wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
dgarske Merge pull request #1978 from ejohnstown/dot-release
touch version for interstitial release
Latest commit 249306f Dec 13, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
IDE Touch Up iOS Project Dec 4, 2018
IPP Release 3.7.0 Oct 28, 2015
certs Add support for more OpenSSL APIs Nov 19, 2018
ctaocrypt Release v3.12.2 (lib 14.0.0). Updated copywright. Oct 22, 2017
cyassl Fix to resolve issue with PIC32MZ crypto hardware (AES/DES3 only) whe… Aug 22, 2018
doc Code coverage tests and fixes - default config Dec 11, 2018
examples DHE Speed Up Dec 3, 2018
lib 1.8.8 init Feb 5, 2011
m4 Configure Update Jul 3, 2018
mcapi Fixes for build failures. Added new `WC_MAX_SYM_KEY_SIZE` macro for h… Apr 9, 2018
mplabx Release v3.12.2 (lib 14.0.0). Updated copywright. Oct 22, 2017
mqx check return value of wolfSSL_set_fd Mar 25, 2016
rpm prepare for release 3.15.5 Nov 7, 2018
scripts Address issues when testing with WOLFSSL_OCSP_TEST set Aug 30, 2018
src ALPN is returned in ServerHello when downgrading from TLS 1.3 Dec 11, 2018
sslSniffer Sniffer Update Nov 21, 2018
support Removed automatically generated file wolfssl.pc Jun 20, 2017
swig use XFILE, BADFILE, XFxxxx Sep 25, 2018
tests Fixes from review Dec 11, 2018
testsuite Release v3.12.2 (lib 14.0.0). Updated copywright. Oct 22, 2017
tirtos rename the file io.h to wolfio.h Sep 20, 2017
wolfcrypt Merge pull request #1969 from dgarske/atecc508a_fixes Dec 12, 2018
wolfssl Merge pull request #1978 from ejohnstown/dot-release Dec 13, 2018
wrapper update IO callback function names with CSharp wrapper Jun 20, 2018
.cproject RipeMd and Sha224 added to unit test. May 18, 2017
.gitignore Merge branch 'master' of https://github.com/wolfssl/wolfssl into doxy… Nov 28, 2018
.project Include the .project and .cproject files in distribution. Fix issue w… Jul 12, 2016
AUTHORS 1.8.8 init Feb 5, 2011
COPYING update FSF address, wolfSSL copyright Apr 11, 2014
ChangeLog.md prepare for release 3.15.5 Nov 7, 2018
INSTALL add Yocto Project / OpenEmbedded build instructions to INSTALL file Dec 10, 2018
LICENSING Merge branch 'master' of https://github.com/wolfSSL/wolfssl Jul 23, 2015
Makefile.am add CMS SignedData support for detached signatures Nov 16, 2018
README prepare for release 3.15.5 Nov 7, 2018
README.md prepare for release 3.15.5 Nov 7, 2018
SCRIPTS-LIST Added new `async-check.sh` script for setting up the async simulator … May 11, 2018
Vagrantfile updates Linux deps on README May 15, 2016
async-check.sh Speedups for the `git clone` calls in check scripts to use `--depth 1`. Nov 9, 2018
autogen.sh Test Fixes May 16, 2018
commit-tests.sh 1. Add DES3 enable to full commit test. Sep 15, 2016
configure.ac Merge pull request #1978 from ejohnstown/dot-release Dec 13, 2018
fips-check.sh Fix to resolve issue with fips_check.sh after --depth=1 change in PR #… Nov 13, 2018
gencertbuf.pl Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loadi… Sep 10, 2018
input check return value of wolfSSL_set_fd Mar 25, 2016
pre-commit.sh pre-commit to use wolfssl/options Jan 13, 2015
pre-push.sh Merge branch 'master' of https://github.com/wolfSSL/wolfssl Aug 13, 2015
pull_to_vagrant.sh Merge branch csr into 'master' Nov 2, 2015
quit Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_… Aug 24, 2011
resource.h Add a version resource to the wolfSSL library for Visual Studio builds. Sep 28, 2018
stamp-h.in Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_… Aug 24, 2011
valgrind-error.sh add enable-valgrind Dec 5, 2012
wnr-example.conf add example netRandom config file May 5, 2016
wolfssl-ntru.sln xcode projects, merge Chriss latest Jan 8, 2015
wolfssl-ntru.vcproj rename the file io.h to wolfio.h Sep 20, 2017
wolfssl.rc prepare for release 3.15.5 Nov 7, 2018
wolfssl.sln xcode projects, merge Chriss latest Jan 8, 2015
wolfssl.vcproj Fix for building TLS v1.3 code on Windows Dec 20, 2017
wolfssl.vcxproj Exclude the version resource from the static library builds. It trigg… Oct 1, 2018
wolfssl64.sln 1. Set the base address of the 32-bit DLL builds. Aug 25, 2017

README.md

Description

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.

wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #2425). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com

Why Choose wolfSSL?

There are many reasons to choose wolfSSL as your embedded SSL solution. Some of the top reasons include size (typical footprint sizes range from 20-100 kB), support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package. For a complete feature list, see Section 4.1.


Notes - Please read

Note 1

wolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no
longer supports static key cipher suites with PSK, RSA, or ECDH.  This means
if you plan to use TLS cipher suites you must enable DH (DH is on by default),
or enable ECC (ECC is on by default), or you must enable static
key cipher suites with
    WOLFSSL_STATIC_DH
    WOLFSSL_STATIC_RSA
    or
    WOLFSSL_STATIC_PSK

though static key cipher suites are deprecated and will be removed from future
versions of TLS.  They also lower your security by removing PFS.  Since current
NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
used in order to build with NTRU suites.


When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites
are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites.

Note 2


wolfSSL takes a different approach to certificate verification than OpenSSL
does.  The default policy for the client is to verify the server, this means
that if you don't load CAs to verify the server you'll get a connect error,
no signer error to confirm failure (-188).  If you want to mimic OpenSSL
behavior of having SSL_connect succeed even if verifying the server fails and
reducing security you can do this by calling:

wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

before calling wolfSSL_new();  Though it's not recommended.

Note 3

The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
should be used for the enum name.

wolfSSL Release 3.15.5 (11/07/2018)

Release 3.15.5 of wolfSSL embedded TLS has bug fixes and new features including:

  • Fixes for GCC-8 warnings with strings
  • Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL
  • Fixes for OCSP use with NGINX port
  • Renamed the macro INLINE to WC_INLINE for inline functions
  • Doxygen updates and formatting for documentation generation
  • Added support for the STM32L4 with AES/SHA hardware acceleration
  • Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check
  • Added public key callbacks to ConfirmSignature function to expand public key callback support
  • Added ECC and Curve25519 key generation callback support
  • Fix for memory management with wolfSSL_BN_hex2bn function
  • Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free
  • Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/*
  • OCSP stapling in TLS 1.3 additions
  • Port for ASIO added with --enable-asio configure flag
  • Contiki port added with macro WOLFSSL_CONTIKI
  • Memory free optimizations with adding in earlier free’s where possible
  • Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes
  • Certificate validation time generation updated
  • Fixes for MQX classic 4.0 with IAR-EWARM
  • Fix for assembly optimized version of Curve25519
  • Make SOCKET_PEER_CLOSED_E consistent between read and write cases
  • Relocate compatibility layer functions for OpenSSH port update
  • Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX
  • Updates to Nucleus version supported
  • Stack size reduction with smallstack build
  • Updates to Rowley-Crossworks settings for CMSIS 4
  • Added reference STSAFE-A100 public key callbacks for TLS support
  • Added reference ATECC508A/ATECC608A public key callbacks for TLS support
  • Updated support for latest CryptoAuthLib (10/25/2018)
  • Added a wolfSSL static library project for Atollic TrueSTUDIO
  • Flag to disable AES-CBC and have only AEAD cipher suites with TLS
  • AF_ALG and cryptodev-linux crypto support added
  • Update to IO callbacks with use of WOLFSSL_BIO
  • Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state)
  • Added wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting
  • Updates to XCODE build with wolfSSL
  • Fix for guard on when to include sys/time.h header
  • Updates and enhancements to the GCC-ARM example
  • Fix for PKCS8 padding with encryption
  • Updates for wolfcrypt JNI wrapper
  • ALT_ECC_SIZE use with SP math
  • PIC32MZ hardware acceleration buffer alignment fixes
  • Renesas e2studio project files added
  • Renesas RX example project added
  • Fix for DH algorithm when using SP math with ARM assembly
  • Fixes and enhancements for NXP K82 support
  • Benchmark enhancements to print in CSV format and in Japanese
  • Support for PKCS#11 added with --enable-pkcs11
  • Fixes for asynchronous crypto use with TLS 1.3
  • TLS 1.3 only build, allows for disabling TLS 1.2 and earlier protocols
  • Fix for GCC warnings in function wolfSSL_ASN1_TIME_adj
  • Added --enable-asn=nocrypt for certificate only parsing support
  • Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV
  • Added APIs to support GZIP
  • Updates to support Lighttpd
  • Version resource added for Windows DLL builds
  • Increased code coverage with additional testing
  • Added support for constructed OCTET_STRING with PKCS#7 signed data
  • Added DTLS either (server/client) side initialization setting
  • Minor fixes for building with MINGW32 compiler
  • Added support for generic ECC PEM header/footer with PKCS8 parsing
  • Added Japanese output to example server and client with “-1 1” flag
  • Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size
  • Expand PKCS#7 CMS support with KEKRI, PWRI and ORI
  • Streaming capability for PKCS#7 decoding and sign verify added

See INSTALL file for build instructions. More info can be found on-line at http://wolfssl.com/wolfSSL/Docs.html

Resources

wolfSSL Website

wolfSSL Wiki

FIPS FAQ

wolfSSL Manual

wolfSSL API Reference

wolfCrypt API Reference

TLS 1.3