Our new demonstrator is available on GitHub. This demonstrator showcases a secure over-the-air (OTA) firmware update workflow using wolfSSL components and a software TPM. It integrates: wolfBoot for secure boot loader wolfTPM for root of trust wolfMQTT for update delivery wolfSSL / wolfCrypt for secure communication and verification The demo runs on Linux and can […]
Read MoreMore TagCategory: Uncategorized
New Migration Guide: Moving from lwIP to wolfIP
Do you use lwIP today and want a more deterministic networking stack for embedded, real-time, or safety-critical systems? We just published a new developer guide: **Migrating from lwIP to wolfIP**. wolfIP is designed around a simple idea: connected embedded systems should keep networking resources under control. Instead of relying on dynamic allocation and runtime growth, […]
Read MoreMore TagNew wolfSSL Crypto Callback Utilities: Set Key and Export Key
wolfSSL’s crypto callback framework lets you offload cryptographic operations to hardware. PR #9851 extends this framework with two new callback utilities, Set Key and Export Key, which provide a standardized way to move key material between wolfSSL and your hardware across AES, HMAC, RSA, and ECC. How It Works When a key is bound to […]
Read MoreMore TagAdding SHE (Secure Hardware Extension) Support to wolfSSL
wolfSSL now includes support for the Secure Hardware Extension (SHE) key management standard (see PR #10009). This new wolfCrypt module provides software-based generation and verification of SHE key update messages (M1–M5), with built-in support for hardware offload via crypto callbacks. What is SHE? The SHE specification was developed by the Hersteller Initiative Software (HIS) consortium […]
Read MoreMore TagwolfIP TCP/IP Stack on the LPC54S018
wolfSSL is announcing wolfIP support for NXP LPC microcontrollers, starting with the LPCXpresso54S018M development board (LPC54S018J4M). This is the first NXP platform supported by wolfIP, extending coverage beyond the existing STM32 and VORAGO VA416xx ports. wolfIP provides DHCP, ICMP ping, and a TCP echo server on this new platform. About the LPC54S018 The LPC54S018 is […]
Read MoreMore TagFIPS Linux on Raspberry Pi 5 using BitBake and Yocto
Getting FIPS-validated cryptography onto an embedded Linux platform typically involves stitching together kernel modules, userspace libraries, and building system configurations by hand. Now, the meta-wolfssl layer provides a turnkey Yocto build environment that produces a fully integrated wolfSSL FIPS image, from kernel crypto to OpenSSL, GnuTLS, and libgcrypt. You can try it yourself with our […]
Read MoreMore TagCHERIoT Support Coming to wolfSSL
We are excited to announce that we will be working on CHERIoT support for wolfSSL! CHERIoT (Capability Hardware Extension to RISC-V for IoT) is a hardware-software platform that brings capability-based memory protection to small embedded devices. It enforces memory safety at the hardware level, catching entire classes of vulnerabilities like buffer overflows and use-after-free automatically. […]
Read MoreMore TagFIPS 140-3 in Rust: what it takes
Your product needs FIPS 140-3. Your stack is Rust. Until now those two facts were in tension. The pure-Rust crypto libraries are not FIPS 140-3 validated. wolfSSL’s Rust crates are different. wolfCrypt has been through FIPS 140-3 validation. The path from Rust to a validated build exists. Here’s what it actually takes. The `fips` feature […]
Read MoreMore TagFenrir: How wolfSSL Uses AI to Hunt Bugs Before the Bad Actors Do
Here at wolfSSL, the best defense has always been a proactive one. That principle is why we built Fenrir, our AI-powered codebase scanner, and why we’re talking about it today. If We Don’t, They Will The security landscape has changed. Attackers are already using large language models to analyze codebases, find vulnerabilities, and develop exploits […]
Read MoreMore TagRust finally has a path to FIPS-certifiable crypto
Rust’s crypto ecosystem is good. `ring` is fast and well-tested. RustCrypto covers almost everything. rustls has replaced OpenSSL in a lot of stacks. None of it is FIPS 140-3 certifiable. If you’re shipping to the US federal, healthcare, finance, or defense, that matters. You can write excellent Rust and still get blocked at the compliance […]
Read MoreMore Tag