New FIPS Operating Environments
wolfSSL fans! Do you like FIPS? Do you like virtual machines? Guess what – wolfSSL’s crypto library, wolfCrypt, has been validated as the world’s first SP800-140Br1 FIPS 140-3 certificate! However, with the recent changes to the FIPS submission process, OE additions are slightly delayed via a manual process until such time as the CMVP can update the automated WebCryptik tool to support OEUP scenarios. wolfSSL Inc. is moving forward with our CSTL hoping to achieve our first OEUP manual submission in the very near future! As the landscape continues to evolve, wolfSSL remains committed to keeping wolfCrypt compliant with the latest FIPS standards. Stay tuned for more updates!
If you’re interested in getting a FIPS 140-3 approved crypto library running in your virtual or any operating environment, or if you have any questions about the process, please don’t hesitate to contact us at fips@wolfSSL.com or facts@wolfSSL.com, or call us at +1 425 245 8247. We look forward to hearing from you.
Download wolfSSL Now
wolfSSL FIPS-Ready
Several years back with the release of wolfSSL 4.0.0, the wolfSSL team decided to also start releasing a new product: the wolfSSL FIPS Ready library. This product features new, state of the art concepts and technology. In a single sentence, wolfSSL FIPS Ready is a testable and free to download open source embedded SSL/TLS library with support for FIPS validation, with FIPS enabled cryptography layer code included in the wolfSSL source tree. To further elaborate on what FIPS Ready really means, you do not get a FIPS certificate and you are not FIPS validated or approved. FIPS Ready means that you have included FIPS code ready to be certified by the CMVP into your build and that you are operating according to the FIPS enforced best practices of default entry point, and Pre-Operational Self Test (POST) plus Conditional Algorithm self test (CAST).
FIPS validation is a government certification for cryptographic modules that states that the module in question has undergone thorough and rigorous testing to be certified. FIPS validation specifies that a software/encryption module is able to be used within or alongside government systems. The most recent FIPS specification is 140-3, with various levels of security offered (1-4). Currently, wolfCrypt has the world’s first SP800-140Br1 FIPS 140-3 validation with Certificate #4718! When trying to get software modules FIPS validated, this is often a costly and time-consuming effort and as such causes the FIPS validated modules to have high price tags.
Since the majority of wolfSSL products use the wolfCrypt encryption engine, this also means that if wolfSSH, wolfMQTT (with TLS support), wolfBoot, and other wolfSSL products in place can be tested FIPS validated code with their software before committing.
wolfSSL FIPS Ready can be downloaded from the wolfSSL download page.
For more information about wolfSSL and its FIPS Ready initiative, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Explore the latest advancements in avionics security with industry leaders wolfSSL and SYSGO. Discover how our cutting-edge solutions and certifications are driving a quantum leap in security, airworthiness, and safety across critical aerospace systems.
Register Today: Quantum Leap in Avionics: Enhancing Security, Airworthiness, and Safety
Date: September 12th | 7 AM PT
Learn why wolfSSL and SYSGO are key to advancing avionics security.
Discover wolfSSL top-tier security solutions, including a lightweight, FIPS 140-3 validated TLS/SSL library designed for real-time embedded systems. With high performance, a small footprint, and compatibility with industry standards like DO-178C and protocols such as TLS 1.3, wolfSSL ensures secure communication while maintaining compliance and reliability in avionics applications.
Learn about SYSGO’s PikeOS, which offers advanced real-time operating systems and embedded virtualization. Its robust partitioning and isolation ensure critical avionics systems operate securely and reliably, with a strong emphasis on safety certification and compliance with standards like DO-178C.
This webinar will cover:
- Technology overview from SYSGO and wolfSSL
- Competitive differentiators from wolfSSL: What sets us apart from the competition
- SYSGO products and certification: Insights into SYSGO’s offerings and their certifications within industry standards
Don’t miss this opportunity to learn from industry leaders, gain valuable insights, and witness next-gen avionics security in action. Register today!
Duration: 60 minutes
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 and CNSA 2.0 with a Single TLS Connection
Can you believe it? With wolfSSL you can now have a TLS 1.3 connection that is compliant with both FIPS 140-3 and the CNSA 2.0! Want to know how?
For key establishment, we can use the new ML-KEM-1024 (also known as Kyber-1024 which is at security level 5 as defined by NIST) hybridized with ECDH on curve P-521.
In terms of authentication, we can use our dual algorithm certificates where the conventional algorithm is ECDSA on curve P-521 and the alternative algorithm is ML-DSA-87 (also known as Dilithium 5 which is at security level 5 as defined by NIST). The server would then also have conventional and alternative private keys so they would both be used to sign the transcript.
For the cipher suite, We can use AES-256-GCM-SHA384; this is approved by both FIPS 140-3 and CNSA 2.0.
And just like that, we have dual compliance! Want more details and a demo with steps to do it yourself? Not to worry, we’ll have a webinar soon to explain how you can achieve this yourself as well! Please stay tuned.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Do you have code that can be upgraded to Post Quantum?
By now most people interested in security have heard about the NIST Post Quantum Announcement and the specific algorithms derived from CRYSTALS-Dilithium, CRYSTALS-KYBER and SPHINCS. Our team was there at the White House!
We’ve had experimental Post Quantum support for years. See our blog from 2021: Hybrid Post Quantum Groups in TLS 1.3. Post Quantum has also been in cURL since 2021 as well. We’ve developed PQ libraries that work on everything from the largest computer systems to the smallest devices such as the Espressif ESP32!
But do you know if and how your code can be upgraded to take advantage of these new standards? We can help! We have a variety of public and internal tools that can be used to quickly and efficiently search your codebase for API calls that are targets for Post Quantum upgrades.
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Rapid prototyping with Arduino and wolfSSL
Do you have an idea for a project but want a quick prototype without the hassle of a custom board? We’re happy to announce that our latest wolfSSL v5.7.2 library is now available in the Arduino Registry for rapid prototypes.
Just type “wolfSSL” in the Library Manager of the Arduino IDE. If nothing happens right away, check to see if the IDE is downloading updates as indicated in the lower-right corner of the app and wait for the process to complete.
There are TLS Client and Server apps, as well as a bare-bones Hello World that just prints the wolfSSL version. See the bottom of the list in Files – Examples – “Examples from Custom Libraries” in the IDE.
Just edit the SSID and Password:
All of the source code is available at: https://github.com/wolfSSL/Arduino-wolfSSL. We also have a more detailed Getting Started with wolfSSL on Arduino guide.
Want to check performance? Check out our recent blog: How do you benchmark cryptography?
When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #471.
See our prior blogs on:
- What is the difference between FIPS 140-2 and FIPS 140-3?
- FIPS vs FedRAMP Compliance and Requirements
The What is FIPS (Quick Overview) blog also applies to RISC-V with regards to how your RISC-V Operating Environment (“OE”) can be certified:
- You send us your hardware and toolchain.
- We run the initial tests which ensure the cryptography module behaves according to specification given your specific hardware and operating system.
- The CMVP certified lab runs and verifies the tests and their documentation.
- The test results are submitted to CMVP for review.
- Your specific operating environment is added to our certificate.
- You are FIPS 140 compliant in 60-90 days.
For more details, see our blog What is FIPS (In-Depth Overview).
Have specific requests or technical questions? We’d love to hear from you! Please reach out to us at support@wolfSSL.com or open an issue on GitHub. For general inquiries, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
FIPS 140-3 Cryptography on FreeRTOS/OpenRTOS
Hi! This note is to announce that the wolfSSL team will be adding an operational environment for FreeRTOS/OpenRTOS to the wolfCrypt FIPS 140-3 validated certificate #4718. If you need FIPS 140-3 validated crypto on FreeRTOS or OpenRTOS, let us know at facts@wolfSSL.com.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 24 8247.
Download wolfSSL Now
Live Webinar: Mastering curl Command Line Training
Master one of the most powerful tools in a developer’s toolkit. Join us for an exclusive live webinar where Daniel Stenberg, the creator of curl, will guide you through the ins and outs of this essential command-line tool.
Register today: Mastering curl Command Line Training
Date: September 5th | 10 am PT
curl is the Swiss Army knife of Internet transfers, widely used for its robust command-line options. Over the years, new features have been continuously added, making it even more versatile.
This talk will highlight some of the most powerful and intriguing recent additions to curl, including lesser-known tricks that can enhance your command lines, expand your “tool belt,” and boost your productivity. We’ll also cover trurl, a newly created companion tool for URL manipulations that you might not yet realize you need.
Register now! This presentation could take your curl skills to the next level.
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfSSH VxWorks FIPS 140-3
Do you need SSH support for an embedded device running VxWorks and do you have a FIPS 140-3 requirement? wolfSSL has what you need: wolfSSH, an embedded SSH library running on top of our wolfCrypt FIPS library, and the wolfCrypt module holds the world’s first SP800-140Br1 FIPS 140-3 Validated, Certificate #4718.
While full FIPS 140-3 support on VxWorks isn’t here yet, stay tuned! Exciting developments are on the horizon. We’re working hard to bring this capability to you in the very near future!
Interested in learning more or preparing for what’s ahead? Email us at fips@wolfSSL.com, and let’s discuss how we can help you integrate wolfSSH into your VxWorks application and guide you through the FIPS process when the time comes.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Learn more about wolfSSL at Espressif DevCon 24
It’s Expressif DevCon season again, and everyone is excited to attend the free online Espressif Developer Conference September 3-5 2024, 13:00-18:30 CEST (3 AM to 9:30 AM Pacific). For those of you on the West Coast of the USA, the wolfSSL presentation is on Day 2 at 8:30 AM Pacific Time.
Many people have already attended live or viewed another Getting Started webinar already available on YouTube:
The wolfSSL presentation at Espressif DevCon24 will cover even more material and dive into a specific coding example of establishing your own TLS connection. We’ll also discuss how to use wolfSSL Managed Components, using various platforms such as Arduino, PlatformIO, VS Code, Visual Studio with VisualGDB, and more.
Tune in and learn more about why wolfSSL is the world’s leader in cryptographic solutions for the ESP32 and many other devices.
Check out our Espressif Examples on Github.
Ready to take your project to the next level? Not only do we have Post Quantum solutions for he ESP32, but we also recently announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.
See our prior blogs on:
- What is the difference between FIPS 140-2 and FIPS 140-3
- FIPS vs FedRAMP Compliance and Requirements
Have a specific request or questions? We’d love to hear from you. Please contact us at support@wolfSSL.com or open an issue on GitHub.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now