From nobody Sat Oct 1 11:56:00 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mflt86ZkSz4dwL3; Sat, 1 Oct 2022 11:56:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mflt866lHz3dXg; Sat, 1 Oct 2022 11:56:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664625360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YDTwfQaRJI6tHxhLrijN6IjqW+Dr/+fnR2VK3aO/M6I=; b=cb5a2qBMHTBekMHz4dpYKy+6zMU75YRvEvntU+dII4CuVLqjuK81tD+m7zum8z5iSK9ZRv aCSuUW1AEICjEuHAGzTO62k53nm1+n7hoDP040xKjnzcFcnnqd5NpXf2PBVK5NBpQTtOp8 QtD4w4jbuPw1HjuB/FlbbnHJX8/Wr18LCOEdug/kUCOxaDZpoQRtuhwx3ZI76m4eRi9LVP NXrGLdiqvRIF96loUSY+adgeXpJLsETtqd5tiYmJ3jFcOLtTCXepyQ03D0lHPFGPuvBcUj Eg2wQHkJ8PbivXqnTrF6V7cO7RRgylJhwWvpho3HR5dQsHt+E0jgm2hV7GF7/g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mflt859QwzWsM; Sat, 1 Oct 2022 11:56:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 291Bu0VY024249; Sat, 1 Oct 2022 11:56:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 291Bu0XY024248; Sat, 1 Oct 2022 11:56:00 GMT (envelope-from git) Date: Sat, 1 Oct 2022 11:56:00 GMT Message-Id: <202210011156.291Bu0XY024248@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Santhosh Raju Subject: git: 44b4edac3502 - main - security/wolfssl: Update to v5.5.1 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: fox X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 44b4edac350261df25ca4153ed01148a94051d90 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1664625360; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YDTwfQaRJI6tHxhLrijN6IjqW+Dr/+fnR2VK3aO/M6I=; b=yDcFI1ThUwxpToRLTMxeYJmO030YXO41pd9C4ckOKeP2gjnKogaEg9KE3vtPmZBJUgqcUy C8xLXZT8WQm0JSL+ImljhQvvAE60sntgX/SpnNZuiJtj7DVp9p3NLzPJHtkzTDzVPRdv8l 5H7cAmWPXSihi/7qmqMXsJH4SQ/6VY7ftU2KnC9fxq917mEGZmwyK8ia7YmyMrtyvxwgY6 LXuLdNCGywdWGR+dRfyBUPztQ5R6WCmqjrTtFCXYM0cPQ2k6bbJHWzptH58+hudrJVbIYA 0kvUkkwhZFI8Kgp1SLwBHdcs2TsYs7DTlUk/CEzsIYQKGngAkg12ecpfMDSWrQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1664625360; a=rsa-sha256; cv=none; b=gQo4KCv4Cm3Lz4Op65gqoRYhDWyy1HwVAQ/4JXAgqX3XVl4Mx0StkOTJ+dX+s5kI3q1nC1 YBF06PMrM1clIPhGSqjLMhC+hc29ZLwZbB0RIS61PePA7ffw0ef9SVtHjHncUKiG/JJ/OG /kn/qSZgqrsnhlfistdp5onGVJrKTOrpxUqjtXviki5u604Iwwad4rtJ6EVqbkLrJYlbhd NGeWrXHUeSeir+okb/vCWzj58f764C5ayuRi0+0CZ9sqSzQl+fei/nfKOnIOciYK3AbcVc laSI3Y+Id4y8j1bzbGfFLVDBm1gZFVt4fxjkP9ORq5XKcoiVWS1lsaHuJVA3Yg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by fox: URL: https://cgit.FreeBSD.org/ports/commit/?id=44b4edac350261df25ca4153ed01148a94051d90 commit 44b4edac350261df25ca4153ed01148a94051d90 Author: Santhosh Raju AuthorDate: 2022-10-01 11:47:54 +0000 Commit: Santhosh Raju CommitDate: 2022-10-01 11:55:13 +0000 security/wolfssl: Update to v5.5.1 Changes since v5.5.0: wolfSSL Release 5.5.1 (Sep 28, 2022) Latest Vulnerabilities * [Med] Denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. New Feature Additions * Add support for non-blocking ECC key gen and shared secret gen for P-256/384/521 * Add support for non-blocking ECDHE/ECDSA in TLS/DTLS layer. * Port to NXP RT685 with FreeRTOS * Add option to build post quantum Kyber API (--enable-kyber) * Add post quantum algorithm sphincs to wolfCrypt * Config. option to force no asm with SP build (--enable-sp=noasm) * Allow post quantum keyshare for DTLS 1.3 Enhancements * DTLSv1.3: Do HRR Cookie exchange by default * Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API * Update ide win10 build files to add missing sp source files * Improve Workbench docs * Improve EVP support for CHACHA20_POLY1305 * Improve wc_SetCustomExtension documentation * RSA-PSS with OCSP and add simple OCSP response DER verify test case * Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h * Don't over-allocate memory for DTLS fragments * Add WOLFSSL_ATECC_TFLXTLS for Atmel port * SHA-3 performance improvements with x86_64 assembly * Add code to fallback to S/W if TSIP cannot handle * Improves entropy with VxWorks * Make time in milliseconds 64-bits for longer session ticket lives * Support for setting cipher list with bytes * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements * Add to RSAES-OAEP key parsing for pkcs7 * Add missing DN nid to work with PrintName() * SP int: default to 16 bit word size when NO_64BIT defined * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached * Detect when certificate's RSA public key size is too big and fail on loading of certificate Fixes * Fix for async with OCSP non-blocking in ProcessPeerCerts * Fixes for building with 32-bit and socket size sign/unsigned mismatch * Fix Windows CMakeList compiler options * TLS 1.3 Middle-Box compat: fix missing brace * Configuration consistency fixes for RSA keys and way to force disable of private keys * Fix for Aarch64 Mac M1 SP use * Fix build errors and warnings for MSVC with DTLS 1.3 * Fix HMAC compat layer function for SHA-1 * Fix DTLS 1.3 do not negotiate ConnectionID in HelloRetryRequest * Check return from call to wc_Time * SP math: fix build configuration with opensslall * Fix for async session tickets * SP int mp_init_size fixes when SP_WORD_SIZE == 8 * Ed. function to make public key now checks for if the private key flag is set * Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash * Fix for building with PSK only * Set correct types in wolfSSL_sk_*_new functions * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS --- security/wolfssl/Makefile | 2 +- security/wolfssl/distinfo | 6 +++--- security/wolfssl/pkg-plist | 6 +++++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile index ffff645c797b..2b45f4b77e0f 100644 --- a/security/wolfssl/Makefile +++ b/security/wolfssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= wolfssl -PORTVERSION= 5.5.0 +PORTVERSION= 5.5.1 CATEGORIES= security devel MASTER_SITES= https://www.wolfssl.com/ \ LOCAL/fox diff --git a/security/wolfssl/distinfo b/security/wolfssl/distinfo index 4580a4cf7ebf..594abbe2c29a 100644 --- a/security/wolfssl/distinfo +++ b/security/wolfssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1662280431 -SHA256 (wolfssl-5.5.0.zip) = f5cae7077ffb88d2980b467747e4bff0f3a927e22351d17eadcf1d09ba56d374 -SIZE (wolfssl-5.5.0.zip) = 20168520 +TIMESTAMP = 1664621010 +SHA256 (wolfssl-5.5.1.zip) = 5f443b1a05bc7d7fd62f74b12b1004891c73dca0141dbcef79b14ee3b29216a4 +SIZE (wolfssl-5.5.1.zip) = 20389385 diff --git a/security/wolfssl/pkg-plist b/security/wolfssl/pkg-plist index 7acb39f915ab..ae8f9778081c 100644 --- a/security/wolfssl/pkg-plist +++ b/security/wolfssl/pkg-plist @@ -185,6 +185,7 @@ include/wolfssl/wolfcrypt/eccsi.h include/wolfssl/wolfcrypt/ed25519.h include/wolfssl/wolfcrypt/ed448.h include/wolfssl/wolfcrypt/error-crypt.h +include/wolfssl/wolfcrypt/ext_kyber.h include/wolfssl/wolfcrypt/falcon.h include/wolfssl/wolfcrypt/fe_448.h include/wolfssl/wolfcrypt/fe_operations.h @@ -195,6 +196,7 @@ include/wolfssl/wolfcrypt/hash.h include/wolfssl/wolfcrypt/hmac.h include/wolfssl/wolfcrypt/integer.h include/wolfssl/wolfcrypt/kdf.h +include/wolfssl/wolfcrypt/kyber.h include/wolfssl/wolfcrypt/logging.h include/wolfssl/wolfcrypt/md2.h include/wolfssl/wolfcrypt/md4.h @@ -221,11 +223,13 @@ include/wolfssl/wolfcrypt/sha512.h include/wolfssl/wolfcrypt/signature.h include/wolfssl/wolfcrypt/siphash.h include/wolfssl/wolfcrypt/sp_int.h +include/wolfssl/wolfcrypt/sphincs.h include/wolfssl/wolfcrypt/srp.h include/wolfssl/wolfcrypt/tfm.h include/wolfssl/wolfcrypt/types.h include/wolfssl/wolfcrypt/visibility.h include/wolfssl/wolfcrypt/wc_encrypt.h +include/wolfssl/wolfcrypt/wc_kyber.h include/wolfssl/wolfcrypt/wc_port.h include/wolfssl/wolfcrypt/wolfevent.h include/wolfssl/wolfcrypt/wolfmath.h @@ -233,7 +237,7 @@ include/wolfssl/wolfio.h lib/libwolfssl.a lib/libwolfssl.so lib/libwolfssl.so.35 -lib/libwolfssl.so.35.0.0 +lib/libwolfssl.so.35.1.0 libdata/pkgconfig/wolfssl.pc %%PORTDOCS%%%%DOCSDIR%%/QUIC.md %%PORTDOCS%%%%DOCSDIR%%/README.txt