Welcome to the wolfSSL Forums!

wolfCrypt JNI/JCE 1.10.0 is now available for download! This release brings new JCE Cipher support for RSA OAEP padding schemes and RSA key wrapping (WRAP/UNWRAP modes), a PKIX CertPathBuilder implementation using native wolfSSL X.509 functionality, default FIPS error callback registration, new JNI utilities for hex string conversion and PEM-to-DER, enhanced WolfSSLX509StoreCtx methods, and two new system properties for flexible native library loading and OCSP/CRL timeouts. Along with these additions, 1.10.0 delivers extensive bug fixes, memory-safety improvements, FIPS compliance enhancements, and an expanded testing matrix.

New JCE Functionality:

Add Cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding support

Add Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding support

Add Cipher WRAP_MODE and UNWRAP_MODE support for RSA-based key wrapping

Add PKIX CertPathBuilder implementation using native wolfSSL X509_STORE

Add jdk.certpath.disabledAlgorithms enforcement to CertPathBuilder and CertPathValidator

Register default FIPS error callback in WolfCryptProvider for FIPS error debugging

Enrich WolfCryptException with FIPS module status for FIPS_NOT_ALLOWED_E errors

Add Java 9+ module support (JPMS) for jlink compatibility

New JNI Functionality:

Add hex string conversion via WolfCrypt.toHexString() and WolfCrypt.hexStringToByteArray()

Add PEM to DER conversion support for keys and certificates

Add setFlags() and setVerificationTime() methods to WolfSSLX509StoreCtx

New Property Support:

wolfssl.skipLibraryLoad System property – Skip automatic System.loadLibrary() calls for advanced embedding scenarios

wolfjce.ioTimeout System property – Configure OCSP/CRL IO timeouts

Bug Fixes & Reliability Improvements
Beyond the new features, version 1.10.0 includes a substantial set of bug fixes and reliability improvements focused on FIPS error visibility, cryptographic correctness, input validation, and memory safety:

Fixed FIPS error callback lifecycle (including proper deregistration in JNI_OnUnload)

Corrected Ed25519 signature length handling, RSA public-key flattening/export, unsigned return values, and pointer casts

Added HMAC/ByteBuffer/offset-length bounds validation, improved NULL checks, and missing releaseByteArray() calls across ECC, RSA, ChaCha, and AES-GCM

Implemented defensive copies of IV arrays, constant-time GMAC tag verification, secure zeroization of keys and buffers, and proper cleanup for AES-CTR/AES-OFB/GMAC

Fixed signed integer overflow risks in bounds checks, DH key export paths, ECC private-key import curve handling, and reduced unnecessary WC_RNG allocations

Expanded FIPS-compliant SecureRandom sanitization and fixed threaded MessageDigest hangs on FIPS errors

Expanded Testing & CI Infrastructure
CI coverage has been expanded with new workflows and modern platform support:

Java 24 and 25 tests added to GitHub Actions workflows

Linux 32-bit testing with Java 17 via GitHub workflow

UndefinedBehaviorSanitizer (UBSan) GitHub workflow

SpotBugs static analysis target and dedicated GitHub Actions workflow

Android FIPS Ready automated emulator testing via GitHub workflow

Java 9+ module (JPMS) testing workflow

Improved JUnit test reliability for FIPS mode and CI environments

New Examples

Added CertPathBuilder and CertPathValidator example demonstrating PKIX path building and validation with disabledAlgorithms enforcement

Updated Android example project: migrated from jcenter() to mavenCentral() and AndroidX, added Gradle wrapper with distributionSha256Sum, JKS-to-BKS KeyStore conversion script for testing, and CMakeLists.txt exclusion list updates

wolfCrypt JNI/JCE 1.10.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-04-27 16:25:01

wolfSSL JNI/JSSE 1.17.0 is now available for download! This release brings JSSE?level PSK support, Java Platform Module System (JPMS) compatibility, SSLEngine hardening, a large expansion of X.509 and CRL capabilities at the JNI layer, and two new properties for FIPS and native library loading. Along with the new functionality, 1.17.0 contains a substantial set of bug fixes, compatibility improvements, and stability changes driven by AI-facilitated analysis and test integrations with Spring Boot, Netty, and OkHttp.

New JSSE Functionality

Pre-Shared Key (PSK) support – Full JSSE-level PSK via WolfSSLParameters for SSLSocket and SSLEngine (client and server).

Java 9+ Module System (JPMS) support – Conditional module-info.java compilation for jlink compatibility.

Trust and KeyStore enhancements — CertPathTrustManagerParameters and KeyStoreBuilderParameters now supported in WolfSSLTrustManager.

New JNI Functionality & Certificate APIs

Extract SNI directly from a raw ClientHello buffer with WolfSSL.getSNIFromBuffer()

RSA-PSS sign/verify and RSA sign-check PK callback support.

Basic Constraints pathLen parameter in WolfSSLCertificate / WolfSSLCertRequest.addExtension().

Full CRL generation and decode wrappers in WolfSSLCRL.

Extended X.509 support:
- SKID, AKID, CRL Distribution Points, and Netscape Cert Type extensions.
- Name Constraints via new WolfSSLNameConstraints / WolfSSLGeneralName classes.
- Extended AIA interface for separate OCSP and CA Issuer URL retrieval.
- WolfSSLAltName class with full SAN parsing (including otherName for MS AD UPN, iPAddress, and directoryName).

New Configuration Properties

wolfjsse.skipFIPSCAST Security property – Skip automatic FIPS CAST execution during wolfJSSE initialization.

wolfssl.skipLibraryLoad System property – Skip automatic System.loadLibrary() calls for advanced embedding scenarios.

Bug Fixes & Reliability Improvements
This release includes numerous stability and compatibility fixes, particularly for SSLEngine and SSLSocket:

Improved SSLEngine buffer handling (BUFFER_UNDERFLOW/OVERFLOW), close/shutdown state transitions, and handshake status reporting.

Better SNI handling, session timeout behavior, and principal return types (X500Principal).

Spring Boot and Netty compatibility improvements (SSLHandshakeException on handshake errors, SSLEngine(host, -1) support).

Multiple null-pointer, memory-leak, and thread-safety fixes in native callbacks and FIPS error handling.

Cipher suite filtering aligned with jdk.tls.disabledAlgorithms and TLS version configuration.

Various edge-case fixes for PSK, certificate loading, and high file descriptor handling.

Expanded Testing & CI Infrastructure

Static analysis – New SpotBugs build target and GitHub Actions workflow.

Android FIPS Ready – Automated Android emulator testing via GitHub workflow.

Sanitizers – UndefinedBehaviorSanitizer (UBSan) GitHub workflow.

Linux 32-bit testing with Java 17 via GitHub workflow.

Expanded test matrix support for Java 24 and 25.

Module system and build verification – JPMS (Java Module System) testing workflow.

New Examples & Testing

PSK client/server examples for both SSLSocket and SSLEngine.

DualProviderFIPSTest demonstrating wolfJSSE + wolfJCE dual-provider FIPS usage.

Updated Android example with TLS connection and FIPS error callback support.

wolfSSL JNI/JSSE 1.17.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-04-24 09:54:56

wolfTPM v4.0.0 is our largest release to date. It delivers three headline capabilities:

Firmware TPM (fwTPM) – a portable TPM 2.0 built on wolfCrypt.

SPDM Secured Transport – encrypted host-to-TPM communication.

ST33 TPM 2.0 Firmware Update – new update tool for STMicro ST33KTPM2X.

All three are powered by the same wolfCrypt engine trusted in FIPS 140-3 and DO-178C DAL A deployments.

Feature 1: Firmware TPM (fwTPM)
The fwTPM is a portable TPM 2.0 command processor. It is implemented entirely on top of wolfCrypt. It covers 105 of 113 commands in the TPM 2.0 v1.38 specification (93%). The full object, session, policy, attestation, PCR, and NV families are included.

Use it as a drop-in replacement for a discrete TPM chip. Or use it in CI as a replacement for external simulators like the Microsoft TPM simulator and IBM swTPM.

Why It Matters

Reduce BOM and physical attack surface. Parts that never shipped with a TPM can now gain TPM services. No extra chip. No exposed bus.

Portability. The same fwTPM runs on a Cortex-M in TrustZone, a dedicated RPU on an MPSoC, a hardened RISC-V core, or an FPGA soft core.

Supply-chain integrity. Your TPM becomes part of your signed firmware image. No separate silicon vendor in the trust path.

Same crypto you already trust. RSA, ECC, SHA-2/3, AES, and HMAC all come from the FIPS 140-3 wolfCrypt module, qualifiable to DO-178C DAL A for avionics.

Where fwTPM Runs

fwTPM is designed to live in an isolated execution environment. Proven homes include:

Microchip PolarFire SoC (MPFS250T) – Run in FPGA with Mi-V RISC-V soft-core or run in a dedicated core (E51 Monitor or U54)

Arm TrustZone-M. Reference port on STMicro STM32H5 (NUCLEO-H563ZI). TrustZone-M gives isolated code, data, flash, and crypto peripherals.

AMD/Xilinx Zynq UltraScale+ MPSoC and Versal Gen 1 / Gen 2. Multiple deployment options on the same part: Arm TrustZone on the APU, a dedicated Cortex-R5F (UltraScale+) or R52 (Versal Gen 2) on the RPU, or a MicroBlaze V (RISC-V) soft core.

AMD Spartan UltraScale+ (MicroBlaze V or Cortex-M1 soft core)

Altera Agilex 5 (Nios V soft core). TPM functionality entirely inside programmable logic.

Integration

Transports: Socket mssim or swtpm (auto detected), shared memory IO and register-level TIS for bare-metal SPI, I2C or UART.

NV storage: File-backed on hosted systems. HAL callback for embedded flash. TLV journal format suits wear-levelled flash.

Footprint knobs: Features can be disabled if not required to reduce code size. Attestation, Policy, NV, Credential, Dictionary Attack.

Feature 2: SPDM Secured Transport
When a TPM speaks to its host over a PCB trace, that trace is attackable. SPDM closes the gap. Commands and responses ride over a vendor-defined TCG channel. The channel is encrypted with AES-256-GCM and integrity-checked on every packet.

What’s New

Vendors: Nuvoton NPCT75x and Nations Technologies NS350. (More coming soon)

Session modes:
- Identity-key mode over ECDH P-384, on both NPCT75x and NS350.
- PSK mode on NS350.

Auto-connect with SPDM-only lock-down. Once locked, wolfTPM establishes the encrypted session on every open. Plaintext commands are rejected.

New spdm_ctrl utility. Full lifecycle: enable, disable, provision PSK, clear PSK, lock, unlock.

Why It Matters
Anywhere the TPM is physically accessible – servers in colocation, defense platforms, medical devices, industrial controllers, in-vehicle ECUs – SPDM closes the last-inch attack surface.

Feature 3: ST33 TPM 2.0 Firmware Update
STMicro’s ST33KTPM2X introduced a new Generation 2 firmware format using LMS signing. wolfTPM v4.0.0 adds the st33_fw_update example tool for supporting firmware updates on older Gen 1 and newer Gen 2 firmware versions. See examples/firmware/README.md for usage.

Other v4.0.0 Release Improvements

New HALs

Raspberry Pi 4 hardware SPI

U-Boot (tpm_io_uboot.c)

Espressif ESP-IDF SPI

Linux auto-detection between /dev/tpmX and direct SPI

Hardening

Fenrir and Coverity findings addressed across tpm2_wrap, tpm2_packet, tpm2_asn, NV, session auth, SPDM, and fwTPM paths.

ForceZero on every sensitive stack buffer.

Constant-time export for ECDH shared secrets and ECC signature r/s.

Short-circuit OR removed from all auth paths.

Bounds checks and NULL-deref guards across ASN.1, PCR, and key-load code.

CI

ASan and UBSan sanitizer jobs.

Pedantic gcc and clang matrices.

macOS and Windows fwTPM builds.

Weekly libFuzzer plus per-PR smoke.

Coming Soon: TPM 2.0 v1.85 Post-Quantum

Right behind this release. Post-quantum algorithms from TPM 2.0 v1.85 are landing in both the fwTPM server and the wolfTPM client library:

ML-KEM (Kyber) for key encapsulation

ML-DSA (Dilithium) for signatures

Why now? Harvest-Now-Decrypt-Later (HNDL) mitigation for long-lived device identity keys. Deploy fwTPM today. Get a drop-in PQC upgrade path without respinning silicon.

Getting Started

git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM
git checkout v4.0.0
./configure --enable-fwtpm
make && make check

Source and tag: https://github.com/wolfSSL/wolfTPM (tag v4.0.0)

Changelog: ChangeLog.md

fwTPM deep-dive: src/fwtpm/README.md

SPDM deep-dive: src/spdm/README.md

ST33 firmware update: examples/firmware/README.md

For commercial licensing, FIPS 140-3 integration, DO-178C DAL A qualification kits, custom HAL ports, or early access to the v1.85 PQC branch, contact facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

2026-04-23 15:50:33

We are pleased to announce the release of wolfBoot 2.8.0, a major update that expands platform support, strengthens PSA and TrustZone integration, and delivers another round of meaningful hardening across the secure boot and firmware update flow.

This release stands out for the breadth of hardware now supported. wolfBoot 2.8.0 adds or extends support for AMD/Xilinx Versal Gen 1 VMK180, Microchip PolarFire SoC MPFS250, NXP MCXN, MCXW71, S32K14x, LPC55S69, NXP T1040 RDB, refreshed T2080 configurations, and Nordic nRF54L15. For product teams working across multiple silicon families, wolfBoot continues to prove itself as a highly portable and consistent secure boot solution.

Version 2.8.0 also brings an important step forward for PSA-based designs. New support for wolfPSA secure storage, TrustZone-backed PSA services, PSA crypto, PSA attestation, and DICE-based attestation flows makes wolfBoot an even stronger foundation for modern embedded security architectures. With new Zephyr integration replacing the TEE layer through PSA-facing interfaces, this release opens up new options for developers building secure RTOS-based systems.

wolfBoot is now also available as complete secure boot + TEE (PSA) replacement for TrustZone systems running Zephyr OS.

On the product integration side, wolfBoot 2.8.0 adds a new generic hook framework for pre-init, post-init, and boot customization, along with custom encryption-key hooks, PKCS11-backed encrypted partitions, improved status and image-inspection tooling, monolithic self-update builds, and reproducible-build support. These improvements make it easier to adapt wolfBoot to real deployment requirements while keeping the codebase compact and focused.

Existing targets also benefit from substantial work in this release. Highlights include improved STM32H5 TrustZone and PKCS11 integration, external flash dual-bank updates on PSoC6, expanded AURIX TC3xx self-update and wolfHSM configurations, refreshed Renesas RA6M4 and RX projects, and better clang/LLVM support with dedicated CI coverage.

As always, security and reliability remain central. wolfBoot 2.8.0 strengthens image parsing, signing, and update flows with tighter checks and safer handling across signatures, TLVs, delta images, partition layouts, and storage I/O. It also expands constant-time operations and zeroization in sensitive paths, adds stricter rollback and flash-protection behavior, and fixes a range of regressions across supported architectures and simulator targets.

Updated modules

wolfSSL: latest stable

wolfTPM: latest

wolfPKCS11: latest stable

wolfHSM: latest

With 2.8.0, wolfBoot continues to grow as a practical, production-ready secure bootloader for embedded systems that need strong authentication, reliable updates, and portability across a rapidly expanding hardware landscape.

To learn more about wolfBoot, or to discuss secure boot and firmware update strategies for your platform, contact us.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-04-22 10:56:03

wolfSSH v1.5.0 is now available! This release brings additional post-quantum hybrid key exchange algorithms, a broad hardening pass across the code base, and a large number of bug fixes. There is also one low-severity vulnerability fix in this release affecting wolfSSHd on Windows when handling an edge case in terminal resize messages received from an authenticated connection.

Please see the ChangeLog.md for full details.

New Features
The headline addition in v1.5.0 is post-quantum key exchange via ML-KEM hybrid algorithms — mlkem1024nistp384-sha384 and mlkem768x25519-sha256 — based on draft-ietf-sshm-mlkem-hybrid-kex, with interoperability testing against OpenSSH running in CI. This brings wolfSSH in line with the industry direction toward quantum-resistant SSH.

On the algorithm side, client-side rsa-sha2-512 signature support has been added. The key type is now separated from the signature type, so ssh-rsa keys can be used with ssh-rsa, rsa-sha2-256, or rsa-sha2-512 signatures, improving compatibility with modern SSH servers that have deprecated the older scheme.

Two handy SFTP client usability improvements also landed: lcd and lls commands for managing the local working directory without leaving an SFTP session.

Improvements
Several handlers that previously lacked proper callback validation have been tightened: host key acceptance, channel open requests, TCP/IP forwarding, and DH group exchange parameters are all now gated and validated. Additional defensive constant-time comparisons were also applied.

Beyond hardening, SFTP reliability saw meaningful attention – better non-blocking behavior, improved error path handling, and more robust multi-byte password support. CI coverage was expanded significantly with new sanitizer builds, multi-compiler testing, and automated Coverity scanning.

Fixes
This release contains a large number of bug fixes driven by static analysis and code review. Highlights include a non-blocking SFTP server hang on WS_WANT_WRITE, Windows authentication issues, missing hash cleanup in RSA/ECC paths, and a variety of null-dereference, bounds-check, and memory-leak fixes throughout the codebase.

Download wolfSSH v1.5.0 from our download page, or clone it from GitHub.

If you have questions about wolfSSH or any of our other products, feel free to reach out at facts@wolfssl.com or support@wolfssl.com, or give us a call at +1 425 245 8247.

Download wolfSSL Now

2026-04-21 16:15:40

wolfSSL 5.9.1 is available with new features, post-quantum cryptography improvements, broad bug fixes, and a number of vulnerability fixes. Users are always recommended to stay up to date with wolfSSL releases. In this release, use cases that are affected by high severity reports are: PKCS7 with ORI callback set or AuthEnvelopedData with AES-GCM (–enable-pkcs7), ECDSA certificate verification with EdDSA or ML-DSA enabled, URI nameConstraints enforcement with intermediate CAs, X.509 certificate conversion via CertFromX509 with AuthorityKeyIdentifier, DTLS 1.3 (–enable-dtls13), ECH (–enable-ech), ECCSI signature verification (–enable-eccsi), AES-EAX/CMAC with large messages, and ChaCha20-Poly1305 via EVP or X509_verify_cert via the OpenSSL compatibility layer (–enable-opensslextra).

Security Vulnerabilities Addressed
This release addresses 22 CVEs across critical, high, medium, and low severity levels. Notably, we have received many quality AI-assisted vulnerability reports this cycle. Thanks to all the researchers who responsibly disclosed issues, including teams from Anthropic, KENTECH, Calif.io, eWalker Consulting, and several independent contributors.

For the full list of vulnerabilities addressed, visit the wolfSSL Vulnerability Page.

Default Build Changes

ML-KEM (FIPS 203) enabled by default — Post-quantum key encapsulation is now on by default, making it easier than ever to adopt quantum-resistant cryptography.

ECC curve validation is now enabled unconditionally in default builds, removing the previous dependency on USE_ECC_B_PARAM.

New Features

Brainpool curve support added to wolfSSL_CTX_set1_sigalgs_list for broader European cryptographic standard compatibility.

DTLS 1.3 / TLS 1.3 write-dup support — Duplicate SSL functionality allows read-side delegation of post-handshake tasks (KeyUpdate, ACK, post-handshake auth) to the write-side.

Post-Quantum Cryptography Updates

The context-aware FIPS 204 ML-DSA (Dilithium) API is now the default, with the legacy non-context API gated behind WOLFSSL_DILITHIUM_NO_CTX.

Sensitive memory buffers in the ML-DSA implementation are now zeroized to prevent leakage of cryptographic material.

Private key validation checks added for Ed25519, Ed448, ML-DSA, and ML-KEM operations.

Buffer size and callback validation added to wc_LmsKey_Sign.

Fixed out-of-bounds shift and undefined behavior issues in ML-DSA and SLH-DSA implementations.

TLS and DTLS Improvements

Fixed DTLS 1.3 ServerHello to comply with the specification by not echoing legacy_session_id.

Fixed TLS 1.3 server to correctly reject mismatched ciphersuites in second ClientHello after HelloRetryRequest.

Resolved multiple correctness issues in DTLS 1.3 and TLS 1.3 including missing bounds checks, PSK identity buffer overreads, and resource leaks.

HPKE implementation fixes and refactoring with tests for all 24 algorithm combination variants.

Hardware and Embedded Ports

SE050 hardware security module integration fixes for RSA-PSS and persistent key slot management.

Broad correctness improvements across Espressif, Renesas, Silicon Labs, NXP, STM32, TI, Xilinx, and other hardware targets.

Fixed buffer overflows, key material exposure, mutex leaks, and logic errors across hardware crypto backends.

Rust Wrapper

Released version 1.2.0 of the wolfssl-wolfcrypt Rust crate.

Updated build script to support cross-compiling and bare-metal targets including RISC-V architectures.

Get the Update
We recommend all wolfSSL users update to version 5.9.1. Dive into the full ChangeLog for a complete list of changes.

Download wolfSSL 5.9.1

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

2026-04-14 14:03:46

We are excited to announce the release of wolfIP 1.0.0, the first public release of wolfSSL’s lightweight TCP/IP stack for embedded, real-time, and safety-critical systems. wolfIP is built around a simple idea: networking behavior should be defined before runtime, not discovered during it. With no dynamic memory allocation, fixed socket tables, pre-allocated packet buffers, and a deterministic execution model, wolfIP gives developers a compact and analyzable network stack for systems where predictability matters. Version 1.0.0 is listed on the official wolfIP product page and changelog dated March 31, 2026.

Why wolfIP
Traditional TCP/IP stacks often bring in dynamic allocation, background processing, and broader feature sets than many embedded endpoints actually need. That flexibility can be useful in general-purpose systems, but it also makes worst-case timing, memory usage, and verification harder to bound. wolfIP takes a different approach. It is designed as a tiny, deterministic stack with compile-time configured resources, a fixed socket count, static RX/TX packet buffers, and no hidden runtime allocation. That makes it a strong fit for constrained devices, controlled deployments, and projects with demanding review, testing, or certification workflows.

What is included in 1.0.0
The 1.0.0 release delivers a solid IPv4 networking foundation for embedded endpoints. Core support includes Ethernet II, ARP, IPv4, ICMP, UDP, TCP, DHCP client, and DNS client, along with modern TCP capabilities such as MSS, timestamps, PAWS, window scaling, retransmission timeout handling, SACK, slow start, congestion avoidance, and fast retransmit. wolfIP 1.0.0 also includes HTTP/HTTPS server support, IPsec ESP transport mode, IP filtering with wolfSentry integration, native wolfGuard support, and optional IPv4 forwarding for multi-interface builds.

That combination is important because it gives developers more than just a packet pipe. wolfIP 1.0 starts with the network services many connected devices actually need, then adds security-focused integration points across the wolfSSL ecosystem. Developers can combine wolfIP with wolfSSL for TLS 1.3-protected applications, wolfSentry for filtering and policy enforcement, and wolfGuard where a tightly integrated secure tunnel model is needed. For teams building secure connected products, that means a more cohesive networking and security story from a single vendor and codebase family.

Small footprint, practical deployment model
wolfIP is positioned as a small embedded-first stack, and the official product material describes the core as roughly 4× smaller than lwIP’s core. Just as important, wolfIP’s architecture is intentionally narrow and easier to analyze: deterministic memory usage by default, fixed compile-time resources, and an endpoint-focused design rather than a broad general-purpose routing stack. For organizations thinking about code review effort, qualification scope, or long-term maintenance, reducing moving parts matters.

From POSIX testing to embedded targets
One of the most useful aspects of wolfIP 1.0 is its portability across development and deployment environments. The release includes integration layers for wolfSSL, wolfSSH, wolfMQTT, a POSIX LD_PRELOAD socket interception path via libwolfip.so, and a FreeRTOS BSD socket wrapper. The repo also documents host-side testing through TAP-style interfaces and lists host link driver support for Linux TAP/TUN, Darwin utun, FreeBSD TAP, and VDE2, alongside embedded ports for targets including STM32H753ZI, STM32H563, STM32N6, VA416xx, and Raspberry Pi Pico USB networking demos. That is a practical release story: developers can exercise the stack on desktop-class environments, then carry the same architecture into embedded deployment.

Built to Work Naturally with wolfSSL
wolfIP is especially compelling when paired with the rest of the wolfSSL portfolio. The product page highlights seamless TLS 1.3 integration with wolfSSL, and the repository documents HTTPS server support with wolfSSL TLS backing. For engineering teams that already trust wolfSSL in embedded and RTOS environments, wolfIP extends that same design philosophy down into the transport layer: compact code, explicit resource control, and predictable behavior. Instead of stitching together unrelated networking and crypto components, developers can build on a tightly aligned stack designed for constrained and security-conscious systems.

Available Now
wolfIP 1.0.0 is available now under the GPLv3 open source license. If you are building connected embedded devices and need a TCP/IP stack with bounded memory usage, deterministic behavior, and straightforward integration with wolfSSL security products, wolfIP is well worth a look. Download the latest release, review the changelog, and contact us to discuss commercial licensing, support, or how wolfIP fits into your next embedded networking design.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-03-23 12:18:48

We are excited to announce the release of wolfMQTT v2.0.0, a major milestone that introduces a brand-new lightweight MQTT broker as its headline feature. This release represents a significant evolution of the wolfMQTT library, expanding it from a client-only library into a complete MQTT solution for embedded systems, IoT gateways, and edge computing applications.

Lightweight MQTT Broker
The centerpiece of wolfMQTT v2.0.0 is a fully featured, production-ready MQTT broker built right into the library. Designed with the same embedded-first philosophy that drives all wolfSSL products, the broker delivers a rich feature set while maintaining a small footprint suitable for resource-constrained environments.

Broker Highlights

Full MQTT v3.1.1 and v5 Protocol Support — The broker handles both protocol versions, ensuring compatibility with a wide range of MQTT clients and devices.

Retained Messages — The broker stores retained messages and automatically delivers them to new subscribers matching the topic filter. Message expiry intervals (MQTT v5) are supported, and retained messages can be cleared by publishing an empty payload with the retain flag set.

Session Persistence — When clients connect with clean_session=0, subscriptions are preserved across disconnections. Reconnecting clients with the same client ID will have their previous subscriptions restored automatically.

QoS 0, 1, and 2 — Full quality-of-service support with proper packet ID management, effective QoS calculation (minimum of publish QoS and subscription QoS), and complete PUBREC/PUBREL/PUBCOMP handling for QoS 2 flows.

Last Will and Testament (LWT) — Clients can register will messages that are published automatically upon unexpected disconnection. The broker supports will delay intervals (MQTT v5) and will retain flags.

Wildcard Topic Matching — Full support for MQTT single-level (+) and multi-level (#) wildcard subscriptions, with proper handling of $-prefixed system topics per the MQTT specification.

Authentication — Username/password authentication with constant-time string comparison to prevent timing attacks. Credentials are securely wiped from memory using wc_ForceZero().

TLS and Dual-Port Listening
The broker supports simultaneous plain-text and TLS-encrypted listeners on separate ports (default 1883 and 8883). TLS configuration includes support for TLS 1.2 and 1.3, server certificates, and mutual TLS authentication with client certificate verification. A TLS-only mode is also available for environments that require encrypted connections exclusively.

WebSocket Transport
wolfMQTT v2.0.0 adds WebSocket transport support to the broker, enabling browser-based and web clients to connect using MQTT over WebSockets. This opens up new use cases for real-time dashboards, web-based device management, and hybrid IoT architectures.

wolfIP Integration
For deeply embedded systems, the broker integrates with wolfIP, wolfSSL’s lightweight embedded TCP/IP stack. This combination allows wolfMQTT to run on bare-metal systems without a full operating system or third-party networking stack. The broker provides a cooperative MqttBroker_Step() API for single-iteration execution, making it ideal for super-loop and RTOS-based embedded architectures.

Designed for Embedded Systems
The broker was built with embedded constraints in mind:

Static Memory Mode — Pre-allocated arrays eliminate the need for dynamic memory allocation, with configurable limits for clients, subscriptions, retained messages, and buffer sizes.

Dynamic Allocation Mode — For systems with more resources, dynamic allocation provides flexible sizing.

Pluggable Network Backend — A callback-based network abstraction supports POSIX sockets, wolfIP, and custom implementations.

Two Execution Models — Choose between a blocking MqttBroker_Run() main loop or a non-blocking MqttBroker_Step() for cooperative multitasking.

Easy to Configure
The broker includes a command-line interface for quick setup:

-p       Plain port (default: 1883)
-s       TLS port (default: 8883)
-t             Enable TLS support
-V        TLS version (12 or 13)
-c       Server certificate (PEM)
-K       Server private key (PEM)
-A       CA certificate for mutual TLS
-u       Username for authentication
-P       Password for authentication
-w       WebSocket listen port
-v      Log level: 1=error, 2=info, 3=debug

Build-time configuration is equally flexible, with granular feature toggles:

--enable-broker                    # Enable broker
--disable-broker-retained          # Disable retained messages
--disable-broker-will              # Disable LWT support
--disable-broker-wildcards         # Disable wildcard subscriptions
--disable-broker-auth              # Disable authentication
--disable-broker-insecure          # Disable plain-text listener

Security Hardening
This release includes significant security improvements across the entire library:

Added overflow checks in network and socket IO

Added validation checks for negative return values in decode functions

Added encoding error checks throughout the packet processing pipeline

Added remaining length validation

Static analysis fixes across MQTT and MQTT-SN code paths

Added a debug warning when using VERIFY_NONE for TLS

Race condition fix in wm_SemLock

Fuzzing Infrastructure

wolfMQTT v2.0.0 introduces a libFuzzer-based fuzzing infrastructure for the broker, enabling automated discovery of edge cases and potential security issues. This infrastructure was used during development to identify and fix multiple issues before release.

Additional Improvements

wolfIP Client Support — In addition to the broker, wolfIP support has been added for the MQTT client, enabling client connections on bare-metal embedded systems.

lastError Field — A new lastError field in the network context preserves TLS error codes for improved diagnostics.

Bug Fixes — Numerous fixes for MQTT-SN encode/decode, wildcard matching, LWT handling, curl transport, and more.

CI Enhancements — New CI workflows for codespell, multi-compiler testing, and sanitizer tests, plus expanded broker edge case testing.

About wolfMQTT
The wolfMQTT library is a client and broker implementation of the MQTT protocol, written in C and optimized for embedded and RTOS environments. It supports MQTT v3.1.1 and v5, MQTT Sensor Network (MQTT-SN), TLS encryption via wolfSSL, QoS levels 0–2, and a wide range of platforms including FreeRTOS, ThreadX/NetX, Zephyr, ChibiOS, MQX/RTCS, Harmony, and more.\

Download
wolfMQTT v2.0.0 is available now:
GitHub — Show us some love and give the wolfMQTT project a Star!
wolfSSL Downloads

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-03-23 11:50:15

We are excited to announce that wolfSSL version 5.9.0 is now available! wolfSSL 5.9.0 brings a strong focus on advancing post-quantum cryptography support, an expanded Rust wrapper, new hardware platform integrations, and a number of security vulnerability fixes.

Security Fixes
wolfSSL 5.9.0 includes fixes for 15 security vulnerabilities spanning a range of severity levels, covering areas including CRL parsing, TLS 1.3 ECH extension handling, ALPN parsing, PKCS7 encoding, the packet sniffer, and side channel hardening of post-quantum implementations on ARM Cortex-M. We would like to thank all external researchers who responsibly disclosed issues to us. For full details on each vulnerability please visit the wolfSSL Security Vulnerabilities page.

Post-Quantum Cryptography: SLH-DSA and More
Post-quantum cryptography continues to be a major area of focus in the security industry. In this release there is an addition of SLH-DSA (FIPS 205) — the Stateless Hash-Based Digital Signature Standard — rounding out wolfSSL’s coverage of all three NIST post-quantum digital signature standards alongside ML-DSA and FALCON.

SLH-DSA is a stateless, hash-based signature scheme that provides strong security guarantees without relying on the hardness of lattice problems. It offers an alternative signature foundation for deployments that want to diversify their post-quantum strategy beyond lattice-based approaches. With this addition wolfSSL now supports the full NIST PQC signature portfolio: ML-DSA (FIPS 204), FALCON, and SLH-DSA (FIPS 205), as well as the stateful hash-based schemes LMS/HSS and XMSS/XMSS^MT for specialized use cases.

Beyond SLH-DSA, this release also brings a range of improvements across the existing PQC stack:

ML-DSA improvements — Several bug fixes including a fix for ML-DSA verification when using WOLFSSL_DILITHIUM_SMALL, improved no-malloc build support, and PKCS#11 integration for ML-DSA key operations.

ML-KEM improvements — Bug fixes and hardening across no-malloc builds, static memory handling, DTLS 1.3 cookie and ClientHello fragment handling, and expanded hybrid/individual ML-KEM level test coverage.

Fault injection hardening for PQC on Cortex-M — New protection for ML-KEM and ML-DSA implementations on ARM Cortex-M, specifically guarding against fault injection attacks targeting Keccak-based seed expansion.

General WOLFSSL_NO_MALLOC PQC support — Broader no-malloc improvements make PQC algorithms more accessible in deeply embedded environments.

SLH-DSA and FALCON key-type detection fixes — Corrected the key variant identification logic in both the SLH-DSA (SPHINCS+) and FALCON signature algorithm implementations.

New Features

OCSP Responder API — wolfSSL can now act as an OCSP responder. A new API and supporting infrastructure have been added to serve certificate status responses, enabling wolfSSL to be used in PKI infrastructure roles beyond the TLS client and server. (PR 9761)

AES CryptoCB Key Import — Added AES key import support via the crypto callback interface, making it easier to use externally managed AES keys through wolfSSL’s callback framework. (PR 9658)

RNG Bank Facility — New wc_rng_new_bankref() API allows multiple wolfCrypt contexts to share a seeded RNG pool, reducing the overhead of repeated seeding at runtime — particularly useful in resource-constrained embedded systems. (PR 9616)

Rust Wrapper Expansion
The wolfSSL Rust wrapper received significant expansion in this release, gaining FIPS support and coverage for a large number of new cryptographic primitives. New modules were added for Dilithium/ML-DSA, ChaCha20-Poly1305, Curve25519, BLAKE2, LMS, and ML-KEM. Improvements were also made for RSA, ECC, HASH-DRBG, HMAC-BLAKE2, and XChaCha20-Poly1305, along with support for optional heap and device ID parameters and conditional compilation based on underlying C build options.

TLS/DTLS Improvements
TLS 1.3 now supports Brainpool curves for key exchange (PR 9701). DTLS retransmission handling has been improved and TLS message order checking has been hardened on both client and server sides. The MAC and hash comparisons in the TLS 1.3 and TLS 1.2 Finished messages were also strengthened. Additional improvements include an extended AIA (Authority Information Access) interface, better ECH (Encrypted Client Hello) handling, and a range of smaller robustness fixes across fragmentation, session ticket lifetime validation, and QUIC transport parameter handling.

Kernel Module Updates
The Linux kernel module received various fixes and enhancements for Tegra kernels, including support for offline FIPS hash calculation. The FreeBSD kernel module gained both FIPS support and x86 hardware crypto acceleration in this release, broadening wolfCrypt’s kernel-mode footprint across operating environments.

Ports and Hardware Integration
New platform support in 5.9.0 includes the Renesas SK-S7G2 board, STM32 HMAC hardware acceleration, and STM32G0 hardware crypto. Various Thumb2 AES and SP assembly optimizations were added or fixed, and Zephyr 4.1+ compatibility was added for the wolfssl_tls_sock sample application.

PKCS Improvements
This release adds PKCS7 ECC raw sign callback support, RSA-PSS support for SignedData, and RSA-PSS certificate support for PKCS7 EnvelopedData KTRI. Several PKCS7 parsing fixes were also included, along with expanded ML-DSA support via PKCS#11.

Testing and CI Improvements
Test coverage was expanded with a particular focus on PQC and CMake builds. The CI test matrix grew to include rng-tools 6.17, openldap 2.6.9, and bind 9.20.11. A new TLS Anvil interoperability test workflow was added, and a stateful port-tracking mechanism was implemented to eliminate test port collisions during high-concurrency CI runs.

For a full list of fixes and optimizations, check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have any questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-01-23 14:56:04

wolfCrypt JNI/JCE 1.9.0 is now available for download! This release contains a number of bug fixes and expands the Java Cryptography Extension (JCE) footprint, introducing new algorithms, cipher modes, and capabilities.

wolfCrypt JNI/JCE allows for use of the native wolfCrypt cryptography library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfCrypt, or the JCE provider (wolfJCE) can be registered as a Java Security provider for integration underneath the Java Cryptography API. wolfCrypt JNI/JCE can also support running on top of the wolfCrypt FIPS 140-3 validated cryptography module.

Highlights from this release are below. See ChangeLog.md for a full list.

New JCE Functionality:
This release adds support for several cryptographic primitives and classes:

Add KeyGenerator implementation (AES, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512) (PR 98)

Add SHA-224 support to MessageDigest, Mac, Signature, KeyGenerator (PR 104)

Add SHA-3 support to MessageDigest, Mac, Signature (PR 103)

Add utility method to convert JKS/PKCS12 KeyStore to WKS type (PR 108)

Add more AES mode support to Cipher class (PR 129, 163, 173):
- AES/CCM/NoPadding
- AES/CTR/NoPadding
- AES/ECB/NoPadding
- AES/ECB/PKCS5Padding
- AES/OFB/NoPadding
- AES/CTS/NoPadding

Add AESCMAC (AES-CMAC), AESGMAC (AES-GMAC) to Mac class (PR 129)

Add RSA-PSS support to Signature class (PR 131):
- RSASSA-PSS
- SHA224withRSA/PSS
- SHA256withRSA/PSS
- SHA384withRSA/PSS
- SHA512withRSA/PSS

Add Cipher.engineGetParameters() support (PR 140)

Add Cipher generic “AES” type support (PR 142)

Add AES and GCM support to AlgorithmParameters class (PR 144)

Add HmacSHA3 support to KeyGenerator class (PR 150):
- HmacSHA3-224
- HmacSHA3-256
- HmacSHA3-384
- HmacSHA3-512

Add toString() to WolfCryptRandom, used when printing SecureRandom object (PR 154)

Add additional ECC algorithm OIDs to Signature and KeyPairGenerator classes (PR 158)

Add EC KeyFactory support (PR 159)

Add P1363 ECDSA signature formats to Signature class (PR 160)

Add DH support to AlgorithmParameter, AlgorithmParameterGenerator, and KeyFactory classes (PR 161)

Add AES and 3DES support to SecretKeyFactory and SecretKey classes (PR 164)

Add additional AES and Hmac algorithm aliases to Cipher and Mac classes (PR 166)

Add Java ServiceLoader support for wolfJCE provider for Java Module System (JPMS) compatibility (PR 167)

Add RSA KeyFactory support (PR 169)

Add MessageDigest OID alias values for SHA-224/256/384/512 (PR 170)

Add PSS parameter encoding support in WolfCryptPSSParameters class (PR 175)

Add engineProbe() implementation to WolfSSLKeyStore (PR 178)

Add optional KEK caching to WolfSSLKeyStore for performance (PR 176)

Add RSASSA-PSS key support to WolfSSLKeyStore (PR 180)

Stability and Logic Improvements
Beyond new features, version 1.9.0 includes fixes and improvements related to dynamic JNI value retrieval, build issues with older wolfSSL and wolfCrypt FIPS 140-2/140-3 packages, exception handling, PKCS#7 pad/unpad, AES-GCM edge cases, input validation, default value sizes, synchronization, and more!

Modernized Debugging & Testing
To make integration easier for developers with fewer dependencies, version 1.9.0 switches to using the standard Java Logging (java.util.logging) framework for debug logs and uses the Java Instant.ofEpochMilli() for timestamps instead of java.sql.Timestamp.

Improved Testing and CI Coverage
CI coverage has been expanded to include the following additional pull request tests. JUnit test output has also been modified to include the time taken per test.

AddressSanitizer (-fsanitize=address)

Clang scan-build static analysis

Visual Studio Windows builds

Android emulator unit test runs

Builds against the last 5 stable wolfSSL versions for backwards compatibility testing

wolfCrypt JNI/JCE 1.9.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-01-19 11:25:42

wolfSSL JNI/JSSE 1.16.0 is now available for download! This release contains a number of bug fixes and changes to the JNI and JSSE layers.

wolfSSL JNI/JSSE allows for use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptographic module.

Highlights from this release are below. See ChangeLog.md for a full list.

Java System and Security Property Support:
This release improves alignment with Java JSSE behavior and improves drop-in compatibility for applications migrating from other JSSE providers.

New wolfjsse.autoSNI security property for controlling automatic SNI behavior with automatic SNI configuration for HttpsURLConnection

Partial support for jdk.tls.client.SignatureSchemes and jdk.tls.server.SignatureSchemes

Java Module System (JPMS) compatibility via ServiceLoader support

Added X509Certificate getSubjectX500Principal() and getIssuerX500Principal() implementations

Added Android non-standard checkServerTrusted() in X509TrustManager

DTLS 1.3 and Session Enhancements
This release adds DTLS 1.3 support in SSLContext and SSLEngine classes, along with:

DTLS Connection ID (CID) support

New DTLS 1.3 example client and server applications

Session serialization and persistence support via wrapped native APIs

These enhancements enable secure datagram-based applications with session resumption.

Performance Improvements
Several changes focus on reducing overhead in high-throughput and highly concurrent environments:

20–30% SSLEngine send/receive performance improvement

Reduced synchronization and contention in JSSE components

Cached system and security properties to avoid repeated lookups

ByteBuffer pooling and improved ByteBuffer handling in JNI paths

Cached KeyStore entries for improved scalability under load

Correctness, Stability, and Security Fixes

Fixes for potential use-after-free conditions and memory leaks

Improved protection of native WOLFSSL sessions during concurrent I/O

Correct certificate chain ordering and improved handling of cross-signed certificates

Enhanced SNI handling for session resumption and server-side matching

Improved ALPN handling, including non-ASCII protocol names

Expanded X.509 API coverage, including Extended Key Usage and X500 principals

Added support for honoring client cipher suite preference ordering

Rename wolfCrypt JNI helper classes to avoid namespace conflicts with wolfcrypt-jni

Improved Debugging, Testing, and CI Coverage
Debug logging now uses Java’s standard logging framework (java.util.logging) with improved timestamps. CI coverage has also been expanded to include GitHub Actions for:

AddressSanitizer (-fsanitize=address)

Clang scan-build static analysis

Windows (Visual Studio) builds

Android emulator unit tests

ARM (--enable-armasm) builds

Compatibility testing against the last five stable wolfSSL releases

wolfSSL JNI/JSSE 1.16.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2026-01-12 16:38:51

Look at that! wolfSSH had another release. New year, new version. Welcome to wolfSSH v1.4.22. This is mainly a bug fix release. We’ve improved interoperability with other implementations of SSH. We’ve improved the build process with several IDEs, Zephyr, and LwIP. We also added an SFTP client example for the Renesas RX72N platform.

There is also a critical vulnerability; please refer to CVE-2025-14942. The handshaking state machine can be manipulated to leak the user’s password in the clear or to release a bogus signature. Also, user authentication may be bypassed. This has been fixed with improved message checking. There are no known specific attacks, but it is recommended to upgrade.

There is also a medium vulnerability; please refer to CVE-2025-15382. When cleaning up a file path in SCP and with SFTP, there is the potential for the code to read off the end of the file path by one byte.

Please see the attached change log for more information.

Vulnerabilities

[Critical] CVE-2025-14942. wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report. (PR 855)

[Medium] CVE-2025-15382. The function used to clean up a path string may read one byte off the end of the bounds of the string. The function is used by the SCP handling in wolfSSH. This affects server applications with wolfSSH versions 1.4.12 through 1.4.21, inclusive. Thanks to Luigino Camastra from Aisle Research for the report. (PR 859)

New Features

Added a complete SFTP client example for the Renesas RX72N platform. (PR 847)

Enabled TSIP support and provided cleaned-up configuration headers for the RX72N example. (PR 847)

Added FIPS-enabled build configurations to the Visual Studio project files. (PR 851)

Added documentation describing how to build and use the new FIPS Visual Studio configurations. (PR 851)

Introduced regression tests covering SSH agent signing, including error paths and successful operation. (PR 856)

Added regression tests that explicitly exercise WANT_READ / WANT_WRITE paths to guard against deadlocks. (PR 856)

Improvements

Refactored SSH string parsing by unifying GetString() and GetStringAlloc() around GetStringRef(), simplifying maintenance and reducing duplication. (PR 857)

Enhanced SSH message-order validation by introducing explicit expected-message tracking and clearer message ID range macros. (PR 855)

Improved server-side out-of-order message checking to align behavior with the stricter client implementation. (PR 855)

Improved worker thread behavior under window backpressure by prioritizing receive handling, preventing stalls with small-window SFTP clients. (PR 856)

Hardened SSH agent handling logic by validating response types, tracking message IDs, and enforcing strict buffer size limits. (PR 845)

Improved SCP path handling by canonicalizing client-supplied base paths before filesystem access. (PR 845)

Improved portability by replacing non-standard includes with standard . (PR 852)

Reduced logging overhead by defining WLOG as a no-op when debugging is disabled. (PR 839)

Updated documentation to better reflect current features, examples, and build options. (PR 851)

Fixes

Fix off-by-1 read error when cleaning the file path for SCP. (PR 859)

Fixed incorrect handling of zero-length SSH strings in packet parsing. (PR 857)

Fixed a worker-thread deadlock caused by blocked sends preventing window-adjust processing. (PR 856)

Fixed a double-free crash and eliminated a socket-close spin loop under error conditions. (PR 855)

Fixed uninitialized authentication data that could lead to undefined behavior during authentication. (PR 854)

Fixed SFTP connection interoperability issues discovered through cross-implementation testing. SFTP fix for init to handle channel data which resolves a potential interoperability SFTP connection issue. (PR 846)

Fixed SCP receive handling to reject traversal filenames containing path separators or “dot” components. (PR 845)

Fixed missing declaration of wc_SSH_KDF that caused build failures under strict compiler warnings. (PR 848)

Fixed SSH agent test setup so regression tests exercise the intended code paths. (PR 845)

Excluded a standalone regression test from Zephyr builds where it was incompatible with the Zephyr test model. (PR 855)

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now

2025-12-15 17:13:01

The wolfSSL team is pleased to announce the release of wolfBoot 2.7.0, the latest version of our portable secure bootloader for embedded systems. This release focuses on three main areas:

Expanding hardware coverage to radiation-hardened platforms

Unifying and hardening TrustZone-M and dual-bank update flows

Making update state tracking and integration easier with filesystem and MTD-backed helpers

As always, the full changelog is available in the wolfBoot repository and on the github v2.7.0 release page.
_________________________________________________________________________________________________________

New Platform Support

Vorago VA416x0: Secure Boot in Radiation-Hardened Systems
See also our recent blog post about it

wolfBoot 2.7.0 adds full support for Vorago’s VA416x0 series (VA41620 / VA41630), bringing our secure boot and firmware update flow to radiation-hardened Cortex-M4 microcontrollers.

The new port includes:

A dedicated HAL implementation (hal/va416x0.c) integrated with the Vorago SDK

Example configuration (config/examples/vorago_va416x0.config) with ECC384/SHA384 as the default signing and hashing combination

Test application and factory image helpers that build wolfBoot, the test firmware, sign it, and assemble a flashable image for VA416x0 boards

On these devices, wolfBoot leverages the external SPI FRAM configuration and the board’s radiation-tolerant design to provide a robust secure boot chain for space and high-reliability applications, where authenticated updates and rollback-safe behavior are essential.

Nordic nRF5340 with TrustZone-M

Support for the Nordic nRF5340 dual-core SoC was introduced in earlier wolfBoot releases; version 2.7.0 extends this further with a dedicated TrustZone build and configuration for the application core.

Highlights include:

TrustZone-aware build options for the nRF5340 application core (Cortex-M33 with TrustZone)

Improved configuration for pairing secure and non-secure firmware images in a wolfBoot managed update flow

Combined with wolfBoot’s existing support for ML-DSA, LMS/XMSS, and hybrid authentication, this makes the nRF5340 a strong platform for post-quantum aware secure boot in IoT and wireless devices.
_________________________________________________________________________________________________________

Unified TrustZone-M and Dual-Bank Behavior
In 2.7.0, we’ve taken another step in making TrustZone-M support consistent across all ARMv8-M targets:

Unified TrustZone-M handling across supported ARMv8-M platforms, so you get the same high-level behavior on devices like STM32H5, RP2350, nRF5340, and others.

A TrustZone-aware dual-bank configuration, where redundant-slot updates respect secure/non-secure boundaries and provide better isolation between the running image and the candidate update.

For STM32H5 specifically, wolfBoot 2.7.0 brings:

An improved SPI driver path

Integration of TPM-based secure storage with updated TrustZone Non-Secure Callable (NSC) APIs

Multiple fixes for dual-bank and TPM-enabled builds to make them more predictable and robust during updates

The simulator target has also been updated with dual-bank flow and a new bank-swap test script, so you can validate redundant-slot update scenarios and rollback logic without touching hardware. Adding features to the simulated platform allows us to test more scenarios in CI.

On the RP2350 (Raspberry Pi Pico 2), wolfBoot now uses a RAM cache for flash writes, increasing robustness against partial writes and power faults during updates.

For Infineon AURIX TC3xx, we’ve moved away from an IDE-centric example to a cleaner HAL module integration, fixing UART and boot-flag handling along the way. This brings the TriCore port in line with other wolfBoot HAL-based targets.
_________________________________________________________________________________________________________

Filesystem-Backed and MTD-Backed Update State Management

A key theme in 2.7.0 is better visibility and control over boot partition state, especially when integrating wolfBoot into larger systems and CI pipelines.

library_fs target and CLI tools

wolfBoot now exposes filesystem-backed partition state access via the new library_fs target and a companion CLI application often referred to as lib-fs.

With this setup, you can:

Build libwolfboot as a library with a backend that maps partitions onto regular files

Use the CLI to query boot partitions, inspect active/inactive slots, and track which image is pending or confirmed

Trigger update operations and simulate swaps without hardware, which is ideal for automated testing and offline integration flows

This is particularly useful when you want to exercise wolfBoot’s state machine and update logic in a host-driven environment, for example, in a CI job that signs images and verifies that rollback and confirmation flows behave as expected.

MTD-backed update status in libwolfboot

For systems that use libwolfboot inside an OS and rely on raw flash / MTD devices, 2.7.0 introduces MTD-backed tracking of update status.

At a high level, this allows libwolfboot to:

Store update state directly on MTD-backed partitions, so progress and status survive resets

Integrate with standard MTD layers often found in Linux and RTOS-based designs (e.g. raw NOR/NAND layouts)

This makes it easier to build robust OTA flows where the application or an update agent interacts with libwolfboot to coordinate staged images and confirmation logic on raw flash devices.
_________________________________________________________________________________________________________

Build System, Tools, and Configuration Improvements

CMake presets and out-of-tree builds
Continuing the build system work from previous releases, wolfBoot 2.7.0 adds CMake presets, improves list handling, and further stabilizes out-of-tree builds, particularly for multi-target configurations.

The goal here is straightforward: make it easier for teams to:

Maintain a single CMake-based project that targets multiple boards or SoCs

Keep a clean source tree by building in separate directories

Automate builds in CI with reproducible preset configurations

Key tools and post-quantum test coverage
The key generation and signing tools have also been refined:

keygen --no-overwrite lets you protect existing key material by refusing to overwrite files, a small but important safety feature in production build pipelines.

Stricter checks on image header and sector size help catch misconfigurations earlier in the build process instead of at boot time.

Expanded ML-DSA test configurations improve coverage for post-quantum signatures, building on the PQC support introduced in earlier wolfBoot releases (ML-DSA, LMS, XMSS, and hybrids).

WOLFBOOT_RESTORE_CLOCK configuration

A new configuration option, WOLFBOOT_RESTORE_CLOCK, gives integrators more fine-grained control over clock behavior around the boot process. When enabled, the HAL can explicitly restore or adjust system clocks as part of its wake-up/exit path, improving compatibility with platforms that expect a particular clock tree configuration before the application starts.

This is especially useful on STM32 and Nordic devices where the clock configuration during boot ROM execution might differ from what the application expects.
_________________________________________________________________________________________________________

Security and Reliability Fixes
As usual, 2.7.0 includes important hardening and bug fixes across the code base:

Encrypted and delta updates
- Additional protection against IV reuse in encrypted update flows
- Fallback and regression fixes
- Expanded unit test coverage around encrypted and delta path handling

Flash and STM32 improvements
- Fixed SPI flash protocol edge cases and strengthened write verification
- Corrected STM32 internal flash page erase masks
- Multiple fixes in STM32H5 update paths, including dual-bank and TPM-enabled builds

PowerPC / NXP P1021
- Resolved stage1 and MMU build issues to keep the PowerPC port aligned with modern toolchains

Warning cleanup and quality-of-life improvements
- Cleanup of compiler warnings across several targets, including STM32WB55 PKA and non-TrustZone nRF5340 builds

These changes improve reliability across a wide range of configurations and reduce friction when enabling more advanced features like dual-bank updates, encrypted delivery, and TPM-based boot flows.
_________________________________________________________________________________________________________

Updated Module Versions
wolfBoot 2.7.0 aligns with the latest wolfSSL ecosystem components, pulling in updated versions of the underlying crypto and HSM libraries:

wolfSSL: v5.8.4-stable (59f4fa568)

wolfTPM: v2.4.0-594-g6d5df60

wolfPKCS11: v2.0.0-stable-33-g81af264

wolfHSM: v1.3.0 (8ac56d7)

By being in sync with the latest version of the components, wolfBoot benefits from the latest performance optimizations, algorithm updates, and security fixes shipped in the wolfSSL family.
_________________________________________________________________________________________________________

Getting wolfBoot 2.7.0 and Next Steps
wolfBoot 2.7.0 is available today:

Download the release package from the wolfSSL download page (select wolfBoot 2.7.0).

Clone the latest tag from the wolfBoot GitHub repository for direct source access and integration.

Refer to the updated documentation and docs/lib.md for details on the library/library_fs targets, libwolfboot integration, and example flows.

If you’d like help integrating wolfBoot 2.7.0 with your platform—whether it’s a Vorago VA416x0 design, a TrustZone-enabled MCU like nRF5340 or STM32H5, or an architecture such as PowerPC or x86—reach out to the wolfSSL team at facts@wolfssl.com. We’re happy to assist with design reviews, custom ports, and compliance-driven secure boot deployments.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call +1 425 245 8247.

Download wolfSSL Now

2025-12-09 09:57:53

wolfTPM 3.10.0 delivers a critical security fix, expanded embedded platform support, and enterprise-grade TPM resource management—empowering developers to build secure, scalable IoT and edge computing solutions with hardware-backed cryptography.

Password Handling Fix
A bug in the wolfTPM2_SetKeyAuthPassword() function introduced in v3.9.2 has been resolved. This API, primarily used by the C# wrapper, was incorrectly truncating passwords to 2 bytes.

Impact: Users of the wolfTPM2_SetKeyAuthPassword API or C# wrapper on v3.9.2

Resolution: Password handling now correctly stores the full authentication credential, with regression tests added

PR: #439

Note: If you are using this API or the C# wrapper with v3.9.2, we recommend updating.

Espressif ESP32 HAL Support
wolfTPM now natively supports ESP32-S3, ESP32-C6, and other ESP32 variants via SPI and I2C interfaces—bringing TPM 2.0 security to millions of IoT devices.

Key Features

Native ESP-IDF integration with pre-configured pin mappings

SPI speeds up to 22 MHz for high-performance cryptographic operations

I2C support for Infineon SLB9673 TPM modules

Hardware-backed key storage, secure boot, and device attestation

PR: #386

Enhanced CMake Build System & TPM Module Selection
Streamlined build configuration with new TPM hardware targeting:

Interface Options: SPI, I2C, MMIO, Linux devtpm, Windows TBS, Software TPM

cmake .. -DWOLFTPM_MODULE=slb9672 -DWOLFTPM_INTERFACE=DEVTPM

PR: #438, #430

Linux TPM Resource Manager Support
New support for /dev/tpmrm0 enables automatic TPM session virtualization and multi-process coordination.

Enable with: WOLFTPM_USE_TPMRM

| Feature | Raw Device (/dev/tpm0) | Resource Manager (/dev/tpmrm0) |
------------------------------------------------------------------------------------------------------------------------
| Multi-process access | Manual coordination | Automatic isolation |
------------------------------------------------------------------------------------------------------------------------
| Session management | Application handles | Kernel manages |
------------------------------------------------------------------------------------------------------------------------
| Cleanup on exit | Must be explicit | Automatic |
------------------------------------------------------------------------------------------------------------------------

PR: #435, #434

Additional Improvements

| Feature | PR |
-----------------------------------------------------------------------------------------------
| Fixed crypto callback hash algorithm selection | #433 |
-----------------------------------------------------------------------------------------------
| Improved signature verification hash detection | #432 |
-----------------------------------------------------------------------------------------------
| Improved TLS bidirectional shutdown | #431 |
-----------------------------------------------------------------------------------------------
| Coverity static analysis fixes | #441 |
-----------------------------------------------------------------------------------------------
| Added make cppcheck option | Various |
-----------------------------------------------------------------------------------------------

Why wolfTPM?

Portable: Runs on bare-metal RTOS, Linux, Windows, and macOS

Lightweight: Small footprint for resource-constrained embedded systems

Standards-compliant: Full TPM 2.0 specification support

Production-ready: Trusted by automotive, aerospace, and industrial customers

Open source: GPLv3 with commercial licensing available

Supported TPM Hardware
Infineon OPTIGA™ SLB9670/9672/9673 • STMicro ST33 • Microchip ATTPM20 • Nuvoton NPCT75x • Nations Tech Z32H330/NS350 • Software TPM simulators

Get Started

git clone https://github.com/wolfSSL/wolfTPM.git
cd wolfTPM && ./autogen.sh && ./configure && make

Resources

GitHub Repository

Full Changes

Documentation

Support

wolfTPM is developed by wolfSSL Inc., the leading provider of lightweight, portable security solutions for embedded systems, IoT, automotive, and enterprise applications.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 424 245 8247.

Download wolfSSL Now

2025-12-04 11:00:02

We are excited to announce the release of wolfMQTT v1.21.0, which introduces support for NetX and ThreadX RTOS platforms as its headline feature. This release continues our commitment to providing a lightweight, secure, and feature-rich MQTT client implementation for embedded systems and IoT applications.

What's New in v1.21.0
The wolfMQTT v1.21.0 release includes several significant enhancements:

NetX and ThreadX RTOS Support
The most notable addition in this release is support for NetX networking stack and ThreadX RTOS. This enables wolfMQTT to be used on a wider range of embedded platforms, particularly those using Azure RTOS (formerly ThreadX) environments. These additions make wolfMQTT an excellent choice for industrial IoT applications and real-time embedded systems.

License Update to GPLv3
Starting with this release, wolfMQTT is now available under the GPLv3 license. This update aligns wolfMQTT with the broader wolfSSL product family licensing model, providing clearer terms for open source usage while commercial licensing remains available for proprietary applications.

Security Improvements
This release includes important security enhancements:

Fixed a heap buffer overflow vulnerability in MqttDecode_Num with improved bounds checking

Enhanced MQTT v5 property-packet protocol validation and decode safety

Corrected state transition checks in MqttClient_Auth for more robust authentication handling

Post-Quantum Cryptography Updates
The ML-KEM hybrid key exchange names have been updated to match the latest IETF Draft specifications. This ensures compatibility with evolving post-quantum cryptography standards and maintains interoperability with other implementations following the IETF naming conventions.

ESP-IDF v5.5 Support
The Espressif ESP-IDF examples have been updated and pinned to ESP-IDF v5.5, ensuring compatibility with the latest Espressif development framework. This update also includes workflow improvements and line ending fixes for better cross-platform development.

Additional Improvements

Updated test certificates to replace expired ones

Restored instructions for testing against OQS Mosquitto integration

Added fflush to mqtt-sub example for improved output handling

Various bug fixes for MQTT property decode error checks

About wolfMQTT
wolfMQTT is a lightweight, embedded MQTT client implementation written in C that supports SSL/TLS via the wolfSSL library. It was built from the ground up to be multi-platform, space conscious, and extensible. The library supports:

MQTT v3.1.1 and v5.0 protocols

MQTT-SN (MQTT for Sensor Networks)

Quality of Service (QoS) levels 0-2

TLS encryption via wolfSSL

Non-blocking communications

Multithreading for parallel operations

Integration with popular IoT platforms (AWS IoT, Azure IoT Hub, IBM Watson IoT)

Getting wolfMQTT v1.21.0
The wolfMQTT v1.21.0 release is available now on our download page and GitHub.

Release 1.21.0 has been developed according to wolfSSL's development and QA process and successfully passed the quality criteria.

Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.

While you're there, show us some love and give the wolfMQTT project a Star!

You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

2025-11-21 15:26:16

wolfSSL 5.8.4 introduces several updates, including the addition of a GPLv3 exceptions list. This allows specific GPLv3-licensed codebases linking against wolfSSL to continue using wolfSSL under GPLv2.

Current GPLv3 Exception:

MariaDB Server

MariaDB Client Libraries

OpenVPN-NL

Fetchmail

OpenVPN

Security Fixes

This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include:

A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default for Xtensa.

A medium-severity TLS 1.3 server-side DoS risk from repeated KeyShareEntry values in malicious ClientHello messages.

Several TLS 1.3 downgrade-related issues (PFS downgrades, signature algorithm downgrades, and duplicate extension parsing).

A memory leak risk in TLS 1.2 certificate digest handling.

XChaCha20-Poly1305 decryption bounds-check fix and constant-time improvements in PSK binder verification.

Special thanks to Adrian Cinal, Jaehun Lee, and Kyungmin Bae (POSTECH), Luigino Camastra (Aisle Research), and all researchers who contributed.

New Features

This release includes focused improvements and additions:

ML-KEM / ML-DSA: new APIs, PKCS8 seed/import support, and improved key management.

FreeBSD kernel module: initial support for wolfCrypt in the FreeBSD kernel.

PKCS7/CMS: expanded decoding capabilities, additional callbacks, and more flexible builds.

Rust wrapper enhancements: broader algorithm coverage, optional heap/dev_id support, and conditional compilation based on C build options.

Hardware platform updates: STM32 and PSoC6 improvements, including STM32U5 SAES support.

New –enable-curl=tiny option for smaller cURL-linked builds.

Improvements & Optimizations

Key improvements include:

Broader and more consistent testing across TLS 1.3/1.2, libssh2, Arduino, ESP-IDF, and nightly workflows.

Documentation updates, expanded crypto-callback support, and improved AES/HW offload functionality.

ESP32, Renesas FSP/RA, and SGX build enhancements.

Build-system refinements across Autotools, CMake, Apple platforms, and Debian packaging.

RISC-V and PPC32 assembly introspection helpers and benchmarking updates.

Bug Fixes

Notable fixes:

C# wrapper correction for Ed25519 raw public-key import.

Sniffer stability fixes and X.509 path-length and certificate-chain improvements.

DTLS ordering, cookie handling, and replay protection updates.

Kernel-mode, FIPS, and PIE-related build fixes.

ML-KEM/ML-DSA correctness and safety fixes.

Various static-analysis, warning cleanup, memory-management, and undefined-behavior fixes.

For a more detailed list of changes, check out the ChangeLog.md bundled with wolfSSL. To download the latest release, go to the download page. For any questions, reach out to us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2025-11-04 14:20:57

wolfSSL is proud to announce the release of wolfProvider 1.1.0. This major release represents a significant milestone in our commitment to providing robust OpenSSL 3.x compatibility with FIPS 140-3 validated cryptography. wolfProvider 1.1.0 has been developed according to wolfSSL’s rigorous development and QA process and has successfully passed our quality criteria.

wolfProvider is designed for customers who want FIPS-validated cryptography but are already invested in using OpenSSL. The provider delivers drop-in replacements for cryptographic algorithms used by OpenSSL, leveraging the wolfCrypt engine underneath, which is FIPS 140-3 certified.

New Cryptographic Features
This release introduces several important cryptographic capabilities:

KBKDF (Key-Based Key Derivation Function): Implementation of NIST SP 800-108 key derivation for secure key generation from existing key material.

KRB5KDF (Kerberos 5 Key Derivation Function): Support for Kerberos cryptographic operations, enabling enterprise authentication scenarios.

AES-CTS (Ciphertext Stealing): Additional AES cipher mode for applications requiring specific padding behavior.

RSA No-Padding Operations: Raw RSA encrypt/decrypt operations for applications with custom padding schemes.

Replace-Default Provider Mode
A groundbreaking feature in this release is the ability to replace OpenSSL’s default provider entirely with wolfProvider. This mode makes wolfProvider the primary cryptographic implementation system-wide, allowing existing OpenSSL applications to transparently use wolfSSL’s FIPS-validated cryptography without any code modifications. This feature includes comprehensive testing to ensure the default swap works as expected across various scenarios.

Enhanced Testing and Quality Assurance
wolfProvider 1.1.0 significantly expands our integration testing with real-world open-source applications. We’ve added automated CI/CD workflows for over 40 popular applications, ensuring wolfProvider works seamlessly with:

Network Infrastructure: gRPC, OpenSSH, libssh2, OpenSC/PKCS11, OpenLDAP, IPMItool, Stunnel, socat, SSSD, net-snmp, liboauth2, tnftp, systemd, X11VNC, sscep, TPM2 tools, libcryptsetup, libtss2, KRB5, bind9, hostap
Development Tools: Python3 NTP, libeac, xmlsec, Qt5 Network, rsync, libwebsockets, tcpdump, cjose, iperf, libfido2, ppp, pam-pkcs11, kmod, libnice

This extensive testing demonstrates wolfProvider’s production-readiness and compatibility with the broader OpenSSL ecosystem.

Command-Line Integration
New command-line integration tests validate wolfProvider’s compatibility with OpenSSL command-line tools for AES, RSA, RSA-PSS, Hash, and ECC operations. This ensures that scripts and automation tools using OpenSSL commands work correctly with wolfProvider.

Debian Package Support
This release includes comprehensive Debian packaging support, making deployment on Debian-based systems straightforward. The packaging includes proper dependency management and integration with the system OpenSSL configurations.

Bug Fixes and Stability Improvements
wolfProvider 1.1.0 includes over 100 bug fixes addressing issues across all cryptographic operations:
AES Improvements: Fixed AES-GCM streaming bugs, authentication tag handling, IV management, and CBC consecutive call handling.
RSA Enhancements: Resolved RSA PSS decoding issues, key import edge cases, keygen retry logic, certificate display formatting, and parameter handling.
ECC Fixes: Corrected public key validation, parameter handling, private key operations, signing restrictions, and encoding issues.
DH Corrections: Fixed FIPS build compatibility, parameter handling, private key operations, and decoder registrations.
General Stability: Improved locking around signature operations, NULL reinit handling, core libctx management, and OpenSSL patching detection.

Looking Forward
wolfProvider 1.1.0 represents a major step forward in providing FIPS-validated cryptography to the OpenSSL ecosystem. The extensive integration testing, new cryptographic features, and replace-default mode make this release suitable for production deployment in enterprise environments requiring FIPS compliance.

Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a complete list of changes in each release.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2025-10-23 15:35:32

Version 1.4.21 of wolfSSH is now available! This update includes a critical security fix, improved interoperability, and enhancements for embedded and hardware-backed key use cases.

Security Updates
This release addresses two security issues:

CVE-2025-11625: Fixed a client-side host verification bypass that could expose credentials. (PR#840)

CVE-2025-11624: Fixed an SFTP server stack overflow triggered by malformed input. Thanks to Stanislav Fort of Aisle Research for the report

Feature Additions

TPM key authentication for hardware-based identity protection.

ED25519 key generation support added to the API.

Curve25519 alias compatibility with curve25519-sha256@libssh.org for improved interoperability.

Keyboard-interactive authentication can now be enabled at build time (--enable-keyboard-interactive).

AES-CBC is now disabled by default, shifting focus toward stronger default cipher suites.

Added Microchip ATSAMV71Q21B example with harmony filesystem integration.

This version refines FATFS support, enhances user authentication handling, and improves SFTP and rekeying operations. Post quantum hybrid support was also touched up along with numerous Coverity findings, warning cleanups, and minor API consistency fixes.

Users of the wolfSSH client code or SFTP server should upgrade, particularly those relying on host verification.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

2025-08-18 10:19:56

The wolfSSL team has released version 2.6.0 of wolfBoot, the lightweight and portable secure bootloader for embedded systems. This update expands platform coverage, improves support for external memory layouts, and adds key performance optimizations for a range of architectures. It also includes critical fixes and brings updated module integration across the wolfSSL ecosystem.

New Platform Support
PIC32CZ CA (Cortex-M7) and PIC32CK (Cortex-M33) devices from Microchip are now supported. The PIC32CZ family targets high-performance secure connected applications with integrated HSM and extended memory. The PIC32CK line brings TrustZone support for secure partitioning on Armv8-M systems. wolfBoot can now provide verified secure boot and firmware updates across both families.

External Flash Support with ELF Scattering
wolfBoot now supports external flash configurations when using ELF scattering mode. This enables firmware sections to be distributed between internal and external flash, useful in scenarios where internal flash is limited or where larger applications are split across multiple memory regions.

Encrypted Updates on Renesas RX
Encrypted firmware updates are now supported for the Renesas RX family. When paired with Renesas TSIP (Trusted Secure IP), wolfBoot can handle encrypted update packages, with decryption performed securely on-chip using hardware-managed keys. This provides strong protection for sensitive firmware in the field.

PowerPC 32-bit Optimizations
New assembly-level optimizations for SHA and AES are now available on 32-bit PowerPC platforms. These improvements reduce boot-time cryptographic processing overhead and improve performance during image verification and decryption operations.

STM32F4 Enhancements
wolfBoot v2.6.0 includes updated clock configuration logic for the STM32F4 series, ensuring compatibility across the full device family. In addition, support has been added for the STM32F411 variant, commonly used in development and prototyping platforms.

Fixes and Improvements
This release includes several important bug fixes:

Fixed unaligned memory access on Cortex-A5

Corrected compile flags to allow execution from RAM on ARM targets

Proper handling of VTOR_NS when staging non-secure images in TrustZone-M mode

Removed redundant flash write-after-erase cycle in wolfBoot_update_trigger

Multiple TrustZone-related fixes for STM32H5 devices

These changes improve stability, reduce flash wear, and ensure correct behavior on secure platforms.

Updated Module Versions
The following components have been updated in this release:

wolfSSL version 5.8.2 or later

wolfTPM version 3.9.1 or later

wolfPKCS11 latest revision

wolfHSM latest revision

More Information
To download the latest version of wolfBoot, visit our download page or clone it from the wolfBoot GitHub repository. For questions about commercial support, licensing, or integration assistance, please contact us at facts@wolfssl.com or +1 425 245 8247.

2025-07-29 14:22:41

wolfCLU version 0.1.9 is now available! This command-line utility, built on the wolfSSL embedded TLS library, helps with admin tasks and common use cases such as key generation and certificate parsing to human human-readable form.

Among the most notable changes to this release is the addition of support for PKCS8 and Base64 commands, introduced in PR #178. These features make it easier to handle common encoding formats and key conversions directly from the command line, streamlining workflows involving PEM or DER-encoded data.

The update also includes important fixes to macro definitions related to client and server Key Encapsulation Mechanisms (KEM), as noted in PR #177. These corrections ensure proper configuration and usage when working with post-quantum cryptographic modes and hybrid TLS key exchange scenarios.

To support users working in FIPS-approved environments, wolfCLU now better aligns with FIPS 140-3 expectations. In PR #183, tests were adjusted to reflect the removal of DES in FIPS mode, and new output was added to indicate when FIPS is enabled. These changes help clarify operational state and support auditability during validation efforts.

This release also updates the license from GPLv2 to GPLv3 (PR #184).

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS library.

2025-07-18 13:11:22

wolfSSL 5.8.2 is now available! We are excited to announce the release of wolfSSL 5.8.2, packed with significant enhancements, introducing new functionalities, and refining existing features!

Important Notes for this Release

GPLv3 Licensing: wolfSSL has transitioned from GPLv2 to GPLv3.

Deprecated Feature: `–enable-heapmath` is now deprecated.

MD5 Disabled by Default: For enhanced security, MD5 is now disabled by default.

Key Highlights of wolfSSL 5.8.2

Vulnerability Mitigations:

ECC and Ed25519 Fault Injection Mitigation (Low): (Thanks to Kevin from Fraunhofer AISEC)

Apple Native Cert Validation Override (High – CVE-2025-7395): (Thanks to Thomas Leong from ExpressVPN)

Predictable `RAND_bytes()` after `fork()` (Medium – CVE-2025-7394): (Thanks to Per Allansson from Appgate)

Curve25519 Blinding Enabled by Default (Low – CVE-2025-7396): (Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris)

New Features:

Sniffer Enhancements: Support for multiple sessions and a new `ssl_RemoveSession()` API for cleanup.

New ASN.1 X509 API: `wc_GetSubjectPubKeyInfoDerFromCert` for retrieving public key information.

PKCS#12 Improvements: `wc_PKCS12_create()` now supports PBE_AES(256|128)_CBC key and certificate encryptions.

PKCS#7 Decoding: Added `wc_PKCS7_DecodeEncryptedKeyPackage()` for decoding encrypted key packages.

Linux Kernel Module Expansion: All AES, SHA, and HMAC functionality now implemented within the Linux Kernel Module.

OpenSSL Compatibility Layer Additions: New APIs for X.509 extensions and RSA PSS: `i2d_PrivateKey_bio`, `BN_ucmp`, and `X509v3_get_ext_by_NID`.

Platform Support: Added support for STM32N6.

Assembly Optimizations: Implemented SHA-256 for PPC 32 assembly.

Improvements & Optimizations

This release includes a wide range of improvements across various categories, including:

Extensive Linux Kernel Module (LinuxKM) Enhancements: Numerous minor fixes, registrations, and optimizations for cryptography operations within the Linux Kernel Module.

Post-Quantum Cryptography (PQC) & Asymmetric Algorithms: Updates to Kyber, backward compatibility for ML_KEM IDs, fixes for LMS building and parameters, and OpenSSL format support for ML-DSA/Dilithium.

Build System & Portability: General build configuration fixes, improvements for older GCC versions, new CMakePresets, and default MD5 disabling.

Testing & Debugging: Enhanced debugging output, additional unit tests for increased code coverage, and improved benchmark help options.

Certificates & ASN.1: Improved handling of X509 extensions, fixed printing of empty names, and better error handling.

TLS/DTLS & Handshake: Corrected group handling, improved DTLS record processing, and refined TLS 1.3 key derivation.

Memory Management & Optimizations: Stack refactors, improved stack size with MLKEM and Dilithium, and heap math improvements.

Cryptography & Hash Functions: Added options to disable assembly optimizations for SipHash and SHA3, and improved Aarch64 XFENCE.

Platform-Specific & Hardware Integration: Explicit support for ESP32P4, public `wc_tsip_*` APIs, and enhanced PlatformIO certificate bundle support.

General Improvements & Refactoring: Updated libspdm, fixed PEM key formatting, and improved API accessibility for certificate failure callbacks.

wolfSSL 5.8.2 also includes some nice bug fixes, addressing issues across various modules, ensuring greater stability and reliability. For a complete and detailed list of all changes, please refer to the full release notes.

We encourage all users to upgrade to wolfSSL 5.8.2 to take advantage of these important security updates, new features, and performance enhancements. Download the latest release.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

2025-05-08 15:13:35

We are pleased to announce the release of wolfBoot 2.5.0, the newest version of our universal secure bootloader. This release marks another milestone in the continued evolution of wolfBoot, reinforcing its relevance as a cutting-edge secure boot solution for embedded systems. wolfBoot 2.5.0 brings expanded hardware support, major new features, and a host of improvements to performance and security, all while maintaining the simplicity and robustness our users expect.

New hardware targets and platform enhancements
wolfBoot 2.5.0 expands its hardware compatibility, adding support for several new platforms and improving existing targets. Notable additions and enhancements include:

New target support: wolfBoot now supports the Raspberry Pi RP2350 microcontroller, NXP’s MCX family (including the MCXA153 and MCXW716 series), and the STMicroelectronics STM32F1 series. These additions extend wolfBoot’s reach from the latest Pi Pico 2 board to NXP’s advanced Cortex-M33 based MCUs and even legacy STM32F1 devices (like the popular “blue-pill” board), demonstrating once again our team’s commitment to maximize device coverage.

Enhanced support: Existing platform ports have been refined for better stability and performance, notably for the Xilinx UltraScale+ MPSoC (ZynqMP), Renesas RX family, and Infineon AURIX TriCore TC3xx microcontrollers. Developers using ZynqMP devices will benefit from smoother integration (e.g. improved standalone boot support and exception level handling), while updates to the Renesas RX and AURIX TC3xx ports include more efficient flash management and boot-time reliability improvements. These platform enhancements make it easier and more efficient to deploy wolfBoot on a wider range of hardware.

Major new features and enhancements
Version 2.5.0 introduces several important features aimed at both simplifying the developer experience and strengthening security:

Non-contiguous ELF section support: wolfBoot can now load and verify firmware images with non-contiguous (scattered) ELF sections. In practical terms, this means the bootloader handles images that are split across multiple memory regions, accommodating complex memory maps and multi-part firmware layouts. This feature adds flexibility for projects that utilize segmented flash or RAM areas for their application code and data.

Streamlined PQC integration: Post-Quantum Cryptography support in wolfBoot has been simplified and updated. wolfBoot 2.5.0 includes the latest PQC algorithm support from wolfCrypt (such as the recently standardized ML-DSA) and makes it easier to configure PQC-based signature verificationwolfssl.com. By refining the integration of PQC algorithms, we continue to help users prepare for a post-quantum future without sacrificing ease of use.

Static library build option: In addition to the traditional standalone bootloader binary, wolfBoot can now be built as a static library (libwolfboot.a). This gives developers the flexibility to integrate wolfBoot’s secure boot functionality directly into their applications or custom boot frameworks. The static-lib build simplifies certain use cases — for example, linking wolfBoot into a monolithic firmware image or using wolfBoot features in an RTOS environment — by allowing wolfBoot to be called like a library rather than a separate bootloader image.

Glitch attack mitigation (IAR toolchain): Security against hardware fault-injection attacks (glitches) has been further hardened in this release. We’ve extended our glitch mitigation techniques to better support the IAR Embedded Workbench toolchain, ensuring that builds compiled with IAR include additional countermeasures against timing and voltage glitch attacks. These low-level improvements make the secure boot process even more resilient to physical attack attempts, protecting the integrity of the firmware verification steps.

Build system and documentation improvements
wolfBoot 2.5.0 comes with numerous build system refinements and documentation updates to streamline development. We have refactored the CMake build system to improve cross-platform support and clarity, making it easier to compile wolfBoot for various targets and toolchains. This includes cleaner integration for IAR and other compilers, as well as a more organized project structure for out-of-the-box builds. Additionally, our documentation has been improved across the board – from updated user manuals and API references to new examples and guides – to help both new and experienced users get the most out of wolfBoot. Whether you’re configuring a multi-slot update scheme or integrating wolfBoot with a TPM, the clearer documentation will guide you through the process more smoothly. (As always, detailed change logs and usage instructions can be found in the README and docs accompanying the release.)

Bug fixes and updated modules
As with every release, wolfBoot 2.5.0 includes key bug fixes that enhance stability and reliability. Various minor issues identified in the previous version have been addressed, resulting in a more robust bootloader across all supported platforms. In particular, fixes were applied to edge cases in flash memory handling and update workflows to ensure consistent behavior in all update scenarios.
Moreover, the cryptographic and secure hardware modules underlying wolfBoot have been updated to their latest versions. wolfBoot 2.5.0 is powered by wolfSSL 5.8.0 – bringing in the newest optimizations and post-quantum enhancements from the wolfCrypt engine – and it can integrate with wolfTPM 3.9.0 for TPM-based secure boot use cases. By using the latest wolfSSL v5.8.0 and wolfTPM v3.9.0 releases, wolfBoot ensures compatibility with the most up-to-date security features and fixes from those libraries. This means developers get improved performance, up-to-date cryptographic algorithms, and continued FIPS 140-3 readiness through wolfCrypt.
wolfBoot’s security is, as always, built on wolfCrypt, which allows the boot process to leverage FIPS-certified crypto and even meet safety standards like DO-178C when required. Upgrading to wolfBoot 2.5.0 brings all these benefits into your secure boot process.

Getting wolfBoot 2.5.0 and support
wolfBoot 2.5.0 is available for download now, and we encourage everyone to try out the new features and improvements. You can find the source code and release package on our GitHub repository and the wolfSSL download page. Documentation for this release, including an updated user manual and examples, is available on our website to help you get started quickly.

If you have any questions about wolfBoot 2.5.0 or need help with integration, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247. The wolfSSL team offers commercial support and consulting services for those who require dedicated assistance or custom features. Whether you are upgrading an existing project or designing a new device with wolfBoot, our team is here to ensure your secure boot implementation is successful.

Download wolfSSL Now
wolfSSL is the best tested TLS

2025-05-05 12:03:09

We are excited to announce the release of wolfMQTT v1.20.0, which introduces WebSocket support as its headline feature. This release continues our commitment to providing a lightweight, secure, and feature-rich MQTT client implementation for embedded systems and IoT applications.

What’s New in v1.20.0
The wolfMQTT v1.20.0 release includes several significant enhancements:

WebSocket Support
The most notable addition in this release is comprehensive support for MQTT over WebSockets. This feature allows wolfMQTT clients to connect to MQTT brokers through WebSocket endpoints, which is particularly valuable in environments where traditional MQTT ports might be blocked or when integrating with web applications.

Both standard WebSockets and secure WebSockets (WSS) are now supported, providing flexibility for various security requirements:

Standard WebSockets: Connect to brokers using the WebSocket protocol without encryption

Secure WebSockets: Use TLS to encrypt the WebSocket connection for enhanced security

Secure WebSocket CI Testing
To ensure the reliability of the new WebSocket functionality, we’ve added continuous integration testing specifically for secure WebSockets. This testing helps maintain the high quality and stability that users expect from wolfMQTT.

Improved CMake Support
This release includes improvements to the CMake build system:

Enhanced duplicate component checking in CMake builds

Better compatibility with the latest Managed Components

Additional Improvements

Updated examples for the latest Managed Components

Fixed an issue with OQS’s Mosquitto being out of date

About wolfMQTT
wolfMQTT is a lightweight, embedded MQTT client implementation written in C that supports SSL/TLS via the wolfSSL library. It was built from the ground up to be multi-platform, space conscious, and extensible. The library supports:

MQTT v3.1.1 and v5.0 protocols

MQTT-SN (MQTT for Sensor Networks)

Quality of Service (QoS) levels 0-2

TLS encryption via wolfSSL

Non-blocking communications

Multithreading for parallel operations

Integration with popular IoT platforms (AWS IoT, Azure IoT Hub, IBM Watson IoT)

Getting wolfMQTT v1.20.0
The wolfMQTT v1.20.0 release is available now on our download page and GitHub.
Release 1.20.0 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.
Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.
While you’re there, show us some love and give the wolfMQTT project a Star!
You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

2025-04-28 09:44:00

We are excited to announce that wolfSSL version 5.8.0 is now available. This release brings several important new features and improvements. Below are the key new additions:

New Features

Implemented various fixes to support building for Open Watcom, including OS/2 support and Open Watcom 1.9 compatibility (PR 8505, 8484).

Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488).

Added support for STM32WBA (PR 8550).

Added Extended Master Secret Generation Callback to the –enable-pkcallbacks build (PR 8303).

Implemented AES-CTS (–enable-aescts) in wolfCrypt (PR 8594).

Added support for libimobiledevice commit 860ffb (PR 8373).

Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD (PR 8307).

Added blinding option when using a Curve25519 private key by defining the macro WOLFSSL_CURVE25519_BLINDING (PR 8392).

ML-DSA and Post-Quantum Cryptography Enhancements
In line with NIST’s latest documentation, wolfSSL has updated its Kyber implementation to ML-DSA (Multi-Lattice Digital Signature Algorithm), which is fully supported in this release. Additionally, the release includes updates to further optimize ML-DSA and LMS (Lattice-based Signature) schemes, reducing memory usage and improving performance.

Linux Kernel Module (linuxkm) Updates
wolfSSL 5.8.0 expands support for the Linux Kernel Module (linuxkm), with several important enhancements to improve kernel-level cryptographic integration. This includes extended LKCAPI registration support for rfc4106(gcm(aes)), ctr(aes), ofb(aes), ecb(aes), and the legacy one-shot AES-GCM backend. Compatibility improvements have been added for newer kernels (?6.8), and calls to scatterwalk_map() and scatterwalk_unmap() have been updated for Linux 6.15. The release also registers ECDSA, ECDH, and RSA algorithms with the kernel crypto API and introduces safeguards for key handling, including forced zeroing of shared secrets. These changes make it possible to use more wolfSSL functionality in the kernel space.

For a full list of fixes and optimizations check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

2025-03-26 12:25:36

The wolfSSL team has released wolfProvider version 1.0.2, introducing several new features and important fixes!

New Features

RSA Verify Recover Support: Adds functionality for RSA verify recover operations, enhancing compatibility with applications requiring this capability.

DES3 Implementation: Provides legacy application support with DES3 CBC mode implementation.

Open Source Integration Testing: New workflows for automated testing with NGINX, cURL, and OpenVPN, ensuring compatibility across applications.

Enhancements and Fixes

RSA Improvements: Better key type handling during import operations and fixed parameter handling for proper functionality.

AES-GCM Stream Handling: Enhanced IV handling for compatibility with OpenSSH workflows.

ECC Parameter Encoding: Fixed encoding for OpenSSL genpkey compatibility, resolving interoperability issues.

Stability Improvements

FIPS Testing Capabilities: Enhanced testing for FIPS compliance scenarios.

Error Handling: Improved logging and error reporting throughout the codebase.

Documentation Updates: Enhanced examples and documentation for easier integration.

Check out the ChangeLog for a full list of features and fixes.

Stay updated with wolfProvider for ongoing enhancements! If you have questions about any of the above, please contact us at facts@wolfSSL.com or call ua at +1 425 245 8247.

Download wolfSSL Now

wolfSSL is the best tested TLS

Welcome to the wolfSSL Forums!

Search options (Page 1 of 2)

Posts found: 1 to 25 of 43

1 Topic by shizuka Yesterday 16:05:51

Topic: wolfCrypt JNI/JCE 1.10.0 Now Available (0 replies, posted in Announcements)

2 Topic by shizuka 2026-04-27 16:25:01

Topic: wolfSSL JNI/JSSE 1.17.0 Now Available (0 replies, posted in Announcements)

3 Topic by shizuka 2026-04-24 09:54:56

Topic: Announcing wolfTPM v4.0.0 (0 replies, posted in Announcements)

4 Topic by shizuka 2026-04-23 15:50:33

Topic: wolfBoot 2.8.0 released (0 replies, posted in Announcements)

5 Topic by shizuka 2026-04-22 10:56:03

Topic: wolfSSH v1.5.0 Release (0 replies, posted in Announcements)

6 Topic by shizuka 2026-04-21 16:15:40

Topic: wolfSSL 5.9.1 release blog (0 replies, posted in Announcements)

7 Topic by shizuka 2026-04-14 14:03:46

Topic: wolfIP 1.0.0 Released: Deterministic TCP/IP for Embedded and Safety-Cr (0 replies, posted in Announcements)

8 Topic by shizuka 2026-03-23 12:18:48

Topic: Announcing wolfMQTT v2.0.0: A Lightweight Built-In MQTT Broker (0 replies, posted in Announcements)

9 Topic by shizuka 2026-03-23 11:50:15

Topic: wolfSSL 5.9.0 Released (0 replies, posted in Announcements)

10 Topic by shizuka 2026-01-23 14:56:04

Topic: wolfCrypt JNI/JCE 1.9.0 Now Available (0 replies, posted in Announcements)

11 Topic by shizuka 2026-01-19 11:25:42

Topic: wolfSSL JNI/JSSE 1.16.0 Now Available (0 replies, posted in Announcements)

12 Topic by shizuka 2026-01-12 16:38:51

Topic: wolfSSH v1.4.22 Release (0 replies, posted in Announcements)

13 Topic by shizuka 2025-12-15 17:13:01

Topic: wolfBoot v2.7.0 Available (0 replies, posted in Announcements)

14 Topic by shizuka 2025-12-09 09:57:53

Topic: wolfTPM 3.10.0 Release (0 replies, posted in Announcements)

15 Topic by shizuka 2025-12-04 11:00:02

Topic: Announcing wolfMQTT v1.21.0: NetX and ThreadX RTOS Support (0 replies, posted in Announcements)

16 Topic by shizuka 2025-11-21 15:26:16

Topic: wolfSSL 5.8.4 Now Available (0 replies, posted in Announcements)

17 Topic by shizuka 2025-11-04 14:20:57

Topic: wolfProvider 1.1.0: Major Release with Enhanced Features and Extensive (0 replies, posted in Announcements)

18 Topic by shizuka 2025-10-23 15:35:32

Topic: wolfSSH 1.4.21 Released (0 replies, posted in Announcements)

19 Topic by shizuka 2025-08-18 10:19:56

Topic: wolfBoot v2.6.0 Now Available (0 replies, posted in Announcements)

20 Topic by shizuka 2025-07-29 14:22:41

Topic: wolfCLU 0.1.9 Available Now (0 replies, posted in Announcements)

21 Topic by shizuka 2025-07-18 13:11:22

Topic: wolfSSL 5.8.2 Now Available (0 replies, posted in Announcements)

22 Topic by shizuka 2025-05-08 15:13:35

Topic: wolfBoot release: v.2.5.0 (0 replies, posted in Announcements)

23 Topic by shizuka 2025-05-05 12:03:09

Topic: Announcing wolfMQTT v1.20.0: Now with WebSocket Support (0 replies, posted in Announcements)

24 Topic by shizuka 2025-04-28 09:44:00

Topic: wolfSSL 5.8.0 (0 replies, posted in Announcements)

25 Topic by shizuka 2025-03-26 12:25:36

Topic: wolfProvider 1.0.2: Enhanced Compatibility (0 replies, posted in Announcements)

Posts found: 1 to 25 of 43