RECENT BLOG NEWS

Are you concerned about the rising threats to your organization’s security? Looking for a robust and comprehensive cybersecurity solution? We’re thrilled to invite you to our upcoming webinar, where we will unveil the groundbreaking features of our product, WolfSentry.

Watch the webinar here: Intro and update of wolfSentry

wolfSSL engineer, Daniel Douzzer, will showcase how it can revolutionize your cybersecurity infrastructure. Participants will have opportunities to know how wolfSentry can be securing embedded endpoints. It’s a great opportunity for anyone who is looking to stay one step ahead of cyber threats.   

As always, our webinars will include Q&A sessions throughout the webinar. Don’t miss the opportunity to explore the future of cybersecurity with WolfSentry.

Watch it now!

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us +1 425 245 8247.

Are you a thought leader in the world of embedded devices? If so, you will need to make yourself aware of the coming impacts of post-quantum cryptography and how it will affect the various industries and verticals that you participate in. Have a listen to Entrust’s Cybersecurity Institute’s second episode of the their post-quantum podcast series titled: “The Impact of Post-Quantum Cryptography on Constrained Devices” where our very own Senior Software Developer, Anthony Hu, will be a guest panelist talking about the changes to the landscape of constrained device development with the coming of these new algorithms and standards. The podcast episode can be found at: https://www.entrust.com/cybersecurity-institute/cybersecurity-institute-podcasts/2023/post-quantum-series-episode-2-smart-devices.

If the podcast sparks some further questions that you have, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.to continue the conversation with us here at wolfSSL!

We are excited to tell you about our partner collaboration with ST Micro! This collaboration is a video series about wolfBoot, a secure bootloader and the STM32, a family of 32-bit microcontrollers.

This is a 4 part video series showing how to use wolfBoot on various STM32 microcontrollers.

Video 1: wolfBoot for STM32, Part 1: Overview
“Overview of the wolfSSL products and the wolfBoot support for STM32 devices. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element). Comparison of the SBSFU, TFM and wolfBoot options for STM32 micro-controllers. Implementation details for design of wolfBoot and how the partitions are defined.”

Video 2: wolfBoot for STM32, Part 2: Getting Started
“How to download wolfBoot, where to find files and documentation. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element).”

Video 3: wolfBoot for STM32, Part 3: Out of the Box Experience
“How to configure, build, run, and debug wolfBoot on NUCLEO-G071RB board.”

Video 4: wolfBoot for STM32, Part 4: STM32U5
“How to configure, build, run and debug wolfBoot on STM32U5 (B-U585I-IOT02A) development board”

Please contact us at facts@wolfssl.com if you would like to receive a copy of the slides.

Additional Resources
https://www.st.com/en/embedded-software/wolfboot.html
https://www.wolfssl.com/products/wolfboot/

Please contact us at facts@wolfssl.com, or call us at +1 425 245 8247with any questions about the webinar.
For technical support, please contact support@wolfssl.com or view our FAQ page.
In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

As mentioned in a previous post, OpenSSL 1.1.1 branch of releases will hit End of Life (EoL) by September 11th, 2023.  That’s right, it’s not a typo!  It’s about 3 months away! It’s already listed as an old release branch here:  https://www.openssl.org/source/old/ . Are you sure you are ready to tackle the migration to their new LTS branch of releases?

In that post (https://www.wolfssl.com/openssl-1-1-1-eol/) we listed 3 ways that wolfSSL could help. One of them was wolfEngine. You can continue using OpenSSL, but under the hood the wolfCrypt implementations of the cryptographic algorithms will be used. This might be especially useful if you are looking for an accelerated path to FIPS certification.

We have put in extra testing against 1.1.1s (which is likely to be the final release on that branch of releases) and can confirm that wolfEngine backed by wolfCrypt will work smoothly with it. Its as easy as setting the OPENSSL_CONF environment variable and adding the following to openssl.conf: 

engine_id = libwolfengine

dynamic_path = /path/to/libwolfengine.so

init = 1

The other option is to set the OPENSSL_ENGINES environment variable to the directory containing libwolfengine.so and then calling the ENGINE_by_id() function. 

And just like that, you will have meticulously optimized, well-supported, regularly updated and best-tested cryptographic implementations working for you; no changes to your code required!

Have questions? Want to learn more about your options in the face of the 1.1.1 release branch EoL?  Reach out to facts@wolfssl.com, or call us at +1 425 245 8247

We have updated our Zephyr support to 3.4 for wolfSSL release 5.6.2! Zephyr is an open-source real-time operating system (RTOS). It is portable (supporting over 450 boards!) and secure with a comprehensive and lightweight kernel. All of these features make wolfSSL a great choice for security in Zephyr.

The port update comes with a set of sample applications to showcase how to use wolfSSL inside Zephyr. The available samples are:

• wolfssl_benchmark – a benchmarking framework to test the performance of cryptographic algorithms
• wolfssl_test – a testing framework with unit tests for wolfSSL
• wolfssl_tls_thread – client and server example using threading and custom I/O callbacks
• wolfssl_tls_sock – client and server example using threading and unix sockets

Instructions and documentation on how to use wolfSSL inside Zephyr are available here https://github.com/wolfSSL/wolfssl/tree/master/zephyr.

For more information on our 5.6.2 release see https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.2-stable.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247

With our ongoing development of world-class commercial-grade cryptography solutions for the Espressif products, wolfSSL is proud to announce support for the ESP32-S3 Embedded Linux Kernel!

Our very own [gojimmypi] was able to get the wolfSSL wolfcrypt tests running successfully as an app on the embedded Linux environment thanks to the work of [jcmvbkbc] on linux-xtensa. For additional details on building the ESP32-S3 Linux kernel toolchain, see: https://gojimmypi.github.io/ESP32-S3-Linux/

Linux on the tiny and inexpensive ESP32-S3 is an exciting development that opens many more ideas of what is possible for embedded solutions.

If you’d like to build your own wolfSSL app for the ESP32-S3 Linux Kernel, here’s one possible configuration:

./configure \

  --host=xtensa-esp32s3-linux-uclibcfdpic \

  CC=xtensa-esp32s3-linux-uclibcfdpic-gcc \

  AR=xtensa-esp32s3-linux-uclibcfdpic-ar \

  STRIP=xtensa-esp32s3-linux-uclibcfdpic-strip \

  RANLIB=xtensa-esp32s3-linux-uclibcfdpic-ranlib \

  --prefix=/mnt/s3linux/build-xtensa-2023.02-fdpic-esp32s3/target/opt \

  CFLAGS="-mfdpic -mforce-l32 -DNO_WRITEV -DWOLFSSL_USER_SETTINGS" \

         "-DDEBUG_WOLFSSL -DTFM_NO_ASM -DALT_ECC_SIZE" \

  --disable-filesystem --disable-shared --enable-psk

This new environment for wolfSSL also prompted addition of yet another test for the best tested cryptography: a read-only filesystem const pointer test in case you forget to compile with the proper read-only flash file system directives:

CFLAGS="-mfdpic -mforce-l32 …”

The first question many people ask: How fast is wolfSSL on an embedded Linux for the ESP32-S3? Initial findings show that the wolfSSL cipher computational benchmark performance is similar between the Linux app on the ESP32-S3 kernel and the ESP32-WROOM programmed with the ESP-IDF. 

See some of our other recent prior blogs on Espressif news:

• wolfSSL Espressif ESP32-C3 RISC-V Support
• wolfSSH examples for Espressif on ESP32 or ESP8266

There’s also support for wolfSSL on Espressif and more Espressif resources. 

Do you have any questions related to using wolfSSL in your next project? Contact us at facts@wolfSSL.com, or call us at +1 425 245 8247 to learn more.

A while back, we posted the following entry on our blog:

https://www.wolfssl.com/wolfssh-post-quantum-interoperability-confirmed/

In it, we talked about post-quantum interoperability with both the OpenQuantumSafe’s OpenSSH fork and AWS’s implementation of SSH. More recently, our friends at AWS have posted a great set of detailed instructions on how to reproduce their interoperability test results:

https://aws.amazon.com/blogs/security/post-quantum-hybrid-sftp-file-transfers-using-aws-transfer-family/

There, you can find instructions on how to configure AWS Transfer Family to enable hybrid post-quantum key exchange with ECDHE and Kyber.  There is then a link to further instructions on how to build liboqs, wolfSSL and finally wolfSSH with the liboqs integration.  Finally, there is an example command line invocation of wolfsftp that connects to AWS Transfer Family.

Our friends at AWS also go into great detail about expected output and what you can expect from wireshark if you monitor the connection.

We here at wolfSSL would like to give a big round of applause and thank our friends at AWS for posting such a great piece on their blog! If you have any further questions about how post-quantum algorithms and protocols fit into our roadmap, If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We are excited to tell you about our partner collaboration with ST Micro! This collaboration is a video series about wolfBoot, a secure bootloader and the STM32, a family of 32-bit microcontrollers.

This is a 4 part video series showing how to use wolfBoot on various STM32 microcontrollers.

Video 1: wolfBoot for STM32, Part 1: Overview https://www.youtube.com/watch?v=9R4Gl0qrzZ0

• “Overview of the wolfSSL products and the wolfBoot support for STM32 devices. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element). Comparison of the SBSFU, TFM and wolfBoot options for STM32 micro-controllers. Implementation details for design of wolfBoot and how the partitions are defined.”

Video 2: wolfBoot for STM32, Part 2: Getting Started https://www.youtube.com/watch?v=e5VwYA5kknA

• “How to download wolfBoot, where to find files and documentation. The wolfBoot product features such as secure boot, measured boot, encrypted partitions and root of trust (in the bootloader, TPM or secure element).”

Video 3: wolfBoot for STM32, Part 3: Out of the Box Experience https://youtu.be/VrgooHCoUNk

• “How to configure, build, run, and debug wolfBoot on NUCLEO-G071RB board.”

Video 4: wolfBoot for STM32, Part 4: STM32U5 https://youtu.be/dzcmscEyrKM

• “How to configure, build, run and debug wolfBoot on STM32U5 (B-U585I-IOT02A) development board”

Please contact us at facts@wolfssl.com if you would like to receive a copy of the slides.

Additional Resources

• https://www.st.com/en/embedded-software/wolfboot.html

• https://www.wolfssl.com/products/wolfboot/

Please contact us at facts@wolfssl.com or call us at +1 425 245 8247 with any questions about the webinar.

For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

One of the features that makes wolfSSL stand out from other SSL/TLS libraries is its wide range of support for many hardware cryptographic accelerators. In particular, wolfSSL leverages the cryptographic accelerators built into the NXP i.MX6 and i.MX8 processors. How it uses the CAAM with i.MX6 and i.MX8 is dependent on the OS being used, varying from our own drivers to making use of existing drivers. With MCUEXPRESSO the use of NXP’s CAAM driver is leveraged and expanded on.

Recently, wolfSSL added support for the NXP i.MX RT1170 processor. The i.MX RT1170 is a powerful microcontroller that is designed for use in a wide range of applications, including industrial automation and medical devices. This new port of wolfSSL to the i.MX RT1170 takes advantage of the processor’s built-in cryptographic acceleration features, using the CAAM to perform fast and secure cryptographic operations.

Overall, the addition represents a significant improvement to the wolfSSL library for users of the i.MX RT1170 processor. By taking advantage of the CAAM hardware accelerator on the i.MX RT1170, wolfSSL is able to offload cryptographic operations and make ECC operations more secure with the use of black encrypted keys, making it an ideal choice for applications that require high performance and strong security. With the continued development of these features, wolfSSL is poised to remain a leading SSL/TLS library for resource-constrained environments.

If you have questions on any of the above, please contact us at facts@wolfssl.com, or call us at +1 425 245 8247