Fenrir fixes

[JeremiahM37]

Fixes F-1414, F-1415, F-1416, F-1417, F-1418, F-1419, F-1410, F-1411, F-1420, F-1421, F-1422, F-1412, F-1413, F-1780

• Fix unused variable compile error in DTLS server example
• Separate PBKDF2 output buffer from password input in AES example
• Pass Aes struct by pointer and use aligned allocator in AES example
• Free ECC key and RNG resources in ECC sign/verify example
• Add empty slice guards to curve25519 make_pub/make_priv
• Validate key, IV, nonce sizes in XChaCha20Poly1305 encrypt/decrypt
• Replace C.malloc pointer indirection with Go-allocated variable in ASN1 functions
• Add missing ECC preamble stubs for !HAVE_ECC builds
• Nil-sanitize outPlain in ChaCha20Poly1305 Decrypt
• Add NO_SHA256 preamble stubs for streaming SHA-256 API
• Quote shell variable expansions in generateOptions.sh

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #32

Scan targets checked: go-wolfssl-bugs, go-wolfssl-src

Findings: 2
2 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

[lealem47]

This check should stay because it's not passed to wc

[JeremiahM37]

Fixed

[JeremiahM37]

After looking over it again and testing, I restored the Go-boundary length checks wc can't see (slice-len vs passed-size, digest-output size, pre-cgo slicing) and left the semantic ones (key/IV/block-alignment) delegated to wc (wolfssljni follows this same approach). Without these we'd get real crashes / silent overflows, and the earlier bugs I hit were all semantic — which is the riskier category anyway.