[pkgsrc/trunk]: pkgsrc/security/wolfssl security/wolfssl: Update to v5.2.0

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/wolfssl security/wolfssl: Update to v5.2.0
From: fox <fox%pkgsrc.org@localhost>
Date: Sat, 26 Feb 2022 08:05:13 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/13e2d703436f
branches:  trunk
changeset: 374748:13e2d703436f
user:      fox <fox%pkgsrc.org@localhost>
date:      Sat Feb 26 06:52:46 2022 +0000

description:
security/wolfssl: Update to v5.2.0

Changes since v5.1.1:

wolfSSL Release 5.2.0 (Feb 21, 2022)

Release 5.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities

  * [High] A TLS v1.3 server who requires mutual authentication can be
    bypassed. If a malicious client does not send the certificate_verify message
    a client can connect without presenting a certificate even if the server
    requires one. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
    Télécom SudParis.
  * [High] A TLS v1.3 client attempting to authenticate a TLS v1.3 server can
    have its certificate check bypassed. If the sig_algo in the
    certificate_verify message is different than the certificate message checking
    may be bypassed. Thank you to Aina Toky Rasoamanana and Olivier Levillain of
    Télécom SudParis.

New Feature Additions

  *  Example applications for Renesas RX72N with FreeRTOS+IoT
  *  Renesas FSP 3.5.0 support for RA6M3
  *  For TLS 1.3, improved checks on order of received messages.
  *  Support for use of SHA-3 cryptography instructions available in ARMv8.2-A
     architecture extensions. (For Apple M1)
  *  Support for use of SHA-512 cryptography instructions available in ARMv8.2-A
     architecture extensions. (For Apple M1)
  *  Fixes for clang -Os on clang >= 12.0.0
  *  Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
  *  Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
  *  Allow DES3 with FIPS v5-dev.
  *  Include HMAC for deterministic ECC sign build
  *  Add --enable-chrony configure option. This sets build options needed to
     build the Chrony NTP (Network Time Protocol) service.
  *  Add support for STM32U575xx boards.
  *  Fixes for NXP’s SE050 Ed25519/Curve25519.
  *  TLS: Secure renegotiation info on by default for compatibility.
  *  Inline C code version of ARM32 assembly for cryptographic algorithms
     available and compiling for improved performance on ARM platforms
  *  Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
  *  ISO-TP transport layer support added to wolfio for TLS over CAN Bus
  *  Fix initialization bug in SiLabs AES support
  *  Domain and IP check is only performed on leaf certificates

ARM PSA Support (Platform Security Architecture) API

  * Initial support added for ARM’s Platform Security Architecture (PSA) API in
    wolfCrypt which allows support of ARM PSA enabled devices by wolfSSL,
    wolfSSH, and wolfBoot and wolfCrypt FIPS.
  * Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG

ECICE Updates

  * Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
    AES-256-CTR
  * Support for compressed public keys in messages.

Math Improvements

  * Improved performance of X448 and Ed448 through inlining Karatsuba in square
    and multiplication operations for 128-bit implementation (64-bit platforms
    with 128-bit type support).
  * SP Math C implementation: fix for corner case in curve specific
    implementations of Montgomery Reduction (P-256, P-384).
  * SP math all: assembly snippets added for ARM Thumb. Performance improvement
    on platform.
  * SP math all: ARM64/32 sp_div_word assembly snippets added to remove
    dependency on __udiv3.
  * SP C implementation: multiplication of two signed types with overflow is
    undefined in C. Now cast to unsigned type before multiplication is
    performed.
  * SP C implementation correctly builds when using CFLAG: -m32

OpenSSL Compatibility Layer

  * Added DH_get_2048_256 to compatibility layer.
  * wolfSSLeay_version now returns the version of wolfSSL
  * Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows better
    compatibility when building with a C++ compiler.
  * Fix for OpenSSL x509_NAME_hash mismatch
  * Implement FIPS_mode and FIPS_mode_set in the compat layer.
  * Fix for certreq and certgen options with openssl compatibility
  * wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
  * Fix IV length bug in EVP AES-GCM code.
  * Add new ASN1_INTEGER compatibility functions.
  * Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM

CMake Updates

  * Check for valid override values.
  * Add KEYGEN option.
  * Cleanup help messages.
  * Add options to support wolfTPM.

VisualStudio Updates

  * Remove deprecated VS solution
  * Fix VS unreachable code warning

New Algorithms and Protocols

  * AES-SIV (RFC 5297)
  * DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new real-time
    session keys
  * SipHash MAC/PRF for hash tables. Includes inline assembly for x86_64 and
    Aarch64.

Remove Obsolete Algorithms

  * IDEA
  * Rabbit
  * HC-128

diffstat:

 security/wolfssl/Makefile |  4 ++--
 security/wolfssl/PLIST    |  9 +++------
 security/wolfssl/distinfo |  8 ++++----
 3 files changed, 9 insertions(+), 12 deletions(-)

diffs (85 lines):

diff -r 322e89be988e -r 13e2d703436f security/wolfssl/Makefile
--- a/security/wolfssl/Makefile Sat Feb 26 06:47:24 2022 +0000
+++ b/security/wolfssl/Makefile Sat Feb 26 06:52:46 2022 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.11 2022/01/08 09:48:16 fox Exp $
+# $NetBSD: Makefile,v 1.12 2022/02/26 06:52:46 fox Exp $
 
-DISTNAME=      wolfssl-5.1.1
+DISTNAME=      wolfssl-5.2.0
 CATEGORIES=    security
 MASTER_SITES=  https://www.wolfssl.com/
 EXTRACT_SUFX=  .zip
diff -r 322e89be988e -r 13e2d703436f security/wolfssl/PLIST
--- a/security/wolfssl/PLIST    Sat Feb 26 06:47:24 2022 +0000
+++ b/security/wolfssl/PLIST    Sat Feb 26 06:52:46 2022 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2021/12/30 01:19:03 fox Exp $
+@comment $NetBSD: PLIST,v 1.7 2022/02/26 06:52:46 fox Exp $
 bin/wolfssl-config
 include/cyassl/callbacks.h
 include/cyassl/certs_test.h
@@ -20,7 +20,6 @@
 include/cyassl/ctaocrypt/ecc.h
 include/cyassl/ctaocrypt/error-crypt.h
 include/cyassl/ctaocrypt/fips_test.h
-include/cyassl/ctaocrypt/hc128.h
 include/cyassl/ctaocrypt/hmac.h
 include/cyassl/ctaocrypt/integer.h
 include/cyassl/ctaocrypt/logging.h
@@ -34,7 +33,6 @@
 include/cyassl/ctaocrypt/pkcs7.h
 include/cyassl/ctaocrypt/poly1305.h
 include/cyassl/ctaocrypt/pwdbased.h
-include/cyassl/ctaocrypt/rabbit.h
 include/cyassl/ctaocrypt/random.h
 include/cyassl/ctaocrypt/ripemd.h
 include/cyassl/ctaocrypt/rsa.h
@@ -123,6 +121,7 @@
 include/wolfssl/openssl/engine.h
 include/wolfssl/openssl/err.h
 include/wolfssl/openssl/evp.h
+include/wolfssl/openssl/fips_rand.h
 include/wolfssl/openssl/hmac.h
 include/wolfssl/openssl/lhash.h
 include/wolfssl/openssl/md4.h
@@ -191,9 +190,7 @@
 include/wolfssl/wolfcrypt/ge_448.h
 include/wolfssl/wolfcrypt/ge_operations.h
 include/wolfssl/wolfcrypt/hash.h
-include/wolfssl/wolfcrypt/hc128.h
 include/wolfssl/wolfcrypt/hmac.h
-include/wolfssl/wolfcrypt/idea.h
 include/wolfssl/wolfcrypt/integer.h
 include/wolfssl/wolfcrypt/kdf.h
 include/wolfssl/wolfcrypt/logging.h
@@ -209,7 +206,6 @@
 include/wolfssl/wolfcrypt/pkcs7.h
 include/wolfssl/wolfcrypt/poly1305.h
 include/wolfssl/wolfcrypt/pwdbased.h
-include/wolfssl/wolfcrypt/rabbit.h
 include/wolfssl/wolfcrypt/random.h
 include/wolfssl/wolfcrypt/rc2.h
 include/wolfssl/wolfcrypt/ripemd.h
@@ -221,6 +217,7 @@
 include/wolfssl/wolfcrypt/sha3.h
 include/wolfssl/wolfcrypt/sha512.h
 include/wolfssl/wolfcrypt/signature.h
+include/wolfssl/wolfcrypt/siphash.h
 include/wolfssl/wolfcrypt/srp.h
 include/wolfssl/wolfcrypt/tfm.h
 include/wolfssl/wolfcrypt/types.h
diff -r 322e89be988e -r 13e2d703436f security/wolfssl/distinfo
--- a/security/wolfssl/distinfo Sat Feb 26 06:47:24 2022 +0000
+++ b/security/wolfssl/distinfo Sat Feb 26 06:52:46 2022 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.12 2022/01/08 09:48:16 fox Exp $
+$NetBSD: distinfo,v 1.13 2022/02/26 06:52:46 fox Exp $
 
-BLAKE2s (wolfssl-5.1.1.zip) = 6cd4f2acc34cbdd57409f3a81b2107fb5fb23a816b3268c532141fb9d892033c
-SHA512 (wolfssl-5.1.1.zip) = f9a024d0895263e3962c9155cdfbb875d30be9cbb846642cd950eaae74eb768681a9ad08a3b970f5611ca9ee7894498002ffc8a3690afbcfb15a4106dee27f81
-Size (wolfssl-5.1.1.zip) = 12558116 bytes
+BLAKE2s (wolfssl-5.2.0.zip) = 2f9c0cf5eef5781abe8f863d39db22959253561d97676bc61c608d257e94092f
+SHA512 (wolfssl-5.2.0.zip) = eb3565cffd261c13b69d7049b0bc6ea030419a29aeb3f0937ea2f1de2c6b22aeabee354abe5c0d88fcd7249eb9b3f63ff4ca2dd61942c4fda6c067d0cc2d9def
+Size (wolfssl-5.2.0.zip) = 15470250 bytes
 SHA1 (patch-certs_intermediate_genintcerts.sh) = bdcf9a1fd14170aaf780ab9677fd8bc6e4ddc75c
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/wolfssl to 5.2.0
Next by Date: [pkgsrc/trunk]: pkgsrc/converters/pandoc converters/pandoc: Link pandoc with ...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/wolfssl to 5.2.0
Next by Thread: [pkgsrc/trunk]: pkgsrc/converters/pandoc converters/pandoc: Link pandoc with ...
Indexes:
Home | Main Index | Thread Index | Old Index