Continue reading below for a summary of the features and fixes included in this release.
This release fixes three LOW level vulnerabilities reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America, including:
1. A fix for out-of-bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there was a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad().
2. A fix for wc_DhAgree() where a malformed key could be accepted by the function.
3. A fix for a double free case when adding a CA cert into an X509_STORE.
One LOW level vulnerability was fixed in relation to memory management with the static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
One LOW level vulnerability was fixed for an out-of-bounds write in the function wolfSSL_X509_NAME_get_text_by_NID(). This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos (http://talosintelligence.com/vulnerability-reports/).
One MEDIUM level vulnerability was fixed in relation to checks on a certificate signature. There was a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
We are excited to announce support for building the NGINX web server with wolfSSL! Nginx and wolfSSL make a likely pairing because they are both lean, compact, fast, and scale well under high volumes of connections.
wolfSSL now supports being compiled into the HAproxy load balancer! HAproxy offers high availability, load balancing, and proxying for TCP and HTTP-based applications.
– A 51-bit implementation of Curve25519 has been added, increasing performance on systems that have 128 bit types available.
– Heap usage reductions for users using the fastmath library (USE_FAST_MATH) when not using ALT_ECC_SIZE.
Updated Software Ports
Existing wolfSSL software ports have been updated, including:
And, we have added one new port as well:
– New port to the tenAsys INtime RTOS
Updated Hardware Ports
– Added an NXP Hexiwear example, located in the “IDE/HEXIWEAR” directory.
– Fixes for STM32 hardware crypto acceleration. More details on using wolfSSL with STM32 platforms can be found here.
Protocol and Cipher Suite Updates
We have made several changes that affect the SSL/TLS/DTLS protocol level and cipher suite support, including:
– A fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
– A DTLS update to allow multiple handshake messages in one DTLS record
– A new option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
– A fix to prevent send session IDs on the server side if the session cache is off unless we`re echoing session ID as part of session tickets
– A small change to the max PSK identity buffer to account for an identity length of 128 characters
– Fixes for ensuring all default ciphers are setup correctly (see PR #830)
– Addition of wolfSSL_write_dup() to create a write only WOLFSSL object for concurrent access
– Fixes for TLS Elliptic Curve selection on private key import
– Improvements to the TLS layer context handling for switching keys and certs
– Addition of support for inline CRL lookup when HAVE_CRL_IO is defined
– Addition of a sanity check that subject key identifier is marked as non-critical, and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
Crypto Additions and Modifications
We have made several changes that affect our underlying wolfCrypt cryptography library, including:
– Updates and refactoring to ASN1 parsing functions
– Additional PKS#7 support for SignedData with ECDSA
– Fixes to RNG with speedups for Intel RDRAND and RDSEED
– Improved performance for Intel RDRAND, using full 64-bit output
– Addition of a new “–enable-intelrand” option to indicate use of RDRAND preference for RNG source
– Removal of RNG ARC4 support
– ECC helper functions to get size and ID from a curve name
– ECC private key only import and export functions
– ECC Cofactor DH (ECC-CDH) support
– PKCS#8 create function
– Normal math speed-up where to defer allocation on mp_int until mp_grow
– A sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this
Testing and Warning Fixes
– Warnings reported by Coverity Scan have been fixed, bringing you an even more well-tested wolfSSL SSL/TLS implementation. For all of the testing we currently do, see our testing blog post.
– Additional testing and warnings have been fixed for FreeBSD builds on big endian PowerPC systems.
– Extended testing code coverage in the wolfCrypt test application (test.c) that comes bundled with wolfSSL.
If you have any questions about the new release, or using wolfSSL in your project, please contact us at firstname.lastname@example.org