git: 44b4edac3502 - main - security/wolfssl: Update to v5.5.1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 01 Oct 2022 11:56:00 UTC
The branch main has been updated by fox:
URL: https://cgit.FreeBSD.org/ports/commit/?id=44b4edac350261df25ca4153ed01148a94051d90
commit 44b4edac350261df25ca4153ed01148a94051d90
Author: Santhosh Raju <fox@FreeBSD.org>
AuthorDate: 2022-10-01 11:47:54 +0000
Commit: Santhosh Raju <fox@FreeBSD.org>
CommitDate: 2022-10-01 11:55:13 +0000
security/wolfssl: Update to v5.5.1
Changes since v5.5.0:
wolfSSL Release 5.5.1 (Sep 28, 2022) Latest
Vulnerabilities
* [Med] Denial of service attack and buffer overflow against TLS 1.3 servers
using session ticket resumption. When built with --enable-session-ticket and
making use of TLS 1.3 server code in wolfSSL, there is the possibility of a
malicious client to craft a malformed second ClientHello packet that causes
the server to crash. This issue is limited to when using both
--enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3
servers, and having --enable-session-ticket, should update to the latest
version of wolfSSL. Thanks to Max at Trail of Bits for the report and
"LORIA, INRIA, France" for research on tlspuffin.
New Feature Additions
* Add support for non-blocking ECC key gen and shared secret gen for
P-256/384/521
* Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer.
* Port to NXP RT685 with FreeRTOS
* Add option to build post quantum Kyber API (--enable-kyber)
* Add post quantum algorithm sphincs to wolfCrypt
* Config. option to force no asm with SP build (--enable-sp=noasm)
* Allow post quantum keyshare for DTLS 1.3
Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve wc_SetCustomExtension documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
* Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Support for setting cipher list with bytes
* wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
* Add to RSAES-OAEP key parsing for pkcs7
* Add missing DN nid to work with PrintName()
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out
when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading
of certificate
Fixes
* Fix for async with OCSP non-blocking in ProcessPeerCerts
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of
private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
* Fix DTLS 1.3 do not negotiate ConnectionID in HelloRetryRequest
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
---
security/wolfssl/Makefile | 2 +-
security/wolfssl/distinfo | 6 +++---
security/wolfssl/pkg-plist | 6 +++++-
3 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
index ffff645c797b..2b45f4b77e0f 100644
--- a/security/wolfssl/Makefile
+++ b/security/wolfssl/Makefile
@@ -1,5 +1,5 @@
PORTNAME= wolfssl
-PORTVERSION= 5.5.0
+PORTVERSION= 5.5.1
CATEGORIES= security devel
MASTER_SITES= https://www.wolfssl.com/ \
LOCAL/fox
diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo
index 4580a4cf7ebf..594abbe2c29a 100644
--- a/security/wolfssl/distinfo
+++ b/security/wolfssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1662280431
-SHA256 (wolfssl-5.5.0.zip) = f5cae7077ffb88d2980b467747e4bff0f3a927e22351d17eadcf1d09ba56d374
-SIZE (wolfssl-5.5.0.zip) = 20168520
+TIMESTAMP = 1664621010
+SHA256 (wolfssl-5.5.1.zip) = 5f443b1a05bc7d7fd62f74b12b1004891c73dca0141dbcef79b14ee3b29216a4
+SIZE (wolfssl-5.5.1.zip) = 20389385
diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist
index 7acb39f915ab..ae8f9778081c 100644
--- a/security/wolfssl/pkg-plist
+++ b/security/wolfssl/pkg-plist
@@ -185,6 +185,7 @@ include/wolfssl/wolfcrypt/eccsi.h
include/wolfssl/wolfcrypt/ed25519.h
include/wolfssl/wolfcrypt/ed448.h
include/wolfssl/wolfcrypt/error-crypt.h
+include/wolfssl/wolfcrypt/ext_kyber.h
include/wolfssl/wolfcrypt/falcon.h
include/wolfssl/wolfcrypt/fe_448.h
include/wolfssl/wolfcrypt/fe_operations.h
@@ -195,6 +196,7 @@ include/wolfssl/wolfcrypt/hash.h
include/wolfssl/wolfcrypt/hmac.h
include/wolfssl/wolfcrypt/integer.h
include/wolfssl/wolfcrypt/kdf.h
+include/wolfssl/wolfcrypt/kyber.h
include/wolfssl/wolfcrypt/logging.h
include/wolfssl/wolfcrypt/md2.h
include/wolfssl/wolfcrypt/md4.h
@@ -221,11 +223,13 @@ include/wolfssl/wolfcrypt/sha512.h
include/wolfssl/wolfcrypt/signature.h
include/wolfssl/wolfcrypt/siphash.h
include/wolfssl/wolfcrypt/sp_int.h
+include/wolfssl/wolfcrypt/sphincs.h
include/wolfssl/wolfcrypt/srp.h
include/wolfssl/wolfcrypt/tfm.h
include/wolfssl/wolfcrypt/types.h
include/wolfssl/wolfcrypt/visibility.h
include/wolfssl/wolfcrypt/wc_encrypt.h
+include/wolfssl/wolfcrypt/wc_kyber.h
include/wolfssl/wolfcrypt/wc_port.h
include/wolfssl/wolfcrypt/wolfevent.h
include/wolfssl/wolfcrypt/wolfmath.h
@@ -233,7 +237,7 @@ include/wolfssl/wolfio.h
lib/libwolfssl.a
lib/libwolfssl.so
lib/libwolfssl.so.35
-lib/libwolfssl.so.35.0.0
+lib/libwolfssl.so.35.1.0
libdata/pkgconfig/wolfssl.pc
%%PORTDOCS%%%%DOCSDIR%%/QUIC.md
%%PORTDOCS%%%%DOCSDIR%%/README.txt