wolfSSL 5.9.2 has been released with a broad range of new features and enhancements around Post-Quantum Cryptography, crypto callback support, our Rust wrapper, and embedded hardware support. Similar to wolfSSL 5.9.1, a large number of CVEs are addressed in this release, along with general bug fixes. Additionally, there are some security hardening behavior changes we want to note.
Vulnerabilities
This release addressed 32 CVEs in total, which is in line with the previously discussed trend of AI-driven CVE reporting. While this is an increase in absolute number over the previous release, it is important to note a few points:
- The number of [High] and [Critical] CVEs actually decreased.
- The time between releases 5.9.2 and 5.9.1 (~ 2 months) was larger than between 5.9.1 and 5.9.0 (< 1 month).
- The [High] CVEs this release were more narrow in scope, constrained mainly to specific OpenSSL compatibility API, or features that are disabled by default.

Use cases that are affected by [High] severity CVEs are: X509 verification with –enable-opensslextra with the API X509_verify_cert(), DTLS 1.3, the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) with TLS 1.3, X509 chain validation with Raw Public Key support (HAVE_RPK), and the OpenSSL compatibility API PKCS7_verify().
We would like to thank the many researchers from teams at NVIDIA Project Vanessa, Anthropic, UC Berkeley Sky Lab, as well as all the many independent contributors who responsibly disclosed these vulnerabilities.
See our wolfSSL Vulnerability page for the full list.
New Features
- wolfCrypt SRAM PUF (Physically Unclonable Function) support, deriving device-unique keys from SRAM power-on state using a BCH fuzzy extractor and HKDF (wc_PufInit, wc_PufEnroll, wc_PufReconstruct).
- wolfCrypt SHE (Secure Hardware Extension) support for the SHE key management standard.
Security Hardening / Behavior changes
- FIPS 205 SLH-DSA: The SLH-DSA sign/verify hash APIs now take a pre-hashed message digest instead of a raw message (callers must now hash the message before invoking these APIs). This brings SLH-DSA’s behavior in line with ML-DSA’s wc_dilithium_{sign,verify}_ctx_hash API, as well as NIST’s ACVP signature interface.
- FIPS 204 ML-DSA: We renamed the post-quantum signature implementation from its pre-standardization name Dilithium to its NIST-standardized name ML-DSA (mirroring the earlier Kyber to ML-KEM rename). The header wolfssl/wolfcrypt/dilithium.h remains for now as a temporary compatibility shim.
- Our CmacVerify APIs were hardened to more closely conform to NIST SP 800-38B MAC length guidance, and these verify functions will now correctly enforce bounds on tag length checks.
- RSA-PSS decoding was hardened to better conform to RFC 8017 A.2.3 guidance on trailer bits.
Crypto Callbacks
- Added WOLF_CRYPTO_CB_SETKEY and WOLF_CRYPTO_CB_EXPORT_KEY generic crypto callback utilities.
- Added wc_swdev, a software CryptoCb device used by our test programs to exercise WOLF_CRYPTO_CB_ONLY_* builds.
- Added WOLF_CRYPTO_CB_ONLY_SHA512 support.
- Added CryptoCb support for SLH-DSA.
- Added crypto callback support for LMS and XMSS (crucial to their stateful management!).
- Added support for zeroizing AES session keys in TLS 1.3 with WOLF_CRYPTO_CB_AES_SETKEY.
Post Quantum Cryptography
- Added SHA-512 DRBG and FIPS module-boundary wrappers for ML-KEM, ML-DSA, LMS, XMSS, and SLH-DSA as part of the upcoming post-quantum FIPS submission.
- Added support for RFC 9802 LMSS / XMSS in X.509 certificate and CSR generation.
- Added ML-KEM support for PKCS11.
Hardware and Embedded Ports
- Added NXP LPC55S69 hardware crypto support.
- Added STM32U3 hardware crypto support.
- Added Zephyr 4.3 default TLS-socket support.
Rust Wrapper
- Added Rust crate trait implementations for: rand_core, aead, and cipher, digest and signature, and password-hash, kem, and mac.
- Added scrypt KDF and RSA-OAEP support.
Pruning / Cleanup
- The liboqs integrations for ML-KEM and ML-DSA were removed.
- The liboqs SPHINCS+ implementation was replaced with our own SLH-DSA.
- The external liblms / libxmss integrations were removed (we’ve had our own more performant implementations for a while).
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

