Skip to content

wolfPKCS11 Release 2.1 (Jun 25, 2026)

Latest

Choose a tag to compare

@LinuxJedi LinuxJedi released this 25 Jun 14:22
caeaaa5

Summary

This release adds post-quantum cryptography support (ML-DSA and ML-KEM), CMake
build support, and Doxygen API documentation. It also closes a large number of
PKCS#11 specification compliance gaps and bugs found through static and
negative analysis, hardens memory safety in response to external security
reports, and improves CI and interoperability testing.

Compatibility with 2.0 behavior

Several PKCS#11 attribute defaults were corrected to match the specification.
These changes can affect applications and stored tokens created with 2.0. The
following build defines restore the pre-2.1 (2.0) behavior if needed:

  • WOLFPKCS11_LEGACY_COPYABLE_FALSE_DEFAULT - restore the old behavior where an
    unset CKA_COPYABLE reads back as CK_FALSE (the PKCS#11 default is
    CK_TRUE).
  • WOLFPKCS11_LEGACY_PRIVATE_FALSE_DEFAULT - restore the old behavior where an
    unset CKA_PRIVATE reads back as CK_FALSE for CKO_PRIVATE_KEY /
    CKO_SECRET_KEY (the PKCS#11 default is CK_TRUE). Also disables the
    matching login-state check on object creation.
  • WOLFPKCS11_LEGACY_WRAP_TRUE_DEFAULT - restore the old behavior where an
    unset CKA_WRAP / CKA_UNWRAP defaults to CK_TRUE (the PKCS#11 default is
    CK_FALSE).

See the "Behavior changes for PKCS#11 spec compliance" section above for the
related C_DeriveKey, C_CopyObject, C_DestroyObject, encapsulation and
C_Login enforcement changes.

Detail

  • Added ML-DSA (Dilithium) support, including CKA_SEED private key import.
    (PR #161)
  • Added ML-KEM support. (PR #175)
  • Added preparation work for post-quantum cryptography support. (PR #157)
  • Renamed ML-DSA mechanisms/identifiers to the final naming. (PR #188)
  • Added CMake build support. (PR #156)
  • Added PKCS#11 Doxygen API documentation. (PR #144)
  • Added support for CKR_OPERATION_ACTIVE. (PR #176)
  • Use the DHUK to wrap/unwrap the seed value used for the token. (PR #159)
  • Added file storage safety to wolfPKCS11. (PR #150)
  • Fixed empty PIN handling for FIPS. (PR #143)
  • Fixed loading a token with an empty PIN. (PR #158)
  • Fixed SHA-512 truncated forms (SHA-512/224 and SHA-512/256). (PR #147)
  • Fixed C_WrapKey not checking CKA_EXTRACTABLE on the key being wrapped.
    (PR #165)
  • Fixed falseVal initialized to CK_TRUE instead of CK_FALSE. (PR #162)
  • Fixed a read-only lock not being released on an early return. (PR #163)
  • Added a missing NULL check. (PR #166)
  • Fixed a typo in an #ifndef macro. (PR #167)
  • Fixed a typo in configure.ac. (PR #164)
  • Fixed resource leaks and ensured secure buffer erasing. (PR #172)
  • Fixed numerous PKCS#11 compliance and static analysis findings from Fenrir.
    (PR #168, PR #169, PR #171, PR #173, PR #178, PR #185, PR #186, PR #187,
    PR #189, PR #194, PR #196, PR #197, PR #198)
  • Hardened memory safety across several operations in response to external
    security reports: bounded the RSA verify-recover output length and validated
    the mechanism and key type before use, bounded secret-key length handling and
    the HKDF derive output length, guarded against length underflow when decoding
    stored symmetric keys, clamped key zeroization, and dropped the active object
    reference on C_DestroyObject so completing an operation can no longer read
    freed memory. (PR #201)
  • Added negative testing and validation for wolfPKCS11. (PR #179)
  • Added Fenrir findings fixes and test additions. (PR #177)
  • Added a multi-call HMAC regression test. (PR #181)
  • Added a C_VerifyRecover test and fixed test attributes. (PR #184)
  • Fixed ML-KEM templates in tests. (PR #183)
  • Fixed a couple of failing tests. (PR #145)
  • Added an interoperability test against wolfSSL master. (PR #148)
  • Added a wolfBoot integration test to intercept regressions. (PR #170)
  • Reduced the wolfBoot integration test flow (unstable emulator). (PR #174)
  • Removed --enable-cryptocb usage. (PR #149)
  • Fixed CI failures from upstream dependency drift. (PR #180)
  • Fixed CI issues. (PR #182)
  • Fixed the Firefox Dockerfile. (PR #160)
  • Fixed Debian rules for the documentation. (PR #153)
  • Fixed CK_ULONG length truncation in C_GenerateRandom and C_SeedRandom.
    (PR #199)
  • Fixed the wolfSSL interoperability build by defining
    WOLFPKCS11_USER_SETTINGS. (PR #200)
  • Updated copyright years and fixed the configure.ac start year. (PR #191)
  • Shipped the CMake package configuration in the Debian -dev package.
    (PR #192)
  • Used FIPS-compliant length user PINs across the test suite. (PR #193)
  • Added per-job timeouts to all CI workflows. (PR #195)
  • Added CI coverage for C++ builds. (PR #190)
  • Thanks to Denis Mingulov for contributing the C_GenerateRandom /
    C_SeedRandom length-truncation fix (PR #199) and for reporting several of
    the memory-safety issues fixed in PR #201 (oversized CKA_VALUE_LEN
    handling, the RSA verify-recover output-length type-punning, and the
    use-after-free of an active object on C_DestroyObject).