git: 2621a7fc635d - main - security/wolfssl: Update to v5.5.4
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 04 Feb 2023 15:47:59 UTC
The branch main has been updated by fox:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2621a7fc635d4fbc955ec156fabbf26037f27a9c
commit 2621a7fc635d4fbc955ec156fabbf26037f27a9c
Author: Santhosh Raju <fox@FreeBSD.org>
AuthorDate: 2023-02-04 15:44:24 +0000
Commit: Santhosh Raju <fox@FreeBSD.org>
CommitDate: 2023-02-04 15:44:24 +0000
security/wolfssl: Update to v5.5.4
Changes since v5.5.3:
wolfSSL Release 5.5.4 (Dec 21, 2022)
Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:
New Feature Additions
* QUIC related changes for HAProxy integration and config option
* Support for Analog Devices MAXQ1080 and MAXQ1065
* Testing and build of wolfSSL with NuttX
* New software based entropy gatherer with configure option
--enable-entropy-memuseOP
* NXP SE050 feature expansion and fixes, adding in RSA support and conditional
compile of AES and CMAC
* Support for multi-threaded sniffer
Improvements / Optimizations
Benchmark and Tests
* Add alternate test case for unsupported static memory API when testing mutex
allocations
* Additional unit test cases added for AES CCM 256-bit
* Initialize and free AES object with benchmarking AES-OFB
* Kyber with DTLS 1.3 tests added
* Tidy up Espressif ESP32 test and benchmark examples
* Rework to be able to run API tests individually and add display of time taken
per test
Build and Port Improvements
* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU
* Add support to detect SIZEOF_LONG in armclang and diab
* Added in a simple example working on Rx72n
* Update azsphere support to prevent compilation of file included inline
* --enable-brainpool configure option added and default to on when custom curves
are also on
* Add RSA PSS salt defines to engine builds if not FIPS v2
Post Quantum
* Remove kyber-90s and route all Kyber through wolfcrypt
* Purge older version of NTRU and SABER from wolfSSL
SP Math
* Support static memory build with sp-math
* SP C, SP int: improve performance
* SP int: support mingw64 again
* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set
before using long long
* SP int: check size required when using sp_int on stack
* SP: --enable-sp-asm now enables SP by default if not set
* SP: support aarch64 big endian
DTLS
* Allow DTLS 1.3 to compile when FIPS is enabled
* Allow for stateless DTLS client hello parsing
Misc.
* Easier detection of DRBG health when using Intel’s RDRAND by updating the
structures status value
* Detection of duplicate known extensions with TLS
* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding
keys, add initialization API
* Update max Cert Policy size based on RFC 5280
* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
* Improve logic for enabling system CA certs on Apple devices
* Stub functions to allow for cpuid public functions with non-intel builds
* Increase RNG_SECURITY_STRENGTH for FIPS
* Improvements in OpenSSL Compat ERR Queue handling
* Support ASN1/DER CRLs in LoadCertByIssuer
* Expose more ECC math functions and improve async shared secret
* Improvement for sniffer error messages
* Warning added that renegotiation in TLS 1.3 requires session ticket
* Adjustment for TLS 1.3 post auth support
* Rework DH API and improve PEM read/write
Build Fixes
* Fix --enable-devcrypto build error for sys without u_int8_t type
* Fix casts in evp.c and build issue in ParseCRL
* Fixes for compatibility layer building with heap hint and OSSL callbacks
* fix compile error due to Werro=undef on gcc-4.8
* Fix mingw-w64 build issues on windows
* Xcode project fixes for different build settings
* Initialize variable causing failures with gcc-11 and gcc-12 with a unique
wolfSSL build configuration
* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification
* Fixes for various tests that do not properly handle `WC_PENDING_E` with
async. builds
* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY`
OCSP Fixes
* Correctly save next status with OCSP response verify
* When the OCSP responder returns an unknown exception, continue through to
checking the CRL
Math Fixes
* Fix for implicit conversion with 32-bit in SP math
* Fix for error checks when modulus is even with SP int build
* Fix for checking of err in _sp_exptmod_nct with SP int build
* ECC cofactor fix when checking scalar bits
* ARM32 ASM: don't use ldrd on user data
* SP int, fix when ECC specific size code included
Port Fixes
* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM
* Fix for cryptocell signature verification with ECC
* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO
Compat. Layer Fixes
* Fix for handling DEFAULT:... cipher suite list
* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object
* Set alt name type to V_ASN1_IA5STRING
* Update name hash functions wolfSSL_X509_subject_name_hash and
wolfSSL_X509_issuer_name_hash to hash the canonical form of subject
* Fix wolfSSL_set_SSL_CTX() to be usable during handshake
* Fix X509_get1_ocsp to set num of elements in stack
* X509v3 EXT d2i: fix freeing of aia
* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509()
* Link newly created x509 store's certificate manager to self by default to
assist with CRL verification
* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the
curve is not found
Misc.
* Free potential signer malloc in a fail case
* fix other name san parsing and add RID cert to test parsing
* WOLFSSL_OP_NO_TICKET fix for TLSv1.2
* fix ASN template parsing of X509 subject directory attribute
* Fix the wrong IV size with the cipher suite
TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
* Fix incorrect self signed error return when compiled with certreq and certgen.
* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline()
* Fix for decryption after second handshake with async sniffer
* Allow session tickets to properly resume when using PQ KEMs
* Add sanity overflow check to DecodeAltNames input buffer access
---
security/wolfssl/Makefile | 2 +-
security/wolfssl/distinfo | 6 +++---
security/wolfssl/pkg-plist | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
index 5dc983b1a01b..e39485c010e3 100644
--- a/security/wolfssl/Makefile
+++ b/security/wolfssl/Makefile
@@ -1,5 +1,5 @@
PORTNAME= wolfssl
-PORTVERSION= 5.5.3
+PORTVERSION= 5.5.4
CATEGORIES= security devel
MASTER_SITES= https://www.wolfssl.com/ \
LOCAL/fox
diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo
index 6b933d3d515a..1fd49e27f7d3 100644
--- a/security/wolfssl/distinfo
+++ b/security/wolfssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1667845431
-SHA256 (wolfssl-5.5.3.zip) = bc441ae086ddb9d42e2ad391920b400b8cabb19d2aea5efb1cb90b527e0990ee
-SIZE (wolfssl-5.5.3.zip) = 20551889
+TIMESTAMP = 1675516684
+SHA256 (wolfssl-5.5.4.zip) = 76da2d57183a5de2660f6214db7234d21df6d8c5ef12a79bdad5e68774dda380
+SIZE (wolfssl-5.5.4.zip) = 20699104
diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist
index a4c68461b7f0..e701605ecaf0 100644
--- a/security/wolfssl/pkg-plist
+++ b/security/wolfssl/pkg-plist
@@ -237,7 +237,7 @@ include/wolfssl/wolfio.h
lib/libwolfssl.a
lib/libwolfssl.so
lib/libwolfssl.so.35
-lib/libwolfssl.so.35.2.1
+lib/libwolfssl.so.35.3.0
libdata/pkgconfig/wolfssl.pc
%%PORTDOCS%%%%DOCSDIR%%/QUIC.md
%%PORTDOCS%%%%DOCSDIR%%/README.txt