Bot releases are hidden (Show)
Published by JacobBarthelmeh 7 months ago
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition. This option should only be used in backward compatibility scenarios, as it is inherently insecure.
NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define WOLFSSL_ASN_ORIGINAL
to use it. See PR #7199.
[High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
[Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
[Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
dh_ffdhe_test
test case using Intel QuickAssist (PR 7085)NO_STDIO_FILESYSTEM
and improve checks for XGETENV
(PR 7150)Published by cconlon 10 months ago
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
REMINDER: When working with AES Block Cipher algorithms, wc_AesInit()
should always be called first to initialize the Aes
structure, before calling other Aes API functions. Recently we found several places in our documentation, comments, and codebase where this pattern was not observed. We have since fixed this omission in several PRs for this release.
[Medium] CVE-2023-6935: After review of the previous RSA timing fix in wolfSSL 5.6.4, additional changes were found to be required. A complete resistant change is delivered in this release. This fix is for the Marvin attack, leading to being able to decrypt a saved TLS connection and potentially forge a signature after probing with a very large number of trial connections. This issue is around RSA decryption and affects the optional static RSA cipher suites on the server side, which are considered weak, not recommended to be used and are off by default in wolfSSL (even with --enable-all
). Static RSA cipher suites were also removed from the TLS 1.3 protocol and are only present in TLS 1.2 and lower. All padding versions of RSA decrypt are affected since the code under review is outside of the padding processing. Information about the private keys is NOT compromised in affected code. It is recommended to disable static RSA cipher suites and update the version of wolfSSL used if using RSA private decryption alone outside of TLS. Thanks to Hubert Kario for the report. The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6955.
[Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional WOLFSSL_CALLBACKS
has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of WOLFSSL_CALLBACKS
on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
[Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “--enable-aes-bitsliced
” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
[Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
WOLFSSL_NO_CRL_DATE_CHECK
) (PR 6927)--enable-srtp-kdf
) (PR 6888)wolfSSL_EXTENDED_KEY_USAGE_free()
(PR 6916)--enable-aes-bitsliced
) (PR 6854)--sys-ca-certs
” configure option (PR 6910)--enable-quic
” to “--enable-all
” configure option (PR 6957)HAVE___UINT128_T
” to options.h for CMake builds (PR 6965)ssl_crypto.c
file (PR 6935)wolfSSL_i2d_X509()
(PR 6891)EVP_EncodeBlock()
appending a newline (PR 6900)wolfSSL_RSA_verify_PKCS1_PSS()
with RSA_PSS_SALTLEN_AUTO
(PR 6938)isalpha()
and isalnum()
calls (PR 6810)WOLFSSL_CALLBACKS
and potential memory error (PR 6949)FREESCALE_MMCAU
) (PR 6970)SendBuffered()
return code in non-blocking mode (PR 7001)Hmac_UpdateFinal()
when padding byte is invalid (PR 6998)wc_AesInit()
before wc_AesSetKey()
(PR 7011)Published by JacobBarthelmeh 12 months ago
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
* Old CyaSSL/CtaoCrypt shim layer was removed in this release (5.6.4)
wc_SignatureGenerate_ex
to not call verify twicePublished by ejohnstown over 1 year ago
Release 5.6.3 of wolfSSL embedded TLS has 4 bug fixes:
Published by JacobBarthelmeh over 1 year ago
Release 5.6.2 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
Release 5.6.2 of wolfSSL embedded TLS has bug fixes and new features including:
Published by JacobBarthelmeh over 1 year ago
Release 5.6.0 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by 2024
* This release makes ASN Template the default with ./configure, the previous ASN parsing can be built with --enable-asn=original
Release 5.6.0 of wolfSSL embedded TLS has bug fixes and new features including:
PubKey
and Key
PEM-to-DER APIs to support return of needed DER size-alg
list and block formatTLSX_SetResponse
NO_ASN_TIME
definedWOLFSSL_CHECK_ALERT_ON_ERR
Published by JacobBarthelmeh almost 2 years ago
WC_PENDING_E
with async. buildsHashObject
to be excluded for WOLFCRYPT_ONLY
EC_KEY_new_by_curve_name
to not create a key if the curve is not foundPublished by JacobBarthelmeh almost 2 years ago
Published by JacobBarthelmeh almost 2 years ago
Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:
Published by JacobBarthelmeh about 2 years ago
wc_SetCustomExtension
documentationProcessPeerCerts
Published by JacobBarthelmeh about 2 years ago
Note:
** If not free’ing FP_ECC caches per thread by calling wc_ecc_fp_free there is a possible memory leak during TLS 1.3 handshakes which use ECC. Users are urged to confirm they are free’ing FP_ECC caches per thread if enabled to avoid this issue.
Release 5.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
Published by JacobBarthelmeh over 2 years ago
Note:
** Future releases of wolfSSL will turn off TLS 1.1 by default
** Release 5.4.0 made SP math the default math implementation. To make an equivalent build as –disable-fastmath from previous versions of wolfSSL, now requires using the configure option –enable-heapmath instead.
Release 5.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
hashLen
WC_HW_WAIT_E
and sanitize leakFor additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html
Published by JacobBarthelmeh over 2 years ago
Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
--enable-ffmpeg
, FFMPEG is used for recording and converting video and audio (https://ffmpeg.org/)input
size in DecodeNsCertType
--enable-all
optionmcapi_test.c
to include the settings.h before crypto.hwc_EccPublicKeyToDer
to not overestimate the buffer size requiredwc_EccPublicKeyToDer
has enough output buffer space-A
Published by ejohnstown over 2 years ago
Release 5.2.0 of wolfSSL embedded TLS has bug fixes and new features including:
KEYGEN
option.Published by JacobBarthelmeh almost 3 years ago
Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix:
Published by JacobBarthelmeh almost 3 years ago
Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
Published by JacobBarthelmeh almost 3 years ago
Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
For additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html
Published by JacobBarthelmeh about 3 years ago
Release 4.8.1 of wolfSSL embedded TLS has an OCSP vulnerability fix:
Published by JacobBarthelmeh over 3 years ago
Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
Published by JacobBarthelmeh over 3 years ago
Release 4.7.0 of wolfSSL embedded TLS has bug fixes and new features including:
For additional vulnerability information visit the vulnerability page at
https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html