The EU Cyber Resilience Act (CRA) will introduce new security and maintenance expectations for connected devices sold into the EU market, including requirements around secure development, vulnerability handling, firmware integrity, and long-term support. These requirements will directly impact how devices are designed, updated, documented, and maintained throughout their lifecycle. Register now: Preparing Connected Devices for […]
Read MoreMore TagCategory: Uncategorized
wolfCrypt FIPS 140-3 coming to pfSense
FIPS 140-3 support is coming to pfSense! pfSense is one of the most widely deployed open-source firewall and router platforms in the world, powering everything from small office networks to large enterprise and government deployments. Built on FreeBSD, pfSense has earned a reputation for stability, flexibility, and a rich feature set spanning VPN, IDS/IPS, captive […]
Read MoreMore TagLMS versus XMSS versus SLH-DSA Performance Data
In a previous post, we spoke about LMS, XMSS and SLH-DSA in relation to wolfBoot and let you know we’d be bringing some benchmarking numbers. Voila! Algorithm / Parameter Set Sig Size/Strength Verification Time (ms) Operations Per Second LMS/HSS L2_H10_W2 9300 0.118 8500.588 LMS/HSS L2_H10_W4 5076 0.219 4557.764 LMS/HSS L3_H5_W4 7160 0.324 3088.329 LMS/HSS L3_H5_W8 […]
Read MoreMore TagwolfProvider FIPS for the Linux TPM2 Software Stack
As part of wolfSSL’s Full Linux FIPS project, wolfProvider provides FIPS 140-3 validated cryptography for the Linux TPM2 software stack, covering both libtss2 (the core TSS2 libraries) and tpm2-tools. Why This Matters TPM 2.0 is the hardware root of trust on nearly every modern Linux system. It underpins LUKS disk encryption sealed to PCR values, […]
Read MoreMore TagwolfGuard: FIPS-Compliant WireGuard VPN, Now Native in wolfIP
wolfIP now includes native wolfGuard support, bringing a FIPS-compliant WireGuard VPN tunnel directly into the stack. wolfGuard replaces the standard WireGuard cipher suite (Curve25519, ChaCha20-Poly1305, BLAKE2s) with FIPS-certified alternatives (P-256 ECDH, AES-256-GCM, SHA-256) using wolfSSL cryptographic primitives, while preserving the Noise IKpsk2 handshake and its security properties including perfect forward secrecy and automatic key rotation. […]
Read MoreMore TagOTA Demonstrator with wolfBoot, wolfTPM and wolfMQTT
Our new demonstrator is available on GitHub. This demonstrator showcases a secure over-the-air (OTA) firmware update workflow using wolfSSL components and a software TPM. It integrates: wolfBoot for secure boot loader wolfTPM for root of trust wolfMQTT for update delivery wolfSSL / wolfCrypt for secure communication and verification The demo runs on Linux and can […]
Read MoreMore TagNew Migration Guide: Moving from lwIP to wolfIP
Do you use lwIP today and want a more deterministic networking stack for embedded, real-time, or safety-critical systems? We just published a new developer guide: **Migrating from lwIP to wolfIP**. wolfIP is designed around a simple idea: connected embedded systems should keep networking resources under control. Instead of relying on dynamic allocation and runtime growth, […]
Read MoreMore TagNew wolfSSL Crypto Callback Utilities: Set Key and Export Key
wolfSSL’s crypto callback framework lets you offload cryptographic operations to hardware. PR #9851 extends this framework with two new callback utilities, Set Key and Export Key, which provide a standardized way to move key material between wolfSSL and your hardware across AES, HMAC, RSA, and ECC. How It Works When a key is bound to […]
Read MoreMore TagAdding SHE (Secure Hardware Extension) Support to wolfSSL
wolfSSL now includes support for the Secure Hardware Extension (SHE) key management standard (see PR #10009). This new wolfCrypt module provides software-based generation and verification of SHE key update messages (M1–M5), with built-in support for hardware offload via crypto callbacks. What is SHE? The SHE specification was developed by the Hersteller Initiative Software (HIS) consortium […]
Read MoreMore TagwolfIP TCP/IP Stack on the LPC54S018
wolfSSL is announcing wolfIP support for NXP LPC microcontrollers, starting with the LPCXpresso54S018M development board (LPC54S018J4M). This is the first NXP platform supported by wolfIP, extending coverage beyond the existing STM32 and VORAGO VA416xx ports. wolfIP provides DHCP, ICMP ping, and a TCP echo server on this new platform. About the LPC54S018 The LPC54S018 is […]
Read MoreMore Tag