prepare for release 5.6.0

CMakeLists.txt

@@ -28,16 +28,16 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
      You must delete them, or cmake will refuse to work.")
 endif()
 
-project(wolfssl VERSION 5.5.4 LANGUAGES C ASM)
+project(wolfssl VERSION 5.6.0 LANGUAGES C ASM)
 
 # shared library versioning
 # increment if interfaces have been added, removed or changed
-set(LIBTOOL_CURRENT 38)
+set(LIBTOOL_CURRENT 39)
 # increment if source code has changed  set to zero if current is incremented
 set(LIBTOOL_REVISION 0)
 # increment if interfaces have been added set to zero if interfaces have been
 # removed or changed
-set(LIBTOOL_AGE 3)
+set(LIBTOOL_AGE 4)
 
 math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}")
 set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION})

ChangeLog.md

@@ -1,3 +1,186 @@
+# wolfSSL Release 5.6.0 (Mar 24, 2023)
+
+Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
+https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
+
+NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+      * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original
+
+Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* ASN template is now the default ASN parsing implementation when compiling with configure
+* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption)
+* DTLS 1.3 stateless server ClientHello parsing support added
+
+### Ports
+* Add RX64/RX71 SHA hardware support
+* Port to RT1170 and expand NXP CAAM driver support
+* Add NuttX integration files for ease of use
+* Updated Stunnel support for version 5.67
+Compatibility Layer
+* Add in support for AES-CCM with EVP
+* BN compatibility API refactoring and separate API created
+* Expanding public key type cipher suite list strings support
+
+### Misc.
+* Support pthread_rwlock and add enable option
+* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options
+* Docker build additions for wolfSSL library and wolfCLU application
+* Add favorite drink pilot attribute type to get it from the encoding
+* Added in support for indefinite length BER parsing with PKCS12
+* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM
+
+
+## Improvements / Optimizations
+
+### Tests
+* Additional CI (continuous integration) testing and leveraging of GitHub workflows
+* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows
+* Add compilation of Espressif to GitHub workflows tests
+* Refactoring and improving error results with wolfCrypt unit test application
+* Minor warning fixes from Coverity static analysis scan
+* Add new SHA-512/224 and SHA-512/256 tests
+* Used codespell and fixed some minor typos
+
+### Ports
+* Improve TLS1.2 client authentication to use TSIP
+* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32
+* AES-GCM Windows assembly additions
+* CRLF line endings, trailing spaces for C# Wrapper Projects
+Compatibility Layer
+* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size
+* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey
+* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates
+* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs
+
+### SP
+* In SP math library rework mod 3 and use count leading zero instruction
+* Fix with SP ECC sign to reject the random k generated when r is 0
+* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function
+* With SP int fail when buffer writing to is too small for number rather than discarding the extra values
+
+### Builds
+* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack
+* Fix CMake to exclude libm when DH is not enabled
+* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product
+* Add option to add library suffix, --with-libsuffix
+* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros
+* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h
+* Purge the AES variant of Dilithium
+* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key
+* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds
+* Expand checking for hardware that supports ARMv7a neon with autotools configure
+* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer
+* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined
+
+### Benchmarking
+* Update wolfCrypt benchmark Windows build files to support x64 Platform
+* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes
+* Separate AES-GCM streaming runs when benchmarked
+* No longer call external implementation of Kyber from benchmark
+* Fix for benchmarking shake with custom block size
+* Fixes for benchmark help `-alg` list and block format
+Documentation/Examples
+* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen
+* Move the wolfSSL Configuration section higher in QUIC.md
+* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h
+* Espressif examples run with local wolfSSL now with no additional setup needed
+* Added a fix for StartTLS use In the example client
+* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app
+
+### Optimizations
+* AES-NI usage added for AES modes ECB/CTR/XTS
+
+### Misc
+* Update AES-GCM stream decryption to allow long IVs
+* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports
+* Cleanup function logging making adjustments to the debug log print outs
+* Remove realloc dependency in DtlsMsgCombineFragBuckets function
+* Refactor to use WOLFSSL_CTX’s cipher suite list when possible
+* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function
+* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS
+* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER
+* Update AES XTS encrypt to handle in-place encryption properly
+* With TLS 1.3 add option to require only PSK with DHE
+
+## Fixes
+
+### Ports
+* Fix for AES use with CAAM on imx8qxp with SECO builds
+* Fix for PIC32 crypto HW and unused `TLSX_SetResponse`
+* Fix warning if ltime is unsigned seen with QNX build
+* Updates and fix for Zephyr project support
+* Include sys/time.h for WOLFSSL_RIOT_OS
+* Move X509_V errors from enums to defines for use with HAProxy CLI
+* Fix IAR compiler warnings resolved
+* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1
+* ESP32 fix for SHA384 init with hardware acceleration
+
+### Builds
+* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl
+* Fixes for building with C++17 and avoiding clashing with byte naming
+* Fixes SP math all build issue with small-stack and no hardening
+* Fix for building with ASN template with `NO_ASN_TIME` defined
+* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined
+* Don't allow aesgcm-stream option with kcapi
+* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems
+* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler
+* Fixes for building KCAPI with opensslextra enabled
+* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler
+* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR`
+* Fix for PKCS7 with asynchronous crypto enabled
+
+### Math Library
+* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce
+* In SP builds add sanity check with DH exp. to check the output length for minimum size
+* In SP math fix scalar length check with EC scalar multiply
+* With SP int fix handling negative character properly with read radix
+* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct
+* Fix to add sanity check for malloc of zero size in fastmath builds
+* In fastmath  fix a possible overflow in fp_to_unsigned_bin_len length check
+* Heapmath fast mod. reduce fix
+
+### Compatibility Layer
+* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information
+* Fix for EVP_EncryptUpdate to update outl on empty input
+* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility
+* Rework EC API and validate point after setting it
+* Fix for X509 RSA PSS with compatibility layer functions
+* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing
+* Added sanity check on key length with wolfSSL_CMAC_Init function
+* Fix for return value type conversion of bad mutex error in logging function
+* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption
+* Fix unguarded XFPRINTF calls with opensslextra build
+* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
+* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt  and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails
+
+### Misc.
+* Add sanity check to prevent an out of bounds read with OCSP response decoding
+* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax
+* Adjust RNG sanity checks and remove error prone first byte comparison
+* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer
+* PKCS7 addition of sequence around algo parameters with authenvelop
+* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init
+* Fix for SRTP setting bitfield when it is encoded for the TLS extension
+* Fix for handling small http headers when doing CRL verification
+* Fix for ECCSI hash function to validate the output size and curve size
+* Fix for value of givenName and name being reversed with CSR generation
+* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification
+* Fix for a potential memory leak with ProcessCSR when handling OCSP responses
+* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set
+* Fix for zlib decompression buffer issue with PKCS7
+* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence
+* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket()
+* Fix for handling long session IDs with TLS 1.3 session tickets
+* Fix for AES-GCM streaming when caching an IV
+* Fix for test case with older selftest that returns bad padding instead of salt len error
+* Add fix for siphash cache and added in additional tests
+* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds
+* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3
+* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING
+
 # wolfSSL Release 5.5.4 (Dec 21, 2022)
 
 Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:

IDE/WIN10/wolfssl-fips.rc

@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,5,4,0
- PRODUCTVERSION 5,5,4,0
+ FILEVERSION 5,6,0,0
+ PRODUCTVERSION 5,6,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "wolfSSL Inc."
             VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.5.4.0"
+            VALUE "FileVersion", "5.6.0.0"
             VALUE "InternalName", "wolfssl-fips"
             VALUE "LegalCopyright", "Copyright (C) 2022"
             VALUE "OriginalFilename", "wolfssl-fips.dll"
             VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.5.4.0"
+            VALUE "ProductVersion", "5.6.0.0"
         END
     END
     BLOCK "VarFileInfo"

README

@@ -70,128 +70,188 @@ should be used for the enum name.
 
 *** end Notes ***
 
-# wolfSSL Release 5.5.4 (Dec 21, 2022)
+# wolfSSL Release 5.6.0 (Mar 24, 2023)
 
-Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:
-
-Release 5.5.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
+Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
+NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+      * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original
+
+Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
 ## New Feature Additions
 
-* QUIC related changes for HAProxy integration and config option
-* Support for Analog Devices MAXQ1080 and MAXQ1065
-* Testing and build of wolfSSL with NuttX
-* New software based entropy gatherer with configure option --enable-entropy-memuse
-* NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC
-* Support for multi-threaded sniffer
+* ASN template is now the default ASN parsing implementation when compiling with configure
+* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption)
+* DTLS 1.3 stateless server ClientHello parsing support added
+
+### Ports
+* Add RX64/RX71 SHA hardware support
+* Port to RT1170 and expand NXP CAAM driver support
+* Add NuttX integration files for ease of use
+* Updated Stunnel support for version 5.67
+Compatibility Layer
+* Add in support for AES-CCM with EVP
+* BN compatibility API refactoring and separate API created
+* Expanding public key type cipher suite list strings support
+
+### Misc.
+* Support pthread_rwlock and add enable option
+* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options
+* Docker build additions for wolfSSL library and wolfCLU application
+* Add favorite drink pilot attribute type to get it from the encoding
+* Added in support for indefinite length BER parsing with PKCS12
+* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM
+
 
 ## Improvements / Optimizations
 
-### Benchmark and Tests
-* Add alternate test case for unsupported static memory API when testing mutex allocations
-* Additional unit test cases added for AES CCM 256-bit
-* Initialize and free AES object with benchmarking AES-OFB
-* Kyber with DTLS 1.3 tests added
-* Tidy up Espressif ESP32 test and benchmark examples
-* Rework to be able to run API tests individually and add display of time taken per test
+### Tests
+* Additional CI (continuous integration) testing and leveraging of GitHub workflows
+* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows
+* Add compilation of Espressif to GitHub workflows tests
+* Refactoring and improving error results with wolfCrypt unit test application
+* Minor warning fixes from Coverity static analysis scan
+* Add new SHA-512/224 and SHA-512/256 tests
+* Used codespell and fixed some minor typos
 
-### Build and Port Improvements
-* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU
-* Add support to detect SIZEOF_LONG in armclang and diab
-* Added in a simple example working on Rx72n
-* Update azsphere support to prevent compilation of file included inline
-* --enable-brainpool configure option added and default to on when custom curves are also on
-* Add RSA PSS salt defines to engine builds if not FIPS v2
+### Ports
+* Improve TLS1.2 client authentication to use TSIP
+* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32
+* AES-GCM Windows assembly additions
+* CRLF line endings, trailing spaces for C# Wrapper Projects
+Compatibility Layer
+* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size
+* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey
+* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates
+* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs
 
-### Post Quantum
-* Remove kyber-90s and route all Kyber through wolfcrypt
-* Purge older version of NTRU and SABER from wolfSSL
+### SP
+* In SP math library rework mod 3 and use count leading zero instruction
+* Fix with SP ECC sign to reject the random k generated when r is 0
+* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function
+* With SP int fail when buffer writing to is too small for number rather than discarding the extra values
 
-### SP Math
-* Support static memory build with sp-math
-* SP C, SP int: improve performance
-* SP int: support mingw64 again
-* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long
-* SP int: check size required when using sp_int on stack
-* SP: --enable-sp-asm now enables SP by default if not set
-* SP: support aarch64 big endian
+### Builds
+* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack
+* Fix CMake to exclude libm when DH is not enabled
+* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product
+* Add option to add library suffix, --with-libsuffix
+* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros
+* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h
+* Purge the AES variant of Dilithium
+* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key
+* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds
+* Expand checking for hardware that supports ARMv7a neon with autotools configure
+* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer
+* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined
 
-### DTLS
-* Allow DTLS 1.3 to compile when FIPS is enabled
-* Allow for stateless DTLS client hello parsing
+### Benchmarking
+* Update wolfCrypt benchmark Windows build files to support x64 Platform
+* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes
+* Separate AES-GCM streaming runs when benchmarked
+* No longer call external implementation of Kyber from benchmark
+* Fix for benchmarking shake with custom block size
+* Fixes for benchmark help `-alg` list and block format
+Documentation/Examples
+* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen
+* Move the wolfSSL Configuration section higher in QUIC.md
+* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h
+* Espressif examples run with local wolfSSL now with no additional setup needed
+* Added a fix for StartTLS use In the example client
+* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app
 
-### Misc.
-* Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value
-* Detection of duplicate known extensions with TLS
-* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API
-* Update max Cert Policy size based on RFC 5280
-* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
-* Improve logic for enabling system CA certs on Apple devices
-* Stub functions to allow for cpuid public functions with non-intel builds
-* Increase RNG_SECURITY_STRENGTH for FIPS
-* Improvements in OpenSSL Compat ERR Queue handling
-* Support ASN1/DER CRLs in LoadCertByIssuer
-* Expose more ECC math functions and improve async shared secret
-* Improvement for sniffer error messages
-* Warning added that renegotiation in TLS 1.3 requires session ticket
-* Adjustment for TLS 1.3 post auth support
-* Rework DH API and improve PEM read/write
+### Optimizations
+* AES-NI usage added for AES modes ECB/CTR/XTS
+
+### Misc
+* Update AES-GCM stream decryption to allow long IVs
+* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports
+* Cleanup function logging making adjustments to the debug log print outs
+* Remove realloc dependency in DtlsMsgCombineFragBuckets function
+* Refactor to use WOLFSSL_CTX’s cipher suite list when possible
+* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function
+* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS
+* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER
+* Update AES XTS encrypt to handle in-place encryption properly
+* With TLS 1.3 add option to require only PSK with DHE
 
 ## Fixes
 
-### Build Fixes
-* Fix --enable-devcrypto build error for sys without u_int8_t type
-* Fix casts in evp.c and build issue in ParseCRL
-* Fixes for compatibility layer building with heap hint and OSSL callbacks
-* fix compile error due to Werro=undef on gcc-4.8
-* Fix mingw-w64 build issues on windows
-* Xcode project fixes for different build settings
-* Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration
-* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification
-* Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds
-* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY`
+### Ports
+* Fix for AES use with CAAM on imx8qxp with SECO builds
+* Fix for PIC32 crypto HW and unused `TLSX_SetResponse`
+* Fix warning if ltime is unsigned seen with QNX build
+* Updates and fix for Zephyr project support
+* Include sys/time.h for WOLFSSL_RIOT_OS
+* Move X509_V errors from enums to defines for use with HAProxy CLI
+* Fix IAR compiler warnings resolved
+* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1
+* ESP32 fix for SHA384 init with hardware acceleration
 
-### OCSP Fixes
-* Correctly save next status with OCSP response verify
-* When the OCSP responder returns an unknown exception, continue through to checking the CRL
+### Builds
+* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl
+* Fixes for building with C++17 and avoiding clashing with byte naming
+* Fixes SP math all build issue with small-stack and no hardening
+* Fix for building with ASN template with `NO_ASN_TIME` defined
+* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined
+* Don't allow aesgcm-stream option with kcapi
+* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems
+* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler
+* Fixes for building KCAPI with opensslextra enabled
+* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler
+* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR`
+* Fix for PKCS7 with asynchronous crypto enabled
 
-### Math Fixes
-* Fix for implicit conversion with 32-bit in SP math
-* Fix for error checks when modulus is even with SP int build
-* Fix for checking of err in _sp_exptmod_nct with SP int build
-* ECC cofactor fix when checking scalar bits
-* ARM32 ASM: don't use ldrd on user data
-* SP int, fix when ECC specific size code included
+### Math Library
+* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce
+* In SP builds add sanity check with DH exp. to check the output length for minimum size
+* In SP math fix scalar length check with EC scalar multiply
+* With SP int fix handling negative character properly with read radix
+* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct
+* Fix to add sanity check for malloc of zero size in fastmath builds
+* In fastmath  fix a possible overflow in fp_to_unsigned_bin_len length check
+* Heapmath fast mod. reduce fix
 
-### Port Fixes
-* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM
-* Fix for cryptocell signature verification with ECC
-* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO
-
-### Compat. Layer Fixes
-* Fix for handling DEFAULT:... cipher suite list
-* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object
-* Set alt name type to V_ASN1_IA5STRING
-* Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject
-* Fix wolfSSL_set_SSL_CTX() to be usable during handshake
-* Fix X509_get1_ocsp to set num of elements in stack
-* X509v3 EXT d2i: fix freeing of aia
-* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509()
-* Link newly created x509 store's certificate manager to self by default to assist with CRL verification
-* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found
+### Compatibility Layer
+* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information
+* Fix for EVP_EncryptUpdate to update outl on empty input
+* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility
+* Rework EC API and validate point after setting it
+* Fix for X509 RSA PSS with compatibility layer functions
+* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing
+* Added sanity check on key length with wolfSSL_CMAC_Init function
+* Fix for return value type conversion of bad mutex error in logging function
+* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption
+* Fix unguarded XFPRINTF calls with opensslextra build
+* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
+* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt  and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails
 
 ### Misc.
-* Free potential signer malloc in a fail case
-* fix other name san parsing and add RID cert to test parsing
-* WOLFSSL_OP_NO_TICKET fix for TLSv1.2
-* fix ASN template parsing of X509 subject directory attribute
-* Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
-* Fix incorrect self signed error return when compiled with certreq and certgen.
-* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline()
-* Fix for decryption after second handshake with async sniffer
-* Allow session tickets to properly resume when using PQ KEMs
-* Add sanity overflow check to DecodeAltNames input buffer access
+* Add sanity check to prevent an out of bounds read with OCSP response decoding
+* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax
+* Adjust RNG sanity checks and remove error prone first byte comparison
+* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer
+* PKCS7 addition of sequence around algo parameters with authenvelop
+* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init
+* Fix for SRTP setting bitfield when it is encoded for the TLS extension
+* Fix for handling small http headers when doing CRL verification
+* Fix for ECCSI hash function to validate the output size and curve size
+* Fix for value of givenName and name being reversed with CSR generation
+* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification
+* Fix for a potential memory leak with ProcessCSR when handling OCSP responses
+* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set
+* Fix for zlib decompression buffer issue with PKCS7
+* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence
+* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket()
+* Fix for handling long session IDs with TLS 1.3 session tickets
+* Fix for AES-GCM streaming when caching an IV
+* Fix for test case with older selftest that returns bad padding instead of salt len error
+* Add fix for siphash cache and added in additional tests
+* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds
+* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3
+* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING
 
 
 For additional vulnerability information visit the vulnerability page at:

README.md

@@ -79,128 +79,188 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
 `WC_SHA512` should be used for the enum name.
 
 
-# wolfSSL Release 5.5.4 (Dec 21, 2022)
+# wolfSSL Release 5.6.0 (Mar 24, 2023)
 
-Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including:
-
-Release 5.5.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
+Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
 https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
 
+NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
+      * This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original
+
+Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
 ## New Feature Additions
 
-* QUIC related changes for HAProxy integration and config option
-* Support for Analog Devices MAXQ1080 and MAXQ1065
-* Testing and build of wolfSSL with NuttX
-* New software based entropy gatherer with configure option --enable-entropy-memuse
-* NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC
-* Support for multi-threaded sniffer
+* ASN template is now the default ASN parsing implementation when compiling with configure
+* Added in support for TLS v1.3 Encrypted Client Hello (ECH) and HPKE (Hybrid Public Key Encryption)
+* DTLS 1.3 stateless server ClientHello parsing support added
+
+### Ports
+* Add RX64/RX71 SHA hardware support
+* Port to RT1170 and expand NXP CAAM driver support
+* Add NuttX integration files for ease of use
+* Updated Stunnel support for version 5.67
+Compatibility Layer
+* Add in support for AES-CCM with EVP
+* BN compatibility API refactoring and separate API created
+* Expanding public key type cipher suite list strings support
+
+### Misc.
+* Support pthread_rwlock and add enable option
+* Add wolfSSL_CertManagerLoadCABuffer_ex() that takes a user certificate chain flag and additional verify flag options
+* Docker build additions for wolfSSL library and wolfCLU application
+* Add favorite drink pilot attribute type to get it from the encoding
+* Added in support for indefinite length BER parsing with PKCS12
+* Add dynamic session cache which allocates sessions from the heap with macro SESSION_CACHE_DYNAMIC_MEM
+
 
 ## Improvements / Optimizations
 
-### Benchmark and Tests
-* Add alternate test case for unsupported static memory API when testing mutex allocations
-* Additional unit test cases added for AES CCM 256-bit
-* Initialize and free AES object with benchmarking AES-OFB
-* Kyber with DTLS 1.3 tests added
-* Tidy up Espressif ESP32 test and benchmark examples
-* Rework to be able to run API tests individually and add display of time taken per test
+### Tests
+* Additional CI (continuous integration) testing and leveraging of GitHub workflows
+* Add CI testing for wpa_supplicant, OpenWrt and OpenVPN using GitHub workflows
+* Add compilation of Espressif to GitHub workflows tests
+* Refactoring and improving error results with wolfCrypt unit test application
+* Minor warning fixes from Coverity static analysis scan
+* Add new SHA-512/224 and SHA-512/256 tests
+* Used codespell and fixed some minor typos
 
-### Build and Port Improvements
-* Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU
-* Add support to detect SIZEOF_LONG in armclang and diab
-* Added in a simple example working on Rx72n
-* Update azsphere support to prevent compilation of file included inline
-* --enable-brainpool configure option added and default to on when custom curves are also on
-* Add RSA PSS salt defines to engine builds if not FIPS v2
+### Ports
+* Improve TLS1.2 client authentication to use TSIP
+* Updated Kyber macro to be WOLFSSL_HAVE_KYBER and made changes that make Kyber work on STM32
+* AES-GCM Windows assembly additions
+* CRLF line endings, trailing spaces for C# Wrapper Projects
+Compatibility Layer
+* Update `PubKey` and `Key` PEM-to-DER APIs to support return of needed DER size
+* Allow reading ENC EC PRIVATE KEY as well via wolfSSL_PEM_read_bio_ECPrivateKey
+* Improve wolfSSL_EC_POINT_cmp to handle Jacobian ordinates
+* Fix issue with BIO_reset() and add BIO_FLAGS_MEM_RDONLY flag support for read only BIOs
 
-### Post Quantum
-* Remove kyber-90s and route all Kyber through wolfcrypt
-* Purge older version of NTRU and SABER from wolfSSL
+### SP
+* In SP math library rework mod 3 and use count leading zero instruction
+* Fix with SP ECC sign to reject the random k generated when r is 0
+* With SP math add better detection of when add won't work and double is needed with point_add_qz1 internal function
+* With SP int fail when buffer writing to is too small for number rather than discarding the extra values
 
-### SP Math
-* Support static memory build with sp-math
-* SP C, SP int: improve performance
-* SP int: support mingw64 again
-* SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long
-* SP int: check size required when using sp_int on stack
-* SP: --enable-sp-asm now enables SP by default if not set
-* SP: support aarch64 big endian
+### Builds
+* Define WOLFSSL_SP_SMALL_STACK if wolfSSL is build with --enable-smallstack
+* Fix CMake to exclude libm when DH is not enabled
+* Allow building of SAKKE as external non-FIPS algorithm with wolfmikey product
+* Add option to add library suffix, --with-libsuffix
+* ASN template compile option WOLFSSL_ASN_INT_LEAD_0_ANY to allow leading zeros
+* Add user_settings.h template for wolfTPM to examples/configs/user_settings_wolftpm.h
+* Purge the AES variant of Dilithium
+* Expand WOLFSSL_NO_ASN_STRICT to allow parsing of explicit ECC public key
+* Remove relocatable text in ARMv7a AES assembly for use with FIPS builds
+* Expand checking for hardware that supports ARMv7a neon with autotools configure
+* Sanity check on allocation fails with DSA and FP_ECC build when zeroizing internal buffer
+* Additional TLS alerts sent when compiling with WOLFSSL_EXTRA_ALERTS macro defined
 
-### DTLS
-* Allow DTLS 1.3 to compile when FIPS is enabled
-* Allow for stateless DTLS client hello parsing
+### Benchmarking
+* Update wolfCrypt benchmark Windows build files to support x64 Platform
+* Add SHA512/224 and SHA512/256 benchmarks, fixed CVS macro and display sizes
+* Separate AES-GCM streaming runs when benchmarked
+* No longer call external implementation of Kyber from benchmark
+* Fix for benchmarking shake with custom block size
+* Fixes for benchmark help `-alg` list and block format
+Documentation/Examples
+* Document use of wc_AesFree() and update documentation of Ed25519 with Doxygen
+* Move the wolfSSL Configuration section higher in QUIC.md
+* Add Japanese Doxygen documentation for cmac.h, quic.h and remove incomplete Japanese doxygen in asn_public.h
+* Espressif examples run with local wolfSSL now with no additional setup needed
+* Added a fix for StartTLS use In the example client
+* Add a base-line user_settings.h for use with FIPS 140-3 in XCode example app
 
-### Misc.
-* Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value
-* Detection of duplicate known extensions with TLS
-* PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API
-* Update max Cert Policy size based on RFC 5280
-* Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs()
-* Improve logic for enabling system CA certs on Apple devices
-* Stub functions to allow for cpuid public functions with non-intel builds
-* Increase RNG_SECURITY_STRENGTH for FIPS
-* Improvements in OpenSSL Compat ERR Queue handling
-* Support ASN1/DER CRLs in LoadCertByIssuer
-* Expose more ECC math functions and improve async shared secret
-* Improvement for sniffer error messages
-* Warning added that renegotiation in TLS 1.3 requires session ticket
-* Adjustment for TLS 1.3 post auth support
-* Rework DH API and improve PEM read/write
+### Optimizations
+* AES-NI usage added for AES modes ECB/CTR/XTS
+
+### Misc
+* Update AES-GCM stream decryption to allow long IVs
+* Internal refactor to use wolfSSL_Ref functions when incrementing or decrementing the structures reference count and fixes for static analysis reports
+* Cleanup function logging making adjustments to the debug log print outs
+* Remove realloc dependency in DtlsMsgCombineFragBuckets function
+* Refactor to use WOLFSSL_CTX’s cipher suite list when possible
+* Update internal padding of 0’s with DSA sign and additional tests with mp_to_unsigned_bin_len function
+* With DTLS SRTP use wolfSSL_export_keying_material instead of wc_PRF_TLS
+* Updated macro naming from HAVE_KYBER to be WOLFSSL_HAVE_KYBER
+* Update AES XTS encrypt to handle in-place encryption properly
+* With TLS 1.3 add option to require only PSK with DHE
 
 ## Fixes
 
-### Build Fixes
-* Fix --enable-devcrypto build error for sys without u_int8_t type
-* Fix casts in evp.c and build issue in ParseCRL
-* Fixes for compatibility layer building with heap hint and OSSL callbacks
-* fix compile error due to Werro=undef on gcc-4.8
-* Fix mingw-w64 build issues on windows
-* Xcode project fixes for different build settings
-* Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration
-* Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification
-* Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds
-* Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY`
+### Ports
+* Fix for AES use with CAAM on imx8qxp with SECO builds
+* Fix for PIC32 crypto HW and unused `TLSX_SetResponse`
+* Fix warning if ltime is unsigned seen with QNX build
+* Updates and fix for Zephyr project support
+* Include sys/time.h for WOLFSSL_RIOT_OS
+* Move X509_V errors from enums to defines for use with HAProxy CLI
+* Fix IAR compiler warnings resolved
+* Fix for STM32 Hash peripherals (like on F437) with FIFO depth = 1
+* ESP32 fix for SHA384 init with hardware acceleration
 
-### OCSP Fixes
-* Correctly save next status with OCSP response verify
-* When the OCSP responder returns an unknown exception, continue through to checking the CRL
+### Builds
+* Add WOLFSSL_IP_ALT_NAME macro define to --enable-curl
+* Fixes for building with C++17 and avoiding clashing with byte naming
+* Fixes SP math all build issue with small-stack and no hardening
+* Fix for building with ASN template with `NO_ASN_TIME` defined
+* Fix building FIPSv2 with WOLFSSL_ECDSA_SET_K defined
+* Don't allow aesgcm-stream option with kcapi
+* Fix DTLS test case for when able to read peers close notify alert on FreeBSD systems
+* Fix for "expression must have a constant value" in tls13.c with Green Hills compiler
+* Fixes for building KCAPI with opensslextra enabled
+* Fix warnings of shadows min and subscript with i486-netbsd-gcc compiler
+* Fix issue with async and `WOLFSSL_CHECK_ALERT_ON_ERR`
+* Fix for PKCS7 with asynchronous crypto enabled
 
-### Math Fixes
-* Fix for implicit conversion with 32-bit in SP math
-* Fix for error checks when modulus is even with SP int build
-* Fix for checking of err in _sp_exptmod_nct with SP int build
-* ECC cofactor fix when checking scalar bits
-* ARM32 ASM: don't use ldrd on user data
-* SP int, fix when ECC specific size code included
+### Math Library
+* SP Aarch64 fix for conditional changed in asm needing "cc" and fix for ECC P256 mont reduce
+* In SP builds add sanity check with DH exp. to check the output length for minimum size
+* In SP math fix scalar length check with EC scalar multiply
+* With SP int fix handling negative character properly with read radix
+* Add error checks before setting variable err in SP int with the function sp_invmod_mont_ct
+* Fix to add sanity check for malloc of zero size in fastmath builds
+* In fastmath  fix a possible overflow in fp_to_unsigned_bin_len length check
+* Heapmath fast mod. reduce fix
 
-### Port Fixes
-* Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM
-* Fix for cryptocell signature verification with ECC
-* Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO
-
-### Compat. Layer Fixes
-* Fix for handling DEFAULT:... cipher suite list
-* Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object
-* Set alt name type to V_ASN1_IA5STRING
-* Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject
-* Fix wolfSSL_set_SSL_CTX() to be usable during handshake
-* Fix X509_get1_ocsp to set num of elements in stack
-* X509v3 EXT d2i: fix freeing of aia
-* Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509()
-* Link newly created x509 store's certificate manager to self by default to assist with CRL verification
-* Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found
+### Compatibility Layer
+* Fixes for encoding/decoding ecc public keys and ensure i2d public key functions do not include any private key information
+* Fix for EVP_EncryptUpdate to update outl on empty input
+* Fix SE050 RSA public key loading and RSA/ECC SE050 TLS Compatibility
+* Rework EC API and validate point after setting it
+* Fix for X509 RSA PSS with compatibility layer functions
+* Fix size of structures used with SHA operations when built with opensslextra for Espressif hardware accelerated hashing
+* Added sanity check on key length with wolfSSL_CMAC_Init function
+* Fix for return value type conversion of bad mutex error in logging function
+* Fix NID conflict NID_givenName and NID_md5WithRSAEncryption
+* Fix unguarded XFPRINTF calls with opensslextra build
+* Fix wolfSSL_ASN1_INTEGER_to_BN for negative values
+* Fix for potential ASN1_STRING leak in wolfSSL_X509_NAME_ENTRY_create_by_txt  and wolfSSL_X509_NAME_ENTRY_create_by_NID when memory allocation fails
 
 ### Misc.
-* Free potential signer malloc in a fail case
-* fix other name san parsing and add RID cert to test parsing
-* WOLFSSL_OP_NO_TICKET fix for TLSv1.2
-* fix ASN template parsing of X509 subject directory attribute
-* Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
-* Fix incorrect self signed error return when compiled with certreq and certgen.
-* Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline()
-* Fix for decryption after second handshake with async sniffer
-* Allow session tickets to properly resume when using PQ KEMs
-* Add sanity overflow check to DecodeAltNames input buffer access
+* Add sanity check to prevent an out of bounds read with OCSP response decoding
+* Sanity check to not allow 0 length with bit string and integer when parsing ASN1 syntax
+* Adjust RNG sanity checks and remove error prone first byte comparison
+* With PKCS7 add a fix for GetAsnTimeString() to correctly increment internal data pointer
+* PKCS7 addition of sequence around algo parameters with authenvelop
+* DSA fixes for clearing mp_int before re-reading data and avoid mp_clear without first calling mp_init
+* Fix for SRTP setting bitfield when it is encoded for the TLS extension
+* Fix for handling small http headers when doing CRL verification
+* Fix for ECCSI hash function to validate the output size and curve size
+* Fix for value of givenName and name being reversed with CSR generation
+* Fix for error type returned (OCSP_CERT_UNKNOWN) with OCSP verification
+* Fix for a potential memory leak with ProcessCSR when handling OCSP responses
+* Fix for VERIFY_SKIP_DATE flag not ignoring date errors when set
+* Fix for zlib decompression buffer issue with PKCS7
+* Fix for DTLS message pool send size used and DTLS server saving of the handshake sequence
+* Fix to propagate WOLFSSL_TICKET_RET_CREATE error return value from DoDecryptTicket()
+* Fix for handling long session IDs with TLS 1.3 session tickets
+* Fix for AES-GCM streaming when caching an IV
+* Fix for test case with older selftest that returns bad padding instead of salt len error
+* Add fix for siphash cache and added in additional tests
+* Fix potential out of bounds memset to 0 in error case with session export function used with --enable-sessionexport builds
+* Fix possible NULL dereference in TLSX_CSR_Parse with TLS 1.3
+* Fix for sanity check on RSA pad length with no padding using the build macro WC_RSA_NO_PADDING
 
 For additional vulnerability information visit the vulnerability page at:
 https://www.wolfssl.com/docs/security-vulnerabilities/

configure.ac

@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.5.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.6.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])
 
 # The following sets CFLAGS to empty if unset on command line.  We do not
@@ -47,9 +47,9 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
 # these numbers don't always line up nicely with the library version.
 WOLFSSL_LIBRARY_VERSION_FIRST=35
-WOLFSSL_LIBRARY_VERSION_SECOND=3
+WOLFSSL_LIBRARY_VERSION_SECOND=4
 WOLFSSL_LIBRARY_VERSION_THIRD=0
-WOLFSSL_LIBRARY_VERSION=38:0:3
+WOLFSSL_LIBRARY_VERSION=39:0:4
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "5.5.4"
-#define LIBWOLFSSL_VERSION_HEX 0x05005004
+#define LIBWOLFSSL_VERSION_STRING "5.6.0"
+#define LIBWOLFSSL_VERSION_HEX 0x05006000
 
 #ifdef __cplusplus
 }