* stunnel 5.67 support
- ssl->session->ticketAdd may be set when parsing a ticket before PSK
- PSK binders should be calculated based on ciphersuite associated with PSK
- Add option to prioritise PSK order instead of ciphersuite order
- Update ctx->method->version when using Set_CTX_max_proto_version API
- Simplify wolfSSL_parse_cipher_list
- Keep copy of old list and then add in the previous ciphersuites depending on whether we are doing only TLS 1.3 ciphersuites or not
- Specify CRL revocation in alert
- Match reason string to match OpenSSL
- Add support for external data callbacks for WOLFSSL_SESSION
* Upref the session for stunnel instead of duplicating it
* Add small stack option for wolfSSL_parse_cipher_list
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
wolfSSL_EC_POINT_set_affine_coordinates_GFp wasn't checking the point is
valid for the curve. Added call to check point when setting.
Made check available for opensslextra.
Fixed test to have valid ordinates to set.
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
fix file descriptor leaks in AF_ALG code, and fix return codes (WC_AFALG_SOCK_E, not -1) in afalg_aes.c;
fixes for sanitizer-detected forbidden null pointer args in AfalgHashUpdate() and AfalgHashCopy();
fixes for resource leaks in api.c test_wolfSSL_AES_cbc_encrypt() (missing wc_AesFree()s);
fixes for resource leaks in test.c openssl_test() (missing wolfSSL_EVP_CIPHER_CTX_cleanup());
also some local fixes for bugprone-signed-char-misuse, readability-redundant-preprocessor, and clang-diagnostic-strict-prototypes, in src/pk.c and src/ssl.c.
Reworked the implementations of the EC APIs including:
wolfSSL_EC_curve, wolfSSL_EC_METHOD, wolfSSL_EC_GROUP,
wolfSSL_EC_POINT, wolfSSL_EC_KEY, wolfSSL_ECDSA_SIG, wolfSSL_ECDSA and
wolfSSL_ECDH.
Added support for EC parameters to PEM decoding.
EccEnumToNID() moved out of wolfCrypt - it maps NIDs defined in
wolfssl/openssl/ec.h to those in wolfssl/wolfcrypt/ecc.h.
Moved wc_OBJ_sn2nid() out of wolfCrypt - implementation uses
EccEnumToNID().
Changed reference counding to use wolfSSL_Ref.
Added tests to api.c that increase coverage of EC APIs.
- Allocate ssl->suites when necessary for the WOLFSSL object to have its own instance. Use AllocateSuites() to allocate the object.
- Move cipher negotiation options from Suites into Options
ZD15346
Hideki Miyazaki
Andras Fekete
Anthony Hu
tim-weller-wolfssl
David Garske
Sean Parkinson
Juliusz Sosinowicz
tmael
jordan
Marco Oliverio
JacobBarthelmeh
Daniel Pouzzner
Kareem
Juliusz Sosinowicz
John Safranek