RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 5.8.0 Released

We are excited to announce that wolfSSL version 5.8.0 is now available. This release brings several important new features and improvements. Below are the key new additions:

New Features

  • Implemented various fixes to support building for Open Watcom, including OS/2 support and Open Watcom 1.9 compatibility (PR 8505, 8484).
  • Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488).
  • Added support for STM32WBA (PR 8550).
  • Added Extended Master Secret Generation Callback to the –enable-pkcallbacks build (PR 8303).
  • Implemented AES-CTS (–enable-aescts) in wolfCrypt (PR 8594).
  • Added support for libimobiledevice commit 860ffb (PR 8373).
  • Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD (PR 8307).
  • Added blinding option when using a Curve25519 private key by defining the macro WOLFSSL_CURVE25519_BLINDING (PR 8392).

ML-DSA and Post-Quantum Cryptography Enhancements

In line with NIST’s latest documentation, wolfSSL has updated its Kyber implementation to ML-DSA (Multi-Lattice Digital Signature Algorithm), which is fully supported in this release. Additionally, the release includes updates to further optimize ML-DSA and LMS (Lattice-based Signature) schemes, reducing memory usage and improving performance.

Linux Kernel Module (linuxkm) Updates

wolfSSL 5.8.0 expands support for the Linux Kernel Module (linuxkm), with several important enhancements to improve kernel-level cryptographic integration. This includes extended LKCAPI registration support for rfc4106(gcm(aes)), ctr(aes), ofb(aes), ecb(aes), and the legacy one-shot AES-GCM backend. Compatibility improvements have been added for newer kernels (?6.8), and calls to scatterwalk_map() and scatterwalk_unmap() have been updated for Linux 6.15. The release also registers ECDSA, ECDH, and RSA algorithms with the kernel crypto API and introduces safeguards for key handling, including forced zeroing of shared secrets. These changes make it possible to use more wolfSSL functionality in the kernel space.

For a full list of fixes and optimizations check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Inc. SP800-140C, SP800-140D and Post-Quantum efforts update!

This is an update to previous post wolfSSL Inc. SP800-140C and Post-Quantum efforts update!

The National Institute of Standards and Technology (NIST) has recently updated its guidelines, enabling the certification of several post-quantum cryptographic algorithms through the Cryptographic Module Validation Program (CMVP). Notably, the digital signature algorithms ML-DSA (CRYSTALS-Dilithium), SLH-DSA, LMS, and XMSS are now fully certifiable under the updated SP800-140C standards. Similarly ML-KEM (CRYSTALS-Kyber) is fully certifiable under the updated SP800-140D standards!

In response to these developments, wolfSSL Inc. is proactively planning submissions to the CMVP for all except SLH-DSA. (If you would like to see SLH-DSA included please let us know sooner than later before we submit!)

wolfSSL Inc. has a strong track record in cryptographic module validation, having previously achieved FIPS 140-3 Certificate #4718 for its wolfCrypt Module, the world’s first SP 800-140Br1 validated certificate.

By staying ahead of regulatory changes and actively engaging in the certification process, wolfSSL continues to demonstrate its commitment to providing robust and compliant cryptographic solutions in the evolving landscape of post-quantum security.

As a reminder, be sure the January 1st, 2026 ESV soft transition does not catch you unprepared. The deadline for mandatory ESV validation across all FIPS modules is rapidly approaching. Leverage wolfSSL’s proven expertise to navigate this critical shift. Engage our staff now to architect a robust roadmap and guarantee a successful post-2026 FIPS compliance strategy!

We’d love to hear your feedback or input on this subject please do not hesitate to contact us at support@wolfSSL.com or fips@wolfSSL.com anytime!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfBoot Now Supports NXP’s New MCX A and MCX W Microcontrollers

wolfSSL is excited to announce that wolfBoot, our secure bootloader, now supports NXP’s MCX A and MCX W microcontroller families. This means developers can bring wolfBoot’s robust secure boot and firmware update capabilities to NXP’s latest low-power and wireless-enabled chips. The MCX A and MCX W series are NXP’s next-generation Arm Cortex-M33 based MCUs, designed for edge and IoT applications. Some topics we will explore today include:

  • Secure boot and firmware authentication
  • MCX A and MCX W series support in wolfBoot
  • TrustZone-M support: supervising security
  • Quantum-resistant cryptography
  • Hybrid Dual-signature authentication

The MCX A series delivers a cost-effective, small-footprint MCU solution with autonomous, low-power peripherals for a wide range of industrial and IoT uses?.

The MCX W series, on the other hand, builds on that foundation by adding integrated wireless connectivity – a unified, pin-compatible platform supporting standards like Matter, Thread, Zigbee, and Bluetooth LE.?

Notably, the MCX W devices also incorporate NXP’s EdgeLock secure enclave technology, providing a built-in hardware security core (a hardware root-of-trust) for key storage and cryptography.?

These new MCUs combine efficient performance, ultra-low power operation, and advanced security features, making them an ideal match for wolfBoot’s secure boot capabilities.

With wolfBoot now running on MCX A and MCX W devices, manufacturers and developers using these chips can ensure that only authenticated, trusted firmware runs on their hardware. wolfBoot performs cryptographic signature verification of firmware at boot time, preventing unauthorized or malicious code from taking control of the device. This addition expands wolfBoot’s platform support and underscores our commitment to securing even the most resource-constrained embedded systems.

Coming soon, WolfSSL will further integrate wolfBoot with the TrustZone-M and hardware security features of the MCX family. In practical terms, this upcoming enhancement will allow wolfBoot to act as the TrustZone-M secure supervisor on these microcontrollers – running in the isolated secure world while the main application runs in the non-secure domain. By leveraging TrustZone, wolfBoot can maintain control over critical security resources: for example, cryptographic keys and operations can be confined to the secure domain. wolfBoot uses this isolation to implement a kind of lightweight hypervisor, meaning applications in the non-secure domain can invoke cryptographic functions without ever directly accessing the secret keys?.

This architecture greatly enhances security – even if an application or network-exposed code is compromised, the attacker cannot extract or misuse the most sensitive assets. Additionally, wolfBoot will make use of the MCX hardware root-of-trust capabilities (such as the EdgeLock secure enclave on the MCX W series) to anchor the boot process in silicon. This hardware-based trust anchor will let wolfBoot verify firmware authenticity using keys stored in tamper-resistant memory and even interface with secure key management services?.

The result is an extremely robust secure boot chain that takes full advantage of the MCX series’ built-in security features.

Another key advantage of wolfBoot on NXP MCX is its forward-looking cryptography, which is increasingly important for longevity in IoT products. wolfBoot already supports several post-quantum cryptography (PQC) signature algorithms – the kinds of digital signatures designed to withstand attacks by quantum computers. This includes hash-based signature schemes like LMS (Leighton-Micali Signature) and XMSSML-DSA, the newly standardized module-lattice-based signature algorithm (derived from the CRYSTALS-Dilithium PQC scheme)?.

These algorithms are quantum-resistant, meaning that unlike RSA or ECC, they are not known to be breakable by quantum computing. This is a critical consideration for future-proofing devices: experts warn that a sufficiently powerful quantum computer could one day defeat classical cryptography by solving the mathematical problems underpinning RSA/ECC much faster than a classical computer?.

By adopting PQC signatures, wolfBoot ensures that devices can remain secure even in a post-quantum future where older algorithms might be vulnerable.

What’s more, wolfBoot supports a hybrid dual-signature approach to firmware authentication.

In hybrid mode, each firmware image can be signed with both a traditional algorithm (e.g. ECDSA or RSA) and a post-quantum algorithm (like LMS or Dilithium). wolfBoot will verify both signatures, and it only boots the new firmware if both cryptographic checks pass. This dual-signing strategy provides defense-in-depth during the transition to PQC. Even if one of the signature algorithms were to be compromised (for instance, a future quantum breakthrough against ECC, or an unforeseen weakness in a new PQC scheme), the second signature still stands as a guardrail. Hybrid signatures also help with adoption: they allow new devices to be compatible with existing classical cryptography infrastructure while gradually introducing PQC, offering a graceful migration path?. wolfBoot’s support for hybrid authentication means developers don’t have to choose between today’s standards and tomorrow’s security – they can have both, ensuring firmware updates are secure against both conventional and quantum threats.

By extending wolfBoot to the NXP MCX A and MCX W families, WolfSSL is empowering developers to build the next generation of connected devices with strong confidence in their boot security. These MCUs are built to drive innovation in smart home gadgets, industrial sensors, wearables, and more – and with wolfBoot, each of those devices can boot up safely, verify its software integrity, and even perform field updates securely with minimal overhead. The combination of NXP’s silicon (with its low-power efficiency, wireless connectivity, and built-in security) and wolfBoot’s advanced secure boot features (from TrustZone supervision to post-quantum signatures) offers a powerful platform for long-term, resilient IoT deployments. As support for TrustZone-M and hardware root-of-trust on MCX devices rolls out, wolfBoot will fully harness the security architecture of these chips – essentially acting as a guardian in the secure world that oversees and protects the entire system from reset to runtime. With optional post-quantum and hybrid signature verification, wolfBoot on MCX is not only securing today’s devices but also future-proofing them for the cryptographic challenges of the years ahead.

WolfSSL’s focus remains on providing easy-to-use, strong security solutions for embedded developers. If you are developing on NXP’s MCX microcontrollers or are interested in bolstering your device’s boot security (with features like TrustZone isolation or quantum-resistant crypto), now is a great time to explore wolfBoot. Feel free to reach out to us at facts@wolfSSL.com to learn more, get sample projects for MCX A/W, or discuss how wolfBoot can help secure your next project. We’re excited to see what innovations the community will build on these new NXP platforms – and even more excited that wolfBoot will be there to keep those devices secure from the moment they power on.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Partner Webinar: wolfSSL and Weston Embedded: Interoperability Partners in the IoT Space

Join us on May 1st at 10 AM PT for an insightful webinar, wolfSSL and Weston Embedded: Interoperability Partners in the IoT Space. Hear from wolfSSL Senior Software Developer Anthony Hu, Weston Embedded President and Co-Founder Janos Magasrevy, and Network Stack Lead and Co-Founder Yanko Sosa as they delve into the integration of secure and efficient MQTT communication within embedded systems, showcasing the collaboration between wolfSSL and Weston Embedded.

Register Now: wolfSSL and Weston Embedded: Interoperability Partners in the IoT Space
Date: May 1st | 10 AM PT

Unlock the power of Cs/NET, a commercial TCP/IP stack based on Micrium’s trusted technology. Its MQTT client module supports multiple broker connections for secure and scalable IoT communication.

Harness lightweight TLS with wolfSSL, built for embedded and RTOS environments. Pair it with wolfMQTT, a compact MQTT client supporting v3.1.1, v5.0, and MQTT-SN for secure, high-performance messaging.

What You’ll Learn:

  • Company Introduction: wolfSSL and Weston Embedded
  • Product Overview: wolfMQTT and Cs/NET
  • Build and Setup Demonstrations: Step-by-step guidance on configuring wolfMQTT and Cs/NET
  • Live Demo: Showcasing interoperability between wolfMQTT and Cs/NET
  • Interactive Q&A Session

Don’t miss this opportunity to gain valuable insights into secure MQTT integration for embedded systems.

Register now!

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or Call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: wolfHSM Design for Automotive Hardware Security Modules – Tailored for the Asia-Pacific Time Zone

Learn how wolfHSM enhances automotive security by providing powerful cryptographic protection and seamless hardware integration.

Register today: wolfHSM Design for Automotive Hardware Security Modules – Tailored for the Asia-Pacific Time Zone.
Date: April 30th | 7 PM PT / May 1st | 11 AM JST

wolfHSM is a versatile hardware security module (HSM) framework that secures cryptography, key management, and storage. Integrated with wolfBoot, it enhances firmware update security by offloading cryptographic tasks to the HSM. Compatible with hardware like the Infineon Aurix TriCore TC3XX, it supports post-quantum algorithms, SM ciphers, and FIPS 140-3 compliance—ensuring robust automotive security.

Join us for an exclusive webinar on automotive HSMs, where wolfSSL Software Engineer Bill Phipps will explore the crucial role of wolfHSM in safeguarding modern vehicles. Stay ahead in the fast-evolving field of automotive security by gaining insights into the integration, functionality, and advantages of wolfHSM in automotive applications.

What this webinar will cover:

  • Overview of wolfHSM: Key features and how it enhances automotive system security.
  • Cryptographic Capabilities: Support for post-quantum cryptography, SM ciphers, and FIPS 140-3 compliance.
  • Hardware Integration: Best practices for integrating wolfHSM with Infineon Aurix TriCore TC3XX and other automotive platforms.
  • Security for ECUs: How wolfHSM secures Electronic Control Units (ECUs) and other critical vehicle components.
  • Hands-On Demo: Live demonstration showcasing wolfHSM in action on automotive hardware.

Secure your spot today and gain practical insights on how wolfHSM can elevate your automotive security framework.

Register Now!

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

curl up 2025

Join us for curl up 2025: The Ultimate Event for curl Enthusiasts!

Mark your calendars! curl up 2025 is happening in Prague, Czech Republic, on May 3-4, 2025. This official annual developer conference for curl and libcurl brings together experts, contributors, and users from around the world. It’s the premier event for developers, engineers, and tech enthusiasts working with the curl project.

Date: May 3-4, 2025
Location: Pracovna, Vlkova 36, Praha 3 – Žižkov, 130 00, Czech Republic
Registration: Register here
Fee: Free of charge

curl up 2025 is a unique gathering that celebrates the curl community and its future. Expect insightful sessions on the current state and roadmap of the curl project, security best practices, and emerging technologies. Engage in collaborative discussions on the project’s growth, sustainability, and team expansion.

We’d love to hear from you! If there’s a topic you’re passionate about or a session you’d like to attend, let us know. Your input will help shape the agenda for curl up 2025.

Join us in supporting curl, a crucial open-source project. We are currently seeking sponsors for curl up 2025. Your sponsorship will directly contribute to a community dedicated to maintaining curl’s robustness, security, and continued free accessibility.

Mark your calendars for May 3-4, 2025, and stay tuned for registration details.

See you in Prague!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Command-Line Integration Testing for wolfProvider

With PR #95, wolfProvider now supports command-line integration tests for RSA, RSA-PSS, ECC, AES, and hash functions. This ensures interoperability with the OpenSSL default provider. These tests run important cryptographic operations to ensure that wolfProvider can generate keys, sign and verify messages, encrypt and decrypt data, and compute hashes with full cross-provider compatibility. This feature ensures that wolfProvider has continuous interoperability with OpenSSL in a diverse range of environments.

The test suite includes independent test scripts for RSA, RSA-PSS, ECC, AES, and hash operations, making sure that cryptographic operations are identical across providers. For example, an RSA signature created with OpenSSL’s provider can be successfully verified with wolfProvider and vice versa. Similarly, AES encryption tests make sure that ciphertexts from one provider can be decrypted by the other. With these new automated tests now part of CI workflows, users can rest assured that wolfProvider remains robust and fully interoperable with OpenSSL’s crypto ecosystem.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Joins the EdgeVerse Techcast: Secure Embedded Development with NXP

We’re excited to announce that wolfSSL is featured in the latest episode of NXP’s EdgeVerse Techcast!

Hosted by Kyle Dando and Bridgette Stone, this episode dives into how wolfSSL delivers lightweight, high-performance security tailored for embedded systems. Join David Garske and Zack Backman from wolfSSL as they walk through everything from TLS/DTLS integration with Zephyr to support for emerging standards like CNSA 2.0 and FIPS 140-3.

You’ll learn how developers can get started in minutes using wolfSSL’s examples on NXP’s Application Code Hub, explore advanced use cases like wolfSSH, wolfMQTT, and upcoming wolfTPM demos, and gain valuable insights into secure development practices for industries ranging from aerospace to finance.

Check out our App Code Hub examples.

Listen now to discover how wolfSSL and NXP are making embedded security faster, leaner, and more future-proof than ever.

Play wolfSSL Episode at:

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

meta-wolfssl Support for wolfTPM Examples

The latest update to meta-wolfssl introduces support for the wolfTPM wrap_test example, enhancing TPM functionality within the Yocto Project. PR #92, includes new recipes, such as wolftpm-wrap-test.bb and wolftpm_%.bbappend, allowing seamless integration and testing of wolfTPM in Yocto Linux environments.

With this update, users can now easily validate TPM-based security features using QEMU and the TPM 2.0 simulator within a Yocto Linux environment. For a full setup guide on configuring and running QEMU and the TPM 2.0 simulator, refer to the README. These instructions outline how to build and run wolfTPM within a simulated Yocto Linux environment. This update simplifies and provides a structured approach for testing TPM features within embedded Linux systems.

The latest meta-wolfssl update streamlines TPM-based security feature validation in embedded Linux systems. This improvement is achieved through enhanced support for the wolfTPM wrap_test, new recipes for seamless Yocto Linux integration, and a structured guide for using QEMU and the TPM 2.0 simulator.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Partner Webinar: Post-Quantum TLS 1.3 Over UART

Learn how to build an app for the STM32-U5 using TLS 1.3 over UART with a hybrid key exchange combining ECC and post-quantum ML-KEM!

The STM32U5 series features advanced power-saving, high-performance microcontrollers based on the Arm® Cortex®-M33, designed for demanding applications that require both performance and low power consumption. It provides greater integration and memory capabilities to maximize performance.

wolfSSL supports post-quantum cryptography solutions, including ML-KEM (Kyber) and ML-DSA (Dilithium). Migrating to post-quantum algorithms protects your data long-term (harvest now, decrypt later) and aligns with the CNSA 2.0 timeline, which requires post-quantum cryptography for software/firmware signing by 2025.

Register Today: Post-Quantum TLS 1.3 Over UART
Date: April 23rd | 9 AM PT

In this webinar, Anthony and Mena will guide you through installing wolfSSL via STM32CubeIDE, enabling post-quantum algorithms, and discuss the benefits and challenges of using ML-KEM for post-quantum security. Learn how to future-proof your security on the STM32U5 with post-quantum cryptography.

What You’ll Learn:

  • Install wolfSSL via the STM32CubeIDE
  • Configure and enable the post-quantum algorithms in wolfSSL
  • Understand the motivation behind enabling ML-KEM
  • Explore the benefits and challenges of ML-KEM integration

Register now to secure your spot

As always, our webinar will include Q&A throughout. If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Enhancing Linux Cryptography: Integrating wolfCrypt FIPS 140-3 via NSS and PKCS#11

In the rapidly changing landscape of cybersecurity, ensuring compliance with rigorous standards like FIPS 140-3 is essential for organizations in sensitive sectors such as government, finance, and healthcare. By integrating FIPS-certified cryptography into Mozilla’s Network Security Services (NSS) library through the PKCS#11 standard—an API for cryptographic operations—we are contributing to a broader goal of achieving FIPS 140-3 compliance across an entire Linux distribution.

Firefox employs the NSS library for its cryptographic functions. The NSS library utilizes the PKCS#11 standard—a widely adopted application programming interface (API) that enables secure cryptographic operations—to interact with its default cryptographic library, freebl.

The Role of FIPS Certification

FIPS certification ensures that cryptographic implementations meet rigorous security standards set by the National Institute of Standards and Technology (NIST). Achieving FIPS compliance is vital for organizations requiring high-security assurance, as it validates the integrity and reliability of cryptographic operations. wolfCrypt has attained FIPS 140-3 certification, making it a robust choice for environments where security cannot be compromised.

Integrating wolfCrypt into NSS

To integrate wolfCrypt into NSS, we substitute the default softokn-freebl library with wolfPKCS11. This enables NSS to utilize wolfCrypt’s FIPS-certified algorithms through the PKCS#11 interface, allowing applications to leverage secure cryptographic functions seamlessly and efficiently. By utilizing the PKCS#11 interface, we are able to provide a binary drop-in replacement without modifying anything outside of configuration files. You can follow our progress over at the nss feature branch in the wolfPKCS11 repository at github.

Benefits Beyond Firefox

This initiative is part of a larger effort to provide FIPS-certified cryptography across entire Linux distributions. Similar projects include integrating wolfCrypt with libraries such as libgcrypt and GnuTLS. These efforts aim to create a uniform cryptographic layer, reducing complexity and potential vulnerabilities associated with managing multiple cryptographic libraries.

For more information or to explore how your organization can benefit from integrating wolfCrypt FIPS, contact our team at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 198 199 200

Weekly updates

Archives