security/wolfssl: Update to v5.1.0
677f4c2bf26a
Actions

Description

security/wolfssl: Update to v5.1.0

Changes since v5.0.0:

wolfSSL Release 5.1.0 (Dec 27, 2021)

Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities

[Low] Potential for DoS attack on a wolfSSL client due to processing hello packets of the incorrect side. This affects only connections using TLS v1.2 or less that have also been compromised by a man in the middle attack. Thanks to James Henderson, Mathy Vanhoef, Chris M. Stone, Sam L. Thomas, Nicolas Bailleut, and Tom Chothia (University of Birmingham, KU Leuven, ENS Rennes for the report.
[Low] Client side session resumption issue once the session resumption cache has been filled up. The hijacking of a session resumption has been demonstrated so far with only non verified peer connections. That is where the client is not verifying the server’s CA that it is connecting to. There is the potential though for other cases involving proxies that are verifying the server to be at risk, if using wolfSSL in a case involving proxies use wolfSSL_get1_session and then wolfSSL_SESSION_free when done where possible. If not adding in the session get/free function calls we recommend that users of wolfSSL that are resuming sessions update to the latest version (wolfSSL version 5.1.0 or later). Thanks to the UK's National Cyber Security Centre (NCSC) for the report.

New Feature Additions
Ports

Post Quantum

Compatibility Layer Additions

Misc.

Crypto callback support for AES-CCM added. A callback function can be registered and used instead of the default AES-CCM implementation in wolfSSL.
Added AES-OFB to the FIPS boundary for future FIPS validations.
Add support for custom OIDs used with CSR (certificate signing request) generation using the macro WOLFSSL_CUSTOM_OID
Added HKDF extract callback function for use with TLS 1.3
Add variant from RFC6979 of deterministic ECC signing that can be enabled using the macro WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
Added the function wc_GetPubKeyDerFromCert to get the public key from a DecodedCert structure
Added the functions wc_InitDecodedCert, wc_ParseCert and wc_FreeDecodedCert for access to decoding a certificate into a DecodedCert structure
Added the macro WOLFSSL_ECC_NO_SMALL_STACK for hybrid builds where the numerous malloc/free with ECC is undesired but small stack use is desired throughout the rest of the library
Added the function wc_d2i_PKCS12_fp for reading a PKCS12 file and parsing it

Fixes
PORT Fixes

Building with Android wpa_supplicant and KeyStore
Setting initial value of CA certificate with TSIP enabled
Cryptocell ECC build fix and fix with RSA disabled
IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation

Math Library Fixes

Check return values on TFM library montgomery function in case the system runs out of memory. This resolves an edge case of invalid ECC signatures being created.
SP math library sanity check on size of values passed to sp_gcd.
SP math library sanity check on exponentiation by 0 with mod_exp
Update base ECC mp_sqrtmod_prime function to handle an edge case of zero
TFM math library with Intel MULX multiply fix for carry in assembly code

Misc.

Fix for potential heap buffer overflow with compatibility layer PEM parsing
Fix for edge memory leak case with an error encountered during TLS resumption
Fix for length on inner sequence created with wc_DhKeyToDer when handling small DH keys
Fix for sanity check on input argument to DSA sign and verify
Fix for setting of the return value with ASN1 integer get on an i386 device
Fix for BER to DER size checks with PKCS7 decryption
Fix for memory leak with PrintPubKeyEC function in compatibility layer
Edge case with deterministic ECC key generation when the private key has leading 0’s
Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
Use page aligned memory with ECDSA signing and KCAPI
Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
Fix for DTLS handling dropped or retransmitted messages

Improvements/Optimizations
Build Options and Warnings

Bugfix: could not build with liboqs and without DH enabled
Build with macro NO_ECC_KEY_EXPORT fixed
Fix for building with the macro HAVE_ENCRYPT_THEN_MAC when session export is enabled
Building with wolfSentry and HAVE_EX_DATA macro set

Math Libraries

Improvement for performance with SP C implementation of montgomery reduction for ECC (P256 and P384) and SP ARM64 implementation for ECC (P384)
With SP math handle case of dividing by length of dividend
SP math improvement for lo/hi register names to be used with older GCC compilers

Misc.

ASN name constraints checking code refactor for better efficiency and readability
Refactor of compatibility layer stack free’ing calls to simplify and reduce code
Scrubbed code for trailing spaces, hard tabs, and any control characters
Explicit check that leaf certificate's public key type match cipher suite signature algorithm
Additional NULL sanity checks on WOLFSSL struct internally and improve switch statement fallthrough
Retain OCSP error value when CRL is enabled with certificate parsing
Update to NATIVE LwIP support for TCP use
Sanity check on PEM size when parsing a PEM with OpenSSL compatibility layer API.
SWIG wrapper was removed from the codebase in favor of dedicated Java and Python wrappers.
Updates to bundled example client for when to load the CA, handling print out of IP alt names, and printing out the peers certificate in PEM format
Handling BER encoded inner content type with PKCS7 verify
Checking for SOCKET_EPIPE errors from low level socket
Improvements to cleanup in the case that wolfSSL_Init fails
Update test and example certificates expiration dates