diff options
author | fox <fox@pkgsrc.org> | 2022-02-26 06:52:46 +0000 |
---|---|---|
committer | fox <fox@pkgsrc.org> | 2022-02-26 06:52:46 +0000 |
commit | 4fb7ec19fce36ed163babccf43ed96d539e1e376 (patch) | |
tree | 5f19821ceac6fd3f43d84ffaf75c4f73039d7a2f /security | |
parent | 2e2ff2698ef78b6b908de4e4865681d673c3884e (diff) | |
download | pkgsrc-4fb7ec19fce36ed163babccf43ed96d539e1e376.tar.gz |
security/wolfssl: Update to v5.2.0
Changes since v5.1.1:
wolfSSL Release 5.2.0 (Feb 21, 2022)
Release 5.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [High] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify message
a client can connect without presenting a certificate even if the server
requires one. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
* [High] A TLS v1.3 client attempting to authenticate a TLS v1.3 server can
have its certificate check bypassed. If the sig_algo in the
certificate_verify message is different than the certificate message checking
may be bypassed. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT
* Renesas FSP 3.5.0 support for RA6M3
* For TLS 1.3, improved checks on order of received messages.
* Support for use of SHA-3 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Support for use of SHA-512 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Fixes for clang -Os on clang >= 12.0.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed to
build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXP’s SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
ARM PSA Support (Platform Security Architecture) API
* Initial support added for ARM’s Platform Security Architecture (PSA) API in
wolfCrypt which allows support of ARM PSA enabled devices by wolfSSL,
wolfSSH, and wolfBoot and wolfCrypt FIPS.
* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG
ECICE Updates
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
AES-256-CTR
* Support for compressed public keys in messages.
Math Improvements
* Improved performance of X448 and Ed448 through inlining Karatsuba in square
and multiplication operations for 128-bit implementation (64-bit platforms
with 128-bit type support).
* SP Math C implementation: fix for corner case in curve specific
implementations of Montgomery Reduction (P-256, P-384).
* SP math all: assembly snippets added for ARM Thumb. Performance improvement
on platform.
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
dependency on __udiv3.
* SP C implementation: multiplication of two signed types with overflow is
undefined in C. Now cast to unsigned type before multiplication is
performed.
* SP C implementation correctly builds when using CFLAG: -m32
OpenSSL Compatibility Layer
* Added DH_get_2048_256 to compatibility layer.
* wolfSSLeay_version now returns the version of wolfSSL
* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows better
compatibility when building with a C++ compiler.
* Fix for OpenSSL x509_NAME_hash mismatch
* Implement FIPS_mode and FIPS_mode_set in the compat layer.
* Fix for certreq and certgen options with openssl compatibility
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
* Fix IV length bug in EVP AES-GCM code.
* Add new ASN1_INTEGER compatibility functions.
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
CMake Updates
* Check for valid override values.
* Add KEYGEN option.
* Cleanup help messages.
* Add options to support wolfTPM.
VisualStudio Updates
* Remove deprecated VS solution
* Fix VS unreachable code warning
New Algorithms and Protocols
* AES-SIV (RFC 5297)
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new real-time
session keys
* SipHash MAC/PRF for hash tables. Includes inline assembly for x86_64 and
Aarch64.
Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
Diffstat (limited to 'security')
-rw-r--r-- | security/wolfssl/Makefile | 4 | ||||
-rw-r--r-- | security/wolfssl/PLIST | 9 | ||||
-rw-r--r-- | security/wolfssl/distinfo | 8 |
3 files changed, 9 insertions, 12 deletions
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile index 38d6051c971..d53b1f861aa 100644 --- a/security/wolfssl/Makefile +++ b/security/wolfssl/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.11 2022/01/08 09:48:16 fox Exp $ +# $NetBSD: Makefile,v 1.12 2022/02/26 06:52:46 fox Exp $ -DISTNAME= wolfssl-5.1.1 +DISTNAME= wolfssl-5.2.0 CATEGORIES= security MASTER_SITES= https://www.wolfssl.com/ EXTRACT_SUFX= .zip diff --git a/security/wolfssl/PLIST b/security/wolfssl/PLIST index 30217d637cf..9162b3e0aee 100644 --- a/security/wolfssl/PLIST +++ b/security/wolfssl/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2021/12/30 01:19:03 fox Exp $ +@comment $NetBSD: PLIST,v 1.7 2022/02/26 06:52:46 fox Exp $ bin/wolfssl-config include/cyassl/callbacks.h include/cyassl/certs_test.h @@ -20,7 +20,6 @@ include/cyassl/ctaocrypt/dsa.h include/cyassl/ctaocrypt/ecc.h include/cyassl/ctaocrypt/error-crypt.h include/cyassl/ctaocrypt/fips_test.h -include/cyassl/ctaocrypt/hc128.h include/cyassl/ctaocrypt/hmac.h include/cyassl/ctaocrypt/integer.h include/cyassl/ctaocrypt/logging.h @@ -34,7 +33,6 @@ include/cyassl/ctaocrypt/mpi_superclass.h include/cyassl/ctaocrypt/pkcs7.h include/cyassl/ctaocrypt/poly1305.h include/cyassl/ctaocrypt/pwdbased.h -include/cyassl/ctaocrypt/rabbit.h include/cyassl/ctaocrypt/random.h include/cyassl/ctaocrypt/ripemd.h include/cyassl/ctaocrypt/rsa.h @@ -123,6 +121,7 @@ include/wolfssl/openssl/ed448.h include/wolfssl/openssl/engine.h include/wolfssl/openssl/err.h include/wolfssl/openssl/evp.h +include/wolfssl/openssl/fips_rand.h include/wolfssl/openssl/hmac.h include/wolfssl/openssl/lhash.h include/wolfssl/openssl/md4.h @@ -191,9 +190,7 @@ include/wolfssl/wolfcrypt/fips_test.h include/wolfssl/wolfcrypt/ge_448.h include/wolfssl/wolfcrypt/ge_operations.h include/wolfssl/wolfcrypt/hash.h -include/wolfssl/wolfcrypt/hc128.h include/wolfssl/wolfcrypt/hmac.h -include/wolfssl/wolfcrypt/idea.h include/wolfssl/wolfcrypt/integer.h include/wolfssl/wolfcrypt/kdf.h include/wolfssl/wolfcrypt/logging.h @@ -209,7 +206,6 @@ include/wolfssl/wolfcrypt/pkcs12.h include/wolfssl/wolfcrypt/pkcs7.h include/wolfssl/wolfcrypt/poly1305.h include/wolfssl/wolfcrypt/pwdbased.h -include/wolfssl/wolfcrypt/rabbit.h include/wolfssl/wolfcrypt/random.h include/wolfssl/wolfcrypt/rc2.h include/wolfssl/wolfcrypt/ripemd.h @@ -221,6 +217,7 @@ include/wolfssl/wolfcrypt/sha256.h include/wolfssl/wolfcrypt/sha3.h include/wolfssl/wolfcrypt/sha512.h include/wolfssl/wolfcrypt/signature.h +include/wolfssl/wolfcrypt/siphash.h include/wolfssl/wolfcrypt/srp.h include/wolfssl/wolfcrypt/tfm.h include/wolfssl/wolfcrypt/types.h diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo index d5846e0a5db..fdf35722ab4 100644 --- a/security/wolfssl/distinfo +++ b/security/wolfssl/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.12 2022/01/08 09:48:16 fox Exp $ +$NetBSD: distinfo,v 1.13 2022/02/26 06:52:46 fox Exp $ -BLAKE2s (wolfssl-5.1.1.zip) = 6cd4f2acc34cbdd57409f3a81b2107fb5fb23a816b3268c532141fb9d892033c -SHA512 (wolfssl-5.1.1.zip) = f9a024d0895263e3962c9155cdfbb875d30be9cbb846642cd950eaae74eb768681a9ad08a3b970f5611ca9ee7894498002ffc8a3690afbcfb15a4106dee27f81 -Size (wolfssl-5.1.1.zip) = 12558116 bytes +BLAKE2s (wolfssl-5.2.0.zip) = 2f9c0cf5eef5781abe8f863d39db22959253561d97676bc61c608d257e94092f +SHA512 (wolfssl-5.2.0.zip) = eb3565cffd261c13b69d7049b0bc6ea030419a29aeb3f0937ea2f1de2c6b22aeabee354abe5c0d88fcd7249eb9b3f63ff4ca2dd61942c4fda6c067d0cc2d9def +Size (wolfssl-5.2.0.zip) = 15470250 bytes SHA1 (patch-certs_intermediate_genintcerts.sh) = bdcf9a1fd14170aaf780ab9677fd8bc6e4ddc75c |