Why wolfIP
Traditional TCP/IP stacks often bring in dynamic allocation, background processing, and broader feature sets than many embedded endpoints actually need. That flexibility can be useful in general-purpose systems, but it also makes worst-case timing, memory usage, and verification harder to bound. wolfIP takes a different approach. It is designed as a tiny, deterministic stack with compile-time configured resources, a fixed socket count, static RX/TX packet buffers, and no hidden runtime allocation. That makes it a strong fit for constrained devices, controlled deployments, and projects with demanding review, testing, or certification workflows.

What is included in 1.0.0
The 1.0.0 release delivers a solid IPv4 networking foundation for embedded endpoints. Core support includes Ethernet II, ARP, IPv4, ICMP, UDP, TCP, DHCP client, and DNS client, along with modern TCP capabilities such as MSS, timestamps, PAWS, window scaling, retransmission timeout handling, SACK, slow start, congestion avoidance, and fast retransmit. wolfIP 1.0.0 also includes HTTP/HTTPS server support, IPsec ESP transport mode, IP filtering with wolfSentry integration, native wolfGuard support, and optional IPv4 forwarding for multi-interface builds.

That combination is important because it gives developers more than just a packet pipe. wolfIP 1.0 starts with the network services many connected devices actually need, then adds security-focused integration points across the wolfSSL ecosystem. Developers can combine wolfIP with wolfSSL for TLS 1.3-protected applications, wolfSentry for filtering and policy enforcement, and wolfGuard where a tightly integrated secure tunnel model is needed. For teams building secure connected products, that means a more cohesive networking and security story from a single vendor and codebase family.

Small footprint, practical deployment model
wolfIP is positioned as a small embedded-first stack, and the official product material describes the core as roughly 4× smaller than lwIP’s core. Just as important, wolfIP’s architecture is intentionally narrow and easier to analyze: deterministic memory usage by default, fixed compile-time resources, and an endpoint-focused design rather than a broad general-purpose routing stack. For organizations thinking about code review effort, qualification scope, or long-term maintenance, reducing moving parts matters.

From POSIX testing to embedded targets
One of the most useful aspects of wolfIP 1.0 is its portability across development and deployment environments. The release includes integration layers for wolfSSL, wolfSSH, wolfMQTT, a POSIX LD_PRELOAD socket interception path via libwolfip.so, and a FreeRTOS BSD socket wrapper. The repo also documents host-side testing through TAP-style interfaces and lists host link driver support for Linux TAP/TUN, Darwin utun, FreeBSD TAP, and VDE2, alongside embedded ports for targets including STM32H753ZI, STM32H563, STM32N6, VA416xx, and Raspberry Pi Pico USB networking demos. That is a practical release story: developers can exercise the stack on desktop-class environments, then carry the same architecture into embedded deployment.

Built to Work Naturally with wolfSSL
wolfIP is especially compelling when paired with the rest of the wolfSSL portfolio. The product page highlights seamless TLS 1.3 integration with wolfSSL, and the repository documents HTTPS server support with wolfSSL TLS backing. For engineering teams that already trust wolfSSL in embedded and RTOS environments, wolfIP extends that same design philosophy down into the transport layer: compact code, explicit resource control, and predictable behavior. Instead of stitching together unrelated networking and crypto components, developers can build on a tightly aligned stack designed for constrained and security-conscious systems.

Available Now
wolfIP 1.0.0 is available now under the GPLv3 open source license. If you are building connected embedded devices and need a TCP/IP stack with bounded memory usage, deterministic behavior, and straightforward integration with wolfSSL security products, wolfIP is well worth a look. Download the latest release, review the changelog, and contact us to discuss commercial licensing, support, or how wolfIP fits into your next embedded networking design.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Lightweight MQTT Broker
The centerpiece of wolfMQTT v2.0.0 is a fully featured, production-ready MQTT broker built right into the library. Designed with the same embedded-first philosophy that drives all wolfSSL products, the broker delivers a rich feature set while maintaining a small footprint suitable for resource-constrained environments.

Broker Highlights

• Full MQTT v3.1.1 and v5 Protocol Support — The broker handles both protocol versions, ensuring compatibility with a wide range of MQTT clients and devices.

• Retained Messages — The broker stores retained messages and automatically delivers them to new subscribers matching the topic filter. Message expiry intervals (MQTT v5) are supported, and retained messages can be cleared by publishing an empty payload with the retain flag set.

• Session Persistence — When clients connect with clean_session=0, subscriptions are preserved across disconnections. Reconnecting clients with the same client ID will have their previous subscriptions restored automatically.

• QoS 0, 1, and 2 — Full quality-of-service support with proper packet ID management, effective QoS calculation (minimum of publish QoS and subscription QoS), and complete PUBREC/PUBREL/PUBCOMP handling for QoS 2 flows.

• Last Will and Testament (LWT) — Clients can register will messages that are published automatically upon unexpected disconnection. The broker supports will delay intervals (MQTT v5) and will retain flags.

• Wildcard Topic Matching — Full support for MQTT single-level (+) and multi-level (#) wildcard subscriptions, with proper handling of $-prefixed system topics per the MQTT specification.

• Authentication — Username/password authentication with constant-time string comparison to prevent timing attacks. Credentials are securely wiped from memory using wc_ForceZero().

TLS and Dual-Port Listening
The broker supports simultaneous plain-text and TLS-encrypted listeners on separate ports (default 1883 and 8883). TLS configuration includes support for TLS 1.2 and 1.3, server certificates, and mutual TLS authentication with client certificate verification. A TLS-only mode is also available for environments that require encrypted connections exclusively.

WebSocket Transport
wolfMQTT v2.0.0 adds WebSocket transport support to the broker, enabling browser-based and web clients to connect using MQTT over WebSockets. This opens up new use cases for real-time dashboards, web-based device management, and hybrid IoT architectures.

wolfIP Integration
For deeply embedded systems, the broker integrates with wolfIP, wolfSSL’s lightweight embedded TCP/IP stack. This combination allows wolfMQTT to run on bare-metal systems without a full operating system or third-party networking stack. The broker provides a cooperative MqttBroker_Step() API for single-iteration execution, making it ideal for super-loop and RTOS-based embedded architectures.

Designed for Embedded Systems
The broker was built with embedded constraints in mind:

• Static Memory Mode — Pre-allocated arrays eliminate the need for dynamic memory allocation, with configurable limits for clients, subscriptions, retained messages, and buffer sizes.

• Dynamic Allocation Mode — For systems with more resources, dynamic allocation provides flexible sizing.

• Pluggable Network Backend — A callback-based network abstraction supports POSIX sockets, wolfIP, and custom implementations.

• Two Execution Models — Choose between a blocking MqttBroker_Run() main loop or a non-blocking MqttBroker_Step() for cooperative multitasking.

Easy to Configure
The broker includes a command-line interface for quick setup:

-p       Plain port (default: 1883)
-s       TLS port (default: 8883)
-t             Enable TLS support
-V        TLS version (12 or 13)
-c       Server certificate (PEM)
-K       Server private key (PEM)
-A       CA certificate for mutual TLS
-u       Username for authentication
-P       Password for authentication
-w       WebSocket listen port
-v      Log level: 1=error, 2=info, 3=debug

Build-time configuration is equally flexible, with granular feature toggles:

--enable-broker                    # Enable broker
--disable-broker-retained          # Disable retained messages
--disable-broker-will              # Disable LWT support
--disable-broker-wildcards         # Disable wildcard subscriptions
--disable-broker-auth              # Disable authentication
--disable-broker-insecure          # Disable plain-text listener

Security Hardening
This release includes significant security improvements across the entire library:

• Added overflow checks in network and socket IO

• Added validation checks for negative return values in decode functions

• Added encoding error checks throughout the packet processing pipeline

• Added remaining length validation

• Static analysis fixes across MQTT and MQTT-SN code paths

• Added a debug warning when using VERIFY_NONE for TLS

• Race condition fix in wm_SemLock

• Fuzzing Infrastructure

wolfMQTT v2.0.0 introduces a libFuzzer-based fuzzing infrastructure for the broker, enabling automated discovery of edge cases and potential security issues. This infrastructure was used during development to identify and fix multiple issues before release.

Additional Improvements

• wolfIP Client Support — In addition to the broker, wolfIP support has been added for the MQTT client, enabling client connections on bare-metal embedded systems.

• lastError Field — A new lastError field in the network context preserves TLS error codes for improved diagnostics.

• Bug Fixes — Numerous fixes for MQTT-SN encode/decode, wildcard matching, LWT handling, curl transport, and more.

• CI Enhancements — New CI workflows for codespell, multi-compiler testing, and sanitizer tests, plus expanded broker edge case testing.

About wolfMQTT
The wolfMQTT library is a client and broker implementation of the MQTT protocol, written in C and optimized for embedded and RTOS environments. It supports MQTT v3.1.1 and v5, MQTT Sensor Network (MQTT-SN), TLS encryption via wolfSSL, QoS levels 0–2, and a wide range of platforms including FreeRTOS, ThreadX/NetX, Zephyr, ChibiOS, MQX/RTCS, Harmony, and more.\

Download
wolfMQTT v2.0.0 is available now:
GitHub — Show us some love and give the wolfMQTT project a Star!
wolfSSL Downloads

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Security Fixes
wolfSSL 5.9.0 includes fixes for 15 security vulnerabilities spanning a range of severity levels, covering areas including CRL parsing, TLS 1.3 ECH extension handling, ALPN parsing, PKCS7 encoding, the packet sniffer, and side channel hardening of post-quantum implementations on ARM Cortex-M. We would like to thank all external researchers who responsibly disclosed issues to us. For full details on each vulnerability please visit the wolfSSL Security Vulnerabilities page.

Post-Quantum Cryptography: SLH-DSA and More
Post-quantum cryptography continues to be a major area of focus in the security industry. In this release there is an addition of SLH-DSA (FIPS 205) — the Stateless Hash-Based Digital Signature Standard — rounding out wolfSSL’s coverage of all three NIST post-quantum digital signature standards alongside ML-DSA and FALCON.

SLH-DSA is a stateless, hash-based signature scheme that provides strong security guarantees without relying on the hardness of lattice problems. It offers an alternative signature foundation for deployments that want to diversify their post-quantum strategy beyond lattice-based approaches. With this addition wolfSSL now supports the full NIST PQC signature portfolio: ML-DSA (FIPS 204), FALCON, and SLH-DSA (FIPS 205), as well as the stateful hash-based schemes LMS/HSS and XMSS/XMSS^MT for specialized use cases.

Beyond SLH-DSA, this release also brings a range of improvements across the existing PQC stack:

• ML-DSA improvements — Several bug fixes including a fix for ML-DSA verification when using WOLFSSL_DILITHIUM_SMALL, improved no-malloc build support, and PKCS#11 integration for ML-DSA key operations.

• ML-KEM improvements — Bug fixes and hardening across no-malloc builds, static memory handling, DTLS 1.3 cookie and ClientHello fragment handling, and expanded hybrid/individual ML-KEM level test coverage.

• Fault injection hardening for PQC on Cortex-M — New protection for ML-KEM and ML-DSA implementations on ARM Cortex-M, specifically guarding against fault injection attacks targeting Keccak-based seed expansion.

• General WOLFSSL_NO_MALLOC PQC support — Broader no-malloc improvements make PQC algorithms more accessible in deeply embedded environments.

• SLH-DSA and FALCON key-type detection fixes — Corrected the key variant identification logic in both the SLH-DSA (SPHINCS+) and FALCON signature algorithm implementations.

New Features

• OCSP Responder API — wolfSSL can now act as an OCSP responder. A new API and supporting infrastructure have been added to serve certificate status responses, enabling wolfSSL to be used in PKI infrastructure roles beyond the TLS client and server. (PR 9761)

• AES CryptoCB Key Import — Added AES key import support via the crypto callback interface, making it easier to use externally managed AES keys through wolfSSL’s callback framework. (PR 9658)

• RNG Bank Facility — New wc_rng_new_bankref() API allows multiple wolfCrypt contexts to share a seeded RNG pool, reducing the overhead of repeated seeding at runtime — particularly useful in resource-constrained embedded systems. (PR 9616)

Rust Wrapper Expansion
The wolfSSL Rust wrapper received significant expansion in this release, gaining FIPS support and coverage for a large number of new cryptographic primitives. New modules were added for Dilithium/ML-DSA, ChaCha20-Poly1305, Curve25519, BLAKE2, LMS, and ML-KEM. Improvements were also made for RSA, ECC, HASH-DRBG, HMAC-BLAKE2, and XChaCha20-Poly1305, along with support for optional heap and device ID parameters and conditional compilation based on underlying C build options.

TLS/DTLS Improvements
TLS 1.3 now supports Brainpool curves for key exchange (PR 9701). DTLS retransmission handling has been improved and TLS message order checking has been hardened on both client and server sides. The MAC and hash comparisons in the TLS 1.3 and TLS 1.2 Finished messages were also strengthened. Additional improvements include an extended AIA (Authority Information Access) interface, better ECH (Encrypted Client Hello) handling, and a range of smaller robustness fixes across fragmentation, session ticket lifetime validation, and QUIC transport parameter handling.

Kernel Module Updates
The Linux kernel module received various fixes and enhancements for Tegra kernels, including support for offline FIPS hash calculation. The FreeBSD kernel module gained both FIPS support and x86 hardware crypto acceleration in this release, broadening wolfCrypt’s kernel-mode footprint across operating environments.

Ports and Hardware Integration
New platform support in 5.9.0 includes the Renesas SK-S7G2 board, STM32 HMAC hardware acceleration, and STM32G0 hardware crypto. Various Thumb2 AES and SP assembly optimizations were added or fixed, and Zephyr 4.1+ compatibility was added for the wolfssl_tls_sock sample application.

PKCS Improvements
This release adds PKCS7 ECC raw sign callback support, RSA-PSS support for SignedData, and RSA-PSS certificate support for PKCS7 EnvelopedData KTRI. Several PKCS7 parsing fixes were also included, along with expanded ML-DSA support via PKCS#11.

Testing and CI Improvements
Test coverage was expanded with a particular focus on PQC and CMake builds. The CI test matrix grew to include rng-tools 6.17, openldap 2.6.9, and bind 9.20.11. A new TLS Anvil interoperability test workflow was added, and a stateful port-tracking mechanism was implemented to eliminate test port collisions during high-concurrency CI runs.

For a full list of fixes and optimizations, check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have any questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfCrypt JNI/JCE allows for use of the native wolfCrypt cryptography library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfCrypt, or the JCE provider (wolfJCE) can be registered as a Java Security provider for integration underneath the Java Cryptography API. wolfCrypt JNI/JCE can also support running on top of the wolfCrypt FIPS 140-3 validated cryptography module.

Highlights from this release are below. See ChangeLog.md for a full list.

New JCE Functionality:
This release adds support for several cryptographic primitives and classes:

• Add KeyGenerator implementation (AES, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512) (PR 98)

• Add SHA-224 support to MessageDigest, Mac, Signature, KeyGenerator (PR 104)

• Add SHA-3 support to MessageDigest, Mac, Signature (PR 103)

• Add utility method to convert JKS/PKCS12 KeyStore to WKS type (PR 108)

• Add more AES mode support to Cipher class (PR 129, 163, 173):
  

  • AES/CCM/NoPadding

  • AES/CTR/NoPadding

  • AES/ECB/NoPadding

  • AES/ECB/PKCS5Padding

  • AES/OFB/NoPadding

  • AES/CTS/NoPadding

• Add AESCMAC (AES-CMAC), AESGMAC (AES-GMAC) to Mac class (PR 129)

• Add RSA-PSS support to Signature class (PR 131):
  

  • RSASSA-PSS

  • SHA224withRSA/PSS

  • SHA256withRSA/PSS

  • SHA384withRSA/PSS

  • SHA512withRSA/PSS

• Add Cipher.engineGetParameters() support (PR 140)

• Add Cipher generic “AES” type support (PR 142)

• Add AES and GCM support to AlgorithmParameters class (PR 144)

• Add HmacSHA3 support to KeyGenerator class (PR 150):
  

  • HmacSHA3-224

  • HmacSHA3-256

  • HmacSHA3-384

  • HmacSHA3-512

• Add toString() to WolfCryptRandom, used when printing SecureRandom object (PR 154)

• Add additional ECC algorithm OIDs to Signature and KeyPairGenerator classes (PR 158)

• Add EC KeyFactory support (PR 159)

• Add P1363 ECDSA signature formats to Signature class (PR 160)

• Add DH support to AlgorithmParameter, AlgorithmParameterGenerator, and KeyFactory classes (PR 161)

• Add AES and 3DES support to SecretKeyFactory and SecretKey classes (PR 164)

• Add additional AES and Hmac algorithm aliases to Cipher and Mac classes (PR 166)

• Add Java ServiceLoader support for wolfJCE provider for Java Module System (JPMS) compatibility (PR 167)

• Add RSA KeyFactory support (PR 169)

• Add MessageDigest OID alias values for SHA-224/256/384/512 (PR 170)

• Add PSS parameter encoding support in WolfCryptPSSParameters class (PR 175)

• Add engineProbe() implementation to WolfSSLKeyStore (PR 178)

• Add optional KEK caching to WolfSSLKeyStore for performance (PR 176)

• Add RSASSA-PSS key support to WolfSSLKeyStore (PR 180)

Stability and Logic Improvements
Beyond new features, version 1.9.0 includes fixes and improvements related to dynamic JNI value retrieval, build issues with older wolfSSL and wolfCrypt FIPS 140-2/140-3 packages, exception handling, PKCS#7 pad/unpad, AES-GCM edge cases, input validation, default value sizes, synchronization, and more!

Modernized Debugging & Testing
To make integration easier for developers with fewer dependencies, version 1.9.0 switches to using the standard Java Logging (java.util.logging) framework for debug logs and uses the Java Instant.ofEpochMilli() for timestamps instead of java.sql.Timestamp.

Improved Testing and CI Coverage
CI coverage has been expanded to include the following additional pull request tests. JUnit test output has also been modified to include the time taken per test.

• AddressSanitizer (-fsanitize=address)

• Clang scan-build static analysis

• Visual Studio Windows builds

• Android emulator unit test runs

• Builds against the last 5 stable wolfSSL versions for backwards compatibility testing

wolfCrypt JNI/JCE 1.9.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL JNI/JSSE allows for use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptographic module.

Highlights from this release are below. See ChangeLog.md for a full list.

Java System and Security Property Support:
This release improves alignment with Java JSSE behavior and improves drop-in compatibility for applications migrating from other JSSE providers.

• New wolfjsse.autoSNI security property for controlling automatic SNI behavior with automatic SNI configuration for HttpsURLConnection

• Partial support for jdk.tls.client.SignatureSchemes and jdk.tls.server.SignatureSchemes

• Java Module System (JPMS) compatibility via ServiceLoader support

• Added X509Certificate getSubjectX500Principal() and getIssuerX500Principal() implementations

• Added Android non-standard checkServerTrusted() in X509TrustManager

DTLS 1.3 and Session Enhancements
This release adds DTLS 1.3 support in SSLContext and SSLEngine classes, along with:

• DTLS Connection ID (CID) support

• New DTLS 1.3 example client and server applications

• Session serialization and persistence support via wrapped native APIs

These enhancements enable secure datagram-based applications with session resumption.

Performance Improvements
Several changes focus on reducing overhead in high-throughput and highly concurrent environments:

• 20–30% SSLEngine send/receive performance improvement

• Reduced synchronization and contention in JSSE components

• Cached system and security properties to avoid repeated lookups

• ByteBuffer pooling and improved ByteBuffer handling in JNI paths

• Cached KeyStore entries for improved scalability under load

Correctness, Stability, and Security Fixes

• Fixes for potential use-after-free conditions and memory leaks

• Improved protection of native WOLFSSL sessions during concurrent I/O

• Correct certificate chain ordering and improved handling of cross-signed certificates

• Enhanced SNI handling for session resumption and server-side matching

• Improved ALPN handling, including non-ASCII protocol names

• Expanded X.509 API coverage, including Extended Key Usage and X500 principals

• Added support for honoring client cipher suite preference ordering

• Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni

Improved Debugging, Testing, and CI Coverage
Debug logging now uses Java’s standard logging framework (java.util.logging) with improved timestamps. CI coverage has also been expanded to include GitHub Actions for:

• AddressSanitizer (-fsanitize=address)

• Clang scan-build static analysis

• Windows (Visual Studio) builds

• Android emulator unit tests

• ARM (--enable-armasm) builds

• Compatibility testing against the last five stable wolfSSL releases

wolfSSL JNI/JSSE 1.16.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

There is also a critical vulnerability; please refer to CVE-2025-14942. The handshaking state machine can be manipulated to leak the user’s password in the clear or to release a bogus signature. Also, user authentication may be bypassed. This has been fixed with improved message checking. There are no known specific attacks, but it is recommended to upgrade.

There is also a medium vulnerability; please refer to CVE-2025-15382. When cleaning up a file path in SCP and with SFTP, there is the potential for the code to read off the end of the file path by one byte.

Please see the attached change log for more information.

Vulnerabilities

• [Critical] CVE-2025-14942. wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report. (PR 855)

• [Medium] CVE-2025-15382. The function used to clean up a path string may read one byte off the end of the bounds of the string. The function is used by the SCP handling in wolfSSH. This affects server applications with wolfSSH versions 1.4.12 through 1.4.21, inclusive. Thanks to Luigino Camastra from Aisle Research for the report. (PR 859)

New Features

• Added a complete SFTP client example for the Renesas RX72N platform. (PR 847)

• Enabled TSIP support and provided cleaned-up configuration headers for the RX72N example. (PR 847)

• Added FIPS-enabled build configurations to the Visual Studio project files. (PR 851)

• Added documentation describing how to build and use the new FIPS Visual Studio configurations. (PR 851)

• Introduced regression tests covering SSH agent signing, including error paths and successful operation. (PR 856)

• Added regression tests that explicitly exercise WANT_READ / WANT_WRITE paths to guard against deadlocks. (PR 856)

Improvements

• Refactored SSH string parsing by unifying GetString() and GetStringAlloc() around GetStringRef(), simplifying maintenance and reducing duplication. (PR 857)

• Enhanced SSH message-order validation by introducing explicit expected-message tracking and clearer message ID range macros. (PR 855)

• Improved server-side out-of-order message checking to align behavior with the stricter client implementation. (PR 855)

• Improved worker thread behavior under window backpressure by prioritizing receive handling, preventing stalls with small-window SFTP clients. (PR 856)

• Hardened SSH agent handling logic by validating response types, tracking message IDs, and enforcing strict buffer size limits. (PR 845)

• Improved SCP path handling by canonicalizing client-supplied base paths before filesystem access. (PR 845)

• Improved portability by replacing non-standard includes with standard . (PR 852)

• Reduced logging overhead by defining WLOG as a no-op when debugging is disabled. (PR 839)

• Updated documentation to better reflect current features, examples, and build options. (PR 851)

Fixes

• Fix off-by-1 read error when cleaning the file path for SCP. (PR 859)

• Fixed incorrect handling of zero-length SSH strings in packet parsing. (PR 857)

• Fixed a worker-thread deadlock caused by blocked sends preventing window-adjust processing. (PR 856)

• Fixed a double-free crash and eliminated a socket-close spin loop under error conditions. (PR 855)

• Fixed uninitialized authentication data that could lead to undefined behavior during authentication. (PR 854)

• Fixed SFTP connection interoperability issues discovered through cross-implementation testing. SFTP fix for init to handle channel data which resolves a potential interoperability SFTP connection issue. (PR 846)

• Fixed SCP receive handling to reject traversal filenames containing path separators or “dot” components. (PR 845)

• Fixed missing declaration of wc_SSH_KDF that caused build failures under strict compiler warnings. (PR 848)

• Fixed SSH agent test setup so regression tests exercise the intended code paths. (PR 845)

• Excluded a standalone regression test from Zephyr builds where it was incompatible with the Zephyr test model. (PR 855)

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

• Expanding hardware coverage to radiation-hardened platforms

• Unifying and hardening TrustZone-M and dual-bank update flows

• Making update state tracking and integration easier with filesystem and MTD-backed helpers

As always, the full changelog is available in the wolfBoot repository and on the github v2.7.0 release page.
_________________________________________________________________________________________________________

New Platform Support

Vorago VA416x0: Secure Boot in Radiation-Hardened Systems
See also our recent blog post about it

wolfBoot 2.7.0 adds full support for Vorago’s VA416x0 series (VA41620 / VA41630), bringing our secure boot and firmware update flow to radiation-hardened Cortex-M4 microcontrollers.

The new port includes:

• A dedicated HAL implementation (hal/va416x0.c) integrated with the Vorago SDK

• Example configuration (config/examples/vorago_va416x0.config) with ECC384/SHA384 as the default signing and hashing combination

• Test application and factory image helpers that build wolfBoot, the test firmware, sign it, and assemble a flashable image for VA416x0 boards

On these devices, wolfBoot leverages the external SPI FRAM configuration and the board’s radiation-tolerant design to provide a robust secure boot chain for space and high-reliability applications, where authenticated updates and rollback-safe behavior are essential.

Nordic nRF5340 with TrustZone-M

Support for the Nordic nRF5340 dual-core SoC was introduced in earlier wolfBoot releases; version 2.7.0 extends this further with a dedicated TrustZone build and configuration for the application core.

Highlights include:

• TrustZone-aware build options for the nRF5340 application core (Cortex-M33 with TrustZone)

• Improved configuration for pairing secure and non-secure firmware images in a wolfBoot managed update flow

Combined with wolfBoot’s existing support for ML-DSA, LMS/XMSS, and hybrid authentication, this makes the nRF5340 a strong platform for post-quantum aware secure boot in IoT and wireless devices.
_________________________________________________________________________________________________________

Unified TrustZone-M and Dual-Bank Behavior
In 2.7.0, we’ve taken another step in making TrustZone-M support consistent across all ARMv8-M targets:

• Unified TrustZone-M handling across supported ARMv8-M platforms, so you get the same high-level behavior on devices like STM32H5, RP2350, nRF5340, and others.

• A TrustZone-aware dual-bank configuration, where redundant-slot updates respect secure/non-secure boundaries and provide better isolation between the running image and the candidate update.

For STM32H5 specifically, wolfBoot 2.7.0 brings:

• An improved SPI driver path

• Integration of TPM-based secure storage with updated TrustZone Non-Secure Callable (NSC) APIs

• Multiple fixes for dual-bank and TPM-enabled builds to make them more predictable and robust during updates

The simulator target has also been updated with dual-bank flow and a new bank-swap test script, so you can validate redundant-slot update scenarios and rollback logic without touching hardware. Adding features to the simulated platform allows us to test more scenarios in CI.

On the RP2350 (Raspberry Pi Pico 2), wolfBoot now uses a RAM cache for flash writes, increasing robustness against partial writes and power faults during updates.

For Infineon AURIX TC3xx, we’ve moved away from an IDE-centric example to a cleaner HAL module integration, fixing UART and boot-flag handling along the way. This brings the TriCore port in line with other wolfBoot HAL-based targets.
_________________________________________________________________________________________________________

Filesystem-Backed and MTD-Backed Update State Management

A key theme in 2.7.0 is better visibility and control over boot partition state, especially when integrating wolfBoot into larger systems and CI pipelines.

library_fs target and CLI tools

wolfBoot now exposes filesystem-backed partition state access via the new library_fs target and a companion CLI application often referred to as lib-fs.

With this setup, you can:

• Build libwolfboot as a library with a backend that maps partitions onto regular files

• Use the CLI to query boot partitions, inspect active/inactive slots, and track which image is pending or confirmed

• Trigger update operations and simulate swaps without hardware, which is ideal for automated testing and offline integration flows

This is particularly useful when you want to exercise wolfBoot’s state machine and update logic in a host-driven environment, for example, in a CI job that signs images and verifies that rollback and confirmation flows behave as expected.

MTD-backed update status in libwolfboot

For systems that use libwolfboot inside an OS and rely on raw flash / MTD devices, 2.7.0 introduces MTD-backed tracking of update status.

At a high level, this allows libwolfboot to:

• Store update state directly on MTD-backed partitions, so progress and status survive resets

• Integrate with standard MTD layers often found in Linux and RTOS-based designs (e.g. raw NOR/NAND layouts)

This makes it easier to build robust OTA flows where the application or an update agent interacts with libwolfboot to coordinate staged images and confirmation logic on raw flash devices.
_________________________________________________________________________________________________________

Build System, Tools, and Configuration Improvements

CMake presets and out-of-tree builds
Continuing the build system work from previous releases, wolfBoot 2.7.0 adds CMake presets, improves list handling, and further stabilizes out-of-tree builds, particularly for multi-target configurations.

The goal here is straightforward: make it easier for teams to:

• Maintain a single CMake-based project that targets multiple boards or SoCs

• Keep a clean source tree by building in separate directories

• Automate builds in CI with reproducible preset configurations

Key tools and post-quantum test coverage
The key generation and signing tools have also been refined:

• keygen --no-overwrite lets you protect existing key material by refusing to overwrite files, a small but important safety feature in production build pipelines.

• Stricter checks on image header and sector size help catch misconfigurations earlier in the build process instead of at boot time.

• Expanded ML-DSA test configurations improve coverage for post-quantum signatures, building on the PQC support introduced in earlier wolfBoot releases (ML-DSA, LMS, XMSS, and hybrids).

WOLFBOOT_RESTORE_CLOCK configuration

A new configuration option, WOLFBOOT_RESTORE_CLOCK, gives integrators more fine-grained control over clock behavior around the boot process. When enabled, the HAL can explicitly restore or adjust system clocks as part of its wake-up/exit path, improving compatibility with platforms that expect a particular clock tree configuration before the application starts.

This is especially useful on STM32 and Nordic devices where the clock configuration during boot ROM execution might differ from what the application expects.
_________________________________________________________________________________________________________

Security and Reliability Fixes
As usual, 2.7.0 includes important hardening and bug fixes across the code base:

• Encrypted and delta updates
  

  • Additional protection against IV reuse in encrypted update flows

  • Fallback and regression fixes

  • Expanded unit test coverage around encrypted and delta path handling

• Flash and STM32 improvements
  

  • Fixed SPI flash protocol edge cases and strengthened write verification

  • Corrected STM32 internal flash page erase masks

  • Multiple fixes in STM32H5 update paths, including dual-bank and TPM-enabled builds

• PowerPC / NXP P1021
  

  • Resolved stage1 and MMU build issues to keep the PowerPC port aligned with modern toolchains

• Warning cleanup and quality-of-life improvements
  

  • Cleanup of compiler warnings across several targets, including STM32WB55 PKA and non-TrustZone nRF5340 builds

These changes improve reliability across a wide range of configurations and reduce friction when enabling more advanced features like dual-bank updates, encrypted delivery, and TPM-based boot flows.
_________________________________________________________________________________________________________

Updated Module Versions
wolfBoot 2.7.0 aligns with the latest wolfSSL ecosystem components, pulling in updated versions of the underlying crypto and HSM libraries:

• wolfSSL: v5.8.4-stable (59f4fa568)

• wolfTPM: v2.4.0-594-g6d5df60

• wolfPKCS11: v2.0.0-stable-33-g81af264

• wolfHSM: v1.3.0 (8ac56d7)

By being in sync with the latest version of the components, wolfBoot benefits from the latest performance optimizations, algorithm updates, and security fixes shipped in the wolfSSL family.
_________________________________________________________________________________________________________

Getting wolfBoot 2.7.0 and Next Steps
wolfBoot 2.7.0 is available today:

• Download the release package from the wolfSSL download page (select wolfBoot 2.7.0).

• Clone the latest tag from the wolfBoot GitHub repository for direct source access and integration.

• Refer to the updated documentation and docs/lib.md for details on the library/library_fs targets, libwolfboot integration, and example flows.

If you’d like help integrating wolfBoot 2.7.0 with your platform—whether it’s a Vorago VA416x0 design, a TrustZone-enabled MCU like nRF5340 or STM32H5, or an architecture such as PowerPC or x86—reach out to the wolfSSL team at facts@wolfssl.com. We’re happy to assist with design reviews, custom ports, and compliance-driven secure boot deployments.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.

Download wolfSSL Now

Password Handling Fix
A bug in the wolfTPM2_SetKeyAuthPassword() function introduced in v3.9.2 has been resolved. This API, primarily used by the C# wrapper, was incorrectly truncating passwords to 2 bytes.

• Impact: Users of the wolfTPM2_SetKeyAuthPassword API or C# wrapper on v3.9.2

• Resolution: Password handling now correctly stores the full authentication credential, with regression tests added

• PR: #439

Note: If you are using this API or the C# wrapper with v3.9.2, we recommend updating.

Espressif ESP32 HAL Support
wolfTPM now natively supports ESP32-S3, ESP32-C6, and other ESP32 variants via SPI and I2C interfaces—bringing TPM 2.0 security to millions of IoT devices.

Key Features

• Native ESP-IDF integration with pre-configured pin mappings

• SPI speeds up to 22 MHz for high-performance cryptographic operations

• I2C support for Infineon SLB9673 TPM modules

• Hardware-backed key storage, secure boot, and device attestation

• PR: #386

Enhanced CMake Build System & TPM Module Selection
Streamlined build configuration with new TPM hardware targeting:

| Option                                  | Supported Hardware                   |
--------------------------------------------------------------------------------
| WOLFTPM_MODULE=slb9672   | Infineon OPTIGA™ TPM                   |
--------------------------------------------------------------------------------
| WOLFTPM_MODULE=st33        |  STMicro STSAFE-TPM                     |
--------------------------------------------------------------------------------
| WOLFTPM_MODULE=microchip | Microchip ATTPM20                        |
--------------------------------------------------------------------------------
| WOLFTPM_MODULE=nuvoton   | Nuvoton NPCT75x                          |
--------------------------------------------------------------------------------

Interface Options: SPI, I2C, MMIO, Linux devtpm, Windows TBS, Software TPM

cmake .. -DWOLFTPM_MODULE=slb9672 -DWOLFTPM_INTERFACE=DEVTPM

• PR: #438, #430

Linux TPM Resource Manager Support
New support for /dev/tpmrm0 enables automatic TPM session virtualization and multi-process coordination.

Enable with: WOLFTPM_USE_TPMRM

| Feature                           | Raw Device (/dev/tpm0)        | Resource Manager (/dev/tpmrm0)   |
------------------------------------------------------------------------------------------------------------------------
| Multi-process access          | Manual coordination                   | Automatic isolation                                |
------------------------------------------------------------------------------------------------------------------------
| Session management         | Application handles                    | Kernel manages                                    |
------------------------------------------------------------------------------------------------------------------------
| Cleanup on exit                 | Must be explicit                          | Automatic                                            |
------------------------------------------------------------------------------------------------------------------------

• PR: #435, #434

Additional Improvements

| Feature                                                                                | PR                     |
-----------------------------------------------------------------------------------------------
| Fixed crypto callback hash algorithm selection                          | #433             |
-----------------------------------------------------------------------------------------------
| Improved signature verification hash detection                         | #432             |
-----------------------------------------------------------------------------------------------
| Improved TLS bidirectional shutdown                                       | #431             |
-----------------------------------------------------------------------------------------------
| Coverity static analysis fixes                                                    | #441             |
-----------------------------------------------------------------------------------------------
| Added make cppcheck option                                                   | Various              |
-----------------------------------------------------------------------------------------------

Why wolfTPM?

• Portable: Runs on bare-metal RTOS, Linux, Windows, and macOS

• Lightweight: Small footprint for resource-constrained embedded systems

• Standards-compliant: Full TPM 2.0 specification support

• Production-ready: Trusted by automotive, aerospace, and industrial customers

• Open source: GPLv3 with commercial licensing available

Supported TPM Hardware
Infineon OPTIGA™ SLB9670/9672/9673 • STMicro ST33 • Microchip ATTPM20 • Nuvoton NPCT75x • Nations Tech Z32H330/NS350 • Software TPM simulators

Get Started

git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM && ./autogen.sh && ./configure && make

Resources

• GitHub Repository

• Full Changes

• Documentation

• Support

wolfTPM is developed by wolfSSL Inc., the leading provider of lightweight, portable security solutions for embedded systems, IoT, automotive, and enterprise applications.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 424 245 8247.

Download wolfSSL Now

What's New in v1.21.0
The wolfMQTT v1.21.0 release includes several significant enhancements:

NetX and ThreadX RTOS Support
The most notable addition in this release is support for NetX networking stack and ThreadX RTOS. This enables wolfMQTT to be used on a wider range of embedded platforms, particularly those using Azure RTOS (formerly ThreadX) environments. These additions make wolfMQTT an excellent choice for industrial IoT applications and real-time embedded systems.

License Update to GPLv3
Starting with this release, wolfMQTT is now available under the GPLv3 license. This update aligns wolfMQTT with the broader wolfSSL product family licensing model, providing clearer terms for open source usage while commercial licensing remains available for proprietary applications.

Security Improvements
This release includes important security enhancements:

• Fixed a heap buffer overflow vulnerability in MqttDecode_Num with improved bounds checking

• Enhanced MQTT v5 property-packet protocol validation and decode safety

• Corrected state transition checks in MqttClient_Auth for more robust authentication handling

Post-Quantum Cryptography Updates
The ML-KEM hybrid key exchange names have been updated to match the latest IETF Draft specifications. This ensures compatibility with evolving post-quantum cryptography standards and maintains interoperability with other implementations following the IETF naming conventions.

ESP-IDF v5.5 Support
The Espressif ESP-IDF examples have been updated and pinned to ESP-IDF v5.5, ensuring compatibility with the latest Espressif development framework. This update also includes workflow improvements and line ending fixes for better cross-platform development.

Additional Improvements

• Updated test certificates to replace expired ones

• Restored instructions for testing against OQS Mosquitto integration

• Added fflush to mqtt-sub example for improved output handling

• Various bug fixes for MQTT property decode error checks

About wolfMQTT
wolfMQTT is a lightweight, embedded MQTT client implementation written in C that supports SSL/TLS via the wolfSSL library. It was built from the ground up to be multi-platform, space conscious, and extensible. The library supports:

• MQTT v3.1.1 and v5.0 protocols

• MQTT-SN (MQTT for Sensor Networks)

• Quality of Service (QoS) levels 0-2

• TLS encryption via wolfSSL

• Non-blocking communications

• Multithreading for parallel operations

• Integration with popular IoT platforms (AWS IoT, Azure IoT Hub, IBM Watson IoT)

Getting wolfMQTT v1.21.0
The wolfMQTT v1.21.0 release is available now on our download page and GitHub.

Release 1.21.0 has been developed according to wolfSSL's development and QA process and successfully passed the quality criteria.

Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.

While you're there, show us some love and give the wolfMQTT project a Star!

You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Current GPLv3 Exception:

• MariaDB Server

• MariaDB Client Libraries

• OpenVPN-NL

• Fetchmail

• OpenVPN

Security Fixes

This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include:

• A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default for Xtensa.

• A medium-severity TLS 1.3 server-side DoS risk from repeated KeyShareEntry values in malicious ClientHello messages.

• Several TLS 1.3 downgrade-related issues (PFS downgrades, signature algorithm downgrades, and duplicate extension parsing).

• A memory leak risk in TLS 1.2 certificate digest handling.

• XChaCha20-Poly1305 decryption bounds-check fix and constant-time improvements in PSK binder verification.

Special thanks to Adrian Cinal, Jaehun Lee, and Kyungmin Bae (POSTECH), Luigino Camastra (Aisle Research), and all researchers who contributed.

New Features

This release includes focused improvements and additions:

• ML-KEM / ML-DSA: new APIs, PKCS8 seed/import support, and improved key management.

• FreeBSD kernel module: initial support for wolfCrypt in the FreeBSD kernel.

• PKCS7/CMS: expanded decoding capabilities, additional callbacks, and more flexible builds.

• Rust wrapper enhancements: broader algorithm coverage, optional heap/dev_id support, and conditional compilation based on C build options.

• Hardware platform updates: STM32 and PSoC6 improvements, including STM32U5 SAES support.

• New –enable-curl=tiny option for smaller cURL-linked builds.

Improvements & Optimizations

Key improvements include:

• Broader and more consistent testing across TLS 1.3/1.2, libssh2, Arduino, ESP-IDF, and nightly workflows.

• Documentation updates, expanded crypto-callback support, and improved AES/HW offload functionality.

• ESP32, Renesas FSP/RA, and SGX build enhancements.

• Build-system refinements across Autotools, CMake, Apple platforms, and Debian packaging.

• RISC-V and PPC32 assembly introspection helpers and benchmarking updates.

Bug Fixes

Notable fixes:

• C# wrapper correction for Ed25519 raw public-key import.

• Sniffer stability fixes and X.509 path-length and certificate-chain improvements.

• DTLS ordering, cookie handling, and replay protection updates.

• Kernel-mode, FIPS, and PIE-related build fixes.

• ML-KEM/ML-DSA correctness and safety fixes.

• Various static-analysis, warning cleanup, memory-management, and undefined-behavior fixes.

For a more detailed list of changes, check out the ChangeLog.md bundled with wolfSSL. To download the latest release, go to the download page. For any questions, reach out to us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfProvider is designed for customers who want FIPS-validated cryptography but are already invested in using OpenSSL. The provider delivers drop-in replacements for cryptographic algorithms used by OpenSSL, leveraging the wolfCrypt engine underneath, which is FIPS 140-3 certified.

New Cryptographic Features
This release introduces several important cryptographic capabilities:

• KBKDF (Key-Based Key Derivation Function): Implementation of NIST SP 800-108 key derivation for secure key generation from existing key material.

• KRB5KDF (Kerberos 5 Key Derivation Function): Support for Kerberos cryptographic operations, enabling enterprise authentication scenarios.

• AES-CTS (Ciphertext Stealing): Additional AES cipher mode for applications requiring specific padding behavior.

• RSA No-Padding Operations: Raw RSA encrypt/decrypt operations for applications with custom padding schemes.

Replace-Default Provider Mode
A groundbreaking feature in this release is the ability to replace OpenSSL’s default provider entirely with wolfProvider. This mode makes wolfProvider the primary cryptographic implementation system-wide, allowing existing OpenSSL applications to transparently use wolfSSL’s FIPS-validated cryptography without any code modifications. This feature includes comprehensive testing to ensure the default swap works as expected across various scenarios.

Enhanced Testing and Quality Assurance
wolfProvider 1.1.0 significantly expands our integration testing with real-world open-source applications. We’ve added automated CI/CD workflows for over 40 popular applications, ensuring wolfProvider works seamlessly with:

Network Infrastructure: gRPC, OpenSSH, libssh2, OpenSC/PKCS11, OpenLDAP, IPMItool, Stunnel, socat, SSSD, net-snmp, liboauth2, tnftp, systemd, X11VNC, sscep, TPM2 tools, libcryptsetup, libtss2, KRB5, bind9, hostap
Development Tools: Python3 NTP, libeac, xmlsec, Qt5 Network, rsync, libwebsockets, tcpdump, cjose, iperf, libfido2, ppp, pam-pkcs11, kmod, libnice

This extensive testing demonstrates wolfProvider’s production-readiness and compatibility with the broader OpenSSL ecosystem.

Command-Line Integration
New command-line integration tests validate wolfProvider’s compatibility with OpenSSL command-line tools for AES, RSA, RSA-PSS, Hash, and ECC operations. This ensures that scripts and automation tools using OpenSSL commands work correctly with wolfProvider.

Debian Package Support
This release includes comprehensive Debian packaging support, making deployment on Debian-based systems straightforward. The packaging includes proper dependency management and integration with the system OpenSSL configurations.

Bug Fixes and Stability Improvements
wolfProvider 1.1.0 includes over 100 bug fixes addressing issues across all cryptographic operations:
AES Improvements: Fixed AES-GCM streaming bugs, authentication tag handling, IV management, and CBC consecutive call handling.
RSA Enhancements: Resolved RSA PSS decoding issues, key import edge cases, keygen retry logic, certificate display formatting, and parameter handling.
ECC Fixes: Corrected public key validation, parameter handling, private key operations, signing restrictions, and encoding issues.
DH Corrections: Fixed FIPS build compatibility, parameter handling, private key operations, and decoder registrations.
General Stability: Improved locking around signature operations, NULL reinit handling, core libctx management, and OpenSSL patching detection.

Looking Forward
wolfProvider 1.1.0 represents a major step forward in providing FIPS-validated cryptography to the OpenSSL ecosystem. The extensive integration testing, new cryptographic features, and replace-default mode make this release suitable for production deployment in enterprise environments requiring FIPS compliance.

Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a complete list of changes in each release.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Security Updates
This release addresses two security issues:

• CVE-2025-11625: Fixed a client-side host verification bypass that could expose credentials. (PR#840)

• CVE-2025-11624: Fixed an SFTP server stack overflow triggered by malformed input. Thanks to Stanislav Fort of Aisle Research for the report

Feature Additions

• TPM key authentication for hardware-based identity protection.

• ED25519 key generation support added to the API.

• Curve25519 alias compatibility with curve25519-sha256@libssh.org for improved interoperability.

• Keyboard-interactive authentication can now be enabled at build time (--enable-keyboard-interactive).

• AES-CBC is now disabled by default, shifting focus toward stronger default cipher suites.

• Added Microchip ATSAMV71Q21B example with harmony filesystem integration.

This version refines FATFS support, enhances user authentication handling, and improves SFTP and rekeying operations. Post quantum hybrid support was also touched up along with numerous Coverity findings, warning cleanups, and minor API consistency fixes.

Users of the wolfSSH client code or SFTP server should upgrade, particularly those relying on host verification.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

New Platform Support
PIC32CZ CA (Cortex-M7) and PIC32CK (Cortex-M33) devices from Microchip are now supported. The PIC32CZ family targets high-performance secure connected applications with integrated HSM and extended memory. The PIC32CK line brings TrustZone support for secure partitioning on Armv8-M systems. wolfBoot can now provide verified secure boot and firmware updates across both families.

External Flash Support with ELF Scattering
wolfBoot now supports external flash configurations when using ELF scattering mode. This enables firmware sections to be distributed between internal and external flash, useful in scenarios where internal flash is limited or where larger applications are split across multiple memory regions.

Encrypted Updates on Renesas RX
Encrypted firmware updates are now supported for the Renesas RX family. When paired with Renesas TSIP (Trusted Secure IP), wolfBoot can handle encrypted update packages, with decryption performed securely on-chip using hardware-managed keys. This provides strong protection for sensitive firmware in the field.

PowerPC 32-bit Optimizations
New assembly-level optimizations for SHA and AES are now available on 32-bit PowerPC platforms. These improvements reduce boot-time cryptographic processing overhead and improve performance during image verification and decryption operations.

STM32F4 Enhancements
wolfBoot v2.6.0 includes updated clock configuration logic for the STM32F4 series, ensuring compatibility across the full device family. In addition, support has been added for the STM32F411 variant, commonly used in development and prototyping platforms.

Fixes and Improvements
This release includes several important bug fixes:

• Fixed unaligned memory access on Cortex-A5

• Corrected compile flags to allow execution from RAM on ARM targets

• Proper handling of VTOR_NS when staging non-secure images in TrustZone-M mode

• Removed redundant flash write-after-erase cycle in wolfBoot_update_trigger

• Multiple TrustZone-related fixes for STM32H5 devices

These changes improve stability, reduce flash wear, and ensure correct behavior on secure platforms.

Updated Module Versions
The following components have been updated in this release:

• wolfSSL version 5.8.2 or later

• wolfTPM version 3.9.1 or later

• wolfPKCS11 latest revision

• wolfHSM latest revision

More Information
To download the latest version of wolfBoot, visit our download page or clone it from the wolfBoot GitHub repository. For questions about commercial support, licensing, or integration assistance, please contact us at facts@wolfssl.com or +1 425 245 8247.

Among the most notable changes to this release is the addition of support for PKCS8 and Base64 commands, introduced in PR #178. These features make it easier to handle common encoding formats and key conversions directly from the command line, streamlining workflows involving PEM or DER-encoded data.

The update also includes important fixes to macro definitions related to client and server Key Encapsulation Mechanisms (KEM), as noted in PR #177. These corrections ensure proper configuration and usage when working with post-quantum cryptographic modes and hybrid TLS key exchange scenarios.

To support users working in FIPS-approved environments, wolfCLU now better aligns with FIPS 140-3 expectations. In PR #183, tests were adjusted to reflect the removal of DES in FIPS mode, and new output was added to indicate when FIPS is enabled. These changes help clarify operational state and support auditability during validation efforts.

This release also updates the license from GPLv2 to GPLv3 (PR #184).

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS library.

Important Notes for this Release

• GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.

• Deprecated Feature: `–enable-heapmath` is now deprecated.

• MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.

Key Highlights of wolfSSL 5.8.2

Vulnerability Mitigations:

• ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)

• Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)

• Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)

• Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)

New Features:

• Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.

• New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.

• PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.

• PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.

• Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.

• OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.

• Platform Support: Added support for STM32N6.

• Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.

Improvements & Optimizations

This release includes a wide range of improvements across various categories, including:

• Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.

• Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.

• Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.

• Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.

• Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.

• TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.

• Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.

• Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.

• Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.

• General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.

wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.

We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS