From 2621a7fc635d4fbc955ec156fabbf26037f27a9c Mon Sep 17 00:00:00 2001 From: Santhosh Raju Date: Sat, 4 Feb 2023 16:44:24 +0100 Subject: [PATCH] security/wolfssl: Update to v5.5.4 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changes since v5.5.3: wolfSSL Release 5.5.4 (Dec 21, 2022) Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including: New Feature Additions * QUIC related changes for HAProxy integration and config option * Support for Analog Devices MAXQ1080 and MAXQ1065 * Testing and build of wolfSSL with NuttX * New software based entropy gatherer with configure option --enable-entropy-memuseOP * NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC * Support for multi-threaded sniffer Improvements / Optimizations Benchmark and Tests * Add alternate test case for unsupported static memory API when testing mutex allocations * Additional unit test cases added for AES CCM 256-bit * Initialize and free AES object with benchmarking AES-OFB * Kyber with DTLS 1.3 tests added * Tidy up Espressif ESP32 test and benchmark examples * Rework to be able to run API tests individually and add display of time taken per test Build and Port Improvements * Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU * Add support to detect SIZEOF_LONG in armclang and diab * Added in a simple example working on Rx72n * Update azsphere support to prevent compilation of file included inline * --enable-brainpool configure option added and default to on when custom curves are also on * Add RSA PSS salt defines to engine builds if not FIPS v2 Post Quantum * Remove kyber-90s and route all Kyber through wolfcrypt * Purge older version of NTRU and SABER from wolfSSL SP Math * Support static memory build with sp-math * SP C, SP int: improve performance * SP int: support mingw64 again * SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long * SP int: check size required when using sp_int on stack * SP: --enable-sp-asm now enables SP by default if not set * SP: support aarch64 big endian DTLS * Allow DTLS 1.3 to compile when FIPS is enabled * Allow for stateless DTLS client hello parsing Misc. * Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value * Detection of duplicate known extensions with TLS * PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API * Update max Cert Policy size based on RFC 5280 * Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs() * Improve logic for enabling system CA certs on Apple devices * Stub functions to allow for cpuid public functions with non-intel builds * Increase RNG_SECURITY_STRENGTH for FIPS * Improvements in OpenSSL Compat ERR Queue handling * Support ASN1/DER CRLs in LoadCertByIssuer * Expose more ECC math functions and improve async shared secret * Improvement for sniffer error messages * Warning added that renegotiation in TLS 1.3 requires session ticket * Adjustment for TLS 1.3 post auth support * Rework DH API and improve PEM read/write Build Fixes * Fix --enable-devcrypto build error for sys without u_int8_t type * Fix casts in evp.c and build issue in ParseCRL * Fixes for compatibility layer building with heap hint and OSSL callbacks * fix compile error due to Werro=undef on gcc-4.8 * Fix mingw-w64 build issues on windows * Xcode project fixes for different build settings * Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration * Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification * Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds * Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY` OCSP Fixes * Correctly save next status with OCSP response verify * When the OCSP responder returns an unknown exception, continue through to checking the CRL Math Fixes * Fix for implicit conversion with 32-bit in SP math * Fix for error checks when modulus is even with SP int build * Fix for checking of err in _sp_exptmod_nct with SP int build * ECC cofactor fix when checking scalar bits * ARM32 ASM: don't use ldrd on user data * SP int, fix when ECC specific size code included Port Fixes * Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM * Fix for cryptocell signature verification with ECC * Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO Compat. Layer Fixes * Fix for handling DEFAULT:... cipher suite list * Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object * Set alt name type to V_ASN1_IA5STRING * Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject * Fix wolfSSL_set_SSL_CTX() to be usable during handshake * Fix X509_get1_ocsp to set num of elements in stack * X509v3 EXT d2i: fix freeing of aia * Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509() * Link newly created x509 store's certificate manager to self by default to assist with CRL verification * Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found Misc. * Free potential signer malloc in a fail case * fix other name san parsing and add RID cert to test parsing * WOLFSSL_OP_NO_TICKET fix for TLSv1.2 * fix ASN template parsing of X509 subject directory attribute * Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 * Fix incorrect self signed error return when compiled with certreq and certgen. * Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline() * Fix for decryption after second handshake with async sniffer * Allow session tickets to properly resume when using PQ KEMs * Add sanity overflow check to DecodeAltNames input buffer access --- security/wolfssl/Makefile | 2 +- security/wolfssl/distinfo | 6 +++--- security/wolfssl/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile index 5dc983b1a01b..e39485c010e3 100644 --- a/security/wolfssl/Makefile +++ b/security/wolfssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= wolfssl -PORTVERSION= 5.5.3 +PORTVERSION= 5.5.4 CATEGORIES= security devel MASTER_SITES= https://www.wolfssl.com/ \ LOCAL/fox diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo index 6b933d3d515a..1fd49e27f7d3 100644 --- a/security/wolfssl/distinfo +++ b/security/wolfssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1667845431 -SHA256 (wolfssl-5.5.3.zip) = bc441ae086ddb9d42e2ad391920b400b8cabb19d2aea5efb1cb90b527e0990ee -SIZE (wolfssl-5.5.3.zip) = 20551889 +TIMESTAMP = 1675516684 +SHA256 (wolfssl-5.5.4.zip) = 76da2d57183a5de2660f6214db7234d21df6d8c5ef12a79bdad5e68774dda380 +SIZE (wolfssl-5.5.4.zip) = 20699104 diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist index a4c68461b7f0..e701605ecaf0 100644 --- a/security/wolfssl/pkg-plist +++ b/security/wolfssl/pkg-plist @@ -237,7 +237,7 @@ include/wolfssl/wolfio.h lib/libwolfssl.a lib/libwolfssl.so lib/libwolfssl.so.35 -lib/libwolfssl.so.35.2.1 +lib/libwolfssl.so.35.3.0 libdata/pkgconfig/wolfssl.pc %%PORTDOCS%%%%DOCSDIR%%/QUIC.md %%PORTDOCS%%%%DOCSDIR%%/README.txt