New JCE Functionality:

• Add Cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding support

• Add Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding support

• Add Cipher WRAP_MODE and UNWRAP_MODE support for RSA-based key wrapping

• Add PKIX CertPathBuilder implementation using native wolfSSL X509_STORE

• Add jdk.certpath.disabledAlgorithms enforcement to CertPathBuilder and CertPathValidator

• Register default FIPS error callback in WolfCryptProvider for FIPS error debugging

• Enrich WolfCryptException with FIPS module status for FIPS_NOT_ALLOWED_E errors

• Add Java 9+ module support (JPMS) for jlink compatibility

New JNI Functionality:

• Add hex string conversion via WolfCrypt.toHexString() and WolfCrypt.hexStringToByteArray()

• Add PEM to DER conversion support for keys and certificates

• Add setFlags() and setVerificationTime() methods to WolfSSLX509StoreCtx

New Property Support:

• wolfssl.skipLibraryLoad System property – Skip automatic System.loadLibrary() calls for advanced embedding scenarios

• wolfjce.ioTimeout System property – Configure OCSP/CRL IO timeouts

Bug Fixes & Reliability Improvements
Beyond the new features, version 1.10.0 includes a substantial set of bug fixes and reliability improvements focused on FIPS error visibility, cryptographic correctness, input validation, and memory safety:

• Fixed FIPS error callback lifecycle (including proper deregistration in JNI_OnUnload)

• Corrected Ed25519 signature length handling, RSA public-key flattening/export, unsigned return values, and pointer casts

• Added HMAC/ByteBuffer/offset-length bounds validation, improved NULL checks, and missing releaseByteArray() calls across ECC, RSA, ChaCha, and AES-GCM

• Implemented defensive copies of IV arrays, constant-time GMAC tag verification, secure zeroization of keys and buffers, and proper cleanup for AES-CTR/AES-OFB/GMAC

• Fixed signed integer overflow risks in bounds checks, DH key export paths, ECC private-key import curve handling, and reduced unnecessary WC_RNG allocations

• Expanded FIPS-compliant SecureRandom sanitization and fixed threaded MessageDigest hangs on FIPS errors

Expanded Testing & CI Infrastructure
CI coverage has been expanded with new workflows and modern platform support:

• Java 24 and 25 tests added to GitHub Actions workflows

• Linux 32-bit testing with Java 17 via GitHub workflow

• UndefinedBehaviorSanitizer (UBSan) GitHub workflow

• SpotBugs static analysis target and dedicated GitHub Actions workflow

• Android FIPS Ready automated emulator testing via GitHub workflow

• Java 9+ module (JPMS) testing workflow

• Improved JUnit test reliability for FIPS mode and CI environments

New Examples

• Added CertPathBuilder and CertPathValidator example demonstrating PKIX path building and validation with disabledAlgorithms enforcement

• Updated Android example project: migrated from jcenter() to mavenCentral() and AndroidX, added Gradle wrapper with distributionSha256Sum, JKS-to-BKS KeyStore conversion script for testing, and CMakeLists.txt exclusion list updates

wolfCrypt JNI/JCE 1.10.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now