE_OCSP,
HAVE_CRL, WOLFSSL_CERT_GEN, etc.) that span many functions in asn.c
are now tracked and re-emitted around the corresponding blocks in
asn_orig.c, fixing 'unknown type name' errors in minimal builds.
3. Collect multi-line #if continuations in the outer guard map so that
full guard conditions (e.g. #if !defined(NO_RSA) && \ continued
across lines) are stored and compared as complete strings, preventing
duplicate guard emission.
Both modes build and pass tests (5 PASS, 0 FAIL each):
./configure --enable-asn=original && make check
./configure && make check
Add settings.h include before the compile guard in asn_orig.c so
WOLFSSL_IGNORE_FILE_WARN is available when compiled separately.
Add -Wno-pedantic for asn_orig.c in async examples Makefile to
suppress empty translation unit warning.
- wolfSSL_X509_verify_cert: add host check from `ctx->param`
- wolfSSL_X509_verify_cert: Set `ctx->error_depth` on error
- Use WOLFSSL_-prefixed error constants (always available) instead of
OPENSSL_COEXIST-guarded macros, fixing error code mismatch in
coexist builds
- Set ctx->current_cert = orig on hostname/IP mismatch so error
reporting aligns with error_depth = 0 (leaf cert)
- Add IP address verification test cases (match + mismatch)
- Copy TLS 1.3 traffic secrets and DTLS 1.3 epoch/cipher state to the
write-dup side in DupSSL so key updates can be performed.
- Delegate KeyUpdate responses from the read side to the write side via
the shared WriteDup struct, for both peer-initiated and local key
updates.
- Delegate DTLS 1.3 ACK sending from the read side to the write side.
- Track DTLS 1.3 KeyUpdate ACKs: write side records the in-flight
KeyUpdate epoch/seq, read side sets keyUpdateAcked when the matching
ACK arrives.
- Delegate post-handshake certificate authentication (CertificateRequest
processing) from the read side to the write side, transferring
transcript hashes, cert context, and signature parameters.
- Reset prevSent/plainSz to prevent stale values from SendData to think
that data was already sent.
- Refactor FreeHandshakeHashes into Free_HS_Hashes for reuse.
- Move DTLS 1.3 epoch initialization earlier in InitSSL so the
write-dup early-return path has valid epoch state.
- Add tests for write dup with all protocol versions, key update,
post-handshake auth, and WANT_WRITE recovery.
- Add --enable-all --enable-writedup to CI os-check matrix.
wolfssl/ssl.h, examples/client/client.c, examples/server/server.c, src/bio.c, tests/api.c: add error tracing for WOLFSSL_SHUTDOWN_NOT_DONE.
tests/api.c: in test_wolfSSL_read_write_ex(), use WOLFSSL_SUCCESS rather than 1 for expected-success wolfSSL_shutdown()s, and add note that the wrong value is being returned (the test currently always fails, which is masked by an always-success retval).