git: ba4cf682d207 - main - security/wolfssl: Update to v5.2.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 26 Feb 2022 06:59:41 UTC
The branch main has been updated by fox:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ba4cf682d2070a74e78a093a250c5fdb2c4ce5fb
commit ba4cf682d2070a74e78a093a250c5fdb2c4ce5fb
Author: Santhosh Raju <fox@FreeBSD.org>
AuthorDate: 2022-02-26 06:56:37 +0000
Commit: Santhosh Raju <fox@FreeBSD.org>
CommitDate: 2022-02-26 06:58:42 +0000
security/wolfssl: Update to v5.2.0
Changes since v5.1.1:
wolfSSL Release 5.2.0 (Feb 21, 2022)
Release 5.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [High] A TLS v1.3 server who requires mutual authentication can be
bypassed. If a malicious client does not send the certificate_verify message
a client can connect without presenting a certificate even if the server
requires one. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
* [High] A TLS v1.3 client attempting to authenticate a TLS v1.3 server can
have its certificate check bypassed. If the sig_algo in the
certificate_verify message is different than the certificate message checking
may be bypassed. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
Télécom SudParis.
New Feature Additions
* Example applications for Renesas RX72N with FreeRTOS+IoT
* Renesas FSP 3.5.0 support for RA6M3
* For TLS 1.3, improved checks on order of received messages.
* Support for use of SHA-3 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Support for use of SHA-512 cryptography instructions available in ARMv8.2-A
architecture extensions. (For Apple M1)
* Fixes for clang -Os on clang >= 12.0.0
* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
* Allow DES3 with FIPS v5-dev.
* Include HMAC for deterministic ECC sign build
* Add --enable-chrony configure option. This sets build options needed to
build the Chrony NTP (Network Time Protocol) service.
* Add support for STM32U575xx boards.
* Fixes for NXP’s SE050 Ed25519/Curve25519.
* TLS: Secure renegotiation info on by default for compatibility.
* Inline C code version of ARM32 assembly for cryptographic algorithms
available and compiling for improved performance on ARM platforms
* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
* Fix initialization bug in SiLabs AES support
* Domain and IP check is only performed on leaf certificates
ARM PSA Support (Platform Security Architecture) API
* Initial support added for ARM’s Platform Security Architecture (PSA) API in
wolfCrypt which allows support of ARM PSA enabled devices by wolfSSL,
wolfSSH, and wolfBoot and wolfCrypt FIPS.
* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG
ECICE Updates
* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
AES-256-CTR
* Support for compressed public keys in messages.
Math Improvements
* Improved performance of X448 and Ed448 through inlining Karatsuba in square
and multiplication operations for 128-bit implementation (64-bit platforms
with 128-bit type support).
* SP Math C implementation: fix for corner case in curve specific
implementations of Montgomery Reduction (P-256, P-384).
* SP math all: assembly snippets added for ARM Thumb. Performance improvement
on platform.
* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
dependency on __udiv3.
* SP C implementation: multiplication of two signed types with overflow is
undefined in C. Now cast to unsigned type before multiplication is
performed.
* SP C implementation correctly builds when using CFLAG: -m32
OpenSSL Compatibility Layer
* Added DH_get_2048_256 to compatibility layer.
* wolfSSLeay_version now returns the version of wolfSSL
* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows better
compatibility when building with a C++ compiler.
* Fix for OpenSSL x509_NAME_hash mismatch
* Implement FIPS_mode and FIPS_mode_set in the compat layer.
* Fix for certreq and certgen options with openssl compatibility
* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
* Fix IV length bug in EVP AES-GCM code.
* Add new ASN1_INTEGER compatibility functions.
* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
CMake Updates
* Check for valid override values.
* Add KEYGEN option.
* Cleanup help messages.
* Add options to support wolfTPM.
VisualStudio Updates
* Remove deprecated VS solution
* Fix VS unreachable code warning
New Algorithms and Protocols
* AES-SIV (RFC 5297)
* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new real-time
session keys
* SipHash MAC/PRF for hash tables. Includes inline assembly for x86_64 and
Aarch64.
Remove Obsolete Algorithms
* IDEA
* Rabbit
* HC-128
---
security/wolfssl/Makefile | 2 +-
security/wolfssl/distinfo | 6 +++---
security/wolfssl/pkg-plist | 11 ++++-------
3 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
index 66c1ccc1f55d..b1bb04d718d7 100644
--- a/security/wolfssl/Makefile
+++ b/security/wolfssl/Makefile
@@ -1,5 +1,5 @@
PORTNAME= wolfssl
-PORTVERSION= 5.1.1
+PORTVERSION= 5.2.0
CATEGORIES= security devel
MASTER_SITES= https://www.wolfssl.com/ \
LOCAL/fox
diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo
index 0e87c843557d..34ea038e9009 100644
--- a/security/wolfssl/distinfo
+++ b/security/wolfssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1641634866
-SHA256 (wolfssl-5.1.1.zip) = 11035f97e765802b3c7ffce152069123c76fd501035d65d26c5b06e7e125382e
-SIZE (wolfssl-5.1.1.zip) = 12558116
+TIMESTAMP = 1645857440
+SHA256 (wolfssl-5.2.0.zip) = 1042c798f53294d46f0df43ee673191da94fc71d2f94e05e7e4daad5e108edd5
+SIZE (wolfssl-5.2.0.zip) = 15470250
diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist
index 5031aee71c7c..7de4d0428dce 100644
--- a/security/wolfssl/pkg-plist
+++ b/security/wolfssl/pkg-plist
@@ -19,7 +19,6 @@ include/cyassl/ctaocrypt/dsa.h
include/cyassl/ctaocrypt/ecc.h
include/cyassl/ctaocrypt/error-crypt.h
include/cyassl/ctaocrypt/fips_test.h
-include/cyassl/ctaocrypt/hc128.h
include/cyassl/ctaocrypt/hmac.h
include/cyassl/ctaocrypt/integer.h
include/cyassl/ctaocrypt/logging.h
@@ -33,7 +32,6 @@ include/cyassl/ctaocrypt/mpi_superclass.h
include/cyassl/ctaocrypt/pkcs7.h
include/cyassl/ctaocrypt/poly1305.h
include/cyassl/ctaocrypt/pwdbased.h
-include/cyassl/ctaocrypt/rabbit.h
include/cyassl/ctaocrypt/random.h
include/cyassl/ctaocrypt/ripemd.h
include/cyassl/ctaocrypt/rsa.h
@@ -122,6 +120,7 @@ include/wolfssl/openssl/ed448.h
include/wolfssl/openssl/engine.h
include/wolfssl/openssl/err.h
include/wolfssl/openssl/evp.h
+include/wolfssl/openssl/fips_rand.h
include/wolfssl/openssl/hmac.h
include/wolfssl/openssl/lhash.h
include/wolfssl/openssl/md4.h
@@ -190,9 +189,7 @@ include/wolfssl/wolfcrypt/fips_test.h
include/wolfssl/wolfcrypt/ge_448.h
include/wolfssl/wolfcrypt/ge_operations.h
include/wolfssl/wolfcrypt/hash.h
-include/wolfssl/wolfcrypt/hc128.h
include/wolfssl/wolfcrypt/hmac.h
-include/wolfssl/wolfcrypt/idea.h
include/wolfssl/wolfcrypt/integer.h
include/wolfssl/wolfcrypt/kdf.h
include/wolfssl/wolfcrypt/logging.h
@@ -208,7 +205,6 @@ include/wolfssl/wolfcrypt/pkcs12.h
include/wolfssl/wolfcrypt/pkcs7.h
include/wolfssl/wolfcrypt/poly1305.h
include/wolfssl/wolfcrypt/pwdbased.h
-include/wolfssl/wolfcrypt/rabbit.h
include/wolfssl/wolfcrypt/random.h
include/wolfssl/wolfcrypt/rc2.h
include/wolfssl/wolfcrypt/ripemd.h
@@ -220,6 +216,7 @@ include/wolfssl/wolfcrypt/sha256.h
include/wolfssl/wolfcrypt/sha3.h
include/wolfssl/wolfcrypt/sha512.h
include/wolfssl/wolfcrypt/signature.h
+include/wolfssl/wolfcrypt/siphash.h
include/wolfssl/wolfcrypt/srp.h
include/wolfssl/wolfcrypt/tfm.h
include/wolfssl/wolfcrypt/types.h
@@ -231,8 +228,8 @@ include/wolfssl/wolfcrypt/wolfmath.h
include/wolfssl/wolfio.h
lib/libwolfssl.a
lib/libwolfssl.so
-lib/libwolfssl.so.30
-lib/libwolfssl.so.30.1.1
+lib/libwolfssl.so.32
+lib/libwolfssl.so.32.0.0
libdata/pkgconfig/wolfssl.pc
%%PORTDOCS%%%%DOCSDIR%%/README.txt
%%PORTDOCS%%%%DOCSDIR%%/example/client.c