FIPS Enhancements
- Initial implementation of OpenSSL FIPS baseline process
- TLS 1.3 KDF updated to use proper wolfCrypt FIPS APIs
- Optimized FIPS CAST startup tests with per-algorithm mutex handling for thread-safe lazy CAST
- Restrict DH keygen to 2048 bits and above for FIPS builds
- Replace-default patch now errors on FIPS builds and allows fetching provider FIPS by name
New Features
- Added seed-src handling for wolfProvider
- Added text encoder for ECC
- Added EC public key auto-derivation from private key
- Added option for debug output to default to silent
- Added RSA-PSS to PKI encoding support
- Added new option to enable unit testing for replace-default mode
Bug Fixes
- Fixed EC public key auto-derive version check for OpenSSL 4.0.0+
- Fixed NULL salt handling in HKDF for proper version-specific behavior
- Fixed const issue with x509 test code and size_t issue in test_ecc.c
- Fixed RSA-PSS command test
- Fixed wolfProvider command-line tests for provider switching
- Fixed distcheck failure
- Standalone install no longer modifies system config
Testing & CI
- Added GitHub CI testing support for wolfProvider
- Added static analysis CI tools
- Refactored command-line tests with unified script code
- Updated CI to wolfSSL v5.8.4 and OpenSSL v3.5.4
- Added support for OpenSSL 3.5.4 and 3.6.0