1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-19 00:13:33 +00:00
freebsd-ports/security/wolfssl/pkg-plist
Santhosh Raju 2b488f7b2f security/wolfssl: Update to v5.6.0
Changes since v5.5.4:

wolfSSL Release 5.6.0 (Mar 24, 2023)

Release 5.6.0 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality
criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance

NOTE: * --enable-heapmath is being deprecated and will be removed by 2024 * This
release makes ASN Template the default with ./configure, the previous ASN
parsing can be built with --enable-asn=original

Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:

New Feature Additions
* ASN template is now the default ASN parsing implementation when compiling with
  configure
* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid
  Public Key Encryption)
* DTLS 1.3 stateless server ClientHello parsing support added

Ports
* Add RX64/RX71 SHA hardware support
* Port to RT1170 and expand NXP CAAM driver support
* Add NuttX integration files for ease of use
* Updated Stunnel support for version 5.67 Compatibility Layer
* Add in support for AES-CCM with EVP
* BN compatibility API refactoring and separate API created
* Expanding public key type cipher suite list strings support

Misc.
* Support pthread_rwlock and add enable option
* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain
  flag and additional verify flag options
* Docker build additions for wolfSSL library and wolfCLU application
* Add favorite drink pilot attribute type to get it from the encoding
* Added in support for indefinite length BER parsing with PKCS12
* Add dynamic session cache which allocates sessions from the heap with macro
  SESSION_CACHE_DYNAMIC_MEM

Improvements / Optimizations

Tests
* Additional CI (continuous integration) testing and leveraging of GitHub
  workflows
* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows
* Add compilation of Espressif to GitHub workflows tests
* Refactoring and improving error results with wolfCrypt unit test application
* Minor warning fixes from Coverity static analysis scan
* Add new SHA-512/224 and SHA-512/256 tests
* Used codespell and fixed some minor typos

Ports
* Improve TLS1.2 client authentication to use TSIP
* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber
  work on STM32
* AES-GCM Windows assembly additions
* CRLF line endings, trailing spaces for C# Wrapper Projects Compatibility Layer
* Update PubKey and Key PEM-to-DER APIs to support return of needed DER size
* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey
* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates
* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read
  only BIOs

SP
* In SP math library rework mod 3 and use count leading zero instruction
* Fix with SP ECC sign to reject the random k generated when r is 0
* With SP math add better detection of when add won't work and double is needed
  with point_add_qz1 internal function
* With SP int fail when buffer writing to is too small for number rather than
  discarding the extra values

Builds
* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack
* Fix CMake to exclude libm when DH is not enabled
* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product
* Add option to add library suffix, --with-libsuffix
* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros
* Add user_settings.h template for wolfTPM to
  examples/configs/user_settings_wolftpm.h
* Purge the AES variant of Dilithium
* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key
* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds
* Expand checking for hardware that supports ARMv7a neon with autotools
  configure
* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing
  internal buffer
* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro
  defined

Benchmarking
* Update wolfCrypt benchmark Windows build files to support x64 Platform
* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes
* Separate AES-GCM streaming runs when benchmarked
* No longer call external implementation of Kyber from benchmark
* Fix for benchmarking shake with custom block size
* Fixes for benchmark help -alg list and block format Documentation/Examples
* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen
* Move the wolfSSL Configuration section higher in QUIC.md
* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete
  Japanese doxygen in asn_public.h
* Espressif examples run with local wolfSSL now with no additional setup needed
* Added a fix for StartTLS use In the example client
* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app

Optimizations
* AES-NI usage added for AES modes ECB/CTR/XTS

Misc
* Update AES-GCM stream decryption to allow long IVs
* Internal refactor to use wolfSSL_Ref functions when incrementing or
  decrementing the structures reference count and fixes for static analysis
  reports
* Cleanup function logging making adjustments to the debug log print outs
* Remove realloc dependency in DtlsMsgCombineFragBuckets function
* Refactor to use WOLFSSL_CTX’s cipher suite list when possible
* Update internal padding of 0’s with DSA sign and additional tests with
  mp_to_unsigned_bin_len function
* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS
* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER
* Update AES XTS encrypt to handle in-place encryption properly
* With TLS 1.3 add option to require only PSK with DHE

Fixes

Ports
* Fix for AES use with CAAM on imx8qxp with SECO builds
* Fix for PIC32 crypto HW and unused TLSX_SetResponse
* Fix warning if ltime is unsigned seen with QNX build
* Updates and fix for Zephyr project support
* Include sys/time.h for WOLFSSL_RIOT_OS
* Move X509_V errors from enums to defines for use with HAProxy CLI
* Fix IAR compiler warnings resolved
* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1
* ESP32 fix for SHA384 init with hardware acceleration

Builds
* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl
* Fixes for building with C++17 and avoiding clashing with byte naming
* Fixes SP math all build issue with small-stack and no hardening
* Fix for building with ASN template with NO_ASN_TIME defined
* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined
* Don't allow aesgcm-stream option with kcapi
* Fix DTLS test case for when able to read peers close notify alert on FreeBSD
  systems
* Fix for "expression must have a constant value" in tls13.c with Green Hills
  compiler
* Fixes for building KCAPI with opensslextra enabled
* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler
* Fix issue with async and WOLFSSL_CHECK_ALERT_ON_ERR
* Fix for PKCS7 with asynchronous crypto enabled

Math Library
* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC
  P256 mont reduce
* In SP builds add sanity check with DH exp. to check the output length for
  minimum size
* In SP math fix scalar length check with EC scalar multiply
* With SP int fix handling negative character properly with read radix
* Add error checks before setting variable err in SP int with the function
  sp_invmod_mont_ct
* Fix to add sanity check for malloc of zero size in fastmath builds
* In fastmath fix a possible overflow in fp_to_unsigned_bin_len length check
* Heapmath fast mod. reduce fix

Compatibility Layer
* Fixes for encoding/decoding ecc public keys and ensure i2d public key
  functions do not include any private key information
* Fix for EVP_EncryptUpdate to update outl on empty input
* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility
* Rework EC API and validate point after setting it
* Fix for X509 RSA PSS with compatibility layer functions
* Fix size of structures used with SHA operations when built with opensslextra
  for Espressif hardware accelerated hashing
* Added sanity check on key length with wolfSSL_CMAC_Init function
* Fix for return value type conversion of bad mutex error in logging function
* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption
* Fix unguarded XFPRINTF calls with opensslextra build
* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt
  and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails

Misc.
* Add sanity check to prevent an out of bounds read with OCSP response decoding
* Sanity check to not allow 0 length with bit string and integer when parsing
  ASN1 syntax
* Adjust RNG sanity checks and remove error prone first byte comparison
* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal
  data pointer
* PKCS7 addition of sequence around algo parameters with authenvelop
* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear
  without first calling mp_init
* Fix for SRTP setting bitfield when it is encoded for the TLS extension
* Fix for handling small http headers when doing CRL verification
* Fix for ECCSI hash function to validate the output size and curve size
* Fix for value of givenName and name being reversed with CSR generation
* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification
* Fix for a potential memory leak with ProcessCSR when handling OCSP responses
* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set
* Fix for zlib decompression buffer issue with PKCS7
* Fix for DTLS message pool send size used and DTLS server saving of the
  handshake sequence
* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from
  DoDecryptTicket()
* Fix for handling long session IDs with TLS 1.3 session tickets
* Fix for AES-GCM streaming when caching an IV
* Fix for test case with older selftest that returns bad padding instead of salt
  len error
* Add fix for siphash cache and added in additional tests
* Fix potential out of bounds memset to 0 in error case with session export
  function used with --enable-sessionexport builds
* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3
* Fix for sanity check on RSA pad length with no padding using the build macro
  WC_RSA_NO_PADDING
2023-03-26 11:14:13 +02:00

255 lines
8.1 KiB
Plaintext

bin/wolfssl-config
include/cyassl/callbacks.h
include/cyassl/certs_test.h
include/cyassl/crl.h
include/cyassl/ctaocrypt/aes.h
include/cyassl/ctaocrypt/arc4.h
include/cyassl/ctaocrypt/asn.h
include/cyassl/ctaocrypt/asn_public.h
include/cyassl/ctaocrypt/blake2-impl.h
include/cyassl/ctaocrypt/blake2-int.h
include/cyassl/ctaocrypt/blake2.h
include/cyassl/ctaocrypt/camellia.h
include/cyassl/ctaocrypt/chacha.h
include/cyassl/ctaocrypt/coding.h
include/cyassl/ctaocrypt/compress.h
include/cyassl/ctaocrypt/des3.h
include/cyassl/ctaocrypt/dh.h
include/cyassl/ctaocrypt/dsa.h
include/cyassl/ctaocrypt/ecc.h
include/cyassl/ctaocrypt/error-crypt.h
include/cyassl/ctaocrypt/fips_test.h
include/cyassl/ctaocrypt/hmac.h
include/cyassl/ctaocrypt/integer.h
include/cyassl/ctaocrypt/logging.h
include/cyassl/ctaocrypt/md2.h
include/cyassl/ctaocrypt/md4.h
include/cyassl/ctaocrypt/md5.h
include/cyassl/ctaocrypt/memory.h
include/cyassl/ctaocrypt/misc.h
include/cyassl/ctaocrypt/mpi_class.h
include/cyassl/ctaocrypt/mpi_superclass.h
include/cyassl/ctaocrypt/pkcs7.h
include/cyassl/ctaocrypt/poly1305.h
include/cyassl/ctaocrypt/pwdbased.h
include/cyassl/ctaocrypt/random.h
include/cyassl/ctaocrypt/ripemd.h
include/cyassl/ctaocrypt/rsa.h
include/cyassl/ctaocrypt/settings.h
include/cyassl/ctaocrypt/settings_comp.h
include/cyassl/ctaocrypt/sha.h
include/cyassl/ctaocrypt/sha256.h
include/cyassl/ctaocrypt/sha512.h
include/cyassl/ctaocrypt/tfm.h
include/cyassl/ctaocrypt/types.h
include/cyassl/ctaocrypt/visibility.h
include/cyassl/ctaocrypt/wc_port.h
include/cyassl/error-ssl.h
include/cyassl/ocsp.h
include/cyassl/openssl/asn1.h
include/cyassl/openssl/bio.h
include/cyassl/openssl/bn.h
include/cyassl/openssl/conf.h
include/cyassl/openssl/crypto.h
include/cyassl/openssl/des.h
include/cyassl/openssl/dh.h
include/cyassl/openssl/dsa.h
include/cyassl/openssl/ec.h
include/cyassl/openssl/ec25519.h
include/cyassl/openssl/ec448.h
include/cyassl/openssl/ecdh.h
include/cyassl/openssl/ecdsa.h
include/cyassl/openssl/ed25519.h
include/cyassl/openssl/ed448.h
include/cyassl/openssl/engine.h
include/cyassl/openssl/err.h
include/cyassl/openssl/evp.h
include/cyassl/openssl/hmac.h
include/cyassl/openssl/lhash.h
include/cyassl/openssl/md4.h
include/cyassl/openssl/md5.h
include/cyassl/openssl/ocsp.h
include/cyassl/openssl/opensslconf.h
include/cyassl/openssl/opensslv.h
include/cyassl/openssl/ossl_typ.h
include/cyassl/openssl/pem.h
include/cyassl/openssl/pkcs12.h
include/cyassl/openssl/rand.h
include/cyassl/openssl/ripemd.h
include/cyassl/openssl/rsa.h
include/cyassl/openssl/sha.h
include/cyassl/openssl/ssl.h
include/cyassl/openssl/ssl23.h
include/cyassl/openssl/stack.h
include/cyassl/openssl/ui.h
include/cyassl/openssl/x509.h
include/cyassl/openssl/x509v3.h
include/cyassl/options.h
include/cyassl/sniffer.h
include/cyassl/sniffer_error.h
include/cyassl/ssl.h
include/cyassl/test.h
include/cyassl/version.h
include/wolfssl/callbacks.h
include/wolfssl/certs_test.h
include/wolfssl/crl.h
include/wolfssl/error-ssl.h
include/wolfssl/ocsp.h
include/wolfssl/openssl/aes.h
include/wolfssl/openssl/asn1.h
include/wolfssl/openssl/asn1t.h
include/wolfssl/openssl/bio.h
include/wolfssl/openssl/bn.h
include/wolfssl/openssl/buffer.h
include/wolfssl/openssl/camellia.h
include/wolfssl/openssl/cmac.h
include/wolfssl/openssl/cms.h
include/wolfssl/openssl/compat_types.h
include/wolfssl/openssl/conf.h
include/wolfssl/openssl/crypto.h
include/wolfssl/openssl/des.h
include/wolfssl/openssl/dh.h
include/wolfssl/openssl/dsa.h
include/wolfssl/openssl/ec.h
include/wolfssl/openssl/ec25519.h
include/wolfssl/openssl/ec448.h
include/wolfssl/openssl/ecdh.h
include/wolfssl/openssl/ecdsa.h
include/wolfssl/openssl/ed25519.h
include/wolfssl/openssl/ed448.h
include/wolfssl/openssl/engine.h
include/wolfssl/openssl/err.h
include/wolfssl/openssl/evp.h
include/wolfssl/openssl/fips_rand.h
include/wolfssl/openssl/hmac.h
include/wolfssl/openssl/kdf.h
include/wolfssl/openssl/lhash.h
include/wolfssl/openssl/md4.h
include/wolfssl/openssl/md5.h
include/wolfssl/openssl/modes.h
include/wolfssl/openssl/obj_mac.h
include/wolfssl/openssl/objects.h
include/wolfssl/openssl/ocsp.h
include/wolfssl/openssl/opensslconf.h
include/wolfssl/openssl/opensslv.h
include/wolfssl/openssl/ossl_typ.h
include/wolfssl/openssl/pem.h
include/wolfssl/openssl/pkcs12.h
include/wolfssl/openssl/pkcs7.h
include/wolfssl/openssl/rand.h
include/wolfssl/openssl/rc4.h
include/wolfssl/openssl/ripemd.h
include/wolfssl/openssl/rsa.h
include/wolfssl/openssl/sha.h
include/wolfssl/openssl/sha3.h
include/wolfssl/openssl/srp.h
include/wolfssl/openssl/ssl.h
include/wolfssl/openssl/ssl23.h
include/wolfssl/openssl/stack.h
include/wolfssl/openssl/tls1.h
include/wolfssl/openssl/txt_db.h
include/wolfssl/openssl/ui.h
include/wolfssl/openssl/x509.h
include/wolfssl/openssl/x509_vfy.h
include/wolfssl/openssl/x509v3.h
include/wolfssl/options.h
include/wolfssl/quic.h
include/wolfssl/sniffer.h
include/wolfssl/sniffer_error.h
include/wolfssl/ssl.h
include/wolfssl/test.h
include/wolfssl/version.h
include/wolfssl/wolfcrypt/aes.h
include/wolfssl/wolfcrypt/arc4.h
include/wolfssl/wolfcrypt/asn.h
include/wolfssl/wolfcrypt/asn_public.h
include/wolfssl/wolfcrypt/blake2-impl.h
include/wolfssl/wolfcrypt/blake2-int.h
include/wolfssl/wolfcrypt/blake2.h
include/wolfssl/wolfcrypt/camellia.h
include/wolfssl/wolfcrypt/chacha.h
include/wolfssl/wolfcrypt/chacha20_poly1305.h
include/wolfssl/wolfcrypt/cmac.h
include/wolfssl/wolfcrypt/coding.h
include/wolfssl/wolfcrypt/compress.h
include/wolfssl/wolfcrypt/cpuid.h
include/wolfssl/wolfcrypt/cryptocb.h
include/wolfssl/wolfcrypt/curve25519.h
include/wolfssl/wolfcrypt/curve448.h
include/wolfssl/wolfcrypt/des3.h
include/wolfssl/wolfcrypt/dh.h
include/wolfssl/wolfcrypt/dilithium.h
include/wolfssl/wolfcrypt/dsa.h
include/wolfssl/wolfcrypt/ecc.h
include/wolfssl/wolfcrypt/eccsi.h
include/wolfssl/wolfcrypt/ed25519.h
include/wolfssl/wolfcrypt/ed448.h
include/wolfssl/wolfcrypt/error-crypt.h
include/wolfssl/wolfcrypt/ext_kyber.h
include/wolfssl/wolfcrypt/falcon.h
include/wolfssl/wolfcrypt/fe_448.h
include/wolfssl/wolfcrypt/fe_operations.h
include/wolfssl/wolfcrypt/fips_test.h
include/wolfssl/wolfcrypt/ge_448.h
include/wolfssl/wolfcrypt/ge_operations.h
include/wolfssl/wolfcrypt/hash.h
include/wolfssl/wolfcrypt/hmac.h
include/wolfssl/wolfcrypt/hpke.h
include/wolfssl/wolfcrypt/integer.h
include/wolfssl/wolfcrypt/kdf.h
include/wolfssl/wolfcrypt/kyber.h
include/wolfssl/wolfcrypt/logging.h
include/wolfssl/wolfcrypt/md2.h
include/wolfssl/wolfcrypt/md4.h
include/wolfssl/wolfcrypt/md5.h
include/wolfssl/wolfcrypt/mem_track.h
include/wolfssl/wolfcrypt/memory.h
include/wolfssl/wolfcrypt/misc.h
include/wolfssl/wolfcrypt/mpi_class.h
include/wolfssl/wolfcrypt/mpi_superclass.h
include/wolfssl/wolfcrypt/pkcs12.h
include/wolfssl/wolfcrypt/pkcs7.h
include/wolfssl/wolfcrypt/poly1305.h
include/wolfssl/wolfcrypt/pwdbased.h
include/wolfssl/wolfcrypt/random.h
include/wolfssl/wolfcrypt/rc2.h
include/wolfssl/wolfcrypt/ripemd.h
include/wolfssl/wolfcrypt/rsa.h
include/wolfssl/wolfcrypt/sakke.h
include/wolfssl/wolfcrypt/settings.h
include/wolfssl/wolfcrypt/sha.h
include/wolfssl/wolfcrypt/sha256.h
include/wolfssl/wolfcrypt/sha3.h
include/wolfssl/wolfcrypt/sha512.h
include/wolfssl/wolfcrypt/signature.h
include/wolfssl/wolfcrypt/siphash.h
include/wolfssl/wolfcrypt/sp_int.h
include/wolfssl/wolfcrypt/sphincs.h
include/wolfssl/wolfcrypt/srp.h
include/wolfssl/wolfcrypt/tfm.h
include/wolfssl/wolfcrypt/types.h
include/wolfssl/wolfcrypt/visibility.h
include/wolfssl/wolfcrypt/wc_encrypt.h
include/wolfssl/wolfcrypt/wc_kyber.h
include/wolfssl/wolfcrypt/wc_port.h
include/wolfssl/wolfcrypt/wolfevent.h
include/wolfssl/wolfcrypt/wolfmath.h
include/wolfssl/wolfio.h
lib/libwolfssl.a
lib/libwolfssl.so
lib/libwolfssl.so.35
lib/libwolfssl.so.35.4.0
libdata/pkgconfig/wolfssl.pc
%%PORTDOCS%%%%DOCSDIR%%/QUIC.md
%%PORTDOCS%%%%DOCSDIR%%/README.txt
%%PORTDOCS%%%%DOCSDIR%%/example/client.c
%%PORTDOCS%%%%DOCSDIR%%/example/echoclient.c
%%PORTDOCS%%%%DOCSDIR%%/example/echoserver.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-client-dtls.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-client.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-server-dtls.c
%%PORTDOCS%%%%DOCSDIR%%/example/sctp-server.c
%%PORTDOCS%%%%DOCSDIR%%/example/server.c
%%PORTDOCS%%%%DOCSDIR%%/example/tls_bench.c
%%PORTDOCS%%%%DOCSDIR%%/taoCert.txt