Topic: wolfSSL 3.10.0 Now Available

wolfSSL 3.10.0 Now Available

Version 3.10.0 of the wolfSSL embedded SSL/TLS library is now available for download. This release contains bug fixes and new features, described below.

Intel Software Guard Extensions (SGX) support

Intel SGX is a set of instructions provided by Intel that will allow end-user applications to allocate private regions in memory. The regions are called “Enclaves”. Enclaves are secure memory regions that cannot be accessed from processes with privileges above that of the calling application. IE if a malicious user were to gain “Root” privileges on your machine and you had a process running in an Enclave, even with “sudo” or “root” permissions the attacker would be unable to gain access to your application's memory in the Enclave.

Default Configure Option Changes

SHA224(--enable-sha224) is enabled by default. This configure option was added along with support for SHA224. This feature can be disabled with (--disable-sha224). See more below in “Added SHA224 support”
scrypt (--enable-scrypt) is disabled by default. This configure option was added along with support for scrypt. See more below in “Added scrypt feature”.
DISABLE-RNG If building with wolfCrypt only option (--enable-cryptonly) and other configure options such that no cryptographic functions are configured that require a random number generator, this new configure option allows a user to disable the RNG code for reduced footprint size.

Added SHA224 support

SHA224 is a truncated version of SHA256 and computed with different initial values.

Added scrypt feature

scrypt is a password-based key derivation function (PBKDF). PBKDF functions are designed to be costly operations. Typical users need only perform the function once per operation to authenticate their password. The operation time is negligible when performed once. On the other hand, a brute-force attempt by a malicious user attempting to determine a typical user’s credentials would need to be performed millions, or billions of times. The computational cost when performing a PBKDF millions or billions of time is incredibly significant. The goal of this cost is to deter brute-force attacks.

Fix for ChaCha20-Poly1305 ECDSA certificate type request

Updated SendCertificateRequest() to add a cipher suite byte check for CHACHA_BYTE.
This fixes a bug where wolfSSL was incorrectly requesting an RSA certificate when using an ECDSA-CHACHA20 cipher suite.

Enhance PKCS#7 with ECC enveloped data and AES key wrap support

EncryptedData content type (DES, 3DES, AES-128/192/256-CBC)
EnvelopedData content type (RSA/ECC-DES/3DES/AES)
Refactor of some PKCS#7 functions to reduce function length
Addition of PKCS#7 tests for EncryptedData and EnvelopedData
This functionality was interop tested against OpenSSL 1.1.0c from both encode/decode sides.               

Added support for RIOT OS

RIOT OS is a popular operating system for IoT devices. wolfSSL now offers out-of-the-box support for RIOT OS with the “Native Board” on Unix and Linux systems. To use this support please define WOLFSSL_RIOT_OS in your project or in <wolfssl-root>/wolssl/wolfcrypt/settings.h                                                     

Add support for parsing PKCS#12 files

PKCS12 files contain internal storage “containers”, called "SafeBags". Each SafeBag may be individually encrypted and signed. Specific SafeBags are set aside to store certificates, private keys and CRLs however there are additional SafeBags provided to store additional data as required by the user.                                         

ECC performance increased with custom curves

ECC_CACHE_CURVE is a new pre-processor macro which adds internal ECC states and allows for caching portions of the ECC curve for subsequent operations. This feature is disabled by default and can be enabled at configure time with ./configure CFLAGS=”-DECC_CACHE_CURVE”. This change results in the following increases in computation time:
ECC key generation: 4.2% increase in performance
ECC key agreement: 4.0% increase in performance
ECC sign operation: 6.8% increase in performance
ECC verify operation: 5.8% increase in performance                                 

ARMv8 expanded to AArch32 and performance increased

These changes handle higher levels of optimizations better including additions to clobber lists to keep optimizations from using registers possibly already in use. Also loads pointers to AES key and SHA256 K table into a register to prevent potential segmentation faults.

Added ANSI-X9.63-KDF support

Added support for X9.63 Key Derivation Function. Consumers of PKCS#7 EnvelopedData using ECC certs/keys will appreciate this addition.                                                 

Port to STM32 F2/F4 CubeMX

In <wolfssl-root>/wolssl/wolfcrypt/settings.h, notice in the sections for WOLFSSL_STM32F2 and WOLFSSL_STM32F4 new pre-processor checks have been added for the define WOLFSSL_STM32_CUBEMX (applies to either/or STM32F2/F4). If WOLFSSL_STM32_CUBEMX is defined, wolfSSL will provide hardware acceleration support for random number generation (RNG), AES, SHA1, DES3 and MD5. Please note this is only supported when using CubeMX Hardware Abstraction Layer (HAL). We expect this to also work on STM32(F0/F1/F3/F7/L0/L1/L4) as those platforms are all supported by CubeMX HAL however this functionality has only been tested on STM32F2 and STM32F4 therefore those are the only default available options at this time.                           

Port to Atmel ATECC508A board

This port comes in the form of a seperate download.
Info here: https://www.wolfssl.com/wolfSSL/wolfssl-atmel.html                 

Removed fPIE by default when wolfSSL library is compiled    

No longer assumes position independent code by default.                 

Update to Python wrapper, dropping DES and adding wc_RSASetRNG

Removed support for DES and added support for RSA blinding

Added support for NXP K82 hardware acceleration

Support for the NXP LTC math core. RSA, ECC and Ed/Curve25519 hardware acceleration. Based off KSDK 2.0 and tested on the FRDM-K82F.
Updated IDE/ROWLEY-CROSSWORKS-ARM example and the new wolfssl_ltc.hzp project file was added to demonstrate K82 LTC support.
With LTC:
RSA 2048 public 12.000 milliseconds, avg over 1 iterations
RSA 2048 private 135.000 milliseconds, avg over 1 iterations
ECC 256 key generation 17.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 15.200 milliseconds, avg over 5 iterations
EC-DSA sign time 20.200 milliseconds, avg over 5 iterations
EC-DSA verify time 33.000 milliseconds, avg over 5 iterations
Without LTC (software only):
RSA 2048 public 147.000 milliseconds, avg over 1 iterations
RSA 2048 private 2363.000 milliseconds, avg over 1 iterations
ECC 256 key generation 355.400 milliseconds, avg over 5 iterations
EC-DHE key agreement 352.400 milliseconds, avg over 5 iterations
EC-DSA sign time 362.400 milliseconds, avg over 5 iterations
EC-DSA verify time 703.400 milliseconds, avg over 5 iterations                                 

Added more tests vectors to test.c with AES-CTR

Added test vectors for AES-192 and AES-256 in addition to the already existing AES-128 test vectors.                               

Updated DTLS for 64 bit sequence numbers

Updated to use a 64-bit sequence number in every record, of which, 48-bits are used for DTLS sequence numbers.

Updated DTLS session export version number                                  

Due to the change of sequence numbers size (64-bit instead of 32-bit) there was a need to support older versions of wolfSSL that still use 32-bit sequence numbers when exporting sessions. This export version number update will allow newer versions of the library to be interoperable with older versions of the library that were using 32-bit sequence numbers.                                     

Fix for memory management with TI and WOLFSSL_SMALL_STACK

Fixed a typo where DYNAMIC_TYPE_TMP_BUFFER was misspelled in pkcs7.c. Fixed call to XFREE with variable “W_K” instead of “W” in sha256.c. Addressed structure typo where “hmac” should have been “myHmac” in hmac.c                     

Hardening RSA CRT to be constant time

Made RSA CRT operation constant time to prevent leaking useful information to attackers capable of identifying which part of the CRT operation failed.                                         

Fix for C# wrapper example IO hang on unexpected connection termination

There was a condition where “receive” API did not throw an exception when a connection was ungracefully terminated. To account for this wolfSSL added a call to Socket.Poll to check on termination status when no data is received.


Please contact wolfSSL at info@wolfssl.com with any questions about new features or fixes made in this release of wolfSSL.

References:

wolfSSL Embedded SSL/TLS Library: https://www.wolfssl.com/wolfSSL/Products-wolfssl.html
Download wolfSSL: https://wolfssl.com/wolfSSL/download/downloadForm.php