prepare for release 5.3.0

ChangeLog.md

@@ -1,3 +1,156 @@
+# wolfSSL Release 5.3.0 (May 3rd, 2022)
+
+Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+### Ports
+* Updated support for Stunnel to version 5.61
+* Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
+* Allow encrypt then mac with Apache port
+* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
+* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
+* Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
+* Update the bind port to version 9.18.0
+
+### Post Quantum
+* Add Post-quantum KEM benchmark for STM32
+* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
+
+### Compatibility Layer Additions
+* Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
+    - ASN1_TIME_compare
+    - DH_new_by_nid
+    - OBJ_length, OBJ_get0_data,
+    - EVP layer ChaCha20-Poly1305, HKDF
+    - EC_POINT_get_affine_coordinates
+    - EC_POINT_set_affine_coordinates
+* Additional functions added were:
+    - EC_KEY_print_fp
+    - EVP_PKEY_paramgen
+    - EVP_PKEY_sign/verify functionality
+    - PEM_write_RSAPublicKey
+    - PEM_write_EC_PUBKEY
+    - PKCS7_sign
+    - PKCS7_final
+    - SMIME_write_PKCS7
+    - EC_KEY/DH_up_ref
+    - EVP_DecodeBlock
+    - EVP_EncodeBlock
+    - EC_KEY_get_conv_form
+    - BIO_eof
+    - Add support for BIO_CTRL_SET and BIO_CTRL_GET
+* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
+* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
+* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
+* Add extended key usage support to wolfSSL_X509_set_ext
+* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
+* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
+* Changed X509_V_ERR codes to better match OpenSSL values used
+* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
+* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
+
+### Misc.
+* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
+* Added in support for OCSP with IPv6
+* Enhance SP (single precision) optimizations for use with the ECC P521
+* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
+* Add CSR (Certificate Signing Request) userId support in subject name
+* Injection and parsing of custom extensions in X.509 certificates
+* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
+* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
+* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
+* Added private key id/label support with improving the PK (Public Key) callbacks
+* Support for Intel QuickAssist ECC KeyGen acceleration
+* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
+* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
+* wolfRand for AMD --enable-amdrand
+
+## Fixes
+### PORT Fixes
+* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
+* Add the new kdf.c file to the TI-RTOS build
+* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
+* IOTSafe workarounds when reading files with ending 0’s and for ECC signatures
+
+### Math Library Fixes
+* Sanity check with SP math that ECC points ordinates are not greater than modulus length
+* Additional sanity checks that _sp_add_d does not error due to overflow
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests 
+* TFM fp_div_2_ct rework to avoid potential overflow
+
+### Misc.
+* Fix for PKCS#7 with Crypto Callbacks
+* Fix for larger curve sizes with deterministic ECC sign
+* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
+* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
+* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
+* Remove extra padding when AES-CBC encrypted with PemToDer
+* Fixes for TLS v1.3 early data with async.
+* Fixes for async disables around the DevCopy calls
+* Fixes for Windows AES-NI with clang compiler
+* Fix for handling the detection of processing a plaintext TLS alert packet
+* Fix for potential memory leak in an error case with TLSX supported groups
+* Sanity check on `input` size in `DecodeNsCertType`
+* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
+* Fix for PK callbacks with server side and setting a public key
+
+## Improvements/Optimizations
+### Build Options and Warnings
+* Added example user settings template for FIPS v5 ready
+* Automake file touch cleanup for use with Yocto devtool
+* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
+* Enable TLS 1.3 early data when specifying `--enable-all` option
+* Disable PK Callbacks with JNI FIPS builds
+* Add a FIPS cert 3389 ready option, this is the fips-ready build
+* Support (no)inline with Wind River Diab compiler
+* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
+* Add logic equivalent to configure.ac in settings.h for Poly1305
+* Fixes to support building opensslextra with SP math
+* CPP protection for extern references to x86_64 asm code
+* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
+* Documentation improvements with auto generation
+* Fix reproducible-build for working an updated version of libtool, version 2.4.7
+* Fixes for Diab C89 and armclang
+* Fix `mcapi_test.c` to include the settings.h before crypto.h
+* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
+* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
+
+### Math Libraries
+* Add RSA/DH check for even modulus
+* Enhance TFM math to handle more alloc failure cases gracefully
+* SP ASM performance improvements mostly around AArch64
+* SP ASM improvements for additional cache attack resistance
+* Add RSA check for small difference between p and q
+* 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
+* Testing and Validation
+* All shell scripts in source tree now tested for correctness using shellcheck and bash -n
+* Added build testing under gcc-12 and -std=c++17 and fixed warnings
+* TLS 1.3 script test improvement to wait for server to write file
+* Unit tests for ECC r/s zeroness handling
+* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
+* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
+
+### Misc.
+* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
+* Modify example app to work with FreeRTOS+IoT
+* Ease of access for cert used for verifying a PKCS#7 bundle
+* Clean up Visual Studio output and intermediate directories
+* With TLS 1.3 fail immediately if a server sends empty certificate message
+* Enhance the benchmark application to support multi-threaded testing
+* Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
+* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
+* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
+* Various portability improvements (Time, DTLS epoch size, IV alloc)
+* Prefer status_request_v2 over status_request when both are present
+* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
+* With SipHash replace gcc specific ASM instruction with generic
+* Don't force a ECC CA when a custom CA is passed with `-A`
+* Add peer authentication failsafe for TLS 1.2 and below
+* Improve parsing of UID from subject and issuer name with the compatibility layer by
+* Fallback to full TLS handshake if session ticket fails
+* Internal refactoring of code to reduce ssl.c file size
+
 # wolfSSL Release 5.2.0 (Feb 21, 2022)
 
 ## Vulnerabilities

IDE/WIN10/wolfssl-fips.rc

@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,2,0,0
- PRODUCTVERSION 5,2,0,0
+ FILEVERSION 5,3,0,0
+ PRODUCTVERSION 5,3,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.2.0.0"
+            VALUE "FileVersion", "5.3.0.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2022"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.2.0.0"
+            VALUE "ProductVersion", "5.3.0.0"
         END
     END
     BLOCK "VarFileInfo"

README

@@ -70,118 +70,158 @@ should be used for the enum name.
 
 *** end Notes ***
 
+# wolfSSL Release 5.3.0 (May 3rd, 2022)
 
-# wolfSSL Release 5.2.0 (Feb 21, 2022)
-
-## Vulnerabilities
-
-* \[High\] A TLS v1.3 server who requires mutual authentication can be
-  bypassed. If a malicious client does not send the certificate_verify
-  message a client can connect without presenting a certificate even
-  if the server requires one. Thank you to Aina Toky Rasoamanana and
-  Olivier Levillain of Télécom SudParis.
-* \[High\] A TLS v1.3 client attempting to authenticate a TLS v1.3
-  server can have its certificate check bypassed. If the sig_algo in
-  the certificate_verify message is different than the certificate
-  message checking may be bypassed. Thank you to Aina Toky Rasoamanana and
-  Olivier Levillain of Télécom SudParis.
+Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ## New Feature Additions
 
-* Example applications for Renesas RX72N with FreeRTOS+IoT
-* Renesas FSP 3.5.0 support for RA6M3
-* For TLS 1.3, improved checks on order of received messages.
-* Support for use of SHA-3 cryptography instructions available in
-  ARMv8.2-A architecture extensions. (For Apple M1)
-* Support for use of SHA-512 cryptography instructions available in
-  ARMv8.2-A architecture extensions.  (For Apple M1)
-* Fixes for clang -Os on clang >= 12.0.0
-* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
-* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
-* Allow DES3 with FIPS v5-dev.
-* Include HMAC for deterministic ECC sign build
-* Add --enable-chrony configure option. This sets build options needed
-  to build the Chrony NTP (Network Time Protocol) service.
-* Add support for STM32U575xx boards.
-* Fixes for NXP’s SE050 Ed25519/Curve25519.
-* TLS: Secure renegotiation info on by default for compatibility.
-* Inline C code version of ARM32 assembly for cryptographic algorithms
-  available and compiling for improved performance on ARM platforms
-* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
-* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
-* Fix initialization bug in SiLabs AES support
-* Domain and IP check is only performed on leaf certificates
+### Ports
+* Updated support for Stunnel to version 5.61
+* Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
+* Allow encrypt then mac with Apache port
+* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
+* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
+* Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
+* Update the bind port to version 9.18.0
 
-## ARM PSA Support (Platform Security Architecture) API
+### Post Quantum
+* Add Post-quantum KEM benchmark for STM32
+* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
 
-* Initial support added for ARM’s Platform Security Architecture (PSA)
-  API in wolfCrypt which allows support of ARM PSA enabled devices by
-  wolfSSL, wolfSSH, and wolfBoot and wolfCrypt FIPS.
-* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG
+### Compatibility Layer Additions
+* Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
+    - ASN1_TIME_compare
+    - DH_new_by_nid
+    - OBJ_length, OBJ_get0_data,
+    - EVP layer ChaCha20-Poly1305, HKDF
+    - EC_POINT_get_affine_coordinates
+    - EC_POINT_set_affine_coordinates
+* Additional functions added were:
+    - EC_KEY_print_fp
+    - EVP_PKEY_paramgen
+    - EVP_PKEY_sign/verify functionality
+    - PEM_write_RSAPublicKey
+    - PEM_write_EC_PUBKEY
+    - PKCS7_sign
+    - PKCS7_final
+    - SMIME_write_PKCS7
+    - EC_KEY/DH_up_ref
+    - EVP_DecodeBlock
+    - EVP_EncodeBlock
+    - EC_KEY_get_conv_form
+    - BIO_eof
+    - Add support for BIO_CTRL_SET and BIO_CTRL_GET
+* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
+* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
+* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
+* Add extended key usage support to wolfSSL_X509_set_ext
+* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
+* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
+* Changed X509_V_ERR codes to better match OpenSSL values used
+* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
+* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
 
-## ECICE Updates
+### Misc.
+* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
+* Added in support for OCSP with IPv6
+* Enhance SP (single precision) optimizations for use with the ECC P521
+* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
+* Add CSR (Certificate Signing Request) userId support in subject name
+* Injection and parsing of custom extensions in X.509 certificates
+* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
+* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
+* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
+* Added private key id/label support with improving the PK (Public Key) callbacks
+* Support for Intel QuickAssist ECC KeyGen acceleration
+* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
+* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
+* wolfRand for AMD --enable-amdrand
 
-* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
-  AES-256-CTR
-* Support for compressed public keys in messages.
+## Fixes
+### PORT Fixes
+* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
+* Add the new kdf.c file to the TI-RTOS build
+* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
+* IOTSafe workarounds when reading files with ending 0’s and for ECC signatures
 
-## Math Improvements
+### Math Library Fixes
+* Sanity check with SP math that ECC points ordinates are not greater than modulus length
+* Additional sanity checks that _sp_add_d does not error due to overflow
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
+* TFM fp_div_2_ct rework to avoid potential overflow
 
-* Improved performance of X448 and Ed448 through inlining Karatsuba in
-  square and multiplication operations for 128-bit implementation
-  (64-bit platforms with 128-bit type support).
-* SP Math C implementation: fix for corner case in curve specific
-  implementations of Montgomery Reduction (P-256, P-384).
-* SP math all: assembly snippets added for ARM Thumb. Performance
-  improvement on platform.
-* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
-  dependency on __udiv3.
-* SP C implementation: multiplication of two signed types with overflow
-  is undefined in C. Now cast to unsigned type before multiplication is
-  performed.
-* SP C implementation correctly builds when using CFLAG: -m32
+### Misc.
+* Fix for PKCS#7 with Crypto Callbacks
+* Fix for larger curve sizes with deterministic ECC sign
+* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
+* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
+* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
+* Remove extra padding when AES-CBC encrypted with PemToDer
+* Fixes for TLS v1.3 early data with async.
+* Fixes for async disables around the DevCopy calls
+* Fixes for Windows AES-NI with clang compiler
+* Fix for handling the detection of processing a plaintext TLS alert packet
+* Fix for potential memory leak in an error case with TLSX supported groups
+* Sanity check on `input` size in `DecodeNsCertType`
+* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
+* Fix for PK callbacks with server side and setting a public key
 
-## OpenSSL Compatibility Layer
+## Improvements/Optimizations
+### Build Options and Warnings
+* Added example user settings template for FIPS v5 ready
+* Automake file touch cleanup for use with Yocto devtool
+* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
+* Enable TLS 1.3 early data when specifying `--enable-all` option
+* Disable PK Callbacks with JNI FIPS builds
+* Add a FIPS cert 3389 ready option, this is the fips-ready build
+* Support (no)inline with Wind River Diab compiler
+* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
+* Add logic equivalent to configure.ac in settings.h for Poly1305
+* Fixes to support building opensslextra with SP math
+* CPP protection for extern references to x86_64 asm code
+* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
+* Documentation improvements with auto generation
+* Fix reproducible-build for working an updated version of libtool, version 2.4.7
+* Fixes for Diab C89 and armclang
+* Fix `mcapi_test.c` to include the settings.h before crypto.h
+* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
+* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
 
-* Added DH_get_2048_256 to compatibility layer.
-* wolfSSLeay_version now returns the version of wolfSSL
-* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows
-  better compatibility when building with a C++ compiler.
-* Fix for OpenSSL x509_NAME_hash mismatch
-* Implement FIPS_mode and FIPS_mode_set in the compat layer.
-* Fix for certreq and certgen options with openssl compatibility
-* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
-* Fix IV length bug in EVP AES-GCM code.
-* Add new ASN1_INTEGER compatibility functions.
-* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
+### Math Libraries
+* Add RSA/DH check for even modulus
+* Enhance TFM math to handle more alloc failure cases gracefully
+* SP ASM performance improvements mostly around AArch64
+* SP ASM improvements for additional cache attack resistance
+* Add RSA check for small difference between p and q
+* 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
+* Testing and Validation
+* All shell scripts in source tree now tested for correctness using shellcheck and bash -n
+* Added build testing under gcc-12 and -std=c++17 and fixed warnings
+* TLS 1.3 script test improvement to wait for server to write file
+* Unit tests for ECC r/s zeroness handling
+* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
+* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
 
-## CMake Updates
-
-* Check for valid override values.
-* Add `KEYGEN` option.
-* Cleanup help messages.
-* Add options to support wolfTPM.
-
-## VisualStudio Updates
-
-* Remove deprecated VS solution
-* Fix VS unreachable code warning
-
-## New Algorithms and Protocols
-
-* AES-SIV (RFC 5297)
-* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new
-  real-time session keys
-* SipHash MAC/PRF for hash tables. Includes inline assembly for
-  x86_64 and Aarch64.
-
-## Remove Obsolete Algorithms
-
-* IDEA
-* Rabbit
-* HC-128
-
-If this adversely affects you or your customers, please get in cotact with the wolfSSL team. (support@wolfssl.com)
+### Misc.
+* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
+* Modify example app to work with FreeRTOS+IoT
+* Ease of access for cert used for verifying a PKCS#7 bundle
+* Clean up Visual Studio output and intermediate directories
+* With TLS 1.3 fail immediately if a server sends empty certificate message
+* Enhance the benchmark application to support multi-threaded testing
+* Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
+* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
+* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
+* Various portability improvements (Time, DTLS epoch size, IV alloc)
+* Prefer status_request_v2 over status_request when both are present
+* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
+* With SipHash replace gcc specific ASM instruction with generic
+* Don't force a ECC CA when a custom CA is passed with `-A`
+* Add peer authentication failsafe for TLS 1.2 and below
+* Improve parsing of UID from subject and issuer name with the compatibility layer by
+* Fallback to full TLS handshake if session ticket fails
+* Internal refactoring of code to reduce ssl.c file size
 
 For additional vulnerability information visit the vulnerability page at https://www.wolfssl.com/docs/security-vulnerabilities/
 

README.md

@@ -79,117 +79,158 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.2.0 (Feb 21, 2022)
+# wolfSSL Release 5.3.0 (May 3rd, 2022)
 
-## Vulnerabilities
-
-* \[High\] A TLS v1.3 server who requires mutual authentication can be
-  bypassed. If a malicious client does not send the certificate_verify
-  message a client can connect without presenting a certificate even
-  if the server requires one. Thank you to Aina Toky Rasoamanana and
-  Olivier Levillain of Télécom SudParis.
-* \[High\] A TLS v1.3 client attempting to authenticate a TLS v1.3
-  server can have its certificate check bypassed. If the sig_algo in
-  the certificate_verify message is different than the certificate
-  message checking may be bypassed. Thank you to Aina Toky Rasoamanana and
-  Olivier Levillain of Télécom SudParis.
+Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
 
 ## New Feature Additions
 
-* Example applications for Renesas RX72N with FreeRTOS+IoT
-* Renesas FSP 3.5.0 support for RA6M3
-* For TLS 1.3, improved checks on order of received messages.
-* Support for use of SHA-3 cryptography instructions available in
-  ARMv8.2-A architecture extensions. (For Apple M1)
-* Support for use of SHA-512 cryptography instructions available in
-  ARMv8.2-A architecture extensions.  (For Apple M1)
-* Fixes for clang -Os on clang >= 12.0.0
-* Expose Sequence Numbers so that Linux TLS (kTLS) can be configured
-* Fix bug in TLSX_ALPN_ParseAndSet when using ALPN select callback.
-* Allow DES3 with FIPS v5-dev.
-* Include HMAC for deterministic ECC sign build
-* Add --enable-chrony configure option. This sets build options needed
-  to build the Chrony NTP (Network Time Protocol) service.
-* Add support for STM32U575xx boards.
-* Fixes for NXP’s SE050 Ed25519/Curve25519.
-* TLS: Secure renegotiation info on by default for compatibility.
-* Inline C code version of ARM32 assembly for cryptographic algorithms
-  available and compiling for improved performance on ARM platforms
-* Configure HMAC: define NO_HMAC to disable HMAC (default: enabled)
-* ISO-TP transport layer support added to wolfio for TLS over CAN Bus
-* Fix initialization bug in SiLabs AES support
-* Domain and IP check is only performed on leaf certificates
+### Ports
+* Updated support for Stunnel to version 5.61
+* Add i.MX8 NXP SECO use for secure private ECC keys and expand cryptodev-linux for use with the RSA/Curve25519 with the Linux CAAM driver
+* Allow encrypt then mac with Apache port
+* Update Renesas TSIP version to 1.15 on GR-ROSE and certificate signature data for TSIP / SCE example
+* Add IAR MSP430 example, located in IDE/IAR-MSP430 directory
+* Add support for FFMPEG with the enable option `--enable-ffmpeg`, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)
+* Update the bind port to version 9.18.0
 
-## ARM PSA Support (Platform Security Architecture) API
+### Post Quantum
+* Add Post-quantum KEM benchmark for STM32
+* Enable support for using post quantum algorithms with embedded STM32 boards and port to STM32U585
 
-* Initial support added for ARM’s Platform Security Architecture (PSA)
-  API in wolfCrypt which allows support of ARM PSA enabled devices by
-  wolfSSL, wolfSSH, and wolfBoot and wolfCrypt FIPS.
-* Included algorithms: ECDSA, ECDH, HKDF, AES, SHA1, SHA256, SHA224, RNG
+### Compatibility Layer Additions
+* Add port to support libspdm (https://github.com/DMTF/libspdm/blob/main/README.md), compatibility functions added for the port were:
+	- ASN1_TIME_compare
+	- DH_new_by_nid
+	- OBJ_length, OBJ_get0_data,
+	- EVP layer ChaCha20-Poly1305, HKDF
+	- EC_POINT_get_affine_coordinates
+	- EC_POINT_set_affine_coordinates
+* Additional functions added were:
+	- EC_KEY_print_fp
+	- EVP_PKEY_paramgen
+	- EVP_PKEY_sign/verify functionality
+	- PEM_write_RSAPublicKey
+	- PEM_write_EC_PUBKEY
+	- PKCS7_sign
+	- PKCS7_final
+	- SMIME_write_PKCS7
+	- EC_KEY/DH_up_ref
+	- EVP_DecodeBlock
+	- EVP_EncodeBlock
+	- EC_KEY_get_conv_form
+	- BIO_eof
+	- Add support for BIO_CTRL_SET and BIO_CTRL_GET
+* Add compile time support for the type SSL_R_NULL_SSL_METHOD_PASSED
+* Enhanced X509_NAME_print_ex() to support RFC5523 basic escape
+* More checks on OPENSSL_VERSION_NUMBER for API prototype differences
+* Add extended key usage support to wolfSSL_X509_set_ext
+* SSL_VERIFY_FAIL_IF_NO_PEER_CERT now can also connect with compatibility layer enabled and a TLS 1.3 PSK connection is used
+* Improve wolfSSL_BN_rand to handle non byte boundaries and top/bottom parameters
+* Changed X509_V_ERR codes to better match OpenSSL values used
+* Improve wolfSSL_i2d_X509_name to allow for a NULL input in order to get the expected resulting size
+* Enhance the smallstack build to reduce stack size farther when built with compatibility layer enabled
 
-## ECICE Updates
+### Misc.
+* Sniffer asynchronous support addition, handling of DH shared secret and tested with Intel QuickAssist
+* Added in support for OCSP with IPv6
+* Enhance SP (single precision) optimizations for use with the ECC P521
+* Add new public API wc_CheckCertSigPubKey() for use to easily check the signature of a certificate given a public key buffer
+* Add CSR (Certificate Signing Request) userId support in subject name
+* Injection and parsing of custom extensions in X.509 certificates
+* Add WOLF_CRYPTO_CB_ONLY_RSA and WOLF_CRYPTO_CB_ONLY_ECC to reduce code size if using only crypto callback functions with RSA and ECC
+* Created new --enable-engine configure flag used to build wolfSSL for use with wolfEngine
+* With TLS 1.3 PSK, when WOLFSSL_PSK_MULTI_ID_PER_CS is defined multiple IDs for a cipher suite can be handled
+* Added private key id/label support with improving the PK (Public Key) callbacks
+* Support for Intel QuickAssist ECC KeyGen acceleration
+* Add the function wolfSSL_CTX_SetCertCbCtx to set user context for certificate call back
+* Add the functions wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) and wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) for setting and getting a user context
+* wolfRand for AMD --enable-amdrand
 
-* Support for more encryption algorithms: AES-256-CBC, AES-128-CTR,
-  AES-256-CTR
-* Support for compressed public keys in messages.
+## Fixes
+### PORT Fixes
+* KCAPI memory optimizations and page alignment fixes for ECC, AES mode fixes and reduction to memory usage
+* Add the new kdf.c file to the TI-RTOS build
+* Fix wait-until-done in RSA hardware primitive acceleration of ESP-IDF port
+* IOTSafe workarounds when reading files with ending 0’s and for ECC signatures
 
-## Math Improvements
+### Math Library Fixes
+* Sanity check with SP math that ECC points ordinates are not greater than modulus length
+* Additional sanity checks that _sp_add_d does not error due to overflow
+* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests 
+* TFM fp_div_2_ct rework to avoid potential overflow
 
-* Improved performance of X448 and Ed448 through inlining Karatsuba in
-  square and multiplication operations for 128-bit implementation
-  (64-bit platforms with 128-bit type support).
-* SP Math C implementation: fix for corner case in curve specific
-  implementations of Montgomery Reduction (P-256, P-384).
-* SP math all: assembly snippets added for ARM Thumb. Performance
-  improvement on platform.
-* SP math all: ARM64/32 sp_div_word assembly snippets added to remove
-  dependency on __udiv3.
-* SP C implementation: multiplication of two signed types with overflow
-  is undefined in C. Now cast to unsigned type before multiplication is
-  performed.
-* SP C implementation correctly builds when using CFLAG: -m32
+### Misc.
+* Fix for PKCS#7 with Crypto Callbacks
+* Fix for larger curve sizes with deterministic ECC sign
+* Fixes for building wolfSSL alongside openssl using --enable-opensslcoexist
+* Fix for compatibility layer handling of certificates with SHA256 SKID (Subject Key ID)
+* Fix for wolfSSL_ASN1_TIME_diff erroring out on a return value of 0 from mktime
+* Remove extra padding when AES-CBC encrypted with PemToDer
+* Fixes for TLS v1.3 early data with async.
+* Fixes for async disables around the DevCopy calls
+* Fixes for Windows AES-NI with clang compiler
+* Fix for handling the detection of processing a plaintext TLS alert packet
+* Fix for potential memory leak in an error case with TLSX supported groups
+* Sanity check on `input` size in `DecodeNsCertType`
+* AES-GCM stack alignment fixes with assembly code written for AVX/AVX2
+* Fix for PK callbacks with server side and setting a public key
 
-## OpenSSL Compatibility Layer
+## Improvements/Optimizations
+### Build Options and Warnings
+* Added example user settings template for FIPS v5 ready
+* Automake file touch cleanup for use with Yocto devtool
+* Allow disabling forced 'make clean' at the end of ./configure by using --disable-makeclean
+* Enable TLS 1.3 early data when specifying `--enable-all` option
+* Disable PK Callbacks with JNI FIPS builds
+* Add a FIPS cert 3389 ready option, this is the fips-ready build
+* Support (no)inline with Wind River Diab compiler
+* ECDH_compute_key allow setting of globalRNG with FIPS 140-3
+* Add logic equivalent to configure.ac in settings.h for Poly1305
+* Fixes to support building opensslextra with SP math
+* CPP protection for extern references to x86_64 asm code
+* Updates and enhancements for Espressif ESP-IDF wolfSSL setup_win.bat
+* Documentation improvements with auto generation
+* Fix reproducible-build for working an updated version of libtool, version 2.4.7
+* Fixes for Diab C89 and armclang
+* Fix `mcapi_test.c` to include the settings.h before crypto.h
+* Update and handle builds with NO_WOLFSSL_SERVER and NO_WOLFSSL_CLIENT
+* Fix for some macro defines with FIPS 140-3 build so that RSA_PKCS1_PSS_PADDING can be used with RSA sign/verify functions
 
-* Added DH_get_2048_256 to compatibility layer.
-* wolfSSLeay_version now returns the version of wolfSSL
-* Added C++ exports for API’s in wolfssl/openssl/crypto.h. This allows
-  better compatibility when building with a C++ compiler.
-* Fix for OpenSSL x509_NAME_hash mismatch
-* Implement FIPS_mode and FIPS_mode_set in the compat layer.
-* Fix for certreq and certgen options with openssl compatibility
-* wolfSSL_BIO_dump() and wolfSSL_OBJ_obj2txt() rework
-* Fix IV length bug in EVP AES-GCM code.
-* Add new ASN1_INTEGER compatibility functions.
-* Fix wolfSSL_PEM_X509_INFO_read with NO_FILESYSTEM
+### Math Libraries
+* Add RSA/DH check for even modulus
+* Enhance TFM math to handle more alloc failure cases gracefully
+* SP ASM performance improvements mostly around AArch64
+* SP ASM improvements for additional cache attack resistance
+* Add RSA check for small difference between p and q
+* 6-8% performance increase with ECC operations using SP int by improving the Montgomery Reduction
+* Testing and Validation
+* All shell scripts in source tree now tested for correctness using shellcheck and bash -n
+* Added build testing under gcc-12 and -std=c++17 and fixed warnings
+* TLS 1.3 script test improvement to wait for server to write file
+* Unit tests for ECC r/s zeroness handling
+* CI server was expanded with a very “quiet” machine that can support multiple ContantTime tests ensuring ongoing mitigation against side-channel timing based attacks. Algorithms being assessed on this machine are: AES-CBC, AES-GCM, CHACHA20, ECC, POLY1305, RSA, SHA256, SHA512, CURVE25519.
+* Added new multi configuration windows builds to CI testing for greater testing coverage of windows use-cases
 
-## CMake Updates
-
-* Check for valid override values.
-* Add `KEYGEN` option.
-* Cleanup help messages.
-* Add options to support wolfTPM.
-
-## VisualStudio Updates
-
-* Remove deprecated VS solution
-* Fix VS unreachable code warning
-
-## New Algorithms and Protocols
-
-* AES-SIV (RFC 5297)
-* DTLS SRTP (RFC 5764), used with WebRTC to agree on profile for new
-  real-time session keys
-* SipHash MAC/PRF for hash tables. Includes inline assembly for
-  x86_64 and Aarch64.
-
-## Remove Obsolete Algorithms
-
-* IDEA
-* Rabbit
-* HC-128
-
-If this adversely affects you or your customers, please get in cotact with the wolfSSL team. (support@wolfssl.com)
+### Misc.
+* Support for ECC import to check validity of key on import even if one of the coordinates (x or y) is 0
+* Modify example app to work with FreeRTOS+IoT
+* Ease of access for cert used for verifying a PKCS#7 bundle
+* Clean up Visual Studio output and intermediate directories
+* With TLS 1.3 fail immediately if a server sends empty certificate message
+* Enhance the benchmark application to support multi-threaded testing
+* Improvement for `wc_EccPublicKeyToDer` to not overestimate the buffer size required
+* Fix to check if `wc_EccPublicKeyToDer` has enough output buffer space
+* Fix year 2038 problem in wolfSSL_ASN1_TIME_diff
+* Various portability improvements (Time, DTLS epoch size, IV alloc)
+* Prefer status_request_v2 over status_request when both are present
+* Add separate "struct stat" definition XSTATSTRUCT to make overriding XSTAT easier for portability
+* With SipHash replace gcc specific ASM instruction with generic
+* Don't force a ECC CA when a custom CA is passed with `-A`
+* Add peer authentication failsafe for TLS 1.2 and below
+* Improve parsing of UID from subject and issuer name with the compatibility layer by
+* Fallback to full TLS handshake if session ticket fails
+* Internal refactoring of code to reduce ssl.c file size
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/

configure.ac

@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.2.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.3.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # The following sets CFLAGS to empty if unset on command line.  We do not
@@ -38,7 +38,7 @@ LT_INIT([disable-static win32-dll])
 AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list.  Can also supply directly to make.])
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=32:0:0
+WOLFSSL_LIBRARY_VERSION=33:0:0
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.2.0"
-#define LIBWOLFSSL_VERSION_HEX 0x05002000
+#define LIBWOLFSSL_VERSION_STRING "5.3.0"
+#define LIBWOLFSSL_VERSION_HEX 0x05003000
 
 #ifdef __cplusplus
 }