wolfSSL 5.9.2 has been released with a broad range of new features and enhancements around Post-Quantum Cryptography, crypto callback support, our Rust wrapper, and embedded hardware support. Similar to wolfSSL 5.9.1, a large number of CVEs are addressed in this release, along with general bug fixes. Additionally, there are some security hardening behavior changes we […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
wolfSSL vs MbedTLS – An apples-to-apples benchmark across Intel, ARM (Cortex-A and Cortex-M), and RISC-V targets.
Scope: the full wolfCrypt algorithm suite vs MbedTLS, measured the same way on four platforms (Intel x86_64, a Raspberry Pi 5 (ARMv8-A Cortex-A76), a bare-metal STM32H563 Cortex-M33, and a Microchip PolarFire SoC RISC-V U54), plus the post-quantum and extended-algorithm coverage MbedTLS does not have. wolfSSL v5.9.1, MbedTLS 3.6.6, June 2026. Method: identical sources built from […]
Read MoreMore TagMaintaining FIPS Validation: Shifting from BitLocker to VeraCrypt with wolfCrypt
In September of 2026, the Cryptographic Module Validation Program (CMVP) will move all remaining FIPS 140-2 certificates to the Historical List, including the modules powering Windows BitLocker. For organizations navigating FIPS, CMMC, and FedRAMP, this is an immediate critical stop, as NIST guidance states federal agencies “should not include” Historical-status modules in new procurements, and […]
Read MoreMore TagwolfKeyMgr: Decrypt Internal TLS 1.3 Traffic Without Breaking It
TLS 1.3 made per-session forward secrecy the default. That is a win for privacy on the open internet, but inside your own data center it leaves monitoring, compliance, and intrusion-detection tools blind to the traffic they are meant to watch. wolfKeyMgr is wolfSSL’s answer. What wolfKeyMgr Does wolfKeyMgr is a secure key management service […]
Read MoreMore TagWhy is wolfSSL reporting so many CVEs?
Why are we reporting so many CVEs? If you follow wolfSSL, you’ve probably noticed the number of CVEs we file per release has ramped up this spring 2026. From 5.8.0 (April 2025) to 5.9.1 (April 2026) we’ve experienced nearly geometric growth in reported CVEs per wolfSSL release. So what’s going on? Should users of wolfSSL […]
Read MoreMore TagwolfSSL vs OpenSSL: Heap Usage Comparison
When choosing a TLS library, two questions come up again and again: how much memory does it use and how fast is it. This post focuses on memory, comparing the heap usage of wolfSSL against several OpenSSL releases for an identical TLS 1.2 handshake. All numbers below were regenerated with current releases; wolfSSL 5.9.1 versus […]
Read MoreMore TagNative HTTP Message Signatures in curl, Powered by wolfSSL – Part 3
In Part 1, we argued agents need cryptographic request authenticity. In Part 2 we surveyed the ecosystem and the adjacent tools. This post is about what we’re contributing: native RFC 9421 support at the plumbing layer — curl and libcurl, with wolfCrypt providing the Ed25519 math. Two open PRs: curl — curl/curl#21239 — httpsig: add […]
Read MoreMore TagAnnouncing wolfssl-wolfcrypt Rust Crate v2.0.0
We are pleased to announce the release of wolfssl-wolfcrypt version 2.0.0, now available on crates.io. This major update introduces critical safety enhancements, expanded algorithm support, and architectural changes to improve reliability across different build configurations. Breaking Changes This release includes some breaking API changes necessitated by memory safety and soundness improvements: RNG Ownership: ECC::set_rng, RSA::set_rng, […]
Read MoreMore TagwolfCrypt Performance on the Altera Agilex 5
The Agilex Family and Agilex 5 The Altera Agilex portfolio represents a family of modern SoC FPGAs designed to address the scaling and power efficiency requirements of edge, data center, and communication infrastructures. Built on advanced process technologies, the family unifies programmable logic with hardened processor subsystems, high-bandwidth memory interfaces, and specialized digital signal processing […]
Read MoreMore TagNXP S32K3 Hardware Security Engine (HSE) support using wolfSSL
wolfSSL now supports hardware-accelerated cryptography on the NXP S32K3 family using the on-chip Hardware Security Engine (HSE). The HSE is a secure coprocessor integrated into NXP’s automotive S32K3 microcontrollers. The Hardware Security Engine (HSE) The HSE runs its own firmware on a dedicated core and communicates with the application core over a Messaging Unit (MU). […]
Read MoreMore Tag
