wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3! https://www.wolfssl.com/
toddouska 2435ec2d6b
Merge pull request #2275 from SparkiDev/sha512_arm32
5 days ago
IDE Merge pull request #2237 from julek-wolfssl/proper-arm-chacha-poly1305 5 days ago
IPP Release 3.7.0 3 years ago
certs Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2 months ago
ctaocrypt Updates for v4.0.0 3 months ago
cyassl Fix for ssl23.h include for openssl compat with cyassl. 2 months ago
doc Updated doxygen script 2 months ago
examples use tlsv1_2 client method when tls13 is enabled 1 week ago
lib 1.8.8 init 8 years ago
m4 Configure Update 11 months ago
mcapi Updates for v4.0.0 3 months ago
mplabx Updates for v4.0.0 3 months ago
mqx check return value of wolfSSL_set_fd 3 years ago
rpm Updates for v4.0.0 3 months ago
scripts Configure Fixes 3 months ago
src Merge pull request #2275 from SparkiDev/sha512_arm32 5 days ago
sslSniffer Updates for v4.0.0 3 months ago
support Removed automatically generated file wolfssl.pc 2 years ago
swig Updates for v4.0.0 3 months ago
tests add sanity check on buffer index and regression tests 1 month ago
testsuite Updates for v4.0.0 3 months ago
tirtos rename the file io.h to wolfio.h 1 year ago
wolfcrypt Merge pull request #2275 from SparkiDev/sha512_arm32 5 days ago
wolfssl Merge pull request #2275 from SparkiDev/sha512_arm32 5 days ago
wrapper Updates for v4.0.0 3 months ago
.gitignore Chacha20 ARM optimization 1 week ago
AUTHORS 1.8.8 init 8 years ago
COPYING update FSF address, wolfSSL copyright 5 years ago
ChangeLog.md Release Fixes 2 months ago
INSTALL add Yocto Project / OpenEmbedded build instructions to INSTALL file 6 months ago
LICENSING Name change to LICENSING 3 years ago
LPCExpresso.cproject Chacha20 ARM optimization 1 week ago
LPCExpresso.project Chacha20 ARM optimization 1 week ago
Makefile.am add CMS SignedData support for detached signatures 7 months ago
README Release Fixes 2 months ago
README.md Release Fixes 2 months ago
SCRIPTS-LIST Added new `async-check.sh` script for setting up the async simulator for internal testing. 1 year ago
Vagrantfile updates Linux deps on README 3 years ago
async-check.sh Speedups for the `git clone` calls in check scripts to use `--depth 1`. 7 months ago
autogen.sh Fixes for know wolfSSL build issues in the following cases: 1 month ago
commit-tests.sh 1. Add DES3 enable to full commit test. 2 years ago
configure.ac Adds Blake2s support (--enable-blake2s), which provides 32-bit Blake2 support. 2 weeks ago
fips-check.sh No-FIPS/FIPS Build 3 months ago
gencertbuf.pl Fix generation of certs_test.h 3 months ago
input check return value of wolfSSL_set_fd 3 years ago
pre-commit.sh pre-commit to use wolfssl/options 4 years ago
pre-push.sh remove autogen clone of fips repo; pre-push runs fips-check if fips directory exists 3 years ago
pull_to_vagrant.sh Merge branch csr into 'master' 3 years ago
quit Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout 7 years ago
resource.h Add a version resource to the wolfSSL library for Visual Studio builds. 8 months ago
stamp-h.in Brian Aker commits plus some minor changes like AM_CFLAGS getting AC_SUBST and --enable-xxx #ifdef to new header layout 7 years ago
valgrind-error.sh add enable-valgrind 6 years ago
wnr-example.conf add example netRandom config file 3 years ago
wolfssl-ntru.sln xcode projects, merge Chriss latest 4 years ago
wolfssl-ntru.vcproj rename the file io.h to wolfio.h 1 year ago
wolfssl.rc Updates for v4.0.0 3 months ago
wolfssl.sln xcode projects, merge Chriss latest 4 years ago
wolfssl.vcproj Fix for building TLS v1.3 code on Windows 1 year ago
wolfssl.vcxproj Exclude the version resource from the static library builds. It triggers a linker warning for Win32 builds and it isn't used in the static builds. 8 months ago
wolfssl64.sln 1. Set the base address of the 32-bit DLL builds. 1 year ago

README.md

*** Description ***

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback reports dramatically better performance when using wolfSSL over OpenSSL.

wolfSSL is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #2425). For additional information, visit the wolfCrypt FIPS FAQ (https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com

*** Why choose wolfSSL? ***

There are many reasons to choose wolfSSL as your embedded SSL solution. Some of the top reasons include size (typical footprint sizes range from 20-100 kB), support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)

*** Notes, Please read ***

Note 1) wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer supports static key cipher suites with PSK, RSA, or ECDH. This means if you plan to use TLS cipher suites you must enable DH (DH is on by default), or enable ECC (ECC is on by default), or you must enable static key cipher suites with

WOLFSSL_STATIC_DH
WOLFSSL_STATIC_RSA
  or
WOLFSSL_STATIC_PSK

though static key cipher suites are deprecated and will be removed from future versions of TLS. They also lower your security by removing PFS. Since current NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be used in order to build with NTRU suites.

When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher suites are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not using TLS cipher suites.

Note 2) wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, no signer error to confirm failure (-188).

If you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling:

wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

before calling wolfSSL_new();. Though it's not recommended.

Note 3) The enum values SHA, SHA256, SHA384, SHA512 are no longer available when wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 should be used for the enum name.

*** end Notes ***

********* wolfSSL Release 4.0.0 (03/20/2019)

Release 4.0.0 of wolfSSL embedded TLS has bug fixes and new features including:

  • Support for wolfCrypt FIPS v4.0.0, certificate #3389
  • FIPS Ready Initiative
  • Compatibility fixes for secure renegotiation with Chrome
  • Better size check for TLS record fragment reassembly
  • Improvements to non-blocking and handshake message retry support for DTLS
  • Improvements to OCSP with ECDSA signers
  • Added TLS server side secure renegotiation
  • Added TLS Trusted CA extension
  • Add support for the Deos Safety Critical RTOS
  • OCSP fixes for memory management and initializations
  • Fixes for EVP Cipher decryption padding checks
  • Removal of null terminators on wolfSSL_X509_print substrings
  • wolfSSL_sk_ASN1_OBJCET_pop function renamed to wolfSSL_sk_ASN1_OBJECT_pop
  • Adjustment to include path in compatibility layer for evp.h and objects.h
  • Fixes for decoding BER encoded PKCS7 contents
  • TLS handshake now supports using PKCS #11 for private keys
  • PKCS #11 support of HMAC, AES-CBC and random seeding/generation
  • Support for named FFDHE parameters in TLS 1.2 (RFC 7919)
  • Port to Zephyr Project
  • Move the TLS PRF to wolfCrypt.
  • Update to CMS KARI support
  • Added ESP32 WROOM support
  • Fixes and additions to the OpenSSL compatibility layer
  • Added WICED Studio Support
  • MDK CMSIS RTOS v2
  • Xcode project file update
  • Fixes for ATECC508A/ATECC608A
  • Fixes issue with CA path length for self signed root CA's
  • Fixes for Single Precision (SP) ASM when building sources directly
  • Fixes for STM32 AES GCM
  • Fixes for ECC sign with hardware to ensure the input is truncated
  • Fixes for proper detection of PKCS7 buffer overflow case
  • Fixes to handle degenerate PKCS 7 with BER encoding
  • Fixes for TLS v1.3 handling of 6144 and 8192 bit keys
  • Fixes for possible build issues with SafeRTOS
  • Added ECC_PUBLICKEY_TYPE to the support PEM header types
  • Added strict checking of the ECDSA signature DER encoding length
  • Added ECDSA option to limit sig/algos in client_hello to key size with USE_ECDSA_KEYSZ_HASH_ALGO
  • Added Cortex-M support for Single Precision (SP) math
  • Added wolfCrypt RSA non-blocking time support
  • Added 16-bit compiler support using --enable-16bit option
  • Improved Arduino sketch example
  • Improved crypto callback features
  • Improved TLS benchmark tool
  • Added new wrapper for snprintf for use with certain Visual Studio builds, thanks to David Parnell (Cambridge Consultants)

This release of wolfSSL includes a fix for 1 security vulnerability.

  • Fixed a bug in tls_bench.c example test application unrelated to the crypto or TLS portions of the library. (CVE-2019-6439)

*** Resources ***

wolfSSL Website

wolfSSL Wiki

FIPS FAQ

wolfSSL Manual

wolfSSL API Reference

wolfCrypt API Reference

TLS 1.3