RECENT BLOG NEWS
Versal Support
Did you know that wolfSSL has been ported to and tested on Xilinx Versal hardware? There is support also in wolfSSL to make use of the Xilinx hardened crypto, enhancing both security and performance. Xilinx hardened crypto has accelerated crypto operations (SHA3-384 / AES-GCM / RSA / ECDSA) available on Ultrascale+ devices and is available for use with the latest and greatest Versal boards. wolfSSL makes these calls using the API from Xilinx’s XilSecure library (https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilsecure) and with the addition of Versal there was minor changes to the existing calls to make use of the new features available (ECC / RNG / AES-GCM with AAD). When benchmarking we saw well over a Gigabyte per second with AES-GCM operations in our demo and improvements in performance of RSA, ECDSA, and SHA3-384 over software only implementations.
A previous white paper going into the setup and use of wolfSSL on older Ultrascale+ devices with Xilinx hardened crypto can be found here (https://docs.xilinx.com/v/u/en-US/wp512-accel-crypto). The support for Versal along with a README can be found in the wolfSSL bundle located in IDE/XilinxSDK/.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Changes In wolfSSL for ARM Thumb-2 Builds
With wolfSSL release 5.7.4 we added the macro WOLFSSL_ARMASM_THUMB2. This macro can be defined to enable Thumb-2 ARM instruction optimizations and replaces the previous attempted autodetect on the macros __arm__ and __thumb__. Giving users complete control over which ARM assembly optimizations are compiled and used.
When building for Thumb-2 the source files beginning with thumb2-* should additionally be compiled in. If WOLFSSL_ARMASM_THUMB2 is not used then the armv8-32-* files will be used. These files are located in wolfcrypt/src/port/arm/.
The benefit of now having WOLFSSL_ARMASM_THUMB2 is that users can place all files in wolfcrypt/src/port/arm/ to be compiled and use the macro gate for selecting if the Thumb-2 section is optionally compiled or ARM32 implementation is. The armv8-32- code is very similar to the thumb2- code, but Thumb-2 is smaller in size.
For assistance with ARM optimization builds contact us at support@wolfSSL.com.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfSSL Inc. announces Rock-solid curl: long term supported curl releases
Rock-Solid curl: long term supported curl releases
EDMONDS, Wash., Nov. 11, 2024 /PRNewswire-PRWeb/ — wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, announces Rock Solid curl long term supported curl releases. Each release branch will be supported for 5 years. Only security fixes and important stability bug fixes will be merged into the branches, no new features or surprises. Rock-solid curl is available exclusively to all existing support customers released under the same distribution model as normal curl, (or a commercial license). Rock-solid curl is meant to greatly reduce the risk of regressions and yet be a safe and secure solution with full support. For the companies who want this extra level of attention. An even smoother ride. The release schedule for Rock-solid curl release branches are roughly every 18-24 months.
Rock-solid curl 8.9.2 is the first long-term support curl version. As the version number implies, it is based on the curl 8.9.1 release that shipped in July, with two security fixes and a small number of stability patches applied. All current customers under contract will receive the release.
Daniel Stenberg, the original author of curl, has been part of the wolfSSL team since 2019 and will be the primary support for the Rock-solid curl project. Daniel will provide the releases, and most of the patching and the back-porting of what is deemed necessary. Nothing changes with or happens to the original curl project and the regular curl releases because of this, the curl license remains the same. The curl releases and the release cadence remain intact. Support customers help fund the project by allowing us to pay developers.
Downloads and all Rock-solid curl information is hosted on the dedicated rock-solid.curl.dev site, separate from the open source project on curl.se.
On curl
Born in the late 1990s, curl is a client-side Internet transfer engine. Installed in over twenty billion instances it serves virtually everything that is internet connected: phones, tablets, cars, television sets, printers, medical devices, game consoles, helicopters on other planets, etc and it is an embedded component in a significant share of our most used and beloved apps, tools, games and services.
curl is the fruit and outcome from hard work by thousands of volunteers and is completely free and Open Source. The curl project is independent. It is not part of any umbrella organization or foundation and it is not owned nor controlled by any company.
curl is secure, fast and feature-rich. It is a defacto standard and key infrastructure.
About wolfSSL
wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics and other industries. In avionics, wolfSSL has support for complete RTCA DO-178C level A certification. In automotive, it supports MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2/3, with upcoming Common Criteria support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. Our products are open source, giving customers the freedom to look under the hood. wolfSSL has a mean time to release a fix for vulnerabilities of less than 36 hours, offers commercial support up to 24/7, and has the best tested cryptography and the largest team of software engineers dedicated to crypto in the market today.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Partner Webinar: wolfSSL and Infineon Technologies: Bringing TPM’s to the embedded MCU market
Enhance the security of your embedded projects by integrating TPM 2.0 technology from wolfSSL and Infineon Technologies. Join us in this informative webinar, where we’ll explore the advantages of using the wolfTPM library and Infineon Technologies’s SLB9672 (SPI) / SLB9673 (I2C) modules. Learn how these solutions provide secure key management, seamless firmware updates, and robust hardware security protection for embedded systems.
Register Now: wolfSSL and Infineon Technologies: Bringing TPM’s to the embedded MCU market
Date: November 13th | 9 AM PT
wolfTPM is the only library designed specifically for embedded systems, providing stable APIs across platforms, including bare-metal environments. Infineon Technologies further strengthens security by offering a public firmware update process for their TPMs, utilizing Post-Quantum resistant XMSS for long-term product support—an industry-leading feature that simplifies security maintenance across product life cycles.
In this webinar, you’ll discover how TPM 2.0 modules deliver critical security features, including secure storage, measured boot, and protection against side-channel attacks and physical tampering. The live demo will showcase the TPM firmware update on the PSoC6 with SLB9673, demonstrating how easily you can manage TPM updates in the field.
Webinar Agenda:
- The benefits of using TPM 2.0 modules in embedded systems
- How to simplify TPM integration using wolfTPM and Infineon Technologies’s SLB9672 (SPI) / SLB9673 (I2C) modules
- Why Infineon Technologies stands out as the only TPM vendor that supports public firmware updates using Post-Quantum XMSS, providing long-term product security
- Real-world applications of TPM
- Live Demo on TPM firmware update process on the PSoC6 with SLB9673
Don’t miss out on this opportunity to gain expert knowledge and ask questions directly to the engineers! Register today and learn how to elevate the security of your embedded MCU projects with wolfSSL and Infineon Technologies.
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Live Webinar in the Asia Pacific Time Zone: Post-Quantum Cryptography Update
Learn about the latest developments in NIST Post-Quantum Cryptography (PQC) Standards and CNSA 2.0. As the world prepares for the quantum computing era, understanding these standards is crucial for ensuring robust security protocols. wolfSSL Senior Software Developer Anthony Hu will guide you through their implications for cryptographic practices and share insights into wolfSSL’s journey in PQC. We’ll discuss our commitment to adopting quantum-resistant algorithms and the steps we’re taking to stay ahead of emerging threats.
Register Today: Post-Quantum Cryptography Update – Tailored for the Asia Pacific Time Zone
Date: November 12th | 7 PM PT / November 13th | 12 PM JST
This webinar is scheduled to accommodate participants in the Asia Pacific Time Zone.
Explore key exchange mechanisms by comparing NIKE and KEM, and see how ECC stacks up against ML-DSA and ML-KEM in performance metrics and efficiencies in a post-quantum world. Discover wolfSSL’s PQC readiness through ongoing migration efforts and partnerships with industry leaders to advance PQC standards.
This webinar will cover:
- NIST PQC Standards and CNSA 2.0 Updates
- wolfSSL’s PQC Journey: History and Current Status
- Comparing Key Exchange Mechanisms: NIKE vs. KEM
- Performance Benchmarking: ECC vs. ML-DSA and ML-KEM
- wolfSSL’s PQC Readiness, Migration Strategies, and Quantum-Resistant Solutions
- Collaborative Efforts in the PQC Landscape: Partnering with Industry Leaders
- Challenges and Barriers to PQC Migration
Don’t miss this opportunity to equip yourself with the knowledge essential for the evolving cryptographic landscape! Register Now!
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfMQTT Releases v1.19.1
wolfSSL is proud to announce the release of wolfMQTT v1.19.1!
This release fixes an issue in the Espressif example and corrects some documentation issues.
Release 1.19.1 has been developed according to wolfSSL’s development and QA process and successfully passed the quality criteria.
Check out the ChangeLog from the download for a full list of features and fixes, or contact us at facts@wolfSSL.com with any questions. While you’re there, show us some love and give the wolfMQTT project a Star!
Download the latest release or clone directly from our GitHub repository.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Switching to wolfCrypt’s Implementations of Post-Quantum Algorithms
Have you been trying out post-quantum algorithms in wolfSSL’s products? As you probably know, here at wolfSSL we have a step-wise approach to post-quantum algorithm integration:
- Define an API in wolfCrypt.
- Do an integration with an existing reference implementation (ie.: liboqs, PQM4, hash-sigs liblms, xmss-reference).
- Use these APIs in higher level libraries and products (ie.: wolfssl, wolfssh, wolfmqtt, wolfboot) to implement features.
- Invest the time and effort to write and optimize our own production grade implementation of the algorithm.
For LMS, XMSS, ML-KEM and ML-DSA the time has finally come to switch to using wolfSSL’s implementations of these algorithms. It’s very simple to do so. If you are using any of the following configure-time flags simply remove them from your configure command-line:
--with-liblms --with-libxmms --with-liboqs
Then ensure you are enabling the relevant algorithm that you are interested in. Relevant flags are:
--enable-xmss --enable-lms --enable-dilithium --enable-kyber
Once this is done, you will be using our professionally optimized and tested implementations of post-quantum algorithms.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
wolfTPM release: v3.6.0
We are proud to announce the next release of wolfTPM that includes minor bug fixes and some exciting new features. The v3.6.0 release is incremental and part of our quarterly release schedule. Each release goes through additional testing including tests on actual TPM 2.0 hardware.
This release includes minor bug fixes and new features such as:
- Provisioning the initial device (IDevID) and initial attestation (IAK)
- New key templates and examples
- New build option –enable-provisioning or WOLFTPM_PROVISIONING
- Improved support for parsing for all TPM2_GetCapability capabilities
- Improved the TPM TLS examples for use with WOLFTPM_MFG_IDENTITY
- New TPM2_Certify example
- New wolfTPM2_CreatePrimaryKey_ex API for creation ticket
- Tested support with Nations NS350 TPM
The minor issues fixed are:
- Issue with TPM2_GetRCString and RC_WARN error codes (broken in v3.4.0)
- Issue with TPM2_SetupPCRSel on some PCR selection edge cases
- Improved building without ECC or RSA or file system
The new v3.6.0 release can be downloaded on our website or on GitHub.com/wolfssl/woltpm
If you have questions about ay of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Java JSSE Support for DTLS 1.3
wolfSSL is exploring adding DTLS support, up to the current DTLS 1.3 level, to our Java JSSE provider, wolfJSSE. Are you interested in using DTLS 1.3 from Java? If so, we would like to hear more about your desired use case!
DTLS 1.3 is the latest version of the Datagram TLS (DTLS) standard, which builds upon the progressive changes of TLS 1.3. The native C implementation of the wolfSSL SSL/TLS library has supported DTLS 1.3 since June 2022 with the 5.4.0 release. Native wolfSSL supports DTLS 1.0, 1.2, and 1.3.
If you’re just learning about DTLS, a few helpful resources include our blog about What’s new in DTLS 1.3, DTLS 1.3 Benchmarks, and DTLS 1.3 Examples and Use Cases. We also have a nice webinar on “DTLS 1.3 Training” up on our YouTube channel.
If you’re interested in using DTLS from Java, reach out and let us know your preferred use case, JDK implementation, and platform at facts@wolfSSL.com.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Do you need post quantum versions of Apache, NGINX, Lighttpd, cURL, or stunnel?
Our wolfSSL library has several post-quantum algorithms built in, but on their own, they aren’t always useful. How else can the PQC algorithms be used in production? Well, one of our areas of expertise is getting other open-source projects working with wolfSSL and then getting those integrations using post-quantum algorithms. We have post-quantum integrations with multiple web servers, a web client, and a secure tunneling solution. Read on to learn more!
For a more heavy-duty and reliable web server with professional production-ready code, we have a post-quantum integration with Apache.
For a lighter-weight yet fully featured and dependable alternative, you can turn to our post-quantum enabled Nginx integration.
Our wolfSSL library excels in constrained environments as does Lighttpd. For the most bare bones environments, our lighttpd post-quantum integration is likely the right choice.
And for the client side, we have also made the cURL web client quantum-safe! See this video for instructions on how to build.
If you’ve got an application where making changes is difficult due to legacy software, we’ve got our post-quantum integration with stunnel to make your migration a breeze.
Go ahead and try out these open source integrations! We are eager for your feedback, and happy to support your efforts Whether it be as part of a hackathon or as an experiment to understand feasibility or to gather benchmarking data, trying out these integrations is a great step in your plan for migration to post-quantum algorithms.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- November 2024 (24)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)