diff options
| author | lundinc <lundinc@1d2547de-c912-0410-9cb9-b8ca96c0e9e2> | 2020-08-12 19:11:51 +0000 |
|---|---|---|
| committer | lundinc <lundinc@1d2547de-c912-0410-9cb9-b8ca96c0e9e2> | 2020-08-12 19:11:51 +0000 |
| commit | 42255af1e27a3157d541f0812eaca447c569ca49 (patch) | |
| tree | 5c8702c2f0dc1cb9be1a4d5ff285897d96b97dd2 /FreeRTOS-Plus/Source/WolfSSL/README.md | |
| parent | f5221dff43de249079c2da081723cb7a456f981f (diff) | |
| download | freertos-master.tar.gz | |
Author: Ming Yue <mingyue86010@gmail.com>
Date: Tue Aug 11 17:06:59 2020 -0700
Remove unused wolfSSL files. (#197)
* Remove unused wolfSSL files.
* Add back some removed ciphers.
* Update VS project file.
commit 0e0edd96e8236b2ea4a6e6018812807be828c77f
Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Date: Tue Aug 11 10:50:30 2020 -0700
Use new QEMU test project to improve stream/message buffer tests (#168)
* Add Eclipse/GCC project that targets the LM3S8962 QEMU model.
* Get the Cortex-M QEMU project working.
* Continue working on making stream buffer demo more robust and QEMU project.
* Rename directory CORTEX_LM3S8986_QEMU to CORTEX_LM3S6965_QEMU.
Work on making the Stream Buffer tests more robust.
Check in before adding in the trace recorder.
* Rename CORTEX_LM3S6969_QEMU to CORTEX_LM3S6969_GCC_QEMU.
* Make the StreamBufferDemo.c common demo file (test file) more robust to other test tasks running at an equally high priority.
* Work in progress checkin only - comments in main.c are incorrect.
* Correct comments at the top of FreeRTOS/Demo/CORTEX_LM3S6965_GCC_QEMU/main.c
Make the message buffer tests more robust in the case the a message buffer becomes full when prvSenderTask() has a higher priority than the reader task.
* Disable trace recorder in the LM3S6965 QEMU demo.
* I'm dropping FreeRTOS-Kernel reference update, since this seems to break the CMBC CI.
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 157a7fc39f19583ac8481e93fa3e1c91b1e1860c
Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Date: Sun Aug 9 22:21:44 2020 -0700
Use chacheable RAM in IAR project for MPU_M7_NUCLEO_H743ZI2 project (#193)
This change updates the IAR project for Nucleo H743ZI2 to use the
cacheable DTC RAM and enables L1 cache. In order to ensure the correct
functioning of cache, the project sets configTEX_S_C_B_SRAM in
FreeRTOSConfig.h to not mark the RAM as shareable.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
commit f3e43556f90f01b82918ad533b0c616489331919
Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Date: Sun Aug 9 16:23:53 2020 -0700
Add MPU demo projects for NUCLEO-H743ZI2 board (#155)
* Add MPU demo projects for NUCLEO-H743ZI2 board
It contains projects for Keil uVision, STM32CubeIDE and IAR EW. This
demo shows the use of newly added support for 16 MPU regions.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Delete not needed CMSIS files
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
commit 94aa31c3cbae7c929b8a412768b74631f4a6b461
Author: TakayukiMatsuo <62984531+TakayukiMatsuo@users.noreply.github.com>
Date: Sat Aug 8 07:58:14 2020 +0900
Update wolfSSL to the latest version(v.4.4.0) (#186)
* deleted old version wolfSSL before updating
* updated wolfSSL to the latest version(v4.4.0)
* updated wolfSSL to the latest version(v4.4.0)
* added macros for timing resistance
Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Co-authored-by: Ming Yue <mingyue86010@gmail.com>
commit 68518f5866aac58793c737d9a46dd07a6a816aaf
Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Date: Fri Aug 7 14:59:24 2020 -0700
Removed a 16MByte flash image file that was checked in by mistake (several years ago). (#173)
Remove the copies of lwIP that are no longer reference from demo projects.
Co-authored-by: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
commit d4bf09480a2c77b1a25cce35b32293be61ab586f
Author: m17336 <45935231+m17336@users.noreply.github.com>
Date: Thu Aug 6 22:37:08 2020 +0300
Update previous AVR ATmega0 and AVR Dx projecs + addition of equivalent projects in MPLAB.X and IAR (#180)
* Updated indentation in AVR_ATMega4809_Atmel_Studio and AVR_Dx_Atmel_Studio projects, plus small fixes in their readme files.
* Added AVR_ATMega4809_IAR, AVR_ATMega4809_MPLAB.X, AVR_Dx_IAR and AVR_Dx_MPLAB.X demo projects.
* Removed build artefacts and added .gitignore files in AVR_ATMega4809_MPLAB.X and AVR_Dx_MPLAB.X projects.
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit f32a0647c8228ddd066f5d69a85b2e49086e4c95
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Mon Aug 3 16:45:10 2020 -0700
Remove CBMC patch which is not used anymore (#187)
* Delete 0002-Change-FreeRTOS_IP_Private.h-union-to-struct.patch
* Delete 0002-Change-FreeRTOS_IP_Private.h-union-to-struct.patch
commit 08af68ef9049279b265c3d00e9c48fb9594129a8
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Sat Aug 1 16:38:23 2020 -0700
Remove dependency of CBMC on Patches (#181)
* Changes to DHCP
* CBMC DNS changes
* Changes for TCP_IP
* Changes to TCP_WIN
* Define away static to nothing
* Remove patches
* Changes after Mark's comments v1
* Update MakefileCommon.json
* Correction!
commit a7fec906a415363338449447daf10d7517b78848
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 17:39:36 2020 -0700
Misc changes (#183)
commit 07cf5e07e4a05d6775a2f9e753269f43f82cf6ba
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 16:15:38 2020 -0700
MISRA compliance changes for FreeRTOS+TCP headers (#165)
* misra changes
* Update FreeRTOS_IP_Private.h
* Update FreeRTOS_IP_Private.h
commit e903ac0fed7ce59916899e404f3e5ae5b08d1478
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 16:03:14 2020 -0700
UPD MISRA changes (#164)
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 97551bf44e7dc7dc1e4484a8fd30f699255e8569
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 15:52:00 2020 -0700
MISRA changes in FreeRTOS_TCP_WIN.c (#162)
commit f2611cc5e5999c4c87e040a8c2d2e6b5e77a16a6
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 15:38:37 2020 -0700
MISRA compliance changes in FreeRTOS_Sockets{.c/.h} (#161)
* MISRA changes Sockets
* add other changes
* Update FreeRTOSIPConfig.h
* Update FreeRTOSIPConfig.h
* Update FreeRTOSIPConfig.h
* Update FreeRTOSIPConfig.h
* correction
* Add 'U'
* Update FreeRTOS_Sockets.h
* Update FreeRTOS_Sockets.h
* Update FreeRTOS_Sockets.c
* Update FreeRTOS_Sockets.h
* Update after Gary's comments
* Correction reverted
commit ae4d4d38d9b2685bae159b4c87619cdb157c0bf7
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 29 13:56:57 2020 -0700
MISRA compliance changes for FreeRTOS_TCP_IP.c (#160)
* MISRA tcp-ip changes
* Changes after Hein's comments on original PR
* Update FreeRTOS_TCP_IP.c
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit a457f43c66eb0f4be9d8f8678c0e3fb8d7ebd57b
Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
Date: Tue Jul 28 13:01:38 2020 -0700
Add missing error state assignment. (#166)
commit 915af50524e15a78ceb6c62b3d33f6562621ee46
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Mon Jul 27 17:30:53 2020 -0700
Add Atmel Studio projects for ATMega4809 and AVR128DA48 (#159)
* Added explicit cast to allow roll over and avoid integer promotion during cycles counters comparison in recmutex.c.
* Fixed type mismatch between declaration and definition of function xAreSemaphoreTasksStillRunning( void ).
* Added Atmel Studio demo projects for ATMega4809 and AVR128DA48.
* Per https://www.freertos.org/upgrading-to-FreeRTOS-V8.html, I'm updating portBASE_TYPE to BaseType_t.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
* Update register test for ATmega4809
- to cover r28, r29, r31.
- call public API taskYIELD() instead of portYIELD().
* Update ATmega4809 readme.md to include info for serial port setup, and minor wording fix.
Co-authored-by: Alexandru Niculae - M17336 <alexandru.niculae@microchip.com>
commit 4a7a48790d64127f85cc763721b575c51c452833
Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
Date: Thu Jul 23 10:22:33 2020 -0700
Add Uncrustify file used for Kernel. (#163)
commit e0d62163b08769fd74f020709c398f994088ca96
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 22 18:06:23 2020 -0700
Sync with +TCP amazon-FreeRTOS (#158)
* DNS.c commit
* IP.c commit
* Add various source & header files
commit 8e36bee30eef2107e128edb58e83ee46e8241a91
Author: Nathan Chong <52972368+nchong-at-aws@users.noreply.github.com>
Date: Tue Jul 21 12:51:20 2020 -0400
Prove buffer lemmas (#124)
* Prove buffer lemmas
* Update queue proofs to latest kernel source
All changes were syntactic due to uncrustify code-formatting
* Strengthen prvCopyDataToQueue proof
* Add extract script for diff comparison
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit c720c18ada40b502436ea811e8d03dca919726d8
Author: Hein Tibosch <hein_tibosch@yahoo.es>
Date: Tue Jul 14 05:35:44 2020 +0800
FreeRTOS+TCP Adding the combined driver for SAM4E and SAME70 v2 (#78)
* Adding a combined +TCP driver for SAM4E and SAME70
* Changes after review from Aniruddha
Co-authored-by: Hein Tibosch <hein@htibosch.net>
Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
commit 4237049b12d9bb6b03694fecf6ea26a353e637c8
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Mon Jul 13 12:07:56 2020 -0700
Add changes from 2225-2227 amazon-FreeRTOS (#134)
commit 7caa32863458c4470d3c620945c30824199f524c
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Jul 10 23:32:30 2020 -0700
Add Full TCP test suite - not using secure sockets (#131)
* Add Full-TCP suite
* delete unnecessary files
* Change after Joshua's comments
commit d7667a0034841f2968f9f9f805030cc608bfbce1
Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Date: Fri Jul 3 15:45:44 2020 -0700
Remove unnecessary semicolon from the linker file (#121)
This was creating problem with the onboard LPCLink debug probe.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
commit 529c481c39506d0b331bfd0cdea35e5d1aeaaad0
Author: Nathan Chong <52972368+nchong-at-aws@users.noreply.github.com>
Date: Thu Jul 2 15:55:20 2020 -0400
Add VeriFast kernel queue proofs (#117)
commit d5fedeaa96b5b1d3c0f6b9b52a8064ab72ff2821
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jul 1 13:56:27 2020 -0700
Add checks in FreeRTOS_Socket.c (#104)
* Add fail-safes to FreeRTOS_Socket.c
* Use all 'pd' errors
* Correction after Hein's comments
* Correction after Hein's comments v2
* Changes after Hein's comments
* Update after Gary's comments
commit a9b2aac4e9fda2a259380156df9cc0af51384d2d
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Jun 26 12:09:36 2020 -0700
Folder structure change + Fix broken Projects (#103)
* Update folder structure
* Correct project files
* Move test folder
* Some changes after Yuki's comments
commit 98bfc38bf3404414878dc68ea41753bea4e24c8e
Author: Hein Tibosch <hein_tibosch@yahoo.es>
Date: Thu Jun 25 13:01:45 2020 +0800
FreeRTOS+TCP : add memory statistics and dump packets, v3 (#83)
* FreeRTOS+TCP : add memory statistics and dump packets, v3
* Two changes as requested by Aniruddha
Co-authored-by: Hein Tibosch <hein@htibosch.net>
Co-authored-by: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
commit 072a173c9df31c75ff64bde440f3f316cedb9033
Author: S.Burch <8697966+wholl0p@users.noreply.github.com>
Date: Mon Jun 22 23:39:26 2020 +0200
Fixed Imports for Infineon XMC1100 Board (#88)
Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
commit 2df5eeef5763045c4c74ff0e2a4091b7d19bea89
Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Date: Mon Jun 8 14:22:46 2020 -0700
Feature/multiple direct to task notifications (#73)
* Add TaskNotifyArray.c with the single task tests updated to use the task notification array up to the point where the timer is created.
* Continue working on TaskNotifyArray.c to test the new task notification indexes. Next TaskNotifyArray.c will be refactored to break the tests up a bit.
* Refactor and update the comments in TaskNotifyArray.c - no functional changes.
* Change from the task notify "array" to task notification "indexed" nomenclature in the new task notification API functions that work on one particular task notification with the array of task notifications.
* Update the implementation of the taskNOTIFY_TAKE() and taskNOTIFY_WAIT() trace macros to take the array index of the task notification they are acting on.
Rename configNUMBER_OF_TASK_NOTIFICATIONS to configTASK_NOTIFICATION_ARRAY_ENTRIES.
Add FreeRTOS/Demo/Common/Minimal/TaskNotifyArray.c to the Visual Studio project - the file implements tests specific to the behaviour of the indexed task notification functions and should be used in addition to the tests already provided in FreeRTOS/Demo/Common/Minimal/TaskNotify.c.
commit b9e4ecfaf7286d8493d4a96a93fbb325534ad97b
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Jun 5 11:10:58 2020 -0700
Remove Empty and Un-referenced folder from Demo (#86)
commit f11bcc8acc57a23fb03603762e758c25b9d0efb7
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Jun 3 16:52:31 2020 -0700
Fix a Bug and corresponding CBMC patch (#84)
* Update remove-static-in-freertos-tcp-ip.patch
* Update FreeRTOS_TCP_IP.c
* Update remove-static-in-freertos-tcp-ip.patch
* Update remove-static-in-freertos-tcp-ip.patch
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit bb9f92f771e5f6ea2b9b09c7e89130a75e562eb7
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Wed Jun 3 10:46:55 2020 -0700
Submodule FreeRTOS/Source 10bbbcf0b..6199b72fb (#82)
commit 6efc39f44be5b269168836e95aebbdb8ae77dce3
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Tue Jun 2 15:09:25 2020 -0700
Add Project for running integration tests v2 (#80)
* Project for integration tests
* relative paths in project files
* relative paths in project files-1
* relative paths in project files-2
* addressed comments
* addressed comments v2
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 0eb5909fb02bac9dc074ff1bc2fe338d77f73764
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Thu May 28 17:05:24 2020 -0700
readme.md for ATmega328PB Xplained Mini. (#76)
readme.md to get users jump started.
commit cb7edd2323a77f3dbea144c1f48f95582becc99e
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Thu May 28 10:11:58 2020 -0700
Sync with a:FR (#75)
* AFR sync
* AFR sync: CBMC
* AFR sync: CBMC: remove .bak files
* AFR sync: CBMC: more cleanup
* Corrected CBMC proofs
* Corrected CBMC patches
* Corrected CBMC patches-1
* Corrected CBMC patches-2
* remove .bak files (3)
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 6557291e5407ca7ec6beca53fced1aaa620c5c02
Author: alfred gedeon <alfred2g@hotmail.com>
Date: Wed May 27 14:44:33 2020 -0700
Test: Add Linux Networking support with demo application (#71)
* Test: Add Linux Networking support with demo application
* Test: revert files affected by uncrustify
* Test: revert files affected by uncrustify
Co-authored-by: Alfred Gedeon <gedeonag@amazon.com>
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 8b079bc394e7b205d72210ce9e052404d782938f
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Wed May 27 10:44:03 2020 -0700
ATmega328PB Xplained Mini -- demo project for ATmega port. (#70)
* Bootstrap a demo from START. No driver is added in this commit.
* Add FreeRTOS source code to project. Remove unnecessary folder nesting.
Heap_4 is used here.
* Copy over main.c, FreeRTOSConfig.h, and regtest.{c, h}.
This commit compiles, but will need some work on timer used.
* This port has 2KB RAM. We are using 1KB for heap.
Further decreasing minimum stack size, and also use stack overflow check 1 to save some stack space.
* Preserve EEPROM set to false.
* End of the line.
* Reduce register test stack size.
32 8-bit register + 10 bytes for stack frame cost. Round up to 50.
* Adding Queue test in Integer test.
- g3 to easy debugging.
- mainCHECK_PERIOD is set to 1000 ticks. Note that this port for now use WDT as tick timer, and period is set to 15ms.
- vErrorChecks, is of highest priority. So if this task gets run before other tasks, the very first check will fail.
* Avoid false alarm.
Since we don't know in which order the tasks are scheduled, clearing any error for the first entry of vErrorChecks.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
* ParTest.c to init, set, toggle onboard user LED at PB5.
* Added a task to blink onboard user LED.
Need a magic number for stack size.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
* Explicitly setting timing slicing to 0.
This is to avoid unecessary context switch when multiple tasks are of the same priority.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
* Add taskYIELD() at the end of the loop in each register test task.
This is to give other tasks of the same priority a chance to run, regardless of scheduling algorithm.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
* minor, update comment in main.c.
commit 95a3a02f95749fb7a600723076e291f9dee7426c
Author: Aniruddha Kanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri May 22 16:26:59 2020 -0700
FreeRTOS-Plus: Unit testing Infrastructure and examples (#72)
* Added CMock as submodule
* Makefile added
* Removed TEMP from Makefile
* Added configuration files and header files
* Update Makefile
* Test runner working
* make clean
* Example added with README
* Update README.md
* Restored +TCP files
* Cleared +TCP changes
* removed comments from Makefile
* Update README.md
* Update README.md
* Update README.md
* Updated Test/Unit-test/readme.md
commit 5003d17feda25490e655c0f1c15d2b13e395c9f7
Author: Hein Tibosch <hein_tibosch@yahoo.es>
Date: Wed May 6 14:16:56 2020 -0400
FreeRTOS+TCP : renewing DHCP lease while network is down (#53)
Co-authored-by: Hein Tibosch <hein@htibosch.net>
Co-authored-by: Gary Wicker <14828980+gkwicker@users.noreply.github.com>
commit d95624c5d6ba95ec0474867d7165de2c28ed41b7
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Tue May 5 09:57:18 2020 -0700
Move CBMC proofs to FreeRTOS+ directory (#64)
* move CBMC proofs to FreeRTOS+ directory
* Failing proofs corrected
* ParseDNSReply proof added back
* removed queue_init.h from -Plus/Test
Co-authored-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 95ae7c65758a9473ea16ab08182f056f72331de2
Author: markrtuttle <tuttle@acm.org>
Date: Wed Apr 29 04:27:45 2020 +0000
Change cbmc-viewer invocation in CBMC makefile (#63)
* Exclude FreeRTOS/Demo from CBMC proof reports.
The script cbmc-viewer generates the CBMC proof reports. The script
searches source files for symbol definitions and annotates source
files with coverage information. This patch causes cbmc-viewer to
ignore the directory FreeRTOS/Demo containing 348M of data. The
script now terminates in a few seconds.
* Make report default target for CBMC Makefile.
Modify the Makefile for CBMC proofs to generate the report by default
(and not just property checking) and modify property checking to
ignore failures (due to property assertions failing) and terminating
report generation.
Co-authored-by: Mark R. Tuttle <mrtuttle@amazon.com>
commit d421ccc89f6f6473dfdd566a00567b0e1fd4cfc3
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Sat Apr 25 16:57:35 2020 -0700
Reword readme.md under ./Test. (#61)
commit 38412865985235b90dbd9da9708b68c4de5918f5
Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
Date: Sat Apr 25 16:56:54 2020 -0700
Removed a:FR reference. (#60)
commit 4db195c916c7b13c82ab3a34a499fe606f266810
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Tue Apr 21 15:40:08 2020 -0700
Adding FreeRTOS+TCP CBMC proofs to FreeRTOS/FreeRTOS (#56)
ParseDNSReply is to be added in the next PR.
commit 40a31b6d35a866a3a6c551d95bf08dae855da5bd
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Mon Apr 13 13:58:33 2020 -0700
'uL' -> 'UL'
commit 5b3a289b69fc92089aa8bd4d1b44ab816f326f73
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Mon Apr 13 13:50:53 2020 -0700
Changes after Gary's comments
commit edf68637dd22470a8d4f59fecc15b51379bcfeda
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Apr 10 16:26:03 2020 -0700
Update FreeRTOS_ARP.c
commit 35f3ac32a8899dd714a8a48952a4224fbcebc4aa
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Apr 10 15:56:18 2020 -0700
correct debug output
commit 5e12a70db4b6a8e68a434489683306f040252efa
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Apr 10 15:44:45 2020 -0700
Debugging flag check added
commit 4e8ac8de25ac4088b9c789b88a77cd39df4d9167
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Thu Apr 9 16:57:19 2020 -0700
Comment style consistency and Yuhui's suggestions
commit e43f7cd086096ad60491fedba69927a1e1a82f20
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Thu Apr 9 16:47:41 2020 -0700
Cleanup
commit ab3b51c7a0d880a6bf453ec63ae604e15050f310
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Thu Apr 9 16:33:03 2020 -0700
Update after Gary's comments
commit 97f7009699ffb972c0745dfdb526d1fa4e0faf84
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 8 14:30:15 2020 -0700
Update after richard's comments
commit a9fcafc074cec559dd67961ef44273df6180c2db
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 8 14:07:39 2020 -0700
Corrected the formatting
- visual studio had messed up the formatting
commit c381861014a8043ce30723fc5a8cf5107719c8df
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 8 13:01:12 2020 -0700
commit 2 after gary's comments
commit 75677a8d85fa802cca9058d6e23796d5043a0982
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 8 12:51:10 2020 -0700
Commit after Gary's comments
commit 666c0da366030109db2c0c5e7253cebb2f899db7
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 8 10:56:01 2020 -0700
Update after Yuhui's comments
- removed (void) from before memcpy, memset etc.
- corrected memcpy style as suggested by Yuhui
- Added logging for xNetworkInterfaceOutput. No need to configASSERT
commit 4a1148d15b6b8169d2412f8179f734683b179795
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Apr 1 16:05:36 2020 -0700
Coverity + MISRA compliance
Modified code to conform to the MISRA directives more closely.
commit fa74f7dccf6b1a356993c6a894f8e1173b8c8157
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Thu Apr 2 20:26:10 2020 -0700
Removing writes to read-only PLIC interrupt pending registers.
Signed-off-by: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
commit 5b9777e11e16609648fb98d2f9a47553ab238950
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 31 10:45:23 2020 -0700
A readme file to introduce what ./Test directory is about.
commit 211bb4cbd9ae6dfa95e8d8501f37d272bde5ab26
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 24 15:14:24 2020 -0700
Ignore whitespace when working with patches.
commit 8156f64d1c45dd59ef12279f19a99f03e79e1f8a
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Feb 25 18:04:23 2020 -0800
Copying CBMC proofs from aws/amazon-freertos repo ./tools/cbmc to this repo ./FreeRTOS/Test/CBMC as is.
The commit ID in aws/amazon-freertos is 0c8e0217f2a43bdeb364b58ae01c6c259e03ef1b.
commit 9f316c246baafa15c542a5aea81a94f26e3d6507
Author: David Vrabel <david.vrabel@cambridgeconsultants.com>
Date: Mon Mar 16 11:21:46 2020 +0000
Demo/Posix_GCC: add demo application for Posix port using GCC
This is largely a copy of the Windows demo application with a few key
changes:
- heap_3 (use malloc()/free()) so tools like valgrind "just work".
- printf() wrapped in a mutex to prevent deadlocks on the internal
pthread mutexes inside printf().
SCons (https://scons.org/) is used as the build system.
This will be built as a 64-bit application, but note that the memory
allocation trace points only record the lower 32-bits of the address.
commit f78f919b3e2f0d707531a301a8ca07cd02bc4778
Author: Markus Rinne <markus.ka.rinne@gmail.com>
Date: Thu Mar 19 21:00:24 2020 +0200
Fix function comments
commit 1cd2d38d960a3576addb224582c88489bade5141
Author: David Chalco <david@chalco.io>
Date: Fri Mar 20 10:29:05 2020 -0700
unix separators for path and remove .exe suffix from risc compiler (works on windows/mac)
commit 938b19419eded12817737ab0644e94ed2ba7e95d
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Thu Mar 19 18:23:09 2020 -0700
Removing ./FreeRTOS-Labs directory, since:
- IoT libraries are now in LTS branch.
- FAT/POSIX/Light-weight MQTT are in https://github.com/FreeRTOS/FreeRTOS-Labs.
commit 1a4abbc9e91b13fd6394464ade59d5e048320c7c
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 17 19:30:02 2020 -0700
Maintenance -- clean up readme.txt and add url to GitHub. (#38)
* Removing readme.txt, as now we have README.md in place.
The only information missing from README.md is about FAQ.
* Adding FAQ information in README.md.
* Adding a .url to root to redict user to FreeRTOS github home page.
commit 47bb466aa19395b7785bcb830e2e4dd35f6bafc5
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 17 13:07:44 2020 -0700
Update issue templates
Template maintenance.
- adding title prefix.
- adding examples to "additional context" section.
commit f506290041f56867765f8efa70ed2862125bdb7c
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 17 10:15:07 2020 -0700
Create SECURITY.md
Apply the recommended SECURITY.md from AWS to our repo.
commit 8982a2f80a80a2a0a47cf82de07b52101bd9d606
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Fri Mar 13 12:50:10 2020 -0700
Add ./lib directory to make sure Zynq project compiles.
commit ecf0f12aa14ad6fdafe1ef37257cbb4e03e2abd5
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Wed Mar 11 10:19:48 2020 -0700
Sync up with Amazon-freertos repo (10th March 2020) (#34)
* Sync up with amazon-freertos
* Sync up with amazon-freertos
* Sync up with amazon-freertos
commit 0acffef047973e2e61c2201fd69cd9bbd317f674
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Mar 10 10:20:48 2020 -0700
GitHub PR template. (#29)
commit c40a6da2e4cb8042b56d1b174051cbbe9813781a
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Mon Mar 9 11:18:48 2020 -0700
pass payload length when calling UDP callback (#30)
* pass payload length when calling UDP callback
commit 12d580e93d4d9074b9a867632f0681a511b4ad12
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Fri Mar 6 18:16:51 2020 -0800
Update issue templates
Initial issue template. Created following https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser.
If change is needed, we could go another round.
commit 9debffb5e0e42ff716f58b2270b3af09652294af
Author: Yuhui Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Fri Mar 6 17:27:46 2020 -0800
Update README.md to remove dead link.
See the conversation https://github.com/FreeRTOS/FreeRTOS/commit/42c627b2b88cb3b487fea983d8b566a8bbae54fa#comments .
Linkage for both ```./FreeRTOS/Source``` and ```./FreeRTOS/Demo``` are removed, since it looks weird to only provide linkage to Demo.
commit 7e1a4bf563240501fc45167aee9d929c533939dd
Author: AniruddhaKanhere <60444055+AniruddhaKanhere@users.noreply.github.com>
Date: Fri Mar 6 15:18:09 2020 -0800
Fix DHCP option Client-identifier (#28)
commit 42c627b2b88cb3b487fea983d8b566a8bbae54fa
Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Fri Mar 6 09:15:11 2020 -0800
Update readme and revert relative URL. (#27)
* Reordering: bumping cloning instruction up.
* Rewording readme.md to be clear kernel code is a submodule of this repository.
* Reverting relative URL, since user cannot click through on GitHub page.
(With URL, user could still download the correct version of the code. Reverting simply due to UI issue.)
commit 5751ae9b60e248ebd0b4dd7c58df54364d2bb9d5
Author: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Date: Fri Mar 6 09:11:42 2020 -0800
Update CORTEX_MPU_M33F_NXP_LPC55S69_MCUXpresso project (#26)
This commit updates the project for LPC55S69 so that it works with the
latest version of MCUXpresso and SDK.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
commit a9ffffe1f01f45f79e127c15727784984077932f
Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
Date: Thu Mar 5 17:16:13 2020 -0800
Using Relative URL For Submoduling. (#24)
commit 52c82076b38fe73d1dc46c97abf74ae9b803696c
Author: Carl Lundin <53273776+lundinc2@users.noreply.github.com>
Date: Thu Mar 5 09:16:31 2020 -0800
use relative path to point to bundled toolchain instead (#25)
commit b877e4ec478de2c24d07ab46241070d7c66f375c
Author: lundinc2 <53273776+lundinc2@users.noreply.github.com>
Date: Tue Feb 25 13:18:38 2020 -0800
Moved vulnerability reporting and code of conduct to top of CONTRIBUTING.md (#20)
commit bef165d46799fb8faa58aaa224f80c16b6538e69
Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Feb 18 22:06:38 2020 -0800
Linking test source file from relative path. (#19)
commit 89e7bbe292afd3912d1f0b2402cc506878bad869
Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Tue Feb 18 17:47:55 2020 -0800
A preliminary .gitignore file, to prevent us checking in files unnecessary. (#18)
https://github.com/github/gitignore.
commit c2a98127acb48c4562233230e66ca5c282688579
Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Date: Sun Feb 16 13:19:53 2020 -0800
Minor wording changes in the 'previous releases' section of the readme.me file. (#17)
commit 24c772d1439e5c291c0a29fce0a46996ca8afaa9
Author: Yuhui.Zheng <10982575+yuhui-zheng@users.noreply.github.com>
Date: Fri Feb 14 12:47:01 2020 -0800
Submodule kernel directory. (#16)
* Removing FreeRTOS/Source in readiness for submoduling.
* Submoduling kernel.
* README.md update due to submoduling.
When releasing, please follow these steps:
1. in local directory, clean directory and check "git status" shows "nothing to commit, working tree clean" for ALL subdirectories.
2. copy source code and instructions only to an empty folder. Git related should not be in this folder -- this covers .git, .gitignore, .github, .gitmodules, gitmessages, ......
3. zip the folder from step 2. (create both .zip and .7z)
4. attach .zip and .7z to the release. (e.g. attach these two in new release -- https://github.com/FreeRTOS/FreeRTOS/releases/new)
5. PLEASE download both, unzip, diff with your local git repo. (should not see any difference other than git related.) And, sanity check a couple of projects.
commit c3f8b91652392dc55e0d7067b90a40de5f5f0837
Author: Rashed Talukder <9218468+rashedtalukder@users.noreply.github.com>
Date: Thu Feb 13 17:47:14 2020 -0800
Update readme. Fixed typos and cli commands (#14)
commit 4723b825f2989213c1cdb2ebf4d6793e0292e363
Author: Julian Poidevin <julian-poidevin@users.noreply.github.com>
Date: Fri Feb 14 02:43:36 2020 +0100
Fixed wrong git clone SSH command (#13)
Replaced bad https URL with proper SSH URL
commit fc819b821715c42602819e58499846147a6394f5
Author: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Date: Thu Feb 13 17:42:22 2020 -0800
Correct the xTimerCreate() documentation which said NULL was returned if the timer period was passed into the function as 0, whereas that is not the case. (#15)
Add a note to the documentation for both the xTimerCreate() and xTimerCreateStatic() functions that the timer period must be greater than 0.
commit 1c711ab530b5f0dbd811d7d62e0a3763706ffff4
Author: Rashed Talukder <9218468+rashedtalukder@users.noreply.github.com>
Date: Wed Feb 12 23:00:18 2020 -0800
Updated contributions guidelines (#12)
commit 84fcc0d5317d96c6b086034093c8c1c83e050819
Author: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Date: Wed Feb 12 15:05:06 2020 -0800
Updates to Markdown files and readme.txt (#11)
git-svn-id: http://svn.code.sf.net/p/freertos/code/trunk@2826 1d2547de-c912-0410-9cb9-b8ca96c0e9e2
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/README.md')
| -rw-r--r-- | FreeRTOS-Plus/Source/WolfSSL/README.md | 1382 |
1 files changed, 205 insertions, 1177 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/README.md b/FreeRTOS-Plus/Source/WolfSSL/README.md index a490ac2ff..db1b54488 100644 --- a/FreeRTOS-Plus/Source/WolfSSL/README.md +++ b/FreeRTOS-Plus/Source/WolfSSL/README.md @@ -1,1194 +1,222 @@ -# Notes - Please read - -## Note 1 -``` -wolfSSL now needs all examples and tests to be run from the wolfSSL home -directory. This is because it finds certs and keys from ./certs/. Trying to -maintain the ability to run each program from its own directory, the testsuite -directory, the main directory (for make check/test), and for the various -different project layouts (with or without config) was becoming harder and -harder. Now to run testsuite just do: - -./testsuite/testsuite - -or - -make check (when using autoconf) - -On *nix or Windows the examples and testsuite will check to see if the current -directory is the source directory and if so, attempt to change to the wolfSSL -home directory. This should work in most setup cases, if not, just follow the -beginning of the note and specify the full path. -``` - -## Note 2 -``` +*** Description *** + +The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS +library written in ANSI C and targeted for embedded, RTOS, and +resource-constrained environments - primarily because of its small size, speed, +and feature set. It is commonly used in standard operating environments as well +because of its royalty-free pricing and excellent cross platform support. +wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2 +levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers +such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback +reports dramatically better performance when using wolfSSL over OpenSSL. + +wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt +cryptography library have been FIPS 140-2 validated (Certificate #2425 and +certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ +(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com + +*** Why choose wolfSSL? *** + +There are many reasons to choose wolfSSL as your embedded SSL solution. Some of +the top reasons include size (typical footprint sizes range from 20-100 kB), +support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, +DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including +stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API +to ease porting into existing applications which have previously used the +OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL +manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/) + +*** Notes, Please read *** + +Note 1) +wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer +supports static key cipher suites with PSK, RSA, or ECDH. This means if you +plan to use TLS cipher suites you must enable DH (DH is on by default), or +enable ECC (ECC is on by default), or you must enable static key cipher suites +with + + WOLFSSL_STATIC_DH + WOLFSSL_STATIC_RSA + or + WOLFSSL_STATIC_PSK + +though static key cipher suites are deprecated and will be removed from future +versions of TLS. They also lower your security by removing PFS. Since current +NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be +used in order to build with NTRU suites. + +When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher +suites are available. You can remove this error by defining +WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not +using TLS cipher suites. + +Note 2) wolfSSL takes a different approach to certificate verification than OpenSSL -does. The default policy for the client is to verify the server, this means +does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, -no signer error to confirm failure (-188). If you want to mimic OpenSSL -behavior of having SSL_connect succeed even if verifying the server fails and -reducing security you can do this by calling: - -wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling wolfSSL_new(); Though it's not recommended. -``` - -- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error - add -fdebug-types-section to C_EXTRA_FLAGS - -#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015) - -##Release 3.4.8 of wolfSSL has bug fixes and new features including: - -- FIPS version submitted for iOS. -- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS. -- Improvements to usage of time code. -- Improvements to VS solution files. +no signer error to confirm failure (-188). + +If you want to mimic OpenSSL behavior of having SSL_connect succeed even if +verifying the server fails and reducing security you can do this by calling: + + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + +before calling wolfSSL_new();. Though it's not recommended. + +Note 3) +The enum values SHA, SHA256, SHA384, SHA512 are no longer available when +wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro +NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call +hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512 +should be used for the enum name. + +*** end Notes *** + + +# wolfSSL Release 4.4.0 (04/22/2020) + +If you have questions about this release, feel free to contact us on our +info@ address. + +Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including: + +## New Feature Additions + +* Hexagon support. +* DSP builds to offload ECC verify operations. +* Certificate Manager callback support. +* New APIs for running updates to ChaCha20/Poly1305 AEAD. +* Support for use with Apache. +* Add support for IBM s390x. +* PKCS8 support for ED25519. +* OpenVPN support. +* Add P384 curve support to SP. +* Add BIO and EVP API. +* Add AES-OFB mode. +* Add AES-CFB mode. +* Add Curve448, X448, and Ed448. +* Add Renesas Synergy S7G2 build and hardware acceleration. + +## Fixes + +* Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit. +* Correct misspellings. +* Secure renegotiation fix. +* Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify, + or shared secret. +* Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`. +* Fix the RSA verify only build. +* Fix in SP C implementation for small stack. +* Fix using the auth key id extension is set, hash might not be present. +* Fix when flattening certificate structure to include the subject alt names. +* Fixes for building with ECC sign/verify only. +* Fix for ECC and no cache resistance. +* Fix memory leak in DSA. +* Fix build on minGW. +* Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC. +* Fix for using RSA without SHA-512. +* Add some close tags to the echoserver HTTP example output. +* Miscellaneous fixes and updates for static analysis reports. +* Fixes for time structure support. +* Fixes for VxWorks support. +* Fixes for Async crypto support. +* Fix cache resist compile to work with SP C code. +* Fixes for Curve25519 x64 asm. +* Fix for SP x64 div. +* Fix for DTLS edge case where CCS and Finished come out of order and the + retransmit pool gets flushed. +* Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W. +* Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs + to initialize the Hmac structure. Type is set to NONE, and checked against + NONE, not 0. +* Fixes for SP RSA private operations. +* Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC +* Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G. +* Fixes for building ECC without ASN. +* Fix for async TLSv1.3 issues. +* Fix `wc_KeyPemToDer()` with PKCS1 and empty key. +* Omit `-fomit-frame-pointer` from CFLAGS in configure.ac. + +## Improvements/Optimizations + +* Qt 5.12 and 5.13 support. +* Added more digest types to Cryptocell RSA sign/verify. +* Some memory usage improvements. +* Speed improvements for mp_rand. +* Improvements to CRL and OCSP support. +* Refactor Poly1305 AEAD/MAC to reduce duplicate code. +* Add blinding to RSA key gen. +* Improvements to blinding. +* Improvement and expansion of OpenSSL Compatibility Layer. +* Improvements to ChaCha20. +* Improvements to X.509 processing. +* Improvements to ECC support. +* Improvement in detecting 64-bit support. +* Refactor to combine duplicate ECC parameter parsing code. +* Improve keyFormat to be set by algId and let later key parsing produce fail. +* Add test cases for 3072-bit and 4096-bit RSA keys. +* Improve signature wrapper and DH test cases. +* Improvements to the configure.ac script. +* Added constant time RSA q modinv p. +* Improve performance of SP Intel 64-bit asm. +* Added a few more functions to the ABI list. +* Improve TLS bidirectional shutdown behavior. +* OpenSSH 8.1 support. +* Improve performance of RSA/DH operations on x64. +* Add support for PKCS7/CMS Enveloped data with fragmented encrypted content. +* Example linker description for FIPS builds to enforce object ordering. +* C# wrapper improvements. Added TLS client example and TLSv1.3 methods. +* Allow setting MTU in DTLS. +* Improve PKCS12 create for outputting encrypted bundles. +* Constant time EC map to affine for private operations. +* Improve performance of RSA public key ops with TFM. +* Smaller table version of AES encrypt/decrypt. +* Support IAR with position independent code (ROPI). +* Improve speed of AArch64 assembly. +* Support AES-CTR with AES-NI. +* Support AES-CTR on esp32. +* Add a no malloc option for small SP math. + +## This release of wolfSSL includes fixes for 2 security vulnerabilities. + +* For fast math, use a constant time modular inverse when mapping to affine + when operation involves a private key - keygen, calc shared secret, sign. + Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and + Billy Bob Brumley from the Network and Information Security Group (NISEC) + at Tampere University for the report. + +* Change constant time and cache resistant ECC mulmod. Ensure points being + operated on change to make constant time. Thank you to Pietro Borrello at + Sapienza University of Rome. + +For additional vulnerability information visit the vulnerability page at +https://www.wolfssl.com/docs/security-vulnerabilities/ See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015) - -##Release 3.4.6 of wolfSSL has bug fixes and new features including: - -- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2, - rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm. - These speedup the use of RNG, SHA2, and public key algorithms. -- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples - in wolcrypt/test/test.c ed25519_test(). -- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes - of memory per secure connection including cipher state. -- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and - ctaocrypt headers which will enable the compatibility APIs for the - foreseeable future -- INSTALL file to help direct users to build instructions for their environment -- For ECC users with the normal math library a fix that prevents a crash when - verify signature fails. Users of 3.4.0 with ECC and the normal math library - must update -- RC4 is now disabled by default in autoconf mode -- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers - available without a switch -- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution -- DHE-PSK cipher suites can now be built without ASN or Cert support -- Fix some NO MD5 build issues with optional features -- Freescale CodeWarrior project updates -- ECC curves can be individually turned on/off at build time. -- Sniffer handles Cert Status message and other minor fixes -- SetMinVersion() at the wolfSSL Context level instead of just SSL session level - to allow minimum protocol version allowed at runtime -- RNG failure resource cleanup fix - -- No high level security fixes that requires an update though we always - recommend updating to the latest (except note 6 use case of ecc/normal math) - -See INSTALL file for build instructions. -More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html - - -#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015) - -## Release 3.4.0 wolfSSL has bug fixes and new features including: - -- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt - headers which will enable the compatibility APIs for the foreseeable future -- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c -- Example use of the wolfSSL API can be found in examples/client/client.c -- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon -- Improvements in the build configuration under AIX -- Microchip Pic32 MZ updates -- TIRTOS updates -- PowerPC updates -- Xcode project update -- Bidirectional shutdown examples in client/server with -w (wait for full - shutdown) option -- Cycle counts on benchmarks for x86_64, more coming soon -- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA - keys -- Various compile warnings -- Scan-build warning fixes -- Changed a memcpy to memmove in the sniffer (if using sniffer please update) -- No high level security fixes that requires an update though we always - recommend updating to the latest - - -# CyaSSL Release 3.3.0 (12/05/2014) - -- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without - FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from - the Prosecco team at INRIA Paris-Rocquencourt for the report. -- FIPS version submitted -- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED -- User can set mimimum downgrade version with CyaSSL_SetMinVersion() -- Small stack improvements at TLS/SSL layer -- TLS Master Secret generation and Key Expansion are now exposed -- Adds client side Secure Renegotiation, * not recommended * -- Client side session ticket support, not fully tested with Secure Renegotiation -- Allows up to 4096bit DHE at TLS Key Exchange layer -- Handles non standard SessionID sizes in Hello Messages -- PicoTCP Support -- Sniffer now supports SNI Virtual Hosts -- Sniffer now handles non HTTPS protocols using STARTTLS -- Sniffer can now parse records with multiple messages -- TI-RTOS updates -- Fix for ColdFire optimized fp_digit read only in explicit 32bit case -- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.2.0 (09/10/2014) - -#### Release 3.2.0 CyaSSL has bug fixes and new features including: - -- ChaCha20 and Poly1305 crypto and suites -- Small stack improvements for OCSP, CRL, TLS, DTLS -- NTRU Encrypt and Decrypt benchmarks -- Updated Visual Studio project files -- Updated Keil MDK5 project files -- Fix for DTLS sequence numbers with GCM/CCM -- Updated HashDRBG with more secure struct declaration -- TI-RTOS support and example Code Composer Studio project files -- Ability to get enabled cipher suites, CyaSSL_get_ciphers() -- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU -- Sniffer improvement checking for decrypt key setup -- Support for raw ECC key import -- Ability to convert ecc_key to DER, EccKeyToDer() -- Security fix for RSA Padding check vulnerability reported by Intel Security - Advanced Threat Research team - -The CyaSSL manual is available at: -http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.1.0 (07/14/2014) - -#### Release 3.1.0 CyaSSL has bug fixes and new features including: - -- Fix for older versions of icc without 128-bit type -- Intel ASM syntax for AES-NI -- Updated NTRU support, keygen benchmark -- FIPS check for minimum required HMAC key length -- Small stack (--enable-smallstack) improvements for PKCS#7, ASN -- TLS extension support for DTLS -- Default I/O callbacks external to user -- Updated example client with bad clock test -- Ability to set optional ECC context info -- Ability to enable/disable DH separate from opensslextra -- Additional test key/cert buffers for CA and server -- Updated example certificates - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.2 (05/30/2014) - -#### Release 3.0.2 CyaSSL has bug fixes and new features including: - -- Added the following cipher suites: - * TLS_PSK_WITH_AES_128_GCM_SHA256 - * TLS_PSK_WITH_AES_256_GCM_SHA384 - * TLS_PSK_WITH_AES_256_CBC_SHA384 - * TLS_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - * TLS_DHE_PSK_WITH_NULL_SHA256 - * TLS_DHE_PSK_WITH_NULL_SHA384 - * TLS_DHE_PSK_WITH_AES_128_CCM - * TLS_DHE_PSK_WITH_AES_256_CCM -- Added AES-NI support for Microsoft Visual Studio builds. -- Changed small stack build to be disabled by default. -- Updated the Hash DRBG and provided a configure option to enable. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 3.0.0 (04/29/2014) - -#### Release 3.0.0 CyaSSL has bug fixes and new features including: - -- FIPS release candidate -- X.509 improvements that address items reported by Suman Jana with security - researchers at UT Austin and UC Davis -- Small stack size improvements, --enable-smallstack. Offloads large local - variables to the heap. (Note this is not complete.) -- Updated AES-CCM-8 cipher suites to use approved suite numbers. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.4 (04/09/2014) - -#### Release 2.9.4 CyaSSL has bug fixes and new features including: - -- Security fixes that address items reported by Ivan Fratric of the Google - Security Team -- X.509 Unknown critical extensions treated as errors, report by Suman Jana with - security researchers at UT Austin and UC Davis -- Sniffer fixes for corrupted packet length and Jumbo frames -- ARM thumb mode assembly fixes -- Xcode 5.1 support including new clang -- PIC32 MZ hardware support -- CyaSSL Object has enough room to read the Record Header now w/o allocs -- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA. -- A sample I/O pool is demonstrated with --enable-iopool to overtake memory - handling and reduce memory fragmentation on I/O large sizes - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.9.0 (02/07/2014) - -#### Release 2.9.0 CyaSSL has bug fixes and new features including: -- Freescale Kinetis RNGB support -- Freescale Kinetis mmCAU support -- TLS Hello extensions - - ECC - - Secure Renegotiation (null) - - Truncated HMAC -- SCEP support - - PKCS #7 Enveloped data and signed data - - PKCS #10 Certificate Signing Request generation -- DTLS sliding window -- OCSP Improvements - - API change to integrate into Certificate Manager - - IPv4/IPv6 agnostic - - example client/server support for OCSP - - OCSP nonces are optional -- GMAC hashing -- Windows build additions -- Windows CYGWIN build fixes -- Updated test certificates -- Microchip MPLAB Harmony support -- Update autoconf scripts -- Additional X.509 inspection functions -- ECC encrypt/decrypt primitives -- ECC Certificate generation - -The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the -K53 Sub-Family Reference Manual: -http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf - -Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation -can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library -User Guide": -http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf - - -# CyaSSL Release 2.8.0 (8/30/2013) - -#### Release 2.8.0 CyaSSL has bug fixes and new features including: -- AES-GCM and AES-CCM use AES-NI -- NetX default IO callback handlers -- IPv6 fixes for DTLS Hello Cookies -- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys() -- SEP certificate extensions -- Callback getters for easier resource freeing -- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing -- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing -- Public Key Callbacks for ECC and RSA -- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2 - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.7.0 (6/17/2013) - -#### Release 2.7.0 CyaSSL has bug fixes and new features including: -- SNI support for client and server -- KEIL MDK-ARM projects -- Wildcard check to domain name match, and Subject altnames are checked too -- Better error messages for certificate verification errors -- Ability to discard session during handshake verify -- More consistent error returns across all APIs -- Ability to unload CAs at the CTX or CertManager level -- Authority subject id support for Certificate matching -- Persistent session cache functionality -- Persistent CA cache functionality -- Client session table lookups to push serverID table to library level -- Camellia support to sniffer -- User controllable settings for DTLS timeout values -- Sniffer fixes for caching long lived sessions -- DTLS reliability enhancements for the handshake -- Better ThreadX support - -When compiling with Mingw, libtool may give the following warning due to -path conversion errors: - -``` -libtool: link: Could not determine host file name corresponding to ** -libtool: link: Continuing, but uninstalled executables may not work. -``` - -If so, examples and testsuite will have problems when run, showing an -error while loading shared libraries. To resolve, please run "make install". - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.6.0 (04/15/2013) - -#### Release 2.6.0 CyaSSL has bug fixes and new features including: -- DTLS 1.2 support including AEAD ciphers -- SHA-3 finalist Blake2 support, it's fast and uses little resources -- SHA-384 cipher suites including ECC ones -- HMAC now supports SHA-512 -- Track memory use for example client/server with -t option -- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were - turned on, localhost only was used. Now link-local (with scope ids) and ipv6 - hosts can be used as well. -- Xcode v4.6 project for iOS v6.1 update -- settings.h is now checked in all *.c files for true one file setting detection -- Better alignment at SSL layer for hardware crypto alignment needs - * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and - 13 bytes DTLS headers, but every effort is now made to align with the - CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement -- NO_64BIT flag to turn off 64bit data type accumulators in public key code - * Note, some systems are faster with 32bit accumulators -- --enable-stacksize for example client/server stack use - * Note, modern desktop Operating Systems may add bytes to each stack frame -- Updated compression/decompression with direct crypto access -- All ./configure options are now lowercase only for consistency -- ./configure builds default to fastmath option - * Note, if on ia32 and building in shared mode this may produce a problem - with a missing register being available because of PIC, there are at least - 5 solutions to this: - 1) --disable-fastmath , don't use fastmath - 2) --disable-shared, don't build a shared library - 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use - 4) use clang, it just seems to work - 5) play around with no PIC options to force all registers being open -- Many new ./configure switches for option enable/disable for example - * rsa - * dh - * dsa - * md5 - * sha - * arc4 - * null (allow NULL ciphers) - * oldtls (only use TLS 1.2) - * asn (no certs or public keys allowed) -- ./configure generates cyassl/options.h which allows a header the user can - include in their app to make sure the same options are set at the app and - CyaSSL level. -- autoconf no longer needs serial-tests which lowers version requirements of - automake to 1.11 and autoconf to 2.63 - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.5.0 (02/04/2013) - -#### Release 2.5.0 CyaSSL has bug fixes and new features including: -- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and - Kenny Paterson: http://www.isg.rhul.ac.uk/tls/ -- Microchip PIC32 (MIPS16, MIPS32) support -- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit -- Updated CTaoCrypt benchmark app for embedded systems -- 1024-bit test certs/keys and cert/key buffers -- AES-CCM-8 crypto and cipher suites -- Camellia crypto and cipher suites -- Bumped minimum autoconf version to 2.65, automake version to 1.12 -- Addition of OCSP callbacks -- STM32F2 support with hardware crypto and RNG -- Cavium NITROX support - -CTaoCrypt now has support for the Microchip PIC32 and has been tested with -the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and -MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README -located under the <cyassl_root>/mplabx directory for more details. - -To add Cavium NITROX support do: - -./configure --with-cavium=/home/user/cavium/software - -pointing to your licensed cavium/software directory. Since Cavium doesn't -build a library we pull in the cavium_common.o file which gives a libtool -warning about the portability of this. Also, if you're using the github source -tree you'll need to remove the -Wredundant-decls warning from the generated -Makefile because the cavium headers don't conform to this warning. Currently -CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto -layer. Support at the SSL level is partial and currently just does AES, 3DES, -and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non -blocking mode. The example client turns on cavium support as does the crypto -test and benchmark. Please see the HAVE_CAVIUM define. - -CyaSSL is able to use the STM32F2 hardware-based cryptography and random number -generator through the STM32F2 Standard Peripheral Library. For necessary -defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the -STM32F2 Standard Peripheral Library can be found in the following document: -http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.4.6 (12/20/2012) - -#### Release 2.4.6 CyaSSL has bug fixes and a few new features including: -- ECC into main version -- Lean PSK build (reduced code size, RAM usage, and stack usage) -- FreeBSD CRL monitor support -- CyaSSL_peek() -- CyaSSL_send() and CyaSSL_recv() for I/O flag setting -- CodeWarrior Support -- MQX Support -- Freescale Kinetis support including Hardware RNG -- autoconf builds use jobserver -- cyassl-config -- Sniffer memory reductions - -Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config, -warning system, and general good ideas for improving CyaSSL! - -The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the -K70 Sub-Family Reference Manual: -http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - -# CyaSSL Release 2.4.0 (10/10/2012) - -#### Release 2.4.0 CyaSSL has bug fixes and a few new features including: -- DTLS reliability -- Reduced memory usage after handshake -- Updated build process - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.3.0 (8/10/2012) - -#### Release 2.3.0 CyaSSL has bug fixes and a few new features including: -- AES-GCM crypto and cipher suites -- make test cipher suite checks -- Subject AltName processing -- Command line support for client/server examples -- Sniffer SessionTicket support -- SHA-384 cipher suites -- Verify cipher suite validity when user overrides -- CRL dir monitoring -- DTLS Cookie support, reliability coming soon - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.2.0 (5/18/2012) - -#### Release 2.2.0 CyaSSL has bug fixes and a few new features including: -- Initial CRL support (--enable-crl) -- Initial OCSP support (--enable-ocsp) -- Add static ECDH suites -- SHA-384 support -- ECC client certificate support -- Add medium session cache size (1055 sessions) -- Updated unit tests -- Protection against mutex reinitialization - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.8 (2/24/2012) - -#### Release 2.0.8 CyaSSL has bug fixes and a few new features including: -- A fix for malicious certificates pointed out by Remi Gacogne (thanks) - resulting in NULL pointer use. -- Respond to renegotiation attempt with no_renegoatation alert -- Add basic path support for load_verify_locations() -- Add set Temp EC-DHE key size -- Extra checks on rsa test when porting into - - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.6 (1/27/2012) - -#### Release 2.0.6 CyaSSL has bug fixes and a few new features including: -- Fixes for CA basis constraint check -- CTX reference counting -- Initial unit test additions -- Lean and Mean Windows fix -- ECC benchmarking -- SSMTP build support -- Ability to group handshake messages with set_group_messages(ctx/ssl) -- CA cache addition callback -- Export Base64_Encode for general use - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.2 (12/05/2011) - -#### Release 2.0.2 CyaSSL has bug fixes and a few new features including: -- CTaoCrypt Runtime library detection settings when directly using the crypto - library -- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation -- All test certificates now use 2048bit and SHA-1 for better modern browser - support -- Direct AES block access and AES-CTR (counter) mode -- Microchip pic32 support - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - - - -# CyaSSL Release 2.0.0rc3 (9/28/2011) - -#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including: -- updated autoconf support -- better make install and uninstall (uses system directories) -- make test / make check -- CyaSSL headers now in <cyassl/*.h> -- CTaocrypt headers now in <cyassl/ctaocrypt/*.h> -- OpenSSL compatibility headers now in <cyassl/openssl/*.h> -- examples and tests all run from home directory so can use certs in ./certs - (see note 1) - -So previous applications that used the OpenSSL compatibility header -<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other -changes are required. - -Special Thanks to Brian Aker for his autoconf, install, and header patches. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc2 (6/6/2011) - -#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including: -- bug fixes (Alerts, DTLS with DHE) -- FreeRTOS support -- lwIP support -- Wshadow warnings removed -- asn public header -- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being - updated to reflect this change) -- and more. - -This is the 2nd and perhaps final release candidate for version 2. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 2.0.0rc1 (5/2/2011) - -#### Release 2.0.0rc1 for CyaSSL has many new features including: -- bug fixes -- SHA-256 cipher suites -- Root Certificate Verification (instead of needing all certs in the chain) -- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12) -- Serial number retrieval for x509 -- PBKDF2 and PKCS #12 PBKDF -- UID parsing for x509 -- SHA-256 certificate signatures -- Client and server can send chains (SSL_CTX_use_certificate_chain_file) -- CA loading can now parse multiple certificates per file -- Dynamic memory runtime hooks -- Runtime hooks for logging -- EDH on server side -- More informative error codes -- More informative logging messages -- Version downgrade more robust (use SSL_v23*) -- Shared build only by default through ./configure -- Compiler visibility is now used, internal functions not polluting namespace -- Single Makefile, no recursion, for faster and simpler building -- Turn on all warnings possible build option, warning fixes -- and more. - -Because of all the new features and the multiple OS, compiler, feature-set -options that CyaSSL allows, there may be some configuration fixes needed. -Please send any comments or questions to support@yassl.com. - -The CyaSSL manual is available at: -http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions -and comments about the new features please check the manual. - -# CyaSSL Release 1.9.0 (3/2/2011) - -Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and -better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server, -improper AES key setup detection, user cert verify callback improvements, and -more. - -The CyaSSL manual offering is included in the doc/ directory. For build -instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -# CyaSSL Release 1.8.0 (12/23/2010) - -Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate -generation, a C standard library abstraction layer, lower memory use, increased -portability through the os_settings.h file, and the ability to use NTRU cipher -suites when used in conjunction with an NTRU license and library. - -The initial CyaSSL manual offering is included in the doc/ directory. For -build instructions and comments about the new features please check the manual. - -Please send any comments or questions to support@yassl.com. - -Happy Holidays. - - -# CyaSSL Release 1.6.5 (9/9/2010) - -Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To enable certificate generation support add this option to ./configure -./configure --enable-certgen - -An example is included in ctaocrypt/test/test.c and documentation is provided -in doc/CyaSSL_Extensions_Reference.pdf item 11. - -# CyaSSL Release 1.6.0 (8/27/2010) - -Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key -generation. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add RIPEMD-160 support add this option to ./configure -./configure --enable-ripemd - -To add SHA-512 support add this option to ./configure -./configure --enable-sha512 - -To add RSA key generation support add this option to ./configure -./configure --enable-keygen - -Please see ctaocrypt/test/test.c for examples and usage. - -For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is -off by default. To turn key generation on add the define CYASSL_KEY_GEN to -CyaSSL. - - -# CyaSSL Release 1.5.6 (7/28/2010) - -Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider, -and a fix for GCC builds on some systems. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.4 (7/7/2010) - -Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed -improvements from loop unrolling, and support for the Mongoose Web Server. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add AES-NI support add this option to ./configure -./configure --enable-aesni - -You'll need GCC 4.4.3 or later to make use of the assembly. - -# CyaSSL Release 1.5.0 (5/11/2010) - -Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer -support, and initial swig interface support. - -For general build instructions see doc/Building_CyaSSL.pdf. - -To add support for GoAhead WebServer either --enable-opensslExtra or if you -don't want all the features of opensslExtra you can just define GOAHEAD_WS -instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or -you can define it yourself. - -To look at the sniffer support please see the sniffertest app in -sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the -vcproj files on windows. You'll need to have pcap installed on *nix and -WinPcap on windows. - -A swig interface file is now located in the swig directory for using Python, -Java, Perl, and others with CyaSSL. This is initial support and experimental, -please send questions or comments to support@yassl.com. - -When doing load testing with CyaSSL, on the echoserver example say, the client -machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT -queue, and can't be reused by default. There are generally two ways to fix -this. - -1. Reduce the length sockets remain on the TIME_WAIT queue OR -2. Allow items on the TIME_WAIT queue to be reused. - - -To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds) - -`sudo sysctl -w net.inet.tcp.msl=3000` - -In Linux - -`sudo sysctl -w net.ipv4.tcp_tw_reuse=1` - -allows reuse of sockets in TIME_WAIT - -`sudo sysctl -w net.ipv4.tcp_tw_recycle=1` - -works but seems to remove sockets from TIME_WAIT entirely? - -`sudo sysctl -w net.ipv4.tcp_fin_timeout=1` - -doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts - - -# CyaSSL Release 1.4.0 (2/18/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support -through SSLv23_server_method(), and improved documentation in the doc/ folder. - -For general build instructions doc/Building_CyaSSL.pdf. - -# CyaSSL Release 1.3.0 (1/21/2010) - -Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix, -better porting support, removal of assert()s, and a complete THREADX port. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.2.0 (11/2/2009) - -Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is -read or write. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.1.0 (9/2/2009) - -Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session -cache use, support for lighttpd, and TLS 1.2. - -To get TLS 1.2 support please use the client and server functions: - -```c -SSL_METHOD *TLSv1_2_server_method(void); -SSL_METHOD *TLSv1_2_client_method(void); -``` - -CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with -lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>: - -``` -./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib - -make -make openssl-links -``` - -Then to build lighttpd with CyaSSL use the following commands from the -lighttpd install dir: - -``` -./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm - -make -``` - -On some systems you may get a linker error about a duplicate symbol for -MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file -md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o. -When liblightcomp is linked with the SSL_LIBs the linker may complain about -the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c -and adding this line to the beginning of the file: - -\#if 0 - -and this line to the end of the file - -\#endif - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -If you get link errors about undefined symbols more than likely the actual -OpenSSL libraries are found by the linker before the CyaSSL openssl-links that -point to the CyaSSL library, causing the linker confusion. This can be fixed -by editing the Makefile in the lighttpd src directory and changing the line: - -`SSL_LIB = -lssl -lcrypto` - -to - -`SSL_LIB = -lcyassl` - -Then from the lighttpd src dir do a: - -``` -make clean -make -``` - -This should remove any confusion the linker may be having with missing symbols. - -For any questions or concerns please contact support@yassl.com . - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.6 (8/03/2009) - -Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster -math with a huge code option. - -The session cache now defaults to a client mode, also good for embedded servers. -For servers not under heavy load (less than 200 new sessions per minute), define -BIG_SESSION_CACHE. If the server will be under heavy load, define -HUGE_SESSION_CACHE. - -There is now a fasthugemath option for configure. This enables fastmath plus -even faster math by greatly increasing the code size of the math library. Use -the benchmark utility to compare public key operations. - - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.3 (5/10/2009) - -Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL -compatibility when building other applications. - -Release 1.0.3 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -# CyaSSL Release 1.0.2 (4/3/2009) - -Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems -will send a SIGPIPE on socket recv() at any time and this should be handled by -the application by turning off SIGPIPE through setsockopt() or returning from -the handler. - -Release 1.0.2 includes an alpha release of DTLS for both client and servers. -This is only for testing purposes at this time. Rebroadcast and reordering -aren't fully implemented at this time but will be for the next release. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009) - - -Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for -iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root -directory. This release also includes a fix for supporting other -implementations that bundle multiple messages at the record layer, this was -lost when cyassl i/o was re-implemented but is now fixed. - -For general build instructions see rc1 below. - -## CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009) - - -Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream -ciphers along with their respective cipher suites. CyaSSL adds support for -HC-128 and RABBIT stream ciphers. The new suites are: - -``` -TLS_RSA_WITH_HC_128_SHA -TLS_RSA_WITH_RABBIT_SHA -``` - -And the corresponding cipher names are - -``` -HC128-SHA -RABBIT-SHA -``` - -CyaSSL also adds support for building with devkitPro for PPC by changing the -library proper to use libogc. The examples haven't been changed yet but if -there's interest they can be. Here's an example ./configure to build CyaSSL -for devkitPro: - -``` -./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" -``` - -For linking purposes you'll need - -`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"` - -For general build instructions see rc1 below. - - -## CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008) - - -Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several -areas have optimization improvements, less dynamic memory use, and the I/O -strategy has been refactored to allow alternate I/O handling or Library use. -Many thanks to Thierry Fournier for providing these ideas and most of the work. - -Because of these changes, this release is only a candidate since some problems -are probably inevitable on some platform with some I/O use. Please report any -problems and we'll try to resolve them as soon as possible. You can contact us -at support@yassl.com or todd@yassl.com. - -Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly -on some platforms. This is new so please report any problems as every compiler, -mode, OS combination hasn't been tested. On ia32 all of the registers need to -be available so be sure to pass these options to CFLAGS: - -`CFLAGS="-O3 -fomit-frame-pointer"` - -OS X will also need -mdynamic-no-pic added to CFLAGS - -Also if you're building in shared mode for ia32 you'll need to pass options to -LDFLAGS as well on OS X: - -`LDFLAGS=-Wl,-read_only_relocs,warning` - -This gives warnings for some symbols but seems to work. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - from the ./testsuite/ directory run ./testsuite - -#### To make a debug build: - - ./configure --enable-debug --disable-shared - make - - - -#### To build on Win32 - -Choose (Re)Build All from the project workspace - -Run the testsuite program - - - - - -# CyaSSL version 0.9.9 (7/25/2008) - -This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory -handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the -work on TomsFastMath. - -To optionally use TomsFastMath pass --enable-fastmath to ./configure -Or define USE_FAST_MATH in each project from CyaSSL for MSVC. - -Please use the benchmark routine before and after to see the performance -difference, on some platforms the gains will be little but RSA encryption -always seems to be faster. On x86-64 machines with GCC the normal math library -may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't -yet use -m64 because of GCCs inability to do 128bit division. - - *** UPDATE GCC 4.2.1 can now do 128bit division *** - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.8 (5/7/2008) - -This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better -socket handling. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.6 (1/31/2008) - -This release of CyaSSL adds bug fixes, increased session management, and a fix -for gnutls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.9.0 (10/15/2007) - -This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support, -IPV6 support and test, and new test certificates. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.8.0 (1/10/2007) - -This release of CyaSSL adds increased socket support, for non-blocking writes, -connects, and interrupted system calls. - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.3 (10/30/2006) - -This release of CyaSSL adds debug logging to stderr to aid in the debugging of -CyaSSL on systems that may not provide the best support. - -If CyaSSL is built with debugging support then you need to call -CyaSSL_Debugging_ON() to turn logging on. - -On Unix use ./configure --enable-debug - -On Windows define DEBUG_CYASSL when building CyaSSL - - -To turn logging back off call CyaSSL_Debugging_OFF() - -See notes below (0.2.0) for complete build instructions. - - -# CyaSSL version 0.6.2 (10/29/2006) - -This release of CyaSSL adds TLS 1.1. - -Note that CyaSSL has certificate verification on by default, unlike OpenSSL. -To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with -SSL_VERIFY_NONE. In order to have full security you should never do this, -provide CyaSSL with the proper certificates to eliminate impostors and call -CyaSSL_check_domain_name() to prevent man in the middle attacks. - -See notes below (0.2.0) for build instructions. - -# CyaSSL version 0.6.0 (10/25/2006) - -This release of CyaSSL adds more SSL functions, better autoconf, nonblocking -I/O for accept, connect, and read. There is now an --enable-small configure -option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in -for the defines. Note that TLS requires HMAC and AES requires TLS. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.5 (09/27/2006) - -This mini release of CyaSSL adds better input processing through buffered input -and big message support. Added SSL_pending() and some sanity checks on user -settings. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.5.0 (03/27/2006) - -This release of CyaSSL adds AES support and minor bug fixes. - -See notes below (0.2.0) for build instructions. - - -# CyaSSL version 0.4.0 (03/15/2006) - -This release of CyaSSL adds TLSv1 client/server support and libtool. - -See notes below for build instructions. - - -# CyaSSL version 0.3.0 (02/26/2006) - -This release of CyaSSL adds SSLv3 server support and session resumption. - -See notes below for build instructions. - - -# CyaSSL version 0.2.0 (02/19/2006) - - -This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL -is written in ANSI C with the idea of a small code size, footprint, and memory -usage in mind. CTaoCrypt can be as small as 32K, and the current client -version of CyaSSL can be as small as 12K. - - -The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer -Support, RSA, ASN parsing, and basic x509 (en/de)coding. - -The first release of CyaSSL supports normal client RSA mode SSLv3 connections -with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4. - - -#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make +More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html - from the ./testsuite/ directory run ./testsuite -#### to make a debug build: - ./configure --enable-debug --disable-shared - make +*** Resources *** +[wolfSSL Website](https://www.wolfssl.com/) -#### To build on Win32 +[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki) -Choose (Re)Build All from the project workspace +[FIPS FAQ](https://wolfssl.com/license/fips) -Run the testsuite program +[wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html) +[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html) +[wolfSSL API Reference] +(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html) -*** The next release of CyaSSL will support a server and more OpenSSL -compatibility functions. +[wolfCrypt API Reference] +(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html) +[TLS 1.3](https://www.wolfssl.com/docs/tls13/) -Please send questions or comments to todd@yassl.com +[wolfSSL Vulnerabilities] +(https://www.wolfssl.com/docs/security-vulnerabilities/) |