Merge pull request #1288 from cconlon/release3.13

wolfSSL 3.13.0 README and version updates

README

@@ -35,6 +35,64 @@ before calling wolfSSL_new();  Though it's not recommended.
 *** end Notes ***
 
 
+********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017)
+
+wolfSSL 3.13.0 includes bug fixes and new features, including support for
+TLS 1.3 Draft 21, performance and footprint optimizations, build fixes,
+updated examples and project files, and one vulnerability fix. The full list
+of changes and additions in this release include:
+
+- Fixes for TLS 1.3, support for Draft 21
+- TLS 1.0 disabled by default, addition of “--enable-tls10” configure option
+- New option to reduce SHA-256 code size at expense of performance
+  (USE_SLOW_SHA256)
+- New option for memory reduced build (--enable-lowresource)
+- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2
+- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM
+- SHA-3 size and performance optimizations
+- Fixes for Intel AVX2 builds on Mac/OSX
+- Intel assembly for Curve25519, and Ed25519 performance optimizations
+- New option to force 32-bit mode with “--enable-32bit”
+- New option to disable all inline assembly with “--disable-asm”
+- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO
+- Fixes for handling of unsupported TLS extensions.
+- Fixes for compiling AES-GCM code with GCC 4.8.*
+- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ
+- Fixes for building without a filesystem
+- Removes 3DES and SHA1 dependencies from PKCS#7
+- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA)
+- Add ability to get client-side SNI
+- Expanded OpenSSL compatibility layer
+- Fix for logging file names with OpenSSL compatibility layer enabled, with
+  WOLFSSL_MAX_ERROR_SZ user-overridable
+- Adds static memory support to the wolfSSL example client
+- Fixes for sniffer to use TLS 1.2 client method
+- Adds option to wolfCrypt benchmark to benchmark individual algorithms
+- Adds option to wolfCrypt benchmark to display benchmarks in powers
+  of 10 (-base10)
+- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384)
+- Updated Texas Instruments TI-RTOS build
+- Updated STM32 CubeMX build with fixes for SHA
+- Updated IAR EWARM project files
+- Updated Apple Xcode projects with the addition of a benchmark example project
+
+This release of wolfSSL fixes 1 security vulnerability.
+
+wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young.
+The paper notes that wolfSSL only gives a weak oracle without a practical
+attack but this is still a flaw.  This release contains a fix for this report.
+Please note that wolfSSL has static RSA cipher suites disabled by default as
+of version 3.6.6 because of the lack of perfect forward secrecy.  Only users
+who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA
+and use those suites on a host are affected.  More information will be
+available on our website at:
+
+    https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 ********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 Release 3.12.2 of wolfSSL has bug fixes and new features including:

README.md

@@ -38,6 +38,64 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
+# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017)
+
+wolfSSL 3.13.0 includes bug fixes and new features, including support for
+TLS 1.3 Draft 21, performance and footprint optimizations, build fixes,
+updated examples and project files, and one vulnerability fix. The full list
+of changes and additions in this release include:
+
+* Fixes for TLS 1.3, support for Draft 21
+* TLS 1.0 disabled by default, addition of “--enable-tls10” configure option
+* New option to reduce SHA-256 code size at expense of performance
+  (USE_SLOW_SHA256)
+* New option for memory reduced build (--enable-lowresource)
+* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2
+* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM
+* SHA-3 size and performance optimizations
+* Fixes for Intel AVX2 builds on Mac/OSX
+* Intel assembly for Curve25519, and Ed25519 performance optimizations
+* New option to force 32-bit mode with “--enable-32bit”
+* New option to disable all inline assembly with “--disable-asm”
+* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO
+* Fixes for handling of unsupported TLS extensions.
+* Fixes for compiling AES-GCM code with GCC 4.8.*
+* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ
+* Fixes for building without a filesystem
+* Removes 3DES and SHA1 dependencies from PKCS#7
+* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA)
+* Add ability to get client-side SNI
+* Expanded OpenSSL compatibility layer
+* Fix for logging file names with OpenSSL compatibility layer enabled, with
+  WOLFSSL_MAX_ERROR_SZ user-overridable
+* Adds static memory support to the wolfSSL example client
+* Fixes for sniffer to use TLS 1.2 client method
+* Adds option to wolfCrypt benchmark to benchmark individual algorithms
+* Adds option to wolfCrypt benchmark to display benchmarks in powers
+  of 10 (-base10)
+* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384)
+* Updated Texas Instruments TI-RTOS build
+* Updated STM32 CubeMX build with fixes for SHA
+* Updated IAR EWARM project files
+* Updated Apple Xcode projects with the addition of a benchmark example project
+
+This release of wolfSSL fixes 1 security vulnerability.
+
+wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young.
+The paper notes that wolfSSL only gives a weak oracle without a practical
+attack but this is still a flaw.  This release contains a fix for this report.
+Please note that wolfSSL has static RSA cipher suites disabled by default as
+of version 3.6.6 because of the lack of perfect forward secrecy.  Only users
+who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA
+and use those suites on a host are affected.  More information will be
+available on our website at:
+
+https://wolfssl.com/wolfSSL/security/vulnerabilities.php
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017)
 
 ## Release 3.12.2 of wolfSSL has bug fixes and new features including:

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.12.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.13.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=14:0:0
+WOLFSSL_LIBRARY_VERSION=15:0:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |

rpm/spec.in

@@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_docdir}/wolfssl/README.txt
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
-%{_libdir}/libwolfssl.so.14
-%{_libdir}/libwolfssl.so.14.0.0
+%{_libdir}/libwolfssl.so.15
+%{_libdir}/libwolfssl.so.15.0.0
 
 %files devel
 %defattr(-,root,root,-)

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.12.2"
-#define LIBWOLFSSL_VERSION_HEX 0x03012002
+#define LIBWOLFSSL_VERSION_STRING "3.13.0"
+#define LIBWOLFSSL_VERSION_HEX 0x03013000
 
 #ifdef __cplusplus
 }