wolfSSL is happy to announce that we’ve recently added support for AES-SIV (synthetic initialization vector). Our implementation is based on the specification in RFC 5297. SIV mode is designed to be resistant to security degradation from accidental nonce reuse. Notably, AES-SIV is a mandatory AEAD algorithm for network time protocol (NTP) servers supporting network time security (NTS), per RFC 8915. We added AES-SIV to support our chrony 4.1 port, which is one of the only major NTP implementations that currently supports NTS.
Please reach out to facts@wolfssl.com if you have any questions about AES-SIV or our chrony port!