From nobody Sat Feb 4 15:47:59 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P8H3h03YYz3nXLX; Sat, 4 Feb 2023 15:48:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P8H3g6hR8z417h; Sat, 4 Feb 2023 15:47:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675525679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rVtYZsBmu7NZtlt6C757kqK6Rb+r2SUC25tI2cueRkw=; b=Von3P1Jyqjib1eziETjJi2qRQKYfHYP4GdS/RXIfR6eRutZ/PeQDiSqC0+MIJ2ewpMBl07 ILVOe073eI3hNjJxeZHPW+v/0OZu5+o+JFg9COe6Szo93DvWqfEg/bE3BkYhrRuEVIp81b 6AarlKZcrAok2DGpRuNz16nXiSZvJzwijD+awbIhj1+mogFxFH2BTl1cClH1YCm12TGM/h v95OhOCZ8QsiAJQ38ACp0IyeCEm/52AOO8N9+UDr3HanAvhs47607MxvtH+H2czOG0h2UA tcq6bDY2j8IJdIC6jQYwQU2e335xMlZJ2/9bYoE/ODMIpy8YHjLjZpBO9Ic+Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675525679; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rVtYZsBmu7NZtlt6C757kqK6Rb+r2SUC25tI2cueRkw=; b=rYUhZqm31MkxaNKdL5gqEzTICPsuK7IO5RuJrDfK8sExPfsnGal2bd8PJQUG34EKnlVVUa VHNyU/8vpIxsXhe9e1mrIh6KWIuDDyIqRQ19KDUnwmdXALopVE34OtKKJ7S1OBqqJDb+0O KGIR19sHrOHmee8NYhhgVEmcUdwbx5mWD4hsjhtBdvmJOpjFiekQFqQ0H0Gijz1XKlh1VV t3ganfXzdxy0B9sh7V1BZtYzap7PfKzodCJtyOmbX0gdiXW+zrHt+jInTDHixzBDhHzbt/ V2UWhv1EtvKFmXfIT+Y8fKBNmw9+o1OrcLWGHWkykwOV4lxYE1t7v17mY1+Abw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675525679; a=rsa-sha256; cv=none; b=P0Vrl9hA0oaMPuMUOIRAtaIqdUAgD3DFbXWPVexeHRzj5lLNhkTK1Lx/3kCz+NFQRUGdu0 2IGGZ/INe1VkXne1Jixewy6BvswsrzUGRyA7/4/qUe7sZfRNcYn4PjbU9U95wDw2JjLIGY LrNYoWjtdZ1WpdId/aKDPdh0rg3b1YJP8okRkwEaDG1Oi20bktw6eKqBcxmalQy4u2Kivp cnyt5nxBypPpE523n7EHTJ2I65ywStP0xBJw4eJbgh11erC8BFrlAVtXHvJpBd/MSkfvaP l97HwbTJRAHI6B+K03gSmOAtnBWhXjuME3Q7XWIdYtbXcPKFGIlUrtnqE42bYw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P8H3g5lC8zL0f; Sat, 4 Feb 2023 15:47:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 314FlxDA061248; Sat, 4 Feb 2023 15:47:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 314FlxCY061247; Sat, 4 Feb 2023 15:47:59 GMT (envelope-from git) Date: Sat, 4 Feb 2023 15:47:59 GMT Message-Id: <202302041547.314FlxCY061247@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Santhosh Raju Subject: git: 2621a7fc635d - main - security/wolfssl: Update to v5.5.4 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fox X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2621a7fc635d4fbc955ec156fabbf26037f27a9c Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by fox: URL: https://cgit.FreeBSD.org/ports/commit/?id=2621a7fc635d4fbc955ec156fabbf26037f27a9c commit 2621a7fc635d4fbc955ec156fabbf26037f27a9c Author: Santhosh Raju AuthorDate: 2023-02-04 15:44:24 +0000 Commit: Santhosh Raju CommitDate: 2023-02-04 15:44:24 +0000 security/wolfssl: Update to v5.5.4 Changes since v5.5.3: wolfSSL Release 5.5.4 (Dec 21, 2022) Release 5.5.4 of wolfSSL embedded TLS has bug fixes and new features including: New Feature Additions * QUIC related changes for HAProxy integration and config option * Support for Analog Devices MAXQ1080 and MAXQ1065 * Testing and build of wolfSSL with NuttX * New software based entropy gatherer with configure option --enable-entropy-memuseOP * NXP SE050 feature expansion and fixes, adding in RSA support and conditional compile of AES and CMAC * Support for multi-threaded sniffer Improvements / Optimizations Benchmark and Tests * Add alternate test case for unsupported static memory API when testing mutex allocations * Additional unit test cases added for AES CCM 256-bit * Initialize and free AES object with benchmarking AES-OFB * Kyber with DTLS 1.3 tests added * Tidy up Espressif ESP32 test and benchmark examples * Rework to be able to run API tests individually and add display of time taken per test Build and Port Improvements * Add check for 64-bit ABI on MIPS64 before declaring a 64-bit CPU * Add support to detect SIZEOF_LONG in armclang and diab * Added in a simple example working on Rx72n * Update azsphere support to prevent compilation of file included inline * --enable-brainpool configure option added and default to on when custom curves are also on * Add RSA PSS salt defines to engine builds if not FIPS v2 Post Quantum * Remove kyber-90s and route all Kyber through wolfcrypt * Purge older version of NTRU and SABER from wolfSSL SP Math * Support static memory build with sp-math * SP C, SP int: improve performance * SP int: support mingw64 again * SP int: enhancements to guess 64-bit type and check on NO_64BIT macro set before using long long * SP int: check size required when using sp_int on stack * SP: --enable-sp-asm now enables SP by default if not set * SP: support aarch64 big endian DTLS * Allow DTLS 1.3 to compile when FIPS is enabled * Allow for stateless DTLS client hello parsing Misc. * Easier detection of DRBG health when using Intel’s RDRAND by updating the structures status value * Detection of duplicate known extensions with TLS * PKCS#11 handle a user PIN that is a NULL_PTR, compile time check in finding keys, add initialization API * Update max Cert Policy size based on RFC 5280 * Add Android CA certs path for wolfSSL_CTX_load_system_CA_certs() * Improve logic for enabling system CA certs on Apple devices * Stub functions to allow for cpuid public functions with non-intel builds * Increase RNG_SECURITY_STRENGTH for FIPS * Improvements in OpenSSL Compat ERR Queue handling * Support ASN1/DER CRLs in LoadCertByIssuer * Expose more ECC math functions and improve async shared secret * Improvement for sniffer error messages * Warning added that renegotiation in TLS 1.3 requires session ticket * Adjustment for TLS 1.3 post auth support * Rework DH API and improve PEM read/write Build Fixes * Fix --enable-devcrypto build error for sys without u_int8_t type * Fix casts in evp.c and build issue in ParseCRL * Fixes for compatibility layer building with heap hint and OSSL callbacks * fix compile error due to Werro=undef on gcc-4.8 * Fix mingw-w64 build issues on windows * Xcode project fixes for different build settings * Initialize variable causing failures with gcc-11 and gcc-12 with a unique wolfSSL build configuration * Prevent WOLFSSL_NO_MALLOC from breaking RSA certificate verification * Fixes for various tests that do not properly handle `WC_PENDING_E` with async. builds * Fix for misc `HashObject` to be excluded for `WOLFCRYPT_ONLY` OCSP Fixes * Correctly save next status with OCSP response verify * When the OCSP responder returns an unknown exception, continue through to checking the CRL Math Fixes * Fix for implicit conversion with 32-bit in SP math * Fix for error checks when modulus is even with SP int build * Fix for checking of err in _sp_exptmod_nct with SP int build * ECC cofactor fix when checking scalar bits * ARM32 ASM: don't use ldrd on user data * SP int, fix when ECC specific size code included Port Fixes * Fixes for STM32 PKA ECC (not 256-bit) and improvements for AES-GCM * Fix for cryptocell signature verification with ECC * Benchmark devid changes, CCM with SECO fix, set IV on AES import into SECO Compat. Layer Fixes * Fix for handling DEFAULT:... cipher suite list * Fix memory leak in wolfSSL_X509_NAME_ENTRY_get_object * Set alt name type to V_ASN1_IA5STRING * Update name hash functions wolfSSL_X509_subject_name_hash and wolfSSL_X509_issuer_name_hash to hash the canonical form of subject * Fix wolfSSL_set_SSL_CTX() to be usable during handshake * Fix X509_get1_ocsp to set num of elements in stack * X509v3 EXT d2i: fix freeing of aia * Fix to remove recreation of certificate with wolfSSL_PEM_write_bio_X509() * Link newly created x509 store's certificate manager to self by default to assist with CRL verification * Fix for compatibility `EC_KEY_new_by_curve_name` to not create a key if the curve is not found Misc. * Free potential signer malloc in a fail case * fix other name san parsing and add RID cert to test parsing * WOLFSSL_OP_NO_TICKET fix for TLSv1.2 * fix ASN template parsing of X509 subject directory attribute * Fix the wrong IV size with the cipher suite TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 * Fix incorrect self signed error return when compiled with certreq and certgen. * Fix wrong function name in debug comment with wolfSSL_X509_get_name_oneline() * Fix for decryption after second handshake with async sniffer * Allow session tickets to properly resume when using PQ KEMs * Add sanity overflow check to DecodeAltNames input buffer access --- security/wolfssl/Makefile | 2 +- security/wolfssl/distinfo | 6 +++--- security/wolfssl/pkg-plist | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile index 5dc983b1a01b..e39485c010e3 100644 --- a/security/wolfssl/Makefile +++ b/security/wolfssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= wolfssl -PORTVERSION= 5.5.3 +PORTVERSION= 5.5.4 CATEGORIES= security devel MASTER_SITES= https://www.wolfssl.com/ \ LOCAL/fox diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo index 6b933d3d515a..1fd49e27f7d3 100644 --- a/security/wolfssl/distinfo +++ b/security/wolfssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1667845431 -SHA256 (wolfssl-5.5.3.zip) = bc441ae086ddb9d42e2ad391920b400b8cabb19d2aea5efb1cb90b527e0990ee -SIZE (wolfssl-5.5.3.zip) = 20551889 +TIMESTAMP = 1675516684 +SHA256 (wolfssl-5.5.4.zip) = 76da2d57183a5de2660f6214db7234d21df6d8c5ef12a79bdad5e68774dda380 +SIZE (wolfssl-5.5.4.zip) = 20699104 diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist index a4c68461b7f0..e701605ecaf0 100644 --- a/security/wolfssl/pkg-plist +++ b/security/wolfssl/pkg-plist @@ -237,7 +237,7 @@ include/wolfssl/wolfio.h lib/libwolfssl.a lib/libwolfssl.so lib/libwolfssl.so.35 -lib/libwolfssl.so.35.2.1 +lib/libwolfssl.so.35.3.0 libdata/pkgconfig/wolfssl.pc %%PORTDOCS%%%%DOCSDIR%%/QUIC.md %%PORTDOCS%%%%DOCSDIR%%/README.txt