kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/wolfssl/pkg-plist
Santhosh Raju 9819baefd0 security/wolfssl: Update to v5.3.0 
Changes since v5.2.0:

Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:

New Feature Additions
Ports

  * Updated support for Stunnel to version 5.61
  * Add i.MX8 NXP SECO use for secure private ECC keys and expand
    cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
  * Allow encrypt then mac with Apache port
  * Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature
    data for TSIP / SCE example
  * Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
  * Add support for FFMPEG with the enable option --enable-ffmpeg, FFMPEG is
    used for recording and converting video and audio (https://ffmpeg.org/)
  * Update the bind port to version 9.18.0

Post Quantum

  * Add Post-quantum KEM benchmark for STM32
  * Enable support for using post quantum algorithms with embedded STM32 boards
    and port to STM32U585

Compatibility Layer Additions

  * Add port to support libspdm
    (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility
    functions added for the port were:
      - ASN1_TIME_compare
      - DH_new_by_nid
      - OBJ_length, OBJ_get0_data,
      - EVP layer ChaCha20-Poly1305, HKDF
      - EC_POINT_get_affine_coordinates
      - EC_POINT_set_affine_coordinates
  * Additional functions added were:
      - EC_KEY_print_fp
      - EVP_PKEY_paramgen
      - EVP_PKEY_sign/verify functionality
      - PEM_write_RSAPublicKey
      - PEM_write_EC_PUBKEY
      - PKCS7_sign
      - PKCS7_final
      - SMIME_write_PKCS7
      - EC_KEY/DH_up_ref
      - EVP_DecodeBlock
      - EVP_EncodeBlock
      - EC_KEY_get_conv_form
      - BIO_eof
      - Add support for BIO_CTRL_SET and BIO_CTRL_GET
  * Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
  * Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
  * More checks on OPENSSL_VERSION_NUMBER for API prototype differences
  * Add extended key usage support to wolfSSL_X509_set_ext
  * SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility
    layer enabled and a TLS 1.3 PSK connection is used
  * Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom
    parameters
  * Changed X509_V_ERR codes to better match OpenSSL values used
  * Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the
    expected resulting size
  * Enhance the smallstack build to reduce stack size farther when built with
    compatibility layer enabled

Misc.

 * Sniffer asynchronous support addition, handling of DH shared secret and
   tested with Intel QuickAssist
 * Added in support for OCSP with IPv6
 * Enhance SP (single precision) optimizations for use with the ECC P521
 * Add new public API wc_CheckCertSigPubKey() for use to easily check the
   signature of a certificate given a public key buffer
 * Add CSR (Certificate Signing Request) userId support in subject name
 * Injection and parsing of custom extensions in X.509 certificates
 * Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size
   if using only crypto callback functions with RSA and ECC
 * Created new --enable-engine configure flag used to build wolfSSL for use with
   wolfEngine
 * With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs
   for a cipher suite can be handled
 * Added private key id/label support with improving the PK (Public Key)
   callbacks
 * Support for Intel QuickAssist ECC KeyGen acceleration
 * Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate
   call back
 * Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void userCtx)
   and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX ctx) for setting and getting a user
   context
 * wolfRand for AMD --enable-amdrand

Fixes
PORT Fixes

  * KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes
    and reduction to memory usage
  * Add the new kdf.c file to the TI-RTOS build
  * Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
  * IOTSafe workarounds when reading files with ending 0’s and for ECC
    signatures

Math Library Fixes

  * Sanity check with SP math that ECC points ordinates are not greater than
    modulus length
  * Additional sanity checks that _sp_add_d does not error due to overflow
  * Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge
    case tests
  * TFM fp_div_2_ct rework to avoid potential overflow

Misc.

  * Fix for PKCS#7 with Crypto Callbacks
  * Fix for larger curve sizes with deterministic ECC sign
  * Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
  * Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
  * Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
  * Remove extra padding when AES-CBC encrypted with PemToDer
  * Fixes for TLS v1.3 early data with async.
  * Fixes for async disables around the DevCopy calls
  * Fixes for Windows AES-NI with clang compiler
  * Fix for handling the detection of processing a plaintext TLS alert packet
  * Fix for potential memory leak in an error case with TLSX supported groups
  * Sanity check on input size in DecodeNsCertType
  * AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
  * Fix for PK callbacks with server side and setting a public key

Improvements/Optimizations
Build Options and Warnings

  * Added example user settings template for FIPS v5 ready
  * Automake file touch cleanup for use with Yocto devtool
  * Allow disabling forced 'make clean' at the end of ./configure by using
    --disable-makeclean
  * Enable TLS 1.3 early data when specifying --enable-all option
  * Disable PK Callbacks with JNI FIPS builds
  * Add a FIPS cert 3389 ready option, this is the fips-ready build
  * Support (no)inline with Wind River Diab compiler
  * ECDH_compute_key allow setting of globalRNG with FIPS 140-3
  * Add logic equivalent to configure.ac in settings.h for Poly1305
  * Fixes to support building opensslextra with SP math
  * CPP protection for extern references to x86_64 asm code
  * Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
  * Documentation improvements with auto generation
  * Fix reproducible-build for working an updated version of libtool, version
    2.4.7
  * Fixes for Diab C89 and armclang
  * Fix mcapi_test.c to include the settings.h before crypto.h
  * Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
  * Fix for some macro defines with FIPS 140-3 build so that
    RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions

Math Libraries

  * Add RSA/DH check for even modulus
  * Enhance TFM math to handle more alloc failure cases gracefully
  * SP ASM performance improvements mostly around AArch64
  * SP ASM improvements for additional cache attack resistance
  * Add RSA check for small difference between p and q
  * 6-8% performance increase with ECC operations using SP int by improving the
    Montgomery Reduction

Testing and Validation

  * All shell scripts in source tree now tested for correctness using shellcheck
    and bash -n
  * Added build testing under gcc-12 and -std=c++17 and fixed warnings
  * TLS 1.3 script test improvement to wait for server to write file
  * Unit tests for ECC r/s zeroness handling
  * CI server was expanded with a very “quiet” machine that can support multiple
    ContantTime tests ensuring ongoing mitigation against side-channel timing
    based attacks. Algorithms being assessed on this machine are: AES-CBC,
    AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
  * Added new multi configuration windows builds to CI testing for greater
    testing coverage of windows use-cases

Misc.

  * Support for ECC import to check validity of key on import even if one of the
    coordinates (x or y) is 0
  * Modify example app to work with FreeRTOS+IoT
  * Ease of access for cert used for verifying a PKCS#7 bundle
  * Clean up Visual Studio output and intermediate directories
  * With TLS 1.3 fail immediately if a server sends empty certificate message
  * Enhance the benchmark application to support multi-threaded testing
  * Improvement for wc_EccPublicKeyToDer to not overestimate the buffer size
    required
  * Fix to check if wc_EccPublicKeyToDer has enough output buffer space
  * Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
  * Various portability improvements (Time, DTLS epoch size, IV alloc)
  * Prefer status_request_v2 over status_request when both are present
  * Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT
    easier for portability
  * With SipHash replace gcc specific ASM instruction with generic
  * Don't force a ECC CA when a custom CA is passed with -A
  * Add peer authentication failsafe for TLS 1.2 and below
  * Improve parsing of UID from subject and issuer name with the compatibility
    layer by
  * Fallback to full TLS handshake if session ticket fails
  * Internal refactoring of code to reduce ssl.c file size
2022-05-07 13:43:03 +02:00

245 lines
7.8 KiB
Text
Raw Blame History

bin/wolfssl-config
include/cyassl/callbacks.h
include/cyassl/certs_test.h
include/cyassl/crl.h
include/cyassl/ctaocrypt/aes.h
include/cyassl/ctaocrypt/arc4.h
include/cyassl/ctaocrypt/asn.h
include/cyassl/ctaocrypt/asn_public.h
include/cyassl/ctaocrypt/blake2-impl.h
include/cyassl/ctaocrypt/blake2-int.h
include/cyassl/ctaocrypt/blake2.h
include/cyassl/ctaocrypt/camellia.h
include/cyassl/ctaocrypt/chacha.h
include/cyassl/ctaocrypt/coding.h
include/cyassl/ctaocrypt/compress.h
include/cyassl/ctaocrypt/des3.h
include/cyassl/ctaocrypt/dh.h
include/cyassl/ctaocrypt/dsa.h
include/cyassl/ctaocrypt/ecc.h
include/cyassl/ctaocrypt/error-crypt.h
include/cyassl/ctaocrypt/fips_test.h
include/cyassl/ctaocrypt/hmac.h
include/cyassl/ctaocrypt/integer.h
include/cyassl/ctaocrypt/logging.h
include/cyassl/ctaocrypt/md2.h
include/cyassl/ctaocrypt/md4.h
include/cyassl/ctaocrypt/md5.h
include/cyassl/ctaocrypt/memory.h
include/cyassl/ctaocrypt/misc.h
include/cyassl/ctaocrypt/mpi_class.h
include/cyassl/ctaocrypt/mpi_superclass.h
include/cyassl/ctaocrypt/pkcs7.h
include/cyassl/ctaocrypt/poly1305.h
include/cyassl/ctaocrypt/pwdbased.h
include/cyassl/ctaocrypt/random.h
include/cyassl/ctaocrypt/ripemd.h
include/cyassl/ctaocrypt/rsa.h
include/cyassl/ctaocrypt/settings.h
include/cyassl/ctaocrypt/settings_comp.h
include/cyassl/ctaocrypt/sha.h
include/cyassl/ctaocrypt/sha256.h
include/cyassl/ctaocrypt/sha512.h
include/cyassl/ctaocrypt/tfm.h
include/cyassl/ctaocrypt/types.h
include/cyassl/ctaocrypt/visibility.h
include/cyassl/ctaocrypt/wc_port.h
include/cyassl/error-ssl.h
include/cyassl/ocsp.h
include/cyassl/openssl/asn1.h
include/cyassl/openssl/bio.h
include/cyassl/openssl/bn.h
include/cyassl/openssl/conf.h
include/cyassl/openssl/crypto.h
include/cyassl/openssl/des.h
include/cyassl/openssl/dh.h
include/cyassl/openssl/dsa.h
include/cyassl/openssl/ec.h
include/cyassl/openssl/ec25519.h
include/cyassl/openssl/ec448.h
include/cyassl/openssl/ecdh.h
include/cyassl/openssl/ecdsa.h
include/cyassl/openssl/ed25519.h
include/cyassl/openssl/ed448.h
include/cyassl/openssl/engine.h
include/cyassl/openssl/err.h
include/cyassl/openssl/evp.h
include/cyassl/openssl/hmac.h
include/cyassl/openssl/lhash.h
include/cyassl/openssl/md4.h
include/cyassl/openssl/md5.h
include/cyassl/openssl/ocsp.h
include/cyassl/openssl/opensslconf.h
include/cyassl/openssl/opensslv.h
include/cyassl/openssl/ossl_typ.h
include/cyassl/openssl/pem.h
include/cyassl/openssl/pkcs12.h
include/cyassl/openssl/rand.h
include/cyassl/openssl/ripemd.h
include/cyassl/openssl/rsa.h
include/cyassl/openssl/sha.h
include/cyassl/openssl/ssl.h
include/cyassl/openssl/ssl23.h
include/cyassl/openssl/stack.h
include/cyassl/openssl/ui.h
include/cyassl/openssl/x509.h
include/cyassl/openssl/x509v3.h
include/cyassl/options.h
include/cyassl/sniffer.h
include/cyassl/sniffer_error.h
include/cyassl/ssl.h
include/cyassl/test.h
include/cyassl/version.h
include/wolfssl/callbacks.h
include/wolfssl/certs_test.h
include/wolfssl/crl.h
include/wolfssl/error-ssl.h
include/wolfssl/ocsp.h
include/wolfssl/openssl/aes.h
include/wolfssl/openssl/asn1.h
include/wolfssl/openssl/asn1t.h
include/wolfssl/openssl/bio.h
include/wolfssl/openssl/bn.h
include/wolfssl/openssl/buffer.h
include/wolfssl/openssl/camellia.h
include/wolfssl/openssl/cmac.h
include/wolfssl/openssl/cms.h
include/wolfssl/openssl/compat_types.h
include/wolfssl/openssl/conf.h
include/wolfssl/openssl/crypto.h
include/wolfssl/openssl/des.h
include/wolfssl/openssl/dh.h
include/wolfssl/openssl/dsa.h
include/wolfssl/openssl/ec.h
include/wolfssl/openssl/ec25519.h
include/wolfssl/openssl/ec448.h
include/wolfssl/openssl/ecdh.h
include/wolfssl/openssl/ecdsa.h
include/wolfssl/openssl/ed25519.h
include/wolfssl/openssl/ed448.h
include/wolfssl/openssl/engine.h
include/wolfssl/openssl/err.h
include/wolfssl/openssl/evp.h
include/wolfssl/openssl/fips_rand.h
include/wolfssl/openssl/hmac.h
include/wolfssl/openssl/kdf.h
include/wolfssl/openssl/lhash.h
include/wolfssl/openssl/md4.h
include/wolfssl/openssl/md5.h
include/wolfssl/openssl/modes.h
include/wolfssl/openssl/obj_mac.h
include/wolfssl/openssl/objects.h
include/wolfssl/openssl/ocsp.h
include/wolfssl/openssl/opensslconf.h
include/wolfssl/openssl/opensslv.h
include/wolfssl/openssl/ossl_typ.h
include/wolfssl/openssl/pem.h
include/wolfssl/openssl/pkcs12.h
include/wolfssl/openssl/pkcs7.h
include/wolfssl/openssl/rand.h
include/wolfssl/openssl/rc4.h
include/wolfssl/openssl/ripemd.h
include/wolfssl/openssl/rsa.h
include/wolfssl/openssl/sha.h
include/wolfssl/openssl/sha3.h
include/wolfssl/openssl/srp.h
include/wolfssl/openssl/ssl.h
include/wolfssl/openssl/ssl23.h
include/wolfssl/openssl/stack.h
include/wolfssl/openssl/tls1.h
include/wolfssl/openssl/txt_db.h
include/wolfssl/openssl/ui.h
include/wolfssl/openssl/x509.h
include/wolfssl/openssl/x509_vfy.h
include/wolfssl/openssl/x509v3.h
include/wolfssl/options.h
include/wolfssl/sniffer.h
include/wolfssl/sniffer_error.h
include/wolfssl/ssl.h
include/wolfssl/test.h
include/wolfssl/version.h
include/wolfssl/wolfcrypt/aes.h
include/wolfssl/wolfcrypt/arc4.h
include/wolfssl/wolfcrypt/asn.h
include/wolfssl/wolfcrypt/asn_public.h
include/wolfssl/wolfcrypt/blake2-impl.h
include/wolfssl/wolfcrypt/blake2-int.h
include/wolfssl/wolfcrypt/blake2.h
include/wolfssl/wolfcrypt/camellia.h
include/wolfssl/wolfcrypt/chacha.h
include/wolfssl/wolfcrypt/chacha20_poly1305.h
include/wolfssl/wolfcrypt/cmac.h
include/wolfssl/wolfcrypt/coding.h
include/wolfssl/wolfcrypt/compress.h
include/wolfssl/wolfcrypt/cpuid.h
include/wolfssl/wolfcrypt/cryptocb.h
include/wolfssl/wolfcrypt/curve25519.h
include/wolfssl/wolfcrypt/curve448.h
include/wolfssl/wolfcrypt/des3.h
include/wolfssl/wolfcrypt/dh.h
include/wolfssl/wolfcrypt/dsa.h
include/wolfssl/wolfcrypt/ecc.h
include/wolfssl/wolfcrypt/eccsi.h
include/wolfssl/wolfcrypt/ed25519.h
include/wolfssl/wolfcrypt/ed448.h
include/wolfssl/wolfcrypt/error-crypt.h
include/wolfssl/wolfcrypt/falcon.h
include/wolfssl/wolfcrypt/fe_448.h
include/wolfssl/wolfcrypt/fe_operations.h
include/wolfssl/wolfcrypt/fips_test.h
include/wolfssl/wolfcrypt/ge_448.h
include/wolfssl/wolfcrypt/ge_operations.h
include/wolfssl/wolfcrypt/hash.h
include/wolfssl/wolfcrypt/hmac.h
include/wolfssl/wolfcrypt/integer.h
include/wolfssl/wolfcrypt/kdf.h
include/wolfssl/wolfcrypt/logging.h
include/wolfssl/wolfcrypt/md2.h
include/wolfssl/wolfcrypt/md4.h
include/wolfssl/wolfcrypt/md5.h
include/wolfssl/wolfcrypt/mem_track.h
include/wolfssl/wolfcrypt/memory.h
include/wolfssl/wolfcrypt/misc.h
include/wolfssl/wolfcrypt/mpi_class.h
include/wolfssl/wolfcrypt/mpi_superclass.h
include/wolfssl/wolfcrypt/pkcs12.h
include/wolfssl/wolfcrypt/pkcs7.h
include/wolfssl/wolfcrypt/poly1305.h
include/wolfssl/wolfcrypt/pwdbased.h
include/wolfssl/wolfcrypt/random.h
include/wolfssl/wolfcrypt/rc2.h
include/wolfssl/wolfcrypt/ripemd.h
include/wolfssl/wolfcrypt/rsa.h
include/wolfssl/wolfcrypt/sakke.h
include/wolfssl/wolfcrypt/settings.h
include/wolfssl/wolfcrypt/sha.h
include/wolfssl/wolfcrypt/sha256.h
include/wolfssl/wolfcrypt/sha3.h
include/wolfssl/wolfcrypt/sha512.h
include/wolfssl/wolfcrypt/signature.h
include/wolfssl/wolfcrypt/siphash.h
include/wolfssl/wolfcrypt/srp.h
include/wolfssl/wolfcrypt/tfm.h
include/wolfssl/wolfcrypt/types.h
include/wolfssl/wolfcrypt/visibility.h
include/wolfssl/wolfcrypt/wc_encrypt.h
include/wolfssl/wolfcrypt/wc_port.h
include/wolfssl/wolfcrypt/wolfevent.h
include/wolfssl/wolfcrypt/wolfmath.h
include/wolfssl/wolfio.h
lib/libwolfssl.a
lib/libwolfssl.so
lib/libwolfssl.so.33
lib/libwolfssl.so.33.0.0
libdata/pkgconfig/wolfssl.pc
%%PORTDOCS%%%%DOCSDIR%%/README.txt
%%PORTDOCS%%%%DOCSDIR%%/example/client.c
%%PORTDOCS%%%%DOCSDIR%%/example/echoclient.c
%%PORTDOCS%%%%DOCSDIR%%/example/echoserver.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-client-dtls.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-client.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-server-dtls.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-server.c
%%PORTDOCS%%%%DOCSDIR%%/example/server.c
%%PORTDOCS%%%%DOCSDIR%%/example/tls_bench.c
%%PORTDOCS%%%%DOCSDIR%%/taoCert.txt
Reference in a new issue View git blame Copy permalink