wolfCrypt JNI/JCE 1.10.0 is now available for download! This release brings new JCE Cipher support for RSA OAEP padding schemes and RSA key wrapping (WRAP/UNWRAP modes), a PKIX CertPathBuilder implementation using native wolfSSL X.509 functionality, default FIPS error callback registration, new JNI utilities for hex string conversion and PEM-to-DER, enhanced WolfSSLX509StoreCtx methods, and two new system properties for flexible native library loading and OCSP/CRL timeouts. Along with these additions, 1.10.0 delivers extensive bug fixes, memory-safety improvements, FIPS compliance enhancements, and an expanded testing matrix.

New JCE Functionality:

Add Cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding support
Add Cipher RSA/ECB/OAEPWithSHA-1AndMGF1Padding support
Add Cipher WRAP_MODE and UNWRAP_MODE support for RSA-based key wrapping
Add PKIX CertPathBuilder implementation using native wolfSSL X509_STORE
Add jdk.certpath.disabledAlgorithms enforcement to CertPathBuilder and CertPathValidator
Register default FIPS error callback in WolfCryptProvider for FIPS error debugging
Enrich WolfCryptException with FIPS module status for FIPS_NOT_ALLOWED_E errors
Add Java 9+ module support (JPMS) for jlink compatibility

New JNI Functionality:

Add hex string conversion via WolfCrypt.toHexString() and WolfCrypt.hexStringToByteArray()
Add PEM to DER conversion support for keys and certificates
Add setFlags() and setVerificationTime() methods to WolfSSLX509StoreCtx

New Property Support:

**wolfssl.skipLibraryLoad** System property - Skip automatic System.loadLibrary() calls for advanced embedding scenarios
**wolfjce.ioTimeout** System property - Configure OCSP/CRL IO timeouts

Bug Fixes & Reliability Improvements

Beyond the new features, version 1.10.0 includes a substantial set of bug fixes and reliability improvements focused on FIPS error visibility, cryptographic correctness, input validation, and memory safety:

Fixed FIPS error callback lifecycle (including proper deregistration in JNI_OnUnload)

Corrected Ed25519 signature length handling, RSA public-key flattening/export, unsigned return values, and pointer casts

Added HMAC/ByteBuffer/offset-length bounds validation, improved NULL checks, and missing releaseByteArray() calls across ECC, RSA, ChaCha, and AES-GCM

Implemented defensive copies of IV arrays, constant-time GMAC tag verification, secure zeroization of keys and buffers, and proper cleanup for AES-CTR/AES-OFB/GMAC

Fixed signed integer overflow risks in bounds checks, DH key export paths, ECC private-key import curve handling, and reduced unnecessary WC_RNG allocations

Expanded FIPS-compliant SecureRandom sanitization and fixed threaded MessageDigest hangs on FIPS errors

Expanded Testing & CI Infrastructure

CI coverage has been expanded with new workflows and modern platform support:

**Java 24** and **25** tests added to GitHub Actions workflows

**Linux 32-bit testing** with Java 17 via GitHub workflow

UndefinedBehaviorSanitizer (**UBSan**) GitHub workflow

**SpotBugs** static analysis target and dedicated GitHub Actions workflow

**Android FIPS Ready** automated emulator testing via GitHub workflow

**Java 9+ module (JPMS)** testing workflow

Improved JUnit test reliability for FIPS mode and CI environments

New Examples

Added CertPathBuilder and CertPathValidator example demonstrating PKIX path building and validation with disabledAlgorithms enforcement

Updated Android example project: migrated from jcenter() to mavenCentral() and AndroidX, added Gradle wrapper with distributionSha256Sum, JKS-to-BKS KeyStore conversion script for testing, and CMakeLists.txt exclusion list updates

wolfCrypt JNI/JCE 1.10.0 can be downloaded from the wolfSSL download page, and an updated version of the wolfCrypt JNI/JCE User Manual can be found here. Full details on this release can be seen in the ChangeLog.md on GitHub. For any questions, or to get help using wolfSSL products in your projects, contact us at support@wolfssl.com.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now