head 1.7; access; symbols pkgsrc-2023Q2:1.6.0.2 pkgsrc-2023Q2-base:1.6 pkgsrc-2023Q1:1.5.0.4 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.5.0.2 pkgsrc-2022Q4-base:1.5 pkgsrc-2021Q3:1.3.0.2 pkgsrc-2021Q3-base:1.3 pkgsrc-2020Q2:1.1.0.4 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.2 pkgsrc-2020Q1-base:1.1; locks; strict; comment @# @; 1.7 date 2023.07.01.17.01.09; author fox; state dead; branches; next 1.6; commitid RmNOasbpZ3tLA7vE; 1.6 date 2023.03.30.07.33.53; author fox; state Exp; branches; next 1.5; commitid 9O2aodVQrGCCr7jE; 1.5 date 2022.10.01.11.47.10; author fox; state Exp; branches; next 1.4; commitid t6TlgSyCG63lD0WD; 1.4 date 2021.11.06.04.37.24; author fox; state dead; branches; next 1.3; commitid 2icSmU1mCr2xPGfD; 1.3 date 2021.07.15.04.39.32; author fox; state Exp; branches; next 1.2; commitid gRSDrzhdr5Brv21D; 1.2 date 2020.08.22.01.27.48; author fox; state dead; branches; next 1.1; commitid U6IbG4mEFNpnXZkC; 1.1 date 2020.02.03.23.04.09; author fox; state Exp; branches; next ; commitid Wwc0b6uiWp4DAhVB; desc @@ 1.7 log @security/wolfssl: Update to v5.6.3 Changes since v5.6.0: wolfSSL Release 5.6.3 (Jun 16, 2023) Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes: * Fix for setting the atomic macro options introduced in release 5.6.2. This issue affects GNU gcc autoconf builds. The fix resolves a potential mismatch of the generated macros defined in options.h file and the macros used when the wolfSSL library is compiled. In version 5.6.2 this mismatch could result in unstable runtime behavior. * Fix for invalid suffix error with Windows build using the macro GCM_TABLE_4BIT. * Improvements to Encrypted Memory support (WC_PROTECT_ENCRYPTED_MEM) implementations for modular exponentiation in SP math-all (sp_int.c) and TFM (tfm.c). * Improvements to SendAlert for getting output buffer. wolfSSL Release 5.6.2 (Jun 09, 2023) Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 Release 5.6.2 of wolfSSL embedded TLS has bug fixes and new features including: Vulnerabilities * [Low] In cases where a malicious agent could analyze cache timing at a very detailed level, information about the AES key used could be leaked during T/S Box lookups. One such case was shown on RISC-V hardware using the MicroWalk tool (https://github.com/microwalk-project/Microwalk). A hardened version of T/S Box lookups was added in wolfSSL to help mitigate this potential attack and is now on by default with RISC-V builds and can be enabled on other builds if desired by compiling wolfSSL with the macro WOLFSSL_AES_TOUCH_LINES. Thanks to Jan Wichelmann, Christopher Peredy, Florian Sieck, Anna Pätschke, Thomas Eisenbarth (University of Lübeck): MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6309 * [High] In previous versions of wolfSSL if a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing surreptitious access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. We recommend that TLS 1.3 client side users update the version of wolfSSL used. Thanks to Johannes from Sectra Communications and Linköping University for the report. Fixed in the following GitHub pull request https://github.com/wolfSSL/wolfssl/pull/6412 New Feature Additions New Ports and Expansions * Add support for STM32H5 * Add support for Renesas TSIP v1.17 * Add Renesas SCE RSA crypto-only support * STARCORE DSP port and example builds added * Add the function wc_PKCS7_SetDefaultSignedAttribs for setting PKCS7 signed attributes to use with PKCS7 bundle creation * NXP IMX6Q CAAM port with QNX and performance optimizations for AES-CTR New Build Options * ASN.1 print utility to decode ASN.1 syntax and print out human readable text --enable-asn-print. Utility app is located in the directory ./examples/asn1/ * Add introspection for math build, wc_GetMathInfo() to get information about the math library compiled into the linked wolfSSL library * Implement TLS recommendations from RFC 9325 for hardening TLS/DTLS security. Enabled with the autoconf flag --enable-harden-tls. * Add option to support disabling thread local storage, --disable-threadlocal * Added wc_DsaSign_ex() and wc_DsaVerify_ex() for handling alternative digest algorithms with DSA Sign/Verify * Implement atomic operations interface. Macros auto-detect if atomic operations are expected to be available, can be turned off with the macro WOLFSSL_NO_ATOMICS * Added support for DTLS 1.3 Authentication and Integrity-Only Cipher Suites * Expand crypto callback to have a device ID find callback function with wc_CryptoCb_SetDeviceFindCb. Enabled with the macro WOLF_CRYPTO_CB_FIND Enhancements and Optimizations Optimizations * Increased performance with ChaCha20 C implementation and general XOR operations * Added integer type to the ASN.1 sequencing with ASN.1 Integer sequence * With wolfSSL_get_x509_next_altname reset alt name list to head once cycled through if compiling with the macro WOLFSSL_MULTICIRCULATE_ALTNAMELIST * Additional key validity sanity checks on input to wolfSSL_EC_KEY_set_private_key * adds support for TLSv1.3 stateful session tickets when using SSL_OP_NO_TICKET Memory Optimizations * Improvements to stack usage and management with SP int math library * Optimization to TLS 1.3 server to remove caching messages for Ed25519/Ed448 * Added a HAVE_CURL macro build for building a subset of the wolfSSL library when linking with cURL * Memory usage improvement with reducing the size of alignment needed with AES * Reduce run time memory used with ECC operations and ALT_ECC_SIZE * Fixes and improvements for building edge cases such as crypto callback without hash-drbg with low footprint options * Support HAVE_SESSION_TICKET build option without depending on realloc Documentation * Instructions for GPDMA on STM32 configuration added * Add in instructions for compiling with zephyr on STM32 * Documentation fixup for wolfSSL_get_chain_cert() * Fix the file pointed to in the TI RTOS documentation that we maintain * Documentation for wolfSSL_CertManagerFreeCRL * Updates made to AES and Chacha documentation * Update Japanese comments for Ed25519, AES, and other miscellaneous items Tests * Add in an option for easily testing malloc failures when building with WOLFSSL_MEM_FAIL_COUNT macro * Updated in process for using Expect vs Assert to facilitate more malloc failure tests * Enhance wolfCrypt test for builds that do not have ECC SECP curves enabled * ESP32 platform-specific VisualGDB test & benchmark projects * Update to dependencies in docker container file used for tests * Fix up for base 10 output with bundled benchmark application Port Updates * Zephyr port update, compile time warning fixes, misc. fixes when used with TLS and update of includes * Update RIOT-OS to not compile out use of writev by default * Update Micrium port to enable use of STM32_RNG * Micrium updates for XMEMOVE and XSTRTOK use * Various Espressif HW crypto, SHA2, AES, MP updates * Added in ASIO build option with CMake builds General Enhancements * Global codebase cleanup for C89 compliance and wolfCrypt -Wconversion hygiene * PKCS#11 enhancement adding a callback for RSA key size when using a hardware key, by default 2048 bit key is used * Allow for unknown OIDs in extensions in wolfSSL_X509_set_ext() * Allow user to override XSTAT by defining the macro XSTAT when compiling * Support UPN and SID with x509 certificate extensions and custom OID build * Write next IV in wolfSSL_DES_ede3_cbc_encrypt for better handling of inline encryption * Adding NO_ASN_TIME_CHECK build option for compiling out certificate before/after checks * Improve different peer recvfrom handling and error reporting with ipv4 vs ipv6 Fixes * Fix for STM32 ECC sign and verify out of bounds buffer write when the hash length passed in is larger than the key size. Thanks to Maximilian for the report. * Fix to skip Async_DevCtxInit when using init rsa/ecc label/id api's * Revert WOLFSSL_NO_ASN_STRICT macro guard around alternate names directory list * In async mode, don't retry decrypting if a valid error is encountered on a packet parse attempt * Add additional sanity check on PKCS7 index value in wc_PKCS7_DecryptKekri * Fix for padding when using an AuthEnvelope PKCS7 type with GCM/CCM stream ciphers * Fix siphash assembly so that no register is left behind * Fix to not send a TLS 1.3 session ID resume response when resuming and downgrading to a protocol less than TLS 1.3 * Fix overwriting serialNumber by favouriteDrink when generating a certificate using Cert struct * Fix for the default realloc used with EspressIf builds * Track SetDigest usage to avoid invalid free under error conditions * DTLS v1.3 fix for epoch 0 check on plaintext message * Fix for session ticket memory leak in wolfSSL_Cleanup * Fixes for propagating SendAlert errors when the peer disconnects * Replace XMEMCPY with XMEMMOVE to fix valgrind-3.15.0 reports "Source and destination overlap in memcpy" when using --enable-aesgcm-stream * Fix for potential out-of-bounds write edge case in fp_mod_2d with --enable-fastmath math library * Fix getting ECC key size in stm32_ecc_sign_hash_ex * Fix for case where wc_PeekErrorNodeLineData was not unlocking error queue on error * Fix for async ECC shared secret state * Fix for better error checking with sp_gcd with SP int math library * Fix memory leak in TLSX_KeyShare_Setup when handling an error case * Fix for double free edge case in InitOCSPRequest when handling a memory allocation failure * X509 NAME Entry fix for leaking memory on error case * Fix wolfssl_asn1_time_to_tm setting unexpected fields in tm struct * Fix for FIPS ECC integrity check with crypto callback set * BN_to_ASN1_INTEGER fix for handling leading zero byte padding when needed * Fix a typo in PP macro and add a ceiling to guard against implementation bugs * DTLS 1.3 fix for using the correct label when deriving the resumption key * OCSP fix for GetDateInfo edge case with non ASN template builds * Allow a user set certificate callback function to override the skipAddCA flag when parsing a certificate * SP int: sp_radix_size when radix 10 fix temp size for handling edge case * Fixes and improvements for handling failures with memory allocations * Fix for DecodeECC_DSA_Sig to handle r and s being initialized * Fix for wc_ecc_is_point to ensure that the x and y are in range [0, p-1] and z is one (affine ordinates) Build Fixes * Fix for building on Windows with CMake and using USER_SETTINGS and fix for options.h creation with CMake when using USER_SETTINGS * CMake fixes and improvements for use with mingw32 * Fix for building with wpas and x509 small options * Check if colrm is available for options.h creation when using autoconf * Clean up NO_BIG_INT build, removing WOLFSSL_SP_MATH macro and heapmath compile * Fix PKCS#7 build with NO_PKCS7_STREAM * Fix compilation error in CC-RX and remove unnecessary public key import * SP Build fixes for ARM assembly with ARMv6 clz and ARM thumb debug build * For to not advertise support for RSA in TLS extensions when compiled with NO_RSA @ text @$NetBSD: patch-configure,v 1.6 2023/03/30 07:33:53 fox Exp $ Make the script portable. --- configure.orig 2023-03-26 08:15:14.887955152 +0000 +++ configure @@@@ -20935,7 +20935,7 @@@@ then then as_fn_error $? "You need to enable both DTLS and TLSv1.3 to use DTLSv1.3" "$LINENO" 5 fi - if test "x$ENABLED_SEND_HRR_COOKIE" == "xundefined" + if test "x$ENABLED_SEND_HRR_COOKIE" = "xundefined" then { $as_echo "$as_me:${as_lineno-$LINENO}: DTLSv1.3 is enabled, enabling HRR cookie" >&5 $as_echo "$as_me: DTLSv1.3 is enabled, enabling HRR cookie" >&6;} @ 1.6 log @security/wolfssl: Update to v5.6.0 Changes since v5.5.4: wolfSSL Release 5.6.0 (Mar 24, 2023) Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including: New Feature Additions * ASN template is now the default ASN parsing implementation when compiling with configure * Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption) * DTLS 1.3 stateless server ClientHello parsing support added Ports * Add RX64/RX71 SHA hardware support * Port to RT1170 and expand NXP CAAM driver support * Add NuttX integration files for ease of use * Updated Stunnel support for version 5.67 Compatibility Layer * Add in support for AES-CCM with EVP * BN compatibility API refactoring and separate API created * Expanding public key type cipher suite list strings support Misc. * Support pthread_rwlock and add enable option * Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options * Docker build additions for wolfSSL library and wolfCLU application * Add favorite drink pilot attribute type to get it from the encoding * Added in support for indefinite length BER parsing with PKCS12 * Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM Improvements / Optimizations Tests * Additional CI (continuous integration) testing and leveraging of GitHub workflows * Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows * Add compilation of Espressif to GitHub workflows tests * Refactoring and improving error results with wolfCrypt unit test application * Minor warning fixes from Coverity static analysis scan * Add new SHA-512/224 and SHA-512/256 tests * Used codespell and fixed some minor typos Ports * Improve TLS1.2 client authentication to use TSIP * Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32 * AES-GCM Windows assembly additions * CRLF line endings, trailing spaces for C# Wrapper Projects Compatibility Layer * Update PubKey and Key PEM-to-DER APIs to support return of needed DER size * Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey * Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates * Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs SP * In SP math library rework mod 3 and use count leading zero instruction * Fix with SP ECC sign to reject the random k generated when r is 0 * With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function * With SP int fail when buffer writing to is too small for number rather than discarding the extra values Builds * Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack * Fix CMake to exclude libm when DH is not enabled * Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product * Add option to add library suffix, --with-libsuffix * ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros * Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h * Purge the AES variant of Dilithium * Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key * Remove relocatable text in ARMv7a AES assembly for use with FIPS builds * Expand checking for hardware that supports ARMv7a neon with autotools configure * Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer * Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined Benchmarking * Update wolfCrypt benchmark Windows build files to support x64 Platform * Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes * Separate AES-GCM streaming runs when benchmarked * No longer call external implementation of Kyber from benchmark * Fix for benchmarking shake with custom block size * Fixes for benchmark help -alg list and block format Documentation/Examples * Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen * Move the wolfSSL Configuration section higher in QUIC.md * Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h * Espressif examples run with local wolfSSL now with no additional setup needed * Added a fix for StartTLS use In the example client * Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app Optimizations * AES-NI usage added for AES modes ECB/CTR/XTS Misc * Update AES-GCM stream decryption to allow long IVs * Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports * Cleanup function logging making adjustments to the debug log print outs * Remove realloc dependency in DtlsMsgCombineFragBuckets function * Refactor to use WOLFSSL_CTX’s cipher suite list when possible * Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function * With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS * Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER * Update AES XTS encrypt to handle in-place encryption properly * With TLS 1.3 add option to require only PSK with DHE Fixes Ports * Fix for AES use with CAAM on imx8qxp with SECO builds * Fix for PIC32 crypto HW and unused TLSX_SetResponse * Fix warning if ltime is unsigned seen with QNX build * Updates and fix for Zephyr project support * Include sys/time.h for WOLFSSL_RIOT_OS * Move X509_V errors from enums to defines for use with HAProxy CLI * Fix IAR compiler warnings resolved * Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1 * ESP32 fix for SHA384 init with hardware acceleration Builds * Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl * Fixes for building with C++17 and avoiding clashing with byte naming * Fixes SP math all build issue with small-stack and no hardening * Fix for building with ASN template with NO_ASN_TIME defined * Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined * Don't allow aesgcm-stream option with kcapi * Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems * Fix for "expression must have a constant value" in tls13.c with Green Hills compiler * Fixes for building KCAPI with opensslextra enabled * Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler * Fix issue with async and WOLFSSL_CHECK_ALERT_ON_ERR * Fix for PKCS7 with asynchronous crypto enabled Math Library * SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce * In SP builds add sanity check with DH exp. to check the output length for minimum size * In SP math fix scalar length check with EC scalar multiply * With SP int fix handling negative character properly with read radix * Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct * Fix to add sanity check for malloc of zero size in fastmath builds * In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check * Heapmath fast mod. reduce fix Compatibility Layer * Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information * Fix for EVP_EncryptUpdate to update outl on empty input * Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility * Rework EC API and validate point after setting it * Fix for X509 RSA PSS with compatibility layer functions * Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing * Added sanity check on key length with wolfSSL_CMAC_Init function * Fix for return value type conversion of bad mutex error in logging function * Fix NID conflict NID_givenName and NID_md5WithRSAEncryption * Fix unguarded XFPRINTF calls with opensslextra build * Fix wolfSSL_ASN1_INTEGER_to_BN for negative values * Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails Misc. * Add sanity check to prevent an out of bounds read with OCSP response decoding * Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax * Adjust RNG sanity checks and remove error prone first byte comparison * With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer * PKCS7 addition of sequence around algo parameters with authenvelop * DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init * Fix for SRTP setting bitfield when it is encoded for the TLS extension * Fix for handling small http headers when doing CRL verification * Fix for ECCSI hash function to validate the output size and curve size * Fix for value of givenName and name being reversed with CSR generation * Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification * Fix for a potential memory leak with ProcessCSR when handling OCSP responses * Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set * Fix for zlib decompression buffer issue with PKCS7 * Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence * Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket() * Fix for handling long session IDs with TLS 1.3 session tickets * Fix for AES-GCM streaming when caching an IV * Fix for test case with older selftest that returns bad padding instead of salt len error * Add fix for siphash cache and added in additional tests * Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds * Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3 * Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.5 2022/10/01 11:47:10 fox Exp $ @ 1.5 log @security/wolfssl: Update to v5.5.1 Changes since v5.5.0: wolfSSL Release 5.5.1 (Sep 28, 2022) Latest Vulnerabilities * [Med] Denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. New Feature Additions * Add support for non-blocking ECC key gen and shared secret gen for P-256/384/521 * Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer. * Port to NXP RT685 with FreeRTOS * Add option to build post quantum Kyber API (--enable-kyber) * Add post quantum algorithm sphincs to wolfCrypt * Config. option to force no asm with SP build (--enable-sp=noasm) * Allow post quantum keyshare for DTLS 1.3 Enhancements * DTLSv1.3: Do HRR Cookie exchange by default * Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API * Update ide win10 build files to add missing sp source files * Improve Workbench docs * Improve EVP support for CHACHA20_POLY1305 * Improve wc_SetCustomExtension documentation * RSA-PSS with OCSP and add simple OCSP response DER verify test case * Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h * Don't over-allocate memory for DTLS fragments * Add WOLFSSL_ATECC_TFLXTLS for Atmel port * SHA-3 performance improvements with x86_64 assembly * Add code to fallback to S/W if TSIP cannot handle * Improves entropy with VxWorks * Make time in milliseconds 64-bits for longer session ticket lives * Support for setting cipher list with bytes * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements * Add to RSAES-OAEP key parsing for pkcs7 * Add missing DN nid to work with PrintName() * SP int: default to 16 bit word size when NO_64BIT defined * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached * Detect when certificate's RSA public key size is too big and fail on loading of certificate Fixes * Fix for async with OCSP non-blocking in ProcessPeerCerts * Fixes for building with 32-bit and socket size sign/unsigned mismatch * Fix Windows CMakeList compiler options * TLS 1.3 Middle-Box compat: fix missing brace * Configuration consistency fixes for RSA keys and way to force disable of private keys * Fix for Aarch64 Mac M1 SP use * Fix build errors and warnings for MSVC with DTLS 1.3 * Fix HMAC compat layer function for SHA-1 * Fix DTLS 1.3 do not negotiate ConnectionID in HelloRetryRequest * Check return from call to wc_Time * SP math: fix build configuration with opensslall * Fix for async session tickets * SP int mp_init_size fixes when SP_WORD_SIZE == 8 * Ed. function to make public key now checks for if the private key flag is set * Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash * Fix for building with PSK only * Set correct types in wolfSSL_sk_*_new functions * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- configure.orig 2022-10-01 11:35:36.891958063 +0000 d7 1 a7 1 @@@@ -21777,7 +21777,7 @@@@ then d14 2 a15 2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: DTLSv1.3 is enabled, enabling HRR cookie" >&5 printf "%s\n" "$as_me: DTLSv1.3 is enabled, enabling HRR cookie" >&6;} @ 1.4 log @security/wolfssl: Update to v5.0.0 Changes since v4.8.1: wolfSSL Release 5.0.0 (Nov 01, 2021) Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including: Vulnerabilities * [\Low] Hang with DSA signature creation when a specific q value is used in a maliciously crafted key. If a DSA key with an invalid q value of either 1 or 0 was decoded and used for creating a signature, it would result in a hang in wolfSSL. Users that are creating signatures with DSA and are using keys supplied from an outside source are affected. * [\Low] Issue with incorrectly validating a certificate that has multiple subject alternative names when given a name constraint. In the case where more than one subject alternative name is used in the certificate, previous versions of wolfSSL could incorrectly validate the certificate. Users verifying certificates with multiple alternative names and name constraints, are recommended to either use the certificate verify callback to check for this case or update the version of wolfSSL used. Thanks to Luiz Angelo Daros de Luca for the report. New Feature Additions New Product * FIPS 140-3 -- currently undergoing laboratory testing, code review and ultimately CMVP validation. Targeting the latest FIPS standard. Ports * IoT-Safe with TLS demo * SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519 * Support for Renesas TSIP v1.13 on RX72N Post Quantum * Support for OQS's (liboqs version 0.7.0) implementation of NIST Round 3 KEMs as TLS 1.3 groups --with-liboqs * Hybridizing NIST ECC groups with the OQS groups * Remove legacy NTRU and QSH * Make quantum-safe groups available to the compatibility layer Linux Kernel Module * Full support for FIPS 140-3, with in-kernel power on self test (POST) and conditional algorithm self test(s) (CAST) * --enable-linuxkm-pie -- position-independent in-kernel wolfCrypt container, for FIPS * Vectorized x86 acceleration in PK algs (RSA, ECC, DH, DSA) and AES/AES-GCM * Vectorized x86 acceleration in interrupt handlers * Support for Linux-native module signatures * Complete SSL/TLS and Crypto API callable from other kernel module(s) * Support for LTS kernel lines: 3.16, 4.4, 4.9, 5.4, 5.10 Compatibility Layer Additions * Ports * Add support for libssh2 * Add support for pyOpenSSL * Add support for libimobiledevice * Add support for rsyslog * Add support for OpenSSH 8.5p1 * Add support for Python 3.8.5 * API/Structs Added * ERR_lib_error_string * EVP_blake2 * wolfSSL_set_client_CA_list * wolfSSL_EVP_sha512_224 * wolfSSL_EVP_sha512_256 * wc_Sha512_224/2256Hash * wc_Sha512_224/256Hash * wc_InitSha512_224/256 * wc_InitSha512_224/256_ex * wc_Sha512_224/256Update * wc_Sha512_224/256FinalRaw * wc_Sha512_224/256Final * wc_Sha512_224/256Free * wc_Sha512_224/256GetHash * wc_Sha512_224/256Copy * wc_Sha512_224/256SetFlags * wc_Sha512_224/256GetFlags * wc_Sha512_224/256Transform * EVP_MD_do_all and OBJ_NAME_do_all * EVP_shake128 * EVP_shake256 * SSL_CTX_set_num_tickets * SSL_CTX_get_num_tickets * SSL_CIPHER_get_auth_nid * SSL_CIPHER_get_cipher_nid * SSL_CIPHER_get_digest_nid * SSL_CIPHER_get_kx_nid * SSL_CIPHER_is_aead * SSL_CTX_set_msg_callback * a2i_IPADDRESS * GENERAL_NAME_print * X509_VERIFY_PARAM_set1_ip * EVP_CIPHER_CTX_set_iv_length * PEM_read_bio_RSA_PUBKEY * i2t_ASN1_OBJECT * DH_set_length * Set_tlsext_max_fragment_length * AUTHORITY_iNFO_ACCESS_free * EVP_PBE_scrypt * ASN1_R_HEADER_TOO_LONG * ERR_LIB * X509_get_default_cert_file/file_env/dir/dir_env() stubs * SSL_get_read_ahead/SSL_set_read_ahead() * SSL_SESSION_has_ticket() * SSL_SESSION_get_ticket_lifetime_hint() * DIST_POINT_new * DIST_POINT_free * DIST_POINTS_free * CRL_DIST_POINTS_free * sk_DIST_POINT_push * sk_DIST_POINT_value * sk_DIST_POINT_num * sk_DIST_POINT_pop_free * sk_DIST_POINT_free * X509_get_extension_flags * X509_get_key_usage * X509_get_extended_key_usage * ASN1_TIME_to_tm * ASN1_TIME_diff * PEM_read_X509_REQ * ERR_load_ERR_strings * BIO_ssl_shutdown * BIO_get_ssl * BIO_new_ssl_connect * BIO_set_conn_hostname * NID_pkcs9_contentType Misc. * KCAPI: add support for using libkcapi for crypto (Linux Kernel) * Configure option for --with-max-rsa-bits= and --with-max-ecc-bits= * SP ARM Thumb support for Keil and performance improvements * Add support for WOLFSSL_VERIFY_POST_HANDSHAKE verify mode * PKCS #11: support static linking with PKCS #11 library --enable-pkcs11=static LIBS=-l * Add build option --enable-wolfclu for use with wolfCLU product * Add support for X9.42 header i.e “BEGIN X9.42 DH PARAMETERS” * Add --enable-altcertchains for configuring wolfSSL with alternate certificate chains feature enabled * Add public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e) * Add SNI and TLSx options to CMake build Fixes PORT Fixes * Add return value checking for FREESCALE_RNGA * Fix MMCAU_SHA256 type warnings * Fixes for building with Microchip XC32 and ATECC Math Library Fixes * TFM check that the modulus length is valid for fixed data array size * TFM fp_submod_ct fix check for greater * Check return value of mp_grow in mp_mod_2d * Fix for ECC point multiply to error out on large multipliers * SP ECC error on multiplier larger than curve order TLS 1.3 * TLS1.3 sanity check for cases where a private key is larger than the configured maximum * Fix early data max size handling in TLS v1.3 * Fixes for PK callbacks with TLS v1.3 * Check min downgrade when no extensions are sent with the ServerHello Misc. * Previously wolfSSL enum values were used as NID’s. Now only the compatibility layer NID enums are the NID values: * CTC_SHAwDSA -> NID_dsaWithSHA1 * CTC_SHA256wDSA -> NID_dsa_with_SHA256 * CTC_MD2wRSA -> NID_md2WithRSAEncryption * CTC_MD5wRSA -> NID_md5WithRSAEncryption * CTC_SHAwRSA -> NID_sha1WithRSAEncryption * CTC_SHA224wRSA -> NID_sha224WithRSAEncryption * CTC_SHA256wRSA -> NID_sha256WithRSAEncryption * CTC_SHA384wRSA -> NID_sha384WithRSAEncryption * CTC_SHA512wRSA -> NID_sha512WithRSAEncryption * CTC_SHA3_224wRSA -> NID_RSA_SHA3_224 * CTC_SHA3_256wRSA -> NID_RSA_SHA3_256 * CTC_SHA3_384wRSA -> NID_RSA_SHA3_384 * CTC_SHA3_512wRSA -> NID_RSA_SHA3_512 * CTC_SHAwECDSA -> NID_ecdsa_with_SHA1 * CTC_SHA224wECDSA -> NID_ecdsa_with_SHA224 * CTC_SHA256wECDSA -> NID_ecdsa_with_SHA256 * CTC_SHA384wECDSA -> NID_ecdsa_with_SHA384 * CTC_SHA512wECDSA -> NID_ecdsa_with_SHA512 * CTC_SHA3_224wECDSA -> NID_ecdsa_with_SHA3_224 * CTC_SHA3_256wECDSA -> NID_ecdsa_with_SHA3_256 * CTC_SHA3_384wECDSA -> NID_ecdsa_with_SHA3_384 * CTC_SHA3_512wECDSA -> NID_ecdsa_with_SHA3_512 * DSAk -> NID_dsa * RSAk -> NID_rsaEncryption * ECDSAk -> NID_X9_62_id_ecPublicKey * BASIC_CA_OID -> NID_basic_constraints * ALT_NAMES_OID -> NID_subject_alt_name * CRL_DIST_OID -> NID_crl_distribution_points * AUTH_INFO_OID -> NID_info_access * AUTH_KEY_OID -> NID_authority_key_identifier * SUBJ_KEY_OID -> NID_subject_key_identifier * INHIBIT_ANY_OID -> NID_inhibit_any_policy * Fix for DES IV size used with FIPSv2 * Fix signed comparison issue with serialSz * Fix missing CBIOSend and properly guard hmac in DupSSL() * Fix calculation of length of encoding in ssl.c * Fix encoding to check proper length in asn.c * Fix for wc_ecc_ctx_free and heap hint * Fix for debug messages with AF_ALG build * Fix for static memory with bucket size matching. * Fixes for SRP with heap hint. * Fixes for CAAM build macros and spelling for Keil build * Sniffer fix for possible math issue around 64-bit pointer and 32-bit unsigned int * Fix for sniffer TCP sequence rollover * wolfSSL_PEM_write_bio_PUBKEY to write only the public part * Fix for sending only supported groups in TLS extension * Fix for sniffer to better handle spurious retransmission edge case * SSL_set_alpn_protos and SSL_CTX_set_alpn_protos now returns 0 on successFixes issue with SSL_CTX_set1_curves_list and SSL_set1_curves_list not checking the last character of the names variable provided, non-0 on failure to better match expected return values * Fixes and improvements for crypto callbacks with TLS (mutual auth) * Fix for bad memory_mutex lock on static memory cleanup * Zero terminate name constraints strings when parsing certificates * Fix for verifying a certificate when multiple permitted name constraints are used * Fix typo in ifdef for HAVE_ED448 * Fix typos in comments in SHA512 * Add sanity check on buffer size with ED25519 key decode * Sanity check on PKCS7 stream amount read * PKCS7 fix for double free on error case and sanity check on set serial number * Sanity check on PKCS7 input size wc_PKCS7_ParseSignerInfo * Forgive a DTLS session trying to send too much at once Improvements/Optimizations Build Options and Warnings * Rework of RC4 disable by default and depreciation * wolfSSL as a Zephyr module (without setup.sh) * Add include config.h to bio.c * Support for PKCS7 without AES CBC. * Fixes for building without AES CBC * Added WOLFSSL_DH_EXTRA to --enable-all and --enable-sniffer * Add a CMake option to build wolfcrypt test and bench code as libraries * GCC makefile: allow overriding and provide more flexibility Math Libraries * Improve performance of fp_submod_ct() and fp_addmod_ct() * Improve performance of sp_submod_ct() and sp_addmod_ct() * SP int, handle even modulus with exponentiation Misc. * Cleanups for Arduino examples and memory documentation * Refactor hex char to byte conversions * Added GCC-ARM TLS server example * Improvements to session locking to allow per-row * Improved sniffer statistics and documentation * EVP key support for heap hint and crypto callbacks * Reduced stack size for dh_generation_test and Curve ASN functions * Espressif README Syntax / keyword highlighting / clarifications * AARCH64 SHA512: implementation using crypto instructions added * wc_RsaPSS_CheckPadding_ex2 added for use with HEAP hint * wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex bound checks on input and output sizes * Add additional error handling to wolfSSL_BIO_get_len * Add code to use popen and the command 'host', useful with qemu * Adjustment to subject alt names order with compatibility layer to better match expected order * Reduce BIO compatibility layer verbosity * Set a default upper bound on error queue size with compatibility layer * WOLFSSL_CRL_ALLOW_MISSING_CDP macro for Skip CRL verification in case no CDP in peer cert * Fixes for scan-build LLVM-13 and expanded coverage * Increase the default DTLS_MTU_ADDITIONAL_READ_BUFFER and make it adjustable @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2021/07/15 04:39:32 fox Exp $ d5 1 a5 1 --- configure.orig 2021-07-14 09:15:23.305160342 +0000 d7 9 a15 18 @@@@ -15487,7 +15487,7 @@@@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT" fi - if test "$ENABLED_FIPS" == "no" + if test "$ENABLED_FIPS" = "no" then test "$enable_xchacha" = "" && enable_xchacha=yes test "$enable_ed25519" = "" && enable_ed25519=yes @@@@ -23716,7 +23716,7 @@@@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY" fi -if test "x$ENABLED_MEMTEST" == "xfail" +if test "x$ENABLED_MEMTEST" = "xfail" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FORCE_MALLOC_FAIL_TEST" fi @ 1.3 log @security/wolfssl: Updates to v4.8.0 Changes since v4.7.0: wolfSSL Release 4.8.0 (July 09, 2021) Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including: Vulnerabilities * [Low] OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer, Roee, Barak, Hila and Shoshi (from Cymotive and CARIAD) for the report. * [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. New Feature Additions New Product * Added wolfSentry build with --enable-wolfsentry and tie-ins to wolfSSL code for use with wolfSentry Ports * QNX CAAM driver added, supporting ECC black keys, CMAC, BLOBs, and TRNG use * _WIN32_WCE wolfCrypt port added * INTIME_RTOS directory support added * Added support for STM32G0 * Renesas RX: Added intrinsics for rot[rl], revl (thanks @@rliebscher) * Added support for running wolfcrypt/test/testwolfcrypt on Dolphin emulator to test DEVKITPRO port * Zephyr project port updated to latest version 2.6.X ASN1 and PKCS * Storing policy constraint extension from certificate added * Added support for NID_favouriteDrink pilot * Added the API function wc_EncryptPKCS8Key to handle encrypting a DER, PKCS#8-formatted key Compatibility Layer Additions * Open Source PORTS Added/Updated * OpenVPN * OpenLDAP * socat-1.7.4.1 * Updated QT port for 5.15.2 * Changes to extend set_cipher_list() compatibility layer API to have set_ciphersuites compatibility layer API capability * Added more support for SHA3 in the EVP layer * API Added * MD5/MD5_Transform * SHA/SHA_Transform/SHA1_Transform * SHA224/SHA256_Transform/SHA512_Transform * SSL_CTX_get0_param/SSL_CTX_set1_param * X509_load_crl_file * SSL_CTX_get_min_proto_version * EVP_ENCODE_CTX_new * EVP_ENCODE_CTX_free * EVP_EncodeInit * EVP_EncodeUpdate * EVP_EncodeFinal * EVP_DecodeInit * EVP_DecodeUpdate * EVP_DecodeFinal * EVP_PKEY_print_public * BIO_tell * THREADID_current * THREADID_hash * SSL_CTX_set_ecdh_auto * RAND_set_rand_method() * X509_LOOKUP_ctrl() * RSA_bits * EC_curve_nist2nid * EC_KEY_set_group * SSL_SESSION_set_cipher * SSL_set_psk_use_session_callback * EVP_PKEY_param_check * DH_get0_pqg * CRYPTO_get_ex_new_index * SSL_SESSION_is_resumable * SSL_CONF_cmd * SSL_CONF_CTX_finish * SSL_CTX_keylog_cb_func * SSL_CTX_set_keylog_callback * SSL_CTX_get_keylog_callback Misc. * Added wolfSSL_CTX_get_TicketEncCtx getter function to return the ticket encryption ctx value * Added wc_AesKeyWrap_ex and wc_AesKeyUnWrap_ex APIs to accept an Aes object to use for the AES operations * Added implementation of AES-GCM streaming (--enable-aesgcm-stream) * Added deterministic generation of k with ECC following RFC6979 when the macro WOLFSL_ECDSA_DETERMINISTIC_K is defined and wc_ecc_set_deterministic function is called * Implemented wc_DsaParamsDecode and wc_DsaKeyToParamsDer * Asynchronous support for TLS v1.3 TLSX ECC/DH key generation and key agreement * Added crypto callback support for Ed/Curve25519 and SHA2-512/384 * TLS 1.3 OPwolfSSL_key_update_response function added to see if a update response is needed Fixes * Fix for detecting extra unused bytes that are in an ASN1 sequence appended to the end of a valid ECC signature * Fix for keyid with ktri CMS (breaks compatibility with previous keyid ASN1 syntax) * Fix for failed handshake if a client offers more than 150 cipher suites. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University * Fix for default order of deprecated elliptic curves SECP224R1, SECP192R1, SECP160R1. Thanks to Marcel Maehren, Philipp Nieting, Robert Merget from Ruhr University Bochum Sven Hebrok, Juraj Somorovsky from Paderborn University * Fix for corner TLS downgrade case where a TLS 1.3 setup that allows for downgrades but has TLS 1.3 set as the minimum version would still downgrade to TLS 1.2 PKCS7 (Multiple fixes throughout regarding memory leaks with SMIME and heap buffer overflows due to streaming functionality) * Fix PKCS7 dynamic content save/restore in PKCS7_VerifySignedData * Fix for heap buffer overflow on compare with wc_PKCS7_DecryptKtri * Fix for heap buffer overflow with wc_PKCS7_VerifySignedData * Fix for heap buffer overflow with wc_PKCS7_DecodeEnvelopedData * Check size of public key used with certificate passed into wc_PKCS7_InitWithCert before XMEMCPY to avoid overflow * Fix for heap buffer overflow fix for wolfSSL_SMIME_read_PKCS7 * Fix to cleanly free memory in error state with wolfSSL_SMIME_read_PKCS7 * SMIME error checking improvements and canonicalize multi-part messages before hashing DTLS Fixes * DTLS fix to correctly move the Tx sequence number forward * DTLS fix for sequence and epoch number with secure renegotiation cookie exchange * Fix for Chacha-Poly AEAD for DTLS 1.2 with secure renegotiation PORT Fixes * Fix AES, aligned key for the HW module with DCP port * Fix ATECC608A TNGTLS certificate size issue (thanks @@vppillai) * Fixes for mingw compile warnings * Fixes for NXP LTC ECC/RSA * Fix ESP32 RSA hw accelerator initialization issue * Fixes for STM32 PKA with ECC * Fixes for STM32 AES GCM for HAL's that support byte sized headers * Espressif ESP32 SHA_CTX macro conflict resolved Math Library Fixes * For platforms that support limits.h or windows make sure both SIZEOF_LONG_LONG and SIZEOF_LONG are set to avoid issues with CTC_SETTINGS * SP C 32/64: fix corner cases around subtraction affecting RSA PSS use * Fix to return the error code from sp_cond_swap_ct when malloc fails * Fix potential memory leak with small stack in the function fp_gcd * Static Analysis Fixes * Fixes made from Coverity analysis including: * Cleanups for some return values, * Fix for leak with wolfSSL_a2i_ASN1_INTEGER * Sanity check on length in wolfSSL_BN_rand * Sanity check size in TLSX_Parse catching a possible integer overflow * Fixes found with -fsanitize=undefined testing * Fix null dereferences or undefined memcpy calls * Fix alignment in myCryptoDevCb * Fix default DTLS context assignment * Added align configure option to force data alignment Misc. * Fix for wolfSSL_ASN1_TIME_adj set length * Fix for freeing structure on error case in the function AddTrustedPeer * Return value of SSL_read when called after bidirectional shutdown * Fix for build options ./configure --enable-dtls --disable-asn * FIx for detection of a salt length from an RSA PSS signature * Fix to free up globalRNGMutex mutex when cleaning up global RNG * Fix leak when multiple hardware names are in SAN * Fix nonblocking ret value from CRL I/O callbacks * Fix wolfSSL_BIO_free_all return type to better match for compatibility layer * Fix for make distcheck, maintainer-clean, to allow distribution builds * Fix for async with fragmented packets * Fix for the build or RSA verify or public only * Fix for return value of wolfSSL_BIO_set_ssl to better match expected compatibility layer return value * Fix for sanity checks on size of issuer hash and key along with better freeing on error cases with DecodeBasicOcspResponse * Fix for potential memory leak with wolfSSL_OCSP_cert_to_id Improvements/Optimizations DTLS/TLS Code Base * Improved TLS v1.3 time rollover support * TLS 1.3 PSK: use the hash algorithm to choose cipher suite * TLS Extended Master Secret ext: TLS13 - send in second Client Hello if in first * TLS Encrypt then MAC: check all padding bytes are the same value * wolfSSL_GetMaxRecordSize updated to now take additional cipher data into account * Updated session export/import with DTLS to handle a new internal options flag * Refactored dtls_expected_peer_handshake_number handling * Added wolfSSL_CTX_get_ephemeral_key and wolfSSL_get_ephemeral_key for loading a constant key in place of an ephemeral one * Improved checking of XSNPRINTF return value in DecodePolicyOID Build Options and Warnings * Added wolfSSL_CTX_set_verify to the ABI list * Adjusted FP_ECC build to not allow SECP160R1, SECP160R2, SECP160K1 and SECP224K1. FP_ECC does not work with scalars that are the length of the order when the order is longer than the prime. * Added CMake support for CURVE25519, ED25519, CURVE448, and ED448 * cmake addition to test paths when building * Added support for session tickets in CMake * Added support for reproducible builds with CMake * Turn on reproducible-build by default when enable-distro * Windows Project: Include the X448 and Ed448 files * GCC-11 compile time warning fixes * Fix for compiling build of ./configure '--disable-tlsv12' '-enable-pkcallbacks' * Added build error for insecure build combination of secure renegotiation enabled with extended master secret disabled when session resumption is enabled * Updated building and running with Apple M1 * Apache httpd build without TLS 1.3 macro guard added * Enable SHA3 and SHAKE256 requirements automatically when ED448 is enabled * Added option for AES CBC cipher routines to return BAD_LENGTH_E when called with an input buffer length not a multiple of AES_BLOCK_SIZE * Macro WOLFSSL_SP_INT_DIGIT_ALIGN added for alignment on buffers with SP build. This was needed for compiler building on a Renesas board. * Build support with no hashes enabled an no RNG compiled in * Allow use of FREESCALE hardware RNG without a specific port * Resolved some warnings with Windows builds and PBKDF disabled * Updated the version of autoconf and automake along with fixes for some new GCC-10 warnings Math Libraries * SP: Thumb implementation that works with clang * SP math all: sp_cmp handling of negative values * SP C ECC: mont sub - always normalize after sub before check for add * TFM math library prime checking, added more error checks with small stack build * Sanity checks on 0 value with GCD math function * fp_exptmod_ct error checking and small stack variable free on error * Sanity check on supported digit size when calling mp_add_d in non fastmath builds * Support for mp_dump with SP Math ALL * WOLFSSL_SP_NO_MALLOC for both the normal SP build and small SP build now * WOLFSSL_SP_NO_DYN_STACK added for SP small code that is not small stack build to avoid dynamic stack PKCS 7/8 * wc_PKCS7_DecodeCompressedData to optionally handle a packet without content wrapping * Added setting of content type parsed with PKCS7 wc_PKCS7_DecodeAuthEnvelopedData and wc_PKCS7_DecodeEnvelopedData * PKCS8 code improvements and refactoring Misc. * Sanity checks on null inputs to the functions wolfSSL_X509_get_serialNumber and wolfSSL_X509_NAME_print_ex * Added ARM CryptoCell support for importing public key with wc_ecc_import_x963_ex() * Improved checking for possible use of key->dp == NULL cases with ECC functions * Updated SHAKE256 to compile with NIST FIPS 202 standard and added support for OID values (thanks to strongX509) * Improved ECC operations when using WOLFSSL_NO_MALLOC * Added WOLFSSL_SNIFFER_FATAL_ERROR for an return value when sniffer is in a fatal state * Allow parsing spaces in Base64_SkipNewline * Issue callback when exceeding depth limit rather than error out with OPENSSL_EXTRA build * Added NXP LTC RSA key generation acceleration For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/ See INSTALL file for build instructions. More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @security/wolfssl: Updates to v4.5.0 Changes since v4.4.0: wolfSSL Release 4.5.0 (August 19, 2020) If you have questions about this release, feel free to contact us on our info@@ address. Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including: New Feature Additions * Added Xilinx Vitis 2019.2 example and README updates * TLS v1.3 is now enabled by default * Building FIPS 140-2 code and test on Solaris * Secure renegotiation with DTLS 1.2 * Update RSA calls for hardware acceleration with Xilsecure * Additional OpenSSL compatibility layer functions added * Cypress PSoC6 wolfCrypt driver added * Added STM32CubeIDE support * Added certificate parsing and inspection to C# wrapper layer * TLS v1.3 sniffer support added * TSIP v1.09 for target board GR-ROSE support added * Added support for the "X72N Envision Kit" evaluation board * Support for ECC nonblocking using the configure options "--enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS=-DWOLFSSL_PUBLIC_MP" * Added wc_curve25519_make_pub function to generate a public key given the private one Fixes * PIC32MZ hardware cache and large hashes fix * AES-GCM use with EVP layer in compatibility layer code * Fix for RSA_LOW_MEM with ARM build of SP code * Sanity check on tag length with AES-CCM to conform with RFC 3610 * Fixes for 32 and 64 bit software implementations of SP code when WOLFSSL_SP_CACHE_RESISTANT is defined * GCC warning fixes for GCC 9 and later * Sanity check on HKDF expand length to conform with RFC 5869 * Fixes for STM32 CubeMX HAL with AES-GCM * Fixed point cache look up table (LUT) implementation fixes * Fix for ARM 32bit SP code when calling div word * Fix for potential out of bounds read when parsing CRLs * Fix for potential out of bounds read with RSA unpadding * AES-CCM optimized counter fix * Updates to Xcode projects for new files and features * Fix for adding CRL’s to a WOLFSSL_X509_STORE structure * FIPSv2 build with opensslall build fixes * Fixes for CryptoCell use with ECC and signature wrappers * Fix for mod calculation with SP code dealing with 3072 bit keys * Fix for handling certificates with multiple OU’s in name * Fix for SP math implementation of sp_add_d and add a sanity check on rshb range * Fix for sanity check on padding with DES3 conversion of PEM to DER * Sanity check for potential out of bounds read with fp_read_radix_16 * Additional checking of ECC scalars. * Fixing the FIPS Ready build w.r.t. ecc.c. * When processing certificate names with OpenSSL compatibility layer enabled, unknown name item types were getting handled as having NID 0, and failing. Added a couple more items to what is handled correctly, and ignoring anything that is an unknown type. Improvements/Optimizations * TLS 1.3 certificate verify update to handle 8192 bit RSA keys * wpa_supplicant support with reduced code size option * TLS 1.3 alerts encrypted when possible * Many minor coverity fixes added * Error checking when parsing PKCS12 DER * IAR warning in test.c resolved * ATECC608A improvements for use with Harmony 3 and PIC32 MZ * Support for AES-GCM and wc_SignatureVerifyHash with static memory and no malloc’s * Enable SNI by default with JNI/JSSE builds * NetBSD GCC compiler warnings resolved * Additional test cases and code coverage added including curve25519 and curve448 tests * Option for user defined mutexes with WOLFSSL_USER_MUTEX * Sniffer API’s for loading buffer directly * Fixes and improvements from going through the DO-178 process were added * Doxygen updates and fixes for auto documentation generation * Changed the configure option for FIPS Ready builds to be `--enable-fips=ready`. This release of wolfSSL includes fixes for 6 security vulnerabilities. wolfSSL version 4.5.0 contains 6 vulnerability fixes: 2 fixes for TLS 1.3, 2 side channel attack mitigations, 1 fix for a potential private key leak in a specific use case, 1 fix for DTLS. * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. Malicious attackers with a privileged network position can impersonate TLS 1.3 servers and bypass authentication. Users that have applications with client side code and have TLS 1.3 turned on, should update to the latest version of wolfSSL. Users that do not have TLS 1.3 turned on, or that are server side only, are NOT affected by this report. Thanks to Gerald Doussot from NCC group for the report. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. This denial of service results from the relatively low effort of sending a ChangeCipherSpecs message versus the effort of the server to process that message. Users with TLS 1.3 servers are recommended to update to the most recent version of wolfSSL which limits the number of TLS 1.3 ChangeCipherSpecs that can be received in order to avoid this DoS attack. CVE-2020-12457 was reserved for the report. Thanks to Lenny Wang of Tencent Security Xuanwu LAB. * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). Users that have a system where malicious agents could execute code on the system, are not using the SP build with wolfSSL, and are doing private key operations on the system (such as signing with a private key) are recommended to regenerate private keys and update to the most recent version of wolfSSL. CVE-2020-15309 is reserved for this issue. Thanks to Ida Bruhns from Universität zu Lübeck for the report. * When using SGX with EC scalar multiplication the possibility of side-channel attacks are present. To mitigate the risk of side channel attacks wolfSSL’s single precision EC operations should be used instead. Release 4.5.0 turns this on be default now with SGX builds and in previous versions of wolfSSL this can be turned on by using the WOLFSSL_SP macros. Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and Billy Bob Brumley from the Network and Information Security Group (NISEC) at Tampere University for the report. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. This is due to the misclassification of certificate type versus private key type when parsing through the PEM file. To be affected, wolfSSL would need to have been built with OPENSSL_EXTRA (--enable-opensslextra). Some build variants such as --enable-all and --enable-opensslall also turn on this code path, checking wolfssl/options.h for OPENSSL_EXTRA will show if the macro was used with the build. If having built with the opensslextra enable option and having placed PEM certificates with PEM private keys in the same file when loading up the certificate file, then we recommend updating wolfSSL for this use case and also recommend regenerating any private keys in the file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Fixed by dropping received application_data messages in epoch 0. Thank you to Paul Fiterau of Uppsala University and Robert Merget of Ruhr-University Bochum for the report. For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/ See INSTALL file for build instructions. More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2020/02/03 23:04:09 fox Exp $ d3 1 a3 1 Make the scripts portable. d5 1 a5 1 --- configure.orig 2019-12-20 19:59:37.000000000 +0000 d7 11 a17 2 @@@@ -19214,7 +19214,7 @@@@ then ENABLED_ENCRYPT_THEN_MAC=yes d20 4 a23 3 -if test "x$ENABLED_SNIFFER" == "xyes"; then : +if test "x$ENABLED_SNIFFER" = "xyes"; then : ENABLED_ENCRYPT_THEN_MAC="no" a24 10 @@@@ -19951,7 +19951,7 @@@@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - if test "x$BUILD_INTEL_QAT_VERSION" == "x1"; then : + if test "x$BUILD_INTEL_QAT_VERSION" = "x1"; then : LIB_ADD="-ladf_proxy -losal -lrt $LIB_ADD" else LIB_ADD="-losal -lrt $LIB_ADD" @ 1.1 log @Import of wolfssl v4.3.0 as security/woflssl WolfSSL is an embedded SSL Library for programmers building security functionality into their applications and devices. @ text @d1 1 a1 1 $NetBSD$ @