From 877e026da4141cee916a2b2b4bee7139e2dc21db Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 23 Mar 2023 15:15:12 -0700 Subject: [PATCH] prepare for release 5.6.0 --- CMakeLists.txt | 6 +- ChangeLog.md | 183 ++++++++++++++++++++++++++ IDE/WIN10/wolfssl-fips.rc | 8 +- README | 262 +++++++++++++++++++++++--------------- README.md | 262 +++++++++++++++++++++++--------------- configure.ac | 6 +- wolfssl.rc | Bin 4918 -> 4918 bytes wolfssl/version.h | 4 +- 8 files changed, 517 insertions(+), 214 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index e366e256a..89d6041ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -28,16 +28,16 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.5.4 LANGUAGES C ASM) +project(wolfssl VERSION 5.6.0 LANGUAGES C ASM) # shared library versioning # increment if interfaces have been added, removed or changed -set(LIBTOOL_CURRENT 38) +set(LIBTOOL_CURRENT 39) # increment if source code has changed set to zero if current is incremented set(LIBTOOL_REVISION 0) # increment if interfaces have been added set to zero if interfaces have been # removed or changed -set(LIBTOOL_AGE 3) +set(LIBTOOL_AGE 4) math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}") set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION}) diff --git a/ChangeLog.md b/ChangeLog.md index b3f3b4c15..1199ce388 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,186 @@ +# wolfSSL Release 5.6.0 (Mar 24, 2023) + +Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 + * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original + +Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including: + +## New Feature Additions + +* ASN template is now the default ASN parsing implementation when compiling with configure +* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption) +* DTLS 1.3 stateless server ClientHello parsing support added + +### Ports +* Add RX64/RX71 SHA hardware support +* Port to RT1170 and expand NXP CAAM driver support +* Add NuttX integration files for ease of use +* Updated Stunnel support for version 5.67 +Compatibility Layer +* Add in support for AES-CCM with EVP +* BN compatibility API refactoring and separate API created +* Expanding public key type cipher suite list strings support + +### Misc. +* Support pthread_rwlock and add enable option +* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options +* Docker build additions for wolfSSL library and wolfCLU application +* Add favorite drink pilot attribute type to get it from the encoding +* Added in support for indefinite length BER parsing with PKCS12 +* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM + + +## Improvements / Optimizations + +### Tests +* Additional CI (continuous integration) testing and leveraging of GitHub workflows +* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows +* Add compilation of Espressif to GitHub workflows tests +* Refactoring and improving error results with wolfCrypt unit test application +* Minor warning fixes from Coverity static analysis scan +* Add new SHA-512/224 and SHA-512/256 tests +* Used codespell and fixed some minor typos + +### Ports +* Improve TLS1.2 client authentication to use TSIP +* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32 +* AES-GCM Windows assembly additions +* CRLF line endings, trailing spaces for C# Wrapper Projects +Compatibility Layer +* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size +* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey +* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates +* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs + +### SP +* In SP math library rework mod 3 and use count leading zero instruction +* Fix with SP ECC sign to reject the random k generated when r is 0 +* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function +* With SP int fail when buffer writing to is too small for number rather than discarding the extra values + +### Builds +* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack +* Fix CMake to exclude libm when DH is not enabled +* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product +* Add option to add library suffix, --with-libsuffix +* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros +* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h +* Purge the AES variant of Dilithium +* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key +* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds +* Expand checking for hardware that supports ARMv7a neon with autotools configure +* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer +* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined + +### Benchmarking +* Update wolfCrypt benchmark Windows build files to support x64 Platform +* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes +* Separate AES-GCM streaming runs when benchmarked +* No longer call external implementation of Kyber from benchmark +* Fix for benchmarking shake with custom block size +* Fixes for benchmark help `-alg` list and block format +Documentation/Examples +* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen +* Move the wolfSSL Configuration section higher in QUIC.md +* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h +* Espressif examples run with local wolfSSL now with no additional setup needed +* Added a fix for StartTLS use In the example client +* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app + +### Optimizations +* AES-NI usage added for AES modes ECB/CTR/XTS + +### Misc +* Update AES-GCM stream decryption to allow long IVs +* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports +* Cleanup function logging making adjustments to the debug log print outs +* Remove realloc dependency in DtlsMsgCombineFragBuckets function +* Refactor to use WOLFSSL_CTX’s cipher suite list when possible +* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function +* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS +* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER +* Update AES XTS encrypt to handle in-place encryption properly +* With TLS 1.3 add option to require only PSK with DHE + +## Fixes + +### Ports +* Fix for AES use with CAAM on imx8qxp with SECO builds +* Fix for PIC32 crypto HW and unused `TLSX_SetResponse` +* Fix warning if ltime is unsigned seen with QNX build +* Updates and fix for Zephyr project support +* Include sys/time.h for WOLFSSL_RIOT_OS +* Move X509_V errors from enums to defines for use with HAProxy CLI +* Fix IAR compiler warnings resolved +* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1 +* ESP32 fix for SHA384 init with hardware acceleration + +### Builds +* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl +* Fixes for building with C++17 and avoiding clashing with byte naming +* Fixes SP math all build issue with small-stack and no hardening +* Fix for building with ASN template with `NO_ASN_TIME` defined +* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined +* Don't allow aesgcm-stream option with kcapi +* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems +* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler +* Fixes for building KCAPI with opensslextra enabled +* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler +* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR` +* Fix for PKCS7 with asynchronous crypto enabled + +### Math Library +* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce +* In SP builds add sanity check with DH exp. to check the output length for minimum size +* In SP math fix scalar length check with EC scalar multiply +* With SP int fix handling negative character properly with read radix +* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct +* Fix to add sanity check for malloc of zero size in fastmath builds +* In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check +* Heapmath fast mod. reduce fix + +### Compatibility Layer +* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information +* Fix for EVP_EncryptUpdate to update outl on empty input +* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility +* Rework EC API and validate point after setting it +* Fix for X509 RSA PSS with compatibility layer functions +* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing +* Added sanity check on key length with wolfSSL_CMAC_Init function +* Fix for return value type conversion of bad mutex error in logging function +* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption +* Fix unguarded XFPRINTF calls with opensslextra build +* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values +* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails + +### Misc. +* Add sanity check to prevent an out of bounds read with OCSP response decoding +* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax +* Adjust RNG sanity checks and remove error prone first byte comparison +* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer +* PKCS7 addition of sequence around algo parameters with authenvelop +* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init +* Fix for SRTP setting bitfield when it is encoded for the TLS extension +* Fix for handling small http headers when doing CRL verification +* Fix for ECCSI hash function to validate the output size and curve size +* Fix for value of givenName and name being reversed with CSR generation +* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification +* Fix for a potential memory leak with ProcessCSR when handling OCSP responses +* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set +* Fix for zlib decompression buffer issue with PKCS7 +* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence +* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket() +* Fix for handling long session IDs with TLS 1.3 session tickets +* Fix for AES-GCM streaming when caching an IV +* Fix for test case with older selftest that returns bad padding instead of salt len error +* Add fix for siphash cache and added in additional tests +* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds +* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3 +* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING + # wolfSSL Release 5.5.4 (Dec 21, 2022) Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including: diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc index 84430b714..20e7e68f2 100644 --- a/IDE/WIN10/wolfssl-fips.rc +++ b/IDE/WIN10/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,5,4,0 - PRODUCTVERSION 5,5,4,0 + FILEVERSION 5,6,0,0 + PRODUCTVERSION 5,6,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.5.4.0" + VALUE "FileVersion", "5.6.0.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2022" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.5.4.0" + VALUE "ProductVersion", "5.6.0.0" END END BLOCK "VarFileInfo" diff --git a/README b/README index 9fe3bd974..3fee55a4f 100644 --- a/README +++ b/README @@ -70,128 +70,188 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.5.4 (Dec 21, 2022) +# wolfSSL Release 5.6.0 (Mar 24, 2023) -Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including: - -Release 5.5.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. +Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance +NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 + * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original + +Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including: + ## New Feature Additions -* QUIC related changes for HAProxy integration and config option -* Support for Analog Devices MAXQ1080 and MAXQ1065 -* Testing and build of wolfSSL with NuttX -* New software based entropy gatherer with configure option --enable-entropy-memuse -* NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC -* Support for multi-threaded sniffer +* ASN template is now the default ASN parsing implementation when compiling with configure +* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption) +* DTLS 1.3 stateless server ClientHello parsing support added + +### Ports +* Add RX64/RX71 SHA hardware support +* Port to RT1170 and expand NXP CAAM driver support +* Add NuttX integration files for ease of use +* Updated Stunnel support for version 5.67 +Compatibility Layer +* Add in support for AES-CCM with EVP +* BN compatibility API refactoring and separate API created +* Expanding public key type cipher suite list strings support + +### Misc. +* Support pthread_rwlock and add enable option +* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options +* Docker build additions for wolfSSL library and wolfCLU application +* Add favorite drink pilot attribute type to get it from the encoding +* Added in support for indefinite length BER parsing with PKCS12 +* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM + ## Improvements / Optimizations -### Benchmark and Tests -* Add alternate test case for unsupported static memory API when testing mutex allocations -* Additional unit test cases added for AES CCM 256-bit -* Initialize and free AES object with benchmarking AES-OFB -* Kyber with DTLS 1.3 tests added -* Tidy up Espressif ESP32 test and benchmark examples -* Rework to be able to run API tests individually and add display of time taken per test +### Tests +* Additional CI (continuous integration) testing and leveraging of GitHub workflows +* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows +* Add compilation of Espressif to GitHub workflows tests +* Refactoring and improving error results with wolfCrypt unit test application +* Minor warning fixes from Coverity static analysis scan +* Add new SHA-512/224 and SHA-512/256 tests +* Used codespell and fixed some minor typos -### Build and Port Improvements -* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU -* Add support to detect SIZEOF_LONG in armclang and diab -* Added in a simple example working on Rx72n -* Update azsphere support to prevent compilation of file included inline -* --enable-brainpool configure option added and default to on when custom curves are also on -* Add RSA PSS salt defines to engine builds if not FIPS v2 +### Ports +* Improve TLS1.2 client authentication to use TSIP +* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32 +* AES-GCM Windows assembly additions +* CRLF line endings, trailing spaces for C# Wrapper Projects +Compatibility Layer +* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size +* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey +* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates +* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs -### Post Quantum -* Remove kyber-90s and route all Kyber through wolfcrypt -* Purge older version of NTRU and SABER from wolfSSL +### SP +* In SP math library rework mod 3 and use count leading zero instruction +* Fix with SP ECC sign to reject the random k generated when r is 0 +* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function +* With SP int fail when buffer writing to is too small for number rather than discarding the extra values -### SP Math -* Support static memory build with sp-math -* SP C, SP int: improve performance -* SP int: support mingw64 again -* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long -* SP int: check size required when using sp_int on stack -* SP: --enable-sp-asm now enables SP by default if not set -* SP: support aarch64 big endian +### Builds +* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack +* Fix CMake to exclude libm when DH is not enabled +* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product +* Add option to add library suffix, --with-libsuffix +* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros +* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h +* Purge the AES variant of Dilithium +* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key +* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds +* Expand checking for hardware that supports ARMv7a neon with autotools configure +* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer +* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined -### DTLS -* Allow DTLS 1.3 to compile when FIPS is enabled -* Allow for stateless DTLS client hello parsing +### Benchmarking +* Update wolfCrypt benchmark Windows build files to support x64 Platform +* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes +* Separate AES-GCM streaming runs when benchmarked +* No longer call external implementation of Kyber from benchmark +* Fix for benchmarking shake with custom block size +* Fixes for benchmark help `-alg` list and block format +Documentation/Examples +* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen +* Move the wolfSSL Configuration section higher in QUIC.md +* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h +* Espressif examples run with local wolfSSL now with no additional setup needed +* Added a fix for StartTLS use In the example client +* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app -### Misc. -* Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value -* Detection of duplicate known extensions with TLS -* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API -* Update max Cert Policy size based on RFC 5280 -* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs() -* Improve logic for enabling system CA certs on Apple devices -* Stub functions to allow for cpuid public functions with non-intel builds -* Increase RNG_SECURITY_STRENGTH for FIPS -* Improvements in OpenSSL Compat ERR Queue handling -* Support ASN1/DER CRLs in LoadCertByIssuer -* Expose more ECC math functions and improve async shared secret -* Improvement for sniffer error messages -* Warning added that renegotiation in TLS 1.3 requires session ticket -* Adjustment for TLS 1.3 post auth support -* Rework DH API and improve PEM read/write +### Optimizations +* AES-NI usage added for AES modes ECB/CTR/XTS + +### Misc +* Update AES-GCM stream decryption to allow long IVs +* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports +* Cleanup function logging making adjustments to the debug log print outs +* Remove realloc dependency in DtlsMsgCombineFragBuckets function +* Refactor to use WOLFSSL_CTX’s cipher suite list when possible +* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function +* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS +* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER +* Update AES XTS encrypt to handle in-place encryption properly +* With TLS 1.3 add option to require only PSK with DHE ## Fixes -### Build Fixes -* Fix --enable-devcrypto build error for sys without u_int8_t type -* Fix casts in evp.c and build issue in ParseCRL -* Fixes for compatibility layer building with heap hint and OSSL callbacks -* fix compile error due to Werro=undef on gcc-4.8 -* Fix mingw-w64 build issues on windows -* Xcode project fixes for different build settings -* Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration -* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification -* Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds -* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY` +### Ports +* Fix for AES use with CAAM on imx8qxp with SECO builds +* Fix for PIC32 crypto HW and unused `TLSX_SetResponse` +* Fix warning if ltime is unsigned seen with QNX build +* Updates and fix for Zephyr project support +* Include sys/time.h for WOLFSSL_RIOT_OS +* Move X509_V errors from enums to defines for use with HAProxy CLI +* Fix IAR compiler warnings resolved +* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1 +* ESP32 fix for SHA384 init with hardware acceleration -### OCSP Fixes -* Correctly save next status with OCSP response verify -* When the OCSP responder returns an unknown exception, continue through to checking the CRL +### Builds +* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl +* Fixes for building with C++17 and avoiding clashing with byte naming +* Fixes SP math all build issue with small-stack and no hardening +* Fix for building with ASN template with `NO_ASN_TIME` defined +* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined +* Don't allow aesgcm-stream option with kcapi +* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems +* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler +* Fixes for building KCAPI with opensslextra enabled +* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler +* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR` +* Fix for PKCS7 with asynchronous crypto enabled -### Math Fixes -* Fix for implicit conversion with 32-bit in SP math -* Fix for error checks when modulus is even with SP int build -* Fix for checking of err in _sp_exptmod_nct with SP int build -* ECC cofactor fix when checking scalar bits -* ARM32 ASM: don't use ldrd on user data -* SP int, fix when ECC specific size code included +### Math Library +* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce +* In SP builds add sanity check with DH exp. to check the output length for minimum size +* In SP math fix scalar length check with EC scalar multiply +* With SP int fix handling negative character properly with read radix +* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct +* Fix to add sanity check for malloc of zero size in fastmath builds +* In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check +* Heapmath fast mod. reduce fix -### Port Fixes -* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM -* Fix for cryptocell signature verification with ECC -* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO - -### Compat. Layer Fixes -* Fix for handling DEFAULT:... cipher suite list -* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object -* Set alt name type to V_ASN1_IA5STRING -* Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject -* Fix wolfSSL_set_SSL_CTX() to be usable during handshake -* Fix X509_get1_ocsp to set num of elements in stack -* X509v3 EXT d2i: fix freeing of aia -* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509() -* Link newly created x509 store's certificate manager to self by default to assist with CRL verification -* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found +### Compatibility Layer +* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information +* Fix for EVP_EncryptUpdate to update outl on empty input +* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility +* Rework EC API and validate point after setting it +* Fix for X509 RSA PSS with compatibility layer functions +* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing +* Added sanity check on key length with wolfSSL_CMAC_Init function +* Fix for return value type conversion of bad mutex error in logging function +* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption +* Fix unguarded XFPRINTF calls with opensslextra build +* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values +* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails ### Misc. -* Free potential signer malloc in a fail case -* fix other name san parsing and add RID cert to test parsing -* WOLFSSL_OP_NO_TICKET fix for TLSv1.2 -* fix ASN template parsing of X509 subject directory attribute -* Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 -* Fix incorrect self signed error return when compiled with certreq and certgen. -* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline() -* Fix for decryption after second handshake with async sniffer -* Allow session tickets to properly resume when using PQ KEMs -* Add sanity overflow check to DecodeAltNames input buffer access +* Add sanity check to prevent an out of bounds read with OCSP response decoding +* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax +* Adjust RNG sanity checks and remove error prone first byte comparison +* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer +* PKCS7 addition of sequence around algo parameters with authenvelop +* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init +* Fix for SRTP setting bitfield when it is encoded for the TLS extension +* Fix for handling small http headers when doing CRL verification +* Fix for ECCSI hash function to validate the output size and curve size +* Fix for value of givenName and name being reversed with CSR generation +* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification +* Fix for a potential memory leak with ProcessCSR when handling OCSP responses +* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set +* Fix for zlib decompression buffer issue with PKCS7 +* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence +* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket() +* Fix for handling long session IDs with TLS 1.3 session tickets +* Fix for AES-GCM streaming when caching an IV +* Fix for test case with older selftest that returns bad padding instead of salt len error +* Add fix for siphash cache and added in additional tests +* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds +* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3 +* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING For additional vulnerability information visit the vulnerability page at: diff --git a/README.md b/README.md index f0697034d..394863569 100644 --- a/README.md +++ b/README.md @@ -79,128 +79,188 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.5.4 (Dec 21, 2022) +# wolfSSL Release 5.6.0 (Mar 24, 2023) -Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including: - -Release 5.5.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. +Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance +NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 + * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original + +Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including: + ## New Feature Additions -* QUIC related changes for HAProxy integration and config option -* Support for Analog Devices MAXQ1080 and MAXQ1065 -* Testing and build of wolfSSL with NuttX -* New software based entropy gatherer with configure option --enable-entropy-memuse -* NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC -* Support for multi-threaded sniffer +* ASN template is now the default ASN parsing implementation when compiling with configure +* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption) +* DTLS 1.3 stateless server ClientHello parsing support added + +### Ports +* Add RX64/RX71 SHA hardware support +* Port to RT1170 and expand NXP CAAM driver support +* Add NuttX integration files for ease of use +* Updated Stunnel support for version 5.67 +Compatibility Layer +* Add in support for AES-CCM with EVP +* BN compatibility API refactoring and separate API created +* Expanding public key type cipher suite list strings support + +### Misc. +* Support pthread_rwlock and add enable option +* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options +* Docker build additions for wolfSSL library and wolfCLU application +* Add favorite drink pilot attribute type to get it from the encoding +* Added in support for indefinite length BER parsing with PKCS12 +* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM + ## Improvements / Optimizations -### Benchmark and Tests -* Add alternate test case for unsupported static memory API when testing mutex allocations -* Additional unit test cases added for AES CCM 256-bit -* Initialize and free AES object with benchmarking AES-OFB -* Kyber with DTLS 1.3 tests added -* Tidy up Espressif ESP32 test and benchmark examples -* Rework to be able to run API tests individually and add display of time taken per test +### Tests +* Additional CI (continuous integration) testing and leveraging of GitHub workflows +* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows +* Add compilation of Espressif to GitHub workflows tests +* Refactoring and improving error results with wolfCrypt unit test application +* Minor warning fixes from Coverity static analysis scan +* Add new SHA-512/224 and SHA-512/256 tests +* Used codespell and fixed some minor typos -### Build and Port Improvements -* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU -* Add support to detect SIZEOF_LONG in armclang and diab -* Added in a simple example working on Rx72n -* Update azsphere support to prevent compilation of file included inline -* --enable-brainpool configure option added and default to on when custom curves are also on -* Add RSA PSS salt defines to engine builds if not FIPS v2 +### Ports +* Improve TLS1.2 client authentication to use TSIP +* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32 +* AES-GCM Windows assembly additions +* CRLF line endings, trailing spaces for C# Wrapper Projects +Compatibility Layer +* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size +* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey +* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates +* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs -### Post Quantum -* Remove kyber-90s and route all Kyber through wolfcrypt -* Purge older version of NTRU and SABER from wolfSSL +### SP +* In SP math library rework mod 3 and use count leading zero instruction +* Fix with SP ECC sign to reject the random k generated when r is 0 +* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function +* With SP int fail when buffer writing to is too small for number rather than discarding the extra values -### SP Math -* Support static memory build with sp-math -* SP C, SP int: improve performance -* SP int: support mingw64 again -* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long -* SP int: check size required when using sp_int on stack -* SP: --enable-sp-asm now enables SP by default if not set -* SP: support aarch64 big endian +### Builds +* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack +* Fix CMake to exclude libm when DH is not enabled +* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product +* Add option to add library suffix, --with-libsuffix +* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros +* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h +* Purge the AES variant of Dilithium +* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key +* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds +* Expand checking for hardware that supports ARMv7a neon with autotools configure +* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer +* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined -### DTLS -* Allow DTLS 1.3 to compile when FIPS is enabled -* Allow for stateless DTLS client hello parsing +### Benchmarking +* Update wolfCrypt benchmark Windows build files to support x64 Platform +* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes +* Separate AES-GCM streaming runs when benchmarked +* No longer call external implementation of Kyber from benchmark +* Fix for benchmarking shake with custom block size +* Fixes for benchmark help `-alg` list and block format +Documentation/Examples +* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen +* Move the wolfSSL Configuration section higher in QUIC.md +* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h +* Espressif examples run with local wolfSSL now with no additional setup needed +* Added a fix for StartTLS use In the example client +* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app -### Misc. -* Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value -* Detection of duplicate known extensions with TLS -* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API -* Update max Cert Policy size based on RFC 5280 -* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs() -* Improve logic for enabling system CA certs on Apple devices -* Stub functions to allow for cpuid public functions with non-intel builds -* Increase RNG_SECURITY_STRENGTH for FIPS -* Improvements in OpenSSL Compat ERR Queue handling -* Support ASN1/DER CRLs in LoadCertByIssuer -* Expose more ECC math functions and improve async shared secret -* Improvement for sniffer error messages -* Warning added that renegotiation in TLS 1.3 requires session ticket -* Adjustment for TLS 1.3 post auth support -* Rework DH API and improve PEM read/write +### Optimizations +* AES-NI usage added for AES modes ECB/CTR/XTS + +### Misc +* Update AES-GCM stream decryption to allow long IVs +* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports +* Cleanup function logging making adjustments to the debug log print outs +* Remove realloc dependency in DtlsMsgCombineFragBuckets function +* Refactor to use WOLFSSL_CTX’s cipher suite list when possible +* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function +* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS +* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER +* Update AES XTS encrypt to handle in-place encryption properly +* With TLS 1.3 add option to require only PSK with DHE ## Fixes -### Build Fixes -* Fix --enable-devcrypto build error for sys without u_int8_t type -* Fix casts in evp.c and build issue in ParseCRL -* Fixes for compatibility layer building with heap hint and OSSL callbacks -* fix compile error due to Werro=undef on gcc-4.8 -* Fix mingw-w64 build issues on windows -* Xcode project fixes for different build settings -* Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration -* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification -* Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds -* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY` +### Ports +* Fix for AES use with CAAM on imx8qxp with SECO builds +* Fix for PIC32 crypto HW and unused `TLSX_SetResponse` +* Fix warning if ltime is unsigned seen with QNX build +* Updates and fix for Zephyr project support +* Include sys/time.h for WOLFSSL_RIOT_OS +* Move X509_V errors from enums to defines for use with HAProxy CLI +* Fix IAR compiler warnings resolved +* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1 +* ESP32 fix for SHA384 init with hardware acceleration -### OCSP Fixes -* Correctly save next status with OCSP response verify -* When the OCSP responder returns an unknown exception, continue through to checking the CRL +### Builds +* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl +* Fixes for building with C++17 and avoiding clashing with byte naming +* Fixes SP math all build issue with small-stack and no hardening +* Fix for building with ASN template with `NO_ASN_TIME` defined +* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined +* Don't allow aesgcm-stream option with kcapi +* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems +* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler +* Fixes for building KCAPI with opensslextra enabled +* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler +* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR` +* Fix for PKCS7 with asynchronous crypto enabled -### Math Fixes -* Fix for implicit conversion with 32-bit in SP math -* Fix for error checks when modulus is even with SP int build -* Fix for checking of err in _sp_exptmod_nct with SP int build -* ECC cofactor fix when checking scalar bits -* ARM32 ASM: don't use ldrd on user data -* SP int, fix when ECC specific size code included +### Math Library +* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce +* In SP builds add sanity check with DH exp. to check the output length for minimum size +* In SP math fix scalar length check with EC scalar multiply +* With SP int fix handling negative character properly with read radix +* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct +* Fix to add sanity check for malloc of zero size in fastmath builds +* In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check +* Heapmath fast mod. reduce fix -### Port Fixes -* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM -* Fix for cryptocell signature verification with ECC -* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO - -### Compat. Layer Fixes -* Fix for handling DEFAULT:... cipher suite list -* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object -* Set alt name type to V_ASN1_IA5STRING -* Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject -* Fix wolfSSL_set_SSL_CTX() to be usable during handshake -* Fix X509_get1_ocsp to set num of elements in stack -* X509v3 EXT d2i: fix freeing of aia -* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509() -* Link newly created x509 store's certificate manager to self by default to assist with CRL verification -* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found +### Compatibility Layer +* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information +* Fix for EVP_EncryptUpdate to update outl on empty input +* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility +* Rework EC API and validate point after setting it +* Fix for X509 RSA PSS with compatibility layer functions +* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing +* Added sanity check on key length with wolfSSL_CMAC_Init function +* Fix for return value type conversion of bad mutex error in logging function +* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption +* Fix unguarded XFPRINTF calls with opensslextra build +* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values +* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails ### Misc. -* Free potential signer malloc in a fail case -* fix other name san parsing and add RID cert to test parsing -* WOLFSSL_OP_NO_TICKET fix for TLSv1.2 -* fix ASN template parsing of X509 subject directory attribute -* Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 -* Fix incorrect self signed error return when compiled with certreq and certgen. -* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline() -* Fix for decryption after second handshake with async sniffer -* Allow session tickets to properly resume when using PQ KEMs -* Add sanity overflow check to DecodeAltNames input buffer access +* Add sanity check to prevent an out of bounds read with OCSP response decoding +* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax +* Adjust RNG sanity checks and remove error prone first byte comparison +* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer +* PKCS7 addition of sequence around algo parameters with authenvelop +* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init +* Fix for SRTP setting bitfield when it is encoded for the TLS extension +* Fix for handling small http headers when doing CRL verification +* Fix for ECCSI hash function to validate the output size and curve size +* Fix for value of givenName and name being reversed with CSR generation +* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification +* Fix for a potential memory leak with ProcessCSR when handling OCSP responses +* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set +* Fix for zlib decompression buffer issue with PKCS7 +* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence +* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket() +* Fix for handling long session IDs with TLS 1.3 session tickets +* Fix for AES-GCM streaming when caching an IV +* Fix for test case with older selftest that returns bad padding instead of salt len error +* Add fix for siphash cache and added in additional tests +* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds +* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3 +* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/configure.ac b/configure.ac index 884583ae8..acb158563 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.]) AC_PREREQ([2.69]) -AC_INIT([wolfssl],[5.5.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) +AC_INIT([wolfssl],[5.6.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # The following sets CFLAGS to empty if unset on command line. We do not @@ -47,9 +47,9 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS]) # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately # these numbers don't always line up nicely with the library version. WOLFSSL_LIBRARY_VERSION_FIRST=35 -WOLFSSL_LIBRARY_VERSION_SECOND=3 +WOLFSSL_LIBRARY_VERSION_SECOND=4 WOLFSSL_LIBRARY_VERSION_THIRD=0 -WOLFSSL_LIBRARY_VERSION=38:0:3 +WOLFSSL_LIBRARY_VERSION=39:0:4 # | | | # +------+ | +---+ # | | | diff --git a/wolfssl.rc b/wolfssl.rc index 87b6a924e040b15ee204f647a3f2b8f88792d53a..17f64dc63472fd20555a9d95b07098ab204aa6be 100644 GIT binary patch delta 57 zcmdm{woPqA9|x-$gARki