Affected Users: Applications using wolfSSL’s OpenSSL compatibility layer before wolfSSL version 5.8.2 that call both RAND_bytes() and fork() operations. This does not affect internal TLS operations or applications that do not explicitly use RAND_bytes(). Summary: A vulnerability was discovered in wolfSSL’s OpenSSL compatibility layer where the RAND_poll() function was not behaving as expected, leading to […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Vulnerability Disclosure: wolfSSL Fault Injection Attack on ECC and Ed25519 Verify Operations
Affected Users: Users performing ECC or Ed25519 signature verification operations on devices that may be susceptible to fault injection attacks, particularly in security-critical applications such as secure boot implementations. Summary: A potential vulnerability to fault injection attacks was identified in wolfSSL’s ECC and Ed25519 signature verification operations. Fault injection is a sophisticated physical attack technique […]
Read MoreMore TagVulnerability Disclosure: wolfSSL (CVE-2025-7395)
Affected Users: Anyone using wolfSSL on Apple platforms with versions after 5.6.4 and before 5.8.0, specifically when built with WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION enabled (default for non-macOS Apple targets when using autotools or CMake). Summary: When using system CA certificates and Apple native certificate validation on Apple platforms, the native trust store verification routine incorrectly overrides […]
Read MoreMore TagML-KEM hybrid TLS 1.3 Codepoint Backwards Compatibility
Here at wolfSSL, we have merged an important pull request addressing backward compatibility for post-quantum cryptography in TLS 1.3. This enhancement focuses on ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) codepoints, ensuring seamless interoperability between wolfSSL versions across the 5.8.0 release boundary. Prior to version 5.8.0, wolfSSL used specific codepoint identifiers for hybrid key exchange algorithms combining […]
Read MoreMore TagwolfSSL Ada Wrapper Now Available in Alire Package Manager
The wolfSSL team is pleased to announce that the Ada language wrapper for wolfSSL version 5.8.0 is now prepared for inclusion in the Alire package index. This update represents an important milestone in making wolfSSL’s industry-leading cryptographic library more accessible to the Ada programming community through their native package management ecosystem. For those unfamiliar with […]
Read MoreMore TagSecuring the Edge AI with wolfSSL on the STM32N6
The rise of Edge AI demands robust security solutions, and the STM32N6, with its integrated Neural Processing Unit, stands out as a powerful platform for these applications. When paired with wolfSSL’s comprehensive security offerings, the STM32N6 becomes an even more formidable solution for secure Edge AI deployments. The STM32N6 is the first STM32 MCU to […]
Read MoreMore TagDirect Entropy Injection in ML-KEM: Understanding MakeKeyWithRandom and DRBG Bypass
At Crypta Labs, we are interested in direct applications of quantum random number generators (QRNG). This interest led us to explore how we can use our QRNG entropy directly in cryptographic operations, without intermediate processing layers. As we transition to post-quantum cryptography (PQC), it’s important to understand the need for randomness in these new algorithms. […]
Read MoreMore TagEnhancing wolfSSL’s Security with Fil-C: Finding Buffer Bugs Before They Bite
At wolfSSL, we’re constantly looking for ways to improve the security and reliability of our cryptographic library. Recently, we integrated the Fil-C compiler into our continuous integration (CI) pipeline, and it’s already paying dividends. Within the first runs, Fil-C caught a subtle but important buffer size validation bug that could have led to buffer overflows […]
Read MoreMore TagThe wolfCrypt Linux Kernel Module: FIPS Full Crypto Stack Replacement
For nearly 20 years, the wolfSSL library has set the benchmark for performant, full-featured cryptography and TLS transport on embedded targets. Since 2015, wolfSSL has been the premier FIPS-certified cryptography software module for the embedded space. Now, we bring that depth of experience to the Linux kernel. libwolfssl.ko implements the same comprehensive set of algorithms […]
Read MoreMore TagwolfSSL 5.8.4 Now Available
wolfSSL 5.8.4 introduces several updates, including the addition of a GPLv3 exceptions list. This allows specific GPLv3-licensed codebases linking against wolfSSL to continue using wolfSSL under GPLv2. Current GPLv3 Exceptions: MariaDB Server MariaDB Client Libraries OpenVPN-NL Fetchmail OpenVPN Security Fixes This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. […]
Read MoreMore Tag