Harden TLS handshake validation, OpenSSL-compat defaults, and stale code paths

[JeremiahM37]

● Fixes F-1832, F-2130, F-3458, F-3686, F-3687, F-3676, F-3675.

Harden TLS handshake validation

• TLSX_KeyShare_ProcessDh: reject FFDHE peer key shares whose byte length doesn't match the named-group prime (RFC 8446 §4.2.8.1).
• ImportKeyState: include AEAD_MAX_EXP_SZ + OPAQUE8_LEN in the IV bounds check, matching ExportKeyState (was up to 9-byte heap over-read on crafted import).
• ProcessPeerCerts: enforce keyUsage=digitalSignature in TLS 1.3 (gate previously skipped because specs.sig_algo == any_sa_algo).
• BuildMD5/SHA_CertVerify: NULL-check XMALLOC before XMEMSET in WOLFSSL_SMALL_STACK path.

Harden SSL config defaults

• wolfSSL_set_alpn_protos: default to WOLFSSL_ALPN_FAILED_ON_MISMATCH so RFC 7301 no_application_protocol fires on no overlap.

Fix logic errors in stale code

• CheckOcspResponderChain: capture prev before reassigning ca so the chain walk advances past the responder's direct issuer (loop previously exited after one step).
• wolfSSL_LastError EMNET branch: drop WOLFSSL_EMNET from the LINUXKM clause and fix sizeof(old) → sizeof(err) typo so the dedicated EMNET path is reachable and compiles.

[github-actions]

MemBrowse Memory Report

No memory changes detected for:

• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-tls12

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10386

Scan targets checked: wolfssl-bugs, wolfssl-src

No new issues found in the changed files. ✅

[JeremiahM37]

Jenkins retest this please