Merge pull request #894 from JacobBarthelmeh/Release

Prepare for release 3.11.0

README

@@ -34,6 +34,71 @@ before calling wolfSSL_new();  Though it's not recommended.
 
 *** end Notes ***
 
+********* wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
+
+Release 3.11.0 of wolfSSL has bug fixes and new features including:
+
+- Code updates for warnings reported by Coverity scans
+- Testing and warning fixes for FreeBSD on PowerPC
+- Updates and refactoring done to ASN1 parsing functions
+- Change max PSK identity buffer to account for an identity length of 128 characters
+- Update Arduino script to handle recent files and additions
+- Added support for PKCS#7 Signed Data with ECDSA
+- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
+- DTLS update to allow multiple handshake messages in one DTLS record
+- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
+- Added support for HAproxy load balancer
+- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
+- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
+- Fix to not send session ID on server side if session cache is off unless we're echoing
+session ID as part of session tickets
+- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
+- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
+- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
+- Fixes for TLS elliptic curve selection on private key import.
+- Fixes for RNG with Intel rdrand and rdseed speedups.
+- Improved performance with Intel rdrand to use full 64-bit output
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source
+- Removed RNG ARC4 support
+- Added ECC helpers to get size and id from curve name.
+- Added ECC Cofactor DH (ECC-CDH) support
+- Added ECC private key only import / export functions.
+- Added PKCS8 create function
+- Improvements to TLS layer CTX handling for switching keys / certs.
+- Added check for duplicate certificate policy OID in certificates.
+- Normal math speed-up to not allocate on mp_int and defer until mp_grow
+- Reduce heap usage with fast math when not using ALT_ECC_SIZE
+- Fixes for building CRL with Windows
+- Added support for inline CRL lookup when HAVE_CRL_IO is defined
+- Added port for tenAsys INtime RTOS
+- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
+- Updated WPA Supplicant support
+- Added support for Nginx
+- Update stunnel port for version 5.40
+- Fixes for STM32 hardware crypto acceleration
+- Extended test code coverage in bundled test.c
+- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
+- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
+
+
+This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
+
+3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
+- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
+- Fix for DH key accepted by wc_DhAgree when the key was malformed.
+- Fix for a double free case when adding CA cert into X509_store.
+
+Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
+
+Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
+
+Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 ********* wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
 
 Release 3.10.2 of wolfSSL has bug fixes and new features including:

README.md

@@ -38,6 +38,72 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
 before calling wolfSSL_new();  Though it's not recommended.
 ```
 
+# wolfSSL (Formerly CyaSSL) Release 3.11.0 (5/04/2017)
+
+## Release 3.11.0 of wolfSSL has bug fixes and new features including:
+
+- Code updates for warnings reported by Coverity scans
+- Testing and warning fixes for FreeBSD on PowerPC
+- Updates and refactoring done to ASN1 parsing functions
+- Change max PSK identity buffer to account for an identity length of 128 characters
+- Update Arduino script to handle recent files and additions
+- Added support for PKCS#7 Signed Data with ECDSA
+- Fix for interoperability with ChaCha20-Poly1305 suites using older draft versions
+- DTLS update to allow multiple handshake messages in one DTLS record
+- Intel QuickAssist asynchronous support (PR #715 - https://www.wolfssl.com/wolfSSL/Blog/Entries/2017/1/18_wolfSSL_Asynchronous_Intel_QuickAssist_Support.html)
+- Added support for HAproxy load balancer
+- Added option to allow SHA1 with TLS 1.2 for IIS compatibility (WOLFSSL_ALLOW_TLS_SHA1)
+- Added Curve25519 51-bit Implementation, increasing performance on systems that have 128 bit types
+- Fix to not send session ID on server side if session cache is off unless we're echoing 
+session ID as part of session tickets
+- Fixes for ensuring all default ciphers are setup correctly (see PR #830)
+- Added NXP Hexiwear example in `IDE/HEXIWEAR`.
+- Added wolfSSL_write_dup() to create write only WOLFSSL object for concurrent access
+- Fixes for TLS elliptic curve selection on private key import.
+- Fixes for RNG with Intel rdrand and rdseed speedups.
+- Improved performance with Intel rdrand to use full 64-bit output
+- Added new --enable-intelrand option to indicate use of RDRAND preference for RNG source 
+- Removed RNG ARC4 support
+- Added ECC helpers to get size and id from curve name.
+- Added ECC Cofactor DH (ECC-CDH) support
+- Added ECC private key only import / export functions.
+- Added PKCS8 create function
+- Improvements to TLS layer CTX handling for switching keys / certs.
+- Added check for duplicate certificate policy OID in certificates.
+- Normal math speed-up to not allocate on mp_int and defer until mp_grow
+- Reduce heap usage with fast math when not using ALT_ECC_SIZE
+- Fixes for building CRL with Windows
+- Added support for inline CRL lookup when HAVE_CRL_IO is defined
+- Added port for tenAsys INtime RTOS
+- Improvements to uTKernel port (WOLFSSL_uTKERNEL2)
+- Updated WPA Supplicant support
+- Added support for Nginx
+- Update stunnel port for version 5.40
+- Fixes for STM32 hardware crypto acceleration
+- Extended test code coverage in bundled test.c
+- Added a sanity check for minimum authentication tag size with AES-GCM. Thanks to Yueh-Hsun Lin and Peng Li at KNOX Security at Samsung Research America for suggesting this.
+- Added a sanity check that subject key identifier is marked as non-critical and a check that no policy OIDS appear more than once in the cert policies extension. Thanks to the report from Professor Zhenhua Duan, Professor Cong Tian, and Ph.D candidate Chu Chen from Institute of Computing Theory and Technology (ICTT) of Xidian University, China. Profs. Zhenhua Duan and Cong Tian are supervisors of Ph.D candidate Chu Chen.
+
+
+This release of wolfSSL fixes 5 low and 1 medium level security vulnerability.
+
+3 Low level fixes reported by Yueh-Hsun Lin and Peng Li from KNOX Security, Samsung Research America.
+- Fix for out of bounds memory access in wc_DhParamsLoad() when GetLength() returns a zero. Before this fix there is a case where wolfSSL would read out of bounds memory in the function wc_DhParamsLoad.
+- Fix for DH key accepted by wc_DhAgree when the key was malformed.
+- Fix for a double free case when adding CA cert into X509_store.
+
+Low level fix for memory management with static memory feature enabled. By default static memory is disabled. Thanks to GitHub user hajjihraf for reporting this.
+
+
+Low level fix for out of bounds write in the function wolfSSL_X509_NAME_get_text_by_NID. This function is not used by TLS or crypto operations but could result in a buffer out of bounds write by one if called explicitly in an application. Discovered by Aleksandar Nikolic of Cisco Talos. http://talosintelligence.com/vulnerability-reports/
+
+Medium level fix for check on certificate signature. There is a case in release versions 3.9.10, 3.10.0 and 3.10.2 where a corrupted signature on a peer certificate would not be properly flagged. Thanks to Wens Lo, James Tsai, Kenny Chang, and Oscar Yang at Castles Technology.
+
+
+See INSTALL file for build instructions.
+More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html
+
+
 # wolfSSL (Formerly CyaSSL) Release 3.10.2 (2/10/2017)
 
 ## Release 3.10.2 of wolfSSL has bug fixes and new features including:

configure.ac

@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([wolfssl],[3.10.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
+AC_INIT([wolfssl],[3.11.0],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[http://www.wolfssl.com])
 
 AC_CONFIG_AUX_DIR([build-aux])
 
@@ -35,7 +35,7 @@ AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS.
 
 #shared library versioning
-WOLFSSL_LIBRARY_VERSION=11:0:0
+WOLFSSL_LIBRARY_VERSION=12:0:0
 #                       | | |
 #                +------+ | +---+
 #                |        |     |

rpm/spec.in

@@ -72,8 +72,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_docdir}/wolfssl/README.txt
 %{_libdir}/libwolfssl.la
 %{_libdir}/libwolfssl.so
-%{_libdir}/libwolfssl.so.11
-%{_libdir}/libwolfssl.so.11.0.0
+%{_libdir}/libwolfssl.so.12
+%{_libdir}/libwolfssl.so.12.0.0
 
 %files devel
 %defattr(-,root,root,-)
@@ -159,6 +159,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/cyassl/openssl/rsa.h
 %{_includedir}/cyassl/openssl/sha.h
 %{_includedir}/cyassl/openssl/ssl.h
+%{_includedir}/cyassl/openssl/ssl23.h
 %{_includedir}/cyassl/openssl/stack.h
 %{_includedir}/cyassl/openssl/ui.h
 %{_includedir}/cyassl/openssl/x509.h
@@ -172,6 +173,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/callbacks.h
 %{_includedir}/wolfssl/certs_test.h
 %{_includedir}/wolfssl/crl.h
+%{_includedir}/wolfssl/io.h
 %{_includedir}/wolfssl/wolfcrypt/aes.h
 %{_includedir}/wolfssl/wolfcrypt/cmac.h
 %{_includedir}/wolfssl/wolfcrypt/arc4.h
@@ -264,6 +266,7 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_includedir}/wolfssl/openssl/rsa.h
 %{_includedir}/wolfssl/openssl/sha.h
 %{_includedir}/wolfssl/openssl/ssl.h
+%{_includedir}/wolfssl/openssl/ssl23.h
 %{_includedir}/wolfssl/openssl/stack.h
 %{_includedir}/wolfssl/openssl/ui.h
 %{_includedir}/wolfssl/openssl/x509.h
@@ -277,6 +280,8 @@ mkdir -p $RPM_BUILD_ROOT/
 %{_libdir}/pkgconfig/wolfssl.pc
 
 %changelog
+* Thu May 04 2017 Jacob Barthelmeh <[email protected]>
+- Added header for wolfssl/io.h, wolfssl/openssl/ssl23.h, cyassl/openssl/ssl23.h
 * Thu Feb 09 2017 Jacob Barthelmeh <[email protected]>
 - Added header for wolfssl/wolfcrypt/wolfmath.h
 * Fri Nov 11 2016 Jacob Barthelmeh <[email protected]>

src/internal.c

@@ -6597,7 +6597,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
             ret = MEMORY_E;
     }
 
-    if (dCert->signature != NULL && dCert->sigLength != 0) {
+    if (dCert->signature != NULL && dCert->sigLength != 0 &&
+            dCert->sigLength <= MAX_ENCODED_SIG_SZ) {
         x509->sig.buffer = (byte*)XMALLOC(
                           dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
         if (x509->sig.buffer == NULL) {
@@ -7158,8 +7159,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                     ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
         #endif
                 }
-                else if (ret == ASN_PARSE_E) {
-                    WOLFSSL_MSG("Got Peer cert ASN PARSE ERROR, fatal");
+                else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
+                    WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
                     fatal = 1;
                 }
                 else {
@@ -7257,8 +7258,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             #endif /* HAVE_OCSP || HAVE_CRL */
 
             #ifdef KEEP_PEER_CERT
-                {
-                    /* set X509 format for peer cert even if fatal */
+                if (fatal == 0) {
+                    /* set X509 format for peer cert */
                     int copyRet = CopyDecodedToX509(&ssl->peerCert,
                                                                 args->dCert);
                     if (copyRet == MEMORY_E)
@@ -9238,6 +9239,7 @@ static INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
         {
             wc_AesAuthEncryptFunc aes_auth_fn;
+            const byte* additionalSrc;
         #if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
             aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
                             ? wc_AesGcmEncrypt : wc_AesCcmEncrypt;
@@ -9246,7 +9248,7 @@ static INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
         #else
             aes_auth_fn = wc_AesCcmEncrypt;
         #endif
-            const byte* additionalSrc = input - 5;
+            additionalSrc = input - 5;
 
             XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
 

support/wolfssl.pc

@@ -5,6 +5,6 @@ includedir=${prefix}/include
 
 Name: wolfssl
 Description: wolfssl C library.
-Version: 3.10.4
+Version: 3.11.0
 Libs: -L${libdir} -lwolfssl
 Cflags: -I${includedir}

wolfcrypt/src/asn.c

@@ -986,6 +986,17 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
     if (GetLength(input, &idx, &length, maxIdx) < 0)
         return ASN_PARSE_E;
 
+    /* extra sanity check that length is greater than 0 */
+    if (length <= 0) {
+        WOLFSSL_MSG("Error length was 0 in CheckBitString");
+        return BUFFER_E;
+    }
+
+    if (idx + 1 > maxIdx) {
+        WOLFSSL_MSG("Attempted buffer read larger than input buffer");
+        return BUFFER_E;
+    }
+
     b = input[idx];
     if (zeroBits && b != 0x00)
         return ASN_EXPECT_0_E;
@@ -998,7 +1009,7 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
             return ASN_PARSE_E;
     }
     idx++;
-    length--;
+    length--; /* length has been checked for greater than 0 */
 
     *inOutIdx = idx;
     if (len != NULL)

wolfssl/version.h

@@ -28,8 +28,8 @@
 extern "C" {
 #endif
 
-#define LIBWOLFSSL_VERSION_STRING "3.10.4"
-#define LIBWOLFSSL_VERSION_HEX 0x03010004
+#define LIBWOLFSSL_VERSION_STRING "3.11.0"
+#define LIBWOLFSSL_VERSION_HEX 0x03011000
 
 #ifdef __cplusplus
 }