RECENT BLOG NEWS

Today wolfSSL Inc. releases the 4th preview release of wolfSentry, wolfSSL’s IDPS (Intrusion Detection and Prevention System) for embedded and IoT systems. wolfSentry is address- and bus-agnostic, and brings static and dynamic firewalls, event-driven notification and logging support, and unlimited extensibility, to deeply embedded and realtime systems.

This release has several new features of note:

• The JSON configuration format now allows user-defined key-value pairs. The JSON configuration can then be used as a unified configuration package for both the wolfSentry core and user-installed plugin logic. Binary objects can be supplied in the configuration using base64 encoding, and user plugins can then access it in the decoded raw binary form. The key-value facility also supports a custom validator callback to enforce constraints on user-defined config params in the JSON.
• User-defined address families are now available, allowing idiomatic formats for non-Internet addresses in the JSON config. This allows plugin support for various buses and device namespaces beyond the core builtin IP and MAC address support.
• A generic JSON DOM (random access) facility is now included, for use as a helper in user plugins and applications.
• This release also introduces substantial improvements in infrastructure to support default policies, statistics, notification, and logging.

Because this is a preview release, some capabilities are only partially implemented. In particular, dynamic defenses and thread safety are only partially implemented.

Follow this blog and our GitHub for the latest — the first production-ready release of wolfSentry is coming soon!

We particularly seek to enable researchers with this release. We want wolfSentry to be fully vetted by the best in the OSS community. If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Download wolfSentry now from https://github.com/wolfSSL/wolfsentry, and tell us what your IDPS priorities are!

wolfSSL has updated support for OpenSSH to version 9.0! The patch and instructions for applying and testing the patch are available here. OpenSSH 9.0 is the first exciting version to add support for the Streamlined NTRU Prime key encapsulation mechanism. It is a small lattice-based quantum-safe KEM. It is paired with the X25519 ECDH KEM to provide a fallback in the event of flaws being discovered in Streamlined NTRU Prime. This “quantum resistant” algorithm prevents adversaries from collecting and storing encrypted traffic now and decrypting it at a later date when quantum computers become a feasible attacking tool on current public key cryptographic algorithms. NTRU Prime makes use of the SHA-512 hashing algorithm. When compiling with wolfSSL, the SHA-512 algorithm is supplied by wolfSSL.

Read about all of the changes in OpenSSH 9.0 here.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

For a while now, wolfSSL has supported post-quantum algorithms in the TLS 1.3 protocol. Now, we also support it in the SSH v2.0 protocol as well!

Our wolfSSH library has long had support for SSH v2.0 both as a client and server.  Recently, we integrated the SABER NIST Level 1 KEM into wolfSSH allowing you to start experimenting with a post-quantum algorithm with wolfSSH. For instruction on how to try it out on Linux, please see the Post-Quantum section of wolfSSH’s README.md file which can be found at https://github.com/wolfSSL/wolfssh#post-quantum . This is done via an integration with the OpenQuantumSafe project’s liboqs.

Want other post-quantum algorithms? Want other security levels? Want to us hybridize with other algorithms?

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Join us Thursday, May 26th at 9AM Pacific Time.

wolfSSL Engineer, Eric, talks about the top reasons why people migrate from Mocana to wolfSSL as well as how to get started.

As always bring your questions for the live Q&A at the end of the presentation!

Watch the webinar here: Migrating from Mocana to wolfSSL

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We have added support for RISC-V hardware in our wolfBoot library. The reference example uses the SiFive HiFive1 FE310 board to demonstrate a secure bootloader and firmware upgrade.

The HiFive1 is a 32-bit E31 RISC-V core capable of running at 320MHz. It includes 4MB of external flash and 16KB of internal RAM.

The wolfBoot library provides:

• Boot validation of the firmware image using hash and signature
• Reliable firmware update (power fail safe).
• Rollback support if application does not report “success”
• Version checking to prevent downgrade attack
• Support for external flash on updates

This adds support for:

• RV32 Hardware Access Layer (HAL) support for:
  • PLL Clock configuration
  • Flash eSPI
  • UART
  • RTC
• Firmware update example using the serial interface

Full setup and installation instructions can be found in “docs/Targets.md”.

These new features can be found on GitHub here:

https://github.com/wolfSSL/wolfBoot/pull/14

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSH release version 1.4.10 is available! It includes many useful code additions including some fixes. To name a few the ESP–IDF use has been expanded on, small stack improvements made, some SFTP use fixes, fixes for warnings with older GCC compilers and more….

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Welcome to European Webinar Week! Thank you to all our viewers who attended our first session today about DO-178 – check out the rest of this week’s schedule to learn more and register in advance!

• 5PM Central European Time, Tuesday, May 17th
• Watch the webinar: Looking Under the Hood – Everything you need to know about Automotive security
• Watch the webinar: How to Get Started with wolfSSL

We can’t wait to see you and answer all of your questions!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL has released version 5.3.0 of the Python wrappers for wolfCrypt and wolfSSL called wolfCrypt-py and wolfSSL-py.

This is a significant release because the build system has been completely refactored to make it easier to build and install the Python wrappers.

In addition, wolfCrypt-py now works in Windows and has several new APIs to support some of the newer features of wolfCrypt.

For more information the release notes for wolfCrypt-py can be found here, and wolfSSL-py can be found here. In addition the releases can be found on PyPi to be installed using `pip` here for wolfCrypt-py and here for wolfSSL-py.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Join Daniel Stenberg, founder and maintainer of cURL and libcurl, as he goes through some basic curl fundamentals about what cURL is, who uses cURL, why use cURL etc. As well as giving information on how to customize your configuration, and other features that may be useful.

As always bring your questions for the Q&A following the presentation.

Watch the webinar here: Why Everyone is Using curl and you should too

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We are excited to announce our wolfTPM v2.4 release. This includes improvements for Windows including support for cmake, C# wrappers, and c++ compiler fixes. This expands the wolfTPM cross platform API that is easy to use and supports Linux, Windows and embedded platforms. C# wrappers have been tested on Linux and Windows. These changes enable support for vcpkg for wolfSSL, wolfTPM, and wolfMQTT (see PR).

Release Details:

• Fixes for c++ compiler (PR #206)
• Adding a C# wrappers (PR #203)
• CMake support (PR #202, #204, #205)
• Add support for ST33 vendor specific command TPM_CC_GetRandom2 (PR #200)
• Fix writing PEM in wolfTPM2_RsaKey_TpmToPemPub (PR #201)
• Improve TPM2_SetupPCRSel (multiple calls) (PR #198)
• Fix for a few spelling errors and whitespace cleanup (PR #199)
• v2.3.1 updates (PR #197)
• Fix make install by renaming pcr example read.c (PR #196)

For a full list of changes, check out the updated ChangeLog.md bundled with wolfSSL or view our page on GitHub here.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.