From d848a15fc8f67f2a6bfe5f8b1ea0b5c40ea1c583 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 21 Dec 2017 09:48:52 -0700 Subject: [PATCH 1/3] update README for 3.13.0 --- README | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) diff --git a/README b/README index 7d863e118..45debc62f 100644 --- a/README +++ b/README @@ -35,6 +35,64 @@ before calling wolfSSL_new(); Though it's not recommended. *** end Notes *** +********* wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +- Fixes for TLS 1.3, support for Draft 21 +- TLS 1.0 disabled by default, addition of “--enable-tls10” configure option +- New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +- New option for memory reduced build (--enable-lowresource) +- AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +- SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +- SHA-3 size and performance optimizations +- Fixes for Intel AVX2 builds on Mac/OSX +- Intel assembly for Curve25519, and Ed25519 performance optimizations +- New option to force 32-bit mode with “--enable-32bit” +- New option to disable all inline assembly with “--disable-asm” +- Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +- Fixes for handling of unsupported TLS extensions. +- Fixes for compiling AES-GCM code with GCC 4.8.* +- Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +- Fixes for building without a filesystem +- Removes 3DES and SHA1 dependencies from PKCS#7 +- Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +- Add ability to get client-side SNI +- Expanded OpenSSL compatibility layer +- Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +- Adds static memory support to the wolfSSL example client +- Fixes for sniffer to use TLS 1.2 client method +- Adds option to wolfCrypt benchmark to benchmark individual algorithms +- Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +- Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +- Updated Texas Instruments TI-RTOS build +- Updated STM32 CubeMX build with fixes for SHA +- Updated IAR EWARM project files +- Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + + https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + ********* wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) Release 3.12.2 of wolfSSL has bug fixes and new features including: diff --git a/README.md b/README.md index 26444bf07..759da6153 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,64 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); before calling wolfSSL_new(); Though it's not recommended. ``` +# wolfSSL (Formerly CyaSSL) Release 3.13.0 (12/21/2017) + +wolfSSL 3.13.0 includes bug fixes and new features, including support for +TLS 1.3 Draft 21, performance and footprint optimizations, build fixes, +updated examples and project files, and one vulnerability fix. The full list +of changes and additions in this release include: + +* Fixes for TLS 1.3, support for Draft 21 +* TLS 1.0 disabled by default, addition of “--enable-tls10” configure option +* New option to reduce SHA-256 code size at expense of performance + (USE_SLOW_SHA256) +* New option for memory reduced build (--enable-lowresource) +* AES-GCM performance improvements on AVX1 (IvyBridge) and AVX2 +* SHA-256 and SHA-512 performance improvements using AVX1/2 ASM +* SHA-3 size and performance optimizations +* Fixes for Intel AVX2 builds on Mac/OSX +* Intel assembly for Curve25519, and Ed25519 performance optimizations +* New option to force 32-bit mode with “--enable-32bit” +* New option to disable all inline assembly with “--disable-asm” +* Ability to override maximum signature algorithms using WOLFSSL_MAX_SIGALGO +* Fixes for handling of unsupported TLS extensions. +* Fixes for compiling AES-GCM code with GCC 4.8.* +* Allow adjusting static I/O buffer size with WOLFMEM_IO_SZ +* Fixes for building without a filesystem +* Removes 3DES and SHA1 dependencies from PKCS#7 +* Adds ability to disable PKCS#7 EncryptedData type (NO_PKCS7_ENCRYPTED_DATA) +* Add ability to get client-side SNI +* Expanded OpenSSL compatibility layer +* Fix for logging file names with OpenSSL compatibility layer enabled, with + WOLFSSL_MAX_ERROR_SZ user-overridable +* Adds static memory support to the wolfSSL example client +* Fixes for sniffer to use TLS 1.2 client method +* Adds option to wolfCrypt benchmark to benchmark individual algorithms +* Adds option to wolfCrypt benchmark to display benchmarks in powers + of 10 (-base10) +* Updated Visual Studio for ARM builds (for ECC supported curves and SHA-384) +* Updated Texas Instruments TI-RTOS build +* Updated STM32 CubeMX build with fixes for SHA +* Updated IAR EWARM project files +* Updated Apple Xcode projects with the addition of a benchmark example project + +This release of wolfSSL fixes 1 security vulnerability. + +wolfSSL is cited in the recent ROBOT Attack by Böck, Somorovsky, and Young. +The paper notes that wolfSSL only gives a weak oracle without a practical +attack but this is still a flaw. This release contains a fix for this report. +Please note that wolfSSL has static RSA cipher suites disabled by default as +of version 3.6.6 because of the lack of perfect forward secrecy. Only users +who have explicitly enabled static RSA cipher suites with WOLFSSL_STATIC_RSA +and use those suites on a host are affected. More information will be +available on our website at: + +https://wolfssl.com/wolfSSL/security/vulnerabilities.php + +See INSTALL file for build instructions. +More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html + + # wolfSSL (Formerly CyaSSL) Release 3.12.2 (10/23/2017) ## Release 3.12.2 of wolfSSL has bug fixes and new features including: From 8bebadcd4b2399cb957c23518a7e27055be2b636 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 21 Dec 2017 09:54:19 -0700 Subject: [PATCH 2/3] update library version for 3.13.0 in configure.ac/version.h --- configure.ac | 4 ++-- wolfssl/version.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 0c18b22e9..5099ec39c 100644 --- a/configure.ac +++ b/configure.ac @@ -6,7 +6,7 @@ # # -AC_INIT([wolfssl],[3.12.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) +AC_INIT([wolfssl],[3.13.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) @@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. #shared library versioning -WOLFSSL_LIBRARY_VERSION=14:0:0 +WOLFSSL_LIBRARY_VERSION=15:0:0 # | | | # +------+ | +---+ # | | | diff --git a/wolfssl/version.h b/wolfssl/version.h index 075f9e4cf..36d3ae34a 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "3.12.2" -#define LIBWOLFSSL_VERSION_HEX 0x03012002 +#define LIBWOLFSSL_VERSION_STRING "3.13.0" +#define LIBWOLFSSL_VERSION_HEX 0x03013000 #ifdef __cplusplus } From 9c74c4d69b31097f9b2290102e5c2bb43916a287 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 21 Dec 2017 10:09:29 -0700 Subject: [PATCH 3/3] update library version for 3.13.0 in rpm/spec.in --- rpm/spec.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/spec.in b/rpm/spec.in index 51af0508d..a6cd2fa25 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/ %{_docdir}/wolfssl/README.txt %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so -%{_libdir}/libwolfssl.so.14 -%{_libdir}/libwolfssl.so.14.0.0 +%{_libdir}/libwolfssl.so.15 +%{_libdir}/libwolfssl.so.15.0.0 %files devel %defattr(-,root,root,-)