Cryptographic Library WolfSSL 5.1.0

Altus Intel
Altus Intel
  • Date Time

Prepared Compact Cryptographic Library WOLFSSL 5.1.0 optimized for use on embedded devices with processor and memory resources, such as Internet devices, smart home systems, automotive information systems, routers and mobile phones. The code is written in the SI language and spreads under the GPLv2 license.

Library provides high-performance implementation of modern cryptoalgorithms, including Chacha20, Curve25519, NTRU, RSA, Blake2B, TLS 1.0-1.3 and DTLS 1.2, which, according to developers, are 20 times more compact than implementations from OpenSSL. Provided both its simplified API and a layer for compatibility with OpenSSL API. There is support for OCSP (Online Certificate Status Protocol) and CRL (Certificate Revocation List) to verify certificate revocation.

Main innovations WolfSSL 5.1.0:

  • Added support for platforms: NXP SE050 (with support for CURVE25519) and
    Renesas Ra6m4. For Renesas RX65N / RX72N Added support for TSIP 1.14 (Trusted Secure IP) .
  • Added the ability to use post-quantum cryptography algorithms in port for the Apache HTTP server. For TLS 1.3, a diagram of digital signatures NIST Round 3 Falcon has been implemented. Added CURL tests collected from WolfSSL in cryptoalgothimims, resistant to the selection on a quantum computer.
  • in the layer to ensure compatibility with other libraries and applications added support for NGINX 1.21.4 and Apache Httpd 2.4.51.
  • In the code for compatibility with added support for OpenSSL SSL_OP_NO_TLSv1_2 flag and SSL_CTX_get_max_early_data functions, SSL_CTX_set_max_early_data, SSL_set_max_early_data, SSL_get_max_early_data, SSL_CTX_clear_mode, SSL_CONF_cmd_value_type, SSL_read_early_data, SSL_write_early_data.
  • Added the ability to register Callback functions to replace the built-in implementation of the AES-CCM algorithm.
  • Added Macro WolfSSL_CUSTOM_OID to generate own OID for CSR (CERTIFICATE Signing Request).
  • Added support for deterministic ECC signatures included with Macros FSSL_ECDSA_DETERMINISTIC_K_VARIANT.
  • Added new features WC_GETPUBKEYDERFROMCERT, WC_INITDECODECERT, WC_PARSECERT and WC_FREEDECDECERT.
  • eliminated two vulnerabilities that have been assigned a low level of danger. The first vulnerability allows DOS attack on the client application during the MITM attack on the TLS 1.2 connection. The second vulnerability is related to the possibility of obtaining control over the resumption of the client session when using a proxy based on WolfSSL or connections that do not check the entire chain of confidence in the server certificate.
/Media reports.

© 2024 - Altus Intel