Due to NDA restrictions, access to the Infineon, ST Micro, TI, and Renesas ports is limited. Please contact support@wolfssl.com for access.
- Added TLS transport for authentication between client and server peers in wolfSSL#227
- Added global keystore enabling cryptographic keys to be shared across multiple clients with automatic cache routing in wolfSSL#224
- Added key usage policy flags (encrypt, decrypt, sign, verify, wrap, derive) set by clients and enforced by the server in wolfSSL#233
- Added server thread safety with NVM locking abstraction, enabling multiple server contexts to safely share NVM and global keystore resources in wolfSSL#275
- Added logging framework with callback-based backend, ring buffer, and POSIX file log engines in wolfSSL#253
- Added NVM object flag enforcement including non-destroyable flag and key revocation support in wolfSSL#263
- Added ED25519 signature scheme support with DMA in wolfSSL#254
- Added NIST SP 800-108 CMAC KDF support in wolfSSL#228
- Added generic data wrap/unwrap for server-side data wrapping in wolfSSL#226
- Fixed potential DMA buffer handling errors where request buffer sizes were overwritten by server responses in wolfSSL#284
- Fixed potential buffer overflow in key cache by capping label size and corrected variable name logic error in
wh_Client_CommInfoResponsein wolfSSL#234 - Fixed CMAC DMA message struct padding, alignment bugs in SHE code, and test key cache leaks in wolfSSL#285
- Fixed ECDH without DERIVE flag with
WOLF_CRYPTOCB_ONLY_ECCin wolfSSL#251 - Fixed compilation with
NO_AESdefined and removed extra printfs in wolfSSL#260 - Fixed wrong
#endifplacement inwh_client_crypto.cand#includeorder innvm_flash_log.hin wolfSSL#243 - Fixed SHE NVM metadata struct initialization so flags are set to 0 in wolfSSL#273
- Added NULL checks to message translation functions and additional input sanitization to server request handlers in wolfSSL#236 and wolfSSL#240
- Refactored CMAC to use client-held state instead of persisting state on the server, and deprecated the cancellation API in wolfSSL#279
- Refactored debug macros to replace all printf usage with
WOLFHSM_CFG_PRINTF-based wrappers in wolfSSL#207 - Expanded static memory DMA offset feature to CMAC, SHA-224, SHA-384, SHA-512, and ML-DSA in wolfSSL#191
- Changed wrap object size argument from input-only to in/out in wolfSSL#241
- Added scan-build static analysis GitHub Action in wolfSSL#195
- Added ECDSA cross-validation test with software implementation in wolfSSL#277
Due to NDA restrictions, access to the Infineon, ST Micro, TI, and Renesas ports is limited. Please contact support@wolfssl.com for access.
- Introduced key wrap client/server APIs with demos and tests in wolfSSL#157 and wolfSSL#185
- Added HKDF key derivation with cached-key reuse support in wolfSSL#204 and wolfSSL#211
- Added image manager module for authenticated firmware handling in wolfSSL#129
- Added non-exportable object support and basic NVM access controls in wolfSSL#147
- Added flash-log based NVM backend for large write granularities in wolfSSL#179
- Added SHA-224/384/512 crypto support across client and server in wolfSSL#144
- Expanded DMA coverage to AES-GCM, RNG seeding, and shared-memory offset transfers in wolfSSL#158, wolfSSL#213, and https://github.com/wolfSSL/wolfHSM/commit/36862ce7e6829c3f996345cad880fdfe516d751f
- Enforced NVM object boundaries during reads in wolfSSL#182
- Prevented stale data reads from erased flash pages in wolfSSL#181
- Corrected NVM flash state handling when recovery is required in wolfSSL#175
- Fixed AES-CTR temporary buffer sizing in wolfSSL#183
- Restored AES-GCM DMA post-write callbacks and optional output handling in wolfSSL#215 and wolfSSL#221
- Fixed POSIX TCP socket error handling in wolfSSL#203
- Added GitHub Action based code coverage reporting in wolfSSL#201
- Added clang-format and clang-tidy automation in wolfSSL#176 and wolfSSL#167
- Added ASAN configuration to example builds and CI workflows in wolfSSL#218
- Improved benchmark tooling and shared memory transport configurability in wolfSSL#158
Due to NDA restrictions, access to the Infineon, ST Micro, and Renesas ports is limited. Please contact support@wolfssl.com for access.
- Basic X509 certificate support in wolfSSL#96
- DMA support for CMAC in wolfSSL#97
- attribute certificate support in wolfSSL#101
- Add benchmark framework in wolfSSL#107
- client/server-only builds + relocate examples in wolfSSL#122
- Fix flashunit program in wolfSSL#104
- Keycache test fixes in wolfSSL#125
- Refactor DMA API to be generic across all address sizes in wolfSSL#102
- Remove whPacket union in wolfSSL#103
- set RNG on curve25519 keys to support blinding in wolfSSL#109
- new x509 API: verify and cache pubKey in wolfSSL#110
- Add hierarchical makefiles in wolfSSL#124
Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
- Added support for ML-DSA (PR#84 and PR#86)
- Added support for DMA-based keystore operations (PR#85)
- Fixes memory error in ECC verify (PR#81)
- Removes unused argument warnings on 32 bit targets (PR#82)
- Fixes memory leak in SHE test (PR#88)
- Improved handling of Curve25519 DER encoded keys using new wolfCrypt APIs (PR#83)
Bug-fix release. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
- Initial release of whnvmtool to pre-build NVM images (PR#77)
- Corrected FreshenKey server function to load keys from NVM when not in cache (PR#78)
- Updated RSA key handling to support private-only and public-only keys (PR#76)
Initial release after internal and early evaluator testing. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
- POSIX simulator and test environment
- Memory fencing and cache controls for memory transport
- Support for Aurix Tricore TC3xx and ST SPC58NN
- DMA support for SHA2 and NVM objects
- Cancellation for CMAC
- Support NO_MALLOC and STATIC_MEMORY
- SHE+ interface
- Reduction in static server memory requirements
- Hardware offload for AURIX and ST C3 modules