Skip to content

Commit

Permalink
Merge pull request #81 from cconlon/1.7release
Browse files Browse the repository at this point in the history
Prep for 1.7 Release
  • Loading branch information
JacobBarthelmeh authored Nov 11, 2024
2 parents 280032d + 2cb30f7 commit b75d8aa
Show file tree
Hide file tree
Showing 19 changed files with 592 additions and 139 deletions.
24 changes: 24 additions & 0 deletions ChangeLog.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,27 @@
### wolfCrypt JNI Release 1.7.0 (11/11/2024)

Release 1.7.0 of wolfCrypt JNI and JCE has bug fixes and new features including:

**New JCE Functionality:**
- New WolfSSLKeyStore (WKS) KeyStore implementation for FIPS 140-2/3 compliance (PR 67)

**JNI and JCE Changes:**
- Remove call to BigInteger.longValueExact(), not available on some Java versions (PR 76)
- Detect `RSA_MIN_SIZE` in tests, add `Rsa.RSA_MIN_SIZE` helper (PR 77)
- Fix pointer use in native `X509CheckPrivateKey()` (PR 80)

**Example Changes:**
- Set keytool path correctly in `system-cacerts-to-wks.sh` (PR 78)
- Add example Android Studio project (IDE/Android) (PR 79)

**Testing Changes:**
- Run Facebook Infer on pull requests with GitHub Actions (PR 74)
- Add Android Gradle build with GitHub Actions to run on all pull requests (PR 79)

The wolfCrypt JNI/JCE Manual is available at:
https://www.wolfssl.com/documentation/manuals/wolfcryptjni/. For build
instructions and more details comments, please check the manual.

### wolfCrypt JNI Release 1.6.0 (4/17/2024)

Release 1.6.0 of wolfCrypt JNI and JCE has bug fixes and new features including:
Expand Down
31 changes: 24 additions & 7 deletions IDE/WIN/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,12 @@ section titled `/* Configuration */`:
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```

If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.

After editing and saving the `user_settings.h` file, select one of the following
DLL Library configurations and build the wolfSSL library solution:

Expand Down Expand Up @@ -204,8 +208,12 @@ and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```

If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.

6. Build the `wolfssl-fips` project, which will create a DLL in one of the
following locations:

Expand All @@ -230,28 +238,33 @@ in the wolfCrypt tests successfully running.
See the FIPS User Guide for more details on the FIPS verifyCore hash, or
email [email protected].

## wolfSSL FIPS 140-3 (Upcoming)
## wolfSSL FIPS 140-3 (Certificate #4718)

To build a version of wolfSSL that has been submitted for FIPS 140-3, use
the Visual Studio solution file under the `IDE\WIN10` directory inside the
wolfSSL package:
To build a wolfSSL FIPS 140-3 variant for use with FIPS 140-3 certificate
#4718, use the Visual Studio solution file located in the `IDE/WIN10`
directory inside the wolfSSL package:

```
<wolfssl>\IDE\WIN10\wolfssl-fips.sln
```

Follow instructions in the above section for 140-2 / 3389, except use the
following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
`HAVE_FIPS_VERSION_MINOR` in `user_settings.h`:
following values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`,
`HAVE_FIPS_VERSION_MAJOR`, `HAVE_FIPS_VERSION_MINOR`, and
`HAVE_FIPS_VERSION_PATCH` in `user_settings.h`:

```
#if 1
#undef HAVE_FIPS
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 5
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR 5
#undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 1
#define HAVE_FIPS_VERSION_MINOR 2
#undef HAVE_FIPS_VERSION_PATCH
#define HAVE_FIPS_VERSION_PATCH 0
#endif
```

Expand All @@ -261,8 +274,12 @@ The following additional defines will also need to be added to
```
#define WOLFSSL_KEY_GEN
#define HAVE_CRL
#define OPENSSL_ALL
```

If also building wolfSSL JNI/JSSE, additional defines may be needed. Please
reference the Windows build documentation for wolfSSL JNI/JSSE if so.

For additional help, contact [email protected].

# Building wolfCrypt JNI/JCE Library
Expand Down
1 change: 1 addition & 0 deletions IDE/WIN/wolfcryptjni.vcxproj
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@
<ClCompile Include="..\..\jni\jni_feature_detect.c" />
<ClCompile Include="..\..\jni\jni_fips.c" />
<ClCompile Include="..\..\jni\jni_hmac.c" />
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c" />
<ClCompile Include="..\..\jni\jni_logging.c" />
<ClCompile Include="..\..\jni\jni_md5.c" />
<ClCompile Include="..\..\jni\jni_native_struct.c" />
Expand Down
3 changes: 3 additions & 0 deletions IDE/WIN/wolfcryptjni.vcxproj.filters
Original file line number Diff line number Diff line change
Expand Up @@ -170,5 +170,8 @@
<ClCompile Include="..\..\jni\jni_wolfssl_cert_manager.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="..\..\jni\jni_jce_wolfsslkeystore.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ on the current release):
<dependency>
<groupId>com.wolfssl</groupId>
<artifactId>wolfcrypt-jni</artifactId>
<version>1.6.0-SNAPSHOT</version>
<version>1.7.0-SNAPSHOT</version>
</dependency>
</dependencies>
...
Expand Down
2 changes: 1 addition & 1 deletion build.xml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
<!-- versioning/manifest properties -->
<property name="implementation.vendor" value="wolfSSL Inc." />
<property name="implementation.title" value="wolfCrypt JNI" />
<property name="implementation.version" value="1.6" />
<property name="implementation.version" value="1.7" />

<!-- set properties for this build -->
<property name="src.dir" value="src/main/java/" />
Expand Down
2 changes: 1 addition & 1 deletion examples/WindowsConfig.bat
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
:: included by other example .bat files.

:: wolfSSL Normal non-FIPS (DLL Debug x64)
SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\IDE\WIN10\DLL Debug\x64
SET WOLFSSL_DLL_DIR=..\..\..\wolfssl\DLL Debug\x64
SET WOLFCRYPTJNI_DLL_DIR=..\..\IDE\WIN\DLL Debug\x64

:: wolfSSL Normal non-FIPS (DLL Release x64)
Expand Down
14 changes: 13 additions & 1 deletion examples/certs/systemcerts/system-cacerts-to-wks.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,19 @@ export DYLD_LIBRARY_PATH=../../../lib:$DYLD_LIBRARY_PATH

OUTDIR=`pwd`

# First argument can be passed in to represent path to
# wolfcrypt-jni.jar provider JAR. If not given, use default.
if [ -z "$1" ]; then
# default wolfcrypt-jni.jar path
PROVIDER_PATH="../../../lib/wolfcrypt-jni.jar"
else
# use custom provider path
PROVIDER_PATH=$1
fi

# ARGS: <input-keystore-name> <output-keystore-name> <in-password> <out-password> <java home>
jks_to_wks() {
${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath ../../../lib/wolfcrypt-jni.jar &> /dev/null
${5}/bin/keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath "$PROVIDER_PATH"
if [ $? -ne 0 ]; then
printf "Failed to convert JKS to WKS!"
exit 1
Expand All @@ -58,6 +68,8 @@ else
javaHome="$JAVA_HOME"
fi

echo "PROVIDER_PATH: $PROVIDER_PATH"

# Set up Java include and library paths for OS X and Linux
# NOTE: you may need to modify these if your platform uses different locations
if [ "$OS" == "Darwin" ]; then
Expand Down
4 changes: 4 additions & 0 deletions jni/jni_ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -338,7 +338,9 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1export_1private(
}

if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_ecc_export_private_only(ecc, output, &outputSz);
PRIVATE_KEY_LOCK();
}

if (ret == 0) {
Expand Down Expand Up @@ -1054,7 +1056,9 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1private_1ke
}

if (ret == 0) {
PRIVATE_KEY_UNLOCK();
ret = wc_EccPrivateKeyToDer(ecc, derKey, derKeySz);
PRIVATE_KEY_LOCK();
if (ret >= 0) {
derKeySz = ret;
ret = 0;
Expand Down
Loading

0 comments on commit b75d8aa

Please sign in to comment.