Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 8 Aug 2022 16:28:41 +0200
From: Fabian Keil <freebsd-listen@...iankeil.de>
To: oss-security@...ts.openwall.com
Subject: wolfSSL 5.4.0 fixes CVE-2022-34293 and other issues

Looks like wolfSSL 5.4.0 has been released weeks ago but I only
became aware of it today thanks to the FreeBSD ports commit mail [0].

According to the package status on the GitHub page [1] others projects
haven't imported the update yet either.

Quoting the project page:
| The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight
| SSL/TLS library written in ANSI C and targeted for embedded, RTOS,
| and resource-constrained environments - primarily because of its
| small size, speed, and feature set. It is commonly used in standard
| operating environments as well because of its royalty-free pricing
| and excellent cross platform support.

Quoting the commit message:
| Release 5.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
| Vulnerabilities
|
| * [High] Potential for DTLS DoS attack. In wolfSSL versions before 5.4.0 the
|   return-routability check is wrongly skipped in a specific edge case. The check
|   on the return-routability is there for stopping attacks that either consume
|   excessive resources on the server, or try to use the server as an amplifier
|   sending an excessive amount of messages to a victim IP. If using DTLS 1.0/1.2
|   on the server side users should update to avoid the potential DoS
|   attack. CVE-2022-34293
| * [Medium] Ciphertext side channel attack on ECC and DH operations. Users on
|   systems where rogue agents can monitor memory use should update the version of
|   wolfSSL and change private ECC keys. Thanks to Sen Deng from Southern
|   University of Science and Technology (SUSTech) for the report.
| * [Medium] Public disclosure of a side channel vulnerability that has been fixed
|   since wolfSSL version 5.1.0. When running on AMD there is the potential to
|   leak private key information with ECDSA operations due to a ciphertext side
|   channel attack. Users on AMD doing ECDSA operations with wolfSSL versions less
|   than 5.1.0 should update their wolfSSL version used. Thanks to professor
|   Yinqian Zhang from Southern University of Science and Technology (SUSTech),
|   his Ph.D. student Mengyuan Li from The Ohio State University, and his M.S
|   students Sen Deng and Yining Tang from SUStech along with other collaborators;
|   Luca Wilke, Jan Wichelmann and Professor Thomas Eisenbarth from the University
|   of Lubeck, Professor Shuai Wang from Hong Kong University of Science and
|   Technology, Professor Radu Teodorescu from The Ohio State University, Huibo
|   Wang, Kang Li and Yueqiang Cheng from Baidu Security and Shoumeng Yang from
|   Ant Financial Services Group.
| CVE-2020-12966
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013
| CVE-2021-46744
| https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033

In somewhat related news I started collecting Privoxy TLS benchmarks using
various TLS libraries a while ago ([3]). WolfSSL appears to be competitive.

Fabian

[0] <https://cgit.freebsd.org/ports/commit/?id=4850ea1e3ca82f63f94654cf1b9790ec476bbb18>
[1] <https://github.com/wolfSSL/wolfssl/>
[2] <https://www.fabiankeil.de/gehacktes/privoxy-tls-benchmarks/>

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.