From d0edc8a14f53c49ea58881b982abb3891636237a Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 9 Apr 2024 12:11:05 -0600 Subject: [PATCH 1/3] Update ChangeLog for 1.13 release, move to separate file --- ChangeLog.md | 385 +++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 295 +-------------------------------------- 2 files changed, 390 insertions(+), 290 deletions(-) create mode 100644 ChangeLog.md diff --git a/ChangeLog.md b/ChangeLog.md new file mode 100644 index 00000000..0d42277a --- /dev/null +++ b/ChangeLog.md @@ -0,0 +1,385 @@ +### wolfSSL JNI Release 1.13.0 (4/9/2024) + +Release 1.13.0 has bug fixes and new features including: + +**New JSSE Functionality:** +* Add `SSLSocket.getApplicationProtocol()`, returns negotiated ALPN protocol (PR 150) +* Add native `WOLFSSL_TRUST_PEER_CERT` support in `WolfSSLTrustX509` (PR 154) +* Add implementation of `javax.net.ssl.X509ExtendedTrustManager` (PR 159) +* Add `getSSLParameters()` to `SSLEngine` and `SSLSocket` (PR 159) +* Add `getHandshakeSession()` to `SSLSocket` (PR 159) +* Convert `SSLSession` to `ExtendedSSLSession`, add `getRequestedServerNames()` (PR 159) +* Add ALPN API support to `SSLSocket` and `SSLEngine` with tests (PR 163) +* Add implementation of `X509ExtendedKeyManager` (PR 167) + +**JSSE System/Security Property Support:** +* Add partial support for `jdk.tls.disabledAlgorithms` Security property (PR 136) +* Add support for `wolfjsse.enabledCipherSuites` Security property (PR 136) +* Add support for `wolfjsse.enabledSignatureAlgorithms` Security property (PR 136) +* Add support for `wolfjsse.enabledSupportedCurves` Security property (PR 143) + +**JSSE Changes:** +* Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122) +* Add synchronization to SSLEngine read/write buffers (PR 124) +* Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128) +* Improve `SSLEngine.unwrap()` for better efficiency (PR 137) +* Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138) +* Add synchronization around `WolfSSLAuthStore` lock (PR 139) +* Fixes and improvements to `SSLSocket`/`SSLEngine` session resumption (PR 139, 144) +* Fix for `X509TrustManager` to not add root CA twice in returned chains (PR 140) +* Add synchronization around native pointer use and active states (PR 142) +* Fix for `SSLSocket` to fall back to I/O callbacks if setting internal fd fails (PR 145) +* Fix `SSLSocket` TLS 1.3 session cache and threading issues (PR 149) +* Throw `SocketException` if native socket `select()` fails (PR 151) +* Only call `InetAddress.getHostName()` when `jdk.tls.trustNameService` is true (PR 134) +* Fix for `SSLSession.getPeerCertificate()` and cached certs during resumption (PR 162) +* Save session at correct time for resumption in SSLEngine (PR 165) +* Check TLS 1.3 session for ticket before saving to Java client cache (PR 175) +* Fixes for `SSLEngine.setWantClientAuth()` (PR 172) +* Release native verify callback when `SSLEngine` is closed (PR 180) +* Avoid extra Java array allocation in `SSLSocket` InputStream/OutputStream (PR 183) + +**New JNI Wrapped APIs and Functionality:** +* `wolfSSL_CTX_SetTmpDH()` and `wolfSSL_CTX_SetTmpDH_file()` (PR 136) +* `wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz()` (PR 136) +* `wolfSSL_set1_sigalgs_list()` (PR 136) +* `wolfSSL_CTX_UseSupportedCurve()` (PR 158) +* `wolfSSL_X509_check_host()` and `wolfSSL_SNI_GetRequest()` (PR 159) +* `wolfSSL_CTX_set_groups()` and `wolfTLSv1_3_client/server_method()` (PR 164) +* `SSL_CTX_set1_sigalgs_list()` (PR 169) +* `wolfSSL_set_tls13_secret_cb()`, add ability to set Java callback (PR 181) +* Add X.509v3 certificate generation support in `WolfSSLCertificate` and examples (PR 141) +* Add Certificate Signing Request (CSR) support and examples (PR 146) + +**JNI Changes:** +* Call `wolfSSL_get1_session()` when saving session for resumption (PR 139) +* Call `select()` again on error with `EINTR` (PR 171) + +**New Platform Support:** +* Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125) + +**Build System Changes:** +* Add `JAVA_HOME` support in `java.sh` for use with custom Java install (PR 121) +* New argument to `java.sh` for custom wolfSSL library name to be used (PR 126) +* Add lib64 directory to library search path in `java.sh` (PR 130) +* Standardize JNI library name on OSX to .dylib (PR 152) +* Add Maven build support (PR 153) +* Update Android Studio example project (PR 185) + +**Example Changes:** +* Update instructions for running examples (PR 133) +* Fix example JSSE client `-d` option, add `-g` to send HTTP GET (PR 155) +* Fix example JSSE client for resumption when sending HTTP GET (PR 157) +* Add TLS 1.3 version support to example `Client.java` and `Server.java` (PR 169) +* Expand JNI `Client.java` with support for doing session resumption with tickets (PR 169) + +**Debugging Changes:** +* Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129) +* Add synchronization and Thread ID to debug log messages (PR 129) +* Add new debug System property `wolfsslengine.io.debug` for I/O debug logs (PR 137) +* Add timestamp to debug logs (PR 148) +* Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166) +* Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166) + +**Testing Changes:** +* Add Facebook Infer test script, make fixes (PR 127, 182) +* Add extended threading test of `SSLEngine` (PR 124) +* Testing with and fixes from SonarQube static analyzer (PR 131) +* Add extended threading test of `SSLSocket` (PR 149) +* Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174) +* Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176) + +**Documentation Changes:** +* Clean up Javadoc warnings with Java 17 (PR 147) + +The wolfSSL JNI Manual is available at: +https://www.wolfssl.com/documentation/manuals/wolfssljni. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.12.0 (03/31/2023) + +Release 1.12.0 has bug fixes and new features including: + +**JNI and JSSE Changes:** +* Additional synchronization support in WolfSSLCertificate (PR 118) +* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118) +* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119) + +**Documentation Changes:** +* Add Android Studio instructions for how to update source symlinks on Windows (PR 117) + +The wolfSSL JNI Manual is available at: +https://www.wolfssl.com/documentation/manuals/wolfssljni. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.11.0 (12/2/2022) + +Release 1.11.0 has bug fixes and new features including: + +**JNI and JSSE Changes:** +* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74) +* Add support for secure renegotiation if available in native wolfSSL (PR 75) +* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107) +* Fixes and cleanup to SSLEngine implementation (PR 108) +* Fixes for SSLEngine synchronization issues (PR 108) +* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109) +* Add RPM packaging support (PR 110) +* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111) +* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114) + +The wolfSSL JNI Manual is available at: +https://www.wolfssl.com/documentation/manuals/wolfssljni. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.10.0 (8/11/2022) + +Release 1.10.0 has bug fixes and new features including: + +**JNI and JSSE Changes:** +* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84) +* Wrap wolfSSL\_UseALPN() at JNI level (PR 84) +* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84) +* Fix NullPointerException when no selected ALPN is available (PR 84) +* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104) +* Fix SSLEngine compatibility with data larger than TLS record size (PR 105) +* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105) +* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105) + +**Documentation Changes** +* Fix missing Javadoc warnings in ALPN code + +**Example Changes:** +* Update Android Studio IDE project to use Android 11 (SDK 30) + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.9.0 (5/5/2022) + +Release 1.9.0 has bug fixes and new features including: + +**JNI and JSSE Changes:** +* Add synchronization to class cleanup/free routines (PR 78) +* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79) +* Add support for newer Java versions (ex: Java 17) (PR 90) +* Remove HC-128 support (PR 94). Native wolfSSL removed with +[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767) +* Remove RABBIT support (PR 96). Native wolfSSL removed with +[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767) +* Remove IDEA support (PR 97). Native wolfSSL removed in +[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806). +* Fix typecasting issues and cleanup for native argument checking (PR 98, 99) +* Add Socket timeout support for native SSL\_connect/write() (PR 95) +* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76) +* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83) +* Fix WolfSSLSocket to test if close() called before object init (PR 88) +* Add support for loading default system CA certs on Java 9+ (PR 89) +* Fix timeout behavior with WolfSSLSession.connect() (PR 100) + +**Example Changes:** +* Print wolfJSSE provider info in JSSE ProviderTest (PR 77) +* Add option to ClientJSSE to do one session resumption (PR 80) +* Update example certificates and keys (PR 81) + +**Documentation Changes:** +* Add missing Javadocs, fix warnings on newer Java versions (PR 92) + +**Testing Changes:** +* Update junit dependency to 4.13.2 (PR 91) + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.8.0 (11/12/2021) + +Release 1.8.0 has bug fixes and new features including: + +* wolfCrypt FIPS 140-3 and FIPS Ready compatibility +* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE +* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly) +* Fix potential NullPointerException with several clone() methods +* Refactor of SSLSessionContext implementation +* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped +* Fix timeout used in socketSelect to correctly handle fractional sec timeouts +* Fix memory leak when custom X509TrustManager is used with wolfJSSE +* Add support for multiple X509TrustManager objects across multiple sessions +* Call WolfSSL.cleanup() in finalizer to release library resources earlier +* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed +* Better management and freeing of native WolfSSLCertificate memory +* Release native logging callback when library is freed +* Release native wolfCrypt FIPS callback when library is freed +* Release CTX-level Java verify callback when CTX is freed +* Release CTX-level Java CRL callback when CTX is freed +* Better global reference cleanup in error conditions +* Fix unused variable warnings in non-FIPS builds +* Use one static WolfSSL object across all WolfSSLProvider objects +* Release local JNI array inside WolfSSLSession.read() on function exit +* Add multi-threaded JSSE provider client and server examples +* Update Android AOSP install script to create missing blank files if needed +* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG` +* Update IDE/Android example Android Studio project +* Fix default cipher suite list order used in JSSE WolfSSLContext objects +* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB` +* Update Android AOSP Android.mk to compile wolfCrypt kdf.c + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + +### wolfSSL JNI Release 1.7.0 (01/15/2021) + +Release 1.7.0 has bug fixes and new features including: + +* Fixes for Infer analysis warnings +* Throw exception in DEFAULT\_Context creation if engineInit() fails +* Defer creating DEFAULT WolfSSLContext until first use +* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close() +* Only load X509TrustStore issuers when needed by native wolfSSL verification +* Fix compiler warnings when used with older versions of native wolfSSL +* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify() +* Add support for setSoTimeout() in WolfSSLSocket +* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers() +* Check for connection closed before completing handshake in SSLSocket.read/write + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.6.0 (08/26/2020) + +Release 1.6.0 has bug fixes and new features including: + +* Support for custom TrustManager checkClientTrusted(), checkServerTrusted() +* wolfJSSE TrustManager registered as PKIX provider +* Improved support for auto-loading system CA certificates +* Improved Android TrustManager support +* Use AndroidCAStore KeyStore when available on Android +* Support for X509Certificate.getSubjectAlternativeNames() +* Fix for native memory leak in JSSE WolfSSLTrustX509 +* Optimization of WolfSSLTrustX509 to hold less memory at idle +* Addition of missing finalize() methods in some JSSE classes +* Casts to uintptr\_t instead of intptr\_t at native JNI level +* Conversion to use GetByteArrayElements for potential memory use savings +* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation +* Use javah in build.xml for older ant/Java versions without nativeheaderdir +* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter +* Add more JSSE-level debug messages for easier troubleshooting +* Add internal implementation of SSLParameters, WolfSSLParameters +* Add client-side SNI support +* Fix warnings when DH is disabled (--disable-dh) +* Add Java thread ID to JSSE debug log messages for easier multithreaded debug +* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps +* Add support for jsse.enableSNIExtension system property +* Add client-side session ticket support +* Add support for jdk.tls.client.enableSessionTicketExtension system property +* Enable session ticket and session cert support by default on Android AOSP +* Fixes compatibility with OkHttp on Android +* Add support for non-blocking socket operations in WolfSSLSession/Socket +* Moves I/O mutex locking to native level for more efficient locking + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.5.0 (01/17/2020) + +Release 1.5.0 has bug fixes and new features including: + +* New JSSE provider (wolfJSSE) including TLS 1.3 support! +* Add JSSE debug logging with wolfjsse.debug system parameter +* Add JSSE install script and helper files for Android AOSP +* Add JSSE example apps (examples/provider) +* Add JNI wrappers to detect if native features/protocols are compiled in +* Add JNI wrapper for PKCS#8 offset getter +* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana() +* Update build.xml to use nativeheaderdir instead of javah target +* Update tests to use junit-4.13 / hamcrest-all-1.3 +* Update to build, now ant build does not build and run tests / examples + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.4.0 (11/16/2018) + +Release 1.4.0 has bug fixes and new features including: + +* Better support for conditional native wolfSSL feature dependencies +* Adds methods for checking if native features are enabled +* Optional method for loading native JNI library from a specific path +* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined +* Wrapper for native wolfCrypt ECC shared secret public key callback +* Allow other HmacSHA hash types to be used in Atomic User callback examples +* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ +* Fix for RSA doSign() output length +* Fix for I/O, Atomic User, and Public Key callback registration in examples +* Updated example key and certificate files + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.3.0 (12/04/2015) + +Release 1.3.0 has bug fixes and new features including: + +* Updated support to wolfSSL 3.7.0 +* Added finalizers for WolfSSLContext and WolfSSLSession classes +* Fix for SSLv3 now disabled by default in wolfSSL proper +* SSLv3 now marked as @Deprecated +* PSK (pre-shared key) support for client and server +* Better error checking and exception handling +* New WolfSSLJNIException class +* WolfSSLSession now cached in native WOLFSSL struct for callbacks +* Easier inclusion of junit4 in build.xml + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.2.0 (06/02/2015) + +Release 1.2.0 has bug fixes and new features including: + +* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change +* Benchmark functionality in example client +* Updated example certificates +* Better detection of Java home on Mac and Linux + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.1.0 (10/25/2013) + +Release 1.1.0 has bug fixes and new features including: + +* Updated support for CyaSSL 2.9.4 +* Updated example certificates and CRLs +* Now expects user to have JUnit JARs pre-installed on dev platform +* Updated unit tests, JUnit4 style +* Android support +* CRL monitor now optional in server mode + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + + +### wolfSSL JNI Release 1.0.0 (10/25/2013) + +Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for +the CyaSSL embedded SSL library. + +The wolfSSL JNI Manual is available at: +http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build +instructions and more detailed comments, please check the manual. + diff --git a/README.md b/README.md index c6a2e63c..6c4c80c2 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ and more! ## User Manual The wolfSSL JNI/JSSE Manual is available on the wolfSSL website: -[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf). +[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/manuals/wolfssljni/). For additional build instructions and more detailed comments, please reference the manual. @@ -303,9 +303,9 @@ wolfJSSE extends or implements the following JSSE classes: - javax.net.ssl.TrustManagerFactorySpi - PKIX, X509, SunX509 - javax.net.ssl.SSLEngine -- javax.net.ssl.SSLSession -- javax.net.ssl.X509KeyManager -- javax.net.ssl.X509TrustManager +- javax.net.ssl.SSLSession / ExtendedSSLSession +- javax.net.ssl.X509KeyManager / X509ExtendedKeyManager +- javax.net.ssl.X509TrustManager / X509ExtendedTrustManager - javax.net.ssl.SSLServerSocket - javax.net.ssl.SSLServerSocketFactory - javax.net.ssl.SSLSocket @@ -329,292 +329,7 @@ Or by defining `-DHAVE_SECURE_RENEGOTIATION`. ## Release Notes -### wolfSSL JNI Release 1.12.0 (03/31/2023) - -Release 1.12.0 has bug fixes and new features including: - -**JNI and JSSE Changes:** -* Additional synchronization support in WolfSSLCertificate (PR 118) -* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118) -* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119) - -**Documentation Changes:** -* Add Android Studio instructions for how to update source symlinks on Windows (PR 117) - -The wolfSSL JNI Manual is available at: -https://www.wolfssl.com/documentation/manuals/wolfssljni. For build -instructions and more detailed comments, please check the manual. - -### wolfSSL JNI Release 1.11.0 (12/2/2022) - -Release 1.11.0 has bug fixes and new features including: - -**JNI and JSSE Changes:** -* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74) -* Add support for secure renegotiation if available in native wolfSSL (PR 75) -* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107) -* Fixes and cleanup to SSLEngine implementation (PR 108) -* Fixes for SSLEngine synchronization issues (PR 108) -* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109) -* Add RPM packaging support (PR 110) -* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111) -* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114) - -The wolfSSL JNI Manual is available at: -https://www.wolfssl.com/documentation/manuals/wolfssljni. For build -instructions and more detailed comments, please check the manual. - -### wolfSSL JNI Release 1.10.0 (8/11/2022) - -Release 1.10.0 has bug fixes and new features including: - -**JNI and JSSE Changes:** -* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84) -* Wrap wolfSSL\_UseALPN() at JNI level (PR 84) -* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84) -* Fix NullPointerException when no selected ALPN is available (PR 84) -* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104) -* Fix SSLEngine compatibility with data larger than TLS record size (PR 105) -* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105) -* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105) - -**Documentation Changes** -* Fix missing Javadoc warnings in ALPN code - -**Example Changes:** -* Update Android Studio IDE project to use Android 11 (SDK 30) - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - -### wolfSSL JNI Release 1.9.0 (5/5/2022) - -Release 1.9.0 has bug fixes and new features including: - -**JNI and JSSE Changes:** -* Add synchronization to class cleanup/free routines (PR 78) -* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79) -* Add support for newer Java versions (ex: Java 17) (PR 90) -* Remove HC-128 support (PR 94). Native wolfSSL removed with -[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767) -* Remove RABBIT support (PR 96). Native wolfSSL removed with -[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767) -* Remove IDEA support (PR 97). Native wolfSSL removed in -[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806). -* Fix typecasting issues and cleanup for native argument checking (PR 98, 99) -* Add Socket timeout support for native SSL\_connect/write() (PR 95) -* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76) -* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83) -* Fix WolfSSLSocket to test if close() called before object init (PR 88) -* Add support for loading default system CA certs on Java 9+ (PR 89) -* Fix timeout behavior with WolfSSLSession.connect() (PR 100) - -**Example Changes:** -* Print wolfJSSE provider info in JSSE ProviderTest (PR 77) -* Add option to ClientJSSE to do one session resumption (PR 80) -* Update example certificates and keys (PR 81) - -**Documentation Changes:** -* Add missing Javadocs, fix warnings on newer Java versions (PR 92) - -**Testing Changes:** -* Update junit dependency to 4.13.2 (PR 91) - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - -### wolfSSL JNI Release 1.8.0 (11/12/2021) - -Release 1.8.0 has bug fixes and new features including: - -* wolfCrypt FIPS 140-3 and FIPS Ready compatibility -* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE -* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly) -* Fix potential NullPointerException with several clone() methods -* Refactor of SSLSessionContext implementation -* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped -* Fix timeout used in socketSelect to correctly handle fractional sec timeouts -* Fix memory leak when custom X509TrustManager is used with wolfJSSE -* Add support for multiple X509TrustManager objects across multiple sessions -* Call WolfSSL.cleanup() in finalizer to release library resources earlier -* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed -* Better management and freeing of native WolfSSLCertificate memory -* Release native logging callback when library is freed -* Release native wolfCrypt FIPS callback when library is freed -* Release CTX-level Java verify callback when CTX is freed -* Release CTX-level Java CRL callback when CTX is freed -* Better global reference cleanup in error conditions -* Fix unused variable warnings in non-FIPS builds -* Use one static WolfSSL object across all WolfSSLProvider objects -* Release local JNI array inside WolfSSLSession.read() on function exit -* Add multi-threaded JSSE provider client and server examples -* Update Android AOSP install script to create missing blank files if needed -* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG` -* Update IDE/Android example Android Studio project -* Fix default cipher suite list order used in JSSE WolfSSLContext objects -* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB` -* Update Android AOSP Android.mk to compile wolfCrypt kdf.c - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - -### wolfSSL JNI Release 1.7.0 (01/15/2021) - -Release 1.7.0 has bug fixes and new features including: - -* Fixes for Infer analysis warnings -* Throw exception in DEFAULT\_Context creation if engineInit() fails -* Defer creating DEFAULT WolfSSLContext until first use -* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close() -* Only load X509TrustStore issuers when needed by native wolfSSL verification -* Fix compiler warnings when used with older versions of native wolfSSL -* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify() -* Add support for setSoTimeout() in WolfSSLSocket -* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers() -* Check for connection closed before completing handshake in SSLSocket.read/write - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.6.0 (08/26/2020) - -Release 1.6.0 has bug fixes and new features including: - -* Support for custom TrustManager checkClientTrusted(), checkServerTrusted() -* wolfJSSE TrustManager registered as PKIX provider -* Improved support for auto-loading system CA certificates -* Improved Android TrustManager support -* Use AndroidCAStore KeyStore when available on Android -* Support for X509Certificate.getSubjectAlternativeNames() -* Fix for native memory leak in JSSE WolfSSLTrustX509 -* Optimization of WolfSSLTrustX509 to hold less memory at idle -* Addition of missing finalize() methods in some JSSE classes -* Casts to uintptr\_t instead of intptr\_t at native JNI level -* Conversion to use GetByteArrayElements for potential memory use savings -* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation -* Use javah in build.xml for older ant/Java versions without nativeheaderdir -* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter -* Add more JSSE-level debug messages for easier troubleshooting -* Add internal implementation of SSLParameters, WolfSSLParameters -* Add client-side SNI support -* Fix warnings when DH is disabled (--disable-dh) -* Add Java thread ID to JSSE debug log messages for easier multithreaded debug -* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps -* Add support for jsse.enableSNIExtension system property -* Add client-side session ticket support -* Add support for jdk.tls.client.enableSessionTicketExtension system property -* Enable session ticket and session cert support by default on Android AOSP -* Fixes compatibility with OkHttp on Android -* Add support for non-blocking socket operations in WolfSSLSession/Socket -* Moves I/O mutex locking to native level for more efficient locking - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.5.0 (01/17/2020) - -Release 1.5.0 has bug fixes and new features including: - -* New JSSE provider (wolfJSSE) including TLS 1.3 support! -* Add JSSE debug logging with wolfjsse.debug system parameter -* Add JSSE install script and helper files for Android AOSP -* Add JSSE example apps (examples/provider) -* Add JNI wrappers to detect if native features/protocols are compiled in -* Add JNI wrapper for PKCS#8 offset getter -* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana() -* Update build.xml to use nativeheaderdir instead of javah target -* Update tests to use junit-4.13 / hamcrest-all-1.3 -* Update to build, now ant build does not build and run tests / examples - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.4.0 (11/16/2018) - -Release 1.4.0 has bug fixes and new features including: - -* Better support for conditional native wolfSSL feature dependencies -* Adds methods for checking if native features are enabled -* Optional method for loading native JNI library from a specific path -* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined -* Wrapper for native wolfCrypt ECC shared secret public key callback -* Allow other HmacSHA hash types to be used in Atomic User callback examples -* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ -* Fix for RSA doSign() output length -* Fix for I/O, Atomic User, and Public Key callback registration in examples -* Updated example key and certificate files - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.3.0 (12/04/2015) - -Release 1.3.0 has bug fixes and new features including: - -* Updated support to wolfSSL 3.7.0 -* Added finalizers for WolfSSLContext and WolfSSLSession classes -* Fix for SSLv3 now disabled by default in wolfSSL proper -* SSLv3 now marked as @Deprecated -* PSK (pre-shared key) support for client and server -* Better error checking and exception handling -* New WolfSSLJNIException class -* WolfSSLSession now cached in native WOLFSSL struct for callbacks -* Easier inclusion of junit4 in build.xml - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.2.0 (06/02/2015) - -Release 1.2.0 has bug fixes and new features including: - -* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change -* Benchmark functionality in example client -* Updated example certificates -* Better detection of Java home on Mac and Linux - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.1.0 (10/25/2013) - -Release 1.1.0 has bug fixes and new features including: - -* Updated support for CyaSSL 2.9.4 -* Updated example certificates and CRLs -* Now expects user to have JUnit JARs pre-installed on dev platform -* Updated unit tests, JUnit4 style -* Android support -* CRL monitor now optional in server mode - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. - - -### wolfSSL JNI Release 1.0.0 (10/25/2013) - -Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for -the CyaSSL embedded SSL library. - -The wolfSSL JNI Manual is available at: -http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build -instructions and more detailed comments, please check the manual. +Release notes can be found in [ChangeLog.md](./ChangeLog.md). ## Support From 45bc8998a799288539b993cb0d3c2e7cb35f79e6 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Tue, 9 Apr 2024 12:13:09 -0600 Subject: [PATCH 2/3] Bump version number to 1.13 --- README.md | 2 +- build.xml | 2 +- pom.xml | 2 +- src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 6c4c80c2..60b1b4bd 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ an application can include this as a dependency in the application's com.wolfssl wolfssl-jsse - 1.12.0-SNAPSHOT + 1.13.0-SNAPSHOT ... diff --git a/build.xml b/build.xml index 13fe44b9..2f8087d3 100644 --- a/build.xml +++ b/build.xml @@ -14,7 +14,7 @@ - + diff --git a/pom.xml b/pom.xml index d0ba8f4a..a0acf67a 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 com.wolfssl wolfssl-jsse - 1.12.0-SNAPSHOT + 1.13.0-SNAPSHOT jar wolfssl-jsse https://www.wolfssl.com diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java index 054350a9..d47cfadb 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java @@ -71,8 +71,8 @@ public void errorCallback(int ok, int err, String hash) { * wolfSSL JSSE Provider class */ public WolfSSLProvider() { - super("wolfJSSE", 1.12, "wolfSSL JSSE Provider"); - //super("wolfJSSE", "1.12", "wolfSSL JSSE Provider"); + super("wolfJSSE", 1.13, "wolfSSL JSSE Provider"); + //super("wolfJSSE", "1.13", "wolfSSL JSSE Provider"); /* load native wolfSSLJNI library */ WolfSSL.loadLibrary(); From 594816205fb62a97abc9da7bd3a2effaab55ffd6 Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Fri, 15 Mar 2024 10:31:42 -0600 Subject: [PATCH 3/3] JSSE: refactor X509Certificate.getPublicKey() to use JCE classes to generate PublicKey, fixes compatibility with wolfJCE underneath --- .../wolfssl/provider/jsse/WolfSSLX509.java | 94 ++++++------------- .../provider/jsse/test/WolfSSLX509Test.java | 2 +- 2 files changed, 30 insertions(+), 66 deletions(-) diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java index d4938ae9..7e779ec2 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLX509.java @@ -29,7 +29,10 @@ import java.security.Provider; import java.security.PublicKey; import java.security.Signature; +import java.security.KeyFactory; import java.security.SignatureException; +import java.security.spec.X509EncodedKeySpec; +import java.security.spec.InvalidKeySpecException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -449,7 +452,7 @@ public void verify(PublicKey key, Provider p) sig.initVerify(key); sig.update(this.getTBSCertificate()); } catch (Exception e) { - throw new CertificateException(); + throw new CertificateException(e); } if (sig.verify(this.getSignature()) == false) { @@ -487,20 +490,41 @@ public void free() { @Override public PublicKey getPublicKey() { + String type = null; + byte[] der = null; + KeyFactory kf = null; + PublicKey key = null; + X509EncodedKeySpec spec = null; + WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "entered getPublicKey()"); if (this.cert == null) { return null; } - String type = this.cert.getPubkeyType(); - byte[] der = this.cert.getPubkey(); + + type = this.cert.getPubkeyType(); + der = this.cert.getPubkey(); try { - return new WolfSSLPubKey(der, type, "X.509"); - } catch (WolfSSLException e) { + if (type.equals("RSA")) { + kf = KeyFactory.getInstance("RSA"); + } else if (type.equals("ECC")) { + kf = KeyFactory.getInstance("EC"); + } else if (type.equals("DSA")) { + kf = KeyFactory.getInstance("DSA"); + } + + if (kf != null) { + spec = new X509EncodedKeySpec(der); + key = (PublicKey)kf.generatePublic(spec); + } + + } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { return null; } + + return key; } /* If unsupported critical extension is found then wolfSSL should not parse @@ -585,66 +609,6 @@ protected void finalize() throws Throwable { } } - - /* wolfSSL public key class */ - private class WolfSSLPubKey implements PublicKey { - /** - * Default serial ID - */ - private static final long serialVersionUID = 1L; - private byte[] encoding; - private String type; - private String format = "X.509"; - - /** - * Creates a new public key class - * @param der DER format key - * @param type key type i.e. WolfSSL.RSAk - * @param curveOID can be null in RSA case - * @throws WolfSSLException - */ - private WolfSSLPubKey(byte[] der, String type, String format) - throws WolfSSLException { - this.format = format; - this.encoding = der; - if (this.encoding == null) { - throw new WolfSSLException("Error creating key"); - } - this.type = type; - - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "created new WolfSSLPubKey"); - } - - @Override - public String getAlgorithm() { - - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "entered getAlgorithm()"); - - return this.type; - } - - @Override - public String getFormat() { - - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "entered getFormat()"); - - return this.format; - } - - @Override - public byte[] getEncoded() { - - WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, - "entered getEncoded()"); - - return this.encoding; - } - - } - /* wolfSSL Principal class */ private class WolfSSLPrincipal implements Principal { private String name; diff --git a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java index 2b1ec369..2d35153b 100644 --- a/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java +++ b/src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java @@ -365,7 +365,6 @@ public void testVerifyProvider() { pass("\t\t\t... skipped"); return; } - System.out.print("\n\t Signature provider " + sigProvider.getName()); store = KeyStore.getInstance(tf.keyStoreType); stream = new FileInputStream(tf.allJKS); @@ -403,6 +402,7 @@ public void testVerifyProvider() { } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException | WolfSSLException e) { error("\t... failed"); + e.printStackTrace(); fail("general failure"); } pass("\t... passed");