New features
- Add KBKDF (Key-Based Key Derivation Function) implementation
- Add KRB5KDF (Kerberos 5 Key Derivation Function) implementation
- Add AES-CTS (Ciphertext Stealing) cipher mode implementation
- Add RSA encrypt/decrypt operations without padding
- Add option to replace OpenSSL default provider with wolfProvider
- Add dynamic logging capabilities based on environment variables
- Add Debian packaging support
- Add command-line integration tests for AES, RSA, RSA-PSS, Hash, and ECC operations
- Improve FIPS support and testing capabilities
- Add extensive integration testing with 30+ applications including gRPC, OpenSSH, libssh2, OpenSC/PKCS11, systemd, Qt5, and more
Fixes
- Fix AES-GCM stream handling and authentication tag failure handling for FIPS builds
- Fix AES-CBC IV handling for consecutive calls
- Fix AES cipher handling to accept NULL/0 input
- Fix RSA decode and empty keygen OID handling with FIPS
- Fix RSA PSS decoding to properly reject non-PKCS8 keys
- Fix RSA key import edge cases and keygen retry loop for FIPS
- Fix ECC public key validation and parameter handling
- Fix ECC signing with SHA1 restriction only for FIPS
- Fix ECC type-specific public key encode/decode
- Fix EdDSA key clamping on import/export
- Fix DH for FIPS builds and public key decoding
- Fix DH parameter and private key handling
- Fix core libctx handling to create new child libctx
- Fix locking around signature operations
- Fix FIPS error messaging for silent wolfSSL errors
- Fix build script issues for Debian packages