wolfSSL has released an update to wolfGuard, our FIPS-validated algorithm port of WireGuard. We recommend updating. Highlights from this release: AES-GCM crash fix: resolves a kernel panic on kernels dated after March 2026. Cookie security fix: sensitive cryptographic material is now reliably wiped on all validation error paths. Configuration sync fix: corrects a logic error […]
Read MoreMore TagMonth: May 2026
Full Linux FIPS 140-3 via wolfCrypt on Yocto Linux
Achieving and maintaining FIPS 140-3 compliance across embedded Linux platforms can be difficult, especially when integrating cryptography into Yocto-based environments. Register now: Full Linux FIPS 140-3 via wolfCrypt on Yocto Linux Date: May 28 | 9 AM PT Join us on May 28 at 9 AM PT for a practical technical session on integrating Full […]
Read MoreMore TagPreparing Connected Devices for the EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA) will introduce new security and maintenance expectations for connected devices sold into the EU market, including requirements around secure development, vulnerability handling, firmware integrity, and long-term support. These requirements will directly impact how devices are designed, updated, documented, and maintained throughout their lifecycle. Register now: Preparing Connected Devices for […]
Read MoreMore TagwolfCrypt FIPS 140-3 coming to pfSense
FIPS 140-3 support is coming to pfSense! pfSense is one of the most widely deployed open-source firewall and router platforms in the world, powering everything from small office networks to large enterprise and government deployments. Built on FreeBSD, pfSense has earned a reputation for stability, flexibility, and a rich feature set spanning VPN, IDS/IPS, captive […]
Read MoreMore TagLMS versus XMSS versus SLH-DSA Performance Data
In a previous post, we spoke about LMS, XMSS and SLH-DSA in relation to wolfBoot and let you know we’d be bringing some benchmarking numbers. Voila! Algorithm / Parameter Set Sig Size/Strength Verification Time (ms) Operations Per Second LMS/HSS L2_H10_W2 9300 0.118 8500.588 LMS/HSS L2_H10_W4 5076 0.219 4557.764 LMS/HSS L3_H5_W4 7160 0.324 3088.329 LMS/HSS L3_H5_W8 […]
Read MoreMore TagwolfProvider FIPS for the Linux TPM2 Software Stack
As part of wolfSSL’s Full Linux FIPS project, wolfProvider provides FIPS 140-3 validated cryptography for the Linux TPM2 software stack, covering both libtss2 (the core TSS2 libraries) and tpm2-tools. Why This Matters TPM 2.0 is the hardware root of trust on nearly every modern Linux system. It underpins LUKS disk encryption sealed to PCR values, […]
Read MoreMore TagwolfGuard: FIPS-Compliant WireGuard VPN, Now Native in wolfIP
wolfIP now includes native wolfGuard support, bringing a FIPS-compliant WireGuard VPN tunnel directly into the stack. wolfGuard replaces the standard WireGuard cipher suite (Curve25519, ChaCha20-Poly1305, BLAKE2s) with FIPS-certified alternatives (P-256 ECDH, AES-256-GCM, SHA-256) using wolfSSL cryptographic primitives, while preserving the Noise IKpsk2 handshake and its security properties including perfect forward secrecy and automatic key rotation. […]
Read MoreMore TagOTA Demonstrator with wolfBoot, wolfTPM and wolfMQTT
Our new demonstrator is available on GitHub. This demonstrator showcases a secure over-the-air (OTA) firmware update workflow using wolfSSL components and a software TPM. It integrates: wolfBoot for secure boot loader wolfTPM for root of trust wolfMQTT for update delivery wolfSSL / wolfCrypt for secure communication and verification The demo runs on Linux and can […]
Read MoreMore TagNew Migration Guide: Moving from lwIP to wolfIP
Do you use lwIP today and want a more deterministic networking stack for embedded, real-time, or safety-critical systems? We just published a new developer guide: **Migrating from lwIP to wolfIP**. wolfIP is designed around a simple idea: connected embedded systems should keep networking resources under control. Instead of relying on dynamic allocation and runtime growth, […]
Read MoreMore TagNew wolfSSL Crypto Callback Utilities: Set Key and Export Key
wolfSSL’s crypto callback framework lets you offload cryptographic operations to hardware. PR #9851 extends this framework with two new callback utilities, Set Key and Export Key, which provide a standardized way to move key material between wolfSSL and your hardware across AES, HMAC, RSA, and ECC. How It Works When a key is bound to […]
Read MoreMore Tag