Merge pull request #1088 from JacobBarthelmeh/Release

prepare for release v3.12.0

README

@@ -34,6 +34,63 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
+********* wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017)
+
+Release 3.12.0 of wolfSSL has bug fixes and new features including:
+
+- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13)
+- TLS 1.3 0RTT feature added
+- Added port for using Intel SGX with Linux
+- Update and fix PIC32MZ port
+- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128
+- AVX and AVX2 assembly for improved ChaCha20 performance
+- Intel QAT fixes for when using --disable-fastmath
+- Update how DTLS handles decryption and MAC failures
+- Update DTLS session export version number for --enable-sessionexport feature
+- Add additional input argument sanity checks to ARMv8 assembly port
+- Fix for making PKCS12 dynamic types match
+- Fixes for potential memory leaks when using --enable-fast-rsa
+- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
+- Update TI-RTOS port for dependency on new wolfSSL source files
+- DTLS multicast feature added, --enable-mcast
+- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
+- Improvements and enhancements to Intel QuickAssist support
+- Added Xilinx port
+- Added SHA3 Keccak feature, --enable-sha3
+- Expand wolfSSL Python wrapper to now include a client side implementation
+- Adjust example servers to not treat a peer closed error as a hard error
+- Added more sanity checks to fp_read_unsigned_bin function
+- Add SHA224 and AES key wrap to ARMv8 port
+- Update MQX classics and mmCAU ports
+- Fix for potential buffer over read with wolfSSL_CertPemToDer
+- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
+- Fix ThreadX/NetX warning
+- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
+- Added RSA PSS sign and verify
+- Fix for STM32F4 AES-GCM
+- Added enable all feature (--enable-all)
+- Added trackmemory feature (--enable-trackmemory)
+- Fixes for AES key wrap and PKCS7 on Windows VS
+- Added benchmark block size argument
+- Support use of staticmemory with PKCS7
+- Fix for Blake2b build with GCC 5.4
+- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
+- Added warning when compiling without hardened math operations
+
+
+Note:
+There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm.
+
+
+This release of wolfSSL fixes 1 low level security vulnerability.
+
+Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 ********* wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017)
 
 Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes:

README.md

@@ -38,6 +38,63 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
+# wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017)
+
+## Release 3.12.0 of wolfSSL has bug fixes and new features including:
+
+- TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13)
+- TLS 1.3 0RTT feature added
+- Added port for using Intel SGX with Linux
+- Update and fix PIC32MZ port
+- Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128
+- AVX and AVX2 assembly for improved ChaCha20 performance
+- Intel QAT fixes for when using --disable-fastmath
+- Update how DTLS handles decryption and MAC failures
+- Update DTLS session export version number for --enable-sessionexport feature
+- Add additional input argument sanity checks to ARMv8 assembly port
+- Fix for making PKCS12 dynamic types match
+- Fixes for potential memory leaks when using --enable-fast-rsa
+- Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
+- Update TI-RTOS port for dependency on new wolfSSL source files
+- DTLS multicast feature added, --enable-mcast
+- Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
+- Improvements and enhancements to Intel QuickAssist support
+- Added Xilinx port
+- Added SHA3 Keccak feature, --enable-sha3
+- Expand wolfSSL Python wrapper to now include a client side implementation
+- Adjust example servers to not treat a peer closed error as a hard error
+- Added more sanity checks to fp_read_unsigned_bin function
+- Add SHA224 and AES key wrap to ARMv8 port
+- Update MQX classics and mmCAU ports
+- Fix for potential buffer over read with wolfSSL_CertPemToDer
+- Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
+- Fix ThreadX/NetX warning
+- Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
+- Added RSA PSS sign and verify
+- Fix for STM32F4 AES-GCM
+- Added enable all feature (--enable-all)
+- Added trackmemory feature (--enable-trackmemory)
+- Fixes for AES key wrap and PKCS7 on Windows VS
+- Added benchmark block size argument
+- Support use of staticmemory with PKCS7
+- Fix for Blake2b build with GCC 5.4
+- Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
+- Added warning when compiling without hardened math operations
+
+
+Note:
+There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm.
+
+
+This release of wolfSSL fixes 1 low level security vulnerability.
+
+Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL (Formerly CyaSSL) Release 3.11.1 (5/11/2017)
 
 ## Release 3.11.1 of wolfSSL is a TLS 1.3 BETA release, which includes:

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.11.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.12.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=12:0:0
+WOLFSSL_LIBRARY_VERSION=13:0:1
 #                       | | |
 #                +------+ | +---+
 #                |        |     |

rpm/spec.in

@@ -73,7 +73,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
 %{_libdir}/libwolfssl.so.12
-%{_libdir}/libwolfssl.so.12.0.0
+%{_libdir}/libwolfssl.so.12.1.0
 
 %files devel
 %defattr(-,root,root,-)
@@ -187,6 +187,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/chacha20_poly1305.h
 %{_includedir}/wolfssl/wolfcrypt/coding.h
 %{_includedir}/wolfssl/wolfcrypt/compress.h
+%{_includedir}/wolfssl/wolfcrypt/cpuid.h
 %{_includedir}/wolfssl/wolfcrypt/curve25519.h
 %{_includedir}/wolfssl/wolfcrypt/des3.h
 %{_includedir}/wolfssl/wolfcrypt/dh.h
@@ -223,6 +224,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/wolfcrypt/settings.h
 %{_includedir}/wolfssl/wolfcrypt/signature.h
 %{_includedir}/wolfssl/wolfcrypt/sha.h
+%{_includedir}/wolfssl/wolfcrypt/sha3.h
 %{_includedir}/wolfssl/wolfcrypt/sha256.h
 %{_includedir}/wolfssl/wolfcrypt/sha512.h
 %{_includedir}/wolfssl/wolfcrypt/srp.h
@@ -280,6 +282,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/pkgconfig/wolfssl.pc
 
 %changelog
+* Fri Aug 04 2017 Jacob Barthelmeh <jacob@wolfssl.com>
+- Added header for wolfssl/wolfcrypt/cpuid.h, wolfssl/wolfcrypt/sha3.h
 * Thu May 04 2017 Jacob Barthelmeh <jacob@wolfssl.com>
 - Added header for wolfssl/io.h, wolfssl/openssl/ssl23.h, cyassl/openssl/ssl23.h
 * Thu Feb 09 2017 Jacob Barthelmeh <jacob@wolfssl.com>

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.11.1"
-#define LIBWOLFSSL_VERSION_HEX 0x03011001
+#define LIBWOLFSSL_VERSION_STRING "3.12.0"
+#define LIBWOLFSSL_VERSION_HEX 0x03012000
 
 #ifdef __cplusplus
 }