wolfSSL release 5.7.4 is now available, with exciting optimizations for ARM devices and enhancements to post-quantum cryptography algorithms. If you’re using wolfSSL on RISC-V, we’ve also included new performance enhancements specifically for RISC-V devices. Alongside these optimizations and new features, several important fixes were made. One notable fix involves the behavior of X509_STORE_add_cert()
and X509_STORE_load_locations()
functions to better align with OpenSSL when the compatibility layer is enabled.
Below are some of the key changes in this release. For a more comprehensive list, refer to the ChangeLog.
New Features and Additions
- RISC-V 64: Added new assembly optimizations for SHA-256, SHA-512, ChaCha20, Poly1305, and SHA-3 (PRs 7758, 7833, 7818, 7873, 7916).
- DTLS 1.2 Connection ID: Implemented support for Connection ID (CID) (PR 7995).
- DevkitPro Support: Added support for (DevkitPro)libnds (PR 7990).
- Mosquitto: Added a port for Mosquitto OSP (Open Source Project) (PR 6460).
- sssd: Added a port for
init sssd
(PR 7781). - eXosip2: Added support for eXosip2 (PR 7648).
- STM32G4: Added support for STM32G4 (PR 7997).
- MAX32665 and MAX32666: Added support for TPU hardware and ARM ASM crypto callback (PR 7777).
- libspdm: Added support for building wolfSSL to be used in libspdm (PR 7869).
- Nucleus Plus: Added support for use with Nucleus Plus 2.3 (PR 7732).
- RFC5755 Attribute Certificates: Initial support for x509 attribute certificates (acerts) with
--enable-acert
(PR 7926). - PKCS#11 RSA Padding Offload: Allows tokens to perform CKM_RSA_PKCS (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt) (PR 7750).
- Heap/Pool Allocation: Added “new” and “delete” style functions for heap/pool allocation and freeing of low-level crypto structures (PRs 3166, 8089).
Espressif / Arduino Updates
- Updated
wolfcrypt settings.h
- Updated Espressif SHA, utility, memory, and time helpers (PR 7955).
- Fixed
_thread_local_start
and_thread_local_end
for Espressif (PR 8030). - Enhanced benchmarking for Espressif devices (PR 8037).
- Introduced Espressif common
CONFIG_WOLFSSL_EXAMPLE_NAME
in Kconfig (PR 7866). - Added
wolfSSL esp-tls
- Updated wolfSSL release for Arduino (PR 7775).
Post-Quantum Crypto Updates
- Dilithium: Support for fixed-size arrays in
dilithium_key
(PR 7727). - Dilithium Precalc: Added option to use precalc with small sign (PR 7744).
- Kyber FIPS: Allowed Kyber to be built with FIPS (PR 7788).
- Kyber in Linux Kernel: Enabled Kyber ASM usage in Linux kernel module (PR 7872).
- Dilithium, Kyber: Updated to final specifications (PR 7877).
- Dilithium FIPS: Supported FIPS 204 Draft and Final Draft (PRs 7909, 8016).
ARM Assembly Optimizations
- ARM32: Added assembly optimizations for ChaCha20 and Poly1305 (PR 8020).
- Poly1305 Aarch64: Improved Poly1305 assembly optimizations for Aarch64 (PR 7859).
- Poly1305 Thumb-2: Added Poly1305 optimizations for Thumb-2 (PR 7939).
- STM32CubePack: Added ARM ASM build option to STM32CubePack (PR 7747).
- Visual Studio: Added ARM64 support to the Visual Studio project (PR 8010).
- Kyber ARM Optimizations: Added assembly optimizations for ARM32, Aarch64, ARMv7E-M, and ARMv7-M (PRs 8040, 7998, 7706).
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now