#Crypto Christmas with wolfSSL 3.10.0, including #FIPS140

As a Christmas present to our users, customers, and community, wolfSSL is releasing version 3.10.0 of the wolfSSL embedded SSL/TLS library. Version 3.10.0 includes lots of great new features and is now available from our download page.

Features included in version 3.10.0 include:

– Support for SHA-224
– Support for scrypt
– Build for Intel SGX, located in the IDE/WIN-SGX directory
– Fix for ChaCha20-Poly1305 ECDSA certificate type request
– Enhancements for PKCS#7 with support for ECC EnvelopedData
– AES key wrap support
– Support for RIOT OS
– Support for parsing PKCS#12 files
– ECC performance enhancements with custom curves
ARMv8 expansion to AArch32 and performance increases
ANSI-X9.63-KDF support
– Port to STM32 F2/F4 CubeMX
– Port to Atmel ATECC508A board
– Removal of fPIE by default when wolfSSL library is compiled
– Updated Python wrapper, dropping DES and adding wc_RSASetRNG
– Support for NXP K82 hardware acceleration
– SCR client and server verify check
– New disable RNG option with autoconf
– Addition of more tests vectors to test.c for AES-CTR
– Updated DTLS session export version number
– Updated DTLS support for 64-bit sequence numbers
– Fix for memory management with TI and WOLFSSL_SMALL_STACK
– Hardening of RSA CRT to be constant time
– Fix for an uninitialized warning with IAR compiler
– Fix for C# wrapper example IO hang on unexpected connection termination

This release of wolfSSL also fixes one low level security vulnerability. The vulnerability reported was a potential cache attack on RSA operations. If using wolfSSL RSA on a server which other users can have access to monitor the cache, then it is recommended to update wolfSSL. Thanks to Andreas Zankl, Johann Heyszl and Georg Sigl at Fraunhofer AISEC for the report.

As always, please contact us at facts@wolfssl.com with any questions, comments, or feedback on the wolfSSL embedded SSL/TLS library. We wish you a Happy Holidays, and look forward to 2017!