Move EC and RSA code out of pk.c into separate file.
Move out of ssl.c into separate files:
- Certificate APIs
- CRL/OCSP APIs
- Public Key APIs
- ECH
Internal Certificate Manager APIs pulled out into ssl_certman.c.
d2i and i2d WOLFSSL_EVP_PKEY APIs pulled out into evp_pk.c.
Fix formatting.
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.
wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
* More PQC configurations
* More CMake setups
* Fix various bugs uncovered by these tests
Added some missing feature additions to CMake to make the example
`user_settings_all.` config file work for the CI test.
Update ret code to match docs and update docs
Replace magic numbers with appropriate define
Define MAX_ENTROPY_BITS when MEMUSE not enabled
Fix type cast windows detection
Older FIPS modules still need the old check
CodeSpell you're wrong, that is what I want to name my variable
Turn the hostap into a manual dispatch until it gets fixed
Upon closer review we can not skip the test when memuse enabled
Fix whitespace stuff found by multitest
More syntax things
Correct comments based on latest findings
When both TLS 1.3 and Brainpool curves are enabled, three new groups can
be used for the ECDHE key exchange according to RFC 8734:
* WOLFSSL_ECC_BRAINPOOLP256R1TLS13 (31)
* WOLFSSL_ECC_BRAINPOOLP384R1TLS13 (32)
* WOLFSSL_ECC_BRAINPOOLP512R1TLS13 (33)
Also ensure that the existing TLS 1.2 curves are sent properly.
The TLS client application is updated to support handshakes via
Brainpool curves using the new argument "--bpKs".
wolfssl/wolfcrypt/settings.h: classify OPENSSL_EXTRA as "desktop type system" in bump up of default FP_MAX_BITS and SP_INT_BITS;
wolfssl/wolfcrypt/types.h: if WC_32BIT_CPU, don't define WC_64BIT_CPU.
When wolfSSL_SetVersion() is called to set a specific TLS version,
the downgrade flag is now set to 0. This causes wolfSSL_parse_cipher_list()
to no longer preserve cipher suites from the other TLS version group.
Previously, when using SSLv23 method and setting cipher suites for only
one TLS version (e.g., TLS 1.2), the library would preserve any existing
cipher suites from the other version (e.g., TLS 1.3) for OpenSSL API
compatibility. With this change, if a specific version is set via
wolfSSL_SetVersion(), only the cipher suites for that version are kept.