wolfSSL released wolfCOSE, a lightweight C library implementing CBOR and COSE standards for embedded systems. The library delivers all six RFC 9052 message types including single-signer and multi-recipient variants, making it suitable for firmware signing, attestation, and fleet configuration workflows in resource-constrained environments.

The implementation supports 40 algorithms across signing, encryption, MAC, and key distribution operations. Developers can configure minimal builds at just 7.5 KB for core Sign1 and Encrypt0 functionality, or full builds at 25.6 KB. Zero dynamic allocation means all operations use caller-provided buffers, while full COSE lifecycle operates in under 1KB RAM excluding crypto internals.

wolfCOSE integrates with wolfSSL as its crypto backend, supporting ES256/384/512, EdDSA, RSA-PSS, and post-quantum ML-DSA signing at all security levels. Encryption covers AES-GCM, ChaCha20-Poly1305, and AES-CCM variants. The library maintains FIPS 140-3 certification path through wolfCrypt FIPS Certificate #4718.

Commercial licensing and support are available through wolfSSL, though the project currently lacks official product status. The codebase achieves 99.3% test coverage and complies with both MISRA C 2012 and 2023 standards, positioning it for aerospace and automotive safety-critical applications.