WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #186 from cconlon/release113 

Prep for 1.13 Release
pull/190/head v1.13.0-stable
lealem47 2024-04-09 15:34:16 -06:00 committed by GitHub
parent da8b0260a4 594816205f
commit afd613b390
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 425 additions and 361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

385
ChangeLog.md 100644
View File

@ -0,0 +1,385 @@
### wolfSSL JNI Release 1.13.0 (4/9/2024)
Release 1.13.0 has bug fixes and new features including:
**New JSSE Functionality:**
* Add `SSLSocket.getApplicationProtocol()`, returns negotiated ALPN protocol (PR 150)
* Add native `WOLFSSL_TRUST_PEER_CERT` support in `WolfSSLTrustX509` (PR 154)
* Add implementation of `javax.net.ssl.X509ExtendedTrustManager` (PR 159)
* Add `getSSLParameters()` to `SSLEngine` and `SSLSocket` (PR 159)
* Add `getHandshakeSession()` to `SSLSocket` (PR 159)
* Convert `SSLSession` to `ExtendedSSLSession`, add `getRequestedServerNames()` (PR 159)
* Add ALPN API support to `SSLSocket` and `SSLEngine` with tests (PR 163)
* Add implementation of `X509ExtendedKeyManager` (PR 167)
**JSSE System/Security Property Support:**
* Add partial support for `jdk.tls.disabledAlgorithms` Security property (PR 136)
* Add support for `wolfjsse.enabledCipherSuites` Security property (PR 136)
* Add support for `wolfjsse.enabledSignatureAlgorithms` Security property (PR 136)
* Add support for `wolfjsse.enabledSupportedCurves` Security property (PR 143)
**JSSE Changes:**
* Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
* Add synchronization to SSLEngine read/write buffers (PR 124)
* Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
* Improve `SSLEngine.unwrap()` for better efficiency (PR 137)
* Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
* Add synchronization around `WolfSSLAuthStore` lock (PR 139)
* Fixes and improvements to `SSLSocket`/`SSLEngine` session resumption (PR 139, 144)
* Fix for `X509TrustManager` to not add root CA twice in returned chains (PR 140)
* Add synchronization around native pointer use and active states (PR 142)
* Fix for `SSLSocket` to fall back to I/O callbacks if setting internal fd fails (PR 145)
* Fix `SSLSocket` TLS 1.3 session cache and threading issues (PR 149)
* Throw `SocketException` if native socket `select()` fails (PR 151)
* Only call `InetAddress.getHostName()` when `jdk.tls.trustNameService` is true (PR 134)
* Fix for `SSLSession.getPeerCertificate()` and cached certs during resumption (PR 162)
* Save session at correct time for resumption in SSLEngine (PR 165)
* Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
* Fixes for `SSLEngine.setWantClientAuth()` (PR 172)
* Release native verify callback when `SSLEngine` is closed (PR 180)
* Avoid extra Java array allocation in `SSLSocket` InputStream/OutputStream (PR 183)
**New JNI Wrapped APIs and Functionality:**
* `wolfSSL_CTX_SetTmpDH()` and `wolfSSL_CTX_SetTmpDH_file()` (PR 136)
* `wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz()` (PR 136)
* `wolfSSL_set1_sigalgs_list()` (PR 136)
* `wolfSSL_CTX_UseSupportedCurve()` (PR 158)
* `wolfSSL_X509_check_host()` and `wolfSSL_SNI_GetRequest()` (PR 159)
* `wolfSSL_CTX_set_groups()` and `wolfTLSv1_3_client/server_method()` (PR 164)
* `SSL_CTX_set1_sigalgs_list()` (PR 169)
* `wolfSSL_set_tls13_secret_cb()`, add ability to set Java callback (PR 181)
* Add X.509v3 certificate generation support in `WolfSSLCertificate` and examples (PR 141)
* Add Certificate Signing Request (CSR) support and examples (PR 146)
**JNI Changes:**
* Call `wolfSSL_get1_session()` when saving session for resumption (PR 139)
* Call `select()` again on error with `EINTR` (PR 171)
**New Platform Support:**
* Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)
**Build System Changes:**
* Add `JAVA_HOME` support in `java.sh` for use with custom Java install (PR 121)
* New argument to `java.sh` for custom wolfSSL library name to be used (PR 126)
* Add lib64 directory to library search path in `java.sh` (PR 130)
* Standardize JNI library name on OSX to .dylib (PR 152)
* Add Maven build support (PR 153)
* Update Android Studio example project (PR 185)
**Example Changes:**
* Update instructions for running examples (PR 133)
* Fix example JSSE client `-d` option, add `-g` to send HTTP GET (PR 155)
* Fix example JSSE client for resumption when sending HTTP GET (PR 157)
* Add TLS 1.3 version support to example `Client.java` and `Server.java` (PR 169)
* Expand JNI `Client.java` with support for doing session resumption with tickets (PR 169)
**Debugging Changes:**
* Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
* Add synchronization and Thread ID to debug log messages (PR 129)
* Add new debug System property `wolfsslengine.io.debug` for I/O debug logs (PR 137)
* Add timestamp to debug logs (PR 148)
* Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
* Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)
**Testing Changes:**
* Add Facebook Infer test script, make fixes (PR 127, 182)
* Add extended threading test of `SSLEngine` (PR 124)
* Testing with and fixes from SonarQube static analyzer (PR 131)
* Add extended threading test of `SSLSocket` (PR 149)
* Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
* Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)
**Documentation Changes:**
* Clean up Javadoc warnings with Java 17 (PR 147)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.12.0 (03/31/2023)
Release 1.12.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Additional synchronization support in WolfSSLCertificate (PR 118)
* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118)
* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119)
**Documentation Changes:**
* Add Android Studio instructions for how to update source symlinks on Windows (PR 117)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.11.0 (12/2/2022)
Release 1.11.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
* Add support for secure renegotiation if available in native wolfSSL (PR 75)
* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
* Fixes and cleanup to SSLEngine implementation (PR 108)
* Fixes for SSLEngine synchronization issues (PR 108)
* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
* Add RPM packaging support (PR 110)
* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.10.0 (8/11/2022)
Release 1.10.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
* Wrap wolfSSL\_UseALPN() at JNI level (PR 84)
* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84)
* Fix NullPointerException when no selected ALPN is available (PR 84)
* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
* Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)
**Documentation Changes**
* Fix missing Javadoc warnings in ALPN code
**Example Changes:**
* Update Android Studio IDE project to use Android 11 (SDK 30)
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.9.0 (5/5/2022)
Release 1.9.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add synchronization to class cleanup/free routines (PR 78)
* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
* Add support for newer Java versions (ex: Java 17) (PR 90)
* Remove HC-128 support (PR 94). Native wolfSSL removed with
[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
* Remove RABBIT support (PR 96). Native wolfSSL removed with
[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
* Remove IDEA support (PR 97). Native wolfSSL removed in
[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
* Add Socket timeout support for native SSL\_connect/write() (PR 95)
* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
* Fix WolfSSLSocket to test if close() called before object init (PR 88)
* Add support for loading default system CA certs on Java 9+ (PR 89)
* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
**Example Changes:**
* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
* Add option to ClientJSSE to do one session resumption (PR 80)
* Update example certificates and keys (PR 81)
**Documentation Changes:**
* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
**Testing Changes:**
* Update junit dependency to 4.13.2 (PR 91)
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.8.0 (11/12/2021)
Release 1.8.0 has bug fixes and new features including:
* wolfCrypt FIPS 140-3 and FIPS Ready compatibility
* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
* Fix potential NullPointerException with several clone() methods
* Refactor of SSLSessionContext implementation
* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
* Fix timeout used in socketSelect to correctly handle fractional sec timeouts
* Fix memory leak when custom X509TrustManager is used with wolfJSSE
* Add support for multiple X509TrustManager objects across multiple sessions
* Call WolfSSL.cleanup() in finalizer to release library resources earlier
* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
* Better management and freeing of native WolfSSLCertificate memory
* Release native logging callback when library is freed
* Release native wolfCrypt FIPS callback when library is freed
* Release CTX-level Java verify callback when CTX is freed
* Release CTX-level Java CRL callback when CTX is freed
* Better global reference cleanup in error conditions
* Fix unused variable warnings in non-FIPS builds
* Use one static WolfSSL object across all WolfSSLProvider objects
* Release local JNI array inside WolfSSLSession.read() on function exit
* Add multi-threaded JSSE provider client and server examples
* Update Android AOSP install script to create missing blank files if needed
* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
* Update IDE/Android example Android Studio project
* Fix default cipher suite list order used in JSSE WolfSSLContext objects
* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
* Update Android AOSP Android.mk to compile wolfCrypt kdf.c
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.7.0 (01/15/2021)
Release 1.7.0 has bug fixes and new features including:
* Fixes for Infer analysis warnings
* Throw exception in DEFAULT\_Context creation if engineInit() fails
* Defer creating DEFAULT WolfSSLContext until first use
* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close()
* Only load X509TrustStore issuers when needed by native wolfSSL verification
* Fix compiler warnings when used with older versions of native wolfSSL
* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify()
* Add support for setSoTimeout() in WolfSSLSocket
* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers()
* Check for connection closed before completing handshake in SSLSocket.read/write
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.6.0 (08/26/2020)
Release 1.6.0 has bug fixes and new features including:
* Support for custom TrustManager checkClientTrusted(), checkServerTrusted()
* wolfJSSE TrustManager registered as PKIX provider
* Improved support for auto-loading system CA certificates
* Improved Android TrustManager support
* Use AndroidCAStore KeyStore when available on Android
* Support for X509Certificate.getSubjectAlternativeNames()
* Fix for native memory leak in JSSE WolfSSLTrustX509
* Optimization of WolfSSLTrustX509 to hold less memory at idle
* Addition of missing finalize() methods in some JSSE classes
* Casts to uintptr\_t instead of intptr\_t at native JNI level
* Conversion to use GetByteArrayElements for potential memory use savings
* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation
* Use javah in build.xml for older ant/Java versions without nativeheaderdir
* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter
* Add more JSSE-level debug messages for easier troubleshooting
* Add internal implementation of SSLParameters, WolfSSLParameters
* Add client-side SNI support
* Fix warnings when DH is disabled (--disable-dh)
* Add Java thread ID to JSSE debug log messages for easier multithreaded debug
* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps
* Add support for jsse.enableSNIExtension system property
* Add client-side session ticket support
* Add support for jdk.tls.client.enableSessionTicketExtension system property
* Enable session ticket and session cert support by default on Android AOSP
* Fixes compatibility with OkHttp on Android
* Add support for non-blocking socket operations in WolfSSLSession/Socket
* Moves I/O mutex locking to native level for more efficient locking
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.5.0 (01/17/2020)
Release 1.5.0 has bug fixes and new features including:
* New JSSE provider (wolfJSSE) including TLS 1.3 support!
* Add JSSE debug logging with wolfjsse.debug system parameter
* Add JSSE install script and helper files for Android AOSP
* Add JSSE example apps (examples/provider)
* Add JNI wrappers to detect if native features/protocols are compiled in
* Add JNI wrapper for PKCS#8 offset getter
* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana()
* Update build.xml to use nativeheaderdir instead of javah target
* Update tests to use junit-4.13 / hamcrest-all-1.3
* Update to build, now ant build does not build and run tests / examples
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.4.0 (11/16/2018)
Release 1.4.0 has bug fixes and new features including:
* Better support for conditional native wolfSSL feature dependencies
* Adds methods for checking if native features are enabled
* Optional method for loading native JNI library from a specific path
* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined
* Wrapper for native wolfCrypt ECC shared secret public key callback
* Allow other HmacSHA hash types to be used in Atomic User callback examples
* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ
* Fix for RSA doSign() output length
* Fix for I/O, Atomic User, and Public Key callback registration in examples
* Updated example key and certificate files
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.3.0 (12/04/2015)
Release 1.3.0 has bug fixes and new features including:
* Updated support to wolfSSL 3.7.0
* Added finalizers for WolfSSLContext and WolfSSLSession classes
* Fix for SSLv3 now disabled by default in wolfSSL proper
* SSLv3 now marked as @Deprecated
* PSK (pre-shared key) support for client and server
* Better error checking and exception handling
* New WolfSSLJNIException class
* WolfSSLSession now cached in native WOLFSSL struct for callbacks
* Easier inclusion of junit4 in build.xml
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.2.0 (06/02/2015)
Release 1.2.0 has bug fixes and new features including:
* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
* Benchmark functionality in example client
* Updated example certificates
* Better detection of Java home on Mac and Linux
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.1.0 (10/25/2013)
Release 1.1.0 has bug fixes and new features including:
* Updated support for CyaSSL 2.9.4
* Updated example certificates and CRLs
* Now expects user to have JUnit JARs pre-installed on dev platform
* Updated unit tests, JUnit4 style
* Android support
* CRL monitor now optional in server mode
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.0.0 (10/25/2013)
Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for
the CyaSSL embedded SSL library.
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.

297
README.md
View File

@ -26,7 +26,7 @@ and more!
## User Manual
The wolfSSL JNI/JSSE Manual is available on the wolfSSL website:
[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf).
[wolfSSL JNI Manual](https://www.wolfssl.com/documentation/manuals/wolfssljni/).
For additional build instructions and more detailed comments, please reference
the manual.
@ -186,7 +186,7 @@ an application can include this as a dependency in the application's
<dependency>
<groupId>com.wolfssl</groupId>
<artifactId>wolfssl-jsse</artifactId>
<version>1.12.0-SNAPSHOT</version>
<version>1.13.0-SNAPSHOT</version>
</dependency>
</dependencies>
...
@ -303,9 +303,9 @@ wolfJSSE extends or implements the following JSSE classes:
- javax.net.ssl.TrustManagerFactorySpi
- PKIX, X509, SunX509
- javax.net.ssl.SSLEngine
- javax.net.ssl.SSLSession
- javax.net.ssl.X509KeyManager
- javax.net.ssl.X509TrustManager
- javax.net.ssl.SSLSession / ExtendedSSLSession
- javax.net.ssl.X509KeyManager / X509ExtendedKeyManager
- javax.net.ssl.X509TrustManager / X509ExtendedTrustManager
- javax.net.ssl.SSLServerSocket
- javax.net.ssl.SSLServerSocketFactory
- javax.net.ssl.SSLSocket
@ -329,292 +329,7 @@ Or by defining `-DHAVE_SECURE_RENEGOTIATION`.
## Release Notes
### wolfSSL JNI Release 1.12.0 (03/31/2023)
Release 1.12.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Additional synchronization support in WolfSSLCertificate (PR 118)
* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118)
* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119)
**Documentation Changes:**
* Add Android Studio instructions for how to update source symlinks on Windows (PR 117)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.11.0 (12/2/2022)
Release 1.11.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
* Add support for secure renegotiation if available in native wolfSSL (PR 75)
* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
* Fixes and cleanup to SSLEngine implementation (PR 108)
* Fixes for SSLEngine synchronization issues (PR 108)
* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
* Add RPM packaging support (PR 110)
* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)
The wolfSSL JNI Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.10.0 (8/11/2022)
Release 1.10.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
* Wrap wolfSSL\_UseALPN() at JNI level (PR 84)
* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84)
* Fix NullPointerException when no selected ALPN is available (PR 84)
* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
* Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)
**Documentation Changes**
* Fix missing Javadoc warnings in ALPN code
**Example Changes:**
* Update Android Studio IDE project to use Android 11 (SDK 30)
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.9.0 (5/5/2022)
Release 1.9.0 has bug fixes and new features including:
**JNI and JSSE Changes:**
* Add synchronization to class cleanup/free routines (PR 78)
* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
* Add support for newer Java versions (ex: Java 17) (PR 90)
* Remove HC-128 support (PR 94). Native wolfSSL removed with
[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
* Remove RABBIT support (PR 96). Native wolfSSL removed with
[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
* Remove IDEA support (PR 97). Native wolfSSL removed in
[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
* Add Socket timeout support for native SSL\_connect/write() (PR 95)
* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
* Fix WolfSSLSocket to test if close() called before object init (PR 88)
* Add support for loading default system CA certs on Java 9+ (PR 89)
* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
**Example Changes:**
* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
* Add option to ClientJSSE to do one session resumption (PR 80)
* Update example certificates and keys (PR 81)
**Documentation Changes:**
* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
**Testing Changes:**
* Update junit dependency to 4.13.2 (PR 91)
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.8.0 (11/12/2021)
Release 1.8.0 has bug fixes and new features including:
* wolfCrypt FIPS 140-3 and FIPS Ready compatibility
* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
* Fix potential NullPointerException with several clone() methods
* Refactor of SSLSessionContext implementation
* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
* Fix timeout used in socketSelect to correctly handle fractional sec timeouts
* Fix memory leak when custom X509TrustManager is used with wolfJSSE
* Add support for multiple X509TrustManager objects across multiple sessions
* Call WolfSSL.cleanup() in finalizer to release library resources earlier
* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
* Better management and freeing of native WolfSSLCertificate memory
* Release native logging callback when library is freed
* Release native wolfCrypt FIPS callback when library is freed
* Release CTX-level Java verify callback when CTX is freed
* Release CTX-level Java CRL callback when CTX is freed
* Better global reference cleanup in error conditions
* Fix unused variable warnings in non-FIPS builds
* Use one static WolfSSL object across all WolfSSLProvider objects
* Release local JNI array inside WolfSSLSession.read() on function exit
* Add multi-threaded JSSE provider client and server examples
* Update Android AOSP install script to create missing blank files if needed
* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
* Update IDE/Android example Android Studio project
* Fix default cipher suite list order used in JSSE WolfSSLContext objects
* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
* Update Android AOSP Android.mk to compile wolfCrypt kdf.c
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.7.0 (01/15/2021)
Release 1.7.0 has bug fixes and new features including:
* Fixes for Infer analysis warnings
* Throw exception in DEFAULT\_Context creation if engineInit() fails
* Defer creating DEFAULT WolfSSLContext until first use
* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close()
* Only load X509TrustStore issuers when needed by native wolfSSL verification
* Fix compiler warnings when used with older versions of native wolfSSL
* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify()
* Add support for setSoTimeout() in WolfSSLSocket
* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers()
* Check for connection closed before completing handshake in SSLSocket.read/write
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.6.0 (08/26/2020)
Release 1.6.0 has bug fixes and new features including:
* Support for custom TrustManager checkClientTrusted(), checkServerTrusted()
* wolfJSSE TrustManager registered as PKIX provider
* Improved support for auto-loading system CA certificates
* Improved Android TrustManager support
* Use AndroidCAStore KeyStore when available on Android
* Support for X509Certificate.getSubjectAlternativeNames()
* Fix for native memory leak in JSSE WolfSSLTrustX509
* Optimization of WolfSSLTrustX509 to hold less memory at idle
* Addition of missing finalize() methods in some JSSE classes
* Casts to uintptr\_t instead of intptr\_t at native JNI level
* Conversion to use GetByteArrayElements for potential memory use savings
* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation
* Use javah in build.xml for older ant/Java versions without nativeheaderdir
* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter
* Add more JSSE-level debug messages for easier troubleshooting
* Add internal implementation of SSLParameters, WolfSSLParameters
* Add client-side SNI support
* Fix warnings when DH is disabled (--disable-dh)
* Add Java thread ID to JSSE debug log messages for easier multithreaded debug
* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps
* Add support for jsse.enableSNIExtension system property
* Add client-side session ticket support
* Add support for jdk.tls.client.enableSessionTicketExtension system property
* Enable session ticket and session cert support by default on Android AOSP
* Fixes compatibility with OkHttp on Android
* Add support for non-blocking socket operations in WolfSSLSession/Socket
* Moves I/O mutex locking to native level for more efficient locking
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.5.0 (01/17/2020)
Release 1.5.0 has bug fixes and new features including:
* New JSSE provider (wolfJSSE) including TLS 1.3 support!
* Add JSSE debug logging with wolfjsse.debug system parameter
* Add JSSE install script and helper files for Android AOSP
* Add JSSE example apps (examples/provider)
* Add JNI wrappers to detect if native features/protocols are compiled in
* Add JNI wrapper for PKCS#8 offset getter
* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana()
* Update build.xml to use nativeheaderdir instead of javah target
* Update tests to use junit-4.13 / hamcrest-all-1.3
* Update to build, now ant build does not build and run tests / examples
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.4.0 (11/16/2018)
Release 1.4.0 has bug fixes and new features including:
* Better support for conditional native wolfSSL feature dependencies
* Adds methods for checking if native features are enabled
* Optional method for loading native JNI library from a specific path
* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined
* Wrapper for native wolfCrypt ECC shared secret public key callback
* Allow other HmacSHA hash types to be used in Atomic User callback examples
* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ
* Fix for RSA doSign() output length
* Fix for I/O, Atomic User, and Public Key callback registration in examples
* Updated example key and certificate files
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.3.0 (12/04/2015)
Release 1.3.0 has bug fixes and new features including:
* Updated support to wolfSSL 3.7.0
* Added finalizers for WolfSSLContext and WolfSSLSession classes
* Fix for SSLv3 now disabled by default in wolfSSL proper
* SSLv3 now marked as @Deprecated
* PSK (pre-shared key) support for client and server
* Better error checking and exception handling
* New WolfSSLJNIException class
* WolfSSLSession now cached in native WOLFSSL struct for callbacks
* Easier inclusion of junit4 in build.xml
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.2.0 (06/02/2015)
Release 1.2.0 has bug fixes and new features including:
* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
* Benchmark functionality in example client
* Updated example certificates
* Better detection of Java home on Mac and Linux
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.1.0 (10/25/2013)
Release 1.1.0 has bug fixes and new features including:
* Updated support for CyaSSL 2.9.4
* Updated example certificates and CRLs
* Now expects user to have JUnit JARs pre-installed on dev platform
* Updated unit tests, JUnit4 style
* Android support
* CRL monitor now optional in server mode
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
### wolfSSL JNI Release 1.0.0 (10/25/2013)
Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for
the CyaSSL embedded SSL library.
The wolfSSL JNI Manual is available at:
http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
instructions and more detailed comments, please check the manual.
Release notes can be found in [ChangeLog.md](./ChangeLog.md).
## Support

2
build.xml
View File

@ -14,7 +14,7 @@
<!-- versioning/manifest properties -->
<property name="implementation.vendor" value="wolfSSL Inc." />
<property name="implementation.title" value="wolfSSL JNI/JSSE" />
<property name="implementation.version" value="1.12" />
<property name="implementation.version" value="1.13" />
<!-- set properties for this build -->
<property name="src.dir" value="src/java/"/>

2
pom.xml
View File

@ -4,7 +4,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.wolfssl</groupId>
<artifactId>wolfssl-jsse</artifactId>
<version>1.12.0-SNAPSHOT</version>
<version>1.13.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>wolfssl-jsse</name>
<url>https://www.wolfssl.com</url>

4
src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java
View File

@ -71,8 +71,8 @@ public final class WolfSSLProvider extends Provider {
* wolfSSL JSSE Provider class
*/
public WolfSSLProvider() {
super("wolfJSSE", 1.12, "wolfSSL JSSE Provider");
//super("wolfJSSE", "1.12", "wolfSSL JSSE Provider");
super("wolfJSSE", 1.13, "wolfSSL JSSE Provider");
//super("wolfJSSE", "1.13", "wolfSSL JSSE Provider");
/* load native wolfSSLJNI library */
WolfSSL.loadLibrary();

94
src/java/com/wolfssl/provider/jsse/WolfSSLX509.java
View File

@ -29,7 +29,10 @@ import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.KeyFactory;
import java.security.SignatureException;
import java.security.spec.X509EncodedKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@ -449,7 +452,7 @@ public class WolfSSLX509 extends X509Certificate {
sig.initVerify(key);
sig.update(this.getTBSCertificate());
} catch (Exception e) {
throw new CertificateException();
throw new CertificateException(e);
}
if (sig.verify(this.getSignature()) == false) {
@ -487,20 +490,41 @@ public class WolfSSLX509 extends X509Certificate {
@Override
public PublicKey getPublicKey() {
String type = null;
byte[] der = null;
KeyFactory kf = null;
PublicKey key = null;
X509EncodedKeySpec spec = null;
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered getPublicKey()");
if (this.cert == null) {
return null;
}
String type = this.cert.getPubkeyType();
byte[] der = this.cert.getPubkey();
type = this.cert.getPubkeyType();
der = this.cert.getPubkey();
try {
return new WolfSSLPubKey(der, type, "X.509");
} catch (WolfSSLException e) {
if (type.equals("RSA")) {
kf = KeyFactory.getInstance("RSA");
} else if (type.equals("ECC")) {
kf = KeyFactory.getInstance("EC");
} else if (type.equals("DSA")) {
kf = KeyFactory.getInstance("DSA");
}
if (kf != null) {
spec = new X509EncodedKeySpec(der);
key = (PublicKey)kf.generatePublic(spec);
}
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
return null;
}
return key;
}
/* If unsupported critical extension is found then wolfSSL should not parse
@ -585,66 +609,6 @@ public class WolfSSLX509 extends X509Certificate {
}
}
/* wolfSSL public key class */
private class WolfSSLPubKey implements PublicKey {
/**
* Default serial ID
*/
private static final long serialVersionUID = 1L;
private byte[] encoding;
private String type;
private String format = "X.509";
/**
* Creates a new public key class
* @param der DER format key
* @param type key type i.e. WolfSSL.RSAk
* @param curveOID can be null in RSA case
* @throws WolfSSLException
*/
private WolfSSLPubKey(byte[] der, String type, String format)
throws WolfSSLException {
this.format = format;
this.encoding = der;
if (this.encoding == null) {
throw new WolfSSLException("Error creating key");
}
this.type = type;
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"created new WolfSSLPubKey");
}
@Override
public String getAlgorithm() {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered getAlgorithm()");
return this.type;
}
@Override
public String getFormat() {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered getFormat()");
return this.format;
}
@Override
public byte[] getEncoded() {
WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO,
"entered getEncoded()");
return this.encoding;
}
}
/* wolfSSL Principal class */
private class WolfSSLPrincipal implements Principal {
private String name;

2
src/test/com/wolfssl/provider/jsse/test/WolfSSLX509Test.java
View File

@ -365,7 +365,6 @@ public class WolfSSLX509Test {
pass("\t\t\t... skipped");
return;
}
System.out.print("\n\t Signature provider " + sigProvider.getName());
store = KeyStore.getInstance(tf.keyStoreType);
stream = new FileInputStream(tf.allJKS);
@ -403,6 +402,7 @@ public class WolfSSLX509Test {
} catch (KeyStoreException | NoSuchAlgorithmException |
CertificateException | IOException | WolfSSLException e) {
error("\t... failed");
e.printStackTrace();
fail("general failure");
}
pass("\t... passed");