RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfCrypt FIPS 140-3

FIPS 140-3 has been approved, and wolfCrypt will be FIPS 140-3 validated!

On March 22, 2019 Federal Information Processing Standard (FIPS) 140-3 was approved by the Secretary of Commerce. FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.

wolfSSL currently maintains two FIPS 140-2 certificates for the wolfCrypt Cryptographic Module: #2425 and #3389. Certificate #3389 includes algorithm support required for TLS 1.3 and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support. wolfSSL intends to continue to serve our customers by taking wolfCrypt through the FIPS 140-3 validation process.

More information about wolfCrypt’s newest FIPS 140-2 certificate (#3389) can be found on our recent blog post.  wolfSSL also recently announced the availability of wolfSSL “FIPS Ready” releases!  To download the wolfSSL FIPS Ready release today and learn more about this exciting release, take a look at our FIPS Ready blog post.

If you are interested in a FIPS 140-3 validated version of wolfCrypt, or would like to learn how wolfSSL can help meet your FIPS requirements, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Intel’s Extended Instructions Accelerate AES performance on AMD Processors

Now compatible with AMD processors, enabling the intelasm option for wolfSSL will utilize expanded capabilities of your processor that can dramatically enhance performance. The instruction sets leveraged when the configure option is enabled include AVX1, AVX2, BMI2, RDRAND, RDSEED, AESNI, and ADX. These were first introduced into Intel processors and AMD processors have started adopting them in recent years. When enabled, wolfSSL will check the processor and take advantage of the instruction sets your processor supports.The test machine used for the benchmarks has an AMD processor that supports all of the above-listed technologies that the Intel ASM instructions take advantage of. On the system that we tested, we found performance increases as large as 5,800% when the software enhancements are used.

To use the Intel ASM instructions on your build, use –enable-intelasm when you run configure.

For more information on the wolfSSL library and its performance, please visit our benchmarks page (here: https://www.wolfssl.com/docs/benchmarks/).

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfCrypt FIPS Certificate #3389

The National Institute of Standards and Technology (NIST) has completed the validation of the wolfCrypt module version 4 for an updated Federal Information and Processing Standards (FIPS) 140-2 certificate in addition to its previous FIPS 140-2 certificate. This new certificate includes updated and more secure algorithms added to the wolfCrypt module's boundary, some of which are listed further below.

FIPS 140-2 is a government standard that specifies a software module is compatible and allowed to be used in government systems. This includes such areas as drone software, government databases, and other high-security/high-power uses.

The new FIPS 140-2 validation has certificate #3389. The Operating Environments (OEs) tested are Ubuntu Linux (16.04) and Windows 10 on Intel Core i5 processors. Full details about the OEs can be found on the CSRC certificate page. Additionally, the certificate also includes the following algorithms: AES (CBC, GCM, CTR, ECB), CVL, Hash DRBG, DSA, DHE, ECDSA (key generation, sign, verify), HMAC, RSA (key generation, sign, verify), SHA-3, SHA-2, SHA-1, and Triple-DES.

For more information about wolfSSL, wolfCrypt, or our FIPS 140-2 validations, please view our resources below.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

DDC-I and wolfSSL Announce Availability of wolfSSL 4.0 Embedded SSL Library for Deos Safety-Critical RTOS

DDC-I, a leading supplier of software and professional services for mission- and safety-critical applications, and wolfSSL, a leading provider of TLS cryptography, today announced the availability of version 4.0 of the wolfSSL embedded SSL library and products for DDC-I’s Deos DO-178 safety-critical real-time operating system. The Deos RTOS, equipped with wolfSSL 4.0, enables avionics developers to quickly add secure, encrypted, FIPS 140-2-certified data transport communications capabilities to their avionics systems.

The wolfSSL embedded SSL library is a lightweight, portable, C language-based SSL/TLS library targeted at embedded and RTOS environments and, therefore, well suited for connected avionics applications. Featuring FIPS 140-2 certified cryptography, the compact library supports industry standards up to TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, provides an OpenSSL compatibility layer and includes OCSP and CRL support.

“WolfSSL and Deos bring trusted, military-grade security to connected commercial and military aircraft,” said Greg Rose, vice president of marketing and product management at DDC-I. “Advanced safety-critical features like time/space partitioning and the ability to support multiple isolated TCP/IP stacks make Deos an excellent platform for deploying avionics applications that utilize wolfSSL capabilities, like secure boot, FIPS 140-2 crypto internet technologies.”

“We look forward to working with DDC-I to offer our joint customers an integrated platform that features best-in-class RTOS and security,” said Larry Stefonic, CEO and founder at wolfSSL. “Avionics developers now have a flexible, compact, economical, high-performance COTS platform for quickly delivering enhanced, secure communications that can be readily certified to DO-178.”

DDC-I’s Deos is a field-proven, safety-critical, avionics RTOS that is used to host a multitude of flight critical functions, such as air data computers, air data inertial reference units, cockpit video, displays and flight instrumentation, flight management systems, engine management and many more. Built from the ground up for safety-critical applications, Deos is the only certifiable time- and space-partitioned COTS RTOS that has been created using RTCA DO-178, Level A processes from the very first day of its product development. Deos’ unique modular design and verification evidence provide the easiest, lowest cost path to DO-178C DAL A certification, the highest level of safety criticality.

About DDC-I, Inc.

DDC-I, Inc. is a global supplier of real-time operating systems, software development tools, custom software development services and legacy software system modernization solutions, with a primary focus on mission- and safety-critical applications. DDC-I’s customer base is an impressive “who’s who” in the commercial, military, aerospace and safety-critical industries. DDC-I offers safety-critical, real-time operating systems, compilers, integrated development environments and run-time systems for C, C++, Ada, and JOVIAL application development. For more information regarding DDC-I products, contact DDC-I at 4600 E. Shea Blvd, Phoenix, AZ 85028; phone (602) 275-7172; fax (602) 252-6054; e-mail sales@ddci.com or visit https://www.ddci.com/pr1907.

About wolfSSL

wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features and standards compliance. Dual licensed to cater to a diversity of users ranging from hobbyists to the user with commercial needs, we are happy to help our customers and community in any way we can. Our products are open source, giving customers the freedom to look under the hood. Our wolfSSL embedded TLS library is the first commercial release of TLS 1.3 in the world. For more information on wolfSSL products, please contact facts@wolfssl.com.

Original post can be found on Digital Journal

wolfSSL Integration with curl and tinycurl

wolfSSL's embedded SSL/TLS library comes with support for many tools and libraries, one of which is curl. curl is a computer software project that produces two products (libcurl and curl) that are used for transferring data using various protocols. In addition to providing support and maintenance for curl, wolfSSL will also be integrating the curl library in conjunction with Daniel Stenberg (an original author of curl and one of the founders) joining the wolfSSL team.

With this integration and Daniel Stenberg joining wolfSSL, wolfSSL will now also be providing support and consulting for the curl library.

In addition, a modified version of the curl library titled tinycurl now has a beta version available for download. tinycurl is a patch applied on top of curl to reduce its code size and make it favorable for embedded and real-time environments. The beta version 0.9 of tinycurl is based on curl version 7.64.1, and can be downloaded from the wolfSSL download page here: https://www.wolfssl.com/download/.

More detailed information about wolfSSL is available on the wolfSSL curl page located here: https://www.wolfssl.com/products/curl/. Details on wolfSSL support for curl and tinycurl is also located on the support page here: https://www.wolfssl.com/products/support-packages/.

wolfSSL also provides support for the latest versions of the TLS protocol, including TLS 1.3! As such, wolfSSL is considering adding TLS 1.3 support to cURL in the future. More information about wolfSSL and TLS 1.3 can be found here: https://www.wolfssl.com/docs/tls13/.

For more information regarding wolfSSL, TLS 1.3, cURL, or all of the above, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

curl on ECUs

Do you have the need to transfer information to or from ECUs or similar embedded devices? Then look no further than using curl! In short, curl is a tool to transfer data from or to a server using various protocols. The curl library excels with embedded, RTOS, and also large-scale devices, as does the tinycurl library! Similar to curl, tinycurl is essentially a patch on top of regular curl in order to reduce its code size and memory usage.

Additionally, wolfSSL provides support and maintenance for both the curl and tinycurl libraries. wolfSSL support is provided on many different levels, with support available around the world. More information can be found on the support page here: https://wolfssl.com/products/support-and-maintenance/

Both the most recent versions of the tinycurl and curl libraries can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL Zephyr Port

With wolfSSL 4.0.0, the wolfSSL embedded SSL/TLS library comes with many new features and improved functionality. Among these features is the addition of a port to the Zephyr Project - a scalable real-time operating system (RTOS) supporting multiple hardware architectures, optimized for resource constrained devices, and built with safety and security in mind.

wolfSSL's Zephyr port comes with multiple test and example applications, such as the wolfCrypt unit tests, wolfSSL TLS with sockets, and wolfSSL TLS with threads example applications. This Zephyr port allows for its users to easily implement lightweight, high-speed and strong encryption for secure data transfer on their devices. As both Zephyr and wolfSSL are targeted for resource-constrained and embedded devices, this combination only makes sense.

More information about the 4.0.0 release of wolfSSL can be found in our blog post here: https://www.wolfssl.com/wolfssl-4-0-0-now-available/.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSH SSHv2 Server Library

wolfSSL provides many products, services, and support for almost all things TLS and embedded. One of these products provided by wolfSSL is wolfSSH - an SSHv2 server library!

wolfSSH is wolfSSL's own open-source and dual-licensed implementation of the SSHv2 protocol. It's a server library written in ANSI C and targeted for embedded/RTOS/resource-constrained environments. It's fast, has a small code size, and an extensive feature set.  This feature set includes items such as SCP support, SFTP support, PEM and DER certificate support, and also hardware cryptography for supported devices! This comes from wolfSSH's leverage of the wolfCrypt crypto engine for its cryptographic operations.

wolfSSH can be downloaded from the wolfSSL download page (located here: https://www.wolfssl.com/download/), or from a git-clone of the wolfSSH GitHub repository (located here: https://github.com/wolfssl/wolfssh.git).

Additionally, wolfSSL provides support and maintenance for all of its products, wolfSSH included. More information on wolfSSH support and maintenance can be found on the wolfSSL support page, located here: https://www.wolfssl.com/products/support-and-maintenance/.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL Asymmetric Cryptography Support

One of the software libraries that is provided by wolfSSL includes the wolfCrypt crypto engine. wolfCrypt includes support for single-precision math, ECC, extensive list of supported ciphers, key/certificate generation, and also Asymmetric cryptography! Asymmetric cryptography differs from regular (synchronous) cryptography that instead of using a singular shared key, they will use a key-value pair. Popular algorithms where this is found include RSA, DH, and ECC - which are algorithms supported and implemented by wolfSSL!

wolfSSL's implementation of these Asymmetric algorithms can also be tuned based on the user's needs as well. For example, if a user requires the same security offered by these algorithms in combination with high performance fast encryption, wolfSSL has the options (or corresponding macro definitions) --enable-fastmath and --enable-fast-rsa available for use. Additionally, if a user needs to improve protection against attacks targeting implementations of these algorithms, wolfSSL has options to improve the security of its implementations of these Asymmetric algorithms. The options for these improvements are --enable-maxstrength and --enable-harden. These options can also be enabled by adding their corresponding defines within the settings file that is in use by the system, and are listed below:

  • --enable-fastmath corresponds with USE_FAST_MATH
  • --enable-fast-rsa has many different defines that would be used for many different devices, as hardware encryption and architecture comes in to play. It also requires the user have fast RSA libraries in place. Please contact support@wolfssl.com for assistance with enabling this.
  • --enable-maxstrength corresponds with WOLFSSL_MAX_STRENGTH
  • --enable-harden corresponds with TFM_TIMING_RESISTANT, ECC_TIMING_RESISTANT, and WC_RSA_BLINDING if using rng.

If you have any questions or run into any issues, contact us at, facts@wolfssl.com or call us at +1 425 245 8247.

wolfSSL DTLS Session Export

The wolfSSL embedded SSL/TLS library supports features not only pertaining to TLS, but DTLS as well! A prime example of a DTLS feature supported by wolfSSL is DTLS session exporting. This allows for serializing and sending a DTLS session immediately after the handshake has been completed. The ability to export the session after a handshake is established has many practical use cases in IoT and embedded environments.

In establishing and maintaining a DTLS connection the handshake portion is the most resource intensive. With this additional feature it is possible to offload the handshake onto a more powerful system, serialize and export it after the handshake is completed, and then have throughput handled by a more resource constrained device.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL also supports TLS 1.3! More information can be found here: https://www.wolfssl.com/docs/tls13/

Posts navigation

1 2 3 106 107 108 109 110 111 112 190 191 192

Weekly updates

Archives