wolfSSL Linux kernel module support has grown by leaps and bounds, with new support for public key (PK) cryptographic acceleration, FIPS 140-3, accelerated crypto in IRQ handlers, portability improvements, and overall feature completeness. The module provides the entire libwolfssl API natively to other kernel modules, allowing fully kernel-resident TLS/DTLS endpoints with in-kernel handshaking. Configuration and […]
Read MoreMore TagCategory: Uncategorized
wolfSSL not affected by CVE-2021-3711, nor CVE-2021-3712
It came to our attention that OpenSSL just published two new vulnerabilities. CVE-2021-3711 – “SM2 decryption buffer overflow” (nakedsecurity) CVE-202103712 – “Read buffer overruns processing ASN.1 strings.” (nakedsecurity) These were specific OpenSSL issues and do not affect wolfSSL. For a list of CVEs that apply to wolfSSL please watch the security page on our website […]
Read MoreMore TagwolfCrypt FIPS on EFM32-GG
A quick followup to the post “wolfSSLs’ Proprietary ACVP client”. wolfSSL Inc. is proud to announce a recent addition to the wolfCrypt FIPS cert 3389! CMSIS-RTOS2 v2.1.3 running on a Silicon Labs EFM32G (Giant Gecko) chipset with wolfCrypt v4.6.1 Testing and standup for the EFM32 Giant Gecko was done collaboratively between wolfSSL Inc. and one […]
Read MoreMore TagPost Quantum cURL
Recently, a lot of post-quantum activity has been happening here at WolfSSL. First, we’ve simplified and unified our naming conventions for the variants of the post-quantum algorithms. We now refer to each variant by the algorithm submitter’s claimed NIST level. For example, what used to be referred to as LIGHTSABER is now known as SABER_LEVEL1 […]
Read MoreMore TagHow Much Resource Does Your TLS Take?
Adding security to a connection comes at a cost. It takes a little time to perform the crypto operations and some memory gets used during the operations. Not all TLS implementations are equal … how much memory and how much time is lost depends on what TLS library is being used. Recently OpenSSL came out […]
Read MoreMore TagHybrid Post Quantum Groups in TLS 1.3
Recently, we announced our wolfSSL libOQS integration and we said we were planning to hybridize our KEMs with NIST-standardized ECDSA. The hybridization is completed. This is a brief summary of why this matters and what we did. It might come as a shock, but the sad truth is that we do not actually know that […]
Read MoreMore TagCURL 7.79.1 – PATCHED UP AND READY
This post has been cross posted from Daniel Stenberg’s blog – originally posted here. Within 24 hours of the previous release, 7.79.0, we got a bug-report filed that identified a pretty serious regression in the HTTP/2 code that we deemed required a fairly quick fix instead of waiting a full release cycle for it. So here’s 7.79.1 […]
Read MoreMore TagcURL 7.79.0 – Secure Local Cookies
This post has been cross posted from Daniel Stenberg’s blog – originally posted here. The curl factory has once again cranked out a new curl release. Release presentation Numbers the 202nd release 3 changes 56 days (total: 8,580) 128 bug-fixes (total: 7,270) 186 commits (total: 27,651) 0 new public libcurl function (total: 85) 0 new curl_easy_setopt() […]
Read MoreMore TagStatic Analysis from wolfSSL with GrammaTech’s CodeSonar
*Jointly posted with GrammaTech wolfSSL is a lightweight embedded SSL/TLS library and we pride ourselves for being the best-tested crypto and SSL/TLS stack available on the market. From API unit testing to fuzz testing to continuous integration, we do it all to ensure we’re secure for our customers. Now we’re adding an additional static analysis […]
Read MoreMore TagOpenSSL 3.0 Provider solution with FIPS
As you may know, wolfSSL has integrated our FIPS-certified crypto module (wolfCrypt) with OpenSSL as an OpenSSL engine, a product we call wolfEngine. You may also know that OpenSSL 3.0 has done away with the engines paradigm in favor of a new concept, called providers. wolfSSL has begun work on an OpenSSL 3.0 provider, allowing […]
Read MoreMore Tag