Guidance for FIPS Customers: Auditing Direct Calls to wc_ecc_verify_hash()

    • The fix for CVE-2026-5194 is available in wolfSSL 5.9.1. Upgrading to the new version resolves the issue for TLS, DTLS, and X.509 users.

    FIPS customers need to take a closer look. FIPS users who call wc_ecc_verify_hash() or wc_ecc_verify_hash_ex() directly may remain exposed until they add a small check at their call sites. The required check is cheap and closes the attack window entirely.

    Getting started with wolfSSL? Download the latest libraries here and start exploring.

    Who should audit

    You should audit your code if both are true:

    1. You are running a FIPS-licensed build of wolfSSL.
    2. Your application calls wc_ecc_verify_hash() or wc_ecc_verify_hash_ex() directly, outside of TLS, DTLS, or X.509 paths handled by wolfSSL internally.

    If you only use ECDSA signature verification via TLS, DTLS, or X.509, then updating to wolfSSL 5.9.1 is sufficient.

    Finding call sites

    grep -rn "wc_ecc_verify_hash" *

    Search for the “wc_ecc_verify_hash” string in your application that leverages wolfCrypt. For each hit, confirm the hash length input is valid before the verify call as shown below.

    The fix

    Place this check immediately before each direct call:

    if (hashLen < WC_MIN_DIGEST_SIZE) {
    /* Refuse to verify — digest is too short to be safe. */
    ret = -1; 
}

if (ret == 0) {
ret = wc_ecc_verify_hash(sig, sigLen, hash, hashLen, &is_valid_sig, &key);
}

    WC_MIN_DIGEST_SIZE is the smallest hash digest size allowed by your wolfSSL configuration. The check will ensure that the verify call isn’t invoked with any truncated input. And because this check lives in application code, adding it does not affect your FIPS certification status. You can reference our ecc-verify-minimal.c example for a complete application that demonstrates this.

    Recommended steps

    1. Update to the latest wolfSSL release.
    2. Run the grep above and audit each call site.
    3. Add the length check where it's missing, especially where inputs come from untrusted sources.
    4. Contact suport@wolfssl.com if you're unsure about your exposure or would like help reviewing your integration.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now