Merge pull request #101 from cconlon/0415

Release Prep and Fixes
wolfSSL · May 3, 2022 · 7145792 · 7145792
2 parents e56b05b + 8849604
commit 7145792
Show file tree

Hide file tree

Showing 59 changed files with 642 additions and 367 deletions.
diff --git a/IDE/Android/build.gradle b/IDE/Android/build.gradle
@@ -7,7 +7,7 @@ buildscript {
 
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:4.2.2'
+        classpath 'com.android.tools.build:gradle:7.1.3'
 
         // NOTE: Do not place your application dependencies here; they belong
         // in the individual module build.gradle files

diff --git a/IDE/Android/gradle/wrapper/gradle-wrapper.properties b/IDE/Android/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 #Thu Nov 04 15:51:08 MDT 2021
 distributionBase=GRADLE_USER_HOME
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
diff --git a/README.md b/README.md
@@ -1,11 +1,17 @@
 
 # wolfSSL JSSE Provider and JNI Wrapper
 
-This package provides both a wolfSSL Java JSSE provider (**wolfJSSE**), and a
-thin JNI-based interface to the native
-[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/).
-These provide Java applications with SSL/TLS support up to the current
-[TLS 1.3](https://www.wolfssl.com/tls13) protocol standard.
+This package provides Java support for the
+[wolfSSL embedded SSL/TLS library](https://www.wolfssl.com/products/wolfssl/),
+giving applications support for SSL/TLS up to the current
+[TLS 1.3](https://www.wolfssl.com/tls13) protocol level.
+It contains both a wolfSSL **JSSE** (Java Secure Socket Extension) provider,
+called **wolfJSSE**, and a thin JNI-based interface that wraps the native C
+library.
+
+wolfSSL also provides a **JCE** (Java Cryptography Extension) provider that
+wraps native wolfCrypt. This can be found in a separate repository, located
+[here](https://github.com/wolfSSL/wolfcrypt-jni).
 
 ## Why use wolfJSSE?
 
@@ -19,10 +25,10 @@ and more!
 
 ## User Manual
 
-The wolfSSL JNI/JSSE Manual is available on wolfssl.com:
+The wolfSSL JNI/JSSE Manual is available on the wolfSSL website:
 [wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf).
 
-For additional build instructions and more detailed comments, please check
+For additional build instructions and more detailed comments, please reference
 the manual.
 
 ## Building
@@ -40,11 +46,12 @@ Build targets for ant are :
 * **ant clean**     (cleans all Java artifacts)
 * **ant cleanjni**  (cleans native artifacts)
 
-wolfJSSE currently supports compilation on Linux/Unix and Android.
+wolfJSSE currently supports compilation on Linux/Unix, OSX, and Android.
 
-To build wolfJSSE on Linux, first download, compile, and install wolfSSL.
-wolfSSL can be downloaded from the wolfSSL download page or cloned from
-GitHub.
+To build wolfJSSE in Linux/Unix environments, first download, compile, and
+install wolfSSL. wolfSSL can be downloaded from the wolfSSL
+[download page](https://www.wolfssl.com/download/) or cloned from
+[GitHub](https://github.com/wolfssl/wolfssl).
 
 ```
 $ unzip wolfssl-X.X.X.zip
@@ -60,6 +67,7 @@ Then, to build wolfJSSE:
 $ cd wolfssljni
 $ ./java.sh
 $ ant
+$ export JUNIT_HOME=/path/to/junit/jars
 $ ant test
 ```
 
@@ -82,7 +90,7 @@ $ ./examples/provider/ClientJSSE.sh
 Examples of using wolfssljni can be found in the `./examples` subdirectory.
 See [examples/README.md](./examples/README.md) for more details.
 
-Examples of using wolfJSSE can be found in the `./examples/provider`
+Examples of using the wolfJSSE provider can be found in the `./examples/provider`
 subdirectory. See [examples/provider/README.md](./examples/provider/README.md)
 for more details.
 
@@ -106,23 +114,24 @@ Android AOSP at the system-level.
 
 An example Android Studio application is included in this package, to show
 users how they could include the wolfSSL native and wolfSSL JNI/JSSE sources
-in an Androi Studio application. For more details, see the Android Studio
+in an Android Studio application. For more details, see the Android Studio
 project and README.md located in the [./IDE/Android](./IDE/Android) directory.
 
 Using wolfJSSE at the application level will allow developers to register
 wolfJSSE as a Security provider at the application scope. The application can
-they use the Java Security API for SSL/TLS operations which will then use the
+use the Java Security API for SSL/TLS operations which will then use the
 underlying wolfJSSE provider (and subsequently native wolfSSL).
 
-Applications can add the wolfJSSE provider using:
+Applications can register the wolfJSSE provider using:
 
 ```
 import com.wolfssl.provider.jsse.WolfSSLProvider;
 ...
 Security.addProvider(new WolfSSLProvider());
 ```
 
-To instead insert the WolfSSLProvider as the top priority provider:
+To instead insert the WolfSSLProvider as the top priority provider, or at
+a specified index (note: indexing starts at 1):
 
 ```
 import com.wolfssl.provider.jsse.WolfSSLProvider;
@@ -148,12 +157,38 @@ Additional instructions can be found on the wolfSSL.com website:
 
 ## Release Notes
 
-### wolfSSL JNI Release X.X.X (TBD)
-
-Release X.X.X has bug fixes and new features including:
-
-* Removal of HC-128 stream cipher support. Native wolfSSL removed HC-128
-support in [PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+### wolfSSL JNI Release 1.9.0 (TBD)
+
+Release 1.9.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add synchronization to class cleanup/free routines (PR 78)
+* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
+* Add support for newer Java versions (ex: Java 17) (PR 90)
+* Remove HC-128 support (PR 94). Native wolfSSL removed with
+[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove RABBIT support (PR 96). Native wolfSSL removed with
+[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove IDEA support (PR 97). Native wolfSSL removed in
+[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
+* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
+* Add Socket timeout support for native SSL\_connect/write() (PR 95)
+* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
+* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
+* Fix WolfSSLSocket to test if close() called before object init (PR 88)
+* Add support for loading default system CA certs on Java 9+ (PR 89)
+* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
+
+**Example Changes:**
+* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
+* Add option to ClientJSSE to do one session resumption (PR 80)
+* Update example certificates and keys (PR 81)
+
+**Documentation Changes:**
+* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
+
+**Testing Changes:**
+* Update junit dependency to 4.13.2 (PR 91)
 
 The wolfSSL JNI Manual is available at:
 http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build

diff --git a/examples/certs/ca-cert.pem b/examples/certs/ca-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            7d:94:70:88:ba:07:42:8d:aa:af:4f:be:c2:1a:48:f0:d1:40:e6:42
+            26:8c:93:f9:f9:f4:1e:b3:01:72:94:55:67:6d:e2:f8:3d:da:e9:f4
         Signature Algorithm: sha256WithRSAEncryption
         Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = [email protected]
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = [email protected]
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -38,7 +38,7 @@ Certificate:
             X509v3 Authority Key Identifier: 
                 keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
                 DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/[email protected]
-                serial:7D:94:70:88:BA:07:42:8D:AA:AF:4F:BE:C2:1A:48:F0:D1:40:E6:42
+                serial:26:8C:93:F9:F9:F4:1E:B3:01:72:94:55:67:6D:E2:F8:3D:DA:E9:F4
 
             X509v3 Basic Constraints: 
                 CA:TRUE
@@ -47,27 +47,27 @@ Certificate:
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication
     Signature Algorithm: sha256WithRSAEncryption
-         b0:71:bb:ba:45:5a:80:25:02:a4:7e:88:0b:a9:7b:fd:b0:bb:
-         f6:46:b5:ba:f4:c7:e3:61:20:8c:03:15:66:f5:e4:54:82:ef:
-         13:80:97:22:67:c1:d1:88:5d:e2:2d:57:f6:e0:9f:69:d6:b1:
-         5c:b6:e8:e0:98:89:c8:14:12:d6:b6:89:8d:6c:b9:a0:59:4f:
-         92:ee:11:53:6b:7d:93:4a:69:0a:85:d9:d5:d2:62:e8:c9:b5:
-         c6:4e:17:f5:0a:e8:f3:2d:86:61:0b:eb:c4:c4:c6:67:75:ed:
-         9a:9f:53:a0:71:1e:a0:90:0d:f9:03:b4:bc:86:19:6e:f0:3b:
-         4f:e8:ed:68:f6:e7:23:43:3b:36:83:83:4b:46:a0:9a:01:d0:
-         c7:85:bb:7d:94:a0:21:3d:7e:3c:6a:3d:81:db:41:7b:46:d8:
-         15:62:d5:8f:4d:3d:c0:db:9a:c5:81:a8:ac:da:87:99:c7:dd:
-         b9:f1:14:af:d1:93:e3:f3:42:d7:a2:04:51:21:54:29:c3:45:
-         f6:be:5c:fa:cd:db:bf:2f:79:81:42:e5:8f:47:0b:d4:54:01:
-         b5:c2:4a:46:d6:a8:31:2e:64:80:3f:48:61:91:29:f3:aa:43:
-         5c:69:6e:f1:01:b9:df:63:71:3d:b9:5a:fb:36:c0:11:a2:c3:
-         30:9d:95:c3
+         62:e4:1b:28:3c:9d:d2:60:a9:55:be:6a:f6:20:f2:da:e8:a1:
+         1a:97:b1:90:77:82:ed:c7:77:29:53:33:18:10:62:e0:bd:93:
+         1b:d2:d6:a1:80:43:1d:64:f1:42:92:ec:b7:b8:f0:6b:da:59:
+         83:f4:b8:87:e6:fc:70:21:ea:62:32:70:68:14:0e:dc:b4:f1:
+         66:e2:6e:ab:d2:72:6f:da:df:71:f6:3d:27:97:7d:be:e1:d1:
+         ac:16:ad:d7:4f:aa:9d:0c:1e:6e:a9:5e:7d:57:5b:3c:c7:6d:
+         d2:f2:5c:c3:dc:3d:36:99:8e:ab:c0:7f:13:a5:f4:67:8b:e2:
+         a6:51:31:f1:03:91:00:a8:c4:c5:1d:7f:35:62:b8:1d:a0:a5:
+         ab:ec:32:68:ee:f3:ca:48:16:9f:f4:1e:7e:ea:fa:b0:86:15:
+         52:36:6c:4b:58:44:a7:eb:20:78:6e:7e:e8:00:40:ac:98:d8:
+         53:f3:13:4b:b8:98:66:50:63:ed:af:e5:a4:f6:c9:90:1c:84:
+         0a:09:45:2f:a1:e1:37:63:b5:43:8c:a0:2e:7f:c4:d4:e1:ae:
+         b7:b9:45:13:f8:70:d5:79:06:4f:82:83:4b:98:d7:56:47:64:
+         9a:6a:6d:8e:7a:9d:ef:83:0f:6b:75:0e:47:22:92:f3:b4:b2:
+         84:61:1f:1c
 -----BEGIN CERTIFICATE-----
-MIIE/zCCA+egAwIBAgIUfZRwiLoHQo2qr0++whpI8NFA5kIwDQYJKoZIhvcNAQEL
+MIIE/zCCA+egAwIBAgIUJoyT+fn0HrMBcpRVZ23i+D3a6fQwDQYJKoZIhvcNAQEL
 BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
 b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZQxCzAJ
+bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZQxCzAJ
 BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw
 DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP
 d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t
@@ -82,12 +82,12 @@ BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD
 VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
 A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
 dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU
-fZRwiLoHQo2qr0++whpI8NFA5kIwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
+JoyT+fn0HrMBcpRVZ23i+D3a6fQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl
 eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-DQYJKoZIhvcNAQELBQADggEBALBxu7pFWoAlAqR+iAupe/2wu/ZGtbr0x+NhIIwD
-FWb15FSC7xOAlyJnwdGIXeItV/bgn2nWsVy26OCYicgUEta2iY1suaBZT5LuEVNr
-fZNKaQqF2dXSYujJtcZOF/UK6PMthmEL68TExmd17ZqfU6BxHqCQDfkDtLyGGW7w
-O0/o7Wj25yNDOzaDg0tGoJoB0MeFu32UoCE9fjxqPYHbQXtG2BVi1Y9NPcDbmsWB
-qKzah5nH3bnxFK/Rk+PzQteiBFEhVCnDRfa+XPrN278veYFC5Y9HC9RUAbXCSkbW
-qDEuZIA/SGGRKfOqQ1xpbvEBud9jcT25Wvs2wBGiwzCdlcM=
+DQYJKoZIhvcNAQELBQADggEBAGLkGyg8ndJgqVW+avYg8trooRqXsZB3gu3HdylT
+MxgQYuC9kxvS1qGAQx1k8UKS7Le48GvaWYP0uIfm/HAh6mIycGgUDty08WbibqvS
+cm/a33H2PSeXfb7h0awWrddPqp0MHm6pXn1XWzzHbdLyXMPcPTaZjqvAfxOl9GeL
+4qZRMfEDkQCoxMUdfzViuB2gpavsMmju88pIFp/0Hn7q+rCGFVI2bEtYRKfrIHhu
+fugAQKyY2FPzE0u4mGZQY+2v5aT2yZAchAoJRS+h4TdjtUOMoC5/xNThrre5RRP4
+cNV5Bk+Cg0uY11ZHZJpqbY56ne+DD2t1DkcikvO0soRhHxw=
 -----END CERTIFICATE-----
diff --git a/examples/certs/ca-ecc-cert.pem b/examples/certs/ca-ecc-cert.pem
@@ -2,12 +2,12 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            2f:c0:2c:fe:1f:6a:5a:0b:dd:f6:08:63:99:42:7e:19:92:fa:dc:32
+            29:bf:2b:cd:bf:55:54:49:85:b3:69:4e:e1:85:37:79:1e:81:f9:c2
         Signature Algorithm: ecdsa-with-SHA256
         Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = [email protected]
         Validity
-            Not Before: Dec 20 23:07:24 2021 GMT
-            Not After : Sep 15 23:07:24 2024 GMT
+            Not Before: Feb 15 12:50:24 2022 GMT
+            Not After : Nov 11 12:50:24 2024 GMT
         Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = [email protected]
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
@@ -31,23 +31,23 @@ Certificate:
             X509v3 Key Usage: critical
                 Digital Signature, Certificate Sign, CRL Sign
     Signature Algorithm: ecdsa-with-SHA256
-         30:45:02:21:00:f2:a0:7a:0f:66:05:ec:81:a2:94:6a:31:e0:
-         0d:ee:8f:6a:ed:63:33:0e:27:31:b3:cf:c8:a0:0e:5b:88:51:
-         fa:02:20:51:0f:26:46:95:37:8e:49:4e:b0:4d:cd:b1:65:fe:
-         2d:43:ab:20:c7:83:70:44:11:13:86:a5:9b:3b:34:24:f2
+         30:44:02:20:78:ed:4c:1c:a7:2d:b3:35:0b:1d:46:a3:37:31:
+         0b:8a:05:39:c8:28:31:58:35:f1:98:f7:4b:72:c0:4f:e6:7f:
+         02:20:02:f2:09:2b:3a:e1:36:92:bf:58:6a:03:12:2d:79:e6:
+         bd:06:45:61:b9:0e:39:e1:9c:f0:a8:2e:0b:1e:8c:b2
 -----BEGIN CERTIFICATE-----
-MIIClTCCAjugAwIBAgIUL8As/h9qWgvd9ghjmUJ+GZL63DIwCgYIKoZIzj0EAwIw
+MIIClDCCAjugAwIBAgIUKb8rzb9VVEmFs2lO4YU3eR6B+cIwCgYIKoZIzj0EAwIw
 gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT
 ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY
 MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv
-bGZzc2wuY29tMB4XDTIxMTIyMDIzMDcyNFoXDTI0MDkxNTIzMDcyNFowgZcxCzAJ
+bGZzc2wuY29tMB4XDTIyMDIxNTEyNTAyNFoXDTI0MTExMTEyNTAyNFowgZcxCzAJ
 BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl
 MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE
 AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu
 Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t
 KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj
 MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO
 msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMAoGCCqGSM49BAMCA0gAMEUCIQDyoHoPZgXsgaKUajHgDe6Pau1jMw4nMbPP
-yKAOW4hR+gIgUQ8mRpU3jklOsE3NsWX+LUOrIMeDcEQRE4almzs0JPI=
+AgGGMAoGCCqGSM49BAMCA0cAMEQCIHjtTBynLbM1Cx1GozcxC4oFOcgoMVg18Zj3
+S3LAT+Z/AiAC8gkrOuE2kr9YagMSLXnmvQZFYbkOOeGc8KguCx6Msg==
 -----END CERTIFICATE-----
diff --git a/examples/certs/client-cert.der b/examples/certs/client-cert.der