wolfSSL 5.9.2 release blog

wolfSSL 5.9.2 has been released with a broad range of new features and enhancements around Post-Quantum Cryptography, crypto callback support, our Rust wrapper, and embedded hardware support. Similar to wolfSSL 5.9.1, a large number of CVEs are addressed in this release, along with general bug fixes. Additionally, there are some security hardening behavior changes we want to note.

Vulnerabilities

This release addressed 32 CVEs in total, which is in line with the previously discussed trend of AI-driven CVE reporting. While this is an increase in absolute number over the previous release, it is important to note a few points:

  • The number of [High] and [Critical] CVEs actually decreased.
  • The time between releases 5.9.2 and 5.9.1 (~ 2 months) was larger than between 5.9.1 and 5.9.0 (< 1 month).
  • The [High] CVEs this release were more narrow in scope, constrained mainly to specific OpenSSL compatibility API, or features that are disabled by default.


Use cases that are affected by [High] severity CVEs are: X509 verification with –enable-opensslextra with the API X509_verify_cert(), DTLS 1.3, the Renesas TSIP TLS port (WOLFSSL_RENESAS_TSIP_TLS) with TLS 1.3, X509 chain validation with Raw Public Key support (HAVE_RPK), and the OpenSSL compatibility API PKCS7_verify().

We would like to thank the many researchers from teams at NVIDIA Project Vanessa, Anthropic, UC Berkeley Sky Lab, as well as all the many independent contributors who responsibly disclosed these vulnerabilities.

See our wolfSSL Vulnerability page for the full list.

New Features

Security Hardening / Behavior changes

  • FIPS 205 SLH-DSA: The SLH-DSA sign/verify hash APIs now take a pre-hashed message digest instead of a raw message (callers must now hash the message before invoking these APIs). This brings SLH-DSA’s behavior in line with ML-DSA’s wc_dilithium_{sign,verify}_ctx_hash API, as well as NIST’s ACVP signature interface.
  • FIPS 204 ML-DSA: We renamed the post-quantum signature implementation from its pre-standardization name Dilithium to its NIST-standardized name ML-DSA (mirroring the earlier Kyber to ML-KEM rename). The header wolfssl/wolfcrypt/dilithium.h remains for now as a temporary compatibility shim.
  • Our CmacVerify APIs were hardened to more closely conform to NIST SP 800-38B MAC length guidance, and these verify functions will now correctly enforce bounds on tag length checks.
  • RSA-PSS decoding was hardened to better conform to RFC 8017 A.2.3 guidance on trailer bits.

Crypto Callbacks

Post Quantum Cryptography

Hardware and Embedded Ports

Rust Wrapper

Pruning / Cleanup

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now