Releases: wolfSSL/wolfHSM
Releases · wolfSSL/wolfHSM
wolfHSM-v1.4.0
wolfHSM Release v1.4.0 (February 16, 2026)
Due to NDA restrictions, access to the Infineon, ST Micro, TI, and Renesas ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- Added TLS transport for authentication between client and server peers in #227
- Added global keystore enabling cryptographic keys to be shared across multiple clients with automatic cache routing in #224
- Added key usage policy flags (encrypt, decrypt, sign, verify, wrap, derive) set by clients and enforced by the server in #233
- Added server thread safety with NVM locking abstraction, enabling multiple server contexts to safely share NVM and global keystore resources in #275
- Added logging framework with callback-based backend, ring buffer, and POSIX file log engines in #253
- Added NVM object flag enforcement including non-destroyable flag and key revocation support in #263
- Added ED25519 signature scheme support with DMA in #254
- Added NIST SP 800-108 CMAC KDF support in #228
- Added generic data wrap/unwrap for server-side data wrapping in #226
Bug Fixes
- Fixed potential DMA buffer handling errors where request buffer sizes were overwritten by server responses in #284
- Fixed potential buffer overflow in key cache by capping label size and corrected variable name logic error in
wh_Client_CommInfoResponsein #234 - Fixed CMAC DMA message struct padding, alignment bugs in SHE code, and test key cache leaks in #285
- Fixed ECDH without DERIVE flag with
WOLF_CRYPTOCB_ONLY_ECCin #251 - Fixed compilation with
NO_AESdefined and removed extra printfs in #260 - Fixed wrong
#endifplacement inwh_client_crypto.cand#includeorder innvm_flash_log.hin #243 - Fixed SHE NVM metadata struct initialization so flags are set to 0 in #273
- Added NULL checks to message translation functions and additional input sanitization to server request handlers in #236 and #240
Enhancements and Optimizations
- Refactored CMAC to use client-held state instead of persisting state on the server, and deprecated the cancellation API in #279
- Refactored debug macros to replace all printf usage with
WOLFHSM_CFG_PRINTF-based wrappers in #207 - Expanded static memory DMA offset feature to CMAC, SHA-224, SHA-384, SHA-512, and ML-DSA in #191
- Changed wrap object size argument from input-only to in/out in #241
- Added scan-build static analysis GitHub Action in #195
- Added ECDSA cross-validation test with software implementation in #277
wolfHSM-v1.3.0
wolfHSM Release v1.3.0
Due to NDA restrictions, access to the Infineon, ST Micro, TI, and Renesas ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- Introduced key wrap client/server APIs with demos and tests in #157 and #185
- Added HKDF key derivation with cached-key reuse support in #204 and #211
- Added image manager module for authenticated firmware handling in #129
- Added non-exportable object support and basic NVM access controls in #147
- Added flash-log based NVM backend for large write granularities in #179
- Added SHA-224/384/512 crypto support across client and server in #144
- Expanded DMA coverage to AES-GCM, RNG seeding, and shared-memory offset transfers in #158, #213, and 36862ce
Bug Fixes
- Enforced NVM object boundaries during reads in #182
- Prevented stale data reads from erased flash pages in #181
- Corrected NVM flash state handling when recovery is required in #175
- Fixed AES-CTR temporary buffer sizing in #183
- Restored AES-GCM DMA post-write callbacks and optional output handling in #215 and #221
- Fixed POSIX TCP socket error handling in #203
Enhancements and Optimizations
wolfHSM-v1.2.0
wolfHSM Release v1.2.0 (June 27, 2025)
Due to NDA restrictions, access to the Infineon, ST Micro, and Renesas ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- Basic X509 certificate support in #96
- DMA support for CMAC in #97
- attribute certificate support in #101
- Add benchmark framework in #107
- client/server-only builds + relocate examples in #122
Bug Fixes
Enhancements and Optimizations
wolfHSM-v1.1.0
wolfHSM Release v1.1.0 (January 23, 2025)
Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- Added support for ML-DSA (PR#84 and PR#86)
- Added support for DMA-based keystore operations (PR#85)
Bug Fixes
- Fixes memory error in ECC verify (PR#81)
- Removes unused argument warnings on 32 bit targets (PR#82)
- Fixes memory leak in SHE test (PR#88)
Enhancements and Optimizations
- Improved handling of Curve25519 DER encoded keys using new wolfCrypt APIs (PR#83)
Update with Bug Fix
wolfHSM Release v1.0.1 (October 21, 2024)
Bug-fix release. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- Initial release of whnvmtool to pre-build NVM images (PR#77)
Bug Fixes
- Corrected FreshenKey server function to load keys from NVM when not in cache (PR#78)
Enhancements and Optimizations
- Updated RSA key handling to support private-only and public-only keys (PR#76)
Initial Release
Initial release after internal and early evaluator testing. Due to NDA restrictions, access to the Infineon and ST Micro ports is limited. Please contact support@wolfssl.com for access.
New Feature Additions
- POSIX simulator and test environment
- Memory fencing and cache controls for memory transport
- Support for Aurix Tricore TC3xx and ST SPC58NN
- DMA support for SHA2 and NVM objects
- Cancellation for CMAC
- Support NO_MALLOC and STATIC_MEMORY
- SHE+ interface
Enhancements and Optimizations
- Reduction in static server memory requirements
- Hardware offload for AURIX and ST C3 modules