wolfSSL 3.15.5 is Now Available

This release contains many new exciting additions to the wolfSSL embedded IoT library and some fixes to existing features. One of the changes with TLS 1.3 was adding in the capability of doing a TLS 1.3 only build. In addition to having the TLS 1.3 only build, OCSP stapling support with TLS 1.3 was added along with some fixes for asynchronous crypto use with the TLS 1.3 implementation.

Enhancements and fixes were made for PKCS parsing:

  • Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free functions
  • Support for PKCS#11 added with “--enable-pkcs11
  • Expanded PKCS#7 CMS support with KEKRI, PWRI and ORI
  • Streaming capability for PKCS#7 decoding and sign verify added
  • Added support for constructed OCTET_STRING with PKCS#7 signed data
  • Fix for PKCS8 padding with encryption
  • Added support for generic ECC PEM header/footer with PKCS8 parsing

Additional ports were added and some of the existing ports were updated to make it easy to use wolfSSL in new environments:

  • Port for ASIO added with “--enable-asio” configure flag
  • Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/*
  • Added a wolfSSL static library project for Atollic TrueSTUDIO
  • Contiki port added with macro WOLFSSL_CONTIKI
  • AF_ALG and cryptodev-linux crypto support added
  • Added support for the STM32L4 with AES/SHA hardware acceleration
  • Renesas e2studio project files added
  • Renesas RX example project added
  • Added reference STSAFE-A100 public key callbacks for TLS support
  • Added reference ATECC508A/ATECC608A public key callbacks for TLS support

Existing ports that were updated:

  • Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX
  • Updated support for latest CryptoAuthLib (10/25/2018)
  • Fixes for MQX classic 4.0 with IAR-EWARM
  • Updates to Nucleus version supported
  • Updates to Rowley-Crossworks settings for CMSIS 4
  • Updates to support Lighttpd
  • Fixes for OCSP use with NGINX port
  • Updates to XCODE build with wolfSSL
  • PIC32MZ hardware acceleration buffer alignment fixes
  • Fixes and enhancements for NXP K82 support
  • Relocate compatibility layer functions for OpenSSH port update
  • Updates and enhancements to the GCC-ARM example
  • Updates for wolfcrypt JNI wrapper

Additional Features:

  • Added DTLS either (server/client) side initialization setting
  • Flag to disable AES-CBC and have only AEAD cipher suites with TLS “--disable-aescbc
  • Added “--enable-asn=nocrypt” for certificate only parsing support
  • Benchmark enhancements to print in CSV format and in Japanese
  • Added Japanese output to example server and client with “-1 1” flag
  • Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size
  • Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL
  • Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check
  • Added public key callbacks to ConfirmSignature function to expand public key callback support
  • Added ECC and Curve25519 key generation callback support
  • Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state)
  • Added  wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting
  • Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV
  • Added APIs to support GZIP
  • Version resource added for Windows DLL builds

Optimizations:

  • Memory free optimizations with adding in earlier free’s where possible
  • ALT_ECC_SIZE use with SP math
  • Stack size reduction with smallstack build
  • Fix for assembly optimized version of Curve25519
  • Fix for DH algorithm when using SP math with ARM assembly

Macro and Behavior Changes:

  • Renamed the macro INLINE to WC_INLINE for inline functions
  • Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes
  • Make SOCKET_PEER_CLOSED_E consistent between read and write cases

For a full list of changes see the changelog located at https://www.wolfssl.com/docs/wolfssl-changelog/