wolfSSHd Works on Windows!

Did you know that the recent SSHd addition to wolfSSH has also been ported over to Windows? It can run as a service and host incoming SSH, SFTP, and SCP connections. This took some effort in the engineering department here at wolfSSL. Getting interop with clients using Linux terminals streamlined and porting over the wolfSSHd authentication methods. All of this is taken care of in the background making it easy to get up and running. Making use of wolfSSH also gains the advantage of post quantum support along with the cryptographic library wolfCrypt. Additionally providing the capability to be FIPS certified! For more information about using wolfSSHd on Windows contact facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

How to build a smaller wolfSSL library when used with cURL?

The size of software builds can often be a concern for developers, particularly in embedded systems or other resource-constrained environments. Recently, a change was made to the wolfSSL library that has resulted in smaller build sizes when used with the popular cURL library.
When building wolfSSL, this recent change removes the need for using

–enable-opensslextra

instead only requires

–enable-opensslextra=x509small CPPFLAGS=-DHAVE_CURL

This compiles out a lot of compatibility layer functionality (used for ripping out and replacing OpenSSL) that is not needed by cURL. This change can be especially beneficial in resource-constrained environments where smaller builds are crucial. Find more information about using wolfSSL with cURL or about the even smaller tiny-curl. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

What Operating Systems has wolfSSL been ported to?

When embarking on a project the operating system used is a hard choice and limiting factor. Many embedded IoT projects even do without the operating system due to resource constraints. wolfSSL is a compact, highly customizable, and open-source SSL/TLS library that provides encryption, authentication, and secure communication. One remarkable feature, among many, of wolfSSL is its versatility – it has been ported to a large selection of operating systems, enabling developers to integrate robust security into a diverse range of platforms.

Ported operating systems range all the way from the obvious and expected operating systems to embedded and niche operating system:

  1. Linux (embedded Linux, Yocto Linux, PetaLinux, Debian, and more)
  2. Windows
  3. MacOS
  4. FreeBSD, NetBSD, OpenBSD
  5. Android
  6. iOS
  7. QNX
  8. FreeRTOS, SafeRTOS
  9. VxWorks
  10. GreenHills INTEGRITY
  11. ThreadX
  12. WinCE
  13. TRON
  14. Micrium
  15. MQX
  16. embOS
  17. TOPPERS
  18. RIOT
  19. CMSIS-RTOS
  20. TinyOS
  21. Nucleus
  22. Solaris
  23. OpenWRT
  24. TI-RTOS
  25. Keil RTX
  26. MontaVista
  27. NonStop
  28. Zephyr
  29. Azure Sphere OS
  30. Deos
  31. PikeOS
  32. Apache Mynewt
  33. AIX
  34. HP/UX
  35. Nintendo Wii and Gamecube with DevKitPro
  36. And many more that wolfSSL could work on…

wolfSSL has been developed from the ground up to work well in embedded devices and edge devices. This design has lent itself well for easily porting over to many different operating systems. If you are working on a project that has a need for some excellent security contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

wolfSSL Micrium Port Updated

Users of Micrium secured by wolfSSL rejoice! We recently added support for Micrium to utilize the hardware RNG of STM32 platforms. Also we updated the port to include the application configuration to take advantage of TCP IP settings in the Micrium network headers.

Micrium users can take advantage of wolfSSL’s best-tested security library, including support for TLS 1.3. and DTLS 1.3. For instructions on how to build and integrate the examples on your projects or to see the benchmark results, please see the README located in “IDE/ECLIPSE/MICRIUM”. For any questions or help getting wolfSSL up and running in your environment, please contact us at support@wolfssl.com.

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Webinar: Linux Kernel Mode

Exciting news for Linux Kernel Module developers and developers who are interested in diving into Linux Kernel Module. Join us for a webinar on Linux Kernel Mode hosted by wolfSSL Engineer Daniel Pouzzner.

Watch the webinar here: Linux Kernel Mode

After wolfSSL 4.6.0 introduced initial support for building as a Linux kernel module, and providing native wolfCrypt and wolfSSL APIs to other kernel modules in December 2020, wolfSSL Linux Kernel Module support has grown by leaps and bounds, with new support for public key(PK) cryptographic acceleration, FIPS 140-3, accelerated crypto in IRQ handlers, portability improvements, and overall feature completeness.

wolfSSL engineer, Daniel Pouzzner, will showcase how wolfSSL Linux Kernel Mode can enhance your projects. It is your opportunity to learn knowledge and technical skills. Watch it now!

As always we will have a Q&A Session following the webinar.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Download wolfSSL

wolfSSL Supports TSIP v1.17

wolfSSL 5.6.3 adds support for Renesas TSIP v1.17 and extends some of the TLS handshake operations to use this cryptographic accelerator. TSIP v1.17 adds the ability to handle CertificateVerify messages over TLS. This feature is used for both validation and generation of messages exchanged with the server. Of course, both TLS1.2 and 1.3 can handle both ECC and RSA certificates.

Example applications for Renesas RX series MCUs with Renesas IDE e2studio project files are provided in the wolfSSL package, included in the /IDE/Renesas/e2studio/RXxx folders. Detailed instruction manuals written both in English and Japanese will help you get started with wolfSSL on these platforms quickly.

If you have any questions or want to know more details, lease contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Webinar: Espressif

Commercial-grade encryption tools are essential in every developer’s programming toolbox. We are excited to announce a live webinar presented by Jim aka gojimmypi, wolfSSL Engineer, where he will discuss Espressif products.

Watch the webinar here: Getting Started with wolfSSL on the Espressif ESP32

Recently, we announced the first availability of the wolfSSL embedded encryption libraries in the ESP Registry located at components.espressif.com. If you are looking to enhance the security system in your projects or products, this is your opportunity to learn the fundamentals of our security solutions and how they integrate seamlessly with Espressif’s tech. Watch it now!

As always, our webinars will include Q&A sessions throughout the webinar.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Download wolfSSL

wolfSSL Support for Renesas SCE Crypt Only Use

We have extended wolfSSL’s Renesas Secure Crypto Engine (SCE) support to include a crypt-only build for the Renesas RA6M4. wolfSSL already supports Renesas SCE for TLS communication. In addition to our existing TLS support, the SCE driver can be used for standalone cryptographic operations. Using this mode, users are able to gain not only the performance benefit but also a smaller footprint by enabling only necessary cryptography operations. This use case was added for RA6M4 support in wolfBoot.

To enable this use case, define the macro:

WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY

wolfSSL crypt-only SCE mode currently supports SHA2-256, RSA 1024/2048 bit encryption/decryption, and RSA 1024/2048 bit sign/verify.

Please contact us at facts@wolfssl.com, or call us at +1 425 245 8247 with any questions, or for help integrating wolfSSL products into your project!

Download wolfSSL

MLS (Messaging Layer Security) is on Track

There is a common theme in all wolfSSL products which is that they basically involve two parties. For wolfSSL, wolfSSH, wolfMQTT and cURL libraries there is a server and a client. For wolfBoot, you have the boot loader and firmware provider. For wolfTPM you have the user and the TPM. For wolfSentry you have the system and the intruder.

Soon, things are going to be different. With the new MLS (Messaging Layer Security) there will be multiple parties (Alice, Bob, Carol, Dean, Emily, etc., etc.). We’re talking decentralized (serverless) end-to-end security that scales with forward secrecy and post-compromise security. It is widely acknowledged that wolfSSL is a leader in cryptographic protocols, so with the new RFC 9420 finally set to “Standards Track” status we’re starting to see some interest!

With our new implementation of Encrypted ClientHello (ECH), we have implemented Hybrid Public Key Encryption (HPKE) and so we are well on our way to an implementation for MLS which also requires HPKE.

MLS is a natural choice for suppliers of communications infrastructure to governments because it scales! That makes wolfCrypt’s FIPS certification a potential game changer. With our tried and tested FIPS 140-2 as well as our impending FIPS 140-3 certification, wolfCrypt FIPS can make an MLS implementation attractive to government vendors today and well into the future.

But wait, how far into the future? Until a cryptographically relevant quantum computer comes into existence. Do you have requirements to keep your communications protected for several years into the future? Then you must have been thinking about post-quantum algorithms. The NSA has. They’ve come out with their CNSA 2.0 guidance and wolfSSL is listening. We already support LMS, Dilithium, Kyber and all the symmetric ciphers and hash algorithms required by it. Would you like to see a post-quantum MLS?

Here is a short list of open source implementations that we know about:

  • MLSpp (C++) (Status: RFC)
  • OpenMLS (Rust) (Status: RFC)
  • go-mls (Go) (Status: RFC in progress)

What if wolfCrypt is the cryptographic implementation underneath these libraries? We even have a golang wrapper.

Do you have a use case for MLS? Do you need FIPS? How long do you need to keep your communications confidential? Please reach out to us here at facts@wolfssl.com, or call us at +1 425 245 8247 to help us understand your needs!

Download wolfSSL

wolfBoot support for Renesas RA6M4

We’re happy to announce that we have added wolfBoot support for the Renesas RA6M4! The Renesas RA6M4 group uses a high-performance Arm Cortex-M33 core with TrustZone. The RA6M4 is supported by an open and flexible ecosystem concept – the Flexible Software Package (FSP), built on FreeRTOS – and is expandable to use other RTOS and middleware.

wolfBoot is a portable secure bootloader solution that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.

By adding wolfBoot support for the RA6M4, it demonstrates how simple secure firmware updates can be accomplished on this target with wolfBoot, and in doing so can also leverage the Renesas SCE. A sample application has been developed which securely updates firmware v1 to new image v2. Both sample firmware versions behave the same except displaying the version of the image (v1 or v2). This example is compiled with Renesas e2Studio and runs on the RA6M4 target board. Detailed steps to run the example can be found here: https://github.com/wolfSSL/wolfBoot/blob/master/IDE/Renesas/e2studio/RA6M4/Readme.md

To run the example with SCE support enabled, you can find the Readme located here: https://github.com/wolfSSL/wolfBoot/blob/master/IDE/Renesas/e2studio/RA6M4/Readme_wSCE.md

wolfBoot currently supports Renesas SCE crypto acceleration for SHA256 and RSA.

If you are interested in trying wolfBoot on the RA6M4, or are interested in having us expand algorithm support, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Posts navigation

1 2 3