The one low level vulnerability fix included in this release is in relation to a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.
Continue reading below for a summary of the features and fixes included in this release.
TLS 1.3 Support!
If you follow wolfSSL’s blog, you may have heard discussion about our TLS 1.3 BETA support. wolfSSL 3.12.0 is the first stable release that contains our TLS 1.3 support (client and server side)! This means that you can pair TLS 1.3 with your favorite other features and project ports too! TLS 1.3 with Nginx! TLS 1.3 with ARMv8! and TLS 1.3 with Async Crypto!
Enable TLS 1.3 draft 20 support using the “–enable-tls13” configure option, or the older draft 18 support with the “–enable-tls13-draft18” option. wolfSSL also supports 0RTT with TLS 1.3, which can be enabled with “–enable-earlydata”.
Build and Configure Option Changes
– Added enable all feature (–enable-all)
– Added trackmemory feature (–enable-trackmemory)
– Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
– Added warning when compiling without hardened math operations
Intel Assembly Improvements, Intel SGX Linux Support, and Intel QuickAssist Support
For users of wolfSSL on Intel platforms, we have made improvements including:
– A port of wolfSSL for Intel SGX with Linux. We previously only supported Intel SGX with Windows.
– AVX and AVX2 assembly instructions for improved ChaCha20 performance
– Intel QAT fixes for when using –disable-fastmath
– Improvements and enhancements to Intel QuickAssist support
Note: There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options “–enable-intelasm” and “–enable-chacha”. To avoid this issue ChaCha20 can be enabled with “–enable-chacha=noasm”.
If using “–enable-intelasm” and also using “–enable-sha224” or “–enable-sha256” there is a known issue with trying to use “-fsanitize=address”.
Official SHA-3 Support (Keccak)
Previously wolfSSL only supported the SHA-3 runner-up Blake2b. wolfSSL now additionally supports the final SHA-3 winner, Keccak. This can be enabled with the “–enable-sha3” configure option. It is enabled by default on x86_64 platforms.
DTLS Multicast and Updates
For our DTLS users, wolfSSL now supports DTLS Multicast with “–enable-mcast”! In addition, this release also contains:
– An update to how DTLS handles decryption and MAC failures
– An update to the DTLS session export version number for use with the “–enable-sessionexport” option
For more details about DTLS Multicast, get in touch with us at firstname.lastname@example.org!
New and Updated Hardware Ports
With this release, we have update several of our hardware ports and added a few new ones as well, including:
– Update and fix for our Microchip PIC32MZ port
– Fix for STM32F4 AES-GCM
– Addition of a Xilinx port, based on the UltraZed-EG Starter Kit based on the Xilinx Zynq® UltraScale+™ MPSoC
– Addition of SHA-224 and AES key wrap to ARMv8 port
– Additional input argument sanity checks to ARMv8 assembly port
– Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, HC-128
wolfSSL Python Wrapper
– Expand wolfSSL Python wrapper to now include a client side implementation
Other Additions and Modifications
Other changes that this release contains includes:
– Fix for making PKCS12 dynamic types match
– Fixes for potential memory leaks when using –enable-fast-rsa
– Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
– Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
– Added more sanity checks to fp_read_unsigned_bin function
– Fix for potential buffer over read with wolfSSL_CertPemToDer
– Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
– Added RSA PSS sign and verify
– Fixes for AES key wrap and PKCS7 on Windows VS
– Support use of staticmemory with PKCS7
– Fix for Blake2b build with GCC 5.4
– Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
– Adjust example servers to not treat a peer closed error as a hard error
– Added benchmark block size argument
If you have any questions about the new release, or using wolfSSL in your project, please contact us at email@example.com