Topic: wolfCrypt JNI/JCE 1.10.0 Now Available
wolfCrypt JNI/JCE 1.10.0 is now available for download! This release brings new JCE Cipher support for RSA OAEP padding schemes and RSA key wrapping (WRAP/UNWRAP modes), a PKIX CertPathBuilder implementation using native wolfSSL X.509 functionality, default FIPS error callback registration, new JNI utilities for hex string conversion and PEM-to-DER, enhanced WolfSSLX509StoreCtx methods, and two new system properties for flexible native library loading and OCSP/CRL timeouts. Along with these additions, 1.10.0 delivers extensive bug fixes, memory-safety improvements, FIPS compliance enhancements, and an expanded testing matrix.
New JCE Functionality:
Add Cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding support
Add Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding support
Add Cipher WRAP_MODE and UNWRAP_MODE support for RSA-based key wrapping
Add PKIX CertPathBuilder implementation using native wolfSSL X509_STORE
Add jdk.certpath.disabledAlgorithms enforcement to CertPathBuilder and CertPathValidator
Register default FIPS error callback in WolfCryptProvider for FIPS error debugging
Enrich WolfCryptException with FIPS module status for FIPS_NOT_ALLOWED_E errors
Add Java 9+ module support (JPMS) for jlink compatibility
New JNI Functionality:
Add hex string conversion via WolfCrypt.toHexString() and WolfCrypt.hexStringToByteArray()
Add PEM to DER conversion support for keys and certificates
Add setFlags() and setVerificationTime() methods to WolfSSLX509StoreCtx
New Property Support:
wolfssl.skipLibraryLoad System property – Skip automatic System.loadLibrary() calls for advanced embedding scenarios
wolfjce.ioTimeout System property – Configure OCSP/CRL IO timeouts
Bug Fixes & Reliability Improvements
Beyond the new features, version 1.10.0 includes a substantial set of bug fixes and reliability improvements focused on FIPS error visibility, cryptographic correctness, input validation, and memory safety:
Fixed FIPS error callback lifecycle (including proper deregistration in JNI_OnUnload)
Corrected Ed25519 signature length handling, RSA public-key flattening/export, unsigned return values, and pointer casts
Added HMAC/ByteBuffer/offset-length bounds validation, improved NULL checks, and missing releaseByteArray() calls across ECC, RSA, ChaCha, and AES-GCM
Implemented defensive copies of IV arrays, constant-time GMAC tag verification, secure zeroization of keys and buffers, and proper cleanup for AES-CTR/AES-OFB/GMAC
Fixed signed integer overflow risks in bounds checks, DH key export paths, ECC private-key import curve handling, and reduced unnecessary WC_RNG allocations
Expanded FIPS-compliant SecureRandom sanitization and fixed threaded MessageDigest hangs on FIPS errors
Expanded Testing & CI Infrastructure
CI coverage has been expanded with new workflows and modern platform support:
Java 24 and 25 tests added to GitHub Actions workflows
Linux 32-bit testing with Java 17 via GitHub workflow
UndefinedBehaviorSanitizer (UBSan) GitHub workflow
SpotBugs static analysis target and dedicated GitHub Actions workflow
Android FIPS Ready automated emulator testing via GitHub workflow
Java 9+ module (JPMS) testing workflow
Improved JUnit test reliability for FIPS mode and CI environments
New Examples
Added CertPathBuilder and CertPathValidator example demonstrating PKIX path building and validation with disabledAlgorithms enforcement
Updated Android example project: migrated from jcenter() to mavenCentral() and AndroidX, added Gradle wrapper with distributionSha256Sum, JKS-to-BKS KeyStore conversion script for testing, and CMakeLists.txt exclusion list updates
wolfCrypt JNI/JCE 1.10.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.
Download wolfSSL Now