README 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212
  1. *** Description ***
  2. The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
  3. library written in ANSI C and targeted for embedded, RTOS, and
  4. resource-constrained environments - primarily because of its small size, speed,
  5. and feature set. It is commonly used in standard operating environments as well
  6. because of its royalty-free pricing and excellent cross platform support.
  7. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
  8. levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
  9. such as ChaCha20, Curve25519, and Blake2b. User benchmarking and feedback
  10. reports dramatically better performance when using wolfSSL over OpenSSL.
  11. wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
  12. cryptography library have been FIPS 140-2 validated (Certificate #2425 and
  13. certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ
  14. (https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com
  15. *** Why choose wolfSSL? ***
  16. There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
  17. the top reasons include size (typical footprint sizes range from 20-100 kB),
  18. support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,
  19. DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including
  20. stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API
  21. to ease porting into existing applications which have previously used the
  22. OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL
  23. manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
  24. *** Notes, Please read ***
  25. Note 1)
  26. wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer
  27. supports static key cipher suites with PSK, RSA, or ECDH. This means if you
  28. plan to use TLS cipher suites you must enable DH (DH is on by default), or
  29. enable ECC (ECC is on by default), or you must enable static key cipher suites
  30. with
  31. WOLFSSL_STATIC_DH
  32. WOLFSSL_STATIC_RSA
  33. or
  34. WOLFSSL_STATIC_PSK
  35. though static key cipher suites are deprecated and will be removed from future
  36. versions of TLS. They also lower your security by removing PFS.
  37. When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
  38. suites are available. You can remove this error by defining
  39. WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not
  40. using TLS cipher suites.
  41. Note 2)
  42. wolfSSL takes a different approach to certificate verification than OpenSSL
  43. does. The default policy for the client is to verify the server, this means
  44. that if you don't load CAs to verify the server you'll get a connect error,
  45. no signer error to confirm failure (-188).
  46. If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
  47. verifying the server fails and reducing security you can do this by calling:
  48. wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
  49. before calling wolfSSL_new();. Though it's not recommended.
  50. Note 3)
  51. The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
  52. wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
  53. NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
  54. hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
  55. should be used for the enum name.
  56. *** end Notes ***
  57. For additional vulnerability information visit the vulnerability page at
  58. https://www.wolfssl.com/docs/security-vulnerabilities/
  59. See INSTALL file for build instructions.
  60. More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
  61. # wolfSSL Release 5.1.1 (Jan 3rd, 2022)
  62. Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix:
  63. ### Vulnerabilities
  64. * \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used.
  65. # wolfSSL Release 5.1.0 (Dec 27, 2021)
  66. Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
  67. ### Vulnerabilities
  68. * \[Low\] Potential for DoS attack on a wolfSSL client due to processing hello packets of the incorrect side. This affects only connections using TLS v1.2 or less that have also been compromised by a man in the middle attack. Thanks to James Henderson, Mathy Vanhoef, Chris M. Stone, Sam L. Thomas, Nicolas Bailleut, and Tom Chothia (University of Birmingham, KU Leuven, ENS Rennes for the report.
  69. * \[Low\] Client side session resumption issue once the session resumption cache has been filled up. The hijacking of a session resumption has been demonstrated so far with only non verified peer connections. That is where the client is not verifying the server’s CA that it is connecting to. There is the potential though for other cases involving proxies that are verifying the server to be at risk, if using wolfSSL in a case involving proxies use wolfSSL_get1_session and then wolfSSL_SESSION_free when done where possible. If not adding in the session get/free function calls we recommend that users of wolfSSL that are resuming sessions update to the latest version (wolfSSL version 5.1.0 or later). Thanks to the UK's National Cyber Security Centre (NCSC) for the report.
  70. ### New Feature Additions
  71. ###### Ports
  72. * Curve25519 support with NXP SE050 added
  73. * Renesas RA6M4 support with SCE Protected Mode and FSP 3.5.0
  74. * Renesas TSIP 1.14 support for RX65N/RX72N
  75. ###### Post Quantum
  76. * Post quantum resistant algorithms used with Apache port
  77. * NIST round 3 FALCON Signature Scheme support added to TLS 1.3 connections
  78. * FALCON added to the benchmarking application
  79. * Testing of cURL with wolfSSL post quantum resistant build
  80. ###### Compatibility Layer Additions
  81. * Updated NGINX port to NGINX version 1.21.4
  82. * Updated Apache port to Apache version 2.4.51
  83. * Add support for SSL_OP_NO_TLSv1_2 flag with wolfSSL_CTX_set_options function
  84. * Support added for the functions
  85. - SSL_CTX_get_max_early_data
  86. - SSL_CTX_set_max_early_data
  87. - SSL_set_max_early_data
  88. - SSL_get_max_early_data
  89. - SSL_CTX_clear_mode
  90. - SSL_CONF_cmd_value_type
  91. - SSL_read_early_data
  92. - SSL_write_early_data
  93. ###### Misc.
  94. * Crypto callback support for AES-CCM added. A callback function can be registered and used instead of the default AES-CCM implementation in wolfSSL.
  95. * Added AES-OFB to the FIPS boundary for future FIPS validations.
  96. * Add support for custom OIDs used with CSR (certificate signing request) generation using the macro WOLFSSL_CUSTOM_OID
  97. * Added HKDF extract callback function for use with TLS 1.3
  98. * Add variant from RFC6979 of deterministic ECC signing that can be enabled using the macro WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
  99. * Added the function wc_GetPubKeyDerFromCert to get the public key from a DecodedCert structure
  100. * Added the functions wc_InitDecodedCert, wc_ParseCert and wc_FreeDecodedCert for access to decoding a certificate into a DecodedCert structure
  101. * Added the macro WOLFSSL_ECC_NO_SMALL_STACK for hybrid builds where the numerous malloc/free with ECC is undesired but small stack use is desired throughout the rest of the library
  102. * Added the function wc_d2i_PKCS12_fp for reading a PKCS12 file and parsing it
  103. ### Fixes
  104. ###### PORT Fixes
  105. * Building with Android wpa_supplicant and KeyStore
  106. * Setting initial value of CA certificate with TSIP enabled
  107. * Cryptocell ECC build fix and fix with RSA disabled
  108. * IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
  109. ###### Math Library Fixes
  110. * Check return values on TFM library montgomery function in case the system runs out of memory. This resolves an edge case of invalid ECC signatures being created.
  111. * SP math library sanity check on size of values passed to sp_gcd.
  112. * SP math library sanity check on exponentiation by 0 with mod_exp
  113. * Update base ECC mp_sqrtmod_prime function to handle an edge case of zero
  114. * TFM math library with Intel MULX multiply fix for carry in assembly code
  115. ###### Misc.
  116. * Fix for potential heap buffer overflow with compatibility layer PEM parsing
  117. * Fix for edge memory leak case with an error encountered during TLS resumption
  118. * Fix for length on inner sequence created with wc_DhKeyToDer when handling small DH keys
  119. * Fix for sanity check on input argument to DSA sign and verify
  120. * Fix for setting of the return value with ASN1 integer get on an i386 device
  121. * Fix for BER to DER size checks with PKCS7 decryption
  122. * Fix for memory leak with PrintPubKeyEC function in compatibility layer
  123. * Edge case with deterministic ECC key generation when the private key has leading 0’s
  124. * Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined
  125. * Use page aligned memory with ECDSA signing and KCAPI
  126. * Skip expired sessions for TLS 1.3 rather than turning off the resume behavior
  127. * Fix for DTLS handling dropped or retransmitted messages
  128. ### Improvements/Optimizations
  129. ###### Build Options and Warnings
  130. * Bugfix: could not build with liboqs and without DH enabled
  131. * Build with macro NO_ECC_KEY_EXPORT fixed
  132. * Fix for building with the macro HAVE_ENCRYPT_THEN_MAC when session export is enabled
  133. * Building with wolfSentry and HAVE_EX_DATA macro set
  134. ###### Math Libraries
  135. * Improvement for performance with SP C implementation of montgomery reduction for ECC (P256 and P384) and SP ARM64 implementation for ECC (P384)
  136. * With SP math handle case of dividing by length of dividend
  137. * SP math improvement for lo/hi register names to be used with older GCC compilers
  138. ###### Misc.
  139. * ASN name constraints checking code refactor for better efficiency and readability
  140. * Refactor of compatibility layer stack free’ing calls to simplify and reduce code
  141. * Scrubbed code for trailing spaces, hard tabs, and any control characters
  142. * Explicit check that leaf certificate's public key type match cipher suite signature algorithm
  143. * Additional NULL sanity checks on WOLFSSL struct internally and improve switch statement fallthrough
  144. * Retain OCSP error value when CRL is enabled with certificate parsing
  145. * Update to NATIVE LwIP support for TCP use
  146. * Sanity check on PEM size when parsing a PEM with OpenSSL compatibility layer API.
  147. * SWIG wrapper was removed from the codebase in favor of dedicated Java and Python wrappers.
  148. * Updates to bundled example client for when to load the CA, handling print out of IP alt names, and printing out the peers certificate in PEM format
  149. * Handling BER encoded inner content type with PKCS7 verify
  150. * Checking for SOCKET_EPIPE errors from low level socket
  151. * Improvements to cleanup in the case that wolfSSL_Init fails
  152. * Update test and example certificates expiration dates
  153. *** Resources ***
  154. [wolfSSL Website](https://www.wolfssl.com/)
  155. [wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
  156. [FIPS FAQ](https://wolfssl.com/license/fips)
  157. [wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)
  158. [wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
  159. [wolfSSL API Reference]
  160. (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
  161. [wolfCrypt API Reference]
  162. (https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
  163. [TLS 1.3](https://www.wolfssl.com/docs/tls13/)
  164. [wolfSSL Vulnerabilities]
  165. (https://www.wolfssl.com/docs/security-vulnerabilities/)
  166. Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)