* The `SANITY_MSG_E` responses in `TLSX_SupportedVersions_GetSize`, `TLSX_SupportedVersions_Write`, `TLSX_Cookie_GetSize` and `TLSX_Cookie_Write` would incorrectly be handled.
* Added build-time checks in `tls13.c` for dependencies on `HAVE_HKDF` and `WC_RSA_PSS`.
Support Draft 28: able to compile code to return BAD_BINDER if no PSKs
match and certificates not to be used.
Change key share implementation to use server preference - server now
checks each client key share's group is in supported_groups extension.
Client and server examples modified to support server preference.
Application can set client's and server's supported groups by rank.
Server's supported groups is sent back in encrypted_extensions if
preferred group is not in client's list - able to be turned off at
compile time.
Application can query server's preferred group from client.
Able to compile using 0x0304 as version instead of draft version.
Fix state machine in TLS 1.3 to support unexpected hello_retry_request.
Also fixes non-blocking.
Fix resumption to use the named group from session.
Fix named group in session structure to be a 2-byte field.
Better detection of errors in message flow.
Fix DoTls13ClientHello when downgrading - don't do TLS 1.3 things.
Not downgrading on client fixed.
Downgrade protocol version from TLS 1.3 when not TLS 1.3 ciphersuite.
Get downgrading from TLS 1.3 and resumption working.
Change earlyData value to an enum.
Support no extensions data (as opposed to zero length extension data) in
TLS 1.3 ClientHello.
Check PSK cipher suite is available to both client and server before
using.
Check first PSK identity chosen when server says it is using early data
at client.
Check PSK extension is last in client_hello on server.
Check the PSK cipher suite to use is supported on client.
Check the returned cipher suite for pre-shared keys is the same as
client expects.
Send alert decrypt_error when verification fails in certificate_verify
or finished message doesn't match calculated value.
Fail when certificate messages recieved in handshake when using PSK.
Validate on the server that EndOfEarlyData message has been recieved
before finished message when server sent EarlyData extension.
Changes made to test.h to allow interop of PSK with OpenSSL.
Changes to allow server to pre-generate key share and perform other
operations at later time.
Fix ChaCha20 code header to have bigger state to support assembly code
for AVX1.
Fix Curve25519 code to use define instead.
Change Curve25519 to memset all object data on init.
Change Poly1305 to put both sizes into one buffer to avoid a second call
to wc_Poly1305Update().
Added WOLFSSL_START and WOLFSSL_END API and calls to show time of
protocol message function enter and leave to analyse performance
differences.
Moved Curve25519 code in KeyShare extension out of general ECC code.
* Added new internal function `wolfSSL_GetMaxRecordSize`.
* Modified tls_bench to use dynamic buffer based on max record size.
* Added comment for DTLS maxFragment calculation.
* Added PK callback context tests for client/server examples (`SetupPkCallbackContexts`).
* Added new test define for `TEST_PK_PRIVKEY` to allows simulating hardware based private key.
* Added new test.h function for loading PEM key file and converting to DER (`load_key_file`).
* Added way to get private key signature size (`GetPrivateKeySigSize`).
* Added new ECC API `wc_ecc_sig_size_calc` to return max signature size for a key size.
* Added inline comments to help track down handshake message types.
* Cleanup of RSS PSS terminating byte (0xbc) to use enum value.
* Fixed bug with PK callback for `myEccVerify` public key format.
* Fixed bug with PK callback for ED25519 verify key buffer in DoServerKeyExchange.
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
Fix handling of ServerHello in TLS v1.3 to support TLS v1.2 when
downgrading.
Added support in client and server examples for using downgrade method:
wolfSSLv23_client_method_ex() or wolfSSLv23_server_method_ex().
Add tests, using downgrade version, of client or server downgrading from
TLS v1.3 to TLS v1.2.
