wolfSSL is an embedded cryptographic library that includes a TLS/DTLS implementation. For resource-constrained devices or safety-critical applications, dynamic memory allocation via malloc and free system calls may be unavailable. To address these scenarios, wolfSSL offers the –enable-staticmemory feature. This feature provides a robust and straightforward allocation mechanism as an alternative. It utilizes a pre-allocated buffer, […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
The Radio Equipment Directive (RED) and Evolving Cybersecurity Requirements
The Radio Equipment Directive (RED) 2014/53/EU establishes the regulatory framework for placing radio equipment on the European market. Its goal is to create a unified market while ensuring essential requirements for safety, electromagnetic compatibility, efficient use of the radio spectrum, and more recently cybersecurity and data protection. To strengthen protections, the European Commission activated Articles […]
Read MoreMore TagSupport for STM32U5 DHUK
In wolfCrypt and wolfPKCS11 we added support for using a Derived Hardware Unique Key (DHUK) for AES with the STM32U5. This feature enables use of a device unique AES key (up to 256-bit) available for encryption/decryption. The key cannot be read from the hardware, which makes it great to wrap other symmetric keys for storage […]
Read MoreMore TagNew CMS/PKCS#7 decode APIs for SymmetricKeyPackage, OneSymmetricKey, and EncryptedKeyPackage
Recent commits to wolfSSL have enabled support to decode new CMS/PKCS#7 message types. The CMS message type EncryptedKeyPackage (defined in RFC 6032) can be decoded with the new API wc_PKCS7_DecodeEncryptedKeyPackage(). The CMS message types SymmetricKeyPackage and OneSymmetricKey (defined in RFC 6031) can be decoded with the new APIs wc_PKCS7_DecodeSymmetricKeyPackageAttribute(), wc_PKCS7_DecodeSymmetricKeyPackageKey(), wc_PKCS7_DecodeOneSymmetricKeyAttribute(), and wc_PKCS7_DecodeOneSymmetricKeyKey(). If you […]
Read MoreMore TagRelaxing CMS/PKCS#7 decode support requirements
Previous wolfSSL versions required X.963 KDF support and AES keywrap functionality to be enabled in order to build CMS/PKCS#7 decode support. Recent changes to wolfSSL have allowed CMS/PKCS#7 decode support to be built without either of these requirements. Previously, if the user desired to have the HAVE_PKCS7 build option defined, then the HAVE_X963_KDF and HAVE_AES_KEYWRAP […]
Read MoreMore TagwolfCrypt MISRA improvements
Some recent pull requests have been merged to the wolfssl repository to allow wolfcrypt to avoid MISRA warnings for certain MISRA 2023 rules. For example, MISRA rule 3.1 disallows nested comment leaders (e.g. a “//” sequence within a “/* … */” comment block). These have been removed. Also, MISRA rule 8.2 requires function prototypes to […]
Read MoreMore TagUtilizing PSRAM for wolfSSL Heap Operations for the Espressif ESP32
The latest updates to the Espressif-specific integration of wolfSSL bring a significant enhancement for developers working on memory-constrained embedded systems: support for using PSRAM (pseudo-static RAM) during wolfSSL heap operations. This improvement not only unlocks larger memory capacity for cryptographic operations, but also lays the foundation for more stable and scalable TLS communication on ESP32 […]
Read MoreMore TagUpdated wolfSSL 5.8.2 for Espressif ESP-IDF Registry
We’re excited to announce that wolfSSL v5.8.2 is now officially released and available through The ESP Component Registry! wolfSSL is a lightweight, high-performance TLS/SSL library optimized for embedded systems. It is widely used in IoT, automotive, aerospace, and other resource-constrained environments. What’s New in v5.8.2: Security Enhancements: Multiple updates for improved cryptographic robustness and protocol […]
Read MoreMore TagCRL vs OCSP: Secure Certificate Revocation with wolfSSL
Ensuring your TLS certificates are still valid and haven’t been revoked is critical for secure communications. Two methods exist for this: Certificate Revocation Lists (CRLs) are signed lists published by Certificate Authorities that clients download and check offline. They contain serial numbers of revoked certificates and must be regularly updated and cached by clients to […]
Read MoreMore TagProtect TLS Secrets After the Handshake — Only with wolfSSL
Most TLS libraries leave your certificates and private keys sitting in RAM long after they’re used — a jackpot for attackers with memory access. wolfSSL is the only TLS library that gives you the power to erase them completely with the wolfSSL_UnloadCertsKeys API. This function doesn’t just free memory — it securely zeroes out every […]
Read MoreMore Tag