1<a href="https://repology.org/project/wolfssl/versions"> 2 <img src="https://repology.org/badge/vertical-allrepos/wolfssl.svg" alt="Packaging status" align="right"> 3</a> 4 5# wolfSSL Embedded SSL/TLS Library 6 7The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) 8(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and 9targeted for embedded, RTOS, and resource-constrained environments - primarily 10because of its small size, speed, and feature set. It is commonly used in 11standard operating environments as well because of its royalty-free pricing 12and excellent cross platform support. wolfSSL supports industry standards up 13to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.2, is up to 1420 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, 15Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User benchmarking and 16feedback reports dramatically better performance when using wolfSSL over 17OpenSSL. 18 19wolfSSL is powered by the wolfCrypt cryptography library. Two versions of 20wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and 21certificate #3389). FIPS 140-3 validation is in progress. For additional 22information, visit the [wolfCrypt FIPS FAQ](https://www.wolfssl.com/license/fips/) 23or contact fips@wolfssl.com. 24 25## Why Choose wolfSSL? 26 27There are many reasons to choose wolfSSL as your embedded, desktop, mobile, or 28enterprise SSL/TLS solution. Some of the top reasons include size (typical 29footprint sizes range from 20-100 kB), support for the newest standards 30(SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current 31and progressive cipher support (including stream ciphers), multi-platform, 32royalty free, and an OpenSSL compatibility API to ease porting into existing 33applications which have previously used the OpenSSL package. For a complete 34feature list, see [Chapter 4](https://www.wolfssl.com/docs/wolfssl-manual/ch4/) 35of the wolfSSL manual. 36 37## Notes, Please Read 38 39### Note 1 40wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer 41supports static key cipher suites with PSK, RSA, or ECDH. This means if you 42plan to use TLS cipher suites you must enable DH (DH is on by default), or 43enable ECC (ECC is on by default), or you must enable static key cipher suites 44with one or more of the following defines: 45 46``` 47WOLFSSL_STATIC_DH 48WOLFSSL_STATIC_RSA 49WOLFSSL_STATIC_PSK 50``` 51Though static key cipher suites are deprecated and will be removed from future 52versions of TLS. They also lower your security by removing PFS. 53 54When compiling `ssl.c`, wolfSSL will now issue a compiler error if no cipher 55suites are available. You can remove this error by defining 56`WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're 57not using TLS cipher suites. 58 59### Note 2 60wolfSSL takes a different approach to certificate verification than OpenSSL 61does. The default policy for the client is to verify the server, this means 62that if you don't load CAs to verify the server you'll get a connect error, 63no signer error to confirm failure (-188). 64 65If you want to mimic OpenSSL behavior of having `SSL_connect` succeed even if 66verifying the server fails and reducing security you can do this by calling: 67 68```c 69wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); 70``` 71 72before calling `wolfSSL_new();`. Though it's not recommended. 73 74### Note 3 75The enum values SHA, SHA256, SHA384, SHA512 are no longer available when 76wolfSSL is built with `--enable-opensslextra` (`OPENSSL_EXTRA`) or with the 77macro `NO_OLD_SHA_NAMES`. These names get mapped to the OpenSSL API for a 78single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` and 79`WC_SHA512` should be used for the enum name. 80 81# wolfSSL Release 5.1.1 (Jan 3rd, 2021) 82Release 5.1.1 of wolfSSL embedded TLS has a high vulnerability fix: 83 84### Vulnerabilities 85* \[High\] In connections using AES-CBC or DES3 with TLS/DTLS 1.2 or 1.1 the IV being used is not random. Users using wolfSSL version 5.0.0 or 5.1.0 doing TLS/DTLS 1.2 or 1.1 connections, without AEAD only, should update the version of wolfSSL used. 86 87# wolfSSL Release 5.1.0 (Dec 27, 2021) 88Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including: 89 90### Vulnerabilities 91* \[Low\] Potential for DoS attack on a wolfSSL client due to processing hello packets of the incorrect side. This affects only connections using TLS v1.2 or less that have also been compromised by a man in the middle attack. Thanks to James Henderson, Mathy Vanhoef, Chris M. Stone, Sam L. Thomas, Nicolas Bailleut, and Tom Chothia (University of Birmingham, KU Leuven, ENS Rennes for the report. 92* \[Low\] Client side session resumption issue once the session resumption cache has been filled up. The hijacking of a session resumption has been demonstrated so far with only non verified peer connections. That is where the client is not verifying the server’s CA that it is connecting to. There is the potential though for other cases involving proxies that are verifying the server to be at risk, if using wolfSSL in a case involving proxies use wolfSSL_get1_session and then wolfSSL_SESSION_free when done where possible. If not adding in the session get/free function calls we recommend that users of wolfSSL that are resuming sessions update to the latest version (wolfSSL version 5.1.0 or later). Thanks to the UK's National Cyber Security Centre (NCSC) for the report. 93 94### New Feature Additions 95###### Ports 96* Curve25519 support with NXP SE050 added 97* Renesas RA6M4 support with SCE Protected Mode and FSP 3.5.0 98* Renesas TSIP 1.14 support for RX65N/RX72N 99 100###### Post Quantum 101* Post quantum resistant algorithms used with Apache port 102* NIST round 3 FALCON Signature Scheme support added to TLS 1.3 connections 103* FALCON added to the benchmarking application 104* Testing of cURL with wolfSSL post quantum resistant build 105 106###### Compatibility Layer Additions 107* Updated NGINX port to NGINX version 1.21.4 108* Updated Apache port to Apache version 2.4.51 109* Add support for SSL_OP_NO_TLSv1_2 flag with wolfSSL_CTX_set_options function 110* Support added for the functions 111 - SSL_CTX_get_max_early_data 112 - SSL_CTX_set_max_early_data 113 - SSL_set_max_early_data 114 - SSL_get_max_early_data 115 - SSL_CTX_clear_mode 116 - SSL_CONF_cmd_value_type 117 - SSL_read_early_data 118 - SSL_write_early_data 119 120###### Misc. 121* Crypto callback support for AES-CCM added. A callback function can be registered and used instead of the default AES-CCM implementation in wolfSSL. 122* Added AES-OFB to the FIPS boundary for future FIPS validations. 123* Add support for custom OIDs used with CSR (certificate signing request) generation using the macro WOLFSSL_CUSTOM_OID 124* Added HKDF extract callback function for use with TLS 1.3 125* Add variant from RFC6979 of deterministic ECC signing that can be enabled using the macro WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT 126* Added the function wc_GetPubKeyDerFromCert to get the public key from a DecodedCert structure 127* Added the functions wc_InitDecodedCert, wc_ParseCert and wc_FreeDecodedCert for access to decoding a certificate into a DecodedCert structure 128* Added the macro WOLFSSL_ECC_NO_SMALL_STACK for hybrid builds where the numerous malloc/free with ECC is undesired but small stack use is desired throughout the rest of the library 129* Added the function wc_d2i_PKCS12_fp for reading a PKCS12 file and parsing it 130 131### Fixes 132###### PORT Fixes 133* Building with Android wpa_supplicant and KeyStore 134* Setting initial value of CA certificate with TSIP enabled 135* Cryptocell ECC build fix and fix with RSA disabled 136* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation 137 138###### Math Library Fixes 139* Check return values on TFM library montgomery function in case the system runs out of memory. This resolves an edge case of invalid ECC signatures being created. 140* SP math library sanity check on size of values passed to sp_gcd. 141* SP math library sanity check on exponentiation by 0 with mod_exp 142* Update base ECC mp_sqrtmod_prime function to handle an edge case of zero 143* TFM math library with Intel MULX multiply fix for carry in assembly code 144 145###### Misc. 146* Fix for potential heap buffer overflow with compatibility layer PEM parsing 147* Fix for edge memory leak case with an error encountered during TLS resumption 148* Fix for length on inner sequence created with wc_DhKeyToDer when handling small DH keys 149* Fix for sanity check on input argument to DSA sign and verify 150* Fix for setting of the return value with ASN1 integer get on an i386 device 151* Fix for BER to DER size checks with PKCS7 decryption 152* Fix for memory leak with PrintPubKeyEC function in compatibility layer 153* Edge case with deterministic ECC key generation when the private key has leading 0’s 154* Fix for build with OPENSSL_EXTRA and NO_WOLFSSL_STUB both defined 155* Use page aligned memory with ECDSA signing and KCAPI 156* Skip expired sessions for TLS 1.3 rather than turning off the resume behavior 157* Fix for DTLS handling dropped or retransmitted messages 158 159### Improvements/Optimizations 160###### Build Options and Warnings 161* Bugfix: could not build with liboqs and without DH enabled 162* Build with macro NO_ECC_KEY_EXPORT fixed 163* Fix for building with the macro HAVE_ENCRYPT_THEN_MAC when session export is enabled 164* Building with wolfSentry and HAVE_EX_DATA macro set 165 166###### Math Libraries 167* Improvement for performance with SP C implementation of montgomery reduction for ECC (P256 and P384) and SP ARM64 implementation for ECC (P384) 168* With SP math handle case of dividing by length of dividend 169* SP math improvement for lo/hi register names to be used with older GCC compilers 170 171###### Misc. 172* ASN name constraints checking code refactor for better efficiency and readability 173* Refactor of compatibility layer stack free’ing calls to simplify and reduce code 174* Scrubbed code for trailing spaces, hard tabs, and any control characters 175* Explicit check that leaf certificate's public key type match cipher suite signature algorithm 176* Additional NULL sanity checks on WOLFSSL struct internally and improve switch statement fallthrough 177* Retain OCSP error value when CRL is enabled with certificate parsing 178* Update to NATIVE LwIP support for TCP use 179* Sanity check on PEM size when parsing a PEM with OpenSSL compatibility layer API. 180* SWIG wrapper was removed from the codebase in favor of dedicated Java and Python wrappers. 181* Updates to bundled example client for when to load the CA, handling print out of IP alt names, and printing out the peers certificate in PEM format 182* Handling BER encoded inner content type with PKCS7 verify 183* Checking for SOCKET_EPIPE errors from low level socket 184* Improvements to cleanup in the case that wolfSSL_Init fails 185* Update test and example certificates expiration dates 186 187 188For additional vulnerability information visit the vulnerability page at: 189https://www.wolfssl.com/docs/security-vulnerabilities/ 190 191See INSTALL file for build instructions. 192More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html 193 194 195 196# Resources 197 198[wolfSSL Website](https://www.wolfssl.com/) 199 200[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) 201 202[FIPS 140-2/140-3 FAQ](https://wolfssl.com/license/fips) 203 204[wolfSSL Documentation](https://wolfssl.com/wolfSSL/Docs.html) 205 206[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) 207 208[wolfSSL API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) 209 210[wolfCrypt API Reference](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) 211 212[TLS 1.3](https://www.wolfssl.com/docs/tls13/) 213 214[wolfSSL Vulnerabilities](https://www.wolfssl.com/docs/security-vulnerabilities/) 215 216[Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) 217