The holiday release of wolfSSL, version 4.3, is now available! This release has fantastic new features, optimizations, and bug fixes. Some of the exciting new features that were added to the wolfSSL library are summarized below:
- The addition of –enable-libwebsockets option for support of libwebsockets build was added in the release!
- Updated support of NGINX 1.15.0 and in addition to that we added support for NGINX version 1.16.1.
- Updates to RSA-PSS salt lengths. Macro WOLFSSL_PSS_SALT_LEN_DISCOVER allows for discovering the salt length. Passing RSA_PSS_SALT_LEN_DISCOVER value into wc_RsaPSS_Verify_ex attempts to discover salt length and can use larger salt lengths.
- wolfSSL is constantly expanding the OpenSSL compatibility API to help people migrate from OpenSSL to wolfSSL. In this release the API wolfSSL_CertManagerGetCerts and wolfSSL_X509_STORE_GetCerts were added for retrieving certificates.
- wolfSSL has an optimized math library for single precision operations. Greatly speeds up some set key sizes with RSA, ECC, and DH operations. In this release support for 4096-bit RSA/DH operations was added!
- Last release (v4.2.0) we came out with support for Google WebRTC, in this release we updated that support to branch m79.
- We added new FREESCALE_MQX_5_0 macro for MQX 5.0 support
- Some users that make use of the OpenSSL compatibility layer like to trim down the bloat while keeping certain API’s. In this release the additional build flag of –disable-errorqueue was added so that the extra error queue is disabled with –enable-opensslextra builds.
- And more…. (check out the README from the download for a full list)
There were some additional optimizations added to this release. A highlight of some of these optimizations include:
- Update to PKCS#11 for determining key type given the private key type
- Increase in performance of Cortex-M RSA/DH assembly code with single precision builds.
- Update to DoVerifyCallback to check verify param hostName and ipasc (–enable-opensslextra builds)
- Additional null sanity checks on input arguments with QSH and Cryptocell builds
- MISRA-C updates for SP math code
- Additional checks on RSA key were added to the function wc_CheckRsaKey
- Updates for EBSNET support, including fseek, revised macros in settings.h, and realloc support
- Optimization when parsing certificate extension name strings
- Adjustment to example server -x runtime behavior when encountering an unrecoverable error case
- Removal of support for Blake2b with HMAC.
- New script to cleanup generated test files, scripts/cleanup_testfiles.sh
- New log messages for SendAlert call and update to send alert after verify certificate callback
- Updates to find CRL by AuthKeyId
- Rework of BER to DER functions to not be recursive
- Removal of requirement for macro NO_SKID when CRL use is enabled
- And more… See the README…
In this release there were also some great fixes!
- Fixes for IAR warnings with IAR-EWARM 7.50.2
- Alignment fixes for mmCAU with AES and hashing algorithms
- Fix for unit tests with NGINX and debug mode
- Fix for Apache want read case with BIO retry flag
- Fix for Curve25519 assembly optimizations with GCC + AVX2, Poly1305 AVX2 assembly optimization fix for carry with large input values
- Fix for memcpy with TLS I/O buffers when using staticmemory pools and loading memory as WOLFMEM_IO_POOL_FIXED
- Fix for freeing mutex for X509 and wolfSSL_EVP_PKEY_free, applies to OPENSSL_EXTRA / –enable-opensslextra builds
- Fixes case where the heap hint is created before WOLFSSL_CTX, when calling wc_LoadStaticMemory instead of wolfSSL_CTX_load_static_memory
- Fix for EVP CipherUpdate decrypt and new test case
- Fix for API visibility of wc_ed25519_check_key which resolves a wolfcrypt-py install issue
- Fix for PKCS7 streaming mode that would error rather than verify bundle
- Fixes and updates for STM32 port, including additional mutex protection, AES-GCM decrypt auth tag, AES-CTR mode with CubeMX, update to OpenSTM32 project
- Sanity check on max ALPN length accepted
- Additional sanity check when parsing CRL’s for copying the structure, fix for bounds checking
- When getting the DH public key, initialize the P, G, and Pub pointers to NULL, then set that we own the DH parameters flag. This allows FreeSSL to correctly clean up the DH key.
- Clear the top bit when generating a serial number
- Fix to add deterministic ECDSA and fix corner cases for add point.
- Fixes for Coverity report including null termination of test case strings and initialization of PKCS#7 variables
- Fix for missing variable declaration with –enable-scep –with-libz build
- ProcessPeerCerts allocating memory for exts with OPENSSL_EXTRA properly
- And more…. A full list can be seen in the README or ChangeLog.md from the download bundle (https://www.wolfssl.com/download/).
In every release we recommend users update to keep the latest security, for all the fixes, and for all the additional features that they get. This release also included some vulnerability fixes that some of our users should consider when looking at whether to update or not. A full listing of the vulnerabilities can be seen in the README, on our website (https://www.wolfssl.com/docs/security-vulnerabilities/) or you can contact the wolfSSL support channel for more information. This is a brief of the vulnerabilities:
- Sanity check on certificate parsing affecting users that have –enable-opensslextra (macro OPENSSL_EXTRA), or build options that turn this on such as –enable-all, when building wolfSSL. The CVE associated with the fix is CVE-2019-18840.
- DTLS max limit on handshake message sizes. This only effects builds that have DTLS turned on and have applications that are using DTLS.
- ECC caching hang fix, affects users that have turned on ECC caching (off by default –enable-fpecc) and are using –enable-fastmath. Does not affect default builds.
- DSA blinding added for more side channel attack resistant. Affects DSA users that are signing with DSA. Does not affect TLS or default builds. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
- Update to wc_SignatureGenerateHash function for potential fault injection attack. Does not affect TLS users, only users calling the wolfCrypt RSA signature generation wrapper function. Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
- Fix to add additional side channel cache attack resistance to the internal ECC function wc_ecc_mulmod_ex. This function by default is used with ECDSA signing operations. Users should update if performing ECDSA singing operations (server side ECC TLS connections, mutual authentication on client side) or calling wolfCrypt ECC sign functions and have the potential for outside users to perform sophisticated monitoring of the cache.Thanks to Daniel Moghimi (@danielmgmi) from Worcester Polytechnic Institute for the report.
For questions contact us at facts@wolfssl.com. Merry Christmas, Happy New Year, and love to all from wolfSSL!