feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Update release notes.

Browse Source
This commit is contained in:
John Safranek
2020-08-17 09:20:53 -07:00
parent cb5d6a5c12
commit 5c6da52ac1
3 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ChangeLog.md
View File

@ -1,4 +1,4 @@
# wolfSSL Release 4.5.0 (August 13, 2020) # wolfSSL Release 4.5.0 (August 18, 2020)
If you have questions about this release, feel free to contact us on our If you have questions about this release, feel free to contact us on our
info@ address. info@ address.
@ -50,6 +50,12 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
rshb range rshb range
* Fix for sanity check on padding with DES3 conversion of PEM to DER * Fix for sanity check on padding with DES3 conversion of PEM to DER
* Sanity check for potential out of bounds read with fp_read_radix_16 * Sanity check for potential out of bounds read with fp_read_radix_16
* Additional checking of ECC scalars.
* Fixing the FIPS Ready build w.r.t. ecc.c.
* When processing certificate names with OpenSSL compatibility layer
enabled, unknown name item types were getting handled as having NID 0,
and failing. Added a couple more items to what is handled correctly,
and ignoring anything that is an unknown type.
## Improvements/Optimizations ## Improvements/Optimizations
@ -73,11 +79,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
* Changed the configure option for FIPS Ready builds to be * Changed the configure option for FIPS Ready builds to be
`--enable-fips=ready`. `--enable-fips=ready`.
## This release of wolfSSL includes fixes for 5 security vulnerabilities. ## This release of wolfSSL includes fixes for 6 security vulnerabilities.
wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3, wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, and 1 fix for a potential private key 2 side channel attack mitigations, 1 fix for a potential private key leak
leak in a specific use case. in a specific use case, 1 fix for DTLS.
* In earlier versions of wolfSSL there exists a potential man in the middle * In earlier versions of wolfSSL there exists a potential man in the middle
attack on TLS 1.3 clients. Malicious attackers with a privileged network attack on TLS 1.3 clients. Malicious attackers with a privileged network
@ -120,6 +126,10 @@ leak in a specific use case.
PEM certificates with PEM private keys in the same file when loading up the PEM certificates with PEM private keys in the same file when loading up the
certificate file, then we recommend updating wolfSSL for this use case and certificate file, then we recommend updating wolfSSL for this use case and
also recommend regenerating any private keys in the file. also recommend regenerating any private keys in the file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application. Fixed by dropping received
application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
University and Robert Merget of Ruhr-University Bochum for the report.
For additional vulnerability information visit the vulnerability page at For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/ https://www.wolfssl.com/docs/security-vulnerabilities/

20
README
View File

@ -73,7 +73,7 @@ should be used for the enum name.
*** end Notes *** *** end Notes ***
# wolfSSL Release 4.5.0 (August 13, 2020) # wolfSSL Release 4.5.0 (August 18, 2020)
If you have questions about this release, feel free to contact us on our If you have questions about this release, feel free to contact us on our
info@ address. info@ address.
@ -125,6 +125,12 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
rshb range rshb range
* Fix for sanity check on padding with DES3 conversion of PEM to DER * Fix for sanity check on padding with DES3 conversion of PEM to DER
* Sanity check for potential out of bounds read with fp_read_radix_16 * Sanity check for potential out of bounds read with fp_read_radix_16
* Additional checking of ECC scalars.
* Fixing the FIPS Ready build w.r.t. ecc.c.
* When processing certificate names with OpenSSL compatibility layer
enabled, unknown name item types were getting handled as having NID 0,
and failing. Added a couple more items to what is handled correctly,
and ignoring anything that is an unknown type.
## Improvements/Optimizations ## Improvements/Optimizations
@ -148,11 +154,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
* Changed the configure option for FIPS Ready builds to be * Changed the configure option for FIPS Ready builds to be
`--enable-fips=ready`. `--enable-fips=ready`.
## This release of wolfSSL includes fixes for 5 security vulnerabilities. ## This release of wolfSSL includes fixes for 6 security vulnerabilities.
wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3, wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, and 1 fix for a potential private key 2 side channel attack mitigations, 1 fix for a potential private key leak
leak in a specific use case. in a specific use case, 1 fix for DTLS.
* In earlier versions of wolfSSL there exists a potential man in the middle * In earlier versions of wolfSSL there exists a potential man in the middle
attack on TLS 1.3 clients. Malicious attackers with a privileged network attack on TLS 1.3 clients. Malicious attackers with a privileged network
@ -195,6 +201,10 @@ leak in a specific use case.
PEM certificates with PEM private keys in the same file when loading up the PEM certificates with PEM private keys in the same file when loading up the
certificate file, then we recommend updating wolfSSL for this use case and certificate file, then we recommend updating wolfSSL for this use case and
also recommend regenerating any private keys in the file. also recommend regenerating any private keys in the file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application. Fixed by dropping received
application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
University and Robert Merget of Ruhr-University Bochum for the report.
For additional vulnerability information visit the vulnerability page at For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/ https://www.wolfssl.com/docs/security-vulnerabilities/

15
README.md
View File

@ -73,7 +73,7 @@ should be used for the enum name.
*** end Notes *** *** end Notes ***
# wolfSSL Release 4.5.0 (August 13, 2020) # wolfSSL Release 4.5.0 (August 18, 2020)
If you have questions about this release, feel free to contact us on our If you have questions about this release, feel free to contact us on our
info@ address. info@ address.
@ -125,6 +125,7 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
rshb range rshb range
* Fix for sanity check on padding with DES3 conversion of PEM to DER * Fix for sanity check on padding with DES3 conversion of PEM to DER
* Sanity check for potential out of bounds read with fp_read_radix_16 * Sanity check for potential out of bounds read with fp_read_radix_16
* Additional checking of ECC scalars.
## Improvements/Optimizations ## Improvements/Optimizations
@ -148,11 +149,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
* Changed the configure option for FIPS Ready builds to be * Changed the configure option for FIPS Ready builds to be
`--enable-fips=ready`. `--enable-fips=ready`.
## This release of wolfSSL includes fixes for 5 security vulnerabilities. ## This release of wolfSSL includes fixes for 6 security vulnerabilities.
wolfSSL version 4.5.0 contains 5 vulnerability fixes: 2 fixes for TLS 1.3, wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3,
2 side channel attack mitigations, and 1 fix for a potential private key 2 side channel attack mitigations, 1 fix for a potential private key leak
leak in a specific use case. in a specific use case, 1 fix for DTLS.
* In earlier versions of wolfSSL there exists a potential man in the middle * In earlier versions of wolfSSL there exists a potential man in the middle
attack on TLS 1.3 clients. Malicious attackers with a privileged network attack on TLS 1.3 clients. Malicious attackers with a privileged network
@ -195,6 +196,10 @@ leak in a specific use case.
PEM certificates with PEM private keys in the same file when loading up the PEM certificates with PEM private keys in the same file when loading up the
certificate file, then we recommend updating wolfSSL for this use case and certificate file, then we recommend updating wolfSSL for this use case and
also recommend regenerating any private keys in the file. also recommend regenerating any private keys in the file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application. Fixed by dropping received
application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala
University and Robert Merget of Ruhr-University Bochum for the report.
For additional vulnerability information visit the vulnerability page at For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/ https://www.wolfssl.com/docs/security-vulnerabilities/