1 Topic by shizuka

(0 replies, posted in Announcements)

We are excited to announce the release of wolfMQTT v1.20.0, which introduces WebSocket support as its headline feature. This release continues our commitment to providing a lightweight, secure, and feature-rich MQTT client implementation for embedded systems and IoT applications.

What’s New in v1.20.0
The wolfMQTT v1.20.0 release includes several significant enhancements:

WebSocket Support
The most notable addition in this release is comprehensive support for MQTT over WebSockets. This feature allows wolfMQTT clients to connect to MQTT brokers through WebSocket endpoints, which is particularly valuable in environments where traditional MQTT ports might be blocked or when integrating with web applications.

Both standard WebSockets and secure WebSockets (WSS) are now supported, providing flexibility for various security requirements:

  • Standard WebSockets: Connect to brokers using the WebSocket protocol without encryption

  • Secure WebSockets: Use TLS to encrypt the WebSocket connection for enhanced security

Secure WebSocket CI Testing
To ensure the reliability of the new WebSocket functionality, we’ve added continuous integration testing specifically for secure WebSockets. This testing helps maintain the high quality and stability that users expect from wolfMQTT.

Improved CMake Support
This release includes improvements to the CMake build system:

  • Enhanced duplicate component checking in CMake builds

  • Better compatibility with the latest Managed Components

Additional Improvements

  • Updated examples for the latest Managed Components

  • Fixed an issue with OQS’s Mosquitto being out of date

About wolfMQTT
wolfMQTT is a lightweight, embedded MQTT client implementation written in C that supports SSL/TLS via the wolfSSL library. It was built from the ground up to be multi-platform, space conscious, and extensible. The library supports:

  • MQTT v3.1.1 and v5.0 protocols

  • MQTT-SN (MQTT for Sensor Networks)

  • Quality of Service (QoS) levels 0-2

  • TLS encryption via wolfSSL

  • Non-blocking communications

  • Multithreading for parallel operations

  • Integration with popular IoT platforms (AWS IoT, Azure IoT Hub, IBM Watson IoT)

Getting wolfMQTT v1.20.0
The wolfMQTT v1.20.0 release is available now on our download page and GitHub.
Release 1.20.0 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.
Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions.
While you’re there, show us some love and give the wolfMQTT project a Star!
You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

2 Topic by shizuka

(0 replies, posted in Announcements)

We are excited to announce that wolfSSL version 5.8.0 is now available. This release brings several important new features and improvements. Below are the key new additions:

New Features

  • Implemented various fixes to support building for Open Watcom, including OS/2 support and Open Watcom 1.9 compatibility (PR 8505, 8484).

  • Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488).

  • Added support for STM32WBA (PR 8550).

  • Added Extended Master Secret Generation Callback to the –enable-pkcallbacks build (PR 8303).

  • Implemented AES-CTS (–enable-aescts) in wolfCrypt (PR 8594).

  • Added support for libimobiledevice commit 860ffb (PR 8373).

  • Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD (PR 8307).

  • Added blinding option when using a Curve25519 private key by defining the macro WOLFSSL_CURVE25519_BLINDING (PR 8392).

ML-DSA and Post-Quantum Cryptography Enhancements
In line with NIST’s latest documentation, wolfSSL has updated its Kyber implementation to ML-DSA (Multi-Lattice Digital Signature Algorithm), which is fully supported in this release. Additionally, the release includes updates to further optimize ML-DSA and LMS (Lattice-based Signature) schemes, reducing memory usage and improving performance.

Linux Kernel Module (linuxkm) Updates
wolfSSL 5.8.0 expands support for the Linux Kernel Module (linuxkm), with several important enhancements to improve kernel-level cryptographic integration. This includes extended LKCAPI registration support for rfc4106(gcm(aes)), ctr(aes), ofb(aes), ecb(aes), and the legacy one-shot AES-GCM backend. Compatibility improvements have been added for newer kernels (?6.8), and calls to scatterwalk_map() and scatterwalk_unmap() have been updated for Linux 6.15. The release also registers ECDSA, ECDH, and RSA algorithms with the kernel crypto API and introduces safeguards for key handling, including forced zeroing of shared secrets. These changes make it possible to use more wolfSSL functionality in the kernel space.

For a full list of fixes and optimizations check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

3 Topic by shizuka

(0 replies, posted in Announcements)

The wolfSSL team has released wolfProvider version 1.0.2, introducing several new features and important fixes!

New Features

  • RSA Verify Recover Support: Adds functionality for RSA verify recover operations, enhancing compatibility with applications requiring this capability.

  • DES3 Implementation: Provides legacy application support with DES3 CBC mode implementation.

  • Open Source Integration Testing: New workflows for automated testing with NGINX, cURL, and OpenVPN, ensuring compatibility across applications.

Enhancements and Fixes

  • RSA Improvements: Better key type handling during import operations and fixed parameter handling for proper functionality.

  • AES-GCM Stream Handling: Enhanced IV handling for compatibility with OpenSSH workflows.

  • ECC Parameter Encoding: Fixed encoding for OpenSSL genpkey compatibility, resolving interoperability issues.

Stability Improvements

  • FIPS Testing Capabilities: Enhanced testing for FIPS compliance scenarios.

  • Error Handling: Improved logging and error reporting throughout the codebase.

  • Documentation Updates: Enhanced examples and documentation for easier integration.

Check out the ChangeLog for a full list of features and fixes.

Stay updated with wolfProvider for ongoing enhancements! If you have questions about any of the above, please contact us at facts@wolfSSL.com or call ua at +1 425 245 8247.

Download wolfSSL Now

wolfSSL is the best tested TLS

Go to forum: Announcements

4 Topic by shizuka

(0 replies, posted in Announcements)

The wolfSSL team has released wolfSSH version 1.4.20, introducing some new features and nice fixes!

New Features:

  • DH Group 16 and HMAC-SHA2-512 Support: This addition gives more options for algorithms used when connecting and more interoperability with other implementations.

  • Keyboard-Interactive Authentication: Providing a more versatile authentication method implementing RFC 4256.

Enhancements and Fixes:

  • Memory Management Improvements: wolfSSH now handles memory more efficiently, particularly in RNG initialization and the SCP example, ensuring cleaner resource management.

  • Stability Enhancements: Updates to wolfSSHd include better handling of failures and connections, making the server more robust and reliable.

  • Resolved Issues: Fixes address SFTP compilation problems with WOLFSSH_FATFS and simplify the autogen script for easier integration.

Check out the ChangeLog for a full list of features and fixes.

Stay updated with wolfSSH for ongoing enhancements! If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

5 Topic by shizuka

(0 replies, posted in Announcements)

In the realm of lightweight MQTT (Message Queuing Telemetry Transport) implementations, wolfMQTT maintains its commitment to reliability and performance. With the release of version 1.19.2, wolfMQTT strengthens its core functionality through targeted improvements and enhanced testing infrastructure.

Key Improvements:

  • Enhanced Connection Reliability
    The implementation of improved error handling in the “mqttsimple” client ensures more robust connection management, particularly beneficial for embedded applications where connection stability is crucial.

  • Optimized Keep-Alive Mechanism
    A significant enhancement to the ping response handling improves the reliability of MQTT keep-alive functionality, ensuring more stable long-term connections and better resource management.

  • Strengthened Testing Infrastructure

    • Modernized continuous integration workflow with Ubuntu 22.04

    • Enhanced artifact testing procedures for more comprehensive quality assurance

    • Improved Zephyr platform compatibility through targeted build fixes

Release 1.19.2 has been developed according to wolfSSL's development and QA process and successfully passed the quality criteria.

Check out the ChangeLog for a full list of features and fixes, or contact us at facts@wolfssl.com with any questions.

While you're there, show us some love and give the wolfMQTT project a Star!

You can download the latest wolfMQTT release from our website or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfssl.com or callus at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

6 Topic by shizuka

(0 replies, posted in Announcements)

We are pleased to announce the release of wolfTPM 3.8.0, our latest version with several important enhancements.

What's New
This release includes a range of fixes and improvements that enhance the overall quality and reliability of wolfTPM. These changes are designed to support the delivery of high-quality production-grade products that meet the needs of our customers.

Key Change

  • Session Auth Improvements: We've fixed an issue with bound session authentication, ensuring that TPM 2.0 authenticated sessions with binding work correctly. Additionally, we've added comprehensive test cases to verify the functionality.

  • Bus Protection: Our implementation of the TCG "bus protection guidance" now includes a comprehensive example, making it easier for developers to ensure their applications meet these critical security standards. For more information on our bus protection guidance, please refer to the TCG's bus protection guidance document.

  • Build Support: We've improved support for building wolfTPM against older wolfCrypt versions, including updated CI tests.

  • HAL IO Improvements: We've added HAL IO support for Microchip I2C bit-bang driver

TPM 2.0 Use Cases
wolfTPM is designed to provide a robust and secure foundation for a wide range of applications, from IoT devices to high-end servers. Here are some examples of how wolfTPM 3.8.0 can help:

  • Secure Boot: wolfTPM provides a robust secure boot mechanism, ensuring that only authorized firmware can be loaded on the platform.

  • Platform Firmware Updates: Our implementation of bus protection guidance includes support for secure firmware updates, making it easier to keep platforms up-to-date and secure.

  • Key Management: wolfTPM can be used to manage cryptographic keys securely, providing a reliable and efficient way to handle sensitive data.

  • Hardware-Level Isolation: wolfTPM’s hardware-level isolation features provide a robust security foundation for applications that require high levels of isolation.

  • Trusted Execution Environments (TEEs): wolfTPM is designed to work seamlessly with TEEs, providing a secure environment for executing critical functions.

Getting Started
Download the latest version of wolfTPM 3.8.0 today! Check out the complete ChangeLog for full details.

As always, we appreciate your contribution and feedback. If you have any questions or suggestions, please email facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS.

Go to forum: Announcements

7 Topic by shizuka

(0 replies, posted in Announcements)

We are excited to announce the release of wolfBoot 2.4.0, the latest version of our universal secure bootloader. This update brings enhanced platform support, new features, and performance improvements to keep offering the best secure boot solution for all embedded systems.

Integration with wolfHSM and Improved delta updates
A major highlight of this release is the integration with wolfHSM, enabling secure key management through an externally-managed HSM. This integration allows for the transparent management and revocation of the stored public key, as well as support for post-quantum algorithms (ML-DSA).

Delta update detection mechanism has been improved and is now more reliable, with the addition of extra procedures for identifying base image versions.

New hardware targets and platform enhancements
wolfBoot 2.4.0 adds support for the NXP Layerscape LS1028A platform, extending compatibility with high-performance devices.

Support for existing platforms, including ARMv7-M/ARMv8-M, x86-FSP and Xilinx UltraScale+, has been updated with enhanced ARMASM integration, and improved QSPI DMA for efficient memory interaction. Support for Intel TigerLake has improved, with the addition of GDT table support.

New assembly optimizations introduced in latest wolfCrypt have introduced a significant improvement in boot time performance across all ARM family, from Cortex-M devices such as STM32 microcontroller up to the most powerful microprocessors supported.

Bug fixes and updated modules

Key fixes address potential issues in flash write-once mode. Moreover, the core modules have been updated to the latest versions, including wolfSSL 5.7.6 and wolfTPM 3.8.0.

wolfBoot security is powered by wolfCrypt. This means that the secure boot process can be certified to meet FIPS 140-3 requirements and DO-178C safety regulations.

Looking Ahead: Exciting Roadmap for 2025

This year, we’re setting our sights on expanding wolfBoot’s capabilities even further. Planned features include support for running wolfBoot as a supervisor in TrustZone-A, platform support for i.MX-8, and integration with the STM32 MP1 series. Stay tuned for these and more as we continue to innovate and enhance secure boot for all embedded systems.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

8 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL JNI/JSSE 1.15.0 is now available for download! This release contains a number of bug fixes and changes to the JNI and JSSE layers.

wolfSSL JNI/JSSE allows for easy use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for seamless integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of the wolfCrypt FIPS 140-3 validated cryptography module.

Changes in this release are summarized below, but please see ChangeLog.md for a full list.

JSSE System/Security Property Support:

  • wolfssljni.debug – a new System property that enables JNI-level debug logging. This will add debug logs for the lower-level “com.wolfssl.*” classes that are part of the thin wolfSSL JNI wrapper. This is helpful for those users who are using the thin wolfSS JNI wrapper, or for JSSE-level users who need additional low-level debug logging support.

JSSE Changes:

  • Close the underlying Socket when SSLSocket startHandshake() fails before an exception is thrown and returned to the caller.

  • Fix a potential NullPointerException in SSLSocket Input/OutputStream that could happen in a threaded environment with some threads blocked in select()/poll().

  • Add support for SSLSession.getRequestedServerNames() to return the client’s SNI (Server Name Indication) request on the server side.

  • Add checks for legacy DHE keys for cipher suites using keys less than 1024 bits.

  • Optimize Java byte array creation in SSLEngine objects when receiving app data. This has a positive impact on performance by reducing garbage collector pressure.

  • Add the ability for SSLSocket.close() to interrupt read()/write() operations waiting in select()/poll(). This can speed up the return of threads blocked in read or write operations when the socket is closed, instead of waiting for the socket timeout to occur.

JNI Changes:

  • Always call wolfSSL_get1_session() inside WolfSSLSession.getSession() for more consistent native memory handling and cleanup.

  • Call wc_RunAllCast_fips() with wolfCrypt FIPS builds if available. This will run all FIPS Conditional Algorithm Self Tests (CAST) up front when the wolfJSSE provider is registered.

  • Add the ability to pass CFLAGS to java.sh (ie: CFLAGS=”-DTEST_DEFINE” ./java.sh)

  • Remove incorrect ATOMIC_USER preprocessor gate around native wolfSSL_GetSide() inside JNI glue code.

Example Changes:

  • Updates the example Android Studio project, defining WOLFSSL_CERT_REQ and WOLFSSL_CUSTOM_CONFIG. These defines are either not needed, or automatically set when building native wolfSSL on a Linux/Unix platform with “./configure –enable-jni”.

Testing Changes:

  • Add GitHub Actions PRB test for Maven (Linux, macOS) builds

  • Add JUnit tests for SSLSession state at various points throughout the handshake

  • Add GitHub Actions PRB test for native wolfSSL with NO_SESSION_CACHE_REF defined

  • Add GitHub Actions PRB test for WOLFJNI_USE_IO_SELECT

wolfSSL JNI/JSSE 1.15.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

9 Topic by shizuka

(0 replies, posted in Announcements)

wolfCrypt JNI/JCE 1.8.0 is now available for download! This release contains a number of bug fixes, changes and new features to help better support usage from applications and 3rd party frameworks that consume wolfJCE internally.

wolfCrypt JNI/JCE allows for easy use of the native wolfCrypt cryptography library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfCrypt, or the JCE provider (wolfJCE) can be registered as a Java Security provider for seamless integration underneath the Java Cryptography API. wolfCrypt JNI/JCE can also support running on top of the wolfCrypt FIPS 140-3 validated cryptography module.

Changes in this release are summarized below, but please see ChangeLog.md for a full list.

New JCE Functionality:

  • Support for two new Java Security properties designed for use in edge cases where wolfJCE is being used with wolfCrypt FIPS 140-2/3 and the wolfJCE WKS KeyStore is replacing JKS and/or PKCS12 type KeyStore usage from applications for more complete FIPS compliance. Setting these properties to “true” will result in wolfJCE fake registering support for JKS and/or PKCS12 KeyStore support, but will automatically map it down to WKS KeyStore support internally. This can be helpful if using wolfJCE underneath Java code that hard-codes JKS/PKCS12 KeyStore types which cannot be changed, but the actual KeyStore files on disk can be updated to WKS type.

    • wolfjce.mapJKStoWKS

    • wolfjce.mapPKCS12toWKS

JNI and JCE Changes:

  • FIPS Conditional Algorithm Self Tests (CASTs) are now run once up front if wolfJCE is used with wolfCrypt FIPS 140-3, to prevent threaded app errors.

Example Changes:

  • Updated Android Studio example project CMakeLists.txt, defining WOLFSSL_CUSTOM_CONFIG

  • Addition of a JCE cryptography benchmark app (examples/provider/CryptoBenchmark.java). Basic AES-CBC/GCM benchmarks are in place now, but will be expanded to other algorithms in the near future.

Testing Changes:

  • Addition of GitHub Action testing for Maven (pom.xml) builds on macOS and Linux

wolfCrypt JNI/JCE 1.8.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now
wolfSSL is the best tested TLS

Go to forum: Announcements

10 Topic by shizuka

(0 replies, posted in Announcements)

Welcome 2025 with boundless possibilities and stronger security! We are excited to introduce wolfSSL 5.7.6, the latest update in open-source cybersecurity! Designed with the cleanest code, this release is packed with exciting enhancements:

  • Expanded Hardware Support: wolfSSL hardware support now includes RP2350 and STM32MP135F, with enhanced capabilities for RP2040 and Renesas TSIP.

  • Enhanced APIs: APIs introduced for simplified Curve25519 key decoding, stateless DTLS CID on the server side, and CRL callbacks.

  • Post-Quantum Cryptography Advances: Updated Post-Quantum ML-DSA features include parsing security levels from the DER encoding and expanded build options.

Dive into the ChangeLog for complete details on what wolfSSL 5.7.6 has to offer and start your year with a solution that works seamlessly right out of the box!

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

11 Topic by shizuka

(0 replies, posted in Announcements)

wolfCLU release 0.1.6 is available! wolfSSL’s command line utility (wolfCLU) is a drop in replacement for the OpenSSL command line utility. It’s a handy swiss army knife of common operations used, often great for system admins or test developers. Doing things such as creating and signing certificates, generating new keys, parsing X509 certificates into human readable form, and much more. This release has seen some fixes to wolfCLU along with exciting new features. One of the new features being the addition of support for post quantum Dilithium signature generation and verification. For a full list of changes check out the ChangeLog.md.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

12 Topic by shizuka

(0 replies, posted in Announcements)

wolfCrypt JNI/JCE 1.7.0 is now available for download! This release contains a number of bug fixes, changes and new features to help better support usage from applications and 3rd party frameworks that consume wolfJCE internally.
wolfCrypt JNI/JCE allows for easy use of the native wolfCrypt cryptography library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfCrypt, or the JCE provider (wolfJCE) can be registered as a Java Security provider for seamless integration underneath the Java Cryptography API. wolfCrypt JNI/JCE can also support running on top of wolfCrypt FIPS 140-2 and 140-3 validated modules.
Changes in this release are summarized below, but please see ChangeLog.md for a full list. Watch for individual future blogs on some of these topics as well for a more in depth description.

New JCE Functionality:

  • Addition of a new WolfSSLKeyStore (WKS) KeyStore implementation to help conform to FIPS 140-2 / 140-3 compliant KeyStore use

JNI and JCE Changes:

  • Build compatibility has been fixed with older Java versions that do not support BigInteger.longValueExact()

  • Detection of native RSA minimum key size (RSA_MIN_SIZE), and exposure of this minimum to Java via Rsa.RSA_MIN_SIZE

  • Fixes to pointer use when calling the native X509CheckPrivateKey() API

Example Changes:

  • Addition of a new Android Studio example IDE project, located under the “IDE/Android” directory. This can be useful as an example to see how CMakeLists.txt should be structured to build native wolfSSL and wolfCrypt JNI/JCE.

Testing Changes:

  • Facebook Infer is now run on all GitHub pull requests using GitHub Actions

  • Android Gradle builds are now tested on all GitHub pull requests using GitHub Actions

wolfCrypt JNI/JCE 1.7.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.
If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

13 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL JNI/JSSE 1.14.0 is now available for download! This release contains a number of bug fixes, changes and new features to help better support usage from applications and 3rd party frameworks that consume wolfJSSE internally.
wolfSSL JNI/JSSE allows for easy use of the native wolfSSL SSL/TLS library from Java. The thin JNI wrapper can be used for direct JNI calls into native wolfSSL, or the JSSE provider (wolfJSSE) can be registered as a Java Security provider for seamless integration underneath the Java Security API. wolfSSL JNI/JSSE provides TLS 1.3 support and can also support running on top of wolfCrypt FIPS 140-2 and 140-3 validated modules.
Changes in this release are summarized below, but please see ChangeLog.md for a full list. Watch for individual future blogs on some of these topics as well for a more in depth description.

New JNI and JSSE Functionality:

  • Addition of a new WKS KeyStore type to better facilitate FIPS compliance where needed

  • Performance and scalability improvement with the use of native poll() set as default over select()

  • Support for using RSA-PSS based certificates in TLS connections

  • Addition of LDAPS endpoint identification verification to X509ExtendedTrustManager

  • Two new JNI wrapped methods for native “wolfSSL_SessionIsSetup()” and “wolfSSL_SESSION_dup()

JSSE System/Security Property Support:

  • wolfjsse.debugFormat=JSON – a new System property to support outputting debug logs in JSON format, which can be more friendly for some log collection mechanisms

  • wolfjsse.clientSessionCache.disabled – a new Security property to disable the Java client-side session cache, which will prevent session resumption from occurring

JSSE Changes:

  • Native memory leak fixes, related to calls to wolfSSL_get_peer_certificate()

  • Optimizations to allow for easier and more efficient garbage collection

  • SSLEngine fixes for session storage, unwrap() FINISHED state transitions, HandshakeStatus when receiving TLS 1.3 session tickets after the handshake, correctly closing inbound on ALPN protocol name errors, and closure when fatal alerts are received

  • SSLSocket fixes for end of stream handling in InputStream read() calls

  • Fixes to throw expected or correct exceptions for several cases

  • SSLSession getPeerCertificates() returns correct X509Certificate array

  • Fixes around SSLSocket closure in a few different use cases

  • Client-side session resumption is now keyed on the cipher suite and protocol in addition to host and port

  • Build compatibility has been fixed with the older Android API 24, removing method calls not available in that SDK version

  • A potential deadlock on close() between SSLSocket and the associated InputStream read() or OutputStream write() calls has been fixed

Exchange Changes:

  • The Host String has been added into the HTTP GET request in the example ClientJSSE when used with the “-g” command line option

  • JNI-only threaded client/server example applications have been added which can be helpful for seeing or debugging session resumption at the JNI-only level

  • A basic RMI example client and server have been added, which can useful for reference and testing wolfJSSE over RMI

Testing Changes:

  • Facebook Infer is now run on all GitHub pull requests using GitHub Actions

  • TLS 1.0 and 1.1 JUnit tests are now run even if those protocols are disabled in the system “java.security” file, as long as native wolfSSL support has been compiled in

  • Android Gradle builds are now tested on all GitHub pull requests using GitHub Actions

wolfSSL JNI/JSSE 1.14.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfSSL JNI/JSSE User Manual can be found here. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

14 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL is proud to announce the release of wolfMQTT v1.19.1!

This release fixes an issue in the Espressif example and corrects some documentation issues.

Release 1.19.1 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.

Check out the ChangeLog from the download for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions. While you’re there, show us some love and give the wolfMQTT project a Star!

Download the latest release or clone directly from our GitHub repository.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

15 Topic by shizuka

(0 replies, posted in Announcements)

We are proud to announce the next release of wolfTPM that includes minor bug fixes and some exciting new features. The v3.6.0 release is incremental and part of our quarterly release schedule. Each release goes through additional testing including tests on actual TPM 2.0 hardware.

This release includes minor bug fixes and new features such as:

  • Provisioning the initial device (IDevID) and initial attestation (IAK)

    • New key templates and examples

    • New build option --enable-provisioning or WOLFTPM_PROVISIONING

  • Improved support for parsing for all TPM2_GetCapability capabilities

  • Improved the TPM TLS examples for use with WOLFTPM_MFG_IDENTITY

  • New TPM2_Certify example

  • New wolfTPM2_CreatePrimaryKey_ex API for creation ticket

  • Tested support with Nations NS350 TPM

The minor issues fixed are:

  • Issue with TPM2_GetRCString and RC_WARN error codes (broken in v3.4.0)

  • Issue with TPM2_SetupPCRSel on some PCR selection edge cases

  • Improved building without ECC or RSA or file system

The new v3.6.0 release can be downloaded on our website or on GitHub.com/wolfssl/woltpm

If you have questions about ay of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

16 Topic by shizuka

(0 replies, posted in Announcements)

wolfBoot 2.3.0 has finally been released! The universal secure bootloader extends its support to new platforms, improves existing ports, and introduces new groundbreaking features that set the pace to defining secure-boot for the next generation of embedded systems.

A New Era of Secure Boot with ML-DSA and Hybrid Authentication
The introduction of quantum resistant algorithms in the latest releases of wolfSSL has accelerated the integration of asymmetric cryptography in our secure boot solution. In 2023, wolfBoot v2.0.0 expanded its signature verification algorithms to include the hash-based stateful signatures LMS (+HSS) and XMSS (^MT). wolfBoot v2.3.0 further extends these options by introducing ML-DSA, as specified in FIPS-204, for verifying the authenticity of firmware and other critical components. Support for ML-DSA in wolfBoot is currently available in three variants: ML-DSA-44, ML-DSA-65 and ML-DSA-87, corresponding to NIST security category 2, 3 and 5, respectively.

Hybrid Authentication: Post-Quantum Meets Classic Cryptography
One of the most anticipated features in WolfBoot 2.3.0 is its support for hybrid authentication, a method that combines Post-Quantum Cryptography (PQC) algorithms with traditional cryptographic techniques like ECC and RSA. This hybrid approach strengthens security by combining the resilience of PQC, which resists quantum attacks, with the well-established reliability of classic algorithms. Pairing PQC algorithms with ECC521 offers a path toward CNSA 2.0 compliance, a set of guidelines for systems demanding the highest levels of security.

Hybrid authentication in WolfBoot secures the boot process by signing and validating boot images with a combination of PQC and traditional cryptography. This dual-layer protection approach ensures that even if one algorithm becomes vulnerable, the other remains resilient, offering a future-proof strategy for embedded systems as quantum computing capabilities grow.

Boot time optimization and performance monitoring
Thanks to the newly introduced assembly optimization for ARM in wolfCrypt, image verification times have been dramatically reduced. These ARM optimizations are now enabled by default on all Cortex-M devices.
New benchmark tools have been added to our continuous integration environment, to ensure that we can constantly monitor boot time, footprint size, runtime memory usage and other performance indicators.

Improved keystore and keyvault management
Starting with wolfBoot 2.3.0, it is now possible to store public keys of different sizes in the same trust anchor. This is a crucial feature to allow double signature verification in hybrid mode, or when integrating heterogeneous components in the boot chain, involving more than one cipher at a time.

PKCS11 key vault storage drivers have also been improved, and can now reliably store keys in non-volatile memories, ensuring compatibility with wolfPKCS11.

Hardware support

In this version, the following new targets have been added to the list of hardware platforms we support:

  • Infineon AURIX TriCore TC3xx

  • Microchip AT-SAMA5D3

  • Nordic nRF5340

Moreover, the support for some of the existing ports has been improved and stabilized. During the development of wolfBoot v. 2.3.0 we mostly worked on the following targets:

  • NXP i.MX-RT family: the capabilities have been extended, including the support for built-in High-Assurance Boot (HAB) mechanism, provided by the manufacturer. Flash interaction has improved, and DCACHE invalidation has been fine-tuned to increase performance

  • Renesas RX: improvements introduced for this family of microcontrollers include the introduction of a full-flash erase operation, a more efficient flash management and support for boot-time IRQ.

  • Raspberry Pi: added UART driver

Find out more about wolfBoot

Join our webinar “What’s new in wolfBoot” on November 21, 2024 to discover more details about wolfBoot 2.3.0 and our real-life scenarios for post-quantum cryptography adoption.

If you want to share your secure-boot experience with us or ask us anything on this topic, reach out via email at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

17 Topic by shizuka

(0 replies, posted in Announcements)

The latest version of wolfSSH, 1.4.19, brings improvements, stability fixes and an additional feature! DH Group 14 with SHA-256 Key Exchange (KEX) support was added in with this release.

Along with this new feature some of the improvements that were added are: CI testing, macro guards around TTY modes, use of wolfSSL kyber implementation, and an update to the Espressif example. Among the fixes there were additions for gracefully handling non-existent directories with SFTP and handling of re-key/window full cases with wolfSSHd. For a full list of changes see the bundled ChangeLog.md.

Contact facts@wolfssl.com for more information regarding wolfSSL and wolfSSH.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now

Go to forum: Announcements

18 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL release 5.7.4 is now available, with exciting optimizations for ARM devices and enhancements to post-quantum cryptography algorithms. If you’re using wolfSSL on RISC-V, we’ve also included new performance enhancements specifically for RISC-V devices. Alongside these optimizations and new features, several important fixes were made. One notable fix involves the behavior of X509_STORE_add_cert() and X509_STORE_load_locations() functions to better align with OpenSSL when the compatibility layer is enabled.
Below are some of the key changes in this release. For a more comprehensive list, refer to the ChangeLog.

New Features and Additions

  • RISC-V 64: Added new assembly optimizations for SHA-256, SHA-512, ChaCha20, Poly1305, and SHA-3 (PRs 7758, 7833, 7818, 7873, 7916).

  • DTLS 1.2 Connection ID: Implemented support for Connection ID (CID) (PR 7995).

  • DevkitPro Support: Added support for (DevkitPro)libnds (PR 7990).

  • Mosquitto: Added a port for Mosquitto OSP (Open Source Project) (PR 6460).

  • sssd: Added a port for init sssd (PR 7781).

  • eXosip2: Added support for eXosip2 (PR 7648).

  • STM32G4: Added support for STM32G4 (PR 7997).

  • MAX32665 and MAX32666: Added support for TPU hardware and ARM ASM crypto callback (PR 7777).

  • libspdm: Added support for building wolfSSL to be used in libspdm (PR 7869).

  • Nucleus Plus: Added support for use with Nucleus Plus 2.3 (PR 7732).

  • RFC5755 Attribute Certificates: Initial support for x509 attribute certificates (acerts) with --enable-acert (PR 7926).

  • PKCS#11 RSA Padding Offload: Allows tokens to perform CKM_RSA_PKCS (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt) (PR 7750).

  • Heap/Pool Allocation: Added “new” and “delete” style functions for heap/pool allocation and freeing of low-level crypto structures (PRs 3166, 8089).

Espressif / Arduino Updates

  • Updated wolfcrypt settings.h

  • Updated Espressif SHA, utility, memory, and time helpers (PR 7955).

  • Fixed _thread_local_start and _thread_local_end for Espressif (PR 8030).

  • Enhanced benchmarking for Espressif devices (PR 8037).

  • Introduced Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME in Kconfig (PR 7866).

  • Added wolfSSL esp-tls

  • Updated wolfSSL release for Arduino (PR 7775).

Post-Quantum Crypto Updates

  • Dilithium: Support for fixed-size arrays in dilithium_key (PR 7727).

  • Dilithium Precalc: Added option to use precalc with small sign (PR 7744).

  • Kyber FIPS: Allowed Kyber to be built with FIPS (PR 7788).

  • Kyber in Linux Kernel: Enabled Kyber ASM usage in Linux kernel module (PR 7872).

  • Dilithium, Kyber: Updated to final specifications (PR 7877).

  • Dilithium FIPS: Supported FIPS 204 Draft and Final Draft (PRs 7909, 8016).

ARM Assembly Optimizations

  • ARM32: Added assembly optimizations for ChaCha20 and Poly1305 (PR 8020).

  • Poly1305 Aarch64: Improved Poly1305 assembly optimizations for Aarch64 (PR 7859).

  • Poly1305 Thumb-2: Poly1305 Thumb-2

  • STM32CubePack: Added ARM ASM build option to STM32CubePack (PR 7747).

  • Visual Studio: Added ARM64 support to the Visual Studio project (PR 8010).

  • Kyber ARM Optimizations: Added assembly optimizations for ARM32, Aarch64, ARMv7E-M, and ARMv7-M (PRs 8040, 7998, 7706).

If you have questions about any of the above, please contact us facts@wolfssl.com or +1 425 245 8247.
wolfSSL is the best tested TLS

Go to forum: Announcements

19 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL is proud to announce the release of wolfProvider 1.0.1. This release contains several fixes and improvements. Most notably, we have added AES CFB support. A better logging of code execution has been added to make debugging easier. Scripted compilation of dependencies (such as wolfSSL and OpenSSL) have been added to get started easier.

WolfProvider is intended for use by customers who want to have a FIPS validated module, but are already invested with using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by OpenSSL. The wolfProvider uses the wolfCrypt engine underneath which is FIPS 140-3 certified.

Refer to the README.md found in the release for usage instructions. We also maintain a ChangeLog.md for a list of changes in each release.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.
wolfSSL is the best tested TLS

Go to forum: Announcements

20 Topic by shizuka

(0 replies, posted in Announcements)

wolfSSL is proud to announce the release of wolfProvider 1.0.0 (https://github.com/wolfSSL/wolfProvider … tag/v1.0.0). This release is the first official support for being a Provider for OpenSSL 3.x. Intended for use by customers who want to have a FIPS validated module, but are already invested in using OpenSSL. The provider gives drop-in replacements for the cryptographic algorithms used by OpenSSL. The wolfProvider uses the wolfCrypt engine underneath which is FIPS 140-3 certified.

Refer to the README.md (https://github.com/wolfSSL/wolfProvider … /README.md) found in the release for usage instructions. We also maintain a ChangeLog.md (https://github.com/wolfSSL/wolfProvider … angeLog.md) for a list of changes in each release.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.
wolfSSL is the best tested TLS

Go to forum: Announcements

21 Topic by shizuka

(0 replies, posted in Announcements)

It is Christmas in July! The summer release of wolfSSH is here, version 1.4.18!

Version 1.4.18 brings with it bug fixes, new features, and some enhancements as well! New features in this release include new algorithms and a memory configuration option.

We also have a nice round of enhancements which range from channel setup callbacks, better testing, improved portability, and more!

New Features

  • wolfSSL style static memory pool allocation support.

  • Ed25519 public key support.

  • Banner option for wolfSSHd configuration.

  • Non-blocking socket support to the example SCP client.

Improvements

  • Documentation updates.

  • Update the Zephyr test action.

  • Add a no-filesystem build to the Zephyr port.

  • Update the macOS test action.

  • Refactor certificate processing. Only verify certificates when a signature is present.

  • Update the Kyber test action.

  • Refactor the Curve25519 Key Agreement support.

  • Update the STM32Cube Pack.

  • Increase the memory that Zephyr uses for a heap for testing.

  • Add a macro wrapper to replace the ReadDir function.

  • Add callback hook for keying completion.

  • Add function to return strings for the names of algorithms.

  • Add asynchronous server side user authentication.

  • Add ssh-rsa (SHA-1) to the default user auth algorithm list when sha1-soft-disable is disabled.

  • Update Espressif examples using Managed Components.

  • Add SCP test case.

  • Refactor RSA sign and verify.

  • Refresh the example echoserver with updates from wolfSSHd.

  • Add callback hooks for most channel messages including open, close, success, fail, and requests.

  • Reduce the number of memory allocations SCP makes.

  • Improve wolfSSHd’s behavior on closing a connection. It closes channels and waits for the peer to close the channels.

Fixes

  • Refactor wolfSSHd service support for Windows to fix PowerShell Write-Progress.

  • Fix partial success case with public key user authentication.

  • Fix the build guards with respect to cannedKeyAlgoNames.

  • Error if unable to open the local file when doing a SCP send.

  • Fix some IPv6 related build issues.

  • Add better checks for SCP error returns for closed channels.

  • In the example SCP client, move the public key check context after the WOLFSSH object is created.

  • Fix error reporting for wolfSSH_SFTP_STAT.

  • In the example SCP client, fix error code checking on shutdown.

  • Change return from wolfSSH_shutdown() to WS_CHANNEL_CLOSED.

  • Fix SFTP symlink handling.

  • Fix variable initialization warnings for Zephyr builds.

  • Fix wolfSSHd case of non-console output handles.

  • Fix testsuite for single threaded builds. Add single threaded test action.

  • Fix wolfSSHd shutting down on fcntl() failure.

  • Fix wolfSSHd on Windows handling virtual terminal sequences using exec commands.

  • Fix possible null dereference when matching MAC algos during key exchange.

Visit our download page (https://www.wolfssl.com/download/) or wolfSSH GitHub repository (https://github.com/wolfSSL/wolfssh) to download the release bundle, and feel free to email us at facts@wolfssl.com or support@wolfssl.com or call us at +1 425 245 8247 with any questions about the wolfSSH embedded SSH library or other products.
wolfSSL is the best tested TLS

Go to forum: Announcements