RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news, or sign up to receive weekly email notifications containing the latest news from wolfSSL. wolfSSL also has a support-specific blog page dedicated to answering some of the more commonly received support questions.

Post-Quantum: 3 New Draft Standards

After a long and arduous journey, NIST has finally released the draft standards for 3 post-quantum algorithms:

Let’s talk a little bit about each of the documents one by one.

FIPS-203 specifies ML-KEM which was based on the NIST Post-Quantum Competition’s only KEM winner Kyber. ML-KEM stands for Module Lattice-based Key Encapsulation Mechanism. It defines 3 parameter sets; each at a different level of security:

  • ML-KEM-512 (security equivalence to AES-128)
  • ML-KEM-768 (security equivalence to AES-192)
  • ML-KEM-1024 (security equivalence to AES-256)

ML-KEM is appropriate as a general replacement for quantum-vulnerable key exchange algorithms such as ECDH or FFDH. Note that ECDH and FFDH happen to be Non-Interactive Key Exchange (NIKE) algorithms, but ML-KEM is not so for applications where the non-interactivity is a requirement, ML-KEM is NOT an appropriate drop-in replacement. While the performance of ML-KEM is very good, the cryptographic artifact sizes are larger than those of ECDH and FFDH.

FIPS 204 specifies ML-DSA which was based on the NIST Post-Quantum Competition’s Signature Scheme winner Dilithium. ML-DSA stands for Module Lattice Digital Signature Algorithm. It defines 3 parameter sets; each at a different level of security:

  • ML-DSA-44 (security equivalence to SHA3-256)
  • ML-DSA-65 (security equivalence to AES-192)
  • ML-DSA-87 (security equivalence to AES-256)

Interestingly, the numbers in the parameter set names refers to the dimensions of a matrix that is used during key generation. For example, for ML-DSA-65, that matrix is 6 by 5 thus the 65. ML-DSA is appropriate as a general replacement for quantum-vulnerable signature algorithms such as ECDSA and RSA. While the performance of ML-DSA is very good, the cryptographic artifact sizes are larger than those of ECDSA and RSA.

FIPS 205 specifies SLH-DSA which was based on the NIST Post-Quantum Competition’s Signature Scheme winner SPHINCS+. SLH-DSA stands for StateLess Hash-based Digital Signature Algorithm. It defines 12 parameter sets:

  • SLH-DSA-SHA2-128s
  • SLH-DSA-SHAKE-128s
  • SLH-DSA-SHA2-128f
  • SLH-DSA-SHAKE-128f
  • SLH-DSA-SHA2-192s
  • SLH-DSA-SHAKE-192s
  • SLH-DSA-SHA2-192f
  • SLH-DSA-SHAKE-192f
  • SLH-DSA-SHA2-256s
  • SLH-DSA-SHAKE-256s
  • SLH-DSA-SHA2-256f
  • SLH-DSA-SHAKE-256f

The names can be seen as having the following format:
SLH-DSA-<hash>-<AES equivalence><optimization>

<hash> : Either SHA2 or or SHAKE. This is the hashing algorithm that is used for that parameter set.
<AES equivalence> : 128, 192, or 256. The security equivalence to AES.
<optimization> : s or f. ‘s’ is for small and ‘f’ is for fast.

SLH-DSA is appropriate as a general replacement for already standardized Stateful Hash-based Signature Schemes such as LMS and XMSS which are currently already standardized by NIST and are suggested for use for firmware signing and verification by the CNSA 2.0 guidance put out by the NSA. The performance and artifact sizes of SLH-DSA are comparable to LMS and XMSS.

This begs the question, since LMS and XMSS are already quantum-safe, why would they need to be replaced? The answer is that the management of the state in the Stateful Hash-based Signature Schemes is a potential pitfall and makes it vastly more difficult to use.

Finally, those of you that have been following this process are probably wondering what happened to Falcon. It is also getting a draft standard but is more difficult to implement so NIST is taking extra care and more time to write the draft standard for it.

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Post-Quantum Script Magician: Igor Barshteyn

Today we’d like to give a quick shout out to Igor Barshteyn! He is a long time and active member of the cryptography and information security communities. His interests are very apparent in his posts on LinkedIn.

Besides sleuthing out the the NIST post-quantum draft standards the day before their release and a multitude of other interesting posts, he has come up with a script to allow for easy experimentation in wolfSSL with post-quantum algorithms hybridized with NIST ECC curves in our fips-ready releases. But why would he do that?

Well, if you’re interested in cryptographic compliance, then you will know that the NSA’s CNSA 2.0 guidance requires the use of Kyber. You’ll also know that FIPS 140-2/3 requires the use of FIPS approved ECC curves for key exchange. Moreover, NIST has stated that an ECC key exchange done in a FIPS 140 approved mode of operation can be hybridized a with a post-quantum algorithm and still be considered in a FIPS 140 approved mode of operation. See FQAs for more detail.

Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!Are you curious to see how hybrid FIPS 140 approved mode of key exchange hybridized with the CNSA 2.0 approved Kyber will perform in your environment or on your system? You can find out today!! Check out Igor’s post which has great instructions and a link to his script!

If you have questions on any of above, please contact us at facts@wolfSSL.com, or call us as +1 425 245 8247.

Download wolfSSL

Live Webinar: Reasons to Migrate from OpenSSL to wolfSSL

Are you seeking a superior alternative to OpenSSL with better support and smoother workflow?
wolfSSL can fulfill your needs, addressing the gaps you might be experiencing while using OpenSSL. Join our upcoming webinar hosted by wolfSSL engineer Anthony, where he will focus on advantages of switching to wolfSSL. Discover why choosing wolfSSL over OpenSSL can reshape your projects.

Watch the webinar here: Migrate from OpenSSL to wolfSSL

Sneak peek of the webinar:

  • Certified FIPS provider
  • Support for the QUIC protocol (–enable-quic)
  • Support for Post-quantum integration
  • Top-notch support services
  • And much more!

Anthony will provide in-depth insights into what sets wolfSSL apart from OpenSSL. Watch it now to explore the potential benefits of using wolfSSL. Let us introduce you to solutions that work best for your projects!

As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Benchmarking wolfCrypt on Cortex M0+

We added a benchmark running on Raspberry Pi PIco-W. It runs with Cortex M0+, 125MHz. If you are interested in how wolfSSL/wolfCrypt works on low end MCU, this should be a good example benchmark to look into.

Here are some highlights:

  • Hash operations such as SHA256 run faster than 1 M bytes per second.
  • Symmetric algorithms like AES-GCM enc/dec faster than 300 k bytes per second.
  • ECDH keygen/agreement, ECDSA sign/verify around 100mSec to 50mSec per operation.

Visit our ‘Raspberry Pi Pico-W’ benchmark page for further details.

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.
Download wolfSSL

DTLS Support Added to wolfMQTT-SN

wolfSSL is delighted to announce that we have added a secure way for sensors to communicate to the gateway using DTLS and MQTT-SN! We used the Paho MQTT-SN Gateway project’s recent addition of DTLS support for testing.

Testing details are in the pull request.

Let us know what you think by sending a note to facts@wolfSSL.com.

You can download the latest release, or clone directly from our GitHub repository.
While you’re there, show us some love and give the wolfMQTT project a Star!

If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Live Webinar: SM ciphers are implemented in wolfSSL

Join the webinar to discover how the latest SM cipher implementations from wolfSSL comply with Chinese regulations and can secure your critical systems! wolfSSL engineer Sean will reveal all the details to help you find the best solutions for your critical systems on September 7th at 2pm PT.

Watch the webinar here: SM ciphers are implemented in wolfSSL

The Chinese government mandates the use of SM2, SM3, and SM4 in critical systems such as automobiles, avionics and more. wolfSSL is proud to announce our supported versions of these ciphers tailored to our customers in the Chinese market. We also have a plan to release the ZUC stream cipher later this year to completely satisfy SM9. Additionally, we’re actively communicating with labs regarding support of OSCCA certification in the future.

This exciting development is fantastic news for our customers in the Chinese market, ensuring they remain compliant with the latest regulations.

Benefits of using wolfSSL products:

  1. The SM Ciphers are fully supported in wolfSSL’s TLS 1.3 and DTLS 1.3 implementations.
  2. wolfSSH, wolfBoot and our other products will support ShangMi ciphers.
  3. ARM, Intel, and RiscV assembly is in the works for our SM implementations for maximum performance
  4. We support bare metal for SM2, SM3, and SM4
  5. We have maximized performance and minimized size, so the ShangMi algorithms will work well for embedded systems use cases on a wide variety of microcontrollers (MCU’s). They will be available for all of the MCU silicon that we currently support, including STM32, NXP i.MX, RISC-V, Renesas RA, RX, and Synergy, Nordic NRF32, Microchip PIC32, Infineon Aurix, TI MSP, and many others
  6. Our GPLv2 versions of the SM ciphers are available on GitHub

Commercially licensed versions are available.

Don’t miss this opportunity to discover solutions for your system security and compliance. Join our webinar to explore the full potential of SM cipher implementations from wolfSSL.

Watch it now!

As always, our webinars will include Q&A sessions throughout the webinar. If you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Every hardware cryptography scheme wolfSSL has ever enabled

At wolfSSL we support hardware cryptography for a wide range of platforms. The benefits of hardware cryptography include reduced code footprint size, improved security, acceleration of cryptographic operations, and utilization of true random number generators. For example, this allows everything from wolfBoot to TLS cipher suites to enjoy acceleration of cryptographic operations.

Furthermore, we have deep partnerships with industry leaders such as Intel, NXP, and Renesas. We support standard Intel instruction extensions such as AES-NI, AVX, and ADX and BMI2, and have recently published a joint whitepaper on using wolfBoot with 11th Gen Intel Core processors. We also support NXP’s Cryptographic Accelerator and Assurance Module (CAAM), and have leveraged this for hardware acceleration on a number of NXP i.MX series processors. Other examples include Espressif and Analog Devices, to name but a few.

If you’re curious for a list of every hardware cryptography scheme and platform we have enabled, then read on:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Do you have a platform requiring hardware cryptographic support that isn’t on our list, or are you curious about benchmarking? Please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247 with the details of your platform and we will be glad to help you! Also, check out our wolfSSL and wolfCrypt benchmark page.

 

Download wolfSSL

wolfSSL on the Espressif ESP32-C3 RISC-V

More and more customers are asking about the Espressif ESP32 RISC-V SoC products. The answer is an enthusiastic YES. We support all of the Espressif ESP-32 chipsets, including the ESP32-C6 and the ESP32-C3 RISC-V devices.

Check out our recent video: Getting Started with wolfSSL on the ESP32. Our Espressif examples make it easier than ever to take wolfSSL for a test drive. See also the recent blog on the ESP Component Registry and other blogs on the ESP32 topic.

Shown below is an out-of-the-box, default-settings version of wolfSSL running the Benchmark app on the ESP32-C3 in a typical ESP-IDF v5.1 environment. Keep in mind there are numerous wolfSSL settings to fine-tune our libraries to your product.

We currently have RISC-V hardware acceleration in development. This means that some of the performance metrics should improve by upwards of 10x faster.

Interested in other boards as well? Check out our partial and growing list of supported boards.

I (31) boot: chip revision: v0.4
I (35) boot.esp32c3: SPI Speed      : 80MHz
I (40) boot.esp32c3: SPI Mode       : DIO
I (44) boot.esp32c3: SPI Flash Size : 2MB
------------------------------------------------------------------------------
 wolfSSL version 5.6.3
------------------------------------------------------------------------------
Math:   Multi-Precision: Wolf(SP) word-size=32 bits=3072 sp_int.c
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG                        725 KiB took 1.027 seconds,  705.940 KiB/s Cycles per byte =  55.33
AES-128-CBC-enc             50 KiB took 1.082 seconds,   46.211 KiB/s Cycles per byte = 845.33
AES-128-CBC-dec             50 KiB took 1.088 seconds,   45.956 KiB/s Cycles per byte = 850.03
AES-192-CBC-enc             50 KiB took 1.297 seconds,   38.551 KiB/s Cycles per byte = 1013.13
AES-192-CBC-dec             50 KiB took 1.303 seconds,   38.373 KiB/s Cycles per byte = 1017.77
AES-256-CBC-enc             50 KiB took 1.511 seconds,   33.091 KiB/s Cycles per byte = 1180.73
AES-256-CBC-dec             50 KiB took 1.517 seconds,   32.960 KiB/s Cycles per byte = 1185.42
AES-128-GCM-enc             50 KiB took 1.187 seconds,   42.123 KiB/s Cycles per byte = 927.09
AES-128-GCM-dec             50 KiB took 1.186 seconds,   42.159 KiB/s Cycles per byte = 927.11
AES-192-GCM-enc             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.49
AES-192-GCM-dec             50 KiB took 1.405 seconds,   35.587 KiB/s Cycles per byte = 1097.53
AES-256-GCM-enc             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.69
AES-256-GCM-dec             50 KiB took 1.623 seconds,   30.807 KiB/s Cycles per byte = 1267.73
GMAC Default               478 KiB took 1.000 seconds,  478.000 KiB/s Cycles per byte =  81.71
3DES                       375 KiB took 1.003 seconds,  373.878 KiB/s Cycles per byte = 104.48
MD5                      10625 KiB took 1.000 seconds, 10625.000 KiB/s Cycles per byte =   3.67
SHA                       5400 KiB took 1.000 seconds, 5400.000 KiB/s Cycles per byte =   7.23
SHA-224                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-256                   1700 KiB took 1.014 seconds, 1676.529 KiB/s Cycles per byte =  23.30
SHA-384                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512                   1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/224               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA-512/256               1275 KiB took 1.009 seconds, 1263.627 KiB/s Cycles per byte =  30.91
SHA3-224                   925 KiB took 1.006 seconds,  919.483 KiB/s Cycles per byte =  42.47
SHA3-256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
SHA3-384                   675 KiB took 1.010 seconds,  668.317 KiB/s Cycles per byte =  58.47
SHA3-512                   475 KiB took 1.019 seconds,  466.143 KiB/s Cycles per byte =  83.77
SHAKE128                  1075 KiB took 1.009 seconds, 1065.411 KiB/s Cycles per byte =  36.68
SHAKE256                   875 KiB took 1.008 seconds,  868.056 KiB/s Cycles per byte =  45.02
RIPEMD                    4325 KiB took 1.005 seconds, 4303.483 KiB/s Cycles per byte =   9.07
HMAC-MD5                 10525 KiB took 1.000 seconds, 10525.000 KiB/s Cycles per byte =   3.71
HMAC-SHA                  5375 KiB took 1.004 seconds, 5353.586 KiB/s Cycles per byte =   7.30
HMAC-SHA224               1675 KiB took 1.007 seconds, 1663.357 KiB/s Cycles per byte =  23.48
HMAC-SHA256               1675 KiB took 1.006 seconds, 1665.010 KiB/s Cycles per byte =  23.48
HMAC-SHA384               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
HMAC-SHA512               1250 KiB took 1.004 seconds, 1245.020 KiB/s Cycles per byte =  31.38
PBKDF2                       0 KiB took 1.092 seconds,    0.200 KiB/s Cycles per byte = 194936.64
RSA     2048   public        48 ops took 1.001 sec, avg 20.854 ms, 47.952 ops/sec
RSA     2048  private         2 ops took 9.438 sec, avg 4719.000 ms, 0.212 ops/sec
ECC   [      SECP256R1]   256  key gen         8 ops took 1.159 sec, avg 144.875 ms, 6.903 ops/sec
ECDHE [      SECP256R1]   256    agree         8 ops took 1.154 sec, avg 144.250 ms, 6.932 ops/sec
ECDSA [      SECP256R1]   256     sign         8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec
ECDSA [      SECP256R1]   256   verify         4 ops took 1.119 sec, avg 279.750 ms, 3.575 ops/sec
CURVE  25519  key gen         3 ops took 1.136 sec, avg 378.667 ms, 2.641 ops/sec
CURVE  25519    agree         4 ops took 1.512 sec, avg 378.000 ms, 2.646 ops/sec
ED     25519  key gen        73 ops took 1.004 sec, avg 13.753 ms, 72.709 ops/sec
ED     25519     sign        62 ops took 1.007 sec, avg 16.242 ms, 61.569 ops/sec
ED     25519   verify        40 ops took 1.033 sec, avg 25.825 ms, 38.722 ops/sec
Benchmark complete

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

Download wolfSSL

Is my part supported?

If you are wondering if your part is supported by wolfSSL, the answer is “Yes!!” That said, what follows is an abbreviated incomplete list sorted by manufacturer:

Note: no matter how hard we try to make these lists, they will never be complete because the week after the list is made, there will be more to add.

Part Manufacturer
S5L SoC Ambarella
GX-412TC SoC AMD
Xilinx Zynq Ultrascale+ XCZU9EG AMD
Xilinx Zynq Ultrascale+ AMD
Xilinx Zynq-7000 AMD
Xilinx Versal AMD
Xilinx ZCU102 AMD
Xilinx UltraZed-EG AMD
MAXQ1065 Analog Devices
MAXQ1080 Analog Devices
ADSP-BF516 Analog Devices
Apple A14 Bionic Apple
Apple M1 Max Apple
Apple M1 Apple
Apple A8 Apple
BCM5634 Broadcom
BCM6858 Broadcom
BCM6838 Broadcom
ARMv8 Cortex-A72 ARM
ARMv8 Cortex-A53 ARM
ARMv7 Cortex-A9 ARM
ARMv7 ARM Cortex-A8 ARM
SAMD21Xplained Pro Atmel
SAM E54 Xplained Pro Evaluation Kit Atmel/Microchip
WINC1500 Xplained Pro Extension Kit Atmel/Microchip
AVR UC3 Evaluation Kit – UC3-A3 Xplained Atmel/Microchip
CryptoAuth Xplained Pro Evaluation Kit Atmel/Microchip
CryptoAuthentication Kits Atmel/Microchip
PIC32 MX Atmel/Microchip
PIC32 MZ Atmel/Microchip
PIC24EP512GU810 Atmel/Microchip
PIC24FJ1024GB610 Atmel/Microchip
PIC32MZ Embedded Conecctivity STARTER KIT Atmel/Microchip
PIC32 Multimedia Expansion Board II Atmel/Microchip
PIC32 Ethernet Starter Kit Atmel/Microchip
Wi-Fi Client Module Demo Board Atmel/Microchip
PIC32CZ CA70 Xplained Atmel/Microchip
SAM L11 Xplained Pro Atmel/Microchip
NITROX III Cavium
NITROX V Cavium
PSoC6 Cypress
CYW43907 Evaluation Kit CYW943907AEVAL1F WICED Cypress
CT8200 ARM FA626TE Dialight
NS9210 Digi
ConnectCore 6 Digi
Arty A7-100T Digilent
ESP8266 Espressif
ESP32 Espressif
ESP32 WROOM Espressif
ESP32 WROVER Espressif
ESP32-S2 Espressif
ESP32-S3 Espressif
ESP32-C3 Espressif
ESP32-C6 Espressif
ESP32-H2 Espressif
SiFive Development Kit HiFive
LeMaker HiKey
TriCore AURIX TX3XX Infineon
ML600NG GE
GD32VF103 GigaDevice
Sipeed Longan Nano GigaDevice
Google Glass Explorer Edition Version 2.0 Google
Infineon TPM 1.2 Module Infineon
Core i3-7101 Intel
Core i5 Intel
Core i5 with SGX support Intel
Core i7-7600U Intel
Core i7-7820 Intel
Core i7-1255U Intel
Core i7-5850EQ Intel
Core i7-8569U Intel
Core i7-10610U Intel
Core i7-3720QM Intel
Core i7-2640M Intel
Atom C2558 Intel
Atom C3758 Intel
Atom D525 Intel
Atom E3930 Intel
Atom E3940 Intel
Xeon Gold 6338N Intel
Xeon Gold 6230N Intel
Xeon E5-2640 Intel
Xeon E5-2650 Intel
Xeon E5-2403 Intel
Xeon E5335 Intel
Xeon E3 Intel
Xeon E3-1225 Intel
Xeon 1275v3 Intel
Xeon W-2155 Intel
Xeon E-2234 Intel
Xeon E5-2603 Intel
Xeon Silver 4116 Intel
Xeon E-2244G Intel
Xeon X5650 Intel
Xeon Gold 5218 Intel
Xeon Silver 4316 Intel
Xeon Silver 4210 Intel
Galileo Intel
MCB1800 Evaluation Board & Starter Kit Keil
88PA6270 Marvell
WiFi 88MC200 Marvell
Octeon II Marvell
Octeon III Marvell
DS28C36 evaluation system Maxim Integrated
Azure Sphere MT3620 Mediatek
WiFi3 Click MikroElektronika
MinnowBoard V1 MinowBoard
MOD54415LC Netburner
nRF52840 Nordic
i.MX 6SoloX Arm® Cortex®-A9 NXP/Freescale
i.MX6 Quad/DualLite NXP/Freescale
i.MX6 DualLite ARMv7 Cortex-A9 NXP/Freescale
i.MX7 Arm® Cortex®-A7 NXP/Freescale
i.MX25 Arm9™ NXP/Freescale
i.MX 6ULL Arm® Cortex®-A7 NXP/Freescale
i.MX8 Quad Max NXP/Freescale
i.MX7 Dual ARM® Cortex-A7 NXP/Freescale
i.MX-RT1050 NXP/Freescale
i.MX-RT1060 NXP/Freescale
i.MX-RT1064 NXP/Freescale
i.MX-RT1170 NXP/Freescale
i.MX-RTxx NXP/Freescale
i.MX6 NXP/Freescale
i.MX5 NXP/Freescale
i.MX8 NXP/Freescale
MCF547X NXP/Freescale
MCF548X NXP/Freescale
Kinetis K50 NXP/Freescale
Kinetis K60 NXP/Freescale
Kinetis K70 NXP/Freescale
Kinetis K80 NXP/Freescale
Kinetis K64f NXP/Freescale
Kinetis K84f NXP/Freescale
Vybrid VF500 NXP/Freescale
StarCore SC3850 DSP NXP/Freescale
QorIQ T1024 NXP/Freescale
QorIQ T2080 NXP/Freescale
QorIQ P1021 NXP/Freescale
MPC8650 NXP/Freescale
LPC54606 NXP/Freescale
LPCXpresso18S37 NXP/Freescale
LPCXpresso43S37 NXP/Freescale
Coldfire MCF5484CZP200 NXP/Freescale
TWR-K70F120M Tower System module NXP/Freescale
TWR-SER serial module NXP/Freescale
TWR-ELEV primary elevator module NXP/Freescale
TWR-MCF5225X Tower System Module NXP/Freescale
FRDM-K82F NXP/Freescale
FRDM-K64F NXP/Freescale
FRDM-KL46Z NXP/Freescale
X-TWR-K80F150M-S NXP/Freescale
K81 for use with K80 development prototype NXP/Freescale
LCPXpresso Board NXP/Freescale
LPC General Purpose Shield NXP/Freescale
Wireless Mustang Sensor HW Development Package Primex
Snapdragon 865 Qualcomm
Snapdragon 835 APQ8098 / MSM8998 Qualcomm
QB6640-23UF SoC Qualcomm
Krait 400 Qualcomm
Pi Pico RaspberryPi
Pi2 RaspberryPi
Pi3 RaspberryPi
Pi4 RaspberryPi
Pi Zero RaspberryPi
rp2040 RaspberryPi
RX65N Renesas
RX72N Renesas
RX MPU Renesas
Synergy DK-S7G2 Renesas
EFM32G Gecko Silicon Labs
EFR32 Silicon Labs
SLWSTK6023A Silicon Labs
STM32C0xx STM
STM32L0xx STM
STM32G0xx STM
STM32F0xx STM
STM32F1xx STM
STM32L1xx STM
STM32F2xx STM
STM32F3xx STM
STM32L4xx STM
STM32G4xx STM
STM32F4xx STM
STM32WBxx STM
STM32WLxx STM
STM32F5xx STM
STM32U5xx STM
STM32L5xx STM
STM32F7xx STM
STM32H7xx STM
STM32H5xx STM
TNETV1050 Texas Instruments
TM4C1294 Texas Instruments
Tiva C Series TM4C1294 Texas Instruments
iMCU7200 EVB Evaluation Board WIZnet

If you do not see your part on this list, don’t worry. Please reach out to us at facts@wolfSSL.com, or call us at +1 425 245 8247 letting us know the details of your system and we can get you in touch with our porting experts. Chances are, it is already done!

If you do see your part and are wondering about benchmarking statistics you can also reach out to facts@wolfSSL.com for performance information. Check out our public benchmarks.

Download wolfSSL

Announcing wolfSSL sniffer support for key log files (SSLKEYLOGFILE)

We are excited to announce that the wolfSSL sniffer now supports TLS session decryption for recorded TLS traffic using a SSLKEYLOGFILE!

If you didn’t already know about our sniffer tool, it is a utility library built into wolfSSL that can be used to capture and decrypt live traffic or recorded PCAP traces. Previously, the sniffer could only decrypt traffic from sessions where either the static private key (RSA, ECC) or the ephemeral key (DHE, ECDHE) was known and able to be provided to the sniffer at runtime. This required keeping track of the private or ephemeral key files for every session you wanted to sniff, which was cumbersome for packet captures containing a large number of sessions, especially for TLS v1.3 where each session would require a new ephemeral key to decrypt.

If your server or client is able to generate a key log file (which wolfSSL can do with the `–enable-keylog-export` option), you can now simply register this file with the sniffer and the sniffer will be able to decrypt all applicable traffic in your packet capture, regardless of the cipher suite used!

To build wolfSSL with the sniffer enabled use the `–enable-sniffer` configure option. To enable key log file support in the sniffer, simply define `WOLFSSL_SNIFFER_KEYLOGFILE`:

./configure --enable-sniffer CFLAGS=“-DWOLFSSL_SNIFFER_KEYLOGFILE”

WolfSSL provides the snifftest demo application that demonstrates how to use the sniffer library to sniff traffic from both live and recorded packet captures. Using the snifftest app to sniff traffic from a packet capture with an associated key log file is as simple as running:

# Sniffs traffic from a server at 127.0.0.1 on port 11111
./snifftest -pcap /path/to/your.pcap \
            -keylogfile /path/to/your/keylogfile.log \
            -server 127.0.0.1 \
            -port 11111

For more information and examples showing how to get started with the sniffer, please refer to the snifftest demo application and README.

As always, if you have questions on any of the above, please contact us at facts@wolfSSL.com, or call us at +1 425 245 8247.

Download wolfSSL

Posts navigation

1 2 3 30 31 32 33 34 35 36 187 188 189

Weekly updates

Archives