RECENT BLOG NEWS
Every hardware cryptography scheme wolfSSL has ever enabled in 2024
At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of true random number generators. For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.
Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.
If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:
- AES-NI: Intel 64 and IA-32 Xeon and Core, and AMD Zen processor families.
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit References:
-
AVX1/AVX2: Intel and AMD x86.
SHA3, SHA2 SHA-256, SHA-384, SHA-512 AES–GCM 128, 192, 256 bits ChaCha20-Poly1305 256 bit AEAD stream cipher Poly1305 References:
- https://www.wolfssl.com/wolfssl-performance-intel-x86_64-part-2/
- https://www.wolfssl.com/wolfssl-performance-intel-x86_64-part-3/
- https://www.wolfssl.com/intels-extended-instructions-accelerates-hash-algorithms/
-
Intel ADX and BMI2: Intel and AMD x86.
RSA Curve25519 256 bit Ed25519 256 bit References:
- https://www.wolfssl.com/wolfssl-performance-intel-x86_64-part-5/
- https://www.wolfssl.com/wolfssl-performance-intel-x86_64-part-6/
-
RDRAND/RDSEED: Intel 64 and IA-32, and AMD Zen processor families.
RNG References:
- https://www.intel.com/content/www/us/en/developer/articles/guide/intel-digital-random-number-generator-drng-software-implementation-guide.html
- https://www.amd.com/content/dam/amd/en/documents/pdfs/developer/aocl/amd-secure-random-number-generator-library-2.0-whitepaper.pdf
- Platform Security Architecture (PSA) Crypto API:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit SHA2 SHA-224, SHA-256 SHA1 ECC 256 bit (NIST-P256) RNG References:
- https://www.wolfssl.com/platform-security-architecture-psa-crypto-api-support-wolfssl/
- https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/src/port/psa
- NXP Coldfire SEC: (MCF547X and MCF548X family of processors)
AES–CBC 128, 192, 256 bit 3DES–CBC 192 bit DES–CBC 64 bit References:
-
NXP Coldfire CAU/mmCAU: (NXP Coldfire and Kinetis)
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit 3DES SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 MD5 References:
- https://www.wolfssl.com/docs/nxp/
- https://www.wolfssl.com/improved-nxp-mmcau-crypto-hardware-performance/
- https://www.wolfssl.com/improved-nxp-mmcau-crypto-hardware-performance-2/
-
STMicroeletronics: STM32H753ZI, STM32F437, STM32L4A6Z, STM32L562E, STM32F777, STM32U585
AES–GCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit SHA2 SHA-224, SHA-256 RNG References:
- https://github.com/wolfSSL/wolfssl/blob/master/IDE/STM32Cube/STM32_Benchmarks.md
- https://www.wolfssl.com/docs/benchmarks/#stm32
- https://www.wolfssl.com/docs/benchmarks/#stm32f777ni
- STMicroeletronics: STM32WB55, STM32WL55
AES–CBC 128, 192, 256 bit SHA2 SHA-256 ECC 256 bit (NIST-P256) RNG References:
- https://github.com/wolfSSL/wolfssl/blob/master/IDE/STM32Cube/STM32_Benchmarks.md
- https://www.wolfssl.com/support-stm32_pka-accelerator/
-
Marvell (Cavium) Nitrox V and III:
AES–GCM 128 bit AES–CBC 128, 192, 256 bit RSA 2048 bit ECC ECDSA RNG References:
- https://www.wolfssl.com/wolfssl-asynchronous-support/
- https://www.wolfssl.com/wordpress/wp-content/uploads/2018/04/wolfssl_async.pdf
-
Marvell (Cavium) Octeon II/III:
AES–GCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit 3DES–CBC References:
- https://www.wolfssl.com/wolfssl-on-cavium-octeon/
- https://github.com/wolfSSL/wolfAsyncCrypt/blob/master/wolfcrypt/src/port/cavium/README_Octeon.md
-
Microchip PIC32 MX/MZ:
AES–CTR 128, 192, 256 bit AES–CBC 128, 192, 256 bit DES/3DES–CBC 64 bit / 192 bit SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 MD5 References:
-
Texas Instruments Crypto Connected Launchpad: (TI TM4C series boards)
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit DES–CBC 64 bit 3DES–CBC 192 bit SHA2 SHA-224, SHA-256 SHA1 MD5 References:
-
Nordic NRF5x:
AES–ECB 128 bit RNG References:
- https://www.wolfssl.com/true-random-vs-pseudorandom-number-generation/
- https://www.wolfssl.com/wolfssl-on-nordic-nrf52/
-
Microchip/Atmel ATECC508A/ATECC608A:
ECC 256 bit (NIST-P256) References:
- https://www.wolfssl.com/docs/atmel/
- https://www.wolfssl.com/wolfssl-support-atecc508aatecc608a-crypto-coprocessor-2/
- https://www.wolfssl.com/using-wolfssl-on-the-atmel-atecc508a-with-tls-1-3-tls13/
-
Espressif ESP32: ESP32, ESP32-C3, ESP32-C6, ESP32-S2, ESP32-S3.
AES–GCM 128, 192, 256 bits AES–CBC 128, 192, 256 bits RSA Up to 4096 bits SHA2 SHA-224, SHA-256, SHA-384, SHA-512 SHA1 RNG Note: Support for all AES/RSA bit sizes and truncated SHA2 acceleration will vary across devices. E.g. no AES-192 HW on the S2, S3, and no SHA-384, SHA-512 HW support on C3, C6. Consult the user_settings.h in reference 3 for more info.
References:
- https://www.wolfssl.com/docs/espressif/
- https://www.wolfssl.com/espressif-risc-v-hardware-accelerated-cryptographic-functions-up-to-1000-faster-than-software/
- https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
-
ARMV8:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit SHA256 References:
-
Arm® TrustZone® CryptoCell-310: nRF52840.
RSA 2048 bit AES–CBC 128, 192, 256 bit ECC 256 bit ECDSA 256 bit SHA256 RNG References:
- Intel QuickAssist Technology:
RSA 2048 bits AES–GCM 128, 192, 256 bits AES–CBC 128, 192, 256 bits 3DES SHA2 SHA-256, SHA-384, SHA-512 SHA1 HMAC SHA1, SHA2 MD5 References:
-
NXP LTC (KSDK):
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bit AES–CBC 128, 192, 256 bit AES–ECB 128, 192, 256 bit AES–CTR 128, 192, 256 bit DES/3DES ECC 256 bit ECDSA 256 bit Curve25519 256 bit Ed25519 256 bit SHA2 SHA-256, SHA-384, SHA-512 SHA1 HMAC SHA1, SHA2 MD5 References:
- https://www.wolfssl.com/docs/nxp/
- https://www.wolfssl.com/nxp-kinetis-k8x-ltc-support-for-pki-rsaecc-with-tls13/
-
NXP SE050:
ECC 256 bit ECDSA 256 bit Curve25519 256 bit Ed25519 256 bit RNG References:
- https://www.wolfssl.com/ssltls-support-nxp-se050-wolfssl/
- https://www.wolfssl.com/wolfssl-nxp-se050-support-update/
- https://www.wolfssl.com/wolfssl-support-nxp-se050-scp03/
- https://www.wolfssl.com/wolfssl-nxp-se050-support-benchmarks/
- CAAM: NXP i.MX 6, i.MX 7, and i.MX 8
- https://www.wolfssl.com/caam-supported-wolfssl/
- https://www.wolfssl.com/docs/benchmarks/#nxp_i.mx6
- https://www.wolfssl.com/mx6-caam-integrity-os/
- https://www.wolfssl.com/caamqnxi-mx8/
-
Silicon Labs EFR32:
AES–GCM 128, 192, 256 bits AES–CCM 128, 192, 256 bits AES–CBC 128, 192, 256 bit SHA2 SHA-224, SHA-256 SHA1 ECC 256 bit ECDSA 256 bit RNG References:
-
Renesas RX65N and RX72N:
AES–GCM 128, 256 bits AES–CBC 128, 256 bit SHA2 SHA-256, SHA-512 SHA1 HMAC SHA1, SHA2 RNG References:
- https://www.wolfssl.com/docs/renesas/
- https://www.wolfssl.com/docs/wolfssl-renesas-tsip/
- https://www.wolfssl.com/support-renesas-tsip-v1-13-rx72n/
- https://www.wolfssl.com/docs/benchmarks/#renesasrx65n
- Renesas Synergy DK-S7G2:
RSA 2048 bits AES–CBC 128 bit SHA2 SHA-256 SHA1 HMAC SHA1, SHA2 ECC 256 bit ECDSA 256 bit References:
-
Cypress PSoC6 (32-bit Arm Cortex M4):
SHA2 SHA-256, SHA-512 ECC Supports up to NIST P-521 -
Xilinx Versal:
AES–GCM 256 bits RSA 2048 bit ECC NIST P-384, P-521 SHA3 SHA-384 RNG References:
- Xilinx Zynq UltraScale+ MPSoC:
AES–GCM 256 bits RSA 2048, 4096 bits SHA3 SHA-384 References:
- https://www.wolfssl.com/wolfssl-running-xilinx-versal-hardware-encryption/
- https://docs.xilinx.com/v/u/en-US/wp512-accel-crypto
-
MAXQ1065 and MAXQ1080:
AES–GCM 128, 192, 256 bit AES–CCM 128, 192, 256 bits ECC NIST P-256 SHA2 SHA-256 References:
AES–GCM | 128, 192, 256 bits |
AES–CCM | 128, 192, 256 bits |
AES–CTR | 128, 192, 256 bits |
AES–XTS | 128, 192, 256 bits |
ECC | |
Curve25519 | 256 bit |
SHA2 | SHA-256, SHA-384, SHA-512 |
SHA1 | |
HMAC | SHA1, SHA2 |
References:
Do you have a platform requiring hardware cryptographic support that isn’t on our list? Or are you curious about benchmarking? Reach out to us at facts@wolfSSL.com with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
cURL Up 2024 – Save The Date
Exciting news from cURL! We’re thrilled to announce the return of curl-up, scheduled to take place in Stockholm, Sweden from May 4th to the 5th! Our goal is to bring the community together for an unforgettable weekend of collaboration and learning.
We’re inviting all curl contributors, maintainers and fans to join us. Perfect opportunity for you to engage with Daniel Stenberg, the cURL founder, and maintainer of cURL, as well as other speakers and industry experts.
Save the date
- Date: May 4th to the 5th
- Location: Stockholm, Sweden
Stay updated on event details, including venue and agenda, on our dedicated web page, curl-up 2024. We’re open to agenda suggestions. Share your ideas on a curl mailing list or in the discussions section.
We would like to support our top-100 contributors with traveling and lodging expenses. Please read the funding attendance to see the regulation and eligibility requirements.
Registration is mandatory. Register now to secure your space! Let’s make curl-up 2024 an unforgettable weekend. See you there!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.
Download wolfSSL Now
wolfSSH 1.4.17 Now Available!
We are excited to announce the release of wolfSSH version 1.4.17, which comes packed with several improvements, new features, and important fixes to enhance security and functionality. This release is a testament to our commitment to providing a robust and reliable SSH library for developers.
Vulnerability Fixes
In this version, we have addressed a critical vulnerability that could potentially allow a maliciously crafted SSH client to bypass user authentication within the wolfSSH server code. This fix ensures that messages are properly filtered during different operational states, significantly improving the overall security posture of wolfSSH.
For more details on the vulnerabilities fixed, we encourage you to visit our vulnerability page for a comprehensive overview.
New Features
- More Configuration Options for Key Exchange (KEX)We have introduced new functions that allow users to set algorithms lists for Key Exchange (KEX) at runtime. Additionally, users now have the ability to inspect which algorithms are set or available for use, providing greater flexibility and customization.
- Curve25519 KEX SupportOne of the notable additions in this release is the inclusion of Curve25519 Key Exchange (KEX) support for both server and client key agreement. This cryptographic enhancement further strengthens the security of the SSH connections established using wolfSSH.
- Soft Disabling of SHA-1With version 1.4.15, we had disabled SHA-1 in the build by default due to its known vulnerabilities. However, in response to user feedback and to accommodate specific use cases, we have re-enabled SHA-1 in the build with a “soft” disabled status. This means that algorithms utilizing SHA-1 can now be configured for Key Exchange (KEX), providing users with more options while maintaining a cautious approach to security.
Enhancements
In addition to the new features, wolfSSH 1.4.17 also brings a round of enhancements aimed at improving various aspects of the library:
- Better Testing: We have enhanced our testing procedures to ensure more robust and reliable performance across different scenarios.
- Improved Portability: The library now offers improved portability, making it easier to integrate wolfSSH into a wide range of platforms and environments.
- Terminal Enhancements: We have addressed issues related to shell terminal window resizing, creating a smoother and more user-friendly experience for terminal-based applications.
- SFTP Improvements: Several corner cases with the SFTP functionality have been fixed, enhancing the overall stability and reliability of SFTP operations.
- RSA Signature Verification: Fixes have been implemented to ensure accurate and secure verification of RSA signatures.
- Zephyr Compatibility: For users working with the Zephyr operating system, file mode bits are now properly masked, improving compatibility and functionality.
- Memory Leak Fix: A fix has been applied to address a potential memory leak issue related to setting up a pseudoterminal, ensuring efficient memory management within the library.
Conclusion
Upgrade to wolfSSH 1.4.17 for enhanced security with a fix for a critical authentication bypass vulnerability. Benefit from new features like Curve25519 KEX support and algorithm list configuration. This release also brings improved testing, portability, terminal enhancements, and fixes for SFTP and RSA signature issues. For details, check our GitHub ChangeLog. Thank you for choosing wolfSSH for secure and reliable SSH solutions.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.
Download wolfSSL Now
Where to find the Wolves: wolfSSL is heading to Embedded World
Secure your Embedded Projects with wolfSSL, the Best Tested Cryptography.
The wolfSSL team is heading to Embedded World Exposition and Conference April 9th through the 11th in Nuremberg Germany.
Come stop by and meet our team at Hall 4 Booth 612.
Discover how wolfSSL’s advanced security solutions can safeguard your embedded development. If you prefer to set a specific time with our engineers, email us at facts@wolfSSL.com
Protect your security assets by staying one step ahead of cyberattacks with wolfSSL’s cutting-edge cryptography. With over 2 billion connections secured, our partners trust in the best tested cryptography designed to safeguard embedded projects. Head over to wolfssl.com/download to download our open source products.
Unmatched Efficiency for Resource-Constrained Devices
- Lightweight and Portable: Written in C, wolfSSL boasts a compact footprint, 20x smaller than OpenSSL, minimizing memory usage and maximizing performance on even the most resource-constrained microcontrollers and processors. Integrate robust security into your embedded systems without sacrificing functionality or performance.
- Reduced Power Consumption: Minimizes power consumption, making it ideal for battery-powered devices and applications where extending battery life is critical. View our benchmarks.
Streamlined Development & Integration
- Simplified Development: wolfSSL provides documented and user-friendly API, allowing developers of all experiences to quickly and easily integrate secure communication into their projects.
- OpenSSL Compatibility Layer: For those familiar with OpenSSL, wolfSSL offers a compatibility layer that simplifies the transition, reducing development time and effort.
- Industry Leading Support: All of our products are backed with up to 24/7 support from our engineering team.
Futureproof Security for Advanced Threats
- Industry Leading TLS 1.3 and DTLS 1.3 Support: wolfSSL ensures robust communication confidentiality, integrity, and authentication. Watch our DTLS1.3 training
- Enhanced Hardware Security: wolfSSL integrates with various hardware security solutions, including:
- Hardware encryption engines: Offload cryptographic operations for improved performance and reduced power consumption.
- Every hardware cryptography scheme wolfSSL has ever enabled: https://www.wolfssl.com/every-hardware-cryptography-scheme-wolfssl-has-ever-enabled/
- Trusted Platform Module (TPM) 2.0: Leverage the security features of TPM 2.0 for secure key storage and attestation. https://www.wolfssl.com/products/wolftpm/
- Secure Elements: Utilize tamper-resistant secure elements for the highest level of protection for sensitive data.
- Here’s all the Secure Elements and Keystores supported by wolfSSL/wolfCrypt: https://www.wolfssl.com/keystores-and-secure-elements-supported-by-wolfssl-wolfcrypt/
FIPS Compliance and Dual Licensing
- FIPS 140-2 Certified wolfCrypt Module: For applications demanding the highest level security and regulatory compliance, wolfSSL offers the FIPS 140-2 certified wolfCrypt module. https://www.wolfssl.com/license/fips/
Want to learn more information on our products?
wolfSSL
Lightweight embedded SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, and is up to 20 times smaller than OpenSSL.
- Offers a simple API, OpenSSL compatibility layer, OCSP and CRL support, and offers several progressive ciphers.
wolfCrypt
Embedded Cryptography Engine
- Lightweight crypto library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
- Commonly used in standard operating environments as well due to royalty-free pricing and great cross platform support.
- Supports algorithms and ciphers including ChaCha20, Curve25519, NTRU, and SHA-3.
wolfSSL Support for DO-178C DAL A
Enabling Secure Boot & Secure Firmware Update for Avionics
- RTCA DO-178C level A certification.
- wolfSSL offers DO-178 wolfCrypt as a commercial off-the-shelf (COTS) solution for connected avionics applications.
- Adherence to DO-178C level A is supported through the first wolfCrypt COTS DO-178C certification kit release that includes traceable artifacts for the following encryption algorithms:
- SHA-256 and SHA-384 for message digest.
- AES for encryption and decryption.
- RSA to sign and verify a message.
- ChaCha20-Poly1305 for authenticated encryption and decryption.
- ECC to sign, verify and share secrets.
- HMAC for keyed-hashing for message authentication.
- Provides the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics.
wolfTPM
TPM 2.0 designed for embedded use. wolfTPM is highly portable – written in native C, having a single IO callback for SPI hardware interface, no external dependencies, and its compacted code with low resource usage.
- Open-source TPM 2.0 stack with backward API compatibility.
- Native support for Linux & Windows.
- RTOS and bare metal environments can use a single IO callback for SPI hardware interface, no external dependencies, and compact code size with low resource usage.
- Offers API wrappers to help with complex TPM operations like attestation and examples to help with complex cryptographic processes like the generation of Certificate Signing Request (CSR) using a TPM.
- Easy to compile on new platforms.
wolfMQTT
Client implementation of the MQTT written in C for embedded use.
- Message Queuing Telemetry Transport is a lightweight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required.
- Based on the Pub/Sub messaging principle of publishing messages and subscribing to topics.
- The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt), as the MQTT protocol does not provide security on its own. Constrained devices benefit from using TLS session resumption to reduce the reconnection cost.
- The wolfMQTT library is a client implementation of the MQTT written in C for embedded use. It supports SSL/TLS via the wolfSSL library. From this, it can provide the security that the MQTT protocol lacks.
- Built from the ground up to be multi-platform, space conscious and extensible. Supports all Packet Types, all Quality of Service (QoS) levels 0-2 and supports SSL/TLS using the wolfSSL library. This implementation provides support for MQTT v5.0 and MQTT v3.1.1. Including client support for MQTT-SN (Sensor Network).
wolfSSH
Lightweight SSHv2 server library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.
- Commonly used in standard operating environments due to royalty-free pricing and excellent cross platform support.
- wolfSSH is powered by the wolfCrypt library. A version of the wolfCrypt cryptography library has been FIPS 140-2 validated (Certificate #3389). For additional information, visit the wolfCrypt FIPS FAQ or contact fips@wolfSSL.com
wolfBoot
Secures the boot process of your device against malicious attacks that seek to replace your firmware and take control of your device, and/or steal its data.
- Portable secure bootloader that offers firmware authentication and firmware update mechanisms. Due to its minimalistic design and tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism.
- Please email us at facts@wolfSSL.com with any questions about Secure Boot.
wolfSentry
A universal, dynamic, embedded IDPS (intrusion detection and prevention system)
- Dynamic Firewall Engine: Analyzes network traffic for suspicious activity using static and dynamic rules.
- User-defined Actions: Allows customization of responses to detected threats.
- Integration with wolfSSL Products: Works seamlessly with wolfSSL libraries for a holistic security solution.
- Zero-Configuration Option: Easy setup for developers.
- Dynamic Configuration: Flexible control through API or text inputs.
- Advanced Features (under development): Remote logging, configuration, and status queries.
- Low Resource Footprint designed for Embedded Systems: Well-suited for RTOS, ARM processors, and other embedded devices.
- Lightweight: Adds as little as 64k to code size and leverages existing application logic.
curl/tiny-curl Support
Computer software project providing a library for transferring data using various protocols.
wolfSSL JSSE Provider and JNI Wrapper
For Java applications that wish to leverage the industry-leading wolfSSL SSL/TLS implementation for secure communication.
wolfCrypt JNI and JCE Provider
For Java developers who want to leverage the industry-leading wolfCrypt cryptography library implementation, wolfCrypt JNI provides a Java interface to the native C library.
wolfCLU
wolfSSL’s portable command line utility.
- Handles common cryptographic operations, such as certificate parsing and key generation, for easier usage than writing an application from scratch.
- Ideal for customers who want to do simple crypto operations without writing an application.
Let’s connect, get in contact with us today.
If you have questions about any of the above or would like to schedule a meeting with us, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Getting Started with libcurl
Join us for an exclusive live webinar hosted by Daniel Stenberg, the founder and maintainer of cURL, as he presents ‘Getting Started with libcurl‘ on March 28th at 10 am PT!
Daniel will provide invaluable insights into the foundational concepts and best practices of libcurl, the widely acclaimed client-side URL transfer library. Known for its ease of use, libcurl supports a plethora of protocols including HTTP/3, cookies, DICT, FILE, FTP, and FTPS, making it compatible with virtually all platforms.
Watch the webinar now: Getting Started with libcurl
Here’s a sneak peek of what the webinar will cover:
- Basic knowledge of libcurl
- Best practices for Synchronous Transfer
- Extracting information from transfers, properly receiving and uploading data
- Concurrent transfer methods
And much more!
Don’t miss this opportunity to either refresh your knowledge or acquire new skills directly from the creator of libcurl. It’s your chance to enhance your expertise and bolster your toolkit with libcurl training! Watch now!
As always, our webinars include Q&A sessions. If you have any questions, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Kyber/ML-KEM Introduction
Join us for an innovative webinar, “Kyber/ML-KEM Introduction,” on March 27th at 10am PT, led by Senior Software Developer Anthony Hu. We’re excited to unveil our implementation of NIST’s ML-KEM, also known as Kyber, which is revolutionizing secure communication protocols.
Watch the webinar here: Kyber/ML-KEM Introduction
In this exclusive webinar, Anthony will delve deep into the world of Kyber/ML-KEM, showcasing their remarkable features and capabilities. He’ll guide you through all you need to know to kick-start your journey with this cutting-edge solution.
Sneak peek of the webinar:
- Harvest Now, Decrypt Later: Understanding the Significance of CNSA 2.0
- Exploring the History of NIST Post-Quantum Standardization
- Diving into the Generic Key Encapsulation Mechanism (KEM) API and Its Mechanics
- Getting Started with Kyber: A Step-by-Step Guide
- Benchmarking Performance: Assessing the Efficiency of Cryptographic Solutions
Don’t miss out on this opportunity to stay ahead in cybersecurity and leverage the power of Kyber/ML-KEM. Join us for the webinar that promises to elevate your security strategies.
Our webinars always include Q&A sessions. If you have any questions about any of the above, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
wolfSSL 5.7.0 Now Available!
Version 5.7.0 of wolfSSL is now available! Many new and exciting features were added in this release. Near the top of that list is the addition of our Kyber implementation along with other post quantum algorithm support. This empowers you to future-proof your security measures, ensuring robust protection against evolving threats. In addition to introducing new features, we’ve addressed three vulnerabilities in this release. Two of these fixes target vulnerabilities related to row hammer attacks, while the other addresses a TLS 1.3 server-side issue. We take security seriously, and you can find more information about these fixes on our vulnerability page (https://www.wolfssl.com/docs/security-vulnerabilities/).
A full list of fixes, additions, and optimizations can be found in the ChangeLog, here are some of the highlights!
- Experimental framework for using wolfSSL’s XMSS and LMS implementation. Explore and test advanced cryptographic techniques within the wolfSSL ecosystem. (PR 7161 & PR 7283)
- Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with –enable-experimental –enable-kyber. Proactively prepare for quantum computing threats with Kyber integration and assembly optimizations. (PR 7318)
- The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new –enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems. In particular, wolfCrypt AES-XTS with –enable-aesni is faster than the native kernel implementation.
- BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations. Handles large data streams more effectively during PKCS7 operations. (PR 6961 & 7184)
- Microchip PIC24 support and example project expands compatibility, facilitating integration with Microchip’s PIC24 microcontrollers. (PR 7151)
- AutoSAR shim layer provides a standardized interface for RNG, SHA256, and AES (PR 7296)
- wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
This is a small subset of the optimizations and enhancements made in the last release are as follows:
- Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
- Support for RSA-PSS signatures with CRL use (PR 7119)
- Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
- Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
- Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
- Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
Visit our download page to download the latest release, or clone it from wolfSSL GitHub. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Coming Soon: Kyber (ML-KEM) Hybridized with X25519 in wolfSSH
One of our most popular products is wolfSSH and for good reason; the SSH protocol is commonly used by industry, academia and governments. Efforts are underway in the community to bring post-quantum key exchange algorithms to the SSH protocol to protect your communications against “harvest now, decrypt later” attacks. But we can’t just switch over, we also have to consider compliance. That is why we started supporting ECDHE-P256 hybridized with Kyber at NIST Level 1 KEX as specified by the IETF in ‘Post-quantum Hybrid Key Exchange in SSH.’ This allows for both post-quantum protection as well FIPS-140 compliance.
We have just finished integrating X25519 support into wolfSSH. Our next logical step would be to bring in X25519 hybridized with Kyber at NIST Level 1 KEX as specified in the draft above.
Do you have X25519 requirements but are also thinking about post-quantum protection? Excited to see this happen? Want us to raise the priority of this work? Let us know by sending us a message at facts@wolfSSL.com!!
If you have questions about any of the above, please contact us at or call us at +1 425 245 8247.
Download wolfSSL Now
Getting Started with wolfSSL on Arduino
Getting started with wolfSSL has never been easier. We’ve recently updated our library as published on the Arduino libraries site, listed in the “Communications” section:
https://www.arduino.cc/reference/en/libraries/wolfssl/
To use wolfSSL in the Arduino IDE, download the latest IDE version from arduino.cc and follow the installation instructions.
Note that if you used any version of wolfSSL prior to v5.6.6.Arduino.1, those versions have been removed from the Arduino registry as they were not Official wolfSSL Arduino releases.
To install wolfSSL, click on Tools… Manage Libraries:
Type wolfssl in the search box, then press the Install button.
Additional details can be found in the Arduino documentation for installing libraries for V1 or using the Arduino IDE V2 installation method.
When the sketch is opened, click on the “Select Board” dropdown:
In the case of Windows, click on the COM port that has your device, here for COM36:
Enter part of name to more quickly find the desired board selection:
Click on the desired board and click the OK button.
For Arduino brand and compatible boards, the Arduino IDE will prompt if libraries are needed to be installed:
There are two main examples for wolfSSL: a TLS client and a TLS server. The most recent code can be found in the IDE/Arduino directory on GitHub.
To use the examples from the Arduino IDE Library, click on File… Examples. See the wolfSSL sample sketches in the “Examples from Custom Libraries” at the bottom of the list:
Note that both the Client and Server examples need a network connection. Most boards will need to have WiFi parameters set for this. See the beginning of the sketch for setting a file (typically outside the scope of any GitHub repository, to be kept private):
Otherwise if you are not using a private file, the values can be entered directly into the source code, shown here for your_SSID and your_PASSWORD:
Once the sketch is loaded and a board (and serial port) are selected, simply press the upload button as with any other Arduino sketch.
If using the Server example, make note of the IP address assigned. By default a DHCP address is requested, so the value will be specific to the SSID / Access Point.
If using the Arduino Client, not only do the WiFi settings need to be assigned, but also the Server address WOLFSSL_TLS_SERVER_HOST value to connect to, shown here for an example address of 192.168.1.39
Both the Arduino Client and Server sketches can of course be used to communicate with the wolfSSL executables, found in the examples/client and examples/server directories. These are built automatically when running make from the root of the wolfSSL clone:
./configure --enable-all make clean make && make test ./examples/client/client -h 192.168.1.39 -p 11111
Keep in mind that workstation examples may need firewall rules and/or anti-virus adjusted when communicating with external embedded devices such as the Arduino boards. The wolfSSL TLS examples typically use port 11111.
Want to customize the wolfSSL settings? See the user_settings.h file in
C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
It’s best to not directly include the wolfSSL user_settings.h file in your code. When including the library, there’s a settings.h file that will automatically include the user_settings.h file as appropriate, along with making some default environment settings.
See the documentation for more details on settings. For embedded targets such as Arduino, all of the settings are the #define values in the user_settings.h file.
Details on how we publish wolfSSL to Arduino can be found in our wolfSSL/IDE/ARDUINO GitHub directory. If you have a local clone of wolfSSL, you can use the wolfssl-arduino.sh script to install your own latest version of wolfSSL directly to your Arduino libraries directory like this:
./wolfssl-arduino.sh INSTALL
Note that there’s only a Linux bash command. Windows users are encouraged to use WSL. See the README file for more information.
If any problems are encountered with the sketch, sometimes it can be helpful to delete the build cache directories. For Windows users, this is in the AppData directory:
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
Find out more
If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.
Download wolfSSL Now
Post-Quantum Kyber Benchmarks (Linux)
To continue in our series of wolfSSL’s implementation of Kyber KEM benchmarks, we would like to show you benchmarking statistics for Linux. Some notes about the conditions under which the benchmarks were taken:
- The processor is “11th Gen Intel® Core™ i7-1185G7 @ 3.00GHz × 8”
- Only 1 core is used
- Conventional algorithms are present for comparison purposes
- The wolfSSL configuration used was:
./configure –disable-psk –disable-shared –enable-intelasm –enable-aesni –enable-sp –enable-sp-math –enable-sp-asm –enable-kyber=wolfssl,all ‘CFLAGS=-Os -DECC_USER_CURVES -DHAVE_ECC256 -DHAVE_ECC384’
The benchmarks results follow:
RSA 2048 public 75700 ops took 1.001 sec, avg 0.013 ms, 75632.019 ops/sec RSA 2048 private 2200 ops took 1.024 sec, avg 0.466 ms, 2147.942 ops/sec DH 2048 key gen 4428 ops took 1.000 sec, avg 0.226 ms, 4427.507 ops/sec DH 2048 agree 4700 ops took 1.006 sec, avg 0.214 ms, 4673.614 ops/sec KYBER512 key gen 282300 ops took 1.000 sec, avg 0.004 ms, 282207.889 ops/sec KYBER512 encap 162000 ops took 1.000 sec, avg 0.006 ms, 161981.038 ops/sec KYBER512 decap 164100 ops took 1.000 sec, avg 0.006 ms, 164033.359 ops/sec KYBER768 key gen 150400 ops took 1.000 sec, avg 0.007 ms, 150325.846 ops/sec KYBER768 encap 106200 ops took 1.001 sec, avg 0.009 ms, 106145.438 ops/sec KYBER768 decap 101800 ops took 1.000 sec, avg 0.010 ms, 101757.640 ops/sec KYBER1024 key gen 109200 ops took 1.001 sec, avg 0.009 ms, 109137.057 ops/sec KYBER1024 encap 73900 ops took 1.000 sec, avg 0.014 ms, 73896.212 ops/sec KYBER1024 decap 73900 ops took 1.000 sec, avg 0.014 ms, 73880.096 ops/sec ECC SECP256R1 key gen 93600 ops took 1.000 sec, avg 0.011 ms, 93586.478 ops/sec ECDHE SECP256R1 agree 24200 ops took 1.003 sec, avg 0.041 ms, 24133.422 ops/sec ECC SECP384R1 key gen 30000 ops took 1.002 sec, avg 0.033 ms, 29953.559 ops/sec ECDHE SECP384R1 agree 7100 ops took 1.008 sec, avg 0.142 ms, 7046.050 ops/sec ECC SECP521R1 key gen 17600 ops took 1.000 sec, avg 0.057 ms, 17598.074 ops/sec ECDHE SECP521R1 agree 4500 ops took 1.009 sec, avg 0.224 ms, 4460.319 ops/sec
Once again, the recurring theme holds. Performance is looking great for our implementation of Kyber KEM.
If you’re looking for different benchmarking data or have any questions, please reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Weekly updates
Archives
- December 2024 (15)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)