wolfProvider v1.1.0

New features

• Add KBKDF (Key-Based Key Derivation Function) implementation
• Add KRB5KDF (Kerberos 5 Key Derivation Function) implementation
• Add AES-CTS (Ciphertext Stealing) cipher mode implementation
• Add RSA encrypt/decrypt operations without padding
• Add option to replace OpenSSL default provider with wolfProvider
• Add dynamic logging capabilities based on environment variables
• Add Debian packaging support
• Add command-line integration tests for AES, RSA, RSA-PSS, Hash, and ECC operations
• Improve FIPS support and testing capabilities
• Add extensive integration testing with 30+ applications including gRPC, OpenSSH, libssh2, OpenSC/PKCS11, systemd, Qt5, and more

Fixes

• Fix AES-GCM stream handling and authentication tag failure handling for FIPS builds
• Fix AES-CBC IV handling for consecutive calls
• Fix AES cipher handling to accept NULL/0 input
• Fix RSA decode and empty keygen OID handling with FIPS
• Fix RSA PSS decoding to properly reject non-PKCS8 keys
• Fix RSA key import edge cases and keygen retry loop for FIPS
• Fix ECC public key validation and parameter handling
• Fix ECC signing with SHA1 restriction only for FIPS
• Fix ECC type-specific public key encode/decode
• Fix EdDSA key clamping on import/export
• Fix DH for FIPS builds and public key decoding
• Fix DH parameter and private key handling
• Fix core libctx handling to create new child libctx
• Fix locking around signature operations
• Fix FIPS error messaging for silent wolfSSL errors
• Fix build script issues for Debian packages

wolfProvider v1.0.2

New features

• Add RSA X931 signature algorithm implementation
• Add DES3-CBC cipher implementation
• Add PSS encoding support for PKCS8 private keys
• Add option to build from FIPS bundle
• Improve AES-GCM performance
• Set minimum RSA key size to 1024 bits
• Add integration testing with nginx, curl, and OpenVPN

Fixes

• Fix RSA key type setting on import
• Fix RSA parameter handling when getting parameters
• Fix RSA import for Python use cases
• Fix RSA and ECC keypair matching
• Fix AES-GCM stream IV handling for OpenSSH workflows
• Fix AES-CBC IV handling on reinit with NULL IV
• Fix PKCS8 decoder to properly allow fallback decoding on failure
• Fix parameter handling for EC encoding in OpenSSL genpkey flow
• Fix HKDF handling to allow setting NULL/0 salt

wolfProvider v1.0.1

New features

• Add test-sanity script
• Add FIPS testing
• Add a sanity check to make sure we can connect to external servers
• Add more logging of calls
• Add helpful failure messages
• Add in simple logging for wolfProvider
• Use custom list of supported settable parameters
• Add simple Github Action
• Add in declarations and calls to tests
• Add AES CFB encryption/decryption + tests

Fixes

• Fix for openssl denying connections
• Fix wp_corebio_get_bio

wolfProvider v1.0.0

This is the first release of wolfProvider. It is similar to wolfEngine (which
creates a library to interface with OpenSSL 1.x). WolfProvider interfaces with
OpenSSL 3.x using our wolfCrypt cryptography module.

This first release has sample applications for Android as well as XCode (iOS).
In addition, there are utility scripts added as a convenience for compiling
all the dependencies of wolfProvider.

Refer to README.md for more details