[457] | 1 | *** Description ***
|
---|
| 2 |
|
---|
| 3 | The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
|
---|
| 4 | library written in ANSI C and targeted for embedded, RTOS, and
|
---|
| 5 | resource-constrained environments - primarily because of its small size, speed,
|
---|
| 6 | and feature set. It is commonly used in standard operating environments as well
|
---|
| 7 | because of its royalty-free pricing and excellent cross platform support.
|
---|
| 8 | wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
|
---|
| 9 | levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
|
---|
| 10 | such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback
|
---|
| 11 | reports dramatically better performance when using wolfSSL over OpenSSL.
|
---|
| 12 |
|
---|
| 13 | wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
|
---|
| 14 | cryptography library have been FIPS 140-2 validated (Certificate #2425 and
|
---|
| 15 | certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ
|
---|
| 16 | (https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com
|
---|
| 17 |
|
---|
| 18 | *** Why choose wolfSSL? ***
|
---|
| 19 |
|
---|
| 20 | There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
|
---|
| 21 | the top reasons include size (typical footprint sizes range from 20-100 kB),
|
---|
| 22 | support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,
|
---|
| 23 | DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including
|
---|
| 24 | stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API
|
---|
| 25 | to ease porting into existing applications which have previously used the
|
---|
| 26 | OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL
|
---|
| 27 | manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
|
---|
| 28 |
|
---|
| 29 | *** Notes, Please read ***
|
---|
| 30 |
|
---|
| 31 | Note 1)
|
---|
| 32 | wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer
|
---|
| 33 | supports static key cipher suites with PSK, RSA, or ECDH. This means if you
|
---|
| 34 | plan to use TLS cipher suites you must enable DH (DH is on by default), or
|
---|
| 35 | enable ECC (ECC is on by default), or you must enable static key cipher suites
|
---|
| 36 | with
|
---|
| 37 |
|
---|
| 38 | WOLFSSL_STATIC_DH
|
---|
| 39 | WOLFSSL_STATIC_RSA
|
---|
| 40 | or
|
---|
| 41 | WOLFSSL_STATIC_PSK
|
---|
| 42 |
|
---|
| 43 | though static key cipher suites are deprecated and will be removed from future
|
---|
| 44 | versions of TLS. They also lower your security by removing PFS. Since current
|
---|
| 45 | NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
|
---|
| 46 | used in order to build with NTRU suites.
|
---|
| 47 |
|
---|
| 48 | When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
|
---|
| 49 | suites are available. You can remove this error by defining
|
---|
| 50 | WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not
|
---|
| 51 | using TLS cipher suites.
|
---|
| 52 |
|
---|
| 53 | Note 2)
|
---|
| 54 | wolfSSL takes a different approach to certificate verification than OpenSSL
|
---|
| 55 | does. The default policy for the client is to verify the server, this means
|
---|
| 56 | that if you don't load CAs to verify the server you'll get a connect error,
|
---|
| 57 | no signer error to confirm failure (-188).
|
---|
| 58 |
|
---|
| 59 | If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
|
---|
| 60 | verifying the server fails and reducing security you can do this by calling:
|
---|
| 61 |
|
---|
| 62 | wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
---|
| 63 |
|
---|
| 64 | before calling wolfSSL_new();. Though it's not recommended.
|
---|
| 65 |
|
---|
| 66 | Note 3)
|
---|
| 67 | The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
|
---|
| 68 | wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
|
---|
| 69 | NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
|
---|
| 70 | hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
|
---|
| 71 | should be used for the enum name.
|
---|
| 72 |
|
---|
| 73 | *** end Notes ***
|
---|
| 74 |
|
---|
| 75 |
|
---|
| 76 | # wolfSSL Release 4.4.0 (04/22/2020)
|
---|
| 77 |
|
---|
| 78 | If you have questions about this release, feel free to contact us on our
|
---|
| 79 | info@ address.
|
---|
| 80 |
|
---|
| 81 | Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
---|
| 82 |
|
---|
| 83 | ## New Feature Additions
|
---|
| 84 |
|
---|
| 85 | * Hexagon support.
|
---|
| 86 | * DSP builds to offload ECC verify operations.
|
---|
| 87 | * Certificate Manager callback support.
|
---|
| 88 | * New APIs for running updates to ChaCha20/Poly1305 AEAD.
|
---|
| 89 | * Support for use with Apache.
|
---|
| 90 | * Add support for IBM s390x.
|
---|
| 91 | * PKCS8 support for ED25519.
|
---|
| 92 | * OpenVPN support.
|
---|
| 93 | * Add P384 curve support to SP.
|
---|
| 94 | * Add BIO and EVP API.
|
---|
| 95 | * Add AES-OFB mode.
|
---|
| 96 | * Add AES-CFB mode.
|
---|
| 97 | * Add Curve448, X448, and Ed448.
|
---|
| 98 | * Add Renesas Synergy S7G2 build and hardware acceleration.
|
---|
| 99 |
|
---|
| 100 | ## Fixes
|
---|
| 101 |
|
---|
| 102 | * Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
|
---|
| 103 | * Correct misspellings.
|
---|
| 104 | * Secure renegotiation fix.
|
---|
| 105 | * Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
|
---|
| 106 | or shared secret.
|
---|
| 107 | * Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`.
|
---|
| 108 | * Fix the RSA verify only build.
|
---|
| 109 | * Fix in SP C implementation for small stack.
|
---|
| 110 | * Fix using the auth key id extension is set, hash might not be present.
|
---|
| 111 | * Fix when flattening certificate structure to include the subject alt names.
|
---|
| 112 | * Fixes for building with ECC sign/verify only.
|
---|
| 113 | * Fix for ECC and no cache resistance.
|
---|
| 114 | * Fix memory leak in DSA.
|
---|
| 115 | * Fix build on minGW.
|
---|
| 116 | * Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC.
|
---|
| 117 | * Fix for using RSA without SHA-512.
|
---|
| 118 | * Add some close tags to the echoserver HTTP example output.
|
---|
| 119 | * Miscellaneous fixes and updates for static analysis reports.
|
---|
| 120 | * Fixes for time structure support.
|
---|
| 121 | * Fixes for VxWorks support.
|
---|
| 122 | * Fixes for Async crypto support.
|
---|
| 123 | * Fix cache resist compile to work with SP C code.
|
---|
| 124 | * Fixes for Curve25519 x64 asm.
|
---|
| 125 | * Fix for SP x64 div.
|
---|
| 126 | * Fix for DTLS edge case where CCS and Finished come out of order and the
|
---|
| 127 | retransmit pool gets flushed.
|
---|
| 128 | * Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
|
---|
| 129 | * Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs
|
---|
| 130 | to initialize the Hmac structure. Type is set to NONE, and checked against
|
---|
| 131 | NONE, not 0.
|
---|
| 132 | * Fixes for SP RSA private operations.
|
---|
| 133 | * Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
|
---|
| 134 | * Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
|
---|
| 135 | * Fixes for building ECC without ASN.
|
---|
| 136 | * Fix for async TLSv1.3 issues.
|
---|
| 137 | * Fix `wc_KeyPemToDer()` with PKCS1 and empty key.
|
---|
| 138 | * Omit `-fomit-frame-pointer` from CFLAGS in configure.ac.
|
---|
| 139 |
|
---|
| 140 | ## Improvements/Optimizations
|
---|
| 141 |
|
---|
| 142 | * Qt 5.12 and 5.13 support.
|
---|
| 143 | * Added more digest types to Cryptocell RSA sign/verify.
|
---|
| 144 | * Some memory usage improvements.
|
---|
| 145 | * Speed improvements for mp_rand.
|
---|
| 146 | * Improvements to CRL and OCSP support.
|
---|
| 147 | * Refactor Poly1305 AEAD/MAC to reduce duplicate code.
|
---|
| 148 | * Add blinding to RSA key gen.
|
---|
| 149 | * Improvements to blinding.
|
---|
| 150 | * Improvement and expansion of OpenSSL Compatibility Layer.
|
---|
| 151 | * Improvements to ChaCha20.
|
---|
| 152 | * Improvements to X.509 processing.
|
---|
| 153 | * Improvements to ECC support.
|
---|
| 154 | * Improvement in detecting 64-bit support.
|
---|
| 155 | * Refactor to combine duplicate ECC parameter parsing code.
|
---|
| 156 | * Improve keyFormat to be set by algId and let later key parsing produce fail.
|
---|
| 157 | * Add test cases for 3072-bit and 4096-bit RSA keys.
|
---|
| 158 | * Improve signature wrapper and DH test cases.
|
---|
| 159 | * Improvements to the configure.ac script.
|
---|
| 160 | * Added constant time RSA q modinv p.
|
---|
| 161 | * Improve performance of SP Intel 64-bit asm.
|
---|
| 162 | * Added a few more functions to the ABI list.
|
---|
| 163 | * Improve TLS bidirectional shutdown behavior.
|
---|
| 164 | * OpenSSH 8.1 support.
|
---|
| 165 | * Improve performance of RSA/DH operations on x64.
|
---|
| 166 | * Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
|
---|
| 167 | * Example linker description for FIPS builds to enforce object ordering.
|
---|
| 168 | * C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
|
---|
| 169 | * Allow setting MTU in DTLS.
|
---|
| 170 | * Improve PKCS12 create for outputting encrypted bundles.
|
---|
| 171 | * Constant time EC map to affine for private operations.
|
---|
| 172 | * Improve performance of RSA public key ops with TFM.
|
---|
| 173 | * Smaller table version of AES encrypt/decrypt.
|
---|
| 174 | * Support IAR with position independent code (ROPI).
|
---|
| 175 | * Improve speed of AArch64 assembly.
|
---|
| 176 | * Support AES-CTR with AES-NI.
|
---|
| 177 | * Support AES-CTR on esp32.
|
---|
| 178 | * Add a no malloc option for small SP math.
|
---|
| 179 |
|
---|
| 180 | ## This release of wolfSSL includes fixes for 2 security vulnerabilities.
|
---|
| 181 |
|
---|
| 182 | * For fast math, use a constant time modular inverse when mapping to affine
|
---|
| 183 | when operation involves a private key - keygen, calc shared secret, sign.
|
---|
| 184 | Thank you to Alejandro Cabrera Aldaya, Cesar Pereida Garc鱈a and
|
---|
| 185 | Billy Bob Brumley from the Network and Information Security Group (NISEC)
|
---|
| 186 | at Tampere University for the report.
|
---|
| 187 |
|
---|
| 188 | * Change constant time and cache resistant ECC mulmod. Ensure points being
|
---|
| 189 | operated on change to make constant time. Thank you to Pietro Borrello at
|
---|
| 190 | Sapienza University of Rome.
|
---|
| 191 |
|
---|
| 192 | For additional vulnerability information visit the vulnerability page at
|
---|
| 193 | https://www.wolfssl.com/docs/security-vulnerabilities/
|
---|
| 194 |
|
---|
| 195 | See INSTALL file for build instructions.
|
---|
| 196 | More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
|
---|
| 197 |
|
---|
| 198 |
|
---|
| 199 |
|
---|
| 200 | *** Resources ***
|
---|
| 201 |
|
---|
| 202 |
|
---|
| 203 | [wolfSSL Website](https://www.wolfssl.com/)
|
---|
| 204 |
|
---|
| 205 | [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
|
---|
| 206 |
|
---|
| 207 | [FIPS FAQ](https://wolfssl.com/license/fips)
|
---|
| 208 |
|
---|
| 209 | [wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)
|
---|
| 210 |
|
---|
| 211 | [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
|
---|
| 212 |
|
---|
| 213 | [wolfSSL API Reference]
|
---|
| 214 | (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
|
---|
| 215 |
|
---|
| 216 | [wolfCrypt API Reference]
|
---|
| 217 | (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
|
---|
| 218 |
|
---|
| 219 | [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
|
---|
| 220 |
|
---|
| 221 | [wolfSSL Vulnerabilities]
|
---|
| 222 | (https://www.wolfssl.com/docs/security-vulnerabilities/)
|
---|