We are excited to announce that we will be working on CHERIoT support for wolfSSL! CHERIoT (Capability Hardware Extension to RISC-V for IoT) is a hardware-software platform that brings capability-based memory protection to small embedded devices. It enforces memory safety at the hardware level, catching entire classes of vulnerabilities like buffer overflows and use-after-free automatically. […]
Read MoreMore TagCategory: Uncategorized
FIPS 140-3 in Rust: what it takes
Your product needs FIPS 140-3. Your stack is Rust. Until now those two facts were in tension. The pure-Rust crypto libraries are not FIPS 140-3 validated. wolfSSL’s Rust crates are different. wolfCrypt has been through FIPS 140-3 validation. The path from Rust to a validated build exists. Here’s what it actually takes. The `fips` feature […]
Read MoreMore TagFenrir: How wolfSSL Uses AI to Hunt Bugs Before the Bad Actors Do
Here at wolfSSL, the best defense has always been a proactive one. That principle is why we built Fenrir, our AI-powered codebase scanner, and why we’re talking about it today. If We Don’t, They Will The security landscape has changed. Attackers are already using large language models to analyze codebases, find vulnerabilities, and develop exploits […]
Read MoreMore TagRust finally has a path to FIPS-certifiable crypto
Rust’s crypto ecosystem is good. `ring` is fast and well-tested. RustCrypto covers almost everything. rustls has replaced OpenSSL in a lot of stacks. None of it is FIPS 140-3 certifiable. If you’re shipping to the US federal, healthcare, finance, or defense, that matters. You can write excellent Rust and still get blocked at the compliance […]
Read MoreMore TagwolfBoot Support for the NXP LPC55S69
wolfSSL announces wolfBoot support for the NXP LPC55S69, available now in PR #713. With Secure Boot, TrustZone-M, and an industry-standard cryptographic API, your non-secure application can be rapidly developed for a secure world. About the NXP LPC55S69 The LPC55S69 is a general purpose edge computing device, with dual ARM Cortex-M33 cores running up to 150 […]
Read MoreMore TagwolfIP TCP/IP Stack on the STM32N6
wolfSSL is announcing wolfIP support for the STM32N6 series, starting with the NUCLEO-N657X0-Q development board (STM32N657X0H). The STM32N6 is ST’s first Cortex-M55 microcontroller, designed for high-performance edge AI workloads with a dedicated Neural Processing Unit (NPU). wolfIP provides a full TCP/IP stack with ping, TCP echo, and ARP on this new platform. About the STM32N6 […]
Read MoreMore TagMeeting FBI CJIS Security Policy v6 with wolfGuard
The FBI’s Criminal Justice Information Services (CJIS) Security Policy v6 has sent a clear message to law enforcement and public safety agencies: the window for legacy cryptography is closing. Specifically, Control SC-13 mandates that all Criminal Justice Information (CJI) in-transit outside of physically secure locations must be protected by FIPS 140-3 validated cryptographic modules. With […]
Read MoreMore TagCaliptra Part 2: wolfCaliptra…Seriously?
Actually, no. We are not going to add another entry into our product portfolio called wolfCaliptra. There are already so many! Caliptra defines a module that includes specifications for hardware and software. To be honest, wolfSSL is a software organization, so something that would be called wolfCaliptra would fall outside the scope of what we […]
Read MoreMore TagwolfBoot Port for NXP T2080 QorIQ for Avionics
wolfSSL is pleased to announce wolfBoot support for the NXP QorIQ T2080, a quad-core Power Architecture e6500 processor used in aerospace, defense, and industrial control. wolfBoot is a compact, portable secure bootloader that replaces U-Boot with cryptographic firmware verification and optional Post-Quantum Cryptography (PQC) – pure PQC or hybrid classical/PQC. It compiles to under 32 […]
Read MoreMore TagDifference between TLS Session ID and Tickets
TLS session resumption reuses previously negotiated keying material to shorten handshakes and reduce CPU and network overhead. Resumption saves latency and power on constrained devices by avoiding a full handshake when a safe cached session is available.—–Understanding Session IDs and Tickets Session IDs are a server-issued identifier used by TLS ≤ 1.2 where the server […]
Read MoreMore Tag