- Add generating Chimera (dual-algorithm) certificates, enabling conventional and post-quantum signatures on a single X.509 cert by @Yu-Ma28051503 (PR 182)
- Implement OCSP client and OCSP responder with both HTTP and SCGI transports, allowing the responder to be fronted by nginx in production by @julek-wolfssl (PR 200)
- Port shell-based tests to Python (unittest) so the test suite can run on Windows in addition to Linux/macOS by @julek-wolfssl (PR 215)
- Support passing an explicit key file to the enc command instead of deriving the key from a password by @embhorn (PR 224)
- Improve x509-req test coverage by @kojiws (PR 188)
- Fix README examples and setting of the subject name in the req command by @Yu-Ma28051503 (PR 191)
- Check that the keystring is present before use to avoid a segfault in the pkey command by @anhu (PR 192)
- Fix enc command handling of the legacy algorithm name format (e.g. aes-128-cbc) by @lealem47 (PR 193)
- Remove redundant manual null-termination already added by the compiler for string literals by @anhu (PR 194)
- Sign/verify with ML-DSA now passes a context for interop with OpenSSL signatures by @anhu (PR 195)
- Fix path concatenation in wolfCLU_CertSignAppendOut so generated output paths are well-formed by @kojo1 (PR 197)
- Document build prerequisites (autoconf, automake, libtool) in the README by @kareem-wolfssl (PR 201)
- Fix out-of-bounds writes when processing argv by @miyazakh (PR 202)
- Fix wrong variable used when storing the RSA exponent by @miyazakh (PR 203)
- Fix potential double-free by @miyazakh (PR 204)
- Fix null pointer check by @miyazakh (PR 205)
- Fix XFWRITE being called with a negative size by @miyazakh (PR 206)
- Fix use-after-free by @miyazakh (PR 207)
- Fix unreachable if condition by @miyazakh (PR 208)
- Update post-quantum groups list to match the latest wolfSSL by @Frauschi (PR 209)
- Fixes from static analysis @yosuke-wolfssl (PR 210)
- Fix compile and unit test failures by @miyazakh (PR 211)
- Fix stack buffer overflow in encryption setup by @miyazakh (PR 212)
- Fix shell command injection by @miyazakh (PR 213)
- Fix read of exactly MAX_LEN bytes being treated as an error by @miyazakh (PR 214)
- Fix SHA-1 prefix match overwriting SHA-256/384/512 output selection by @miyazakh (PR 216)
- Fix issues uncovered by wolfCLU Fenrir fuzz testing by @aidangarske (PR 218)
- Fix wolfCLU_sign_data_ecc and wolfCLU_verify_signature_ecc by @embhorn (PR 219)
- Fix potential heap buffer over-read by @miyazakh (PR 220)
- Fix flaky test_encrypt_decrypt_base64 bad-password check by @julek-wolfssl (PR 221)
- Additional sanity checks on input arguments based on static analysis results by @JacobBarthelmeh (PR 222)
- Fixes for closing file descriptors, sanity checks on init calls, buffer scope, and sanity checks on arguments passed in by @JacobBarthelmeh (PR 223)
- Fix client and server KEM macro (PR 177)
- Implementing PKCS8 and Base64 commands (PR 178)
- Adjust tests for disable of DES with FIPS and add FIPS print out (PR 183)
- Fixed problems with string init of array (PR 179)
- Update license from GPLv2 to GPLv3 (PR 184)
- Fix build errors in server.c when linked to wolfssl with --enable-all (PR 170)
- Increase CI tests to include --enable-all build of wolfSSL (PR 171)
- Fix for using old SN style for subject name to account for differences in OBJ_sn2nid (PR 172)
- Update the ecc help menu to list -pubin (PR 173)
- Initial support for XMSS-XMSS^MT gnkey, sign and verify (PR 163)
- Support longer certificate chains (PR 162)
- Fix for setting wrong version in CSRs (PR 154)
- Fix DIlithium pem header and sign-verify without level option (PR 158)
- Fix typo VERIFY_USE_PREVERIFY in src/client/client.c and src/server/server.c (PR 160)
- Fix for change to OBJ sn2nid behavior in wolfSSL (PR 166)
- Expanded continuous integration tests with more GitHub actions added (PR 142, 146, 147)
- Added support for option -inform with command dgst (PR 141)
- Added support for -pubout and -pubin with command rsa (PR 145)
- Added initial support for s_server command (PR 133)
- Sign and Verify Support with PEM format key ED25519, RSA, and ECC (PR 148)
- Extend renew script to regenerate expected values based on new certs (PR 151)
- Supporting PKCS7 command for parsing (PR 152)
- Add Dilithium to genkey, sign-verify and gen-sig-ver (PR 150,153)
- Fix memory type typo in clu_rsa.c
- Add missing void arg to functions in clu_funcs.c
- Removed erroneous file generation on ecc keygen
- Added options -req, -signkey, -extfile, -extensions and -md for x509 command
- Use void with func prototype
- Add ability to set more subjectAltName attributes
- Check for defined MAX_FILENAME_SZ before defining it locally
- Handle potential pointer increment in wolfSSL_i2d_X509
- Fix for DH use with FIPS build and cross compile warning
- Fix for configure cross compile QA warning with Yocto builds
- Fix for macro guards on Shake
- Improve VS build to generate .exe for all platforms
- Fix for linking to wolfSSL library built with --enable-ipv6
- Fix for buffer issue with s_client
- Add fsanitize testing with github actions
- Update dhparam to read mod size from different location in arguments
- Fix for x509 encoding modifying the cert
- Fix for supporting more alt names and skipping count
- Add -CAfile and verify_return_error flags for s_client command
- Expand testing with additional unit tests and Jenkins nightly test
- Fix for enc edge cases
- Fix x509 command to use piped input
- Support for building on Windows
- Add -pass flag to enc command
- Add -partial_chain arg for verify command
- Add -modulus flag for x509 command
- Handle additional CSR attribute print outs
- Add -passout flag to req command
- Fix for enc with nosalt
- Update m4 files
- Fix for parsing basic constraint from conf file
- Improve error logging
- IPV6 parsing support for s_client command
- Support for building with FIPS wolfSSL
- Add -text flag for crl command
- Support for building on FreeRTOS
- Add disable filesystem configure
- Support for creating req with attributes
- Add rand command
- Add PKCS12 parsing support and command
- Add a basic s_client command for simple TLS client connections
- Add support for x509 verify command
- Add initial rsa command support
- Add CRL verify command
- Add ca command
- Add dsaparam command
- Add sha hash commands (sha256, sha384, sha512)
- Add dhparam command
- Support for parsing multiple organization names with conf file
- Set the default certificate request version to 3
- Add print out of private key to PKEY command
- Added support for -nosalt option
- Fix for RSA free with dgst command
- Testing with FIPS 140-3 wolfCrypt
- Add -subj support to req command
- Fix for -base64 with enc
- Fix for piping errors to stderr instead of stdout
- Removed testing-certs directory in favor of certs directory
- Fix for handling large file sizes with dgst and hash command
- Expanded req command to handle -text, -noout, -extensions and -verify
- Expanded x509 command to handle -subject, -issuer, -serial, -dates, -email, -fingerprint, -purpose, -hash
- Added -text support to ecparam command
- Added support for -sign with dgst command
- Tied in github actions for continuous integration testing
- Added support for creating encrypted private keys with -newkey
- Add ecparam for ECC key generation with parameters
- Refactoring of directory names for source and include
- Refactor return values to use WOLFCLU_SUCCESS
- Add a logging function for printing messages
- Add PEM key generation for ECC
- Add support for parsing a config file when creating a certificate or CSR
- Refactor all file calls to use XFILE wrapping
- Refactor strncmp and other system calls to use the X* wrapping
- Formatting on if else newlines throughout wolfCLU
- Change the name of bundle created with 'make dist'
- Add some error print outs and checking with FIPS builds
- Add check for warnings (Wall) as errors and the resulting fixes
- Static analysis tools ran to test code quality and resulting fixes
- Refactoring on ECC key generation
- Changed padding scheme in encrypt and decrypt to interop
- Add WOLFCLU to variable names and macros
- Add pkey command
- Update to req command and expanding its capabilities
- Add md5 command for creating legacy md5 hashes
- Add public key print out
- Convert parsing of input commands to not require '-' in front of them i.e './wolfssl -x509' now can be './wolfssl x509'
- Add check for libwolfssl to autotools with configure
- Add --with-wolfssl option to configure to specify location of wolfSSL library
- Updates to dgst verify command and testing