Recent commits to wolfSSL have enabled support to decode new CMS/PKCS#7 message types. The CMS message type EncryptedKeyPackage (defined in RFC 6032) can be decoded with the new API wc_PKCS7_DecodeEncryptedKeyPackage(). The CMS message types SymmetricKeyPackage and OneSymmetricKey (defined in RFC 6031) can be decoded with the new APIs wc_PKCS7_DecodeSymmetricKeyPackageAttribute(), wc_PKCS7_DecodeSymmetricKeyPackageKey(), wc_PKCS7_DecodeOneSymmetricKeyAttribute(), and wc_PKCS7_DecodeOneSymmetricKeyKey(). If you […]
Read MoreMore TagCategory: Uncategorized
Live Webinar: Achieving Avionics Security with DO-178C-Certified Cryptography
Enhancing Avionics Security with DO-178C-Certified Solutions Join us on September 24 at 9 AM PT to learn how wolfSSL strengthens avionics security in safety-critical systems while meeting DO-178C DAL A certification requirements. The webinar will highlight practical strategies for secure embedded systems and how certified products are applied in real-world avionics. Register Now: Achieving Avionics […]
Read MoreMore TagRelaxing CMS/PKCS#7 decode support requirements
Previous wolfSSL versions required X.963 KDF support and AES keywrap functionality to be enabled in order to build CMS/PKCS#7 decode support. Recent changes to wolfSSL have allowed CMS/PKCS#7 decode support to be built without either of these requirements. Previously, if the user desired to have the HAVE_PKCS7 build option defined, then the HAVE_X963_KDF and HAVE_AES_KEYWRAP […]
Read MoreMore TagwolfCrypt MISRA improvements
Some recent pull requests have been merged to the wolfssl repository to allow wolfcrypt to avoid MISRA warnings for certain MISRA 2023 rules. For example, MISRA rule 3.1 disallows nested comment leaders (e.g. a “//” sequence within a “/* … */” comment block). These have been removed. Also, MISRA rule 8.2 requires function prototypes to […]
Read MoreMore TagUtilizing PSRAM for wolfSSL Heap Operations for the Espressif ESP32
The latest updates to the Espressif-specific integration of wolfSSL bring a significant enhancement for developers working on memory-constrained embedded systems: support for using PSRAM (pseudo-static RAM) during wolfSSL heap operations. This improvement not only unlocks larger memory capacity for cryptographic operations, but also lays the foundation for more stable and scalable TLS communication on ESP32 […]
Read MoreMore TagUpdated wolfSSL 5.8.2 for Espressif ESP-IDF Registry
We’re excited to announce that wolfSSL v5.8.2 is now officially released and available through The ESP Component Registry! wolfSSL is a lightweight, high-performance TLS/SSL library optimized for embedded systems. It is widely used in IoT, automotive, aerospace, and other resource-constrained environments. What’s New in v5.8.2: Security Enhancements: Multiple updates for improved cryptographic robustness and protocol […]
Read MoreMore TagLive Webinar: Post-Quantum Secure TLS 1.3 on Application MPUs
Discover how wolfSSL, Crypto4A Technologies Inc., and NXP Semiconductors are driving innovation in secure, post-quantum embedded systems. Join this 60-minute expert-led session as leaders in cryptography and hardware explore the latest advancements in embedded security. Learn how post-quantum algorithms, hardware security modules (HSMs) and trusted platforms are converging to protect next-generation devices. Register Now: Post-Quantum […]
Read MoreMore TagCommunity Spotlight: Jon Durrant
We are thrilled to recognize Dr. Jon Durrant (@DrJonEA) for his exceptional work highlighting wolfSSL across multiple platforms. His dedication to showcasing wolfSSL’s capabilities in real-world IoT and embedded systems projects has been truly outstanding. Jon has 25+ years as an IT professional. With a PhD in Object Oriented Development and Distributed System Design from […]
Read MoreMore TagSecuring BoringTun with wolfSSL’s FIPS 140-3 Cryptography
We’re excited to announce that wolfSSL is taking the next step in its journey to bring FIPS 140-3 compliance to the WireGuard ecosystem. Following our successful ports of our FIPS crypto into both WireGuard-linux and Wireguard-GO, we are setting our sights on a new target: BoringTun. BoringTun is a popular, high-performance implementation of the WireGuard […]
Read MoreMore TagCRL vs OCSP: Secure Certificate Revocation with wolfSSL
Ensuring your TLS certificates are still valid and haven’t been revoked is critical for secure communications. Two methods exist for this: Certificate Revocation Lists (CRLs) are signed lists published by Certificate Authorities that clients download and check offline. They contain serial numbers of revoked certificates and must be regularly updated and cached by clients to […]
Read MoreMore Tag