wolfSSL release 5.7.4 is now available, with exciting optimizations for ARM devices and enhancements to post-quantum cryptography algorithms. If you’re using wolfSSL on RISC-V, we’ve also included new performance enhancements specifically for RISC-V devices. Alongside these optimizations and new features, several important fixes were made. One notable fix involves the behavior of X509_STORE_add_cert() and X509_STORE_load_locations() functions to better align with OpenSSL when the compatibility layer is enabled.
Below are some of the key changes in this release. For a more comprehensive list, refer to the ChangeLog.

New Features and Additions

• RISC-V 64: Added new assembly optimizations for SHA-256, SHA-512, ChaCha20, Poly1305, and SHA-3 (PRs 7758, 7833, 7818, 7873, 7916).

• DTLS 1.2 Connection ID: Implemented support for Connection ID (CID) (PR 7995).

• DevkitPro Support: Added support for (DevkitPro)libnds (PR 7990).

• Mosquitto: Added a port for Mosquitto OSP (Open Source Project) (PR 6460).

• sssd: Added a port for init sssd (PR 7781).

• eXosip2: Added support for eXosip2 (PR 7648).

• STM32G4: Added support for STM32G4 (PR 7997).

• MAX32665 and MAX32666: Added support for TPU hardware and ARM ASM crypto callback (PR 7777).

• libspdm: Added support for building wolfSSL to be used in libspdm (PR 7869).

• Nucleus Plus: Added support for use with Nucleus Plus 2.3 (PR 7732).

• RFC5755 Attribute Certificates: Initial support for x509 attribute certificates (acerts) with --enable-acert (PR 7926).

• PKCS#11 RSA Padding Offload: Allows tokens to perform CKM_RSA_PKCS (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt) (PR 7750).

• Heap/Pool Allocation: Added “new” and “delete” style functions for heap/pool allocation and freeing of low-level crypto structures (PRs 3166, 8089).

Espressif / Arduino Updates

• Updated wolfcrypt settings.h

• Updated Espressif SHA, utility, memory, and time helpers (PR 7955).

• Fixed _thread_local_start and _thread_local_end for Espressif (PR 8030).

• Enhanced benchmarking for Espressif devices (PR 8037).

• Introduced Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME in Kconfig (PR 7866).

• Added wolfSSL esp-tls

• Updated wolfSSL release for Arduino (PR 7775).

Post-Quantum Crypto Updates

• Dilithium: Support for fixed-size arrays in dilithium_key (PR 7727).

• Dilithium Precalc: Added option to use precalc with small sign (PR 7744).

• Kyber FIPS: Allowed Kyber to be built with FIPS (PR 7788).

• Kyber in Linux Kernel: Enabled Kyber ASM usage in Linux kernel module (PR 7872).

• Dilithium, Kyber: Updated to final specifications (PR 7877).

• Dilithium FIPS: Supported FIPS 204 Draft and Final Draft (PRs 7909, 8016).

ARM Assembly Optimizations

• ARM32: Added assembly optimizations for ChaCha20 and Poly1305 (PR 8020).

• Poly1305 Aarch64: Improved Poly1305 assembly optimizations for Aarch64 (PR 7859).

• Poly1305 Thumb-2: Poly1305 Thumb-2

• STM32CubePack: Added ARM ASM build option to STM32CubePack (PR 7747).

• Visual Studio: Added ARM64 support to the Visual Studio project (PR 8010).

• Kyber ARM Optimizations: Added assembly optimizations for ARM32, Aarch64, ARMv7E-M, and ARMv7-M (PRs 8040, 7998, 7706).

If you have questions about any of the above, please contact us facts@wolfssl.com or +1 425 245 8247.
wolfSSL is the best tested TLS