wolfSSL v4.8.1 Release

wolfSSL version 4.8.1 is available for download!!

This version of wolfSSL includes many new features, ports, and some great fixes. Some of the new features added includes:

  • A tie in for use with wolfSentry
    • wolfSentry is a universal, dynamic, embedded IDPS (intrusion detection and prevention system)
    • The build option added to enable the code for use with wolfSentry can be compiled using the autotools flag –enable-wolfsentry. wolfSentry is our new product that can be used in a similar fashion as a firewall but unlike many firewall applications available today wolfSentry is designed for deeply embedded IoT devices with resource constraints.
    • Learn more from our webinar: Introducing wolfSentry, an Embeddable IDPS
  • A number of API for the compatibility layer 
    • Helps support replacing OpenSSL using wolfSSL along with updating your crypto for FIPS requirements, 
  • A QNX CAAM driver for use with NXP’  i.MX devices, 
    • CAAM stands for Cryptographic Accelerator and Assurance Module. When used, it speeds up the cryptographic algorithms such as ECC and AES, as well as increases security by using encrypted keys and secure memory partitions.
  • Support for STM32G0
  • Zephyr project example,
    • The Zephyr Project is a scalable real-time operating system (RTOS) supporting multiple hardware architectures, optimized for resource constrained devices, and built with safety and security in mind.
  • An easy-to-use Dolphin emulator test for DEVKITPRO
    • devkitPro is a set of tool chains for compiling to gaming platforms.
  • Fixes for PKCS#7 
    • PKCS#7 is used to sign, encrypt, or decrypt messages under Public Key Infrastructure (PKI). It is also used for certificate dissemination, but is most commonly used for single sign-on.
  • Better parsing and handling of edge cases along with fixes for existing ports. 
  • Fixes that came from testing with Coverity and fsanitizer tools. 
    • Coverity is very efficient in finding issues, and is often used as a metric for good code (based on how many issues are found and fixed)
    •  fsanitizer is a static analysis tool
  • Two vulnerabilities announced, 
    • one dealing with OCSP 
      • OCSP or “Online Certificate Status Protocol” is an Internet protocol that is used to obtain the revocation status of an X.509 digital certificate.
    • the other with a previously fixed base64 PEM decoding side channel vulnerability.
      • PEM, or “Privacy Enhanced Mail” is the most common format that certificates are issued in by certificate authorities.

For a full list of changes, check out the updated ChangeLog.md bundled with wolfSSL or view our page on GitHub here (https://github.com/wolfSSL/wolfssl). Any questions can be sent directly to facts@wolfssl.com.