wolfSSL Release 5.6.4

    • wolfSSL version 5.6.4 is now available! This update introduces a number of exciting new features. We’ve added post-quantum support to DTLS 1.3, expanded sniffer support with keylog use, integrated post-quantum stateful hash-based signature schemes like LMS/HSS and XMSS/XMSS^MT, introduced Ada bindings, expanded our range with additional SM2 cipher suites, and incorporated AES EAX mode, and much more! Alongside these enhancements, the release brings quality improvements and addresses one identified vulnerability. You can review the full rundown of updates in the included ChangeLog.md. Here’s a breakdown of the latest features and enhancements:

    New Feature Additions

    • DTLS 1.3 PQC: support fragmenting the second ClientHello message. This allows arbitrarily long keys to be used, opening up support for all PQC ciphersuites in DTLS 1.3.
    • SM2/SM3/SM4: Chinese cipher support including TLS 1.3 and 1.2 cipher suites. SM2 SP math implementation available for improved performance and minimum size. Bare metal support available.
    • Ability to parse ASN1 only with SMIME_read_PKCS7
    • Added support for MemUse Entropy on Windows
    • Added Ada Bindings for wolfSSL, benefiting Ada language users who need to add security and FIPS to their designs.
    • Added a PEM example that converts to and from DER/PEM.
    • Added LMS/HSS and XMSS/XMSS^MT stateful hash-based signature scheme wolfcrypt hooks, both normal and verify-only options. wolfBoot, wolfSSH, and wolfSSL will inherit this functionality from wolfCrypt for users moving to CNSA 2.0
    • Added support for the AES EAX mode of operation
    • Port for use with Hitch (https://github.com/varnish/hitch) added
    • Add XTS API’s to handle multiple sectors in the new port to VeraCrypt. VeraCrypt users now have access to FIPS based encryption of wolfCrypt.
    • Sniffer tool now supports decrypting TLS sessions using secrets obtained from a SSLKEYLOGFILE

    Enhancements and Optimizations

    • Turned on SNI by default on hosts with resources
    • Improved support for Silicon Labs Simplicity Studio and the ERF32 Gecko SDK
    • Thumb-2 and ARM32 Curve25519 and Ed25519 assembly have significantly improved performance.
    • Thumb-2 AES assembly code added.
    • Thumb-2 and ARM32 SP implementations of RSA, DH and ECC have significantly improved performance.
    • Minor performance improvements to SP ECC for Intel x64.
    • AES-XTS assembly code added for Intel x64, Aarch64 and ARM32 to dramatically improve performance
    • Added support for X963 KDFs to ECIES.
    • Added 32-bit type only implementation of AES GMULT using tables.
    • Add support for nginx version 1.25.0 for those using nginx with wolfSSL
    • Add support for Kerberos version 5 1.21.1
    • Check all CRL entries in case a single issuer has multiple CRL’s loaded
    • CRL verify of the entire chain including loaded CA’s
    • Added example for building wolfSSL as an Apple universal binary framework using configure

    If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

    Download wolfSSL Now