Disable ECC but have OPENSSL_EXTRA and curve25519 - fix #ifdef
protection in ssl.c.
tests/api.c:
SSL_SESSION_get_max_fragment_length is not available when no session
cache.
ASN1 APIs using generalized time disabled when NO_ASN_TIME defined so
disable tests.
Fixes from memory allocation failure testing.
Also:
fix asn.c to have ifdef protection around code compiled in with dual
algorithm certificates.
fix test_tls13_rpk_handshake() to support no TLS 1.2 or no TLS 1.3.
fix wc_xmss_sigsleft() to initialize the index to avoid compilation
error.
Impemented FIPS 204 (Draft) Module-Lattice-Based Signature Standard.
Implementation include making a key, signing and verification.
Make key API added.
Updated liboqs calls to use ML-DSA implementation instead of Dilithium.
* in wc_port.h, add XWRITE and XREAD definitions and include <io.h>;
* in wolfSSL_BIO_read(), implement Windows support for XREAD and XWRITE;
* in wolfSSL_BIO_write_filename(), add 'b' flag to XFOPEN flags;
* in wolfSSL_RAND_file_name(), add support for XALTHOMEVARNAME, and add Windows definition for it to wc_port.h alongside XWRITE and XREAD.
fixes test_wolfSSL_BIO, test_wolfSSL_X509_print, test_wolfSSL_RAND, test_wolfSSL_RSA_print in cross-mingw-all-crypto scenario.
- Fix BIO_BIO type
- Set retry flags correctly
- Add CRL callback
- Copy the alt names instead of trying to share a pointer
- Allow calling wolfSSL_get_servername on client side (to get the requested name)
- Return the chain in wolfSSL_X509_STORE_CTX_get_chain in the correct order
- Peer first, top CA last
- Fix leak in RebuildFullName
- Add CopyString helper function
- Implement
- X509_CRL_dup
- ASN1_UTCTIME_set
- X509_STORE_CTX_get0_param
- X509_STORE_get0_param
- X509_STORE_set_verify_cb
- X509_STORE_set_get_crl
- X509_set1_notAfter
- X509_set1_notBefore
1. Modify wolfSSL_CTX_load_static_memory() to use wc_LoadStaticMemory()
instead of reimplementing it.
2. Initialize the pointers in wc_LoadStaticMemory() to null.
3. Whitespace changes.
asn1.c: Allow sample to build without coding (base64 decoding).
set_curves_list(): function for ECC, Ed25519, Ed448 but this block of
code is ECC only. Fixed #ifdef protection.
wolfSSL_CTX_set1_curves_list and wolfSSL_set1_curves_list also available
when Curve25519/Curve448 compiled in but not ECC.
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
* Support for external keys (CryptoCb interface)
* Support for usage in mutual authentication
* better entity cert parsing
* Fix for Zephyr port to support the feature
* Check key support
* Proper validation of signatures in certificate chains
* Proper validation of peer cert with local issuer signature
(alt pub key is cached now)
* Support for ECC & RSA as alt keys with PQC as primary
* Support for PQC certificate generation
* Better support for hybrid signatures with variable length signatures
* Support for primary and alternative private keys in a single
file/buffer
* More API support for alternative private keys
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
