RECENT BLOG NEWS
DDC-I and wolfSSL Announce Availability of wolfSSL 4.0 Embedded SSL Library for Deos Safety-Critical RTOS
DDC-I, a leading supplier of software and professional services for mission- and safety-critical applications, and wolfSSL, a leading provider of TLS cryptography, today announced the availability of version 4.0 of the wolfSSL embedded SSL library and products for DDC-I’s Deos DO-178 safety-critical real-time operating system. The Deos RTOS, equipped with wolfSSL 4.0, enables avionics developers to quickly add secure, encrypted, FIPS 140-2-certified data transport communications capabilities to their avionics systems.
The wolfSSL embedded SSL library is a lightweight, portable, C language-based SSL/TLS library targeted at embedded and RTOS environments and, therefore, well suited for connected avionics applications. Featuring FIPS 140-2 certified cryptography, the compact library supports industry standards up to TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, provides an OpenSSL compatibility layer and includes OCSP and CRL support.
“WolfSSL and Deos bring trusted, military-grade security to connected commercial and military aircraft,” said Greg Rose, vice president of marketing and product management at DDC-I. “Advanced safety-critical features like time/space partitioning and the ability to support multiple isolated TCP/IP stacks make Deos an excellent platform for deploying avionics applications that utilize wolfSSL capabilities, like secure boot, FIPS 140-2 crypto internet technologies.”
“We look forward to working with DDC-I to offer our joint customers an integrated platform that features best-in-class RTOS and security,” said Larry Stefonic, CEO and founder at wolfSSL. “Avionics developers now have a flexible, compact, economical, high-performance COTS platform for quickly delivering enhanced, secure communications that can be readily certified to DO-178.”
DDC-I’s Deos is a field-proven, safety-critical, avionics RTOS that is used to host a multitude of flight critical functions, such as air data computers, air data inertial reference units, cockpit video, displays and flight instrumentation, flight management systems, engine management and many more. Built from the ground up for safety-critical applications, Deos is the only certifiable time- and space-partitioned COTS RTOS that has been created using RTCA DO-178, Level A processes from the very first day of its product development. Deos’ unique modular design and verification evidence provide the easiest, lowest cost path to DO-178C DAL A certification, the highest level of safety criticality.
About DDC-I, Inc.
DDC-I, Inc. is a global supplier of real-time operating systems, software development tools, custom software development services and legacy software system modernization solutions, with a primary focus on mission- and safety-critical applications. DDC-I’s customer base is an impressive “who’s who” in the commercial, military, aerospace and safety-critical industries. DDC-I offers safety-critical, real-time operating systems, compilers, integrated development environments and run-time systems for C, C++, Ada, and JOVIAL application development. For more information regarding DDC-I products, contact DDC-I at 4600 E. Shea Blvd, Phoenix, AZ 85028; phone (602) 275-7172; fax (602) 252-6054; e-mail sales@ddci.com or visit https://www.ddci.com/pr1907.
About wolfSSL
wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features and standards compliance. Dual licensed to cater to a diversity of users ranging from hobbyists to the user with commercial needs, we are happy to help our customers and community in any way we can. Our products are open source, giving customers the freedom to look under the hood. Our wolfSSL embedded TLS library is the first commercial release of TLS 1.3 in the world. For more information on wolfSSL products, please contact facts@wolfssl.com.
Original post can be found on Digital Journal
wolfSSL Integration with curl and tinycurl
wolfSSL's embedded SSL/TLS library comes with support for many tools and libraries, one of which is curl. curl is a computer software project that produces two products (libcurl and curl) that are used for transferring data using various protocols. In addition to providing support and maintenance for curl, wolfSSL will also be integrating the curl library in conjunction with Daniel Stenberg (an original author of curl and one of the founders) joining the wolfSSL team.
With this integration and Daniel Stenberg joining wolfSSL, wolfSSL will now also be providing support and consulting for the curl library.
In addition, a modified version of the curl library titled tinycurl now has a beta version available for download. tinycurl is a patch applied on top of curl to reduce its code size and make it favorable for embedded and real-time environments. The beta version 0.9 of tinycurl is based on curl version 7.64.1, and can be downloaded from the wolfSSL download page here: https://www.wolfssl.com/download/.
More detailed information about wolfSSL is available on the wolfSSL curl page located here: https://www.wolfssl.com/products/curl/. Details on wolfSSL support for curl and tinycurl is also located on the support page here: https://www.wolfssl.com/products/support-packages/.
wolfSSL also provides support for the latest versions of the TLS protocol, including TLS 1.3! As such, wolfSSL is considering adding TLS 1.3 support to cURL in the future. More information about wolfSSL and TLS 1.3 can be found here: https://www.wolfssl.com/docs/tls13/.
For more information regarding wolfSSL, TLS 1.3, cURL, or all of the above, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
curl on ECUs
Do you have the need to transfer information to or from ECUs or similar embedded devices? Then look no further than using curl! In short, curl is a tool to transfer data from or to a server using various protocols. The curl library excels with embedded, RTOS, and also large-scale devices, as does the tinycurl library! Similar to curl, tinycurl is essentially a patch on top of regular curl in order to reduce its code size and memory usage.
Additionally, wolfSSL provides support and maintenance for both the curl and tinycurl libraries. wolfSSL support is provided on many different levels, with support available around the world. More information can be found on the support page here: https://wolfssl.com/products/support-and-maintenance/
Both the most recent versions of the tinycurl and curl libraries can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL Zephyr Port
With wolfSSL 4.0.0, the wolfSSL embedded SSL/TLS library comes with many new features and improved functionality. Among these features is the addition of a port to the Zephyr Project - a scalable real-time operating system (RTOS) supporting multiple hardware architectures, optimized for resource constrained devices, and built with safety and security in mind.
wolfSSL's Zephyr port comes with multiple test and example applications, such as the wolfCrypt unit tests, wolfSSL TLS with sockets, and wolfSSL TLS with threads example applications. This Zephyr port allows for its users to easily implement lightweight, high-speed and strong encryption for secure data transfer on their devices. As both Zephyr and wolfSSL are targeted for resource-constrained and embedded devices, this combination only makes sense.
More information about the 4.0.0 release of wolfSSL can be found in our blog post here: https://www.wolfssl.com/wolfssl-4-0-0-now-available/.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSH SSHv2 Server Library
wolfSSL provides many products, services, and support for almost all things TLS and embedded. One of these products provided by wolfSSL is wolfSSH - an SSHv2 server library!
wolfSSH is wolfSSL's own open-source and dual-licensed implementation of the SSHv2 protocol. It's a server library written in ANSI C and targeted for embedded/RTOS/resource-constrained environments. It's fast, has a small code size, and an extensive feature set. This feature set includes items such as SCP support, SFTP support, PEM and DER certificate support, and also hardware cryptography for supported devices! This comes from wolfSSH's leverage of the wolfCrypt crypto engine for its cryptographic operations.
wolfSSH can be downloaded from the wolfSSL download page (located here: https://www.wolfssl.com/download/), or from a git-clone of the wolfSSH GitHub repository (located here: https://github.com/wolfssl/wolfssh.git).
Additionally, wolfSSL provides support and maintenance for all of its products, wolfSSH included. More information on wolfSSH support and maintenance can be found on the wolfSSL support page, located here: https://www.wolfssl.com/products/support-and-maintenance/.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL Asymmetric Cryptography Support
One of the software libraries that is provided by wolfSSL includes the wolfCrypt crypto engine. wolfCrypt includes support for single-precision math, ECC, extensive list of supported ciphers, key/certificate generation, and also Asymmetric cryptography! Asymmetric cryptography differs from regular (synchronous) cryptography that instead of using a singular shared key, they will use a key-value pair. Popular algorithms where this is found include RSA, DH, and ECC - which are algorithms supported and implemented by wolfSSL!
wolfSSL's implementation of these Asymmetric algorithms can also be tuned based on the user's needs as well. For example, if a user requires the same security offered by these algorithms in combination with high performance fast encryption, wolfSSL has the options (or corresponding macro definitions) --enable-fastmath and --enable-fast-rsa available for use. Additionally, if a user needs to improve protection against attacks targeting implementations of these algorithms, wolfSSL has options to improve the security of its implementations of these Asymmetric algorithms. The options for these improvements are --enable-maxstrength and --enable-harden. These options can also be enabled by adding their corresponding defines within the settings file that is in use by the system, and are listed below:
- --enable-fastmath corresponds with USE_FAST_MATH
- --enable-fast-rsa has many different defines that would be used for many different devices, as hardware encryption and architecture comes in to play. It also requires the user have fast RSA libraries in place. Please contact support@wolfssl.com for assistance with enabling this.
- --enable-maxstrength corresponds with WOLFSSL_MAX_STRENGTH
- --enable-harden corresponds with TFM_TIMING_RESISTANT, ECC_TIMING_RESISTANT, and WC_RSA_BLINDING if using rng.
If you have any questions or run into any issues, contact us at, facts@wolfssl.com or call us at +1 425 245 8247.
wolfSSL DTLS Session Export
The wolfSSL embedded SSL/TLS library supports features not only pertaining to TLS, but DTLS as well! A prime example of a DTLS feature supported by wolfSSL is DTLS session exporting. This allows for serializing and sending a DTLS session immediately after the handshake has been completed. The ability to export the session after a handshake is established has many practical use cases in IoT and embedded environments.
In establishing and maintaining a DTLS connection the handshake portion is the most resource intensive. With this additional feature it is possible to offload the handshake onto a more powerful system, serialize and export it after the handshake is completed, and then have throughput handled by a more resource constrained device.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL also supports TLS 1.3! More information can be found here: https://www.wolfssl.com/docs/tls13/
wolfSSL Adds Support for the Deos Safety Critical RTOS
Are you a user of Deos? If so, you will be happy to know that wolfSSL recently added support for Deos RTOS and added TLS client/server examples to the wolfSSL embedded SSL/TLS library for Deos!
Deos is an embedded RTOS used for safety-critical avionics applications on commercial and military aircraft. Certified to DO-178C DAL A, the time and space partitioned RTOS features deterministic real-time response and employs patented “slack scheduling” to deliver higher CPU utilization. DO-178C DAL A refers to a specification that is required for software to be used in aerospace software systems.
The Deos port in wolfSSL is activated by using the "WOLFSSL_DEOS" macro. For instructions on how to build and run the examples on your projects, please see the “<wolfssl-root>/IDE/ECLIPSE/DEOS/README” file. This support is currently located in our GitHub master branch, and will roll into the next stable release of wolfSSL as well.
wolfSSL provides support for the latest and greatest version of the TLS protocol, TLS 1.3! Using the wolfSSL port with your device running Deos will allow your device to connect to the internet in one of the most secure ways possible.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Resources
The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
wolfSSL support for TLS 1.3: https://www.wolfssl.com/docs/tls13/
Deos RTOS homepage: https://www.ddci.com/category/deos/
wolfBoot – wolfSSL’s Secure Bootloader
wolfBoot is wolfSSL's own implementation of a secure bootloader that leverages wolfSSL's underlying wolfCrypt module to provide signature authentication for the running firmware.
The role of a secure bootloader is to effectively prevent the loading of malicious or unauthorized firmware on the target. Additionally, wolfBoot provides a fail-safe update mechanism, that can be interrupted at any time, and resumed at next boot.
wolfBoot is designed to be a portable, OS-agnostic, secure bootloader solution for all 32-bit microcontrollers, relying on wolfCrypt for firmware authentication.
Due to its minimalist design and the tiny Hardware Abstraction Layer (HAL) API, wolfBoot is completely independent of any OS or bare-metal application, and can be easily ported and integrated into existing embedded software solutions.
wolfBoot provides the basis for secure firmware update (OTA) management at boot time, cutting down the development effort needed to implement and validate the required mechanisms to handle the updates. It reduces the development effort to just receiving the image using a secure channel within the application/OS. We recommend using wolfSSL to encrypt the firmware transfer over TLS, to avoid eavesdropping. Once the image is transferred and stored into the update partition, wolfBoot takes care of the update procedure at the next boot.
Remote updates that would lead to a faulty firmware are automatically reverted by wolfBoot after the first 'test' boot, by restoring the original firmware image whenever the update has failed to boot properly. This mechanism protects the target device from accidental updates on the field.
wolfBoot can be downloaded from the wolfSSL download page here: https://www.wolfssl.com/download/
More about boot loaders can be found here: https://en.wikipedia.org/wiki/Booting#BOOT-LOADER
More about wolfSSL: https://www.wolfssl.com/products/wolfssl/
More about wolfCrypt: https://www.wolfssl.com/products/wolfCrypt/
Additionally, wolfSSL will be at ICMC in a couple of weeks! Be sure to stop by booth #103 and say hello!
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSH Version 1.4.0 Now Available
Version 1.4.0 of the wolfSSH SSHv2 server library has been released! Many new and exciting features were added to wolfSSH with this release. Some of the new additions include: support for port forwarding, client side pseudo terminal support, enhancements for non blocking use, AES-CTR cipher support, and support for SFTP on windows.
This release also includes fixes and enhancements to existing features. Some of the fixes include resolving GCC-7 warnings and fixes for example use cases when wolfSSL ECC caching is turned on.
A full list of notable addition and fixes is as follows:
- SFTP support for time attributes
- TCP port forwarding feature added (--enable-fwd)
- Example TCP port forwarding added to /examples/portfwd/portfwd
- Fixes to SCP, including default direction set
- Fix to match ID during KEX init
- Add check for window adjustment packets when sending large transfers
- Fixes and maintenance to Nucleus port for file closing
- Add enable all option (--enable-all)
- Fix for --disable-inline build
- Fixes for GCC-7 warnings when falling through switch statements
- Additional sanity checks added from fuzz testing
- Refactor and fixes for use with non blocking
- Add extended data read for piping stderr
- Add client side pseudo terminal connection with ./examples/client/client -t
- Add some basic Windows terminal conversions with wolfSSH_ConvertConsole
- Add wolfSSH_stream_peek function to peek at incoming SSH data
- Change name of internal function from SendBuffered to wolfSSH_SendPacket to avoid clash with wolfSSL
- Add support for SFTP on Windows
- Use int types for arguments in examples to fix Raspberry Pi build
- Fix for fail case with leading 0’s on MPINT
- Default window size (DEFAULT_WINDOW_SZ) lowered from ~ 1 MB to ~ 16 KB
- Disable examples option added to configure (--disable-examples)
- Callback function and example use added for checking public key sent
- AES CTR cipher support added
- Fix for freeing ECC caches with examples
- Renamed example SFTP to be examples/sftpclient/wolfsftp
The most up-to-date versions of wolfSSH and other wolfSSL products can be found on the wolfSSL download page here: https://www.wolfssl.com/download/.
For more information about wolfSSH or the changes incorporated into the 1.4.0 release, please contact facts@wolfssl.com.
Weekly updates
Archives
- November 2024 (26)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)