git: 2621a7fc635d - main - security/wolfssl: Update to v5.5.4

From: Santhosh Raju <fox_at_FreeBSD.org>
Date: Sat, 04 Feb 2023 15:47:59 UTC
The branch main has been updated by fox:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2621a7fc635d4fbc955ec156fabbf26037f27a9c

commit 2621a7fc635d4fbc955ec156fabbf26037f27a9c
Author:     Santhosh Raju <fox@FreeBSD.org>
AuthorDate: 2023-02-04 15:44:24 +0000
Commit:     Santhosh Raju <fox@FreeBSD.org>
CommitDate: 2023-02-04 15:44:24 +0000

    security/wolfssl: Update to v5.5.4
    
    Changes since v5.5.3:
    
    wolfSSL Release 5.5.4 (Dec 21, 2022)
    
    Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:
    
    New Feature Additions
    
    * QUIC related changes for HAProxy integration and config option
    * Support for Analog Devices MAXQ1080 and MAXQ1065
    * Testing and build of wolfSSL with NuttX
    * New software based entropy gatherer with configure option
      --enable-entropy-memuseOP
    * NXP SE050 feature expansion and fixes, adding in RSA support and conditional
      compile of AES and CMAC
    * Support for multi-threaded sniffer
    
    Improvements / Optimizations
    
    Benchmark and Tests
    * Add alternate test case for unsupported static memory API when testing mutex
      allocations
    * Additional unit test cases added for AES CCM 256-bit
    * Initialize and free AES object with benchmarking AES-OFB
    * Kyber with DTLS 1.3 tests added
    * Tidy up Espressif ESP32 test and benchmark examples
    * Rework to be able to run API tests individually and add display of time taken
      per test
    
    Build and Port Improvements
    * Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU
    * Add support to detect SIZEOF_LONG in armclang and diab
    * Added in a simple example working on Rx72n
    * Update azsphere support to prevent compilation of file included inline
    * --enable-brainpool configure option added and default to on when custom curves
        are also on
    * Add RSA PSS salt defines to engine builds if not FIPS v2
    
    Post Quantum
    * Remove kyber-90s and route all Kyber through wolfcrypt
    * Purge older version of NTRU and SABER from wolfSSL
    
    SP Math
    * Support static memory build with sp-math
    * SP C, SP int: improve performance
    * SP int: support mingw64 again
    * SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set
      before using long long
    * SP int: check size required when using sp_int on stack
    * SP: --enable-sp-asm now enables SP by default if not set
    * SP: support aarch64 big endian
    
    DTLS
    * Allow DTLS 1.3 to compile when FIPS is enabled
    * Allow for stateless DTLS client hello parsing
    
    Misc.
    * Easier detection of DRBG health when using Intel’s RDRAND by updating the
      structures status value
    * Detection of duplicate known extensions with TLS
    * PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding
      keys, add initialization API
    * Update max Cert Policy size based on RFC 5280
    * Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
    * Improve logic for enabling system CA certs on Apple devices
    * Stub functions to allow for cpuid public functions with non-intel builds
    * Increase RNG_SECURITY_STRENGTH for FIPS
    * Improvements in OpenSSL Compat ERR Queue handling
    * Support ASN1/DER CRLs in LoadCertByIssuer
    * Expose more ECC math functions and improve async shared secret
    * Improvement for sniffer error messages
    * Warning added that renegotiation in TLS 1.3 requires session ticket
    * Adjustment for TLS 1.3 post auth support
    * Rework DH API and improve PEM read/write
    
    Build Fixes
    * Fix --enable-devcrypto build error for sys without u_int8_t type
    * Fix casts in evp.c and build issue in ParseCRL
    * Fixes for compatibility layer building with heap hint and OSSL callbacks
    * fix compile error due to Werro=undef on gcc-4.8
    * Fix mingw-w64 build issues on windows
    * Xcode project fixes for different build settings
    * Initialize variable causing failures with gcc-11 and gcc-12 with a unique
      wolfSSL build configuration
    * Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification
    * Fixes for various tests that do not properly handle `WC_PENDING_E` with
      async. builds
    * Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY`
    
    OCSP Fixes
    * Correctly save next status with OCSP response verify
    * When the OCSP responder returns an unknown exception, continue through to
      checking the CRL
    
    Math Fixes
    * Fix for implicit conversion with 32-bit in SP math
    * Fix for error checks when modulus is even with SP int build
    * Fix for checking of err in _sp_exptmod_nct with SP int build
    * ECC cofactor fix when checking scalar bits
    * ARM32 ASM: don't use ldrd on user data
    * SP int, fix when ECC specific size code included
    
    Port Fixes
    * Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM
    * Fix for cryptocell signature verification with ECC
    * Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO
    
    Compat. Layer Fixes
    * Fix for handling DEFAULT:... cipher suite list
    * Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object
    * Set alt name type to V_ASN1_IA5STRING
    * Update name hash functions wolfSSL_X509_subject_name_hash and
      wolfSSL_X509_issuer_name_hash to hash the canonical form of subject
    * Fix wolfSSL_set_SSL_CTX() to be usable during handshake
    * Fix X509_get1_ocsp to set num of elements in stack
    * X509v3 EXT d2i: fix freeing of aia
    * Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509()
    * Link newly created x509 store's certificate manager to self by default to
      assist with CRL verification
    * Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the
      curve is not found
    
    Misc.
    * Free potential signer malloc in a fail case
    * fix other name san parsing and add RID cert to test parsing
    * WOLFSSL_OP_NO_TICKET fix for TLSv1.2
    * fix ASN template parsing of X509 subject directory attribute
    * Fix the wrong IV size with the cipher suite
      TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
    * Fix incorrect self signed error return when compiled with certreq and certgen.
    * Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline()
    * Fix for decryption after second handshake with async sniffer
    * Allow session tickets to properly resume when using PQ KEMs
    * Add sanity overflow check to DecodeAltNames input buffer access
---
 security/wolfssl/Makefile  | 2 +-
 security/wolfssl/distinfo  | 6 +++---
 security/wolfssl/pkg-plist | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
index 5dc983b1a01b..e39485c010e3 100644
--- a/security/wolfssl/Makefile
+++ b/security/wolfssl/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	wolfssl
-PORTVERSION=	5.5.3
+PORTVERSION=	5.5.4
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.wolfssl.com/ \
 		LOCAL/fox
diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo
index 6b933d3d515a..1fd49e27f7d3 100644
--- a/security/wolfssl/distinfo
+++ b/security/wolfssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1667845431
-SHA256 (wolfssl-5.5.3.zip) = bc441ae086ddb9d42e2ad391920b400b8cabb19d2aea5efb1cb90b527e0990ee
-SIZE (wolfssl-5.5.3.zip) = 20551889
+TIMESTAMP = 1675516684
+SHA256 (wolfssl-5.5.4.zip) = 76da2d57183a5de2660f6214db7234d21df6d8c5ef12a79bdad5e68774dda380
+SIZE (wolfssl-5.5.4.zip) = 20699104
diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist
index a4c68461b7f0..e701605ecaf0 100644
--- a/security/wolfssl/pkg-plist
+++ b/security/wolfssl/pkg-plist
@@ -237,7 +237,7 @@ include/wolfssl/wolfio.h
 lib/libwolfssl.a
 lib/libwolfssl.so
 lib/libwolfssl.so.35
-lib/libwolfssl.so.35.2.1
+lib/libwolfssl.so.35.3.0
 libdata/pkgconfig/wolfssl.pc
 %%PORTDOCS%%%%DOCSDIR%%/QUIC.md
 %%PORTDOCS%%%%DOCSDIR%%/README.txt