wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

prepare for release 5.7.6

Browse Source
This commit is contained in:
JacobBarthelmeh
2024-12-31 08:27:53 -07:00
parent 8d7c60017c
commit 70e41d1ed1
10 changed files with 354 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CMakeLists.txt
View File

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.") You must delete them, or cmake will refuse to work.")
endif() endif()
project(wolfssl VERSION 5.7.4 LANGUAGES C ASM) project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined # Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "") if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
# shared library versioning # shared library versioning
# increment if interfaces have been removed or changed # increment if interfaces have been removed or changed
set(WOLFSSL_LIBRARY_VERSION_FIRST 42) set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
# increment if interfaces have been added # increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 3) set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed # increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or

126
ChangeLog.md
View File

@@ -1,3 +1,129 @@
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
# wolfSSL Release 5.7.4 (Oct 24, 2024) # wolfSSL Release 5.7.4 (Oct 24, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA Release 5.7.4 has been developed according to wolfSSL's development and QA

8
IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
View File

@@ -51,8 +51,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,7,4,0 FILEVERSION 5,7,6,0
PRODUCTVERSION 5,7,4,0 PRODUCTVERSION 5,7,6,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN BEGIN
VALUE "CompanyName", "wolfSSL Inc." VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.7.4.0" VALUE "FileVersion", "5.7.6.0"
VALUE "InternalName", "wolfssl-fips" VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "LegalCopyright", "Copyright (C) 2023"
VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS" VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.7.4.0" VALUE "ProductVersion", "5.7.6.0"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

8
IDE/WIN10/wolfssl-fips.rc
View File

@@ -51,8 +51,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,7,4,0 FILEVERSION 5,7,6,0
PRODUCTVERSION 5,7,4,0 PRODUCTVERSION 5,7,6,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN BEGIN
VALUE "CompanyName", "wolfSSL Inc." VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.7.4.0" VALUE "FileVersion", "5.7.6.0"
VALUE "InternalName", "wolfssl-fips" VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2024" VALUE "LegalCopyright", "Copyright (C) 2024"
VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS" VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.7.4.0" VALUE "ProductVersion", "5.7.6.0"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

278
README
View File

@@ -70,198 +70,130 @@ should be used for the enum name.
*** end Notes *** *** end Notes ***
# wolfSSL Release 5.7.4 (Oct 24, 2024) # wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria. process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added. number where the code change was added.
## Vulnerabilities ## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate * [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
verification behaved differently in wolfSSL than OpenSSL, in the when performing OCSP requests for intermediate certificates in a certificate
X509_STORE_add_cert() and X509_STORE_load_locations() implementations. chain. This affects only TLS 1.3 connections on the server side. It would not
Previously, in cases where an application explicitly loaded an intermediate impact other TLS protocol versions or connections that are not using the
certificate, wolfSSL was verifying only up to that intermediate certificate, traditional OCSP implementation. (Fix in pull request 8115)
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
## New Feature Additions ## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, * Add support for RP2350 and improve RP2040 support, both with RNG optimizations
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) (PR 8153)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) * Add support for STM32MP135F, including STM32CubeIDE support and HAL support
* Add support for (DevkitPro)libnds (PR 7990) for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460) * Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add port for init sssd (PR 7781) * Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Add port for eXosip2 (PR 7648) * Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
* Add support for STM32G4 (PR 7997) wc_Curve25519KeyDecode (PR 8129)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback * CRL improvements and update callback, added the functions
Support (PR 7777) wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* Add support for building wolfSSL to be used in libspdm (PR 7869) * For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
## Enhancements and Optimizations ## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762) * Add a CMake dependency check for pthreads when required. (PR 8162)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) * Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) not affected). (PR 8170)
* Add option to disable cryptocb test software test using * Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
--disable-cryptocb-sw-test (PR 7862) * Change the default cipher suite preference, prioritizing
* Add a call to certificate verify callback before checking certificate dates TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
(PR 7895) * Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding (PR 8215)
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and * Make library build when no hardware crypto available for Aarch64 (PR 8293)
Hashing (PR 3166) * Update assembly code to avoid `uint*_t` types for better compatibility with
* Expand MMCAU support for use with DES ECB (PR 7960) older C standards. (PR 8133)
* Update AES SIV to handle multiple associated data inputs (PR 7911) * Add initial documentation for writing ASN template code to decode BER/DER.
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) (PR 8120)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) * Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) * Allow SHA-3 hardware cryptography instructions to be explicitly not used in
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel MacOS builds (PR 8282)
(PR 7731) * Make Kyber and ML-KEM available individually and together. (PR 8143)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) * Update configuration options to include Kyber/ML-KEM and fix defines used in
* Renesas RX TSIP ECDSA support (PR 7685) wolfSSL_get_curve_name. (PR 8183)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841) * Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Server-side checks OCSP even if it uses v2 multi (PR 7828) * Improved test coverage and minor improvements of X509 (PR 8176)
* Add handling of absent hash params in PKCS7 bundle parsing and creation * Add sanity checks for configuration methods, ensuring the inclusion of
(PR 7845) wolfssl/options.h or user_settings.h. (PR 8262)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in * Enable support for building without TLS (NO_TLS). Provides reduced code size
environments that do not have a word64 type (PR 7759) option for non-TLS users who want features like the certificate manager or
* Update to the maxq10xx support (PR 7824) compatibility layer. (PR 8273)
* Add support for parsing over optional PKCS8 attributes (PR 7944) * Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* Add support for either side method with DTLS 1.3 (PR 8012) * ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) * Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) * Add support for the RFC822 Mailbox attribute (PR 8280)
* Add left-most wildcard matching support to X509_check_host() (PR 7966) * Initialize variables and adjust types resolve warnings with Visual Studio in
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) Windows builds. (PR 8181)
* Building wolfSSL as a library with Ada and corrections to Alire manifest * Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
(PR 7303,7940) * Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
* Renesas RX72N support updated (PR 7849) (PR 8261, 8255, 8245)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object * Remove trailing error exit code in wolfSSL install setup script (PR 8189)
(PR 8005) * Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each * Improve Espressif SHA HW/SW mutex messages (PR 8225)
SSL object (PR 7867) * Apply post-5.7.4 release updates for Espressif Managed Component examples
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. (PR 8251)
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) * Expansion of c89 conformance (PR 8164)
* Memory usage improvements in wc_PRF, sha256 (for small code when many * Added configure option for additional sanity checks with --enable-faultharden
registers are available) and sp_int objects (PR 7901) (PR 8289)
* Change in the configure script to work around ">>" with no command. In older * Aarch64 ASM additions to check CPU features before hardware crypto instruction
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876) use (PR 8314)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes ## Fixes
* ECC key load: fixes for certificates with parameters that are not default for * Fix a memory issue when using the compatibility layer with
size (PR 7751) WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) * Fix a build issue with signature fault hardening when using public key
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret callbacks (HAVE_PK_CALLBACKS). (PR 8287)
(PR 7812) * Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) objects and freeing one of them (PR 8180)
* Fix for detecting older versions of Mac OS when trying to link with * Fix potential memory leak in error case with Aria. (PR 8268)
libdispatch (PR 7932) * Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake * Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
packets combined into a single transmission. (PR 7840) * Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest * Fix incorrect version setting in CSRs. (PR 8136)
(PR 7779) * Correct debugging output for cryptodev. (PR 8202)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) * Fix for benchmark application use with /dev/crypto GMAC auth error due to size
* Fix for staticmemory and singlethreaded build (PR 7737) of AAD (PR 8210)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) * Add missing checks for the initialization of sp_int/mp_int with DSA to free
* Fix to support PKCS11 without RSA key generation (PR 7738) memory properly in error cases. (PR 8209)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3 * Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
(PR 7761) * Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) * Prevent adding a certificate to the CA cache for Renesas builds if it does not
* Fix with PKCS11 to iterate correctly over slotId (PR 7736) set CA:TRUE in basic constraints. (PR 8060)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) * Fix attribute certificate holder entityName parsing. (PR 8166)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value * Resolve build issues for configurations without any wolfSSL/openssl
(PR 7742) compatibility layer headers. (PR 8182)
* Use max key length for PSK encrypt buffer size (PR 7707) * Fix for building SP RSA small and RSA public only (PR 8235)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) * Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) * Fix to ensure all files have settings.h included (like wc_lms.c) and guards
* Fix CMake build error for curl builds (PR 8021) for building all `*.c` files (PR 8257 and PR 8140)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) * Fix x86 target build issues in Visual Studio for non-Windows operating
* SSL loading of keys/certs: testing and fixes (PR 7789) systems. (PR 8098)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) * Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) * Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) * Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member * Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
(PR 8099) Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at: For additional vulnerability information visit the vulnerability page at:

278
README.md
View File

@@ -75,197 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
`WC_SHA512` should be used for the enum name. `WC_SHA512` should be used for the enum name.
# wolfSSL Release 5.7.4 (Oct 24, 2024) # wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria. process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added. number where the code change was added.
## Vulnerabilities ## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate * [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
verification behaved differently in wolfSSL than OpenSSL, in the when performing OCSP requests for intermediate certificates in a certificate
X509_STORE_add_cert() and X509_STORE_load_locations() implementations. chain. This affects only TLS 1.3 connections on the server side. It would not
Previously, in cases where an application explicitly loaded an intermediate impact other TLS protocol versions or connections that are not using the
certificate, wolfSSL was verifying only up to that intermediate certificate, traditional OCSP implementation. (Fix in pull request 8115)
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
## New Feature Additions ## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, * Add support for RP2350 and improve RP2040 support, both with RNG optimizations
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) (PR 8153)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) * Add support for STM32MP135F, including STM32CubeIDE support and HAL support
* Add support for (DevkitPro)libnds (PR 7990) for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460) * Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add port for init sssd (PR 7781) * Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Add port for eXosip2 (PR 7648) * Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
* Add support for STM32G4 (PR 7997) wc_Curve25519KeyDecode (PR 8129)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback * CRL improvements and update callback, added the functions
Support (PR 7777) wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* Add support for building wolfSSL to be used in libspdm (PR 7869) * For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
## Enhancements and Optimizations ## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762) * Add a CMake dependency check for pthreads when required. (PR 8162)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) * Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) not affected). (PR 8170)
* Add option to disable cryptocb test software test using * Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
--disable-cryptocb-sw-test (PR 7862) * Change the default cipher suite preference, prioritizing
* Add a call to certificate verify callback before checking certificate dates TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
(PR 7895) * Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding (PR 8215)
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and * Make library build when no hardware crypto available for Aarch64 (PR 8293)
Hashing (PR 3166) * Update assembly code to avoid `uint*_t` types for better compatibility with
* Expand MMCAU support for use with DES ECB (PR 7960) older C standards. (PR 8133)
* Update AES SIV to handle multiple associated data inputs (PR 7911) * Add initial documentation for writing ASN template code to decode BER/DER.
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) (PR 8120)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) * Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) * Allow SHA-3 hardware cryptography instructions to be explicitly not used in
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel MacOS builds (PR 8282)
(PR 7731) * Make Kyber and ML-KEM available individually and together. (PR 8143)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) * Update configuration options to include Kyber/ML-KEM and fix defines used in
* Renesas RX TSIP ECDSA support (PR 7685) wolfSSL_get_curve_name. (PR 8183)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841) * Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Server-side checks OCSP even if it uses v2 multi (PR 7828) * Improved test coverage and minor improvements of X509 (PR 8176)
* Add handling of absent hash params in PKCS7 bundle parsing and creation * Add sanity checks for configuration methods, ensuring the inclusion of
(PR 7845) wolfssl/options.h or user_settings.h. (PR 8262)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in * Enable support for building without TLS (NO_TLS). Provides reduced code size
environments that do not have a word64 type (PR 7759) option for non-TLS users who want features like the certificate manager or
* Update to the maxq10xx support (PR 7824) compatibility layer. (PR 8273)
* Add support for parsing over optional PKCS8 attributes (PR 7944) * Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* Add support for either side method with DTLS 1.3 (PR 8012) * ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) * Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) * Add support for the RFC822 Mailbox attribute (PR 8280)
* Add left-most wildcard matching support to X509_check_host() (PR 7966) * Initialize variables and adjust types resolve warnings with Visual Studio in
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) Windows builds. (PR 8181)
* Building wolfSSL as a library with Ada and corrections to Alire manifest * Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
(PR 7303,7940) * Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
* Renesas RX72N support updated (PR 7849) (PR 8261, 8255, 8245)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object * Remove trailing error exit code in wolfSSL install setup script (PR 8189)
(PR 8005) * Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each * Improve Espressif SHA HW/SW mutex messages (PR 8225)
SSL object (PR 7867) * Apply post-5.7.4 release updates for Espressif Managed Component examples
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. (PR 8251)
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) * Expansion of c89 conformance (PR 8164)
* Memory usage improvements in wc_PRF, sha256 (for small code when many * Added configure option for additional sanity checks with --enable-faultharden
registers are available) and sp_int objects (PR 7901) (PR 8289)
* Change in the configure script to work around ">>" with no command. In older * Aarch64 ASM additions to check CPU features before hardware crypto instruction
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876) use (PR 8314)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes ## Fixes
* ECC key load: fixes for certificates with parameters that are not default for * Fix a memory issue when using the compatibility layer with
size (PR 7751) WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) * Fix a build issue with signature fault hardening when using public key
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret callbacks (HAVE_PK_CALLBACKS). (PR 8287)
(PR 7812) * Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) objects and freeing one of them (PR 8180)
* Fix for detecting older versions of Mac OS when trying to link with * Fix potential memory leak in error case with Aria. (PR 8268)
libdispatch (PR 7932) * Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake * Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
packets combined into a single transmission. (PR 7840) * Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest * Fix incorrect version setting in CSRs. (PR 8136)
(PR 7779) * Correct debugging output for cryptodev. (PR 8202)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) * Fix for benchmark application use with /dev/crypto GMAC auth error due to size
* Fix for staticmemory and singlethreaded build (PR 7737) of AAD (PR 8210)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) * Add missing checks for the initialization of sp_int/mp_int with DSA to free
* Fix to support PKCS11 without RSA key generation (PR 7738) memory properly in error cases. (PR 8209)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3 * Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
(PR 7761) * Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) * Prevent adding a certificate to the CA cache for Renesas builds if it does not
* Fix with PKCS11 to iterate correctly over slotId (PR 7736) set CA:TRUE in basic constraints. (PR 8060)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) * Fix attribute certificate holder entityName parsing. (PR 8166)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value * Resolve build issues for configurations without any wolfSSL/openssl
(PR 7742) compatibility layer headers. (PR 8182)
* Use max key length for PSK encrypt buffer size (PR 7707) * Fix for building SP RSA small and RSA public only (PR 8235)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) * Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) * Fix to ensure all files have settings.h included (like wc_lms.c) and guards
* Fix CMake build error for curl builds (PR 8021) for building all `*.c` files (PR 8257 and PR 8140)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) * Fix x86 target build issues in Visual Studio for non-Windows operating
* SSL loading of keys/certs: testing and fixes (PR 7789) systems. (PR 8098)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) * Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) * Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) * Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member * Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
(PR 8099) Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at: For additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/ https://www.wolfssl.com/docs/security-vulnerabilities/

6
configure.ac
View File

@@ -7,7 +7,7 @@
# #
AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.]) AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.])
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_INIT([wolfssl],[5.7.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
# Inhibit unwanted regeneration of autotools artifacts by Makefile. # Inhibit unwanted regeneration of autotools artifacts by Makefile.
@@ -50,11 +50,11 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
# The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
# increment if interfaces have been removed or changed # increment if interfaces have been removed or changed
WOLFSSL_LIBRARY_VERSION_FIRST=42 WOLFSSL_LIBRARY_VERSION_FIRST=43
# increment if interfaces have been added # increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
WOLFSSL_LIBRARY_VERSION_SECOND=3 WOLFSSL_LIBRARY_VERSION_SECOND=0
# increment if source code has changed # increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or

BIN
wolfssl.rc
View File

Binary file not shown.

4
wolfssl/version.h
View File

@@ -28,8 +28,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBWOLFSSL_VERSION_STRING "5.7.4" #define LIBWOLFSSL_VERSION_STRING "5.7.6"
#define LIBWOLFSSL_VERSION_HEX 0x05007004 #define LIBWOLFSSL_VERSION_HEX 0x05007006
#ifdef __cplusplus #ifdef __cplusplus
} }

2
wrapper/Ada/alire.toml
View File

@@ -1,6 +1,6 @@
name = "wolfssl" name = "wolfssl"
description = "WolfSSL encryption library and its Ada bindings" description = "WolfSSL encryption library and its Ada bindings"
version = "5.7.4" version = "5.7.6"
authors = ["WolfSSL Team <support@wolfssl.com>"] authors = ["WolfSSL Team <support@wolfssl.com>"]
maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"] maintainers = ["Fernando Oleo Blanco <irvise@irvise.xyz>"]