Merge pull request #5765 from JacobBarthelmeh/release

update for version 5.5.3
2022-11-02 15:46:10 -07:00 · 2022-11-02 13:58:37 -07:00 · 2022-10-31 11:43:48 -06:00 · 2022-10-31 09:14:16 +10:00
9 changed files with 50 additions and 13 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,13 +28,13 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
     You must delete them, or cmake will refuse to work.")
 endif()

-project(wolfssl VERSION 5.5.2 LANGUAGES C ASM)
+project(wolfssl VERSION 5.5.3 LANGUAGES C ASM)

 # shared library versioning
 # increment if interfaces have been added, removed or changed
 set(LIBTOOL_CURRENT 37)
 # increment if source code has changed  set to zero if current is incremented
-set(LIBTOOL_REVISION 0)
+set(LIBTOOL_REVISION 1)
 # increment if interfaces have been added set to zero if interfaces have been
 # removed or changed
 set(LIBTOOL_AGE 2)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,12 @@
+# wolfSSL Release 5.5.3 (Nov 2, 2022)
+
+Release 5.5.3 of wolfSSL embedded TLS has the following bug fix:
+
+## Fixes
+
+* Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (https://github.com/wolfSSL/wolfssl/pull/5743) and fixed in pull request 5757 (https://github.com/wolfSSL/wolfssl/pull/5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL.
+
+
 # wolfSSL Release 5.5.2 (Oct 28, 2022)
 Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:

--- a/IDE/WIN10/wolfssl-fips.rc
+++ b/IDE/WIN10/wolfssl-fips.rc
@@ -51,8 +51,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 5,5,2,0
- PRODUCTVERSION 5,5,2,0
+ FILEVERSION 5,5,3,0
+ PRODUCTVERSION 5,5,3,0
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
        BEGIN
            VALUE "CompanyName", "wolfSSL Inc."
            VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
-            VALUE "FileVersion", "5.5.2.0"
+            VALUE "FileVersion", "5.5.3.0"
            VALUE "InternalName", "wolfssl-fips"
            VALUE "LegalCopyright", "Copyright (C) 2022"
            VALUE "OriginalFilename", "wolfssl-fips.dll"
            VALUE "ProductName", "wolfSSL FIPS"
-            VALUE "ProductVersion", "5.5.2.0"
+            VALUE "ProductVersion", "5.5.3.0"
        END
    END
    BLOCK "VarFileInfo"
--- a/10
+++ b/10
@@ -70,6 +70,16 @@ should be used for the enum name.

 *** end Notes ***

+
+# wolfSSL Release 5.5.3 (Nov 2, 2022)
+
+Release 5.5.3 of wolfSSL embedded TLS has the following bug fix:
+
+## Fixes
+
+* Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (https://github.com/wolfSSL/wolfssl/pull/5743) and fixed in pull request 5757 (https://github.com/wolfSSL/wolfssl/pull/5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL.
+
+
 # wolfSSL Release 5.5.2 (Oct 28, 2022)
 Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:

--- a/README.md
+++ b/README.md
@@ -78,6 +78,16 @@ macro `NO_OLD_SHA_NAMES`. These names get mapped to the OpenSSL API for a
 single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` and
 `WC_SHA512` should be used for the enum name.

+
+# wolfSSL Release 5.5.3 (Nov 2, 2022)
+
+Release 5.5.3 of wolfSSL embedded TLS has the following bug fix:
+
+## Fixes
+
+* Fix for possible buffer zeroization overrun introduced at the end of v5.5.2 release cycle in GitHub pull request 5743 (https://github.com/wolfSSL/wolfssl/pull/5743) and fixed in pull request 5757 (https://github.com/wolfSSL/wolfssl/pull/5757). In the case where a specific memory allocation failed or a hardware fault happened there was the potential for an overrun of 0’s when masking the buffer used for (D)TLS 1.2 and lower operations. (D)TLS 1.3 only and crypto only users are not affected by the issue. This is not related in any way to recent issues reported in OpenSSL.
+
+
 # wolfSSL Release 5.5.2 (Oct 28, 2022)
 Release 5.5.2 of wolfSSL embedded TLS has bug fixes and new features including:

--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@
 #
 AC_COPYRIGHT([Copyright (C) 2006-2020 wolfSSL Inc.])
 AC_PREREQ([2.69])
-AC_INIT([wolfssl],[5.5.2],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
+AC_INIT([wolfssl],[5.5.3],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com])
 AC_CONFIG_AUX_DIR([build-aux])

 # The following sets CFLAGS to empty if unset on command line.  We do not
@@ -45,8 +45,8 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS])
 # these numbers don't always line up nicely with the library version.
 WOLFSSL_LIBRARY_VERSION_FIRST=35
 WOLFSSL_LIBRARY_VERSION_SECOND=2
-WOLFSSL_LIBRARY_VERSION_THIRD=0
-WOLFSSL_LIBRARY_VERSION=37:0:2
+WOLFSSL_LIBRARY_VERSION_THIRD=1
+WOLFSSL_LIBRARY_VERSION=37:1:2
 #                        | | |
 #                 +------+ | +---+
 #                 |        |     |
--- a/src/internal.c
+++ b/src/internal.c
@@ -20813,8 +20813,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
            #endif
                {
                    /* Zeroize plaintext. */
-                    ForceZero(output + args->headerSz,
-                        (word16)(args->size - args->digestSz));
+            #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
+                    if (ssl->options.startedETMWrite) {
+                        ForceZero(output + args->headerSz,
+                            (word16)(args->size - args->digestSz));
+                    }
+                    else
+            #endif
+                    {
+                        ForceZero(output + args->headerSz, (word16)args->size);
+                    }
                }
                goto exit_buildmsg;
            }
--- a/wolfssl.rc
+++ b/wolfssl.rc
--- a/wolfssl/version.h
+++ b/wolfssl/version.h
@@ -28,8 +28,8 @@
 extern "C" {
 #endif

-#define LIBWOLFSSL_VERSION_STRING "5.5.2"
-#define LIBWOLFSSL_VERSION_HEX 0x05005002
+#define LIBWOLFSSL_VERSION_STRING "5.5.3"
+#define LIBWOLFSSL_VERSION_HEX 0x05005003

 #ifdef __cplusplus
 }
Author	SHA1	Message	Date
David Garske	a7635da9e6	Merge pull request #5765 from JacobBarthelmeh/release update for version 5.5.3	2022-11-02 15:46:10 -07:00
JacobBarthelmeh	9b895b74bf	update for version 5.5.3	2022-11-02 13:58:37 -07:00
JacobBarthelmeh	502a395723	Merge pull request #5757 from SparkiDev/enc_err_forcezero_fix ForceZero fix: encryption fail and not EtM	2022-10-31 11:43:48 -06:00
Sean Parkinson	4efba8f437	ForceZero fix: encryption fail and not EtM Zeroizing of plaintext on encryption failure will use wrong size when not using Encrypt-then-MAC. Size may go negative and cast to unsigned.	2022-10-31 09:14:16 +10:00