1
0

README 44 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202
  1. *** Notes, Please read ***
  2. Note 1)
  3. wolfSSL now needs all examples and tests to be run from the wolfSSL home
  4. directory. This is because it finds certs and keys from ./certs/. Trying to
  5. maintain the ability to run each program from its own directory, the testsuite
  6. directory, the main directory (for make check/test), and for the various
  7. different project layouts (with or without config) was becoming harder and
  8. harder. Now to run testsuite just do:
  9. ./testsuite/testsuite
  10. or
  11. make check (when using autoconf)
  12. On *nix or Windows the examples and testsuite will check to see if the current
  13. directory is the source directory and if so, attempt to change to the wolfSSL
  14. home directory. This should work in most setup cases, if not, just follow the
  15. beginning of the note and specify the full path.
  16. Note 2)
  17. wolfSSL takes a different approach to certificate verification than OpenSSL
  18. does. The default policy for the client is to verify the server, this means
  19. that if you don't load CAs to verify the server you'll get a connect error,
  20. no signer error to confirm failure (-188).
  21. If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
  22. verifying the server fails and reducing security you can do this by calling:
  23. wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
  24. before calling wolfSSL_new(); Though it's not recommended.
  25. *** end Notes ***
  26. wolfSSL (Formerly CyaSSL) Release 3.6.2 (07/20/2015)
  27. Release 3.6.2 of wolfSSL is an intermediate custom release including:
  28. - OpenSSH compatibility with --enable-openssh
  29. - stunnel compatibility with --enable-stunnel
  30. - lighttpd compatibility with --enable-lighty
  31. See INSTALL file for build instructions.
  32. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
  33. **************** wolfSSL (Formerly CyaSSL) Release 3.6.0 (06/19/2015)
  34. Release 3.6.0 of wolfSSL has bug fixes and new features including:
  35. - Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
  36. Forward Secrecy). With --enable-maxstrength
  37. - Server side session ticket support, the example server and echoserver use the
  38. example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb()
  39. - FIPS version submitted for iOS.
  40. - TI Crypto Hardware Acceleration
  41. - DTLS fragmentation fixes
  42. - ECC key check validation with wc_ecc_check_key()
  43. - 32bit code options to reduce memory for Curve25519 and Ed25519
  44. - wolfSSL JNI build switch with --enable-jni
  45. - PicoTCP support improvements
  46. - DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz()
  47. - KEEP_PEER_CERT and AltNames can now be used together
  48. - ChaCha20 big endian fix
  49. - SHA-512 signature algorithm support for key exchange and verify messages
  50. - ECC make key crash fix on RNG failure, ECC users must update.
  51. - Improvements to usage of time code.
  52. - Improvements to VS solution files.
  53. - GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
  54. add -fdebug-types-section to C_EXTRA_FLAGS
  55. - No high level security fixes that requires an update though we always
  56. recommend updating to the latest (except note 14, ecc RNG failure)
  57. See INSTALL file for build instructions.
  58. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
  59. *****************wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
  60. Release 3.4.6 of wolfSSL has bug fixes and new features including:
  61. - Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2,
  62. rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm.
  63. These speedup the use of RNG, SHA2, and public key algorithms.
  64. - Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples
  65. in wolcrypt/test/test.c ed25519_test().
  66. - Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes
  67. of memory per secure connection including cipher state.
  68. - wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and
  69. ctaocrypt headers which will enable the compatibility APIs for the
  70. foreseeable future
  71. - INSTALL file to help direct users to build instructions for their environment
  72. - For ECC users with the normal math library a fix that prevents a crash when
  73. verify signature fails. Users of 3.4.0 with ECC and the normal math library
  74. must update
  75. - RC4 is now disabled by default in autoconf mode
  76. - AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers
  77. available without a switch
  78. - External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution
  79. - DHE-PSK cipher suites can now be built without ASN or Cert support
  80. - Fix some NO MD5 build issues with optional features
  81. - Freescale CodeWarrior project updates
  82. - ECC curves can be individually turned on/off at build time.
  83. - Sniffer handles Cert Status message and other minor fixes
  84. - SetMinVersion() at the wolfSSL Context level instead of just SSL session level
  85. to allow minimum protocol version allowed at runtime
  86. - RNG failure resource cleanup fix
  87. - No high level security fixes that requires an update though we always
  88. recommend updating to the latest (except note 6 use case of ecc/normal math)
  89. See INSTALL file for build instructions.
  90. More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
  91. *****************wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015)
  92. Release 3.4.0 wolfSSL has bug fixes and new features including:
  93. - wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt
  94. headers which will enable the compatibility APIs for the foreseeable future
  95. - Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
  96. - Example use of the wolfSSL API can be found in examples/client/client.c
  97. - Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
  98. - Improvements in the build configuration under AIX
  99. - Microchip Pic32 MZ updates
  100. - TIRTOS updates
  101. - PowerPC updates
  102. - Xcode project update
  103. - Bidirectional shutdown examples in client/server with -w (wait for full
  104. shutdown) option
  105. - Cycle counts on benchmarks for x86_64, more coming soon
  106. - ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA
  107. keys
  108. - Various compile warnings
  109. - Scan-build warning fixes
  110. - Changed a memcpy to memmove in the sniffer (if using sniffer please update)
  111. - No high level security fixes that requires an update though we always
  112. recommend updating to the latest
  113. ***********CyaSSL Release 3.3.0 (12/05/2014)
  114. - Countermeasuers for Handshake message duplicates, CHANGE CIPHER without
  115. FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from
  116. the Prosecco team at INRIA Paris-Rocquencourt for the report.
  117. - FIPS version submitted
  118. - Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
  119. - User can set mimimum downgrade version with CyaSSL_SetMinVersion()
  120. - Small stack improvements at TLS/SSL layer
  121. - TLS Master Secret generation and Key Expansion are now exposed
  122. - Adds client side Secure Renegotiation, * not recommended *
  123. - Client side session ticket support, not fully tested with Secure Renegotiation
  124. - Allows up to 4096bit DHE at TLS Key Exchange layer
  125. - Handles non standard SessionID sizes in Hello Messages
  126. - PicoTCP Support
  127. - Sniffer now supports SNI Virtual Hosts
  128. - Sniffer now handles non HTTPS protocols using STARTTLS
  129. - Sniffer can now parse records with multiple messages
  130. - TI-RTOS updates
  131. - Fix for ColdFire optimized fp_digit read only in explicit 32bit case
  132. - ADH Cipher Suite ADH-AES128-SHA for EAP-FAST
  133. The CyaSSL manual is available at:
  134. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  135. and comments about the new features please check the manual.
  136. ***********CyaSSL Release 3.2.0 (09/10/2014)
  137. Release 3.2.0 CyaSSL has bug fixes and new features including:
  138. - ChaCha20 and Poly1305 crypto and suites
  139. - Small stack improvements for OCSP, CRL, TLS, DTLS
  140. - NTRU Encrypt and Decrypt benchmarks
  141. - Updated Visual Studio project files
  142. - Updated Keil MDK5 project files
  143. - Fix for DTLS sequence numbers with GCM/CCM
  144. - Updated HashDRBG with more secure struct declaration
  145. - TI-RTOS support and example Code Composer Studio project files
  146. - Ability to get enabled cipher suites, CyaSSL_get_ciphers()
  147. - AES-GCM/CCM/Direct support for Freescale mmCAU and CAU
  148. - Sniffer improvement checking for decrypt key setup
  149. - Support for raw ECC key import
  150. - Ability to convert ecc_key to DER, EccKeyToDer()
  151. - Security fix for RSA Padding check vulnerability reported by Intel Security
  152. Advanced Threat Research team
  153. The CyaSSL manual is available at:
  154. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  155. and comments about the new features please check the manual.
  156. ************ CyaSSL Release 3.1.0 (07/14/2014)
  157. Release 3.1.0 CyaSSL has bug fixes and new features including:
  158. - Fix for older versions of icc without 128-bit type
  159. - Intel ASM syntax for AES-NI
  160. - Updated NTRU support, keygen benchmark
  161. - FIPS check for minimum required HMAC key length
  162. - Small stack (--enable-smallstack) improvements for PKCS#7, ASN
  163. - TLS extension support for DTLS
  164. - Default I/O callbacks external to user
  165. - Updated example client with bad clock test
  166. - Ability to set optional ECC context info
  167. - Ability to enable/disable DH separate from opensslextra
  168. - Additional test key/cert buffers for CA and server
  169. - Updated example certificates
  170. The CyaSSL manual is available at:
  171. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  172. and comments about the new features please check the manual.
  173. ************ CyaSSL Release 3.0.2 (05/30/2014)
  174. Release 3.0.2 CyaSSL has bug fixes and new features including:
  175. - Added the following cipher suites:
  176. * TLS_PSK_WITH_AES_128_GCM_SHA256
  177. * TLS_PSK_WITH_AES_256_GCM_SHA384
  178. * TLS_PSK_WITH_AES_256_CBC_SHA384
  179. * TLS_PSK_WITH_NULL_SHA384
  180. * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
  181. * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
  182. * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
  183. * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
  184. * TLS_DHE_PSK_WITH_NULL_SHA256
  185. * TLS_DHE_PSK_WITH_NULL_SHA384
  186. * TLS_DHE_PSK_WITH_AES_128_CCM
  187. * TLS_DHE_PSK_WITH_AES_256_CCM
  188. - Added AES-NI support for Microsoft Visual Studio builds.
  189. - Changed small stack build to be disabled by default.
  190. - Updated the Hash DRBG and provided a configure option to enable.
  191. The CyaSSL manual is available at:
  192. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  193. and comments about the new features please check the manual.
  194. ************ CyaSSL Release 3.0.0 (04/29/2014)
  195. Release 3.0.0 CyaSSL has bug fixes and new features including:
  196. - FIPS release candidate
  197. - X.509 improvements that address items reported by Suman Jana with security
  198. researchers at UT Austin and UC Davis
  199. - Small stack size improvements, --enable-smallstack. Offloads large local
  200. variables to the heap. (Note this is not complete.)
  201. - Updated AES-CCM-8 cipher suites to use approved suite numbers.
  202. The CyaSSL manual is available at:
  203. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  204. and comments about the new features please check the manual.
  205. ************ CyaSSL Release 2.9.4 (04/09/2014)
  206. Release 2.9.4 CyaSSL has bug fixes and new features including:
  207. - Security fixes that address items reported by Ivan Fratric of the Google
  208. Security Team
  209. - X.509 Unknown critical extensions treated as errors, report by Suman Jana with
  210. security researchers at UT Austin and UC Davis
  211. - Sniffer fixes for corrupted packet length and Jumbo frames
  212. - ARM thumb mode assembly fixes
  213. - Xcode 5.1 support including new clang
  214. - PIC32 MZ hardware support
  215. - CyaSSL Object has enough room to read the Record Header now w/o allocs
  216. - FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA.
  217. - A sample I/O pool is demonstrated with --enable-iopool to overtake memory
  218. handling and reduce memory fragmentation on I/O large sizes
  219. The CyaSSL manual is available at:
  220. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  221. and comments about the new features please check the manual.
  222. ************ CyaSSL Release 2.9.0 (02/07/2014)
  223. Release 2.9.0 CyaSSL has bug fixes and new features including:
  224. - Freescale Kinetis RNGB support
  225. - Freescale Kinetis mmCAU support
  226. - TLS Hello extensions
  227. - ECC
  228. - Secure Renegotiation (null)
  229. - Truncated HMAC
  230. - SCEP support
  231. - PKCS #7 Enveloped data and signed data
  232. - PKCS #10 Certificate Signing Request generation
  233. - DTLS sliding window
  234. - OCSP Improvements
  235. - API change to integrate into Certificate Manager
  236. - IPv4/IPv6 agnostic
  237. - example client/server support for OCSP
  238. - OCSP nonces are optional
  239. - GMAC hashing
  240. - Windows build additions
  241. - Windows CYGWIN build fixes
  242. - Updated test certificates
  243. - Microchip MPLAB Harmony support
  244. - Update autoconf scripts
  245. - Additional X.509 inspection functions
  246. - ECC encrypt/decrypt primitives
  247. - ECC Certificate generation
  248. The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
  249. K53 Sub-Family Reference Manual:
  250. http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf
  251. Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation
  252. can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library
  253. User Guide":
  254. http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
  255. *****************CyaSSL Release 2.8.0 (8/30/2013)
  256. Release 2.8.0 CyaSSL has bug fixes and new features including:
  257. - AES-GCM and AES-CCM use AES-NI
  258. - NetX default IO callback handlers
  259. - IPv6 fixes for DTLS Hello Cookies
  260. - The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
  261. - SEP certificate extensions
  262. - Callback getters for easier resource freeing
  263. - External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
  264. - MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
  265. - Public Key Callbacks for ECC and RSA
  266. - Client now sends blank cert upon request if doesn't have one with TLS <= 1.2
  267. The CyaSSL manual is available at:
  268. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  269. and comments about the new features please check the manual.
  270. *****************CyaSSL Release 2.7.0 (6/17/2013)
  271. Release 2.7.0 CyaSSL has bug fixes and new features including:
  272. - SNI support for client and server
  273. - KEIL MDK-ARM projects
  274. - Wildcard check to domain name match, and Subject altnames are checked too
  275. - Better error messages for certificate verification errors
  276. - Ability to discard session during handshake verify
  277. - More consistent error returns across all APIs
  278. - Ability to unload CAs at the CTX or CertManager level
  279. - Authority subject id support for Certificate matching
  280. - Persistent session cache functionality
  281. - Persistent CA cache functionality
  282. - Client session table lookups to push serverID table to library level
  283. - Camellia support to sniffer
  284. - User controllable settings for DTLS timeout values
  285. - Sniffer fixes for caching long lived sessions
  286. - DTLS reliability enhancements for the handshake
  287. - Better ThreadX support
  288. When compiling with Mingw, libtool may give the following warning due to
  289. path conversion errors:
  290. libtool: link: Could not determine host file name corresponding to **
  291. libtool: link: Continuing, but uninstalled executables may not work.
  292. If so, examples and testsuite will have problems when run, showing an
  293. error while loading shared libraries. To resolve, please run "make install".
  294. The CyaSSL manual is available at:
  295. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  296. and comments about the new features please check the manual.
  297. ************** CyaSSL Release 2.6.0 (04/15/2013)
  298. Release 2.6.0 CyaSSL has bug fixes and new features including:
  299. - DTLS 1.2 support including AEAD ciphers
  300. - SHA-3 finalist Blake2 support, it's fast and uses little resources
  301. - SHA-384 cipher suites including ECC ones
  302. - HMAC now supports SHA-512
  303. - Track memory use for example client/server with -t option
  304. - Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were
  305. turned on, localhost only was used. Now link-local (with scope ids) and ipv6
  306. hosts can be used as well.
  307. - Xcode v4.6 project for iOS v6.1 update
  308. - settings.h is now checked in all *.c files for true one file setting detection
  309. - Better alignment at SSL layer for hardware crypto alignment needs
  310. * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and
  311. 13 bytes DTLS headers, but every effort is now made to align with the
  312. CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
  313. - NO_64BIT flag to turn off 64bit data type accumulators in public key code
  314. * Note, some systems are faster with 32bit accumulators
  315. - --enable-stacksize for example client/server stack use
  316. * Note, modern desktop Operating Systems may add bytes to each stack frame
  317. - Updated compression/decompression with direct crypto access
  318. - All ./configure options are now lowercase only for consistency
  319. - ./configure builds default to fastmath option
  320. * Note, if on ia32 and building in shared mode this may produce a problem
  321. with a missing register being available because of PIC, there are at least
  322. 5 solutions to this:
  323. 1) --disable-fastmath , don't use fastmath
  324. 2) --disable-shared, don't build a shared library
  325. 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use
  326. 4) use clang, it just seems to work
  327. 5) play around with no PIC options to force all registers being open
  328. - Many new ./configure switches for option enable/disable for example
  329. * rsa
  330. * dh
  331. * dsa
  332. * md5
  333. * sha
  334. * arc4
  335. * null (allow NULL ciphers)
  336. * oldtls (only use TLS 1.2)
  337. * asn (no certs or public keys allowed)
  338. - ./configure generates cyassl/options.h which allows a header the user can
  339. include in their app to make sure the same options are set at the app and
  340. CyaSSL level.
  341. - autoconf no longer needs serial-tests which lowers version requirements of
  342. automake to 1.11 and autoconf to 2.63
  343. The CyaSSL manual is available at:
  344. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  345. and comments about the new features please check the manual.
  346. ************** CyaSSL Release 2.5.0 (02/04/2013)
  347. Release 2.5.0 CyaSSL has bug fixes and new features including:
  348. - Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and
  349. Kenny Paterson: http://www.isg.rhul.ac.uk/tls/
  350. - Microchip PIC32 (MIPS16, MIPS32) support
  351. - Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
  352. - Updated CTaoCrypt benchmark app for embedded systems
  353. - 1024-bit test certs/keys and cert/key buffers
  354. - AES-CCM-8 crypto and cipher suites
  355. - Camellia crypto and cipher suites
  356. - Bumped minimum autoconf version to 2.65, automake version to 1.12
  357. - Addition of OCSP callbacks
  358. - STM32F2 support with hardware crypto and RNG
  359. - Cavium NITROX support
  360. CTaoCrypt now has support for the Microchip PIC32 and has been tested with
  361. the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
  362. MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
  363. located under the <cyassl_root>/mplabx directory for more details.
  364. To add Cavium NITROX support do:
  365. ./configure --with-cavium=/home/user/cavium/software
  366. pointing to your licensed cavium/software directory. Since Cavium doesn't
  367. build a library we pull in the cavium_common.o file which gives a libtool
  368. warning about the portability of this. Also, if you're using the github source
  369. tree you'll need to remove the -Wredundant-decls warning from the generated
  370. Makefile because the cavium headers don't conform to this warning. Currently
  371. CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
  372. layer. Support at the SSL level is partial and currently just does AES, 3DES,
  373. and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non
  374. blocking mode. The example client turns on cavium support as does the crypto
  375. test and benchmark. Please see the HAVE_CAVIUM define.
  376. CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
  377. generator through the STM32F2 Standard Peripheral Library. For necessary
  378. defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
  379. STM32F2 Standard Peripheral Library can be found in the following document:
  380. http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
  381. The CyaSSL manual is available at:
  382. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  383. and comments about the new features please check the manual.
  384. *************** CyaSSL Release 2.4.6 (12/20/2012)
  385. Release 2.4.6 CyaSSL has bug fixes and a few new features including:
  386. - ECC into main version
  387. - Lean PSK build (reduced code size, RAM usage, and stack usage)
  388. - FreeBSD CRL monitor support
  389. - CyaSSL_peek()
  390. - CyaSSL_send() and CyaSSL_recv() for I/O flag setting
  391. - CodeWarrior Support
  392. - MQX Support
  393. - Freescale Kinetis support including Hardware RNG
  394. - autoconf builds use jobserver
  395. - cyassl-config
  396. - Sniffer memory reductions
  397. Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
  398. warning system, and general good ideas for improving CyaSSL!
  399. The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
  400. K70 Sub-Family Reference Manual:
  401. http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
  402. The CyaSSL manual is available at:
  403. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  404. and comments about the new features please check the manual.
  405. *************** CyaSSL Release 2.4.0 (10/10/2012)
  406. Release 2.4.0 CyaSSL has bug fixes and a few new features including:
  407. - DTLS reliability
  408. - Reduced memory usage after handshake
  409. - Updated build process
  410. The CyaSSL manual is available at:
  411. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  412. and comments about the new features please check the manual.
  413. *************** CyaSSL Release 2.3.0 (8/10/2012)
  414. Release 2.3.0 CyaSSL has bug fixes and a few new features including:
  415. - AES-GCM crypto and cipher suites
  416. - make test cipher suite checks
  417. - Subject AltName processing
  418. - Command line support for client/server examples
  419. - Sniffer SessionTicket support
  420. - SHA-384 cipher suites
  421. - Verify cipher suite validity when user overrides
  422. - CRL dir monitoring
  423. - DTLS Cookie support, reliability coming soon
  424. The CyaSSL manual is available at:
  425. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  426. and comments about the new features please check the manual.
  427. ***************CyaSSL Release 2.2.0 (5/18/2012)
  428. Release 2.2.0 CyaSSL has bug fixes and a few new features including:
  429. - Initial CRL support (--enable-crl)
  430. - Initial OCSP support (--enable-ocsp)
  431. - Add static ECDH suites
  432. - SHA-384 support
  433. - ECC client certificate support
  434. - Add medium session cache size (1055 sessions)
  435. - Updated unit tests
  436. - Protection against mutex reinitialization
  437. The CyaSSL manual is available at:
  438. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  439. and comments about the new features please check the manual.
  440. ***************CyaSSL Release 2.0.8 (2/24/2012)
  441. Release 2.0.8 CyaSSL has bug fixes and a few new features including:
  442. - A fix for malicious certificates pointed out by Remi Gacogne (thanks)
  443. resulting in NULL pointer use.
  444. - Respond to renegotiation attempt with no_renegoatation alert
  445. - Add basic path support for load_verify_locations()
  446. - Add set Temp EC-DHE key size
  447. - Extra checks on rsa test when porting into
  448. The CyaSSL manual is available at:
  449. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  450. and comments about the new features please check the manual.
  451. ************* CyaSSL Release 2.0.6 (1/27/2012)
  452. Release 2.0.6 CyaSSL has bug fixes and a few new features including:
  453. - Fixes for CA basis constraint check
  454. - CTX reference counting
  455. - Initial unit test additions
  456. - Lean and Mean Windows fix
  457. - ECC benchmarking
  458. - SSMTP build support
  459. - Ability to group handshake messages with set_group_messages(ctx/ssl)
  460. - CA cache addition callback
  461. - Export Base64_Encode for general use
  462. The CyaSSL manual is available at:
  463. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  464. and comments about the new features please check the manual.
  465. ************* CyaSSL Release 2.0.2 (12/05/2011)
  466. Release 2.0.2 CyaSSL has bug fixes and a few new features including:
  467. - CTaoCrypt Runtime library detection settings when directly using the crypto
  468. library
  469. - Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
  470. - All test certificates now use 2048bit and SHA-1 for better modern browser
  471. support
  472. - Direct AES block access and AES-CTR (counter) mode
  473. - Microchip pic32 support
  474. The CyaSSL manual is available at:
  475. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  476. and comments about the new features please check the manual.
  477. ************* CyaSSL Release 2.0.0rc3 (9/28/2011)
  478. Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
  479. - updated autoconf support
  480. - better make install and uninstall (uses system directories)
  481. - make test / make check
  482. - CyaSSL headers now in <cyassl/*.h>
  483. - CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
  484. - OpenSSL compatibility headers now in <cyassl/openssl/*.h>
  485. - examples and tests all run from home directory so can use certs in ./certs
  486. (see note 1)
  487. So previous applications that used the OpenSSL compatibility header
  488. <openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
  489. changes are required.
  490. Special Thanks to Brian Aker for his autoconf, install, and header patches.
  491. The CyaSSL manual is available at:
  492. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  493. and comments about the new features please check the manual.
  494. ************CyaSSL Release 2.0.0rc2 (6/6/2011)
  495. Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
  496. - bug fixes (Alerts, DTLS with DHE)
  497. - FreeRTOS support
  498. - lwIP support
  499. - Wshadow warnings removed
  500. - asn public header
  501. - CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
  502. updated to reflect this change)
  503. - and more.
  504. This is the 2nd and perhaps final release candidate for version 2.
  505. Please send any comments or questions to support@wolfssl.com.
  506. The CyaSSL manual is available at:
  507. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  508. and comments about the new features please check the manual.
  509. ***********CyaSSL Release 2.0.0rc1 (5/2/2011)
  510. Release 2.0.0rc1 for CyaSSL has many new features including:
  511. - bug fixes
  512. - SHA-256 cipher suites
  513. - Root Certificate Verification (instead of needing all certs in the chain)
  514. - PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
  515. - Serial number retrieval for x509
  516. - PBKDF2 and PKCS #12 PBKDF
  517. - UID parsing for x509
  518. - SHA-256 certificate signatures
  519. - Client and server can send chains (SSL_CTX_use_certificate_chain_file)
  520. - CA loading can now parse multiple certificates per file
  521. - Dynamic memory runtime hooks
  522. - Runtime hooks for logging
  523. - EDH on server side
  524. - More informative error codes
  525. - More informative logging messages
  526. - Version downgrade more robust (use SSL_v23*)
  527. - Shared build only by default through ./configure
  528. - Compiler visibility is now used, internal functions not polluting namespace
  529. - Single Makefile, no recursion, for faster and simpler building
  530. - Turn on all warnings possible build option, warning fixes
  531. - and more.
  532. Because of all the new features and the multiple OS, compiler, feature-set
  533. options that CyaSSL allows, there may be some configuration fixes needed.
  534. Please send any comments or questions to support@wolfssl.com.
  535. The CyaSSL manual is available at:
  536. http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
  537. and comments about the new features please check the manual.
  538. ****************** CyaSSL Release 1.9.0 (3/2/2011)
  539. Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
  540. better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
  541. improper AES key setup detection, user cert verify callback improvements, and
  542. more.
  543. The CyaSSL manual offering is included in the doc/ directory. For build
  544. instructions and comments about the new features please check the manual.
  545. Please send any comments or questions to support@wolfssl.com.
  546. ****************** CyaSSL Release 1.8.0 (12/23/2010)
  547. Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
  548. generation, a C standard library abstraction layer, lower memory use, increased
  549. portability through the os_settings.h file, and the ability to use NTRU cipher
  550. suites when used in conjunction with an NTRU license and library.
  551. The initial CyaSSL manual offering is included in the doc/ directory. For
  552. build instructions and comments about the new features please check the manual.
  553. Please send any comments or questions to support@wolfssl.com.
  554. Happy Holidays.
  555. ********************* CyaSSL Release 1.6.5 (9/9/2010)
  556. Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
  557. generation.
  558. For general build instructions see doc/Building_CyaSSL.pdf.
  559. To enable certificate generation support add this option to ./configure
  560. ./configure --enable-certgen
  561. An example is included in ctaocrypt/test/test.c and documentation is provided
  562. in doc/CyaSSL_Extensions_Reference.pdf item 11.
  563. ********************** CyaSSL Release 1.6.0 (8/27/2010)
  564. Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
  565. generation.
  566. For general build instructions see doc/Building_CyaSSL.pdf.
  567. To add RIPEMD-160 support add this option to ./configure
  568. ./configure --enable-ripemd
  569. To add SHA-512 support add this option to ./configure
  570. ./configure --enable-sha512
  571. To add RSA key generation support add this option to ./configure
  572. ./configure --enable-keygen
  573. Please see ctaocrypt/test/test.c for examples and usage.
  574. For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is
  575. off by default. To turn key generation on add the define CYASSL_KEY_GEN to
  576. CyaSSL.
  577. ************* CyaSSL Release 1.5.6 (7/28/2010)
  578. Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
  579. and a fix for GCC builds on some systems.
  580. For general build instructions see doc/Building_CyaSSL.pdf.
  581. To add AES-NI support add this option to ./configure
  582. ./configure --enable-aesni
  583. You'll need GCC 4.4.3 or later to make use of the assembly.
  584. ************** CyaSSL Release 1.5.4 (7/7/2010)
  585. Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
  586. improvements from loop unrolling, and support for the Mongoose Web Server.
  587. For general build instructions see doc/Building_CyaSSL.pdf.
  588. To add AES-NI support add this option to ./configure
  589. ./configure --enable-aesni
  590. You'll need GCC 4.4.3 or later to make use of the assembly.
  591. *************** CyaSSL Release 1.5.0 (5/11/2010)
  592. Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer
  593. support, and initial swig interface support.
  594. For general build instructions see doc/Building_CyaSSL.pdf.
  595. To add support for GoAhead WebServer either --enable-opensslExtra or if you
  596. don't want all the features of opensslExtra you can just define GOAHEAD_WS
  597. instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or
  598. you can define it yourself.
  599. To look at the sniffer support please see the sniffertest app in
  600. sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the
  601. vcproj files on windows. You'll need to have pcap installed on *nix and
  602. WinPcap on windows.
  603. A swig interface file is now located in the swig directory for using Python,
  604. Java, Perl, and others with CyaSSL. This is initial support and experimental,
  605. please send questions or comments to support@wolfssl.com.
  606. When doing load testing with CyaSSL, on the echoserver example say, the client
  607. machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
  608. queue, and can't be reused by default. There are generally two ways to fix
  609. this. 1) Reduce the length sockets remain on the TIME_WAIT queue or 2) Allow
  610. items on the TIME_WAIT queue to be reused.
  611. To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds)
  612. sudo sysctl -w net.inet.tcp.msl=3000
  613. In Linux
  614. sudo sysctl -w net.ipv4.tcp_tw_reuse=1
  615. allows reuse of sockets in TIME_WAIT
  616. sudo sysctl -w net.ipv4.tcp_tw_recycle=1
  617. works but seems to remove sockets from TIME_WAIT entirely?
  618. sudo sysctl -w net.ipv4.tcp_fin_timeout=1
  619. doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
  620. ******************** CyaSSL Release 1.4.0 (2/18/2010)
  621. Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support
  622. through SSLv23_server_method(), and improved documentation in the doc/ folder.
  623. For general build instructions doc/Building_CyaSSL.pdf.
  624. ******************** CyaSSL Release 1.3.0 (1/21/2010)
  625. Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix,
  626. better porting support, removal of assert()s, and a complete THREADX port.
  627. For general build instructions see rc1 below.
  628. ******************** CyaSSL Release 1.2.0 (11/2/2009)
  629. Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is
  630. read or write.
  631. For general build instructions see rc1 below.
  632. ******************** CyaSSL Release 1.1.0 (9/2/2009)
  633. Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session
  634. cache use, support for lighttpd, and TLS 1.2.
  635. To get TLS 1.2 support please use the client and server functions:
  636. SSL_METHOD *TLSv1_2_server_method(void);
  637. SSL_METHOD *TLSv1_2_client_method(void);
  638. CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with
  639. lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
  640. ./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib
  641. make
  642. make openssl-links
  643. Then to build lighttpd with CyaSSL use the following commands from the
  644. lighttpd install dir:
  645. ./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm
  646. make
  647. On some systems you may get a linker error about a duplicate symbol for
  648. MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file
  649. md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o.
  650. When liblightcomp is linked with the SSL_LIBs the linker may complain about
  651. the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c
  652. and adding this line to the beginning of the file:
  653. #if 0
  654. and this line to the end of the file
  655. #endif
  656. Then from the lighttpd src dir do a:
  657. make clean
  658. make
  659. If you get link errors about undefined symbols more than likely the actual
  660. OpenSSL libraries are found by the linker before the CyaSSL openssl-links that
  661. point to the CyaSSL library, causing the linker confusion. This can be fixed
  662. by editing the Makefile in the lighttpd src directory and changing the line:
  663. SSL_LIB = -lssl -lcrypto
  664. to
  665. SSL_LIB = -lcyassl
  666. Then from the lighttpd src dir do a:
  667. make clean
  668. make
  669. This should remove any confusion the linker may be having with missing symbols.
  670. For any questions or concerns please contact support@wolfssl.com .
  671. For general build instructions see rc1 below.
  672. ******************CyaSSL Release 1.0.6 (8/03/2009)
  673. Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster
  674. math with a huge code option.
  675. The session cache now defaults to a client mode, also good for embedded servers.
  676. For servers not under heavy load (less than 200 new sessions per minute), define
  677. BIG_SESSION_CACHE. If the server will be under heavy load, define
  678. HUGE_SESSION_CACHE.
  679. There is now a fasthugemath option for configure. This enables fastmath plus
  680. even faster math by greatly increasing the code size of the math library. Use
  681. the benchmark utility to compare public key operations.
  682. For general build instructions see rc1 below.
  683. ******************CyaSSL Release 1.0.3 (5/10/2009)
  684. Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL
  685. compatibility when building other applications.
  686. Release 1.0.3 includes an alpha release of DTLS for both client and servers.
  687. This is only for testing purposes at this time. Rebroadcast and reordering
  688. aren't fully implemented at this time but will be for the next release.
  689. For general build instructions see rc1 below.
  690. ******************CyaSSL Release 1.0.2 (4/3/2009)
  691. Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems
  692. will send a SIGPIPE on socket recv() at any time and this should be handled by
  693. the application by turning off SIGPIPE through setsockopt() or returning from
  694. the handler.
  695. Release 1.0.2 includes an alpha release of DTLS for both client and servers.
  696. This is only for testing purposes at this time. Rebroadcast and reordering
  697. aren't fully implemented at this time but will be for the next release.
  698. For general build instructions see rc1 below.
  699. *****************CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009)
  700. Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
  701. iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root
  702. directory. This release also includes a fix for supporting other
  703. implementations that bundle multiple messages at the record layer, this was
  704. lost when cyassl i/o was re-implemented but is now fixed.
  705. For general build instructions see rc1 below.
  706. *****************CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009)
  707. Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
  708. ciphers along with their respective cipher suites. CyaSSL adds support for
  709. HC-128 and RABBIT stream ciphers. The new suites are:
  710. TLS_RSA_WITH_HC_128_SHA
  711. TLS_RSA_WITH_RABBIT_SHA
  712. And the corresponding cipher names are
  713. HC128-SHA
  714. RABBIT-SHA
  715. CyaSSL also adds support for building with devkitPro for PPC by changing the
  716. library proper to use libogc. The examples haven't been changed yet but if
  717. there's interest they can be. Here's an example ./configure to build CyaSSL
  718. for devkitPro:
  719. ./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO"
  720. For linking purposes you'll need
  721. LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
  722. For general build instructions see rc1 below.
  723. ********************CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008)
  724. Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several
  725. areas have optimization improvements, less dynamic memory use, and the I/O
  726. strategy has been refactored to allow alternate I/O handling or Library use.
  727. Many thanks to Thierry Fournier for providing these ideas and most of the work.
  728. Because of these changes, this release is only a candidate since some problems
  729. are probably inevitable on some platform with some I/O use. Please report any
  730. problems and we'll try to resolve them as soon as possible. You can contact us
  731. at support@wolfssl.com or todd@wolfssl.com.
  732. Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly
  733. on some platforms. This is new so please report any problems as every compiler,
  734. mode, OS combination hasn't been tested. On ia32 all of the registers need to
  735. be available so be sure to pass these options to CFLAGS:
  736. CFLAGS="-O3 -fomit-frame-pointer"
  737. OS X will also need -mdynamic-no-pic added to CFLAGS
  738. Also if you're building in shared mode for ia32 you'll need to pass options to
  739. LDFLAGS as well on OS X:
  740. LDFLAGS=-Wl,-read_only_relocs,warning
  741. This gives warnings for some symbols but seems to work.
  742. --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
  743. ./configure
  744. make
  745. from the ./testsuite/ directory run ./testsuite
  746. to make a debug build:
  747. ./configure --enable-debug --disable-shared
  748. make
  749. --To build on Win32
  750. Choose (Re)Build All from the project workspace
  751. Run the testsuite program
  752. *************************CyaSSL version 0.9.9 (7/25/2008)
  753. This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
  754. handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the
  755. work on TomsFastMath.
  756. To optionally use TomsFastMath pass --enable-fastmath to ./configure
  757. Or define USE_FAST_MATH in each project from CyaSSL for MSVC.
  758. Please use the benchmark routine before and after to see the performance
  759. difference, on some platforms the gains will be little but RSA encryption
  760. always seems to be faster. On x86-64 machines with GCC the normal math library
  761. may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't
  762. yet use -m64 because of GCCs inability to do 128bit division.
  763. **** UPDATE GCC 4.2.1 can now do 128bit division ***
  764. See notes below (0.2.0) for complete build instructions.
  765. ****************CyaSSL version 0.9.8 (5/7/2008)
  766. This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
  767. socket handling.
  768. See notes below (0.2.0) for complete build instructions.
  769. ****************CyaSSL version 0.9.6 (1/31/2008)
  770. This release of CyaSSL adds bug fixes, increased session management, and a fix
  771. for gnutls.
  772. See notes below (0.2.0) for complete build instructions.
  773. ****************CyaSSL version 0.9.0 (10/15/2007)
  774. This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
  775. IPV6 support and test, and new test certificates.
  776. See notes below (0.2.0) for complete build instructions.
  777. ****************CyaSSL version 0.8.0 (1/10/2007)
  778. This release of CyaSSL adds increased socket support, for non-blocking writes,
  779. connects, and interrupted system calls.
  780. See notes below (0.2.0) for complete build instructions.
  781. ****************CyaSSL version 0.6.3 (10/30/2006)
  782. This release of CyaSSL adds debug logging to stderr to aid in the debugging of
  783. CyaSSL on systems that may not provide the best support.
  784. If CyaSSL is built with debugging support then you need to call
  785. CyaSSL_Debugging_ON() to turn logging on.
  786. On Unix use ./configure --enable-debug
  787. On Windows define DEBUG_CYASSL when building CyaSSL
  788. To turn logging back off call CyaSSL_Debugging_OFF()
  789. See notes below (0.2.0) for complete build instructions.
  790. *****************CyaSSL version 0.6.2 (10/29/2006)
  791. This release of CyaSSL adds TLS 1.1.
  792. Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
  793. To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
  794. SSL_VERIFY_NONE. In order to have full security you should never do this,
  795. provide CyaSSL with the proper certificates to eliminate impostors and call
  796. CyaSSL_check_domain_name() to prevent man in the middle attacks.
  797. See notes below (0.2.0) for build instructions.
  798. *****************CyaSSL version 0.6.0 (10/25/2006)
  799. This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
  800. I/O for accept, connect, and read. There is now an --enable-small configure
  801. option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in
  802. for the defines. Note that TLS requires HMAC and AES requires TLS.
  803. See notes below (0.2.0) for build instructions.
  804. *****************CyaSSL version 0.5.5 (09/27/2006)
  805. This mini release of CyaSSL adds better input processing through buffered input
  806. and big message support. Added SSL_pending() and some sanity checks on user
  807. settings.
  808. See notes below (0.2.0) for build instructions.
  809. *****************CyaSSL version 0.5.0 (03/27/2006)
  810. This release of CyaSSL adds AES support and minor bug fixes.
  811. See notes below (0.2.0) for build instructions.
  812. *****************CyaSSL version 0.4.0 (03/15/2006)
  813. This release of CyaSSL adds TLSv1 client/server support and libtool.
  814. See notes below for build instructions.
  815. *****************CyaSSL version 0.3.0 (02/26/2006)
  816. This release of CyaSSL adds SSLv3 server support and session resumption.
  817. See notes below for build instructions.
  818. *****************CyaSSL version 0.2.0 (02/19/2006)
  819. This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL
  820. is written in ANSI C with the idea of a small code size, footprint, and memory
  821. usage in mind. CTaoCrypt can be as small as 32K, and the current client
  822. version of CyaSSL can be as small as 12K.
  823. The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer
  824. Support, RSA, ASN parsing, and basic x509 (en/de)coding.
  825. The first release of CyaSSL supports normal client RSA mode SSLv3 connections
  826. with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4.
  827. --To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
  828. ./configure
  829. make
  830. from the ./testsuite/ directory run ./testsuite
  831. to make a debug build:
  832. ./configure --enable-debug --disable-shared
  833. make
  834. --To build on Win32
  835. Choose (Re)Build All from the project workspace
  836. Run the testsuite program
  837. *** The next release of CyaSSL will support a server and more OpenSSL
  838. compatibility functions.
  839. Please send questions or comments to todd@wolfssl.com