Affected Users: Anyone using wolfSSL on Apple platforms with versions after 5.7.6 and before 5.8.2, specifically when built with WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION enabled (default for non-macOS Apple targets when using autotools or CMake). Summary: When using system CA certificates and Apple native certificate validation on Apple platforms, the native trust store verification routine incorrectly overrides […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
ML-KEM hybrid TLS 1.3 Codepoint Backwards Compatibility
Here at wolfSSL, we have merged an important pull request addressing backward compatibility for post-quantum cryptography in TLS 1.3. This enhancement focuses on ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) codepoints, ensuring seamless interoperability between wolfSSL versions across the 5.8.0 release boundary. Prior to version 5.8.0, wolfSSL used specific codepoint identifiers for hybrid key exchange algorithms combining […]
Read MoreMore TagwolfSSL Ada Wrapper Now Available in Alire Package Manager
The wolfSSL team is pleased to announce that the Ada language wrapper for wolfSSL version 5.8.0 is now prepared for inclusion in the Alire package index. This update represents an important milestone in making wolfSSL’s industry-leading cryptographic library more accessible to the Ada programming community through their native package management ecosystem. For those unfamiliar with […]
Read MoreMore TagSecuring the Edge AI with wolfSSL on the STM32N6
The rise of Edge AI demands robust security solutions, and the STM32N6, with its integrated Neural Processing Unit, stands out as a powerful platform for these applications. When paired with wolfSSL’s comprehensive security offerings, the STM32N6 becomes an even more formidable solution for secure Edge AI deployments. The STM32N6 is the first STM32 MCU to […]
Read MoreMore TagDirect Entropy Injection in ML-KEM: Understanding MakeKeyWithRandom and DRBG Bypass
At Crypta Labs, we are interested in direct applications of quantum random number generators (QRNG). This interest led us to explore how we can use our QRNG entropy directly in cryptographic operations, without intermediate processing layers. As we transition to post-quantum cryptography (PQC), it’s important to understand the need for randomness in these new algorithms. […]
Read MoreMore TagEnhancing wolfSSL’s Security with Fil-C: Finding Buffer Bugs Before They Bite
At wolfSSL, we’re constantly looking for ways to improve the security and reliability of our cryptographic library. Recently, we integrated the Fil-C compiler into our continuous integration (CI) pipeline, and it’s already paying dividends. Within the first runs, Fil-C caught a subtle but important buffer size validation bug that could have led to buffer overflows […]
Read MoreMore TagThe wolfCrypt Linux Kernel Module: FIPS Full Crypto Stack Replacement
For nearly 20 years, the wolfSSL library has set the benchmark for performant, full-featured cryptography and TLS transport on embedded targets. Since 2015, wolfSSL has been the premier FIPS-certified cryptography software module for the embedded space. Now, we bring that depth of experience to the Linux kernel. libwolfssl.ko implements the same comprehensive set of algorithms […]
Read MoreMore TagwolfSSL 5.8.4 Now Available
wolfSSL 5.8.4 introduces several updates, including the addition of a GPLv3 exceptions list. This allows specific GPLv3-licensed codebases linking against wolfSSL to continue using wolfSSL under GPLv2. Current GPLv3 Exceptions: MariaDB Server MariaDB Client Libraries OpenVPN-NL Fetchmail OpenVPN Security Fixes This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. […]
Read MoreMore TagPDF Signing Meets FIPS-Capable PKCS#11: pdfsig + wolfPKCS11 + NSS
We’re excited to announce that the widely-used PDF signature tool pdfsig can now be used with wolfPKCS11 and NSS! This integration allows you to digitally sign PDF documents using PKCS#11 keys using software tokens, HSMs, or secure elements, through the NSS framework. All powered by the FIPS-ready wolfCrypt engine. Why This Matters For many applications […]
Read MoreMore TagBenchmarking Memory Usage in wolfCrypt Bench: New Heap and Stack Tracking Support
During a recent industry expo, the wolfSSL team demonstrated the wolfCrypt benchmark and received frequent questions about memory usage, particularly for post-quantum algorithms. We happened to be working on a feature which would provide exactly what was being asked for at the time, and I’m happy to report that it is wolfSSL’s GitHub repository now […]
Read MoreMore Tag