New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.
Added bunch of OID names into asn1 example.
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;
configure.ac: clarify error message for "SP ASM not available for CPU."
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
- Add option to disable ECH
- InitSuites: clean up DTLS paths
- wolfSSL_parse_cipher_list: remove WOLFSSL_MAX_SUITE_SZ setting
- wolfSSL_parse_cipher_list: add rationale for keeping ciphersuites
- test_dtls_frag_ch: ECH and ciphersuites were pushing the ClientHello message over the fragmentation limit. Disabling ECH and limiting ciphersuites fixes the test.
* Add TLSv1.3 stateful support
Fix internal and external session cache
* session cache fixes
* Refactor
- implement wolfSSL_CTX_flush_sessions
- use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic
- add dtls to test_wolfSSL_CTX_add_session_ext
- DoClientTicket_ex does not modify ssl object
- only call session remove callback on:
- timeout
- session is being overwritten/removed from the cache
* Session fixes
- restore bogus ID on session duplicate
- don't evict on overwrite
- use memmove instead on memcpy as `ssl->session == session` is possible
- ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF
- use sessionID when altSessionID not present
* Session fixes
- DoClientTicketFinalize: always copy in the ID as teh altSessionID
- don't overwrite ex_data when overwriting cacheSession and cacheSession owns it
* Callback wants to retain a copy
* wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here
* test_wolfSSL_CTX_add_session_ext
gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME
* TlsSessionIdIsValid: copy return can't be ignored
* Silence unused parameter
* test_wolfSSL_CTX_add_session_ext: handle async case
* Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE
* ssl.c: style fixes
* Add twcase_get_sessionCb_cleanup to free external cache
* Remove hard tab
* Correct build error in wolfSSL_CTX_flush_sessions
* Jenkins fixes:
- altSessionID only available with WOLFSSL_TICKET_HAVE_ID
- slim out psk_sess_free_cb_ctx
* Stateful dtls case has 2 accesses. Stateless just one.
* Add version numbering to hostap logs
* Import internal.h for test_wolfSSL_SESSION_get_ex_new_index
* wolfSSL_SetSession: don't check SslSessionCacheOff for session setting
* wolfSSL_SetSession: fully set expired session for OpenSSL compatibility
* wolfSSL_SetSession: check if setting same object
* AddSession: always populate the session object to allow re-use
* Add logging to wolfSSL_NewSession and wolfSSL_FreeSession
* Always setup session object
* Check if session has been setup before setting it
* Print errors in async test
* Make SetupSession available outside NO_SESSION_CACHE
* Review comments
* Fix ticBuf leak and TlsSessionIdIsValid logic
* Fix unmatched curly brackets
* TlsSessionIdIsValid: always need to check copy var
* TlsResumptionIsValid: set resume to FALSE default
* wolfSSL_SetSession: remove now variable since only used in one place
* Move internalCacheLookupOff into HAVE_EXT_CACHE block
---------
Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
