wolfSSL 3.12.2 is now available for download! This release includes many performance improvements with Intel ASM (AVX/AVX2) and AES-NI. wolfSSL has implemented a new single precision math option to speed up RSA, DH and ECC in this release. Embedded hardware support has been expanded for STM32, PIC32MZ and ATECC508A, and AES-XTS mode support has been added for use with disk encryption.
There have been improvements to some of our certificate API’s that allow for setting the serial number, key usage and extended key usage. A refactor of the `SSL_` API’s and hash types has been performed to allow OpenSSL coexistence. There have been improvements made for TLS 1.3 support in this release. A fix was implemented for OCSP stapling to prevent sending the extension unexpectedly, WOLFSSL specific user contexts were added for callbacks, and there were fixes for some OpenSSL and MySQL compatibility functions. The wolfSSL Micrium port was updated for Micrium uC/OS-III, and there were fixes implemented for asynchronous modes as well.
Continue reading below for a summary of the features and fixes included in this release!
General Improvements:
- Speedups for SHA2, ChaCha20/Poly1035 using AVX/AVX2
- Speedups for AES GCM with AES-NI (–enable-aesni)
- New Single Precision math option for RSA, DH and ECC (See –enable-sp) (all off by default).
- Math updates and added TFM_MIPS speedup
- Fixes for HAVE_INTEL_MULX
- Added AES XTS mode (–enable-xts)
- Rename the file io.h/io.c to wolfio.h/wolfio.c
- Cleanup the wolfIO_Send function
- Improvements to Visual Studio DLL project/solution
- Added function to generate public ECC key from private key
- Added async blocking support for sniffer tool
- Updated Micrium uC/OS-III Port
TLS v1.3:
- Fixes for various TLS 1.3 disable options (RSA, ECC and ED/Curve 25519)
- Fix to disallow upgrading to TLS v1.3
- Fixes for wolfSSL_EVP_CipherFinal() when message size is a round multiple of a block size
- Add HMAC benchmark and expanded AES key size benchmarks
- Added simple GCC ARM Makefile example (see IDE/GCC-ARM)
- Add tests for 3072-bit RSA and DH
- Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
Certificates:
- Alternate certificate chain support with WOLFSSL_ALT_CERT_CHAINS defined enables checking a cert against multiple CA’s
- Fixes to allow custom serial number during certificate generation
- Added method to get WOLFSSL_CTX certificate manager
- Improvement to wolfSSL_SetOCSP_Cb to allow a context per WOLFSSL object
- Updated root certs for OCSP scripts
- Added ASN Extended Key Usage Support. (See wc_SetExtKeyUsage)
- Fix for creation of the KeyUsage BitString
Extensions:
- Added TLS extension for Supported Point Formats (ec_point_formats)
- Fix to not send OCSP stapling extensions in client_hello when not enabled
OCSP Stapling:
- Added new API’s for disabling OCSP stapling
- Add check for SIZEOF_LONG with Sun and LP64
Settings Updates:
- Added new –disable-oldnames option to allow for using openssl alongside wolfssl headers (without OPENSSL_EXTRA)
- Refactor SSL_ and hashing types to use wolf specific prefix (WOLFSSL and WC_) to allow OpenSSL coexistence
- Added configure option for building library for wolfSSH (–enable-wolfssh)
- Added ability to use wolf implementation of strtok using USE_WOLF_STRTOK
MySQL Support:
- Cleanup include paths for MySQL cmake build
- Fix for 8k keys with MySQL compatibility
OpenSSL compatibility:
- OpenSSL compatibility layer improvements, additions, and fixes
Testing:
- Expanded API unit tests
- Update HASH_DRBG Reseed mechanism and add test case
- Added wolfCrypt hash tests for empty string and large data
Hardware Support:
- Fixes for STM32 crypto hardware acceleration
- Fixes for ATECC508A
- Fixes for PIC32MZ hashing
- Fixes and improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V
