From c1090cff3fcccf9e2152c9bce9b085e5fab4dd93 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 17 Aug 2020 14:42:20 -0700 Subject: [PATCH 1/9] update rpm-spec.in --- rpm/spec.in | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rpm/spec.in b/rpm/spec.in index 188d91066a..5911599f89 100644 --- a/rpm/spec.in +++ b/rpm/spec.in @@ -74,7 +74,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/libwolfssl.la %{_libdir}/libwolfssl.so %{_libdir}/libwolfssl.so.24 -%{_libdir}/libwolfssl.so.24.1.0 +%{_libdir}/libwolfssl.so.24.2.0 %files devel %defattr(-,root,root,-) @@ -180,6 +180,7 @@ mkdir -p $RPM_BUILD_ROOT/ %{_includedir}/wolfssl/ocsp.h %{_includedir}/wolfssl/openssl/aes.h %{_includedir}/wolfssl/openssl/asn1.h +%{_includedir}/wolfssl/openssl/asn1t.h %{_includedir}/wolfssl/openssl/bio.h %{_includedir}/wolfssl/openssl/bn.h %{_includedir}/wolfssl/openssl/buffer.h @@ -300,6 +301,9 @@ mkdir -p $RPM_BUILD_ROOT/ %{_libdir}/pkgconfig/wolfssl.pc %changelog +* Mon Aug 17 2020 John Safranek +- Add a missing header. +- Update for release. * Thu Apr 16 2020 John Safranek - Add some missing headers. - Sort the file list. From 6e49a63e50a48e11b9dc5339f09e01e50d0708ee Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 17 Aug 2020 17:12:11 -0700 Subject: [PATCH 2/9] fix call to MakeAnyCert from wc_MakeNtruCert(); it was missing the new parameter --- wolfcrypt/src/asn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c3b08230b9..d3d263e0ef 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13475,7 +13475,8 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, const byte* ntruKey, word16 keySz, WC_RNG* rng) { - return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz, NULL); + return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, + ntruKey, keySz, NULL, NULL); } #endif /* HAVE_NTRU */ From 113753370d08dcda30aaabc173638ac054fa0631 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 18 Aug 2020 17:06:57 -0700 Subject: [PATCH 3/9] Long Test Fixes 1. Sniffer was trying to log a NULL pointer as a string. Logged a string instead. 2. Few misc fixes in ECC. --- src/sniffer.c | 4 ++-- wolfcrypt/src/ecc.c | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/sniffer.c b/src/sniffer.c index 1e802486d0..37353df268 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1737,7 +1737,7 @@ int ssl_SetPrivateKeyBuffer(const char* address, int port, int ret; TraceHeader(); - TraceSetServer(address, port, NULL); + TraceSetServer(address, port, "from buffer"); wc_LockMutex(&ServerListMutex); ret = SetNamedPrivateKey(NULL, address, port, keyBuf, keySz, @@ -1826,7 +1826,7 @@ int ssl_SetEphemeralKeyBuffer(const char* address, int port, int ret; TraceHeader(); - TraceSetServer(address, port, NULL); + TraceSetServer(address, port, "from buffer"); wc_LockMutex(&ServerListMutex); ret = SetNamedPrivateKey(NULL, address, port, keyBuf, keySz, diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 5b203e13bd..72a90e306a 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2843,7 +2843,7 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) { int err = MP_OKAY; - XMEMSET(*key, 0, sizeof(key)); + XMEMSET(key, 0, sizeof(*key)); key->t1 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); key->t2 = (mp_int*)XMALLOC(sizeof(mp_int), heap, DYNAMIC_TYPE_ECC); @@ -2865,6 +2865,7 @@ static int ecc_key_tmp_init(ecc_key* key, void* heap) static void ecc_key_tmp_final(ecc_key* key, void* heap) { + (void)heap; #ifdef ALT_ECC_SIZE if (key->z != NULL) XFREE(key->z, heap, DYNAMIC_TYPE_ECC); @@ -2875,7 +2876,7 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap) #endif if (key->t2 != NULL) XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); - if (key.t1 != NULL) + if (key->t1 != NULL) XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); } #endif /* WOLFSSL_SMALL_STACK_CACHE */ @@ -2969,7 +2970,7 @@ int wc_ecc_mulmod_ex(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } #ifdef WOLFSSL_SMALL_STACK_CACHE R->key = NULL; - ecc_key_tmp_free(&key, heap); + ecc_key_tmp_final(&key, heap); #endif /* WOLFSSL_SMALL_STACK_CACHE */ return err; @@ -3123,7 +3124,7 @@ int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, } #ifdef WOLFSSL_SMALL_STACK_CACHE R->key = NULL; - ecc_key_tmp_free(&key, heap); + ecc_key_tmp_final(&key, heap); #endif /* WOLFSSL_SMALL_STACK_CACHE */ return err; From 38b717eb42bd830a497896d74ebc9c6272666ba6 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 19 Aug 2020 08:41:36 +1000 Subject: [PATCH 4/9] Clear MP in ECC to free allocated memory --- wolfcrypt/src/ecc.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 72a90e306a..7215dc3173 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2811,25 +2811,26 @@ static int ecc_point_to_mont(ecc_point* p, ecc_point* r, mp_int* modulus, err = mp_init(mu); if (err == MP_OKAY) { err = mp_montgomery_calc_normalization(mu, modulus); - } - if (err == MP_OKAY) { - if (mp_cmp_d(mu, 1) == MP_EQ) { - err = mp_copy(p->x, r->x); - if (err == MP_OKAY) - err = mp_copy(p->y, r->y); - if (err == MP_OKAY) - err = mp_copy(p->z, r->z); - } - else { - err = mp_mulmod(p->x, mu, modulus, r->x); - if (err == MP_OKAY) - err = mp_mulmod(p->y, mu, modulus, r->y); - if (err == MP_OKAY) - err = mp_mulmod(p->z, mu, modulus, r->z); + if (err == MP_OKAY) { + if (mp_cmp_d(mu, 1) == MP_EQ) { + err = mp_copy(p->x, r->x); + if (err == MP_OKAY) + err = mp_copy(p->y, r->y); + if (err == MP_OKAY) + err = mp_copy(p->z, r->z); + } + else { + err = mp_mulmod(p->x, mu, modulus, r->x); + if (err == MP_OKAY) + err = mp_mulmod(p->y, mu, modulus, r->y); + if (err == MP_OKAY) + err = mp_mulmod(p->z, mu, modulus, r->z); + } } - } + mp_clear(mu); + } #ifdef WOLFSSL_SMALL_STACK if (mu != NULL) XFREE(mu, heap, DYNAMIC_TYPE_ECC); From 55632a0567493eb622c65f5da6fd490dab4505c0 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 18 Aug 2020 17:49:28 -0700 Subject: [PATCH 5/9] Two more out of order DTLS message fixes. --- src/internal.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index 0e3d12aaff..bc50433179 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8339,7 +8339,9 @@ static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { if (!DtlsCheckWindow(ssl) || - (ssl->keys.curEpoch == 0 && rh->type == application_data)) { + (rh->type == application_data && ssl->keys.curEpoch == 0) || + (rh->type == alert && ssl->options.handShakeDone && + ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) { WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR); return SEQUENCE_ERROR; } @@ -12275,6 +12277,14 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) WOLFSSL_MSG("Duplicate Finished received"); return DUPLICATE_MSG_E; } +#ifdef HAVE_DTLS + if (ssl->options.dtls) { + if (ssl->keys.curEpoch == 0) { + WOLFSSL_MSG("Finished received with epoch 0"); + return SEQUENCE_ERROR; + } + } +#endif ssl->msgsReceived.got_finished = 1; if (ssl->msgsReceived.got_change_cipher == 0) { From 1f10e77b0fc89ef02f505f71003d55c7072c15ad Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 19 Aug 2020 09:30:32 -0700 Subject: [PATCH 6/9] Fix for SP math with `WOLFSSL_VALIDATE_ECC_KEYGEN`. Fixes logic error on point x/y zero check. --- wolfcrypt/src/sp_arm32.c | 4 ++-- wolfcrypt/src/sp_arm64.c | 4 ++-- wolfcrypt/src/sp_armthumb.c | 4 ++-- wolfcrypt/src/sp_c32.c | 4 ++-- wolfcrypt/src/sp_c64.c | 4 ++-- wolfcrypt/src/sp_cortexm.c | 4 ++-- wolfcrypt/src/sp_x86_64.c | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index cbe7bdaa4b..c5fb892c58 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -34783,7 +34783,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_8(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_8(point->x) == 0) || (sp_256_iszero_8(point->y) == 0)) { + if (sp_256_iszero_8(point->x) || sp_256_iszero_8(point->y)) { err = ECC_INF_E; } } @@ -44487,7 +44487,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_12(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_12(point->x) == 0) || (sp_384_iszero_12(point->y) == 0)) { + if (sp_384_iszero_12(point->x) || sp_384_iszero_12(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index dbd4bdf50a..d89e44ee28 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -36055,7 +36055,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_4(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_4(point->x) == 0) || (sp_256_iszero_4(point->y) == 0)) { + if (sp_256_iszero_4(point->x) || sp_256_iszero_4(point->y)) { err = ECC_INF_E; } } @@ -42742,7 +42742,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_6(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_6(point->x) == 0) || (sp_384_iszero_6(point->y) == 0)) { + if (sp_384_iszero_6(point->x) || sp_384_iszero_6(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index d1a17356d7..b974802d53 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -20506,7 +20506,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_8(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_8(point->x) == 0) || (sp_256_iszero_8(point->y) == 0)) { + if (sp_256_iszero_8(point->x) || sp_256_iszero_8(point->y)) { err = ECC_INF_E; } } @@ -27324,7 +27324,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_12(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_12(point->x) == 0) || (sp_384_iszero_12(point->y) == 0)) { + if (sp_384_iszero_12(point->x) || sp_384_iszero_12(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 9ca0f20649..a07ba763db 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -17205,7 +17205,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_10(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_10(point->x) == 0) || (sp_256_iszero_10(point->y) == 0)) { + if (sp_256_iszero_10(point->x) || sp_256_iszero_10(point->y)) { err = ECC_INF_E; } } @@ -24543,7 +24543,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_15(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_15(point->x) == 0) || (sp_384_iszero_15(point->y) == 0)) { + if (sp_384_iszero_15(point->x) || sp_384_iszero_15(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index 4cf825a480..5e5c42fddd 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -16964,7 +16964,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_5(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_5(point->x) == 0) || (sp_256_iszero_5(point->y) == 0)) { + if (sp_256_iszero_5(point->x) || sp_256_iszero_5(point->y)) { err = ECC_INF_E; } } @@ -23766,7 +23766,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_7(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_7(point->x) == 0) || (sp_384_iszero_7(point->y) == 0)) { + if (sp_384_iszero_7(point->x) || sp_384_iszero_7(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index fc69500ac7..7224e3c331 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -19348,7 +19348,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_8(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_8(point->x) == 0) || (sp_256_iszero_8(point->y) == 0)) { + if (sp_256_iszero_8(point->x) || sp_256_iszero_8(point->y)) { err = ECC_INF_E; } } @@ -26743,7 +26743,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_12(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_12(point->x) == 0) || (sp_384_iszero_12(point->y) == 0)) { + if (sp_384_iszero_12(point->x) || sp_384_iszero_12(point->y)) { err = ECC_INF_E; } } diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 6ab4f7d91c..1b52f988fe 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -22200,7 +22200,7 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_256_ecc_mulmod_4(infinity, point, p256_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_256_iszero_4(point->x) == 0) || (sp_256_iszero_4(point->y) == 0)) { + if (sp_256_iszero_4(point->x) || sp_256_iszero_4(point->y)) { err = ECC_INF_E; } } @@ -29252,7 +29252,7 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) err = sp_384_ecc_mulmod_6(infinity, point, p384_order, 1, 1, NULL); } if (err == MP_OKAY) { - if ((sp_384_iszero_6(point->x) == 0) || (sp_384_iszero_6(point->y) == 0)) { + if (sp_384_iszero_6(point->x) || sp_384_iszero_6(point->y)) { err = ECC_INF_E; } } From 362e32818075a58e417bf4dd0c91fabb39078fc9 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 19 Aug 2020 10:46:03 -0700 Subject: [PATCH 7/9] NTRU fixes 1. When configuring for NTRU, enable static RSA. 2. The echoserver should not try to use NTRU with TLSv1.3. --- configure.ac | 2 +- examples/echoserver/echoserver.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 1f624d106b..154feca82b 100644 --- a/configure.ac +++ b/configure.ac @@ -2970,7 +2970,7 @@ AC_ARG_WITH([ntru], AC_MSG_RESULT([yes]) fi - AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS" + AM_CFLAGS="$AM_CFLAGS -DHAVE_NTRU -DHAVE_TLS_EXTENSIONS -DWOLFSSL_STATIC_RSA" ENABLED_NTRU="yes" ] ) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 1ed4d1fe9e..93996a11a8 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -138,7 +138,8 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args) #if defined(CYASSL_DTLS) method = CyaDTLSv1_2_server_method(); #elif !defined(NO_TLS) - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER) + #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_SNIFFER)) || \ + defined(HAVE_NTRU) method = CyaTLSv1_2_server_method(); #else method = CyaSSLv23_server_method(); From 549c47de65a40fd28cd6c18b2c98d973d9183979 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 19 Aug 2020 10:21:53 +1000 Subject: [PATCH 8/9] Handle when k is 1 or order + 1 for timing resistant ECC --- wolfcrypt/src/ecc.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 7215dc3173..6e46308165 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3105,6 +3105,23 @@ int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, if (err == MP_OKAY) err = ecc_mulmod(&t, tG, R, M, a, modulus, mp, rng); + /* Check for k == 1 or k == order+1. Result will be 0 point which is not + * correct. Calculates 2 * order and get 0 point then adds base point + * which results in 0 point with constant time implementation) + */ + if (err == MP_OKAY) + err = mp_add_d(order, 1, &t); + if (err == MP_OKAY) { + int kIsOne = (mp_cmp_d(k, 1) == MP_EQ) | (mp_cmp(k, &t) == MP_EQ); + err = mp_cond_copy(tG->x, kIsOne, R->x); + if (err == 0) { + err = mp_cond_copy(tG->y, kIsOne, R->y); + } + if (err == 0) { + err = mp_cond_copy(tG->z, kIsOne, R->z); + } + } + mp_forcezero(&t); mp_free(&t); #else From 05671d183cda3200bc178cec71443bc6345cec1d Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 19 Aug 2020 10:53:26 -0700 Subject: [PATCH 9/9] update README/ChangeLog --- ChangeLog.md | 2 +- README | 2 +- README.md | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 576c26c9d6..31b3a3ab48 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,4 +1,4 @@ -# wolfSSL Release 4.5.0 (August 18, 2020) +# wolfSSL Release 4.5.0 (August 19, 2020) If you have questions about this release, feel free to contact us on our info@ address. diff --git a/README b/README index d6405d2275..06efb96d99 100644 --- a/README +++ b/README @@ -73,7 +73,7 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 4.5.0 (August 18, 2020) +# wolfSSL Release 4.5.0 (August 19, 2020) If you have questions about this release, feel free to contact us on our info@ address. diff --git a/README.md b/README.md index 7187f3539b..06efb96d99 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 4.5.0 (August 18, 2020) +# wolfSSL Release 4.5.0 (August 19, 2020) If you have questions about this release, feel free to contact us on our info@ address. @@ -126,6 +126,11 @@ Release 4.5.0 of wolfSSL embedded TLS has bug fixes and new features including: * Fix for sanity check on padding with DES3 conversion of PEM to DER * Sanity check for potential out of bounds read with fp_read_radix_16 * Additional checking of ECC scalars. +* Fixing the FIPS Ready build w.r.t. ecc.c. +* When processing certificate names with OpenSSL compatibility layer + enabled, unknown name item types were getting handled as having NID 0, + and failing. Added a couple more items to what is handled correctly, + and ignoring anything that is an unknown type. ## Improvements/Optimizations