{"id":13711241,"url":"https://github.com/kassane/wolfssl","last_synced_at":"2025-05-06T20:32:53.031Z","repository":{"id":172500657,"uuid":"649352327","full_name":"kassane/wolfssl","owner":"kassane","description":"WolfSSL library - Using Zig Build","archived":false,"fork":true,"pushed_at":"2024-10-30T14:33:27.000Z","size":666773,"stargazers_count":5,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"zig-pkg","last_synced_at":"2024-10-30T15:32:43.053Z","etag":null,"topics":["c-library","cryptography","fips","ssl","tls","wolfssl","wolfssl-library","zig","zig-package"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"wolfSSL/wolfssl","license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kassane.png","metadata":{"files":{"readme":"README","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null}},"created_at":"2023-06-04T15:27:00.000Z","updated_at":"2024-10-30T14:35:26.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/kassane/wolfssl","commit_stats":null,"previous_names":["kassane/wolfssl"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kassane%2Fwolfssl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kassane%2Fwolfssl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kassane%2Fwolfssl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kassane%2Fwolfssl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kassane","download_url":"https://codeload.github.com/kassane/wolfssl/tar.gz/refs/heads/zig-pkg","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224528389,"owners_count":17326356,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-library","cryptography","fips","ssl","tls","wolfssl","wolfssl-library","zig","zig-package"],"created_at":"2024-08-02T23:01:06.110Z","updated_at":"2025-05-06T20:32:52.732Z","avatar_url":"https://github.com/kassane.png","language":"C","readme":"*** Description ***\n\nThe wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS\nlibrary written in ANSI C and targeted for embedded, RTOS, and\nresource-constrained environments - primarily because of its small size, speed,\nand feature set.  It is commonly used in standard operating environments as well\nbecause of its royalty-free pricing and excellent cross platform support.\nwolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3\nlevels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers\nsuch as ChaCha20, Curve25519, and Blake2b. User benchmarking and feedback\nreports dramatically better performance when using wolfSSL over OpenSSL.\n\nwolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt\ncryptography library have been FIPS 140-2 validated (Certificate #2425 and\ncertificate #3389). For additional information, visit the wolfCrypt FIPS FAQ\n(https://www.wolfssl.com/license/fips/) or contact fips@wolfssl.com\n\n*** Why choose wolfSSL? ***\n\nThere are many reasons to choose wolfSSL as your embedded SSL solution. Some of\nthe top reasons include size (typical footprint sizes range from 20-100 kB),\nsupport for the newest standards (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3,\nDTLS 1.0, DTLS 1.2, and DTLS 1.3), current and progressive cipher support\n(including stream ciphers), multi-platform, royalty free, and an OpenSSL\ncompatibility API to ease porting into existing applications which have\npreviously used the OpenSSL package. For a complete feature list, see chapter 4\nof the wolfSSL manual. (https://www.wolfssl.com/docs/wolfssl-manual/ch4/)\n\n*** Notes, Please read ***\n\nNote 1)\nwolfSSL as of 3.6.6 no longer enables SSLv3 by default.  wolfSSL also no longer\nsupports static key cipher suites with PSK, RSA, or ECDH. This means if you\nplan to use TLS cipher suites you must enable DH (DH is on by default), or\nenable ECC (ECC is on by default), or you must enable static key cipher suites\nwith\n\n    WOLFSSL_STATIC_DH\n    WOLFSSL_STATIC_RSA\n      or\n    WOLFSSL_STATIC_PSK\n\nthough static key cipher suites are deprecated and will be removed from future\nversions of TLS.  They also lower your security by removing PFS.\n\nWhen compiling ssl.c, wolfSSL will now issue a compiler error if no cipher\nsuites are available. You can remove this error by defining\nWOLFSSL_ALLOW_NO_SUITES in the event that you desire that, i.e., you're not\nusing TLS cipher suites.\n\nNote 2)\nwolfSSL takes a different approach to certificate verification than OpenSSL\ndoes. The default policy for the client is to verify the server, this means\nthat if you don't load CAs to verify the server you'll get a connect error,\nno signer error to confirm failure (-188).\n\nIf you want to mimic OpenSSL behavior of having SSL_connect succeed even if\nverifying the server fails and reducing security you can do this by calling:\n\n    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);\n\nbefore calling wolfSSL_new();. Though it's not recommended.\n\nNote 3)\nThe enum values SHA, SHA256, SHA384, SHA512 are no longer available when\nwolfSSL is built with --enable-opensslextra (OPENSSL_EXTRA) or with the macro\nNO_OLD_SHA_NAMES. These names get mapped to the OpenSSL API for a single call\nhash function. Instead the name WC_SHA, WC_SHA256, WC_SHA384 and WC_SHA512\nshould be used for the enum name.\n\n*** end Notes ***\n\n# wolfSSL Release 5.7.6 (Dec 31, 2024)\n\nRelease 5.7.6 has been developed according to wolfSSL's development and QA\nprocess (see link below) and successfully passed the quality criteria.\nhttps://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance\n\nNOTE:\n * --enable-heapmath is deprecated.\n * In this release, the default cipher suite preference is updated to prioritize\n TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.\n * This release adds a sanity check for including wolfssl/options.h or\n user_settings.h.\n\n\nPR stands for Pull Request, and PR \u003cNUMBER\u003e references a GitHub pull request\n number where the code change was added.\n\n\n## Vulnerabilities\n* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4\n when performing OCSP requests for intermediate certificates in a certificate\n chain. This affects only TLS 1.3 connections on the server side. It would not\n impact other TLS protocol versions or connections that are not using the\n traditional OCSP implementation. (Fix in pull request 8115)\n\n\n## New Feature Additions\n* Add support for RP2350 and improve RP2040 support, both with RNG optimizations\n (PR 8153)\n* Add support for STM32MP135F, including STM32CubeIDE support and HAL support\n for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)\n* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)\n* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)\n* Curve25519 generic keyparsing API added with  wc_Curve25519KeyToDer and\n wc_Curve25519KeyDecode (PR 8129)\n* CRL improvements and update callback, added the functions\n wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)\n* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)\n\n\n## Enhancements and Optimizations\n* Add a CMake dependency check for pthreads when required. (PR 8162)\n* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary\n not affected). (PR 8170)\n* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)\n* Change the default cipher suite preference, prioritizing\n TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)\n* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling\n (PR 8215)\n* Make library build when no hardware crypto available for Aarch64 (PR 8293)\n* Update assembly code to avoid `uint*_t` types for better compatibility with\n older C standards. (PR 8133)\n* Add initial documentation for writing ASN template code to decode BER/DER.\n (PR 8120)\n* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)\n* Allow SHA-3 hardware cryptography instructions to be explicitly not used in\n MacOS builds (PR 8282)\n* Make Kyber and ML-KEM available individually and together. (PR 8143)\n* Update configuration options to include Kyber/ML-KEM and fix defines used in\n wolfSSL_get_curve_name. (PR 8183)\n* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)\n* Improved test coverage and minor improvements of X509 (PR 8176)\n* Add sanity checks for configuration methods, ensuring the inclusion of\n wolfssl/options.h or user_settings.h. (PR 8262)\n* Enable support for building without TLS (NO_TLS). Provides reduced code size\n option for non-TLS users who want features like the certificate manager or\n compatibility layer. (PR 8273)\n* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)\n* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)\n* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)\n* Add support for the RFC822 Mailbox attribute (PR 8280)\n* Initialize variables and adjust types resolve warnings with Visual Studio in\n Windows builds. (PR 8181)\n* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)\n* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests\n (PR 8261, 8255, 8245)\n* Remove trailing error exit code in wolfSSL install setup script (PR 8189)\n* Update Arduino files for wolfssl 5.7.4 (PR 8219)\n* Improve Espressif SHA HW/SW mutex messages (PR 8225)\n* Apply post-5.7.4 release updates for Espressif Managed Component examples\n (PR 8251)\n* Expansion of c89 conformance (PR 8164)\n* Added configure option for additional sanity checks with --enable-faultharden\n (PR 8289)\n* Aarch64 ASM additions to check CPU features before hardware crypto instruction\n use (PR 8314)\n\n\n## Fixes\n* Fix a memory issue when using the compatibility layer with\n WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)\n* Fix a build issue with signature fault hardening when using public key\n callbacks (HAVE_PK_CALLBACKS). (PR 8287)\n* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX\n objects and free’ing one of them (PR 8180)\n* Fix potential memory leak in error case with Aria. (PR 8268)\n* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)\n* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)\n* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)\n* Fix incorrect version setting in CSRs. (PR 8136)\n* Correct debugging output for cryptodev. (PR 8202)\n* Fix for benchmark application use with /dev/crypto GMAC auth error due to size\n of AAD (PR 8210)\n* Add missing checks for the initialization of sp_int/mp_int with DSA to free\n memory properly in error cases. (PR 8209)\n* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)\n* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)\n* Prevent adding a certificate to the CA cache for Renesas builds if it does not\n set CA:TRUE in basic constraints. (PR 8060)\n* Fix attribute certificate holder entityName parsing. (PR 8166)\n* Resolve build issues for configurations without any wolfSSL/openssl\n compatibility layer headers. (PR 8182)\n* Fix for building SP RSA small and RSA public only (PR 8235)\n* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)\n* Fix to ensure all files have settings.h included (like wc_lms.c) and guards\n for building all `*.c` files (PR 8257 and PR 8140)\n* Fix x86 target build issues in Visual Studio for non-Windows operating\n systems. (PR 8098)\n* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)\n* Properly handle reference counting when adding to the X509 store. (PR 8233)\n* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas\n example. Thanks to Hongbo for the report on example issues. (PR 7537)\n* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.\n Thanks to Peter for the issue reported. (PR 8139)\n\n\nFor additional vulnerability information visit the vulnerability page at:\nhttps://www.wolfssl.com/docs/security-vulnerabilities/\n\nSee INSTALL file for build instructions.\nMore info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html\n\n*** Resources ***\n\n\n[wolfSSL Website](https://www.wolfssl.com/)\n\n[wolfSSL Wiki](https://github.com/wolfSSL/wolfssl/wiki)\n\n[FIPS FAQ](https://wolfssl.com/license/fips)\n\n[wolfSSL Documents](https://wolfssl.com/wolfSSL/Docs.html)\n\n[wolfSSL Manual](https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-toc.html)\n\n[wolfSSL API Reference]\n(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-17-wolfssl-api-reference.html)\n\n[wolfCrypt API Reference]\n(https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-18-wolfcrypt-api-reference.html)\n\n[TLS 1.3](https://www.wolfssl.com/docs/tls13/)\n\n[wolfSSL Vulnerabilities]\n(https://www.wolfssl.com/docs/security-vulnerabilities/)\n\nAdditional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples)\n","funding_links":[],"categories":["Interoperability"],"sub_categories":["Build with Zig"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkassane%2Fwolfssl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkassane%2Fwolfssl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkassane%2Fwolfssl/lists"}