1 | *** Description ***
|
---|
2 |
|
---|
3 | The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
|
---|
4 | library written in ANSI C and targeted for embedded, RTOS, and
|
---|
5 | resource-constrained environments - primarily because of its small size, speed,
|
---|
6 | and feature set. It is commonly used in standard operating environments as well
|
---|
7 | because of its royalty-free pricing and excellent cross platform support.
|
---|
8 | wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
|
---|
9 | levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
|
---|
10 | such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback
|
---|
11 | reports dramatically better performance when using wolfSSL over OpenSSL.
|
---|
12 |
|
---|
13 | wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
|
---|
14 | cryptography library have been FIPS 140-2 validated (Certificate #2425 and
|
---|
15 | certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ
|
---|
16 | (https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com
|
---|
17 |
|
---|
18 | *** Why choose wolfSSL? ***
|
---|
19 |
|
---|
20 | There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
|
---|
21 | the top reasons include size (typical footprint sizes range from 20-100 kB),
|
---|
22 | support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,
|
---|
23 | DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including
|
---|
24 | stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API
|
---|
25 | to ease porting into existing applications which have previously used the
|
---|
26 | OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL
|
---|
27 | manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
|
---|
28 |
|
---|
29 | *** Notes, Please read ***
|
---|
30 |
|
---|
31 | Note 1)
|
---|
32 | wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer
|
---|
33 | supports static key cipher suites with PSK, RSA, or ECDH. This means if you
|
---|
34 | plan to use TLS cipher suites you must enable DH (DH is on by default), or
|
---|
35 | enable ECC (ECC is on by default), or you must enable static key cipher suites
|
---|
36 | with
|
---|
37 |
|
---|
38 | WOLFSSL_STATIC_DH
|
---|
39 | WOLFSSL_STATIC_RSA
|
---|
40 | or
|
---|
41 | WOLFSSL_STATIC_PSK
|
---|
42 |
|
---|
43 | though static key cipher suites are deprecated and will be removed from future
|
---|
44 | versions of TLS. They also lower your security by removing PFS. Since current
|
---|
45 | NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
|
---|
46 | used in order to build with NTRU suites.
|
---|
47 |
|
---|
48 | When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
|
---|
49 | suites are available. You can remove this error by defining
|
---|
50 | WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not
|
---|
51 | using TLS cipher suites.
|
---|
52 |
|
---|
53 | Note 2)
|
---|
54 | wolfSSL takes a different approach to certificate verification than OpenSSL
|
---|
55 | does. The default policy for the client is to verify the server, this means
|
---|
56 | that if you don't load CAs to verify the server you'll get a connect error,
|
---|
57 | no signer error to confirm failure (-188).
|
---|
58 |
|
---|
59 | If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
|
---|
60 | verifying the server fails and reducing security you can do this by calling:
|
---|
61 |
|
---|
62 | wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
---|
63 |
|
---|
64 | before calling wolfSSL_new();. Though it's not recommended.
|
---|
65 |
|
---|
66 | Note 3)
|
---|
67 | The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
|
---|
68 | wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
|
---|
69 | NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
|
---|
70 | hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
|
---|
71 | should be used for the enum name.
|
---|
72 |
|
---|
73 | *** end Notes ***
|
---|
74 |
|
---|
75 |
|
---|
76 | # wolfSSL Release 4.4.0 (04/22/2020)
|
---|
77 |
|
---|
78 | If you have questions about this release, feel free to contact us on our
|
---|
79 | info@ address.
|
---|
80 |
|
---|
81 | Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
|
---|
82 |
|
---|
83 | ## New Feature Additions
|
---|
84 |
|
---|
85 | * Hexagon support.
|
---|
86 | * DSP builds to offload ECC verify operations.
|
---|
87 | * Certificate Manager callback support.
|
---|
88 | * New APIs for running updates to ChaCha20/Poly1305 AEAD.
|
---|
89 | * Support for use with Apache.
|
---|
90 | * Add support for IBM s390x.
|
---|
91 | * PKCS8 support for ED25519.
|
---|
92 | * OpenVPN support.
|
---|
93 | * Add P384 curve support to SP.
|
---|
94 | * Add BIO and EVP API.
|
---|
95 | * Add AES-OFB mode.
|
---|
96 | * Add AES-CFB mode.
|
---|
97 | * Add Curve448, X448, and Ed448.
|
---|
98 | * Add Renesas Synergy S7G2 build and hardware acceleration.
|
---|
99 |
|
---|
100 | ## Fixes
|
---|
101 |
|
---|
102 | * Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
|
---|
103 | * Correct misspellings.
|
---|
104 | * Secure renegotiation fix.
|
---|
105 | * Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
|
---|
106 | or shared secret.
|
---|
107 | * Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`.
|
---|
108 | * Fix the RSA verify only build.
|
---|
109 | * Fix in SP C implementation for small stack.
|
---|
110 | * Fix using the auth key id extension is set, hash might not be present.
|
---|
111 | * Fix when flattening certificate structure to include the subject alt names.
|
---|
112 | * Fixes for building with ECC sign/verify only.
|
---|
113 | * Fix for ECC and no cache resistance.
|
---|
114 | * Fix memory leak in DSA.
|
---|
115 | * Fix build on minGW.
|
---|
116 | * Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC.
|
---|
117 | * Fix for using RSA without SHA-512.
|
---|
118 | * Add some close tags to the echoserver HTTP example output.
|
---|
119 | * Miscellaneous fixes and updates for static analysis reports.
|
---|
120 | * Fixes for time structure support.
|
---|
121 | * Fixes for VxWorks support.
|
---|
122 | * Fixes for Async crypto support.
|
---|
123 | * Fix cache resist compile to work with SP C code.
|
---|
124 | * Fixes for Curve25519 x64 asm.
|
---|
125 | * Fix for SP x64 div.
|
---|
126 | * Fix for DTLS edge case where CCS and Finished come out of order and the
|
---|
127 | retransmit pool gets flushed.
|
---|
128 | * Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
|
---|
129 | * Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs
|
---|
130 | to initialize the Hmac structure. Type is set to NONE, and checked against
|
---|
131 | NONE, not 0.
|
---|
132 | * Fixes for SP RSA private operations.
|
---|
133 | * Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
|
---|
134 | * Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
|
---|
135 | * Fixes for building ECC without ASN.
|
---|
136 | * Fix for async TLSv1.3 issues.
|
---|
137 | * Fix `wc_KeyPemToDer()` with PKCS1 and empty key.
|
---|
138 | * Omit `-fomit-frame-pointer` from CFLAGS in configure.ac.
|
---|
139 |
|
---|
140 | ## Improvements/Optimizations
|
---|
141 |
|
---|
142 | * Qt 5.12 and 5.13 support.
|
---|
143 | * Added more digest types to Cryptocell RSA sign/verify.
|
---|
144 | * Some memory usage improvements.
|
---|
145 | * Speed improvements for mp_rand.
|
---|
146 | * Improvements to CRL and OCSP support.
|
---|
147 | * Refactor Poly1305 AEAD/MAC to reduce duplicate code.
|
---|
148 | * Add blinding to RSA key gen.
|
---|
149 | * Improvements to blinding.
|
---|
150 | * Improvement and expansion of OpenSSL Compatibility Layer.
|
---|
151 | * Improvements to ChaCha20.
|
---|
152 | * Improvements to X.509 processing.
|
---|
153 | * Improvements to ECC support.
|
---|
154 | * Improvement in detecting 64-bit support.
|
---|
155 | * Refactor to combine duplicate ECC parameter parsing code.
|
---|
156 | * Improve keyFormat to be set by algId and let later key parsing produce fail.
|
---|
157 | * Add test cases for 3072-bit and 4096-bit RSA keys.
|
---|
158 | * Improve signature wrapper and DH test cases.
|
---|
159 | * Improvements to the configure.ac script.
|
---|
160 | * Added constant time RSA q modinv p.
|
---|
161 | * Improve performance of SP Intel 64-bit asm.
|
---|
162 | * Added a few more functions to the ABI list.
|
---|
163 | * Improve TLS bidirectional shutdown behavior.
|
---|
164 | * OpenSSH 8.1 support.
|
---|
165 | * Improve performance of RSA/DH operations on x64.
|
---|
166 | * Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
|
---|
167 | * Example linker description for FIPS builds to enforce object ordering.
|
---|
168 | * C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
|
---|
169 | * Allow setting MTU in DTLS.
|
---|
170 | * Improve PKCS12 create for outputting encrypted bundles.
|
---|
171 | * Constant time EC map to affine for private operations.
|
---|
172 | * Improve performance of RSA public key ops with TFM.
|
---|
173 | * Smaller table version of AES encrypt/decrypt.
|
---|
174 | * Support IAR with position independent code (ROPI).
|
---|
175 | * Improve speed of AArch64 assembly.
|
---|
176 | * Support AES-CTR with AES-NI.
|
---|
177 | * Support AES-CTR on esp32.
|
---|
178 | * Add a no malloc option for small SP math.
|
---|
179 |
|
---|
180 | ## This release of wolfSSL includes fixes for 2 security vulnerabilities.
|
---|
181 |
|
---|
182 | * For fast math, use a constant time modular inverse when mapping to affine
|
---|
183 | when operation involves a private key - keygen, calc shared secret, sign.
|
---|
184 | Thank you to Alejandro Cabrera Aldaya, Cesar Pereida Garc鱈a and
|
---|
185 | Billy Bob Brumley from the Network and Information Security Group (NISEC)
|
---|
186 | at Tampere University for the report.
|
---|
187 |
|
---|
188 | * Change constant time and cache resistant ECC mulmod. Ensure points being
|
---|
189 | operated on change to make constant time. Thank you to Pietro Borrello at
|
---|
190 | Sapienza University of Rome.
|
---|
191 |
|
---|
192 | For additional vulnerability information visit the vulnerability page at
|
---|
193 | https://www.wolfssl.com/docs/security-vulnerabilities/
|
---|
194 |
|
---|
195 | See INSTALL file for build instructions.
|
---|
196 | More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
|
---|
197 |
|
---|
198 |
|
---|
199 |
|
---|
200 | *** Resources ***
|
---|
201 |
|
---|
202 |
|
---|
203 | [wolfSSL Website](https://www.wolfssl.com/)
|
---|
204 |
|
---|
205 | [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
|
---|
206 |
|
---|
207 | [FIPS FAQ](https://wolfssl.com/license/fips)
|
---|
208 |
|
---|
209 | [wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)
|
---|
210 |
|
---|
211 | [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
|
---|
212 |
|
---|
213 | [wolfSSL API Reference]
|
---|
214 | (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
|
---|
215 |
|
---|
216 | [wolfCrypt API Reference]
|
---|
217 | (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
|
---|
218 |
|
---|
219 | [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
|
---|
220 |
|
---|
221 | [wolfSSL Vulnerabilities]
|
---|
222 | (https://www.wolfssl.com/docs/security-vulnerabilities/)
|
---|