Merge pull request #509 from JacobBarthelmeh/Release

prepare for release 3.9.8

README

@@ -35,12 +35,46 @@ before calling wolfSSL_new();  Though it's not recommended.
 *** end Notes ***
 
 
- ********* wolfSSL (Formerly CyaSSL) Release X.X.X (TBD)
+********* wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)
 
-Release X.X.X of wolfSSL has bug fixes and new features including:
+Release 3.9.8 of wolfSSL has bug fixes and new features including:
 
-- X.509 bug fixes for reading in malformed certificates, reported by
+- Add support for custom ECC curves.
-  researchers at Columbia University
+- Add cipher suite ECDHE-ECDSA-AES128-CCM.
+- Add compkey enable option. This option is for compressed ECC keys.
+- Add in the option to use test.h without gettimeofday function using the macro
+  WOLFSSL_USER_CURRTIME.
+- Add RSA blinding for private key operations. Enable option of harden which is
+  on by default. This negates timing attacks.
+- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves.
+- Add helper functions for static memory option to allow getting optimum buffer
+  sizes.
+- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now.
+- Update fp_isprime function from libtom enchancement/cleanup repository.
+- Update sanity checks on inputs and return values for AES-CMAC.
+- Update wolfSSL for use with MYSQL v5.6.30.
+- Update LPCXpresso eclipse project to not include misc.c when not needed.
+- Fix retransmit of last DTLS flight with timeout notification. The last flight
+  is no longer retransmitted on timeout.
+- Fixes to some code in math sections for compressed ECC keys. This includes
+  edge cases for buffer size on allocation and adjustments for compressed curves
+  build. The code and full list can be found on github with pull request #456.
+- Fix function argument mismatch for build with secure renegotiation.
+- X.509 bug fixes for reading in malformed certificates, reported by researchers
+  at Columbia University
+- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning
+  produced by GCC 6 trying to determine the intent of code.
+- Fixes for static memory option. Including avoid potential race conditions with
+  counters, decrement handshake counter correctly.
+- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a
+  possible buffer corruption. For information and code see pull request #481.
+
+
+- One high level security fix that requires an update for use with static RSA
+  cipher suites was submitted. This fix was the addition of RSA blinding for
+  private RSA operations. We recommend servers who allow static RSA cipher
+  suites to also generate new private RSA keys. Static RSA cipher suites are
+  turned off by default.
 
 See INSTALL file for build instructions.
 More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html

README.md

@@ -37,6 +37,51 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 
 before calling wolfSSL_new();  Though it's not recommended.
 ```
+
+# wolfSSL (Formerly CyaSSL) Release 3.9.8 (7/29/2016)
+
+##Release 3.9.8 of wolfSSL has bug fixes and new features including:
+
+- Add support for custom ECC curves.
+- Add cipher suite ECDHE-ECDSA-AES128-CCM.
+- Add compkey enable option. This option is for compressed ECC keys.
+- Add in the option to use test.h without gettimeofday function using the macro
+  WOLFSSL_USER_CURRTIME.
+- Add RSA blinding for private key operations. Enable option of harden which is
+  on by default. This negates timing attacks.
+- Add ECC and TLS support for all SECP, Koblitz and Brainpool curves.
+- Add helper functions for static memory option to allow getting optimum buffer
+  sizes.
+- Update DTLS behavior on bad MAC. DTLS silently drops packets with bad MACs now.
+- Update fp_isprime function from libtom enchancement/cleanup repository.
+- Update sanity checks on inputs and return values for AES-CMAC.
+- Update wolfSSL for use with MYSQL v5.6.30.
+- Update LPCXpresso eclipse project to not include misc.c when not needed.
+- Fix retransmit of last DTLS flight with timeout notification. The last flight
+  is no longer retransmitted on timeout.
+- Fixes to some code in math sections for compressed ECC keys. This includes
+  edge cases for buffer size on allocation and adjustments for compressed curves
+  build. The code and full list can be found on github with pull request #456.
+- Fix function argument mismatch for build with secure renegotiation.
+- X.509 bug fixes for reading in malformed certificates, reported by researchers
+  at Columbia University
+- Fix GCC version 6 warning about hard tabs in poly1305.c. This was a warning
+  produced by GCC 6 trying to determine the intent of code.
+- Fixes for static memory option. Including avoid potential race conditions with
+  counters, decrement handshake counter correctly.
+- Fix anonymous cipher with Diffie Hellman on the server side. Was an issue of a
+  possible buffer corruption. For information and code see pull request #481.
+
+
+- One high level security fix that requires an update for use with static RSA
+  cipher suites was submitted. This fix was the addition of RSA blinding for
+  private RSA operations. We recommend servers who allow static RSA cipher
+  suites to also generate new private RSA keys. Static RSA cipher suites are
+  turned off by default.
+
+See INSTALL file for build instructions.
+More info can be found on-line at //http://wolfssl.com/wolfSSL/Docs.html
+
 # wolfSSL (Formerly CyaSSL) Release 3.9.6 (6/14/2016)
 
 ##Release 3.9.6 of wolfSSL has bug fixes and new features including:

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.9.7],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.9.8],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=6:0:3
+WOLFSSL_LIBRARY_VERSION=7:0:4
 #                       | | |
 #                +------+ | +---+
 #                |        |     |

rpm/spec.in

@@ -69,7 +69,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
 %{_libdir}/libwolfssl.so.3
-%{_libdir}/libwolfssl.so.3.3.0
+%{_libdir}/libwolfssl.so.3.4.0
 
 %files devel
 %defattr(-,root,root,-)

support/wolfssl.pc

@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.9.7
+Version: 3.9.8
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.9.7"
+#define LIBWOLFSSL_VERSION_STRING "3.9.8"
-#define LIBWOLFSSL_VERSION_HEX 0x03009007
+#define LIBWOLFSSL_VERSION_HEX 0x03009008
 
 #ifdef __cplusplus
 }