wolfSSL
diff --git a/‎ChangeLog.md‎
Lines changed: 385 additions & 0 deletions b/‎ChangeLog.md‎
Lines changed: 385 additions & 0 deletions
@@ -0,0 +1,385 @@
+### wolfSSL JNI Release 1.13.0 (4/9/2024)
+
+Release 1.13.0 has bug fixes and new features including:
+
+**New JSSE Functionality:**
+* Add `SSLSocket.getApplicationProtocol()`, returns negotiated ALPN protocol (PR 150)
+* Add native `WOLFSSL_TRUST_PEER_CERT` support in `WolfSSLTrustX509` (PR 154)
+* Add implementation of `javax.net.ssl.X509ExtendedTrustManager` (PR 159)
+* Add `getSSLParameters()` to `SSLEngine` and `SSLSocket` (PR 159)
+* Add `getHandshakeSession()` to `SSLSocket` (PR 159)
+* Convert `SSLSession` to `ExtendedSSLSession`, add `getRequestedServerNames()` (PR 159)
+* Add ALPN API support to `SSLSocket` and `SSLEngine` with tests (PR 163)
+* Add implementation of `X509ExtendedKeyManager` (PR 167)
+
+**JSSE System/Security Property Support:**
+* Add partial support for `jdk.tls.disabledAlgorithms` Security property (PR 136)
+* Add support for `wolfjsse.enabledCipherSuites` Security property (PR 136)
+* Add support for `wolfjsse.enabledSignatureAlgorithms` Security property (PR 136)
+* Add support for `wolfjsse.enabledSupportedCurves` Security property (PR 143)
+
+**JSSE Changes:**
+* Get updated status before returning from SSLEngine.getHandshakeStatus() (PR 122)
+* Add synchronization to SSLEngine read/write buffers (PR 124)
+* Return null array from X509TrustManager.getAcceptedIssuers() if not yet initialized (PR 128)
+* Improve `SSLEngine.unwrap()` for better efficiency (PR 137)
+* Add native wolfSSL crypto callback (CryptoCb) support with WolfSSLProvider (PR 138)
+* Add synchronization around `WolfSSLAuthStore` lock (PR 139)
+* Fixes and improvements to `SSLSocket`/`SSLEngine` session resumption (PR 139, 144)
+* Fix for `X509TrustManager` to not add root CA twice in returned chains (PR 140)
+* Add synchronization around native pointer use and active states (PR 142)
+* Fix for `SSLSocket` to fall back to I/O callbacks if setting internal fd fails (PR 145)
+* Fix `SSLSocket` TLS 1.3 session cache and threading issues (PR 149)
+* Throw `SocketException` if native socket `select()` fails (PR 151)
+* Only call `InetAddress.getHostName()` when `jdk.tls.trustNameService` is true (PR 134)
+* Fix for `SSLSession.getPeerCertificate()` and cached certs during resumption (PR 162)
+* Save session at correct time for resumption in SSLEngine (PR 165)
+* Check TLS 1.3 session for ticket before saving to Java client cache (PR 175)
+* Fixes for `SSLEngine.setWantClientAuth()` (PR 172)
+* Release native verify callback when `SSLEngine` is closed (PR 180)
+* Avoid extra Java array allocation in `SSLSocket` InputStream/OutputStream (PR 183)
+
+**New JNI Wrapped APIs and Functionality:**
+* `wolfSSL_CTX_SetTmpDH()` and `wolfSSL_CTX_SetTmpDH_file()` (PR 136)
+* `wolfSSL_CTX_SetMinDh/Rsa/EccKey_Sz()` (PR 136)
+* `wolfSSL_set1_sigalgs_list()` (PR 136)
+* `wolfSSL_CTX_UseSupportedCurve()` (PR 158)
+* `wolfSSL_X509_check_host()` and `wolfSSL_SNI_GetRequest()` (PR 159)
+* `wolfSSL_CTX_set_groups()` and `wolfTLSv1_3_client/server_method()` (PR 164)
+* `SSL_CTX_set1_sigalgs_list()` (PR 169)
+* `wolfSSL_set_tls13_secret_cb()`, add ability to set Java callback (PR 181)
+* Add X.509v3 certificate generation support in `WolfSSLCertificate` and examples (PR 141)
+* Add Certificate Signing Request (CSR) support and examples (PR 146)
+
+**JNI Changes:**
+* Call `wolfSSL_get1_session()` when saving session for resumption (PR 139)
+* Call `select()` again on error with `EINTR` (PR 171)
+
+**New Platform Support:**
+* Add Windows support with Visual Studio, see IDE/WIN/README.md (PR 125)
+
+**Build System Changes:**
+* Add `JAVA_HOME` support in `java.sh` for use with custom Java install (PR 121)
+* New argument to `java.sh` for custom wolfSSL library name to be used (PR 126)
+* Add lib64 directory to library search path in `java.sh` (PR 130)
+* Standardize JNI library name on OSX to .dylib (PR 152)
+* Add Maven build support (PR 153)
+* Update Android Studio example project (PR 185)
+
+**Example Changes:**
+* Update instructions for running examples (PR 133)
+* Fix example JSSE client `-d` option, add `-g` to send HTTP GET (PR 155)
+* Fix example JSSE client for resumption when sending HTTP GET (PR 157)
+* Add TLS 1.3 version support to example `Client.java` and `Server.java` (PR 169)
+* Expand JNI `Client.java` with support for doing session resumption with tickets (PR 169)
+
+**Debugging Changes:**
+* Add WolfSSLDebug.logHex() for printing byte arrays as hex (PR 129)
+* Add synchronization and Thread ID to debug log messages (PR 129)
+* Add new debug System property `wolfsslengine.io.debug` for I/O debug logs (PR 137)
+* Add timestamp to debug logs (PR 148)
+* Fix for enabling JSSE debug logs after WolfSSLProvider has been registered (PR 166)
+* Make native wolfSSL debug log format consistent with wolfJSSE logs (PR 166)
+
+**Testing Changes:**
+* Add Facebook Infer test script, make fixes (PR 127, 182)
+* Add extended threading test of `SSLEngine` (PR 124)
+* Testing with and fixes from SonarQube static analyzer (PR 131)
+* Add extended threading test of `SSLSocket` (PR 149)
+* Testing with and fixes for running SunJSSE tests on wolfJSSE (PR 170, 174)
+* Add GitHub Actions tests for Oracle/Zulu/Coretto/Temurin/Microsoft JDKs on Linux and OS X (PR 176)
+
+**Documentation Changes:**
+* Clean up Javadoc warnings with Java 17 (PR 147)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.12.0 (03/31/2023)
+
+Release 1.12.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Additional synchronization support in WolfSSLCertificate (PR 118)
+* Prevent WolfSSLCertificate from freeing `WOLFSSL_X509` if not owned (PR 118)
+* Fix `X509KeyManager.getCertificateChain()` to return `null` when alias is `null` (PR 119)
+
+**Documentation Changes:**
+* Add Android Studio instructions for how to update source symlinks on Windows (PR 117)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.11.0 (12/2/2022)
+
+Release 1.11.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add support for system properties: keyStore, keyStoreType, keyStorePassword (PR 74)
+* Add support for secure renegotiation if available in native wolfSSL (PR 75)
+* Fix compilation against newer wolfSSL versions that have dtls.c (PR 107)
+* Fixes and cleanup to SSLEngine implementation (PR 108)
+* Fixes for SSLEngine synchronization issues (PR 108)
+* Add non-standard X509TrustManager.checkServerTrusted() for use on Android (PR 109)
+* Add RPM packaging support (PR 110)
+* Fix SSLSocketFactory.createSocket() to allow for null host (PR 111)
+* Remove @Override on SSLEngine.getHandshakeSession() for older Java versions (PR 114)
+
+The wolfSSL JNI Manual is available at:
+https://www.wolfssl.com/documentation/manuals/wolfssljni. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.10.0 (8/11/2022)
+
+Release 1.10.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add SSLEngine.getApplicationProtocol(), fixes Undertow compatibility (PR 84)
+* Wrap wolfSSL\_UseALPN() at JNI level (PR 84)
+* Fix compile error for wolfSSL < 4.2.0 and wolfSSL\_set\_alpn\_protos() (PR 84)
+* Fix NullPointerException when no selected ALPN is available (PR 84)
+* Fix JNI build when wolfSSL compiled with --disable-filesystem (PR 104)
+* Fix SSLEngine compatibility with data larger than TLS record size (PR 105)
+* Refactor SSLEngine handshake status to be more inline with SunJSSE (PR 105)
+* Add verbose SSLEngine logging with "wolfsslengine.debug" property (PR 105)
+
+**Documentation Changes**
+* Fix missing Javadoc warnings in ALPN code
+
+**Example Changes:**
+* Update Android Studio IDE project to use Android 11 (SDK 30)
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.9.0 (5/5/2022)
+
+Release 1.9.0 has bug fixes and new features including:
+
+**JNI and JSSE Changes:**
+* Add synchronization to class cleanup/free routines (PR 78)
+* Fix JNI native casting to use utintptr\_t instead of intptr\_t (PR 79)
+* Add support for newer Java versions (ex: Java 17) (PR 90)
+* Remove HC-128 support (PR 94). Native wolfSSL removed with
+[PR #4767](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove RABBIT support (PR 96). Native wolfSSL removed with
+[PR #4774](https://github.com/wolfSSL/wolfssl/pull/4767)
+* Remove IDEA support (PR 97). Native wolfSSL removed in
+[PR #4806](https://github.com/wolfSSL/wolfssl/pull/4806).
+* Fix typecasting issues and cleanup for native argument checking (PR 98, 99)
+* Add Socket timeout support for native SSL\_connect/write() (PR 95)
+* SSLSocket.getSession() now tries to do TLS handshake if not completed (PR 76)
+* Fix shutdown/close\_notify alert handling in WolfSSLEngine (PR 83)
+* Fix WolfSSLSocket to test if close() called before object init (PR 88)
+* Add support for loading default system CA certs on Java 9+ (PR 89)
+* Fix timeout behavior with WolfSSLSession.connect() (PR 100)
+
+**Example Changes:**
+* Print wolfJSSE provider info in JSSE ProviderTest (PR 77)
+* Add option to ClientJSSE to do one session resumption (PR 80)
+* Update example certificates and keys (PR 81)
+
+**Documentation Changes:**
+* Add missing Javadocs, fix warnings on newer Java versions (PR 92)
+
+**Testing Changes:**
+* Update junit dependency to 4.13.2 (PR 91)
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.8.0 (11/12/2021)
+
+Release 1.8.0 has bug fixes and new features including:
+
+* wolfCrypt FIPS 140-3 and FIPS Ready compatibility
+* Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
+* Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
+* Fix potential NullPointerException with several clone() methods
+* Refactor of SSLSessionContext implementation
+* Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
+* Fix timeout used in socketSelect to correctly handle fractional sec timeouts
+* Fix memory leak when custom X509TrustManager is used with wolfJSSE
+* Add support for multiple X509TrustManager objects across multiple sessions
+* Call WolfSSL.cleanup() in finalizer to release library resources earlier
+* Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
+* Better management and freeing of native WolfSSLCertificate memory
+* Release native logging callback when library is freed
+* Release native wolfCrypt FIPS callback when library is freed
+* Release CTX-level Java verify callback when CTX is freed
+* Release CTX-level Java CRL callback when CTX is freed
+* Better global reference cleanup in error conditions
+* Fix unused variable warnings in non-FIPS builds
+* Use one static WolfSSL object across all WolfSSLProvider objects
+* Release local JNI array inside WolfSSLSession.read() on function exit
+* Add multi-threaded JSSE provider client and server examples
+* Update Android AOSP install script to create missing blank files if needed
+* Update Android AOSP build fies to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
+* Update IDE/Android example Android Studio project
+* Fix default cipher suite list order used in JSSE WolfSSLContext objects
+* Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
+* Update Android AOSP Android.mk to compile wolfCrypt kdf.c
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+### wolfSSL JNI Release 1.7.0 (01/15/2021)
+
+Release 1.7.0 has bug fixes and new features including:
+
+* Fixes for Infer analysis warnings
+* Throw exception in DEFAULT\_Context creation if engineInit() fails
+* Defer creating DEFAULT WolfSSLContext until first use
+* Check if Socket is open before doing TLS shutdown in WolfSSLSocket.close()
+* Only load X509TrustStore issuers when needed by native wolfSSL verification
+* Fix compiler warnings when used with older versions of native wolfSSL
+* Verify and load intermediate CA certs in WolfSSLTrustX509.certManagerVerify()
+* Add support for setSoTimeout() in WolfSSLSocket
+* Fix suites length check in WolfSSLEngineHelper.setLocalCiphers()
+* Check for connection closed before completing handshake in SSLSocket.read/write
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.6.0 (08/26/2020)
+
+Release 1.6.0 has bug fixes and new features including:
+
+* Support for custom TrustManager checkClientTrusted(), checkServerTrusted()
+* wolfJSSE TrustManager registered as PKIX provider
+* Improved support for auto-loading system CA certificates
+* Improved Android TrustManager support
+* Use AndroidCAStore KeyStore when available on Android
+* Support for X509Certificate.getSubjectAlternativeNames()
+* Fix for native memory leak in JSSE WolfSSLTrustX509
+* Optimization of WolfSSLTrustX509 to hold less memory at idle
+* Addition of missing finalize() methods in some JSSE classes
+* Casts to uintptr\_t instead of intptr\_t at native JNI level
+* Conversion to use GetByteArrayElements for potential memory use savings
+* Consistently use wolfCrypt XMALLOC/XFREE for native memory allocation
+* Use javah in build.xml for older ant/Java versions without nativeheaderdir
+* Add JSSE debug logging for native wolfSSL with wolfssl.debug system parameter
+* Add more JSSE-level debug messages for easier troubleshooting
+* Add internal implementation of SSLParameters, WolfSSLParameters
+* Add client-side SNI support
+* Fix warnings when DH is disabled (--disable-dh)
+* Add Java thread ID to JSSE debug log messages for easier multithreaded debug
+* Improve handshake synchronization in WolfSSLSocket for multi-threaded apps
+* Add support for jsse.enableSNIExtension system property
+* Add client-side session ticket support
+* Add support for jdk.tls.client.enableSessionTicketExtension system property
+* Enable session ticket and session cert support by default on Android AOSP
+* Fixes compatibility with OkHttp on Android
+* Add support for non-blocking socket operations in WolfSSLSession/Socket
+* Moves I/O mutex locking to native level for more efficient locking
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.5.0 (01/17/2020)
+
+Release 1.5.0 has bug fixes and new features including:
+
+* New JSSE provider (wolfJSSE) including TLS 1.3 support!
+* Add JSSE debug logging with wolfjsse.debug system parameter
+* Add JSSE install script and helper files for Android AOSP
+* Add JSSE example apps (examples/provider)
+* Add JNI wrappers to detect if native features/protocols are compiled in
+* Add JNI wrapper for PKCS#8 offset getter
+* Add JNI wrapper for wolfSSL\_get\_ciphers\_iana()
+* Update build.xml to use nativeheaderdir instead of javah target
+* Update tests to use junit-4.13 / hamcrest-all-1.3
+* Update to build, now ant build does not build and run tests / examples
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.4.0 (11/16/2018)
+
+Release 1.4.0 has bug fixes and new features including:
+
+* Better support for conditional native wolfSSL feature dependencies
+* Adds methods for checking if native features are enabled
+* Optional method for loading native JNI library from a specific path
+* TLS 1.0 functions are compiled out unless WOLFSSL\_ALLOW\_TLSV10 is defined
+* Wrapper for native wolfCrypt ECC shared secret public key callback
+* Allow other HmacSHA hash types to be used in Atomic User callback examples
+* Error string buffer size set to use WOLFSSL\_MAX\_ERROR\_SZ
+* Fix for RSA doSign() output length
+* Fix for I/O, Atomic User, and Public Key callback registration in examples
+* Updated example key and certificate files
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.3.0 (12/04/2015)
+
+Release 1.3.0 has bug fixes and new features including:
+
+* Updated support to wolfSSL 3.7.0
+* Added finalizers for WolfSSLContext and WolfSSLSession classes
+* Fix for SSLv3 now disabled by default in wolfSSL proper
+* SSLv3 now marked as @Deprecated
+* PSK (pre-shared key) support for client and server
+* Better error checking and exception handling
+* New WolfSSLJNIException class
+* WolfSSLSession now cached in native WOLFSSL struct for callbacks
+* Easier inclusion of junit4 in build.xml
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.2.0 (06/02/2015)
+
+Release 1.2.0 has bug fixes and new features including:
+
+* Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
+* Benchmark functionality in example client
+* Updated example certificates
+* Better detection of Java home on Mac and Linux
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.1.0 (10/25/2013)
+
+Release 1.1.0 has bug fixes and new features including:
+
+* Updated support for CyaSSL 2.9.4
+* Updated example certificates and CRLs
+* Now expects user to have JUnit JARs pre-installed on dev platform
+* Updated unit tests, JUnit4 style
+* Android support
+* CRL monitor now optional in server mode
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+
+
+### wolfSSL JNI Release 1.0.0 (10/25/2013)
+
+Release 1.0.0 is the first public release of wolfSSL JNI, the Java wrapper for
+the CyaSSL embedded SSL library.
+
+The wolfSSL JNI Manual is available at:
+http://www.wolfssl.com/documentation/wolfSSL-JNI-Manual.pdf. For build
+instructions and more detailed comments, please check the manual.
+