add WC_GENERATE_SEED_DEFAULT, which defaults to wc_GenerateSeed if not overridden, and replace wc_GenerateSeed with WC_GENERATE_SEED_DEFAULT in various calls to wc_SetSeed_Cb();
linuxkm/linuxkm_wc_port.h: if FIPS <v6 and RDSEED, define WC_LINUXKM_RDSEED_IN_GLUE_LAYER and define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD;
wolfcrypt/test/test.c: update rng_seed_test() with gating and vectors for FIPS v5 with HAVE_AMD_RDSEED or HAVE_INTEL_RDSEED;
wolfssl/wolfcrypt/types.h: add WC_HAVE_VECTOR_SPEEDUPS helper macro, and enlarge fallthrough definition coverage for DISABLE_VECTOR_REGISTERS.
regular word32, and use non-atomics for general flag checking, with a new
implementation of cpuid_get_flags_ex() that is threadsafe by idempotency;
rename strictly-threadsafe cpuid_get_flags_ex() as cpuid_get_flags_atomic()
(strictly accurate return value), and add cpuid_flags_atomic_t and
WC_CPUID_ATOMIC_INITIALIZER, used only for internal manipulation of flags in
cpuid.c where atomicity matters.
wolfcrypt/src/cpuid.c: cpuid_set_flag() and cpuid_clear_flag() thread safety;
wolfcrypt/src/wc_port.c: comments re __ATOMIC_SEQ_CST and __ATOMIC_ACQUIRE;
wolfssl/wolfcrypt/wc_port.h: single overrideable definitions for WOLFSSL_ATOMIC_COERCE_[U]INT(), and comment cleanup.
also added WOLFSSL_USER_DEFINED_ATOMICS.
refactor all static flag initializations to use cpuid_get_flags_ex() for race-free dynamics;
refactor cpuid_set_flags() to be race-free;
wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c: add
* WOLFSSL_ATOMIC_COERCE_INT()
* WOLFSSL_ATOMIC_COERCE_UINT()
* wolfSSL_Atomic_Uint
* wolfSSL_Atomic_Uint_Init()
* wolfSSL_Atomic_Int_AddFetch()
* wolfSSL_Atomic_Int_SubFetch()
* wolfSSL_Atomic_Int_CompareExchange()
* wolfSSL_Atomic_Uint_FetchAdd()
* wolfSSL_Atomic_Uint_FetchSub()
* wolfSSL_Atomic_Uint_AddFetch()
* wolfSSL_Atomic_Uint_SubFetch()
* wolfSSL_Atomic_Uint_CompareExchange()
wolfcrypt/test/test.c: add to memory_test() tests for all atomic macros and APIs;
.github/workflows/pq-all.yml: don't use -Wpedantic for CC=c++ scenario.
wolfcrypt/src/logging.c:WOLFSSL_MSG_CERT_EX(), add missing gating on
defined(XVSNPRINTF);
in src/crl.c:CRL_Entry_new(), fix true-positive nullPointerRedundantCheck;
in src/pk.c:_DH_compute_key(), add bounds checking to ForceZero(priv).
the new implementation of wc_ForceZero from wolfcrypt/src/memory.c to inline in
wolfcrypt/src/misc.c replacing old ForceZero() implementation, and add a wrapper
wc_ForceZero() to wolfcrypt/src/memory.c.
* Store in extensions the full octet string
Store in WOLFSSL_X509_EXTENSION.value always the full contents of the
OCTET STRING of the extension, instead of different type of data
depending on the type of extension. Previously this was only done for
unknown extensions.
* Avoid local variables in 'DecodeExtKeyUsageInternal'
There is a great performance loss on configs using 'WOLFSSL_NO_MALLOC',
'WOLFSSL_STATIC_MEMORY' and 'USE_FAST_MATH' if function
'DecodeExtKeyUsageInternal' uses intermediate variables. This can be
observed running the Zephyr test 'wolfssl_test/prj-no-malloc.conf'.
Avoid using intermediate variables, and use raw pointers to the final
destination instead.
* Add missing calls to 'FreeDecodedCert'
* Return error code from 'wolfSSL_ASN1_STRING_into_old_ext_fmt'
* Fix lines larger than 80
* Allow NULL parameters for 'DecodeAuthKeyId'
* Add comment explaining build option '--enable-old-extdata-fmt'
* Test full OCTET STRING in tests/api.c
* wolfSSL_X509V3_EXT_d2i: Honor 'WOLFSSL_SMALL_STACK'
* zephyr/wolfssl_test_no_malloc: Increase test timeout
* wolfSSL_X509V3_EXT_d2i: Extract repeated code into common part
* wolfcrypt: Remove 'WOLFSSL_LOCAL' from .c files
* wolfcrypt: Change location of functions to make diff easier
