summaryrefslogtreecommitdiff
path: root/FreeRTOS-Plus/Source/WolfSSL/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/README.md')
-rw-r--r--FreeRTOS-Plus/Source/WolfSSL/README.md1382
1 files changed, 205 insertions, 1177 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/README.md b/FreeRTOS-Plus/Source/WolfSSL/README.md
index a490ac2ff..db1b54488 100644
--- a/FreeRTOS-Plus/Source/WolfSSL/README.md
+++ b/FreeRTOS-Plus/Source/WolfSSL/README.md
@@ -1,1194 +1,222 @@
-# Notes - Please read
-
-## Note 1
-```
-wolfSSL now needs all examples and tests to be run from the wolfSSL home
-directory. This is because it finds certs and keys from ./certs/. Trying to
-maintain the ability to run each program from its own directory, the testsuite
-directory, the main directory (for make check/test), and for the various
-different project layouts (with or without config) was becoming harder and
-harder. Now to run testsuite just do:
-
-./testsuite/testsuite
-
-or
-
-make check (when using autoconf)
-
-On *nix or Windows the examples and testsuite will check to see if the current
-directory is the source directory and if so, attempt to change to the wolfSSL
-home directory. This should work in most setup cases, if not, just follow the
-beginning of the note and specify the full path.
-```
-
-## Note 2
-```
+*** Description ***
+
+The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
+library written in ANSI C and targeted for embedded, RTOS, and
+resource-constrained environments - primarily because of its small size, speed,
+and feature set. It is commonly used in standard operating environments as well
+because of its royalty-free pricing and excellent cross platform support.
+wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2
+levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers
+such as ChaCha20, Curve25519, NTRU, and Blake2b. User benchmarking and feedback
+reports dramatically better performance when using wolfSSL over OpenSSL.
+
+wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt
+cryptography library have been FIPS 140-2 validated (Certificate #2425 and
+certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ
+(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com
+
+*** Why choose wolfSSL? ***
+
+There are many reasons to choose wolfSSL as your embedded SSL solution. Some of
+the top reasons include size (typical footprint sizes range from 20-100 kB),
+support for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,
+DTLS 1.0, and DTLS 1.2), current and progressive cipher support (including
+stream ciphers), multi-platform, royalty free, and an OpenSSL compatibility API
+to ease porting into existing applications which have previously used the
+OpenSSL package. For a complete feature list, see chapter 4 of the wolfSSL
+manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)
+
+*** Notes, Please read ***
+
+Note 1)
+wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no longer
+supports static key cipher suites with PSK, RSA, or ECDH. This means if you
+plan to use TLS cipher suites you must enable DH (DH is on by default), or
+enable ECC (ECC is on by default), or you must enable static key cipher suites
+with
+
+ WOLFSSL_STATIC_DH
+ WOLFSSL_STATIC_RSA
+ or
+ WOLFSSL_STATIC_PSK
+
+though static key cipher suites are deprecated and will be removed from future
+versions of TLS. They also lower your security by removing PFS. Since current
+NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
+used in order to build with NTRU suites.
+
+When compiling ssl.c, wolfSSL will now issue a compiler error if no cipher
+suites are available. You can remove this error by defining
+WOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not
+using TLS cipher suites.
+
+Note 2)
wolfSSL takes a different approach to certificate verification than OpenSSL
-does. The default policy for the client is to verify the server, this means
+does. The default policy for the client is to verify the server, this means
that if you don't load CAs to verify the server you'll get a connect error,
-no signer error to confirm failure (-188). If you want to mimic OpenSSL
-behavior of having SSL_connect succeed even if verifying the server fails and
-reducing security you can do this by calling:
-
-wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
-
-before calling wolfSSL_new(); Though it's not recommended.
-```
-
-- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
- add -fdebug-types-section to C_EXTRA_FLAGS
-
-#wolfSSL (Formerly CyaSSL) Release 3.4.8 (04/06/2015)
-
-##Release 3.4.8 of wolfSSL has bug fixes and new features including:
-
-- FIPS version submitted for iOS.
-- Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS.
-- Improvements to usage of time code.
-- Improvements to VS solution files.
+no signer error to confirm failure (-188).
+
+If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
+verifying the server fails and reducing security you can do this by calling:
+
+ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+before calling wolfSSL_new();. Though it's not recommended.
+
+Note 3)
+The enum values SHA, SHA256, SHA384, SHA512 are no longer available when
+wolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro
+NO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call
+hash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512
+should be used for the enum name.
+
+*** end Notes ***
+
+
+# wolfSSL Release 4.4.0 (04/22/2020)
+
+If you have questions about this release, feel free to contact us on our
+info@ address.
+
+Release 4.4.0 of wolfSSL embedded TLS has bug fixes and new features including:
+
+## New Feature Additions
+
+* Hexagon support.
+* DSP builds to offload ECC verify operations.
+* Certificate Manager callback support.
+* New APIs for running updates to ChaCha20/Poly1305 AEAD.
+* Support for use with Apache.
+* Add support for IBM s390x.
+* PKCS8 support for ED25519.
+* OpenVPN support.
+* Add P384 curve support to SP.
+* Add BIO and EVP API.
+* Add AES-OFB mode.
+* Add AES-CFB mode.
+* Add Curve448, X448, and Ed448.
+* Add Renesas Synergy S7G2 build and hardware acceleration.
+
+## Fixes
+
+* Fix for RSA public encrypt / private sign with RSA key sizes over 2048-bit.
+* Correct misspellings.
+* Secure renegotiation fix.
+* Fix memory leak when using ATECC and non-SECP256R1 curves for sign, verify,
+ or shared secret.
+* Fix for K64 MMCAU with `WOLFSSL_SMALL_STACK_CACHE`.
+* Fix the RSA verify only build.
+* Fix in SP C implementation for small stack.
+* Fix using the auth key id extension is set, hash might not be present.
+* Fix when flattening certificate structure to include the subject alt names.
+* Fixes for building with ECC sign/verify only.
+* Fix for ECC and no cache resistance.
+* Fix memory leak in DSA.
+* Fix build on minGW.
+* Fix `PemToDer()` call in `ProcessBuffer()` to set more than ECC.
+* Fix for using RSA without SHA-512.
+* Add some close tags to the echoserver HTTP example output.
+* Miscellaneous fixes and updates for static analysis reports.
+* Fixes for time structure support.
+* Fixes for VxWorks support.
+* Fixes for Async crypto support.
+* Fix cache resist compile to work with SP C code.
+* Fixes for Curve25519 x64 asm.
+* Fix for SP x64 div.
+* Fix for DTLS edge case where CCS and Finished come out of order and the
+ retransmit pool gets flushed.
+* Fix for infinite loop in SHA-1 with small inputs. Thanks to Peter W.
+* Fix for FIPS Hmac where `wc_HmacInit()` isn't used. `wc_HmacSetKey()` needs
+ to initialize the Hmac structure. Type is set to NONE, and checked against
+ NONE, not 0.
+* Fixes for SP RSA private operations.
+* Fixes for Xilinx SDK and Zynq UltraScale+ MPSoC
+* Fix leak when building with HAVE_AESGCM and NO_AES_DECRYPT. Thanks G.G.
+* Fixes for building ECC without ASN.
+* Fix for async TLSv1.3 issues.
+* Fix `wc_KeyPemToDer()` with PKCS1 and empty key.
+* Omit `-fomit-frame-pointer` from CFLAGS in configure.ac.
+
+## Improvements/Optimizations
+
+* Qt 5.12 and 5.13 support.
+* Added more digest types to Cryptocell RSA sign/verify.
+* Some memory usage improvements.
+* Speed improvements for mp_rand.
+* Improvements to CRL and OCSP support.
+* Refactor Poly1305 AEAD/MAC to reduce duplicate code.
+* Add blinding to RSA key gen.
+* Improvements to blinding.
+* Improvement and expansion of OpenSSL Compatibility Layer.
+* Improvements to ChaCha20.
+* Improvements to X.509 processing.
+* Improvements to ECC support.
+* Improvement in detecting 64-bit support.
+* Refactor to combine duplicate ECC parameter parsing code.
+* Improve keyFormat to be set by algId and let later key parsing produce fail.
+* Add test cases for 3072-bit and 4096-bit RSA keys.
+* Improve signature wrapper and DH test cases.
+* Improvements to the configure.ac script.
+* Added constant time RSA q modinv p.
+* Improve performance of SP Intel 64-bit asm.
+* Added a few more functions to the ABI list.
+* Improve TLS bidirectional shutdown behavior.
+* OpenSSH 8.1 support.
+* Improve performance of RSA/DH operations on x64.
+* Add support for PKCS7/CMS Enveloped data with fragmented encrypted content.
+* Example linker description for FIPS builds to enforce object ordering.
+* C# wrapper improvements. Added TLS client example and TLSv1.3 methods.
+* Allow setting MTU in DTLS.
+* Improve PKCS12 create for outputting encrypted bundles.
+* Constant time EC map to affine for private operations.
+* Improve performance of RSA public key ops with TFM.
+* Smaller table version of AES encrypt/decrypt.
+* Support IAR with position independent code (ROPI).
+* Improve speed of AArch64 assembly.
+* Support AES-CTR with AES-NI.
+* Support AES-CTR on esp32.
+* Add a no malloc option for small SP math.
+
+## This release of wolfSSL includes fixes for 2 security vulnerabilities.
+
+* For fast math, use a constant time modular inverse when mapping to affine
+ when operation involves a private key - keygen, calc shared secret, sign.
+ Thank you to Alejandro Cabrera Aldaya, Cesar Pereida García and
+ Billy Bob Brumley from the Network and Information Security Group (NISEC)
+ at Tampere University for the report.
+
+* Change constant time and cache resistant ECC mulmod. Ensure points being
+ operated on change to make constant time. Thank you to Pietro Borrello at
+ Sapienza University of Rome.
+
+For additional vulnerability information visit the vulnerability page at
+https://www.wolfssl.com/docs/security-vulnerabilities/
See INSTALL file for build instructions.
-More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
-
-
-#wolfSSL (Formerly CyaSSL) Release 3.4.6 (03/30/2015)
-
-##Release 3.4.6 of wolfSSL has bug fixes and new features including:
-
-- Intel Assembly Speedups using instructions rdrand, rdseed, aesni, avx1/2,
- rorx, mulx, adox, adcx . They can be enabled with --enable-intelasm.
- These speedup the use of RNG, SHA2, and public key algorithms.
-- Ed25519 support at the crypto level. Turn on with --enable-ed25519. Examples
- in wolcrypt/test/test.c ed25519_test().
-- Post Handshake Memory reductions. wolfSSL can now hold less than 1,000 bytes
- of memory per secure connection including cipher state.
-- wolfSSL API and wolfCrypt API fixes, you can still include the cyassl and
- ctaocrypt headers which will enable the compatibility APIs for the
- foreseeable future
-- INSTALL file to help direct users to build instructions for their environment
-- For ECC users with the normal math library a fix that prevents a crash when
- verify signature fails. Users of 3.4.0 with ECC and the normal math library
- must update
-- RC4 is now disabled by default in autoconf mode
-- AES-GCM and ChaCha20/Poly1305 are now enabled by default to make AEAD ciphers
- available without a switch
-- External ChaCha-Poly AEAD API, thanks to Andrew Burks for the contribution
-- DHE-PSK cipher suites can now be built without ASN or Cert support
-- Fix some NO MD5 build issues with optional features
-- Freescale CodeWarrior project updates
-- ECC curves can be individually turned on/off at build time.
-- Sniffer handles Cert Status message and other minor fixes
-- SetMinVersion() at the wolfSSL Context level instead of just SSL session level
- to allow minimum protocol version allowed at runtime
-- RNG failure resource cleanup fix
-
-- No high level security fixes that requires an update though we always
- recommend updating to the latest (except note 6 use case of ecc/normal math)
-
-See INSTALL file for build instructions.
-More info can be found on-line at //http://wolfssl.com/yaSSL/Docs.html
-
-
-#wolfSSL (Formerly CyaSSL) Release 3.4.0 (02/23/2015)
-
-## Release 3.4.0 wolfSSL has bug fixes and new features including:
-
-- wolfSSL API and wolfCrypt API, you can still include the cyassl and ctaocrypt
- headers which will enable the compatibility APIs for the foreseeable future
-- Example use of the wolfCrypt API can be found in wolfcrypt/test/test.c
-- Example use of the wolfSSL API can be found in examples/client/client.c
-- Curve25519 now supported at the wolfCrypt level, wolfSSL layer coming soon
-- Improvements in the build configuration under AIX
-- Microchip Pic32 MZ updates
-- TIRTOS updates
-- PowerPC updates
-- Xcode project update
-- Bidirectional shutdown examples in client/server with -w (wait for full
- shutdown) option
-- Cycle counts on benchmarks for x86_64, more coming soon
-- ALT_ECC_SIZE for reducing ecc heap use with fastmath when also using large RSA
- keys
-- Various compile warnings
-- Scan-build warning fixes
-- Changed a memcpy to memmove in the sniffer (if using sniffer please update)
-- No high level security fixes that requires an update though we always
- recommend updating to the latest
-
-
-# CyaSSL Release 3.3.0 (12/05/2014)
-
-- Countermeasuers for Handshake message duplicates, CHANGE CIPHER without
- FINISHED, and fast forward attempts. Thanks to Karthikeyan Bhargavan from
- the Prosecco team at INRIA Paris-Rocquencourt for the report.
-- FIPS version submitted
-- Removes SSLv2 Client Hello processing, can be enabled with OLD_HELLO_ALLOWED
-- User can set mimimum downgrade version with CyaSSL_SetMinVersion()
-- Small stack improvements at TLS/SSL layer
-- TLS Master Secret generation and Key Expansion are now exposed
-- Adds client side Secure Renegotiation, * not recommended *
-- Client side session ticket support, not fully tested with Secure Renegotiation
-- Allows up to 4096bit DHE at TLS Key Exchange layer
-- Handles non standard SessionID sizes in Hello Messages
-- PicoTCP Support
-- Sniffer now supports SNI Virtual Hosts
-- Sniffer now handles non HTTPS protocols using STARTTLS
-- Sniffer can now parse records with multiple messages
-- TI-RTOS updates
-- Fix for ColdFire optimized fp_digit read only in explicit 32bit case
-- ADH Cipher Suite ADH-AES128-SHA for EAP-FAST
-
-The CyaSSL manual is available at:
-http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 3.2.0 (09/10/2014)
-
-#### Release 3.2.0 CyaSSL has bug fixes and new features including:
-
-- ChaCha20 and Poly1305 crypto and suites
-- Small stack improvements for OCSP, CRL, TLS, DTLS
-- NTRU Encrypt and Decrypt benchmarks
-- Updated Visual Studio project files
-- Updated Keil MDK5 project files
-- Fix for DTLS sequence numbers with GCM/CCM
-- Updated HashDRBG with more secure struct declaration
-- TI-RTOS support and example Code Composer Studio project files
-- Ability to get enabled cipher suites, CyaSSL_get_ciphers()
-- AES-GCM/CCM/Direct support for Freescale mmCAU and CAU
-- Sniffer improvement checking for decrypt key setup
-- Support for raw ECC key import
-- Ability to convert ecc_key to DER, EccKeyToDer()
-- Security fix for RSA Padding check vulnerability reported by Intel Security
- Advanced Threat Research team
-
-The CyaSSL manual is available at:
-http://www.wolfssl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 3.1.0 (07/14/2014)
-
-#### Release 3.1.0 CyaSSL has bug fixes and new features including:
-
-- Fix for older versions of icc without 128-bit type
-- Intel ASM syntax for AES-NI
-- Updated NTRU support, keygen benchmark
-- FIPS check for minimum required HMAC key length
-- Small stack (--enable-smallstack) improvements for PKCS#7, ASN
-- TLS extension support for DTLS
-- Default I/O callbacks external to user
-- Updated example client with bad clock test
-- Ability to set optional ECC context info
-- Ability to enable/disable DH separate from opensslextra
-- Additional test key/cert buffers for CA and server
-- Updated example certificates
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 3.0.2 (05/30/2014)
-
-#### Release 3.0.2 CyaSSL has bug fixes and new features including:
-
-- Added the following cipher suites:
- * TLS_PSK_WITH_AES_128_GCM_SHA256
- * TLS_PSK_WITH_AES_256_GCM_SHA384
- * TLS_PSK_WITH_AES_256_CBC_SHA384
- * TLS_PSK_WITH_NULL_SHA384
- * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * TLS_DHE_PSK_WITH_NULL_SHA256
- * TLS_DHE_PSK_WITH_NULL_SHA384
- * TLS_DHE_PSK_WITH_AES_128_CCM
- * TLS_DHE_PSK_WITH_AES_256_CCM
-- Added AES-NI support for Microsoft Visual Studio builds.
-- Changed small stack build to be disabled by default.
-- Updated the Hash DRBG and provided a configure option to enable.
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 3.0.0 (04/29/2014)
-
-#### Release 3.0.0 CyaSSL has bug fixes and new features including:
-
-- FIPS release candidate
-- X.509 improvements that address items reported by Suman Jana with security
- researchers at UT Austin and UC Davis
-- Small stack size improvements, --enable-smallstack. Offloads large local
- variables to the heap. (Note this is not complete.)
-- Updated AES-CCM-8 cipher suites to use approved suite numbers.
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 2.9.4 (04/09/2014)
-
-#### Release 2.9.4 CyaSSL has bug fixes and new features including:
-
-- Security fixes that address items reported by Ivan Fratric of the Google
- Security Team
-- X.509 Unknown critical extensions treated as errors, report by Suman Jana with
- security researchers at UT Austin and UC Davis
-- Sniffer fixes for corrupted packet length and Jumbo frames
-- ARM thumb mode assembly fixes
-- Xcode 5.1 support including new clang
-- PIC32 MZ hardware support
-- CyaSSL Object has enough room to read the Record Header now w/o allocs
-- FIPS wrappers for AES, 3DES, SHA1, SHA256, SHA384, HMAC, and RSA.
-- A sample I/O pool is demonstrated with --enable-iopool to overtake memory
- handling and reduce memory fragmentation on I/O large sizes
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 2.9.0 (02/07/2014)
-
-#### Release 2.9.0 CyaSSL has bug fixes and new features including:
-- Freescale Kinetis RNGB support
-- Freescale Kinetis mmCAU support
-- TLS Hello extensions
- - ECC
- - Secure Renegotiation (null)
- - Truncated HMAC
-- SCEP support
- - PKCS #7 Enveloped data and signed data
- - PKCS #10 Certificate Signing Request generation
-- DTLS sliding window
-- OCSP Improvements
- - API change to integrate into Certificate Manager
- - IPv4/IPv6 agnostic
- - example client/server support for OCSP
- - OCSP nonces are optional
-- GMAC hashing
-- Windows build additions
-- Windows CYGWIN build fixes
-- Updated test certificates
-- Microchip MPLAB Harmony support
-- Update autoconf scripts
-- Additional X.509 inspection functions
-- ECC encrypt/decrypt primitives
-- ECC Certificate generation
-
-The Freescale Kinetis K53 RNGB documentation can be found in Chapter 33 of the
-K53 Sub-Family Reference Manual:
-http://cache.freescale.com/files/32bit/doc/ref_manual/K53P144M100SF2RM.pdf
-
-Freescale Kinetis K60 mmCAU (AES, DES, 3DES, MD5, SHA, SHA256) documentation
-can be found in the "ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library
-User Guide":
-http://cache.freescale.com/files/32bit/doc/user_guide/CAUAPIUG.pdf
-
-
-# CyaSSL Release 2.8.0 (8/30/2013)
-
-#### Release 2.8.0 CyaSSL has bug fixes and new features including:
-- AES-GCM and AES-CCM use AES-NI
-- NetX default IO callback handlers
-- IPv6 fixes for DTLS Hello Cookies
-- The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
-- SEP certificate extensions
-- Callback getters for easier resource freeing
-- External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
-- MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
-- Public Key Callbacks for ECC and RSA
-- Client now sends blank cert upon request if doesn't have one with TLS <= 1.2
-
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 2.7.0 (6/17/2013)
-
-#### Release 2.7.0 CyaSSL has bug fixes and new features including:
-- SNI support for client and server
-- KEIL MDK-ARM projects
-- Wildcard check to domain name match, and Subject altnames are checked too
-- Better error messages for certificate verification errors
-- Ability to discard session during handshake verify
-- More consistent error returns across all APIs
-- Ability to unload CAs at the CTX or CertManager level
-- Authority subject id support for Certificate matching
-- Persistent session cache functionality
-- Persistent CA cache functionality
-- Client session table lookups to push serverID table to library level
-- Camellia support to sniffer
-- User controllable settings for DTLS timeout values
-- Sniffer fixes for caching long lived sessions
-- DTLS reliability enhancements for the handshake
-- Better ThreadX support
-
-When compiling with Mingw, libtool may give the following warning due to
-path conversion errors:
-
-```
-libtool: link: Could not determine host file name corresponding to **
-libtool: link: Continuing, but uninstalled executables may not work.
-```
-
-If so, examples and testsuite will have problems when run, showing an
-error while loading shared libraries. To resolve, please run "make install".
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 2.6.0 (04/15/2013)
-
-#### Release 2.6.0 CyaSSL has bug fixes and new features including:
-- DTLS 1.2 support including AEAD ciphers
-- SHA-3 finalist Blake2 support, it's fast and uses little resources
-- SHA-384 cipher suites including ECC ones
-- HMAC now supports SHA-512
-- Track memory use for example client/server with -t option
-- Better IPv6 examples with --enable-ipv6, before if ipv6 examples/tests were
- turned on, localhost only was used. Now link-local (with scope ids) and ipv6
- hosts can be used as well.
-- Xcode v4.6 project for iOS v6.1 update
-- settings.h is now checked in all *.c files for true one file setting detection
-- Better alignment at SSL layer for hardware crypto alignment needs
- * Note, SSL itself isn't friendly to alignment with 5 byte TLS headers and
- 13 bytes DTLS headers, but every effort is now made to align with the
- CYASSL_GENERAL_ALIGNMENT flag which sets desired alignment requirement
-- NO_64BIT flag to turn off 64bit data type accumulators in public key code
- * Note, some systems are faster with 32bit accumulators
-- --enable-stacksize for example client/server stack use
- * Note, modern desktop Operating Systems may add bytes to each stack frame
-- Updated compression/decompression with direct crypto access
-- All ./configure options are now lowercase only for consistency
-- ./configure builds default to fastmath option
- * Note, if on ia32 and building in shared mode this may produce a problem
- with a missing register being available because of PIC, there are at least
- 5 solutions to this:
- 1) --disable-fastmath , don't use fastmath
- 2) --disable-shared, don't build a shared library
- 3) C_EXTRA_FLAGS=-DTFM_NO_ASM , turn off assembly use
- 4) use clang, it just seems to work
- 5) play around with no PIC options to force all registers being open
-- Many new ./configure switches for option enable/disable for example
- * rsa
- * dh
- * dsa
- * md5
- * sha
- * arc4
- * null (allow NULL ciphers)
- * oldtls (only use TLS 1.2)
- * asn (no certs or public keys allowed)
-- ./configure generates cyassl/options.h which allows a header the user can
- include in their app to make sure the same options are set at the app and
- CyaSSL level.
-- autoconf no longer needs serial-tests which lowers version requirements of
- automake to 1.11 and autoconf to 2.63
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.5.0 (02/04/2013)
-
-#### Release 2.5.0 CyaSSL has bug fixes and new features including:
-- Fix for TLS CBC padding timing attack identified by Nadhem Alfardan and
- Kenny Paterson: http://www.isg.rhul.ac.uk/tls/
-- Microchip PIC32 (MIPS16, MIPS32) support
-- Microchip MPLAB X example projects for PIC32 Ethernet Starter Kit
-- Updated CTaoCrypt benchmark app for embedded systems
-- 1024-bit test certs/keys and cert/key buffers
-- AES-CCM-8 crypto and cipher suites
-- Camellia crypto and cipher suites
-- Bumped minimum autoconf version to 2.65, automake version to 1.12
-- Addition of OCSP callbacks
-- STM32F2 support with hardware crypto and RNG
-- Cavium NITROX support
-
-CTaoCrypt now has support for the Microchip PIC32 and has been tested with
-the Microchip PIC32 Ethernet Starter Kit, the XC32 compiler and
-MPLAB X IDE in both MIPS16 and MIPS32 instruction set modes. See the README
-located under the <cyassl_root>/mplabx directory for more details.
-
-To add Cavium NITROX support do:
-
-./configure --with-cavium=/home/user/cavium/software
-
-pointing to your licensed cavium/software directory. Since Cavium doesn't
-build a library we pull in the cavium_common.o file which gives a libtool
-warning about the portability of this. Also, if you're using the github source
-tree you'll need to remove the -Wredundant-decls warning from the generated
-Makefile because the cavium headers don't conform to this warning. Currently
-CyaSSL supports Cavium RNG, AES, 3DES, RC4, HMAC, and RSA directly at the crypto
-layer. Support at the SSL level is partial and currently just does AES, 3DES,
-and RC4. RSA and HMAC are slower until the Cavium calls can be utilized in non
-blocking mode. The example client turns on cavium support as does the crypto
-test and benchmark. Please see the HAVE_CAVIUM define.
-
-CyaSSL is able to use the STM32F2 hardware-based cryptography and random number
-generator through the STM32F2 Standard Peripheral Library. For necessary
-defines, see the CYASSL_STM32F2 define in settings.h. Documentation for the
-STM32F2 Standard Peripheral Library can be found in the following document:
-http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.4.6 (12/20/2012)
-
-#### Release 2.4.6 CyaSSL has bug fixes and a few new features including:
-- ECC into main version
-- Lean PSK build (reduced code size, RAM usage, and stack usage)
-- FreeBSD CRL monitor support
-- CyaSSL_peek()
-- CyaSSL_send() and CyaSSL_recv() for I/O flag setting
-- CodeWarrior Support
-- MQX Support
-- Freescale Kinetis support including Hardware RNG
-- autoconf builds use jobserver
-- cyassl-config
-- Sniffer memory reductions
-
-Thanks to Brian Aker for the improved autoconf system, make rpm, cyassl-config,
-warning system, and general good ideas for improving CyaSSL!
-
-The Freescale Kinetis K70 RNGA documentation can be found in Chapter 37 of the
-K70 Sub-Family Reference Manual:
-http://cache.freescale.com/files/microcontrollers/doc/ref_manual/K70P256M150SF3RM.pdf
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-# CyaSSL Release 2.4.0 (10/10/2012)
-
-#### Release 2.4.0 CyaSSL has bug fixes and a few new features including:
-- DTLS reliability
-- Reduced memory usage after handshake
-- Updated build process
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.3.0 (8/10/2012)
-
-#### Release 2.3.0 CyaSSL has bug fixes and a few new features including:
-- AES-GCM crypto and cipher suites
-- make test cipher suite checks
-- Subject AltName processing
-- Command line support for client/server examples
-- Sniffer SessionTicket support
-- SHA-384 cipher suites
-- Verify cipher suite validity when user overrides
-- CRL dir monitoring
-- DTLS Cookie support, reliability coming soon
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.2.0 (5/18/2012)
-
-#### Release 2.2.0 CyaSSL has bug fixes and a few new features including:
-- Initial CRL support (--enable-crl)
-- Initial OCSP support (--enable-ocsp)
-- Add static ECDH suites
-- SHA-384 support
-- ECC client certificate support
-- Add medium session cache size (1055 sessions)
-- Updated unit tests
-- Protection against mutex reinitialization
-
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.0.8 (2/24/2012)
-
-#### Release 2.0.8 CyaSSL has bug fixes and a few new features including:
-- A fix for malicious certificates pointed out by Remi Gacogne (thanks)
- resulting in NULL pointer use.
-- Respond to renegotiation attempt with no_renegoatation alert
-- Add basic path support for load_verify_locations()
-- Add set Temp EC-DHE key size
-- Extra checks on rsa test when porting into
-
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.0.6 (1/27/2012)
-
-#### Release 2.0.6 CyaSSL has bug fixes and a few new features including:
-- Fixes for CA basis constraint check
-- CTX reference counting
-- Initial unit test additions
-- Lean and Mean Windows fix
-- ECC benchmarking
-- SSMTP build support
-- Ability to group handshake messages with set_group_messages(ctx/ssl)
-- CA cache addition callback
-- Export Base64_Encode for general use
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.0.2 (12/05/2011)
-
-#### Release 2.0.2 CyaSSL has bug fixes and a few new features including:
-- CTaoCrypt Runtime library detection settings when directly using the crypto
- library
-- Default certificate generation now uses SHAwRSA and adds SHA256wRSA generation
-- All test certificates now use 2048bit and SHA-1 for better modern browser
- support
-- Direct AES block access and AES-CTR (counter) mode
-- Microchip pic32 support
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-
-
-# CyaSSL Release 2.0.0rc3 (9/28/2011)
-
-#### Release 2.0.0rc3 for CyaSSL has bug fixes and a few new features including:
-- updated autoconf support
-- better make install and uninstall (uses system directories)
-- make test / make check
-- CyaSSL headers now in <cyassl/*.h>
-- CTaocrypt headers now in <cyassl/ctaocrypt/*.h>
-- OpenSSL compatibility headers now in <cyassl/openssl/*.h>
-- examples and tests all run from home directory so can use certs in ./certs
- (see note 1)
-
-So previous applications that used the OpenSSL compatibility header
-<openssl/ssl.h> now need to include <cyassl/openssl/ssl.h> instead, no other
-changes are required.
-
-Special Thanks to Brian Aker for his autoconf, install, and header patches.
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-# CyaSSL Release 2.0.0rc2 (6/6/2011)
-
-#### Release 2.0.0rc2 for CyaSSL has bug fixes and a few new features including:
-- bug fixes (Alerts, DTLS with DHE)
-- FreeRTOS support
-- lwIP support
-- Wshadow warnings removed
-- asn public header
-- CTaoCrypt public headers now all have ctc_ prefix (the manual is still being
- updated to reflect this change)
-- and more.
-
-This is the 2nd and perhaps final release candidate for version 2.
-Please send any comments or questions to support@yassl.com.
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-# CyaSSL Release 2.0.0rc1 (5/2/2011)
-
-#### Release 2.0.0rc1 for CyaSSL has many new features including:
-- bug fixes
-- SHA-256 cipher suites
-- Root Certificate Verification (instead of needing all certs in the chain)
-- PKCS #8 private key encryption (supports PKCS #5 v1-v2 and PKCS #12)
-- Serial number retrieval for x509
-- PBKDF2 and PKCS #12 PBKDF
-- UID parsing for x509
-- SHA-256 certificate signatures
-- Client and server can send chains (SSL_CTX_use_certificate_chain_file)
-- CA loading can now parse multiple certificates per file
-- Dynamic memory runtime hooks
-- Runtime hooks for logging
-- EDH on server side
-- More informative error codes
-- More informative logging messages
-- Version downgrade more robust (use SSL_v23*)
-- Shared build only by default through ./configure
-- Compiler visibility is now used, internal functions not polluting namespace
-- Single Makefile, no recursion, for faster and simpler building
-- Turn on all warnings possible build option, warning fixes
-- and more.
-
-Because of all the new features and the multiple OS, compiler, feature-set
-options that CyaSSL allows, there may be some configuration fixes needed.
-Please send any comments or questions to support@yassl.com.
-
-The CyaSSL manual is available at:
-http://www.yassl.com/documentation/CyaSSL-Manual.pdf. For build instructions
-and comments about the new features please check the manual.
-
-# CyaSSL Release 1.9.0 (3/2/2011)
-
-Release 1.9.0 for CyaSSL adds bug fixes, improved TLSv1.2 through testing and
-better hash/sig algo ids, --enable-webServer for the yaSSL embedded web server,
-improper AES key setup detection, user cert verify callback improvements, and
-more.
-
-The CyaSSL manual offering is included in the doc/ directory. For build
-instructions and comments about the new features please check the manual.
-
-Please send any comments or questions to support@yassl.com.
-
-# CyaSSL Release 1.8.0 (12/23/2010)
-
-Release 1.8.0 for CyaSSL adds bug fixes, x509 v3 CA signed certificate
-generation, a C standard library abstraction layer, lower memory use, increased
-portability through the os_settings.h file, and the ability to use NTRU cipher
-suites when used in conjunction with an NTRU license and library.
-
-The initial CyaSSL manual offering is included in the doc/ directory. For
-build instructions and comments about the new features please check the manual.
-
-Please send any comments or questions to support@yassl.com.
-
-Happy Holidays.
-
-
-# CyaSSL Release 1.6.5 (9/9/2010)
-
-Release 1.6.5 for CyaSSL adds bug fixes and x509 v3 self signed certificate
-generation.
-
-For general build instructions see doc/Building_CyaSSL.pdf.
-
-To enable certificate generation support add this option to ./configure
-./configure --enable-certgen
-
-An example is included in ctaocrypt/test/test.c and documentation is provided
-in doc/CyaSSL_Extensions_Reference.pdf item 11.
-
-# CyaSSL Release 1.6.0 (8/27/2010)
-
-Release 1.6.0 for CyaSSL adds bug fixes, RIPEMD-160, SHA-512, and RSA key
-generation.
-
-For general build instructions see doc/Building_CyaSSL.pdf.
-
-To add RIPEMD-160 support add this option to ./configure
-./configure --enable-ripemd
-
-To add SHA-512 support add this option to ./configure
-./configure --enable-sha512
-
-To add RSA key generation support add this option to ./configure
-./configure --enable-keygen
-
-Please see ctaocrypt/test/test.c for examples and usage.
-
-For Windows, RIPEMD-160 and SHA-512 are enabled by default but key generation is
-off by default. To turn key generation on add the define CYASSL_KEY_GEN to
-CyaSSL.
-
-
-# CyaSSL Release 1.5.6 (7/28/2010)
-
-Release 1.5.6 for CyaSSL adds bug fixes, compatibility for our JSSE provider,
-and a fix for GCC builds on some systems.
-
-For general build instructions see doc/Building_CyaSSL.pdf.
-
-To add AES-NI support add this option to ./configure
-./configure --enable-aesni
-
-You'll need GCC 4.4.3 or later to make use of the assembly.
-
-# CyaSSL Release 1.5.4 (7/7/2010)
-
-Release 1.5.4 for CyaSSL adds bug fixes, support for AES-NI, SHA1 speed
-improvements from loop unrolling, and support for the Mongoose Web Server.
-
-For general build instructions see doc/Building_CyaSSL.pdf.
-
-To add AES-NI support add this option to ./configure
-./configure --enable-aesni
-
-You'll need GCC 4.4.3 or later to make use of the assembly.
-
-# CyaSSL Release 1.5.0 (5/11/2010)
-
-Release 1.5.0 for CyaSSL adds bug fixes, GoAhead WebServer support, sniffer
-support, and initial swig interface support.
-
-For general build instructions see doc/Building_CyaSSL.pdf.
-
-To add support for GoAhead WebServer either --enable-opensslExtra or if you
-don't want all the features of opensslExtra you can just define GOAHEAD_WS
-instead. GOAHEAD_WS can be added to ./configure with CFLAGS=-DGOAHEAD_WS or
-you can define it yourself.
-
-To look at the sniffer support please see the sniffertest app in
-sslSniffer/sslSnifferTest. Build with --enable-sniffer on *nix or use the
-vcproj files on windows. You'll need to have pcap installed on *nix and
-WinPcap on windows.
-
-A swig interface file is now located in the swig directory for using Python,
-Java, Perl, and others with CyaSSL. This is initial support and experimental,
-please send questions or comments to support@yassl.com.
-
-When doing load testing with CyaSSL, on the echoserver example say, the client
-machine may run out of tcp ephemeral ports, they will end up in the TIME_WAIT
-queue, and can't be reused by default. There are generally two ways to fix
-this.
-
-1. Reduce the length sockets remain on the TIME_WAIT queue OR
-2. Allow items on the TIME_WAIT queue to be reused.
-
-
-To reduce the TIME_WAIT length in OS X to 3 seconds (3000 milliseconds)
-
-`sudo sysctl -w net.inet.tcp.msl=3000`
-
-In Linux
-
-`sudo sysctl -w net.ipv4.tcp_tw_reuse=1`
-
-allows reuse of sockets in TIME_WAIT
-
-`sudo sysctl -w net.ipv4.tcp_tw_recycle=1`
-
-works but seems to remove sockets from TIME_WAIT entirely?
-
-`sudo sysctl -w net.ipv4.tcp_fin_timeout=1`
-
-doen't control TIME_WAIT, it controls FIN_WAIT(2) contrary to some posts
-
-
-# CyaSSL Release 1.4.0 (2/18/2010)
-
-Release 1.3.0 for CyaSSL adds bug fixes, better multi TLS/SSL version support
-through SSLv23_server_method(), and improved documentation in the doc/ folder.
-
-For general build instructions doc/Building_CyaSSL.pdf.
-
-# CyaSSL Release 1.3.0 (1/21/2010)
-
-Release 1.3.0 for CyaSSL adds bug fixes, a potential security problem fix,
-better porting support, removal of assert()s, and a complete THREADX port.
-
-For general build instructions see rc1 below.
-
-# CyaSSL Release 1.2.0 (11/2/2009)
-
-Release 1.2.0 for CyaSSL adds bug fixes and session negotiation if first use is
-read or write.
-
-For general build instructions see rc1 below.
-
-# CyaSSL Release 1.1.0 (9/2/2009)
-
-Release 1.1.0 for CyaSSL adds bug fixes, a check against malicious session
-cache use, support for lighttpd, and TLS 1.2.
-
-To get TLS 1.2 support please use the client and server functions:
-
-```c
-SSL_METHOD *TLSv1_2_server_method(void);
-SSL_METHOD *TLSv1_2_client_method(void);
-```
-
-CyaSSL was tested against lighttpd 1.4.23. To build CyaSSL for use with
-lighttpd use the following commands from the CyaSSL install dir <CyaSSLDir>:
-
-```
-./configure --disable-shared --enable-opensslExtra --enable-fastmath --without-zlib
-
-make
-make openssl-links
-```
-
-Then to build lighttpd with CyaSSL use the following commands from the
-lighttpd install dir:
-
-```
-./configure --with-openssl --with-openssl-includes=<CyaSSLDir>/include --with-openssl-libs=<CyaSSLDir>/lib LDFLAGS=-lm
-
-make
-```
-
-On some systems you may get a linker error about a duplicate symbol for
-MD5_Init or other MD5 calls. This seems to be caused by the lighttpd src file
-md5.c, which defines MD5_Init(), and is included in liblightcomp_la-md5.o.
-When liblightcomp is linked with the SSL_LIBs the linker may complain about
-the duplicate symbol. This can be fixed by editing the lighttpd src file md5.c
-and adding this line to the beginning of the file:
-
-\#if 0
-
-and this line to the end of the file
-
-\#endif
-
-Then from the lighttpd src dir do a:
-
-```
-make clean
-make
-```
-
-If you get link errors about undefined symbols more than likely the actual
-OpenSSL libraries are found by the linker before the CyaSSL openssl-links that
-point to the CyaSSL library, causing the linker confusion. This can be fixed
-by editing the Makefile in the lighttpd src directory and changing the line:
-
-`SSL_LIB = -lssl -lcrypto`
-
-to
-
-`SSL_LIB = -lcyassl`
-
-Then from the lighttpd src dir do a:
-
-```
-make clean
-make
-```
-
-This should remove any confusion the linker may be having with missing symbols.
-
-For any questions or concerns please contact support@yassl.com .
-
-For general build instructions see rc1 below.
-
-# CyaSSL Release 1.0.6 (8/03/2009)
-
-Release 1.0.6 for CyaSSL adds bug fixes, an improved session cache, and faster
-math with a huge code option.
-
-The session cache now defaults to a client mode, also good for embedded servers.
-For servers not under heavy load (less than 200 new sessions per minute), define
-BIG_SESSION_CACHE. If the server will be under heavy load, define
-HUGE_SESSION_CACHE.
-
-There is now a fasthugemath option for configure. This enables fastmath plus
-even faster math by greatly increasing the code size of the math library. Use
-the benchmark utility to compare public key operations.
-
-
-For general build instructions see rc1 below.
-
-# CyaSSL Release 1.0.3 (5/10/2009)
-
-Release 1.0.3 for CyaSSL adds bug fixes and add increased support for OpenSSL
-compatibility when building other applications.
-
-Release 1.0.3 includes an alpha release of DTLS for both client and servers.
-This is only for testing purposes at this time. Rebroadcast and reordering
-aren't fully implemented at this time but will be for the next release.
-
-For general build instructions see rc1 below.
-
-# CyaSSL Release 1.0.2 (4/3/2009)
-
-Release 1.0.2 for CyaSSL adds bug fixes for a couple I/O issues. Some systems
-will send a SIGPIPE on socket recv() at any time and this should be handled by
-the application by turning off SIGPIPE through setsockopt() or returning from
-the handler.
-
-Release 1.0.2 includes an alpha release of DTLS for both client and servers.
-This is only for testing purposes at this time. Rebroadcast and reordering
-aren't fully implemented at this time but will be for the next release.
-
-For general build instructions see rc1 below.
-
-## CyaSSL Release Candidiate 3 rc3-1.0.0 (2/25/2009)
-
-
-Release Candidate 3 for CyaSSL 1.0.0 adds bug fixes and adds a project file for
-iPhone development with Xcode. cyassl-iphone.xcodeproj is located in the root
-directory. This release also includes a fix for supporting other
-implementations that bundle multiple messages at the record layer, this was
-lost when cyassl i/o was re-implemented but is now fixed.
-
-For general build instructions see rc1 below.
-
-## CyaSSL Release Candidiate 2 rc2-1.0.0 (1/21/2009)
-
-
-Release Candidate 2 for CyaSSL 1.0.0 adds bug fixes and adds two new stream
-ciphers along with their respective cipher suites. CyaSSL adds support for
-HC-128 and RABBIT stream ciphers. The new suites are:
-
-```
-TLS_RSA_WITH_HC_128_SHA
-TLS_RSA_WITH_RABBIT_SHA
-```
-
-And the corresponding cipher names are
-
-```
-HC128-SHA
-RABBIT-SHA
-```
-
-CyaSSL also adds support for building with devkitPro for PPC by changing the
-library proper to use libogc. The examples haven't been changed yet but if
-there's interest they can be. Here's an example ./configure to build CyaSSL
-for devkitPro:
-
-```
-./configure --disable-shared CC=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/pathTo/devkitpro/devkitPPC/bin/powerpc-gekko-ranlib CFLAGS="-DDEVKITPRO -DGEKKO"
-```
-
-For linking purposes you'll need
-
-`LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"`
-
-For general build instructions see rc1 below.
-
-
-## CyaSSL Release Candidiate 1 rc1-1.0.0 (12/17/2008)
-
-
-Release Candidate 1 for CyaSSL 1.0.0 contains major internal changes. Several
-areas have optimization improvements, less dynamic memory use, and the I/O
-strategy has been refactored to allow alternate I/O handling or Library use.
-Many thanks to Thierry Fournier for providing these ideas and most of the work.
-
-Because of these changes, this release is only a candidate since some problems
-are probably inevitable on some platform with some I/O use. Please report any
-problems and we'll try to resolve them as soon as possible. You can contact us
-at support@yassl.com or todd@yassl.com.
-
-Using TomsFastMath by passing --enable-fastmath to ./configure now uses assembly
-on some platforms. This is new so please report any problems as every compiler,
-mode, OS combination hasn't been tested. On ia32 all of the registers need to
-be available so be sure to pass these options to CFLAGS:
-
-`CFLAGS="-O3 -fomit-frame-pointer"`
-
-OS X will also need -mdynamic-no-pic added to CFLAGS
-
-Also if you're building in shared mode for ia32 you'll need to pass options to
-LDFLAGS as well on OS X:
-
-`LDFLAGS=-Wl,-read_only_relocs,warning`
-
-This gives warnings for some symbols but seems to work.
-
-
-#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
-
- ./configure
- make
-
- from the ./testsuite/ directory run ./testsuite
-
-#### To make a debug build:
-
- ./configure --enable-debug --disable-shared
- make
-
-
-
-#### To build on Win32
-
-Choose (Re)Build All from the project workspace
-
-Run the testsuite program
-
-
-
-
-
-# CyaSSL version 0.9.9 (7/25/2008)
-
-This release of CyaSSL adds bug fixes, Pre-Shared Keys, over-rideable memory
-handling, and optionally TomsFastMath. Thanks to Moisés Guimarães for the
-work on TomsFastMath.
-
-To optionally use TomsFastMath pass --enable-fastmath to ./configure
-Or define USE_FAST_MATH in each project from CyaSSL for MSVC.
-
-Please use the benchmark routine before and after to see the performance
-difference, on some platforms the gains will be little but RSA encryption
-always seems to be faster. On x86-64 machines with GCC the normal math library
-may outperform the fast one when using CFLAGS=-m64 because TomsFastMath can't
-yet use -m64 because of GCCs inability to do 128bit division.
-
- *** UPDATE GCC 4.2.1 can now do 128bit division ***
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.9.8 (5/7/2008)
-
-This release of CyaSSL adds bug fixes, client side Diffie-Hellman, and better
-socket handling.
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.9.6 (1/31/2008)
-
-This release of CyaSSL adds bug fixes, increased session management, and a fix
-for gnutls.
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.9.0 (10/15/2007)
-
-This release of CyaSSL adds bug fixes, MSVC 2005 support, GCC 4.2 support,
-IPV6 support and test, and new test certificates.
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.8.0 (1/10/2007)
-
-This release of CyaSSL adds increased socket support, for non-blocking writes,
-connects, and interrupted system calls.
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.6.3 (10/30/2006)
-
-This release of CyaSSL adds debug logging to stderr to aid in the debugging of
-CyaSSL on systems that may not provide the best support.
-
-If CyaSSL is built with debugging support then you need to call
-CyaSSL_Debugging_ON() to turn logging on.
-
-On Unix use ./configure --enable-debug
-
-On Windows define DEBUG_CYASSL when building CyaSSL
-
-
-To turn logging back off call CyaSSL_Debugging_OFF()
-
-See notes below (0.2.0) for complete build instructions.
-
-
-# CyaSSL version 0.6.2 (10/29/2006)
-
-This release of CyaSSL adds TLS 1.1.
-
-Note that CyaSSL has certificate verification on by default, unlike OpenSSL.
-To emulate OpenSSL behavior, you must call SSL_CTX_set_verify() with
-SSL_VERIFY_NONE. In order to have full security you should never do this,
-provide CyaSSL with the proper certificates to eliminate impostors and call
-CyaSSL_check_domain_name() to prevent man in the middle attacks.
-
-See notes below (0.2.0) for build instructions.
-
-# CyaSSL version 0.6.0 (10/25/2006)
-
-This release of CyaSSL adds more SSL functions, better autoconf, nonblocking
-I/O for accept, connect, and read. There is now an --enable-small configure
-option that turns off TLS, AES, DES3, HMAC, and ERROR_STRINGS, see configure.in
-for the defines. Note that TLS requires HMAC and AES requires TLS.
-
-See notes below (0.2.0) for build instructions.
-
-
-# CyaSSL version 0.5.5 (09/27/2006)
-
-This mini release of CyaSSL adds better input processing through buffered input
-and big message support. Added SSL_pending() and some sanity checks on user
-settings.
-
-See notes below (0.2.0) for build instructions.
-
-
-# CyaSSL version 0.5.0 (03/27/2006)
-
-This release of CyaSSL adds AES support and minor bug fixes.
-
-See notes below (0.2.0) for build instructions.
-
-
-# CyaSSL version 0.4.0 (03/15/2006)
-
-This release of CyaSSL adds TLSv1 client/server support and libtool.
-
-See notes below for build instructions.
-
-
-# CyaSSL version 0.3.0 (02/26/2006)
-
-This release of CyaSSL adds SSLv3 server support and session resumption.
-
-See notes below for build instructions.
-
-
-# CyaSSL version 0.2.0 (02/19/2006)
-
-
-This is the first release of CyaSSL and its crypt brother, CTaoCrypt. CyaSSL
-is written in ANSI C with the idea of a small code size, footprint, and memory
-usage in mind. CTaoCrypt can be as small as 32K, and the current client
-version of CyaSSL can be as small as 12K.
-
-
-The first release of CTaoCrypt supports MD5, SHA-1, 3DES, ARC4, Big Integer
-Support, RSA, ASN parsing, and basic x509 (en/de)coding.
-
-The first release of CyaSSL supports normal client RSA mode SSLv3 connections
-with support for SHA-1 and MD5 digests. Ciphers include 3DES and RC4.
-
-
-#### To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
-
- ./configure
- make
+More info can be found on-line at https://wolfssl.com/wolfSSL/Docs.html
- from the ./testsuite/ directory run ./testsuite
-#### to make a debug build:
- ./configure --enable-debug --disable-shared
- make
+*** Resources ***
+[wolfSSL Website](https://www.wolfssl.com/)
-#### To build on Win32
+[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)
-Choose (Re)Build All from the project workspace
+[FIPS FAQ](https://wolfssl.com/license/fips)
-Run the testsuite program
+[wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)
+[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)
+[wolfSSL API Reference]
+(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)
-*** The next release of CyaSSL will support a server and more OpenSSL
-compatibility functions.
+[wolfCrypt API Reference]
+(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)
+[TLS 1.3](https://www.wolfssl.com/docs/tls13/)
-Please send questions or comments to todd@yassl.com
+[wolfSSL Vulnerabilities]
+(https://www.wolfssl.com/docs/security-vulnerabilities/)
View Lorry Controller Status