Previous wolfSSL versions required X.963 KDF support and AES keywrap functionality to be enabled in order to build CMS/PKCS#7 decode support. Recent changes to wolfSSL have allowed CMS/PKCS#7 decode support to be built without either of these requirements. Previously, if the user desired to have the HAVE_PKCS7 build option defined, then the HAVE_X963_KDF and HAVE_AES_KEYWRAP […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
wolfCrypt MISRA improvements
Some recent pull requests have been merged to the wolfssl repository to allow wolfcrypt to avoid MISRA warnings for certain MISRA 2023 rules. For example, MISRA rule 3.1 disallows nested comment leaders (e.g. a “//” sequence within a “/* … */” comment block). These have been removed. Also, MISRA rule 8.2 requires function prototypes to […]
Read MoreMore TagUtilizing PSRAM for wolfSSL Heap Operations for the Espressif ESP32
The latest updates to the Espressif-specific integration of wolfSSL bring a significant enhancement for developers working on memory-constrained embedded systems: support for using PSRAM (pseudo-static RAM) during wolfSSL heap operations. This improvement not only unlocks larger memory capacity for cryptographic operations, but also lays the foundation for more stable and scalable TLS communication on ESP32 […]
Read MoreMore TagUpdated wolfSSL 5.8.2 for Espressif ESP-IDF Registry
We’re excited to announce that wolfSSL v5.8.2 is now officially released and available through The ESP Component Registry! wolfSSL is a lightweight, high-performance TLS/SSL library optimized for embedded systems. It is widely used in IoT, automotive, aerospace, and other resource-constrained environments. What’s New in v5.8.2: Security Enhancements: Multiple updates for improved cryptographic robustness and protocol […]
Read MoreMore TagCRL vs OCSP: Secure Certificate Revocation with wolfSSL
Ensuring your TLS certificates are still valid and haven’t been revoked is critical for secure communications. Two methods exist for this: Certificate Revocation Lists (CRLs) are signed lists published by Certificate Authorities that clients download and check offline. They contain serial numbers of revoked certificates and must be regularly updated and cached by clients to […]
Read MoreMore TagProtect TLS Secrets After the Handshake — Only with wolfSSL
Most TLS libraries leave your certificates and private keys sitting in RAM long after they’re used — a jackpot for attackers with memory access. wolfSSL is the only TLS library that gives you the power to erase them completely with the wolfSSL_UnloadCertsKeys API. This function doesn’t just free memory — it securely zeroes out every […]
Read MoreMore TagDeprecation Notice: TLS 1.3 Draft 18
The wolfSSL team is deprecating the following: WOLFSSL_TLS13_DRAFT preprocessor macro –enable-tls13-draft18 configure option These components were originally introduced during the TLS 1.3 standardization process to support interoperability with implementations based on Draft 18 of the TLS 1.3 specification. During the multi-year standardization process (2014-2018), multiple draft versions were published before the final RFC 8446 was […]
Read MoreMore TagDICE Boot Chain Via wolfCrypt’s Minimal Binary Footprint
Device Identifier Composition Engine (DICE) represents a fairly simple approach to hardware-based device identity and secure boot. DICE creates Cryptographic Device Identities (CDIs) through a blockchain-like verification process, where each boot stage measures the next component and derives unique Compound Device Identifiers using the following formula: CDI_n = HMAC(CDI_n-1, Hash(program)) CDI_0 = UDS The formulas […]
Read MoreMore TagOpenSSL Compatibility Layer Additions in wolfSSL 5.8.2
The wolfSSL’s repo pull request #8897 adds significant OpenSSL compatibility layer enhancements across four key areas: RSA operations, big number mathematics, X.509 certificate extensions, and private key serialization. RSA API Enhancements: The PR introduces comprehensive RSA-PSS (Probabilistic Signature Scheme) support with enhanced OpenSSL compatibility. Key additions include: wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen() for configuring salt lengths wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md() for setting […]
Read MoreMore TagwolfSSL’s Newest Offering for the Financial Vertical
Are you wondering what Microsoft’s roadmap for the IIS (Internet Information Services) webserver says about post-quantum cryptography? We’re not; read on to find out why. Not everyone in the financial industry is old enough to remember what it was like to be in the trenches during the Y2K (Year 2000) era, but those that were […]
Read MoreMore Tag