We’re pleased to announce improvements to wolfSSL’s Windows CE support through PR #8709, which addresses critical compatibility issues when building with Visual Studio 2008 for Windows CE 6.0 and 7.0 platforms. Download wolfSSL → Background Windows CE (Windows Embedded Compact) remains an important platform for many embedded and industrial applications, particularly in legacy systems requiring […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Vulnerability Disclosure: wolfSSL CVE-2025-7396
Affected Users: Users of wolfSSL builds that use the C implementation of Curve25519 for private key operations. This does not affect builds using assembly-optimized implementations (ARM or Intel), the small footprint Curve25519 build, or hardware offload implementations. Summary: A potential side-channel vulnerability was identified in the C implementation of Curve25519 private key operations in wolfSSL. […]
Read MoreMore TagPKCS#12 Support Enhancement: AES Encryption for Keys and Certificates
wolfSSL 5.8.2 has enhanced the wc_PKCS12_create() function to support modern AES encryption algorithms for PKCS#12 files. This update enables stronger security for protecting private keys and certificates. What Changed PKCS#12 files are commonly used to store cryptographic objects like private keys, certificates, and certificate chains. wolfSSL 5.8.2 supports modern AES encryptions for PKCS#12 instead of […]
Read MoreMore TagVulnerability Disclosure: wolfSSL CVE-2025-7394
Affected Users: Applications using wolfSSL’s OpenSSL compatibility layer before wolfSSL version 5.8.2 that call both RAND_bytes() and fork() operations. This does not affect internal TLS operations or applications that do not explicitly use RAND_bytes(). Summary: A vulnerability was discovered in wolfSSL’s OpenSSL compatibility layer where the RAND_poll() function was not behaving as expected, leading to […]
Read MoreMore TagVulnerability Disclosure: wolfSSL Fault Injection Attack on ECC and Ed25519 Verify Operations
Affected Users: Users performing ECC or Ed25519 signature verification operations on devices that may be susceptible to fault injection attacks, particularly in security-critical applications such as secure boot implementations. Summary: A potential vulnerability to fault injection attacks was identified in wolfSSL’s ECC and Ed25519 signature verification operations. Fault injection is a sophisticated physical attack technique […]
Read MoreMore TagVulnerability Disclosure: wolfSSL (CVE-2025-7395)
Affected Users: Anyone using wolfSSL on Apple platforms with versions after 5.6.4 and before 5.8.0, specifically when built with WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION enabled (default for non-macOS Apple targets when using autotools or CMake). Summary: When using system CA certificates and Apple native certificate validation on Apple platforms, the native trust store verification routine incorrectly overrides […]
Read MoreMore TagML-KEM hybrid TLS 1.3 Codepoint Backwards Compatibility
Here at wolfSSL, we have merged an important pull request addressing backward compatibility for post-quantum cryptography in TLS 1.3. This enhancement focuses on ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) codepoints, ensuring seamless interoperability between wolfSSL versions across the 5.8.0 release boundary. Prior to version 5.8.0, wolfSSL used specific codepoint identifiers for hybrid key exchange algorithms combining […]
Read MoreMore TagwolfSSL Ada Wrapper Now Available in Alire Package Manager
The wolfSSL team is pleased to announce that the Ada language wrapper for wolfSSL version 5.8.0 is now prepared for inclusion in the Alire package index. This update represents an important milestone in making wolfSSL’s industry-leading cryptographic library more accessible to the Ada programming community through their native package management ecosystem. For those unfamiliar with […]
Read MoreMore TagSecuring the Edge AI with wolfSSL on the STM32N6
The rise of Edge AI demands robust security solutions, and the STM32N6, with its integrated Neural Processing Unit, stands out as a powerful platform for these applications. When paired with wolfSSL’s comprehensive security offerings, the STM32N6 becomes an even more formidable solution for secure Edge AI deployments. The STM32N6 is the first STM32 MCU to […]
Read MoreMore TagDirect Entropy Injection in ML-KEM: Understanding MakeKeyWithRandom and DRBG Bypass
At Crypta Labs, we are interested in direct applications of quantum random number generators (QRNG). This interest led us to explore how we can use our QRNG entropy directly in cryptographic operations, without intermediate processing layers. As we transition to post-quantum cryptography (PQC), it’s important to understand the need for randomness in these new algorithms. […]
Read MoreMore Tag