Skip to content

wolfSSL version 3.12.0
Compare
Choose a tag to compare
@JacobBarthelmeh JacobBarthelmeh released this 07 Aug 21:44
· 17754 commits to master since this release
v3.12.0-stable
d195009

wolfSSL (Formerly CyaSSL) Release 3.12.0 (8/04/2017)

Release 3.12.0 of wolfSSL has bug fixes and new features including:

  • TLS 1.3 with Nginx! TLS 1.3 with ARMv8! TLS 1.3 with Async Crypto! (--enable-tls13)
  • TLS 1.3 0RTT feature added
  • Added port for using Intel SGX with Linux
  • Update and fix PIC32MZ port
  • Additional unit testing for MD5, SHA, SHA224, SHA256, SHA384, SHA512, RipeMd, HMAC, 3DES, IDEA, ChaCha20, ChaCha20Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, Hc128
  • AVX and AVX2 assembly for improved ChaCha20 performance
  • Intel QAT fixes for when using --disable-fastmath
  • Update how DTLS handles decryption and MAC failures
  • Update DTLS session export version number for --enable-sessionexport feature
  • Add additional input argument sanity checks to ARMv8 assembly port
  • Fix for making PKCS12 dynamic types match
  • Fixes for potential memory leaks when using --enable-fast-rsa
  • Fix for when using custom ECC curves and add BRAINPOOLP256R1 test
  • Update TI-RTOS port for dependency on new wolfSSL source files
  • DTLS multicast feature added, --enable-mcast
  • Fix for Async crypto with GCC 7.1 and HMAC when not using Intel QuickAssist
  • Improvements and enhancements to Intel QuickAssist support
  • Added Xilinx port
  • Added SHA3 Keccak feature, --enable-sha3
  • Expand wolfSSL Python wrapper to now include a client side implementation
  • Adjust example servers to not treat a peer closed error as a hard error
  • Added more sanity checks to fp_read_unsigned_bin function
  • Add SHA224 and AES key wrap to ARMv8 port
  • Update MQX classics and mmCAU ports
  • Fix for potential buffer over read with wolfSSL_CertPemToDer
  • Add PKCS7/CMS decode support for KARI with IssuerAndSerialNumber
  • Fix ThreadX/NetX warning
  • Fixes for OCSP and CRL non blocking sockets and for incomplete cert chain with OCSP
  • Added RSA PSS sign and verify
  • Fix for STM32F4 AES-GCM
  • Added enable all feature (--enable-all)
  • Added trackmemory feature (--enable-trackmemory)
  • Fixes for AES key wrap and PKCS7 on Windows VS
  • Added benchmark block size argument
  • Support use of staticmemory with PKCS7
  • Fix for Blake2b build with GCC 5.4
  • Fixes for compiling wolfSSL with GCC version 7, most dealing with switch statement fall through warnings.
  • Added warning when compiling without hardened math operations

Note:
There is a known issue with using ChaCha20 AVX assembly on versions of GCC earlier than 5.2. This is encountered with using the wolfSSL enable options --enable-intelasm and --enable-chacha. To avoid this issue ChaCha20 can be enabled with --enable-chacha=noasm.
If using --enable-intelasm and also using --enable-sha224 or --enable-sha256 there is a known issue with trying to use -fsanitize=address.

This release of wolfSSL fixes 1 low level security vulnerability.

Low level fix for a potential DoS attack on a wolfSSL client. Previously a client would accept many warning alert messages without a limit. This fix puts a limit to the number of warning alert messages received and if this limit is reached a fatal error ALERT_COUNT_E is returned. The max number of warning alerts by default is set to 5 and can be adjusted with the macro WOLFSSL_ALERT_COUNT_MAX. Thanks for the report from Tarun Yadav and Koustav Sadhukhan from Defence Research and Development Organization, INDIA.

See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html

Assets 3
Loading