RECENT BLOG NEWS
wolfSSL Inc. Unveils Cutting-Edge Cryptography and Network Security Solutions at Embedded World 2024
wolfSSL Inc. is a leading provider of cryptography and network security solutions, offering a comprehensive suite of products and services designed to secure embedded systems, IoT devices, and connected applications. With a commitment to innovation and excellence, wolfSSL empowers developers worldwide to build secure, scalable, and efficient solutions for the most demanding cybersecurity challenges.
EDMONDS, Wash., April 8, 2024 /PRNewswire-PRWeb/ — wolfSSL Inc. Unveils Cutting-Edge Cryptography and Network Security Solutions at Embedded World 2024
wolfSSL Inc., a globally renowned leader in cryptography and network security solutions, is thrilled to announce its participation at Embedded World 2024, scheduled to take place from April 9th to 11th in Nuremberg, Germany. The company will showcase its latest innovations and advancements in the realm of cybersecurity at Booth #4-612.
Embedded World serves as a premier platform for companies to unveil their latest technologies and engage with industry professionals, and wolfSSL is poised to make a significant impact with its array of groundbreaking products and services.
Among the highlights of wolfSSL’s showcase are:
- Kyber: A cutting-edge post quantum cryptographic algorithm designed for robust security in a variety of applications. As a Key Encapsulation Method Kyber ensures the security of symmetric key material.
- LMS (Leighton-Micali Signature): An innovative digital signature scheme offering enhanced security and efficiency. LMS is particularly valuable in today’s evolving cyber threat landscape due to its resilience against quantum computing threats.
- XMSS (eXtended Merkle Signature Scheme): A state-of-the-art digital signature scheme known for its resistance against quantum computing attacks, providing long-term security for critical systems.
- SM Ciphers: wolfCrypt now includes the Chinese SM variants of hashing, encryption, and digital signatures.
- CNSA 2.0 Support: wolfSSL demonstrates its commitment to staying ahead of evolving security standards by offering support for the latest Cryptographic Algorithm Validation Program (CAVP) requirements, including CNSA 2.0 cryptographic algorithms.
- DTLS 1.3: Datagram Transport Layer Security version 1.3, is the latest iteration of the DTLS protocol, which is based on the TLS (Transport Layer Security) protocol. It is designed to provide secure communication for datagram protocols, such as UDP (User Datagram Protocol). DTLS 1.3 brings several improvements over its predecessors, including enhanced security features, improved performance, and reduced latency. The latest version incorporates modern cryptographic algorithms and techniques, offering stronger protection against various security threats, while optimizing the protocol for better efficiency in real-world applications.
- wolfBoot: A secure bootloader solution designed to protect embedded systems from unauthorized access and tampering. wolfBoot ensures the integrity of the boot process against malicious attackers.
- wolfCrypt DO-178: A DO-178C certified cryptographic library, compliant with the rigorous safety standards required for avionics and other safety-critical systems.
“We are excited to showcase our latest innovations and technology offerings at Embedded World 2024,” said Larry Stefonic, CEO of wolfSSL Inc. “As a leading provider of cryptography and network security solutions, we are committed to empowering developers with the tools they need to build secure and resilient embedded systems. We look forward to engaging with attendees and demonstrating how our solutions can address the evolving cybersecurity challenges faced by industries worldwide.”
Visit wolfSSL at Booth #4-612 during Embedded World 2024 to learn more about their cutting-edge products and solutions, or visit wolfssl.com for additional information.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Where to find the Wolves: wolfSSL is heading to Embedded World
Secure your Embedded Projects with wolfSSL, the Best Tested Cryptography.
The wolfSSL team is heading to Embedded World Exposition and Conference April 9th through the 11th in Nuremberg Germany.
Come stop by and meet our team at Hall 4 Booth 612.
Discover how wolfSSL’s advanced security solutions can safeguard your embedded development. If you prefer to set a specific time with our engineers, email us at facts@wolfSSL.com
Protect your security assets by staying one step ahead of cyberattacks with wolfSSL’s cutting-edge cryptography. With over 2 billion connections secured, our partners trust in the best tested cryptography designed to safeguard embedded projects. Head over to wolfssl.com/download to download our open source products.
Unmatched Efficiency for Resource-Constrained Devices
- Lightweight and Portable: Written in C, wolfSSL boasts a compact footprint, 20x smaller than OpenSSL, minimizing memory usage and maximizing performance on even the most resource-constrained microcontrollers and processors. Integrate robust security into your embedded systems without sacrificing functionality or performance.
- Reduced Power Consumption: Minimizes power consumption, making it ideal for battery-powered devices and applications where extending battery life is critical. View our benchmarks.
Streamlined Development & Integration
- Simplified Development: wolfSSL provides documented and user-friendly API, allowing developers of all experiences to quickly and easily integrate secure communication into their projects.
- OpenSSL Compatibility Layer: For those familiar with OpenSSL, wolfSSL offers a compatibility layer that simplifies the transition, reducing development time and effort.
- Industry Leading Support: All of our products are backed with up to 24/7 support from our engineering team.
- Winbond Hardware Security for Secure Firmware Updates: wolfSSL supports Level Metering Scheme (LMS) compatibility. This allows wolfSSL to work with Winbond hardware-based LMS to ensure the authenticity of a firmware image during over-the-air (OTA) updates for an IoT target device. An IoT device typically uses Winbond flash memory for storage and runs wolfSSL for security. With this compatibility, the device can verify the firmware update it receives is genuine and hasn’t been tampered with before installing it. This helps to protect the device from unauthorized modifications and potential security risks. Additionally, wolfSSL can provide the secure TLS or DTLS connection to the cloud and use wolfMQTT to manage the FW update. In combination with Winbond’s ongoing hardware crypto validation, wolfSSL can deliver FIPS 140-3 compliant solutions for customers demanding the highest security and compliance.
Futureproof Security for Advanced Threats
- Industry Leading TLS 1.3 and DTLS 1.3 Support: wolfSSL ensures robust communication confidentiality, integrity, and authentication. Watch our DTLS1.3 training
- Enhanced Hardware Security: wolfSSL integrates with various hardware security solutions, including:
- Hardware encryption engines: Offload cryptographic operations for improved performance and reduced power consumption.
- Every hardware cryptography scheme wolfSSL has ever enabled: https://www.wolfssl.com/every-hardware-cryptography-scheme-wolfssl-has-ever-enabled/
- Trusted Platform Module (TPM) 2.0: Leverage the security features of TPM 2.0 for secure key storage and attestation. https://www.wolfssl.com/products/wolftpm/
- Secure Elements: Utilize tamper-resistant secure elements for the highest level of protection for sensitive data.
- Here’s all the Secure Elements and Keystores supported by wolfSSL/wolfCrypt: https://www.wolfssl.com/keystores-and-secure-elements-supported-by-wolfssl-wolfcrypt/
FIPS Compliance and Dual Licensing
- FIPS 140-2 Certified wolfCrypt Module: For applications demanding the highest level security and regulatory compliance, wolfSSL offers the FIPS 140-2 certified wolfCrypt module. https://www.wolfssl.com/license/fips/
Want to learn more information on our products?
wolfSSL
Lightweight embedded SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, and is up to 20 times smaller than OpenSSL.
- Offers a simple API, OpenSSL compatibility layer, OCSP and CRL support, and offers several progressive ciphers.
wolfCrypt
Embedded Cryptography Engine
- Lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
- Commonly used in standard operating environments as well due to royalty-free pricing and great cross platform support.
- Supports algorithms and ciphers including ChaCha20, Curve25519, NTRU, and SHA-3.
wolfSSL Support for DO-178C DAL A
Enabling Secure Boot & Secure Firmware Update for Avionics
- RTCA DO-178C level A certification.
- wolfSSL offers DO-178 wolfCrypt as a commercial off-the-shelf (COTS) solution for connected avionics applications.
- Adherence to DO-178C level A is supported through the first wolfCrypt COTS DO-178C certification kit release that includes traceable artifacts for the following encryption algorithms:
- SHA-256 and SHA-384 for message digest.
- AES for encryption and decryption.
- RSA to sign and verify a message.
- ChaCha20-Poly1305 for authenticated encryption and decryption.
- ECC to sign, verify and share secrets.
- HMAC for keyed-hashing for message authentication.
- Provides the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics.
wolfTPM
TPM 2.0 designed for embedded use. wolfTPM is highly portable – written in native C, having a single IO callback for SPI hardware interface, no external dependencies, and its compacted code with low resource usage.
- Open-source TPM 2.0 stack with backward API compatibility.
- Native support for Linux & Windows.
- RTOS and bare metal environments can use a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.
- Offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.
- Easy to compile on new platforms.
wolfMQTT
Client implementation of the MQTT written in C for embedded use.
- Message Queuing Telemetry Transport is a lightweight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required.
- Based on the Pub/Sub messaging principle of publishing messages and subscribing to topics.
- The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt), as the MQTT protocol does not provide security on its own. Constrained devices benefit from using TLS session resumption to reduce the reconnection cost.
- The wolfMQTT library is a client implementation of the MQTT written in C for embedded use. It supports SSL/TLS via the wolfSSL library. From this, it can provide the security that the MQTT protocol lacks.
- Built from the ground up to be multi-platform, space conscious and extensible. Supports all Packet Types, all Quality of Service (QoS) levels 0-2 and supports SSL/TLS using the wolfSSL library. This implementation provides support for MQTT v5.0 and MQTT v3.1.1. Including client support for MQTT-SN (Sensor Network).
wolfSSH
Lightweight SSHv2 server library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- Commonly used in standard operating environments due to royalty-free pricing and excellent cross platform support.
- wolfSSH is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfSSL.com
wolfBoot
Secures the boot process of your device against malicious attacks that seek to replace your firmware and take control of your device, and/or steal its data.
- Portable secure bootloader that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Please email us at facts@wolfSSL.com with any questions about Secure Boot.
wolfSentry
A universal, dynamic, embedded IDPS (intrusion detection and prevention system)
- Dynamic Firewall Engine: Analyzes network traffic for suspicious activity using static and dynamic rules.
- User-defined Actions: Allows customization of responses to detected threats.
- Integration with wolfSSL Products: Works seamlessly with wolfSSL libraries for a holistic security solution.
- Zero-Configuration Option: Easy setup for developers.
- Dynamic Configuration: Flexible control through API or text inputs.
- Advanced Features (under development): Remote logging, configuration, and status queries.
- Low Resource Footprint designed for Embedded Systems: Well-suited for RTOS, ARM processors, and other embedded devices.
- Lightweight: Adds as little as 64k to code size and leverages existing application logic.
curl/tiny-curl Support
Computer software project providing a library for transferring data using various protocols.
wolfSSL JSSE Provider and JNI Wrapper
For Java applications that wish to leverage the industry-leading wolfSSL SSL/TLS implementation for secure communication.
wolfCrypt JNI and JCE Provider
For Java developers who want to leverage the industry-leading wolfCrypt cryptography library implementation, wolfCrypt JNI provides a Java interface to the native C library.
wolfCLU
wolfSSL’s portable command line utility.
- Handles common cryptographic operations, such as certificate parsing and key generation, for easier usage than writing an application from scratch.
- Ideal for customers who want to do simple crypto operations without writing an application.
Let’s connect, get in contact with us today.
If you have questions about any of the above or would like to schedule a meeting with us, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Partner Webinar: Increased Cybersecurity Resiliency through System Architecture – Best Practices
We’re excited to announce our partner webinar with Lynx and RunSafe Security on “Increased Cybersecurity Resiliency through System Architecture – Best Practices” scheduled for April 10th at 9am PT. wolfSSL Software Engineer, Tesfa Mael, along with Dr. Justin Pearson, Director of System Architecture at Lynx, and Doug Britton, Chief Strategy Officer and Director at RunSafe Security will be leading the discussion.
Watch the webinar here: Increased Cybersecurity Resiliency through System Architecture – Best Practices
In today’s landscape, where cyber threats against unmanned systems are escalating, the need to strengthen defenses has never been more pressing. With over 12,000 cyber incidents targeting unmanned systems recorded between 2015 and 2021, it’s clear that proactive measures are essential.
During this webinar, you’ll explore crucial topics such as:
- Utilizing Open Source Safely: Learn how to leverage open-source technologies like Linux and containers securely to bolster your system’s resilience against cyber threats.
- Validating System Components: Explore the importance of verifying hardware and software components to identify vulnerabilities and fortify your defense mechanisms.
- Implementing Containment Strategies: Discover effective strategies to mitigate the impact of cyberattacks and unintentional breaches, minimizing potential damages and disruptions to your operations.
Don’t miss this invaluable opportunity to gain insights from industry experts and strengthen the cyber defenses of your organization. Watch today.
Our webinars always include Q&A sessions. If you have any questions about any of the above, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Post Quantum Key Share on the Espressif ESP32
Recently we announced that wolfSSL’s Kyber ML-KEM Implementation now Included free of charge for commercial customers. Our PQ Kyber implementation works on nearly any size of device, including the Espressif ESP32. Here are the instructions on configuring the test server and client:
ESP32 Server Application Settings
To enable Kyber, just add these lines to the user_settings.h file:
#define WOLFSSL_EXPERIMENTAL_SETTINGS #define WOLFSSL_HAVE_KYBER #define WOLFSSL_WC_KYBER #define WOLFSSL_SHA3
Next, in the code after the creation of an ssl object:
ssl = wolfSSL_new(ctx));
Simply add this line:
wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
If successful, the function will return a code of SSL_SUCCESS.
The listening server needs a minimum stack size of approximately 10K bytes.
Linux Client Application Settings
To test with the wolfSSL client, configure wolfSSL to enable the experimental Kyber features:
./configure --enable-kyber=all --enable-experimental
Connect to the listening ESP32 server like this:
./examples/client/client -h 192.168.1.38 -v 4 \ -l TLS_AES_128_GCM_SHA256 \ --pqc KYBER_LEVEL5
The resulting output should look like this:
Using Post-Quantum KEM: KYBER_LEVEL5 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_128_GCM_SHA256 I hear you fa shizzle!
Linux Server Application Settings
To test with the wolfSSL client, configure wolfSSL as shown above for the client, and use this example:
./examples/server/server -v 4 \ -l TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
The TLS 1.3 server will quietly listen on port 11111. Upon a successful connection from a client, the resulting output should look something like this:
Using Post-Quantum KEM: KYBER_LEVEL5 SSL version is TLSv1.3 SSL cipher suite is TLS_AES_128_GCM_SHA256 Client message: hello wolfssl!
Keep in mind various local firewall rules may need to be adjusted to allow a port 11111 connection. How to determine if there’s a firewall issue? Check WireShark for TCP Retransmission packets that might look something like this:
Are you interested in trying our Post Quantum in your project? Let us know!
Find out more
If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.
Download wolfSSL Now
wolfBoot: secure boot and more | Unique features to assist and optimize firmware updates
Secure boot. Simple, compact, safe.
wolfBoot is the universal secure bootloader designed for embedded systems. Its main task is to ensure that only a trusted firmware image can run on the target device, as indicated by RFC9019. To do so, it uses signature verification on the firmware image every time the device starts or when a firmware update is received, OTA or through any custom transport.
wolfBoot relies on wolfCrypt cryptographic engine to support the widest range of
options for signature verification algorithms, including ECC-256, RSA up to 4096 bit, Ed25519 and Ed448, and up to post-quantum algorithms such as LMS/HSS and XMSS
Thanks to a wide choice of hardware security modules and crypto co-processors supported by wolfCrypt, wolfBoot can offload all cryptographic operations to dedicated hardware components when available, cutting down boot time and run-time resources.
Support for Post-quantum cryptography
wolfBoot’s support for Post-Quantum Cryptography (PQC) firmware authentication introduces a robust layer of security to embedded systems, ensuring resilience against emerging threats posed by quantum computing advancements. Leveraging schemes like Leighton-Micali Signature (LMS) with Hash-based Merkle Signature Scheme (HSS) or eXtended Merkle Signature Scheme (XMSS), as well as its multi-tree variant, XMSS^MT, wolfBoot secures its firmware authentication mechanism against potential quantum attacks. By integrating these advanced techniques into the bootloader, wolfBoot ensures the integrity of firmware updates for future-proof systems, against the constantly evolving cryptographic attacks.
Secure boot for all systems
wolfBoot does not depend on any specific libraries, except for wolfCrypt. It does not rely on any operating system environment, driver, platform or toolchains.
wolfBoot can secure the entire boot process of any standalone applications as well as complex operating systems, from small class-I microcontrollers up to Rich Execution Environments, on a wide range of microcontrollers and processors architectures (ARM, x86, PowerPc, RISC-V, x86 and more).
Native ports are available for the majority of common embedded targets and evaluation boards. In cases where a native port isn’t readily accessible, wolfSSL extends its engineering services to prioritize porting efforts, ensuring compatibility across virtually any platforms.
Key management tools
The key command line tools, ‘sign’ and ‘keygen’ (for Windows, Linux, MacOS), distributed along with wolfBoot, follow the development of all the features supported by the bootloader to the latest version. They are easy to use, widely documented, and simple to integrate with any deploy mechanism and back-end update services.
Retrofitting existing non-secure bootloaders
Already using your very own bootloader in your existing project? Do not worry. wolfBoot can be integrated with your current solution, by including one single .c file to your old bootloader code.
For existing bootloaders lacking support for secure boot, wolfBoot can in fact be effortlessly integrated as a library, exposing an API for verifying the authenticity and integrity of firmware. This integration enables the utilization of host tools for key management and firmware signing, leveraging the compatibility of wolfBoot’s manifest header for streamlined firmware update processes.
Roll-back: the bootloader “rescue” mode
wolfBoot stores a copy of the old firmware that gets replaced during the update. Mistakes can happen when building or transmitting a firmware update: even if the firmware is trusted and authenticated by wolfBoot it might still introduce bugs and issues in the field that may prevent the device from being reachable again. For this reason, wolfBoot implements a mechanism that requires the firmware to confirm that the system is working as expected after the update. In absence of this confirmation, at the next reboot wolfBoot considers the update as failed, and restores the original image from the backup taken during the update.
Use any external storage, with built-in confidentiality
Some microcontrollers may not have enough flash space to accommodate two versions of the firmware in the internal FLASH. The only requirement on these systems is normally that only the current executing firmware image should be stored in FLASH, where it can be eXecuted in Place (XiP). Most systems don’t support XiP on external storage supports, but that space can still be allocated to store updates and host the swap space required by wolfBoot to perform the update.
Thanks to a transparent, generic external flash interface, wolfBoot can use any external non-volatile memory support to host update and swap partitions, maximizing the space available in the internal FLASH for the running software.
Neighbor systems can host a virtual partition for the wolfBoot target, using any communication bus to implement remote, emulated memory access.
Encryption and decryption is done at runtime by wolfBoot when accessing these external storage devices for writing and reading, respectively. This mechanism prevents wiretapping or intercepting the firmware images when they are transferred on the BUS (SPI, CAN, Uart,…) that connects to the storage device.
Examples distributed with wolfBoot showcase this feature, with common SPI FLASH targets, and emulated remote storage, on a neighbor system via UART.
HSM support, wolfTPM integration, measured boot
wolfBoot inherits from wolfCrypt the capability to access hardware-assisted functionality offered by Hardware Security Modules (HSMs).
Through wolfTPM‘s integration, wolfBoot strengthens the security of firmware updates but also establishes a robust foundation for safeguarding critical assets and maintaining the trustworthiness of embedded systems. Through wolfTPM’s support, wolfBoot enables measured boot processes, ensuring the integrity of the entire boot chain and providing robust protection against tampering and unauthorized modifications of both hardware and software components. wolfTPM facilitates the implementation of advanced security policies, utilizing Platform Configuration Registers (PCRs) to unlock secrets and enforce access controls in accordance.
Self-update: can a secure bootloader update itself?
wolfBoot offers the possibility to authenticate and install a newer version of itself. A special update package can be created with the key tools, containing an update for the bootloader itself. wolfBoot will parse, authenticate and install the update by temporarily executing a copy of itself in RAM.
Incremental updates: faster OTA transfers with “delta updates”
wolfBoot supports incremental updates, based on a specific older version. Thesign tool can create a small “patch” that only contains the binary difference between the version currently running on target and the update package, a ‘delta update’ package. This package is processed by wolfBoot to reconstruct a complete image of the resulting update. The authenticity of the update is verified twice: first when the package is received before applying the patch, and then after the patch is applied, every time the new firmware is staged for boot.
Where has wolfBoot been ported so far?
- STM32: nearly all models (STM32C0, STM32F0, STM32G0, STM32L0, STM32F4, STM32L4, STM32L5, STM32H5, STM32H7, STM32U5, STM32WB)
- NXP: LPC54xxx, i.MX-RT10xx, K64F, K83F, MCXA, P1020, T1024, T2080
- Microchip: SAM R21, SAM E51, PSoC6
- Renesas: RA6M4, RX72N, RZN2L
- Nordic: nRF52
- TI “Hercules” TMS570
- SiFive: HiFive1 RISCV RV32 microcontroller
- Cortex-A Microprocessors: Xilinx Ultrascale Zynq+, Raspberry PI
- x86_64bit: as UEFI application
- x86_64 Intel Tigerlake: native BIOS replacement using Intel FSP
Porting wolfBoot to a new target is easy. Our HAL API consists of only six mandatory functions to be implemented to perform target-specific clock initialization and interact with the non-volatile memory containing the signed software images.
What feature would you like to see in the next release of wolfBoot? Contact us at facts@wolfSSL.com with any comments or questions!
Check out our GitHub page for the full documentation, and to stay up to date with our latest developments. And while you are there, consider giving the wolfBoot project a star!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247
Download wolfSSL Now
What does wolfSSL do to mitigate against attacks similar to the xz/liblzma malware in OpenSSH?
A recent backdoor breach in Debian SSH connections, facilitated by an adversarial code contribution to the xz/liblzma project[1], underscores the need for rigorous vetting of code, contributors and intent. wolfSSL Inc. implements stringent procedures to prevent scenarios like malicious code merges.
For non-employee code contributors:
- An authorized wolfSSL Inc. employee provides written acceptance to evaluate proposed code changes, signaling to other employees that the changes have been vetted for suspect code patterns and desirable content is present in the proposal
- wolfSSL Inc. conducts a legal review of contributors’ signed agreements and approval history, considering factors such as organizational changes and the ongoing justification for contribution irrespective of desirable content.
- wolfSSL Inc requires a written explanation from the author summarizing the benefits of the proposed change and project involvement justifying the proposal.
- Prior to code merge, all continuous integration tests must pass, including static and dynamic analysis. Performance and resource criteria must also be met, confirming no significant negative impact on throughput, performance, or binary object size.
- Prior to code merge, and in addition to the first authority approval, 1-4 wolfSSL Inc employees must review the code for final approval. Unreviewed code is never merged.
Internally, code changes from employees are also thoroughly vetted, including an identical code review process:
- wolfSSL Inc requires a written explanation from the employee author summarizing the benefits of the proposed change.
- Prior to code merge, all continuous integration tests must pass, including static and dynamic analysis and performance criteria.
- Prior to code merge, 1-3 additional wolfSSL Inc employees must review the code for final approval. Unreviewed code is never merged.
On a daily basis, all code is subjected to extensive offline analysis, targeting a wide variety of systems and configurations. Historical, current, and prerelease toolchains and analyzers are used in vetting. Before tagging a release, wolfSSL has a policy of zero reported defects from the continuously updating and expanding mainline automated analysis suite.
These processes exemplify wolfSSL Inc.’s commitment to safeguarding source code against malicious backdoor introductions, and other suspect code patterns, intentional or otherwise.
References
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Introducing wolfPKCS11 Release v1.3.0: Enhanced Visual Studio Support and Bug Fixes
We are thrilled to announce the release of wolfPKCS11 v1.3.0, packed with exciting enhancements and bug fixes aimed at elevating usability and reliability. Let’s delve into the highlights and their associated benefits:
Summary:
- Visual Studio Support: Now compatible with Visual Studio, offering a seamless development experience for Windows-based projects.
- Resolved Cast Warnings and Portability Issues: Addressed various cast warnings and portability concerns, ensuring smoother execution across different environments. Users can now enjoy improved stability and compatibility.
Details:
- Visual Studio Compatibility (PR #28): Introduced Visual Studio support, including compatibility with the Windows Trusted Platform Module (TPM) via the Windows Trusted Computing Base Services (TBS) interface. The Visual Studio example includes optional TPM 2.0 support using wolfTPM to demonstrate a PKCS11 provider with TPM based keys and optional TPM keystore. This example also includes optional support for building with our FIPS ready bundle available from the wolfssl.com website.
- Enhanced Library Versioning (PR #29): Reworked shared library versioning for improved consistency and compatibility. This ensures smoother integration with existing systems and simplifies the management of library dependencies, promoting a more seamless development experience.
- Enhanced C_GetAttributeValue Behavior (PR #27): Fixed issues with C_GetAttributeValue erroneously reporting CKR_ATTRIBUTE_VALUE_INVALID when data was NULL. This ensures consistent and accurate handling of attribute values, enhancing overall reliability and data integrity.
- Optimized Variable Handling (PR #28): Resolved cast warnings and potential use of uninitialized variables, enhancing code robustness and reducing the risk of runtime errors. Developers can now write cleaner, more efficient code with confidence.
- Improved Portability (PR #28): Addressed portability issues related to WOLFPKCS11_USER_SETTINGS, ensuring seamless operation across diverse platforms and environments. This enhances deployment flexibility and simplifies cross-platform development.
This release represents our unwavering commitment to providing a powerful, user-friendly cryptographic solution. Experience the benefits firsthand by exploring wolfPKCS11 v1.3.0 today. For detailed release notes and additional information, please visit our website.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Infineon wolfSSL Modus Toolbox Support and wolfTPM Firmware upgrade support
We are pleased to announce support for updating the Infineon TPM firmware in wolfTPM.
Infineon is the first TPM vendor to open source their firmware update procedure and process in their latest Infineon SLB9672 (SPI) and SLB9673 (I2C) versions of the TPM 2.0 module. This requires a high level of confidence in their update process to do this.
wolfTPM is the only library to integrate built-in support for updating TPM firmware.
wolfTPM is also the only production grade open source TPM library to support running in bare-metal and space constrained embedded environments.
Additionally we have added support for using wolfSSL and wolfTPM with the Modus Toolbox examples and boards. We are working with Infineon to make these part of the standard libraries available.
We will be demonstrating these new features with the Infineon SLB9673 on an Infineon PSoC6 during the upcoming Embedded World in Nuremburg, Germany April 9-11, 2024. Find us at the TCG (Hall 1 Booth 500) or wolfSSL (Hall 4 Booth 612).
If you are interested in trying this out see the following pull requests:
Support for Infineon SLB9672/SLB9673 Firmware upgrade
https://github.com/wolfSSL/wolfTPM/pull/339
Support for Infineon Modus Toolbox with wolfSSL
https://github.com/wolfSSL/wolfssl/pull/7369
Support for wolfSSL with Infineon Modus Toolbox
https://github.com/Infineon/secure-sockets/pull/1
The full TPM example on the PSoc6 has been pushed here:
https://github.com/dgarske/wolf-examples
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Where to find the Wolves: wolfSSL is heading to Embedded World
Secure your Embedded Projects with wolfSSL, the Best Tested Cryptography.
The wolfSSL team is heading to Embedded World Exposition and Conference April 9th through the 11th in Nuremberg Germany.
Come stop by and meet our team at Hall 4 Booth 612.
Discover how wolfSSL’s advanced security solutions can safeguard your embedded development. If you prefer to set a specific time with our engineers, email us at facts@wolfSSL.com
Protect your security assets by staying one step ahead of cyberattacks with wolfSSL’s cutting-edge cryptography. With over 2 billion connections secured, our partners trust in the best tested cryptography designed to safeguard embedded projects. Head over to wolfssl.com/download to download our open source products.
Unmatched Efficiency for Resource-Constrained Devices
- Lightweight and Portable: Written in C, wolfSSL boasts a compact footprint, 20x smaller than OpenSSL, minimizing memory usage and maximizing performance on even the most resource-constrained microcontrollers and processors. Integrate robust security into your embedded systems without sacrificing functionality or performance.
- Reduced Power Consumption: Minimizes power consumption, making it ideal for battery-powered devices and applications where extending battery life is critical. View our benchmarks.
Streamlined Development & Integration
- Simplified Development: wolfSSL provides documented and user-friendly API, allowing developers of all experiences to quickly and easily integrate secure communication into their projects.
- OpenSSL Compatibility Layer: For those familiar with OpenSSL, wolfSSL offers a compatibility layer that simplifies the transition, reducing development time and effort.
- Industry Leading Support: All of our products are backed with up to 24/7 support from our engineering team.
Futureproof Security for Advanced Threats
- Industry Leading TLS 1.3 and DTLS 1.3 Support: wolfSSL ensures robust communication confidentiality, integrity, and authentication. Watch our DTLS1.3 training
- Enhanced Hardware Security: wolfSSL integrates with various hardware security solutions, including:
- Hardware encryption engines: Offload cryptographic operations for improved performance and reduced power consumption.
- Every hardware cryptography scheme wolfSSL has ever enabled: https://www.wolfssl.com/every-hardware-cryptography-scheme-wolfssl-has-ever-enabled/
- Trusted Platform Module (TPM) 2.0: Leverage the security features of TPM 2.0 for secure key storage and attestation. https://www.wolfssl.com/products/wolftpm/
- Secure Elements: Utilize tamper-resistant secure elements for the highest level of protection for sensitive data.
- Here’s all the Secure Elements and Keystores supported by wolfSSL/wolfCrypt: https://www.wolfssl.com/keystores-and-secure-elements-supported-by-wolfssl-wolfcrypt/
FIPS Compliance and Dual Licensing
- FIPS 140-2 Certified wolfCrypt Module: For applications demanding the highest level security and regulatory compliance, wolfSSL offers the FIPS 140-2 certified wolfCrypt module. https://www.wolfssl.com/license/fips/
Want to learn more information on our products?
wolfSSL
Lightweight embedded SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, and is up to 20 times smaller than OpenSSL.
- Offers a simple API, OpenSSL compatibility layer, OCSP and CRL support, and offers several progressive ciphers.
wolfCrypt
Embedded Cryptography Engine
- Lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
- Commonly used in standard operating environments as well due to royalty-free pricing and great cross platform support.
- Supports algorithms and ciphers including ChaCha20, Curve25519, NTRU, and SHA-3.
wolfSSL Support for DO-178C DAL A
Enabling Secure Boot & Secure Firmware Update for Avionics
- RTCA DO-178C level A certification.
- wolfSSL offers DO-178 wolfCrypt as a commercial off-the-shelf (COTS) solution for connected avionics applications.
- Adherence to DO-178C level A is supported through the first wolfCrypt COTS DO-178C certification kit release that includes traceable artifacts for the following encryption algorithms:
- SHA-256 and SHA-384 for message digest.
- AES for encryption and decryption.
- RSA to sign and verify a message.
- ChaCha20-Poly1305 for authenticated encryption and decryption.
- ECC to sign, verify and share secrets.
- HMAC for keyed-hashing for message authentication.
- Provides the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics.
wolfTPM
TPM 2.0 designed for embedded use. wolfTPM is highly portable – written in native C, having a single IO callback for SPI hardware interface, no external dependencies, and its compacted code with low resource usage.
- Open-source TPM 2.0 stack with backward API compatibility.
- Native support for Linux & Windows.
- RTOS and bare metal environments can use a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.
- Offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.
- Easy to compile on new platforms.
wolfMQTT
Client implementation of the MQTT written in C for embedded use.
- Message Queuing Telemetry Transport is a lightweight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required.
- Based on the Pub/Sub messaging principle of publishing messages and subscribing to topics.
- The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt), as the MQTT protocol does not provide security on its own. Constrained devices benefit from using TLS session resumption to reduce the reconnection cost.
- The wolfMQTT library is a client implementation of the MQTT written in C for embedded use. It supports SSL/TLS via the wolfSSL library. From this, it can provide the security that the MQTT protocol lacks.
- Built from the ground up to be multi-platform, space conscious and extensible. Supports all Packet Types, all Quality of Service (QoS) levels 0-2 and supports SSL/TLS using the wolfSSL library. This implementation provides support for MQTT v5.0 and MQTT v3.1.1. Including client support for MQTT-SN (Sensor Network).
wolfSSH
Lightweight SSHv2 server library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- Commonly used in standard operating environments due to royalty-free pricing and excellent cross platform support.
- wolfSSH is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfSSL.com
wolfBoot
Secures the boot process of your device against malicious attacks that seek to replace your firmware and take control of your device, and/or steal its data.
- Portable secure bootloader that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Please email us at facts@wolfSSL.com with any questions about Secure Boot.
wolfSentry
A universal, dynamic, embedded IDPS (intrusion detection and prevention system)
- Dynamic Firewall Engine: Analyzes network traffic for suspicious activity using static and dynamic rules.
- User-defined Actions: Allows customization of responses to detected threats.
- Integration with wolfSSL Products: Works seamlessly with wolfSSL libraries for a holistic security solution.
- Zero-Configuration Option: Easy setup for developers.
- Dynamic Configuration: Flexible control through API or text inputs.
- Advanced Features (under development): Remote logging, configuration, and status queries.
- Low Resource Footprint designed for Embedded Systems: Well-suited for RTOS, ARM processors, and other embedded devices.
- Lightweight: Adds as little as 64k to code size and leverages existing application logic.
curl/tiny-curl Support
Computer software project providing a library for transferring data using various protocols.
wolfSSL JSSE Provider and JNI Wrapper
For Java applications that wish to leverage the industry-leading wolfSSL SSL/TLS implementation for secure communication.
wolfCrypt JNI and JCE Provider
For Java developers who want to leverage the industry-leading wolfCrypt cryptography library implementation, wolfCrypt JNI provides a Java interface to the native C library.
wolfCLU
wolfSSL’s portable command line utility.
- Handles common cryptographic operations, such as certificate parsing and key generation, for easier usage than writing an application from scratch.
- Ideal for customers who want to do simple crypto operations without writing an application.
Let’s connect, get in contact with us today.
If you have questions about any of the above or would like to schedule a meeting with us, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: wolfSSL Training Week
Ready to boost your cybersecurity expertise? Join wolfSSL for an exclusive Training Webinar, wolfSSL Training Week. Part 1 is scheduled for April 3rd at 10 am PT, followed by Part 2 on April 4th at 10 am PT! Led by wolfSSL Engineering Manager, Chris Conlon, this comprehensive session caters to both beginners and seasoned professionals, offering invaluable insights into cybersecurity.
Watch the webinar here: wolfSSL Training
Sneak peek of the webinar
- High-Level Intro to Network Security Protocols
- SSL/TLS Protocol and Basic Library Usage
- Finding the Correct Root CA and Debugging wolfSSL
- DTLS Usage and wolfSSL PSK Usage
- wolfSSL and TLS 1.3
And much more!
Don’t miss out on this chance to enhance your cybersecurity knowledge with wolfSSL! Watch it now!
Secure your future in cybersecurity with wolfSSL!
As always, our webinars include Q&A sessions throughout. If you have any questions, please reach out to us at facts@wolfSSL.com or call +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- December 2024 (15)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)