WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

prepare for release 5.3.0

pull/5098/head
Jacob Barthelmeh 2022-05-02 11:26:38 -06:00
parent 48cb185ce9
commit 29401334d3
7 changed files with 439 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
ChangeLog.md
View File

@ -1,3 +1,156 @@
# wolfSSL Release 5.3.0 (May 3rd, 2022)
Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
## New Feature Additions
### Ports
* Updated support for Stunnel to version 5.61
* Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Allow encrypt then mac with Apache port
* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
* Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
* Update the bind port to version 9.18.0
### Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
### Compatibility Layer Additions
* Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
- ASN1_TIME_compare
- DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
### Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key) callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
* wolfRand for AMD --enable-amdrand
## Fixes
### PORT Fixes
* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0s and for ECC signatures
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
* Fix for PKCS#7 with Crypto Callbacks
* Fix for larger curve sizes with deterministic ECC sign
* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
* Remove extra padding when AES-CBC encrypted with PemToDer
* Fixes for TLS v1.3 early data with async.
* Fixes for async disables around the DevCopy calls
* Fixes for Windows AES-NI with clang compiler
* Fix for handling the detection of processing a plaintext TLS alert packet
* Fix for potential memory leak in an error case with TLSX supported groups
* Sanity check on `input` size in `DecodeNsCertType`
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
## Improvements/Optimizations
### Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
* Enable TLS 1.3 early data when specifying `--enable-all` option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version 2.4.7
* Fixes for Diab C89 and armclang
* Fix `mcapi_test.c` to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
### Math Libraries
* Add RSA/DH check for even modulus
* Enhance TFM math to handle more alloc failure cases gracefully
* SP ASM performance improvements mostly around AArch64
* SP ASM improvements for additional cache attack resistance
* Add RSA check for small difference between p and q
* 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
* Testing and Validation
* All shell scripts in source tree now tested for correctness using shellcheck and bash -n
* Added build testing under gcc-12 and -std=c++17 and fixed warnings
* TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
### Misc.
* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
* Modify example app to work with FreeRTOS+IoT
* Ease of access for cert used for verifying a PKCS#7 bundle
* Clean up Visual Studio output and intermediate directories
* With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
* Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* Don't force a ECC CA when a custom CA is passed with `-A`
* Add peer authentication failsafe for TLS 1.2 and below
* Improve parsing of UID from subject and issuer name with the compatibility layer by
* Fallback to full TLS handshake if session ticket fails
* Internal refactoring of code to reduce ssl.c file size
# wolfSSL Release 5.2.0 (Feb 21, 2022) # wolfSSL Release 5.2.0 (Feb 21, 2022)
## Vulnerabilities ## Vulnerabilities

8
IDE/WIN10/wolfssl-fips.rc
View File

@ -51,8 +51,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,2,0,0 FILEVERSION 5,3,0,0
PRODUCTVERSION 5,2,0,0 PRODUCTVERSION 5,3,0,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -69,12 +69,12 @@ BEGIN
BEGIN BEGIN
VALUE "CompanyName", "wolfSSL Inc." VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.2.0.0" VALUE "FileVersion", "5.3.0.0"
VALUE "InternalName", "wolfssl-fips" VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2022" VALUE "LegalCopyright", "Copyright (C) 2022"
VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS" VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.2.0.0" VALUE "ProductVersion", "5.3.0.0"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

238
README
View File

@ -70,118 +70,158 @@ should be used for the enum name.
*** end Notes *** *** end Notes ***
# wolfSSL Release 5.3.0 (May 3rd, 2022)
# wolfSSL Release 5.2.0 (Feb 21, 2022) Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
## Vulnerabilities
* \[High\] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify
message a client can connect without presenting a certificate even
if the server requires one. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
* \[High\] A TLS v1.3 client attempting to authenticate a TLS v1.3
server can have its certificate check bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
## New Feature Additions ## New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT ### Ports
* Renesas FSP 3.5.0 support for RA6M3 * Updated support for Stunnel to version 5.61
* For TLS 1.3, improved checks on order of received messages. * Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Support for use of SHA-3 cryptography instructions available in * Allow encrypt then mac with Apache port
ARMv8.2-A architecture extensions. (For Apple M1) * Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
* Support for use of SHA-512 cryptography instructions available in * Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
ARMv8.2-A architecture extensions. (For Apple M1) * Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
* Fixes for clang -Os on clang >= 12.0.0 * Update the bind port to version 9.18.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed
to build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXPs SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
## ARM PSA Support (Platform Security Architecture) API ### Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
* Initial support added for ARMs Platform Security Architecture (PSA) ### Compatibility Layer Additions
API in wolfCrypt which allows support of ARM PSA enabled devices by * Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
wolfSSL, wolfSSH, and wolfBoot and wolfCrypt FIPS. - ASN1_TIME_compare
* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG - DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
## ECICE Updates ### Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key) callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
* wolfRand for AMD --enable-amdrand
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR, ## Fixes
AES-256-CTR ### PORT Fixes
* Support for compressed public keys in messages. * KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0s and for ECC signatures
## Math Improvements ### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
* Improved performance of X448 and Ed448 through inlining Karatsuba in ### Misc.
square and multiplication operations for 128-bit implementation * Fix for PKCS#7 with Crypto Callbacks
(64-bit platforms with 128-bit type support). * Fix for larger curve sizes with deterministic ECC sign
* SP Math C implementation: fix for corner case in curve specific * Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
implementations of Montgomery Reduction (P-256, P-384). * Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* SP math all: assembly snippets added for ARM Thumb. Performance * Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
improvement on platform. * Remove extra padding when AES-CBC encrypted with PemToDer
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove * Fixes for TLS v1.3 early data with async.
dependency on __udiv3. * Fixes for async disables around the DevCopy calls
* SP C implementation: multiplication of two signed types with overflow * Fixes for Windows AES-NI with clang compiler
is undefined in C. Now cast to unsigned type before multiplication is * Fix for handling the detection of processing a plaintext TLS alert packet
performed. * Fix for potential memory leak in an error case with TLSX supported groups
* SP C implementation correctly builds when using CFLAG: -m32 * Sanity check on `input` size in `DecodeNsCertType`
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
## OpenSSL Compatibility Layer ## Improvements/Optimizations
### Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
* Enable TLS 1.3 early data when specifying `--enable-all` option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version 2.4.7
* Fixes for Diab C89 and armclang
* Fix `mcapi_test.c` to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
* Added DH_get_2048_256 to compatibility layer. ### Math Libraries
* wolfSSLeay_version now returns the version of wolfSSL * Add RSA/DH check for even modulus
* Added C++ exports for APIs in wolfssl/openssl/crypto.h. This allows * Enhance TFM math to handle more alloc failure cases gracefully
better compatibility when building with a C++ compiler. * SP ASM performance improvements mostly around AArch64
* Fix for OpenSSL x509_NAME_hash mismatch * SP ASM improvements for additional cache attack resistance
* Implement FIPS_mode and FIPS_mode_set in the compat layer. * Add RSA check for small difference between p and q
* Fix for certreq and certgen options with openssl compatibility * 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework * Testing and Validation
* Fix IV length bug in EVP AES-GCM code. * All shell scripts in source tree now tested for correctness using shellcheck and bash -n
* Add new ASN1_INTEGER compatibility functions. * Added build testing under gcc-12 and -std=c++17 and fixed warnings
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM * TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
## CMake Updates ### Misc.
* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
* Check for valid override values. * Modify example app to work with FreeRTOS+IoT
* Add `KEYGEN` option. * Ease of access for cert used for verifying a PKCS#7 bundle
* Cleanup help messages. * Clean up Visual Studio output and intermediate directories
* Add options to support wolfTPM. * With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
## VisualStudio Updates * Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
* Remove deprecated VS solution * Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Fix VS unreachable code warning * Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
## New Algorithms and Protocols * Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* AES-SIV (RFC 5297) * Don't force a ECC CA when a custom CA is passed with `-A`
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new * Add peer authentication failsafe for TLS 1.2 and below
real-time session keys * Improve parsing of UID from subject and issuer name with the compatibility layer by
* SipHash MAC/PRF for hash tables. Includes inline assembly for * Fallback to full TLS handshake if session ticket fails
x86_64 and Aarch64. * Internal refactoring of code to reduce ssl.c file size
## Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
If this adversely affects you or your customers, please get in cotact with the wolfSSL team. (support@wolfssl.com)
For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/ For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/

237
README.md
View File

@ -79,117 +79,158 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
`WC_SHA512` should be used for the enum name. `WC_SHA512` should be used for the enum name.
# wolfSSL Release 5.2.0 (Feb 21, 2022) # wolfSSL Release 5.3.0 (May 3rd, 2022)
## Vulnerabilities Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
* \[High\] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify
message a client can connect without presenting a certificate even
if the server requires one. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
* \[High\] A TLS v1.3 client attempting to authenticate a TLS v1.3
server can have its certificate check bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed. Thank you to Aina Toky Rasoamanana and
Olivier Levillain of Télécom SudParis.
## New Feature Additions ## New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT ### Ports
* Renesas FSP 3.5.0 support for RA6M3 * Updated support for Stunnel to version 5.61
* For TLS 1.3, improved checks on order of received messages. * Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
* Support for use of SHA-3 cryptography instructions available in * Allow encrypt then mac with Apache port
ARMv8.2-A architecture extensions. (For Apple M1) * Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
* Support for use of SHA-512 cryptography instructions available in * Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
ARMv8.2-A architecture extensions. (For Apple M1) * Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
* Fixes for clang -Os on clang >= 12.0.0 * Update the bind port to version 9.18.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed
to build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXPs SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
## ARM PSA Support (Platform Security Architecture) API ### Post Quantum
* Add Post-quantum KEM benchmark for STM32
* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
* Initial support added for ARMs Platform Security Architecture (PSA) ### Compatibility Layer Additions
API in wolfCrypt which allows support of ARM PSA enabled devices by * Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
wolfSSL, wolfSSH, and wolfBoot and wolfCrypt FIPS. - ASN1_TIME_compare
* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG - DH_new_by_nid
- OBJ_length, OBJ_get0_data,
- EVP layer ChaCha20-Poly1305, HKDF
- EC_POINT_get_affine_coordinates
- EC_POINT_set_affine_coordinates
* Additional functions added were:
- EC_KEY_print_fp
- EVP_PKEY_paramgen
- EVP_PKEY_sign/verify functionality
- PEM_write_RSAPublicKey
- PEM_write_EC_PUBKEY
- PKCS7_sign
- PKCS7_final
- SMIME_write_PKCS7
- EC_KEY/DH_up_ref
- EVP_DecodeBlock
- EVP_EncodeBlock
- EC_KEY_get_conv_form
- BIO_eof
- Add support for BIO_CTRL_SET and BIO_CTRL_GET
* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
* Add extended key usage support to wolfSSL_X509_set_ext
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
* Changed X509_V_ERR codes to better match OpenSSL values used
* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
## ECICE Updates ### Misc.
* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
* Added in support for OCSP with IPv6
* Enhance SP (single precision) optimizations for use with the ECC P521
* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
* Add CSR (Certificate Signing Request) userId support in subject name
* Injection and parsing of custom extensions in X.509 certificates
* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
* Added private key id/label support with improving the PK (Public Key) callbacks
* Support for Intel QuickAssist ECC KeyGen acceleration
* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
* wolfRand for AMD --enable-amdrand
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR, ## Fixes
AES-256-CTR ### PORT Fixes
* Support for compressed public keys in messages. * KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
* Add the new kdf.c file to the TI-RTOS build
* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
* IOTSafe workarounds when reading files with ending 0s and for ECC signatures
## Math Improvements ### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
* Improved performance of X448 and Ed448 through inlining Karatsuba in ### Misc.
square and multiplication operations for 128-bit implementation * Fix for PKCS#7 with Crypto Callbacks
(64-bit platforms with 128-bit type support). * Fix for larger curve sizes with deterministic ECC sign
* SP Math C implementation: fix for corner case in curve specific * Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
implementations of Montgomery Reduction (P-256, P-384). * Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
* SP math all: assembly snippets added for ARM Thumb. Performance * Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
improvement on platform. * Remove extra padding when AES-CBC encrypted with PemToDer
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove * Fixes for TLS v1.3 early data with async.
dependency on __udiv3. * Fixes for async disables around the DevCopy calls
* SP C implementation: multiplication of two signed types with overflow * Fixes for Windows AES-NI with clang compiler
is undefined in C. Now cast to unsigned type before multiplication is * Fix for handling the detection of processing a plaintext TLS alert packet
performed. * Fix for potential memory leak in an error case with TLSX supported groups
* SP C implementation correctly builds when using CFLAG: -m32 * Sanity check on `input` size in `DecodeNsCertType`
* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
* Fix for PK callbacks with server side and setting a public key
## OpenSSL Compatibility Layer ## Improvements/Optimizations
### Build Options and Warnings
* Added example user settings template for FIPS v5 ready
* Automake file touch cleanup for use with Yocto devtool
* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
* Enable TLS 1.3 early data when specifying `--enable-all` option
* Disable PK Callbacks with JNI FIPS builds
* Add a FIPS cert 3389 ready option, this is the fips-ready build
* Support (no)inline with Wind River Diab compiler
* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
* Add logic equivalent to configure.ac in settings.h for Poly1305
* Fixes to support building opensslextra with SP math
* CPP protection for extern references to x86_64 asm code
* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
* Documentation improvements with auto generation
* Fix reproducible-build for working an updated version of libtool, version 2.4.7
* Fixes for Diab C89 and armclang
* Fix `mcapi_test.c` to include the settings.h before crypto.h
* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
* Added DH_get_2048_256 to compatibility layer. ### Math Libraries
* wolfSSLeay_version now returns the version of wolfSSL * Add RSA/DH check for even modulus
* Added C++ exports for APIs in wolfssl/openssl/crypto.h. This allows * Enhance TFM math to handle more alloc failure cases gracefully
better compatibility when building with a C++ compiler. * SP ASM performance improvements mostly around AArch64
* Fix for OpenSSL x509_NAME_hash mismatch * SP ASM improvements for additional cache attack resistance
* Implement FIPS_mode and FIPS_mode_set in the compat layer. * Add RSA check for small difference between p and q
* Fix for certreq and certgen options with openssl compatibility * 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework * Testing and Validation
* Fix IV length bug in EVP AES-GCM code. * All shell scripts in source tree now tested for correctness using shellcheck and bash -n
* Add new ASN1_INTEGER compatibility functions. * Added build testing under gcc-12 and -std=c++17 and fixed warnings
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM * TLS 1.3 script test improvement to wait for server to write file
* Unit tests for ECC r/s zeroness handling
* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
## CMake Updates ### Misc.
* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
* Check for valid override values. * Modify example app to work with FreeRTOS+IoT
* Add `KEYGEN` option. * Ease of access for cert used for verifying a PKCS#7 bundle
* Cleanup help messages. * Clean up Visual Studio output and intermediate directories
* Add options to support wolfTPM. * With TLS 1.3 fail immediately if a server sends empty certificate message
* Enhance the benchmark application to support multi-threaded testing
## VisualStudio Updates * Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
* Remove deprecated VS solution * Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
* Fix VS unreachable code warning * Various portability improvements (Time, DTLS epoch size, IV alloc)
* Prefer status_request_v2 over status_request when both are present
## New Algorithms and Protocols * Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
* With SipHash replace gcc specific ASM instruction with generic
* AES-SIV (RFC 5297) * Don't force a ECC CA when a custom CA is passed with `-A`
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new * Add peer authentication failsafe for TLS 1.2 and below
real-time session keys * Improve parsing of UID from subject and issuer name with the compatibility layer by
* SipHash MAC/PRF for hash tables. Includes inline assembly for * Fallback to full TLS handshake if session ticket fails
x86_64 and Aarch64. * Internal refactoring of code to reduce ssl.c file size
## Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
If this adversely affects you or your customers, please get in cotact with the wolfSSL team. (support@wolfssl.com)
For additional vulnerability information visit the vulnerability page at: For additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/ https://www.wolfssl.com/docs/security-vulnerabilities/

4
configure.ac
View File

@ -7,7 +7,7 @@
# #
AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.]) AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_INIT([wolfssl],[5.2.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_INIT([wolfssl],[5.3.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
# The following sets CFLAGS to empty if unset on command line. We do not # The following sets CFLAGS to empty if unset on command line. We do not
@ -38,7 +38,7 @@ LT_INIT([disable-static win32-dll])
AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.]) AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.])
#shared library versioning #shared library versioning
WOLFSSL_LIBRARY_VERSION=32:0:0 WOLFSSL_LIBRARY_VERSION=33:0:0
# | | | # | | |
# +------+ | +---+ # +------+ | +---+
# | | | # | | |

BIN
wolfssl.rc
View File

Binary file not shown.

4
wolfssl/version.h
View File

@ -28,8 +28,8 @@
extern "C" { extern "C" {
#endif #endif
#define LIBWOLFSSL_VERSION_STRING "5.2.0" #define LIBWOLFSSL_VERSION_STRING "5.3.0"
#define LIBWOLFSSL_VERSION_HEX 0x05002000 #define LIBWOLFSSL_VERSION_HEX 0x05003000
#ifdef __cplusplus #ifdef __cplusplus
} }