diff --git a/CMakeLists.txt b/CMakeLists.txt index 72e6550b5c..d0904181d3 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.7.4 LANGUAGES C ASM) +project(wolfssl VERSION 5.7.6 LANGUAGES C ASM) # Set WOLFSSL_ROOT if not already defined if ("${WOLFSSL_ROOT}" STREQUAL "") @@ -49,11 +49,11 @@ endif() # shared library versioning # increment if interfaces have been removed or changed -set(WOLFSSL_LIBRARY_VERSION_FIRST 42) +set(WOLFSSL_LIBRARY_VERSION_FIRST 43) # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -set(WOLFSSL_LIBRARY_VERSION_SECOND 3) +set(WOLFSSL_LIBRARY_VERSION_SECOND 0) # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or diff --git a/ChangeLog.md b/ChangeLog.md index a0585b3c26..0b32346c62 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,129 @@ +# wolfSSL Release 5.7.6 (Dec 31, 2024) + +Release 5.7.6 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## Vulnerabilities +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) + + +## New Feature Additions +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) + + +## Enhancements and Optimizations +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) + + +## Fixes +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) + + # wolfSSL Release 5.7.4 (Oct 24, 2024) Release 5.7.4 has been developed according to wolfSSL's development and QA diff --git a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc index b85f44bb9a..5af27ac69b 100644 --- a/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc +++ b/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,4,0 - PRODUCTVERSION 5,7,4,0 + FILEVERSION 5,7,6,0 + PRODUCTVERSION 5,7,6,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.4.0" + VALUE "FileVersion", "5.7.6.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.4.0" + VALUE "ProductVersion", "5.7.6.0" END END BLOCK "VarFileInfo" diff --git a/IDE/WIN10/wolfssl-fips.rc b/IDE/WIN10/wolfssl-fips.rc index 86fe62d976..b6df7d1f39 100644 --- a/IDE/WIN10/wolfssl-fips.rc +++ b/IDE/WIN10/wolfssl-fips.rc @@ -51,8 +51,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,7,4,0 - PRODUCTVERSION 5,7,4,0 + FILEVERSION 5,7,6,0 + PRODUCTVERSION 5,7,6,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.7.4.0" + VALUE "FileVersion", "5.7.6.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2024" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.7.4.0" + VALUE "ProductVersion", "5.7.6.0" END END BLOCK "VarFileInfo" diff --git a/README b/README index 2b462bc517..47579ee3d4 100644 --- a/README +++ b/README @@ -70,198 +70,130 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.4 (Oct 24, 2024) +# wolfSSL Release 5.7.6 (Dec 31, 2024) -Release 5.7.4 has been developed according to wolfSSL's development and QA +Release 5.7.6 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low] When the OpenSSL compatibility layer is enabled, certificate - verification behaved differently in wolfSSL than OpenSSL, in the - X509_STORE_add_cert() and X509_STORE_load_locations() implementations. - Previously, in cases where an application explicitly loaded an intermediate - certificate, wolfSSL was verifying only up to that intermediate certificate, - rather than verifying up to the root CA. This only affects use cases where the - API is called directly, and does not affect TLS connections. Users that call - the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their - applications are recommended to update the version of wolfSSL used or to have - additional sanity checks on certificates loaded into the X509_STORE when - verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) - - -## PQC TLS Experimental Build Fix -* When using TLS with post quantum algorithms enabled, the connection uses a - smaller EC curve than agreed on. Users building with --enable-experimental and - enabling PQC cipher suites with TLS connections are recommended to update the - version of wolfSSL used. Thanks to Daniel Correa for the report. - (https://github.com/wolfSSL/wolfssl/pull/8084) +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) ## New Feature Additions -* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, - Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) -* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) -* Add support for (DevkitPro)libnds (PR 7990) -* Add port for Mosquitto OSP (Open Source Project) (PR 6460) -* Add port for init sssd (PR 7781) -* Add port for eXosip2 (PR 7648) -* Add support for STM32G4 (PR 7997) -* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback - Support (PR 7777) -* Add support for building wolfSSL to be used in libspdm (PR 7869) -* Add port for use with Nucleus Plus 2.3 (PR 7732) -* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with - --enable-acert (PR 7926) -* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS - (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). - (PR 7750) -* Added “new” and “delete” style functions for heap/pool allocation and freeing - of low level crypto structures (PR 3166 and 8089) +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) ## Enhancements and Optimizations -* Increase default max alt. names from 128 to 1024 (PR 7762) -* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) -* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) -* Add option to disable cryptocb test software test using - --disable-cryptocb-sw-test (PR 7862) -* Add a call to certificate verify callback before checking certificate dates - (PR 7895) -* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding - support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and - Hashing (PR 3166) -* Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) -* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) -* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) -* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) -* Added support for wolfSSL to be used as the default TLS in the zephyr kernel - (PR 7731) -* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) -* Renesas RX TSIP ECDSA support (PR 7685) -* Support DTLS1.3 downgrade when the server supports CID (PR 7841) -* Server-side checks OCSP even if it uses v2 multi (PR 7828) -* Add handling of absent hash params in PKCS7 bundle parsing and creation - (PR 7845) -* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in - environments that do not have a word64 type (PR 7759) -* Update to the maxq10xx support (PR 7824) -* Add support for parsing over optional PKCS8 attributes (PR 7944) -* Add support for either side method with DTLS 1.3 (PR 8012) -* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) -* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) -* Add left-most wildcard matching support to X509_check_host() (PR 7966) -* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) -* Building wolfSSL as a library with Ada and corrections to Alire manifest - (PR 7303,7940) -* Renesas RX72N support updated (PR 7849) -* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object - (PR 8005) -* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each - SSL object (PR 7867) -* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. - Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) -* Memory usage improvements in wc_PRF, sha256 (for small code when many - registers are available) and sp_int objects (PR 7901) -* Change in the configure script to work around ">>" with no command. In older - /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) -* Don't attempt to include system headers when not required (PR 7813) -* Certificates: DER encoding of ECC signature algorithm parameter is now - allowed to be NULL with a define (PR 7903) -* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) -* Update rx64n support on gr-rose (PR 7889) -* Update FSP version to v5.4.0 for RA6M4 (PR 7994) -* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) -* Add a new crypto callback for RSA with padding (PR 7907) -* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA - (PR 7924) -* Modernized memory fence support for C11 and clang (PR 7938) -* Add a CRL error override callback (PR 7986) -* Extend the X509 unknown extension callback for use with a user context - (PR 7730) -* Additional debug error tracing added with TLS (PR 7917) -* Added runtime support for library call stack traces with - –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) -* Expanded C89 conformance (PR 8077) -* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) -* Added support for cross-compilation of Linux kernel module (PR 7746) -* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) -* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a - serial number of 0 (PR 7893) -* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) - -### Espressif / Arduino Updates -* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) -* Update Espressif sha, util, mem, time helpers (PR 7955) -* Espressif _thread_local_start and _thread_local_end fix (PR 8030) -* Improve benchmark for Espressif devices (PR 8037) -* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) -* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF - (PR 7936) -* Update wolfssl Release for Arduino (PR 7775) - -### Post Quantum Crypto Updates -* Dilithium: support fixed size arrays in dilithium_key (PR 7727) -* Dilithium: add option to use precalc with small sign (PR 7744) -* Allow Kyber to be built with FIPS (PR 7788) -* Allow Kyber asm to be used in the Linux kernel module (PR 7872) -* Dilithium, Kyber: Update to final specification (PR 7877) -* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) - -### ARM Assembly Optimizations -* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) -* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) -* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) -* Adding ARM ASM build option to STM32CubePack (PR 7747) -* Add ARM64 to Visual Studio Project (PR 8010) -* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) -* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) ## Fixes -* ECC key load: fixes for certificates with parameters that are not default for - size (PR 7751) -* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) -* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret - (PR 7812) -* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) -* Fix for detecting older versions of Mac OS when trying to link with - libdispatch (PR 7932) -* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake - packets combined into a single transmission. (PR 7840) -* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest - (PR 7779) -* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) -* Fix for staticmemory and singlethreaded build (PR 7737) -* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) -* Fix to support PKCS11 without RSA key generation (PR 7738) -* Fix not calling the signing callback when using PK callbacks + TLS 1.3 - (PR 7761) -* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) -* Fix with PKCS11 to iterate correctly over slotId (PR 7736) -* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) -* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value - (PR 7742) -* Use max key length for PSK encrypt buffer size (PR 7707) -* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) -* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) -* Fix CMake build error for curl builds (PR 8021) -* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) -* SSL loading of keys/certs: testing and fixes (PR 7789) -* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) -* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) -* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) -* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) -* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member - (PR 8099) - +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) For additional vulnerability information visit the vulnerability page at: diff --git a/README.md b/README.md index 11f82fb357..2b6fdae5f0 100644 --- a/README.md +++ b/README.md @@ -75,197 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.4 (Oct 24, 2024) +# wolfSSL Release 5.7.6 (Dec 31, 2024) -Release 5.7.4 has been developed according to wolfSSL's development and QA +Release 5.7.6 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 +NOTE: + * --enable-heapmath is deprecated. + * In this release, the default cipher suite preference is updated to prioritize + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled. + * This release adds a sanity check for including wolfssl/options.h or + user_settings.h. + PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low] When the OpenSSL compatibility layer is enabled, certificate - verification behaved differently in wolfSSL than OpenSSL, in the - X509_STORE_add_cert() and X509_STORE_load_locations() implementations. - Previously, in cases where an application explicitly loaded an intermediate - certificate, wolfSSL was verifying only up to that intermediate certificate, - rather than verifying up to the root CA. This only affects use cases where the - API is called directly, and does not affect TLS connections. Users that call - the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their - applications are recommended to update the version of wolfSSL used or to have - additional sanity checks on certificates loaded into the X509_STORE when - verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) - - -## PQC TLS Experimental Build Fix -* When using TLS with post quantum algorithms enabled, the connection uses a - smaller EC curve than agreed on. Users building with --enable-experimental and - enabling PQC cipher suites with TLS connections are recommended to update the - version of wolfSSL used. Thanks to Daniel Correa for the report. - (https://github.com/wolfSSL/wolfssl/pull/8084) +* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4 + when performing OCSP requests for intermediate certificates in a certificate + chain. This affects only TLS 1.3 connections on the server side. It would not + impact other TLS protocol versions or connections that are not using the + traditional OCSP implementation. (Fix in pull request 8115) ## New Feature Additions -* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, - Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) -* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) -* Add support for (DevkitPro)libnds (PR 7990) -* Add port for Mosquitto OSP (Open Source Project) (PR 6460) -* Add port for init sssd (PR 7781) -* Add port for eXosip2 (PR 7648) -* Add support for STM32G4 (PR 7997) -* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback - Support (PR 7777) -* Add support for building wolfSSL to be used in libspdm (PR 7869) -* Add port for use with Nucleus Plus 2.3 (PR 7732) -* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with - --enable-acert (PR 7926) -* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS - (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). - (PR 7750) -* Added “new” and “delete” style functions for heap/pool allocation and freeing - of low level crypto structures (PR 3166 and 8089) +* Add support for RP2350 and improve RP2040 support, both with RNG optimizations + (PR 8153) +* Add support for STM32MP135F, including STM32CubeIDE support and HAL support + for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241) +* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122) +* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205) +* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and + wc_Curve25519KeyDecode (PR 8129) +* CRL improvements and update callback, added the functions + wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006) +* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224) ## Enhancements and Optimizations -* Increase default max alt. names from 128 to 1024 (PR 7762) -* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) -* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) -* Add option to disable cryptocb test software test using - --disable-cryptocb-sw-test (PR 7862) -* Add a call to certificate verify callback before checking certificate dates - (PR 7895) -* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding - support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and - Hashing (PR 3166) -* Expand MMCAU support for use with DES ECB (PR 7960) -* Update AES SIV to handle multiple associated data inputs (PR 7911) -* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) -* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) -* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) -* Added support for wolfSSL to be used as the default TLS in the zephyr kernel - (PR 7731) -* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) -* Renesas RX TSIP ECDSA support (PR 7685) -* Support DTLS1.3 downgrade when the server supports CID (PR 7841) -* Server-side checks OCSP even if it uses v2 multi (PR 7828) -* Add handling of absent hash params in PKCS7 bundle parsing and creation - (PR 7845) -* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in - environments that do not have a word64 type (PR 7759) -* Update to the maxq10xx support (PR 7824) -* Add support for parsing over optional PKCS8 attributes (PR 7944) -* Add support for either side method with DTLS 1.3 (PR 8012) -* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) -* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) -* Add left-most wildcard matching support to X509_check_host() (PR 7966) -* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) -* Building wolfSSL as a library with Ada and corrections to Alire manifest - (PR 7303,7940) -* Renesas RX72N support updated (PR 7849) -* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object - (PR 8005) -* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each - SSL object (PR 7867) -* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. - Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) -* Memory usage improvements in wc_PRF, sha256 (for small code when many - registers are available) and sp_int objects (PR 7901) -* Change in the configure script to work around ">>" with no command. In older - /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) -* Don't attempt to include system headers when not required (PR 7813) -* Certificates: DER encoding of ECC signature algorithm parameter is now - allowed to be NULL with a define (PR 7903) -* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) -* Update rx64n support on gr-rose (PR 7889) -* Update FSP version to v5.4.0 for RA6M4 (PR 7994) -* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) -* Add a new crypto callback for RSA with padding (PR 7907) -* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA - (PR 7924) -* Modernized memory fence support for C11 and clang (PR 7938) -* Add a CRL error override callback (PR 7986) -* Extend the X509 unknown extension callback for use with a user context - (PR 7730) -* Additional debug error tracing added with TLS (PR 7917) -* Added runtime support for library call stack traces with - –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) -* Expanded C89 conformance (PR 8077) -* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) -* Added support for cross-compilation of Linux kernel module (PR 7746) -* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) -* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a - serial number of 0 (PR 7893) -* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) - -### Espressif / Arduino Updates -* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) -* Update Espressif sha, util, mem, time helpers (PR 7955) -* Espressif _thread_local_start and _thread_local_end fix (PR 8030) -* Improve benchmark for Espressif devices (PR 8037) -* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) -* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF - (PR 7936) -* Update wolfssl Release for Arduino (PR 7775) - -### Post Quantum Crypto Updates -* Dilithium: support fixed size arrays in dilithium_key (PR 7727) -* Dilithium: add option to use precalc with small sign (PR 7744) -* Allow Kyber to be built with FIPS (PR 7788) -* Allow Kyber asm to be used in the Linux kernel module (PR 7872) -* Dilithium, Kyber: Update to final specification (PR 7877) -* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) - -### ARM Assembly Optimizations -* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) -* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) -* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) -* Adding ARM ASM build option to STM32CubePack (PR 7747) -* Add ARM64 to Visual Studio Project (PR 8010) -* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) -* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) +* Add a CMake dependency check for pthreads when required. (PR 8162) +* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary + not affected). (PR 8170) +* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283) +* Change the default cipher suite preference, prioritizing + TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771) +* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling + (PR 8215) +* Make library build when no hardware crypto available for Aarch64 (PR 8293) +* Update assembly code to avoid `uint*_t` types for better compatibility with + older C standards. (PR 8133) +* Add initial documentation for writing ASN template code to decode BER/DER. + (PR 8120) +* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276) +* Allow SHA-3 hardware cryptography instructions to be explicitly not used in + MacOS builds (PR 8282) +* Make Kyber and ML-KEM available individually and together. (PR 8143) +* Update configuration options to include Kyber/ML-KEM and fix defines used in + wolfSSL_get_curve_name. (PR 8183) +* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149) +* Improved test coverage and minor improvements of X509 (PR 8176) +* Add sanity checks for configuration methods, ensuring the inclusion of + wolfssl/options.h or user_settings.h. (PR 8262) +* Enable support for building without TLS (NO_TLS). Provides reduced code size + option for non-TLS users who want features like the certificate manager or + compatibility layer. (PR 8273) +* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258) +* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177) +* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267) +* Add support for the RFC822 Mailbox attribute (PR 8280) +* Initialize variables and adjust types resolve warnings with Visual Studio in + Windows builds. (PR 8181) +* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230) +* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests + (PR 8261, 8255, 8245) +* Remove trailing error exit code in wolfSSL install setup script (PR 8189) +* Update Arduino files for wolfssl 5.7.4 (PR 8219) +* Improve Espressif SHA HW/SW mutex messages (PR 8225) +* Apply post-5.7.4 release updates for Espressif Managed Component examples + (PR 8251) +* Expansion of c89 conformance (PR 8164) +* Added configure option for additional sanity checks with --enable-faultharden + (PR 8289) +* Aarch64 ASM additions to check CPU features before hardware crypto instruction + use (PR 8314) ## Fixes -* ECC key load: fixes for certificates with parameters that are not default for - size (PR 7751) -* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) -* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret - (PR 7812) -* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) -* Fix for detecting older versions of Mac OS when trying to link with - libdispatch (PR 7932) -* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake - packets combined into a single transmission. (PR 7840) -* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest - (PR 7779) -* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) -* Fix for staticmemory and singlethreaded build (PR 7737) -* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) -* Fix to support PKCS11 without RSA key generation (PR 7738) -* Fix not calling the signing callback when using PK callbacks + TLS 1.3 - (PR 7761) -* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) -* Fix with PKCS11 to iterate correctly over slotId (PR 7736) -* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) -* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value - (PR 7742) -* Use max key length for PSK encrypt buffer size (PR 7707) -* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) -* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) -* Fix CMake build error for curl builds (PR 8021) -* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) -* SSL loading of keys/certs: testing and fixes (PR 7789) -* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) -* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) -* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) -* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) -* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member - (PR 8099) +* Fix a memory issue when using the compatibility layer with + WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155) +* Fix a build issue with signature fault hardening when using public key + callbacks (HAVE_PK_CALLBACKS). (PR 8287) +* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX + objects and free’ing one of them (PR 8180) +* Fix potential memory leak in error case with Aria. (PR 8268) +* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256) +* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294) +* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275) +* Fix incorrect version setting in CSRs. (PR 8136) +* Correct debugging output for cryptodev. (PR 8202) +* Fix for benchmark application use with /dev/crypto GMAC auth error due to size + of AAD (PR 8210) +* Add missing checks for the initialization of sp_int/mp_int with DSA to free + memory properly in error cases. (PR 8209) +* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252) +* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101) +* Prevent adding a certificate to the CA cache for Renesas builds if it does not + set CA:TRUE in basic constraints. (PR 8060) +* Fix attribute certificate holder entityName parsing. (PR 8166) +* Resolve build issues for configurations without any wolfSSL/openssl + compatibility layer headers. (PR 8182) +* Fix for building SP RSA small and RSA public only (PR 8235) +* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206) +* Fix to ensure all files have settings.h included (like wc_lms.c) and guards + for building all `*.c` files (PR 8257 and PR 8140) +* Fix x86 target build issues in Visual Studio for non-Windows operating + systems. (PR 8098) +* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226) +* Properly handle reference counting when adding to the X509 store. (PR 8233) +* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas + example. Thanks to Hongbo for the report on example issues. (PR 7537) +* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey. + Thanks to Peter for the issue reported. (PR 8139) + For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/configure.ac b/configure.ac index 492e2ba353..ce36e38ebd 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ # AC_COPYRIGHT([Copyright (C) 2006-2024 wolfSSL Inc.]) AC_PREREQ([2.69]) -AC_INIT([wolfssl],[5.7.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) +AC_INIT([wolfssl],[5.7.6],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # Inhibit unwanted regeneration of autotools artifacts by Makefile. @@ -50,11 +50,11 @@ AC_SUBST([WOLFSSL_CONFIG_ARGS]) # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately # increment if interfaces have been removed or changed -WOLFSSL_LIBRARY_VERSION_FIRST=42 +WOLFSSL_LIBRARY_VERSION_FIRST=43 # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -WOLFSSL_LIBRARY_VERSION_SECOND=3 +WOLFSSL_LIBRARY_VERSION_SECOND=0 # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or diff --git a/wolfssl.rc b/wolfssl.rc index fde2703ded..b9d1537e26 100644 Binary files a/wolfssl.rc and b/wolfssl.rc differ diff --git a/wolfssl/version.h b/wolfssl/version.h index b4942384fe..d7a1985bcd 100644 --- a/wolfssl/version.h +++ b/wolfssl/version.h @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.4" -#define LIBWOLFSSL_VERSION_HEX 0x05007004 +#define LIBWOLFSSL_VERSION_STRING "5.7.6" +#define LIBWOLFSSL_VERSION_HEX 0x05007006 #ifdef __cplusplus } diff --git a/wrapper/Ada/alire.toml b/wrapper/Ada/alire.toml index b08ccb7e85..0334e4a119 100644 --- a/wrapper/Ada/alire.toml +++ b/wrapper/Ada/alire.toml @@ -1,6 +1,6 @@ name = "wolfssl" description = "WolfSSL encryption library and its Ada bindings" -version = "5.7.4" +version = "5.7.6" authors = ["WolfSSL Team "] maintainers = ["Fernando Oleo Blanco "]