Hi friends! wolfSSL is looking at participating in the GSMA mobile standard ecosystem for IoT SAFE. We bring robust security; what would this mean for your IoT projects?
IoT SAFE is an IoT SIM applet for secure end-to-end communication, developed by the mobile industry with the goal of standardizing and streamlining IoT device security. Learn more about IoT SAFE.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfBoot v1.7.1 is now available for download from the wolfSSL download page. This version includes some important fixes, improved support for hardware platforms and a few new features.
Our IoT-friendly bootloader is now capable of running in secure mode on Cortex-M33 microcontrollers, using TrustZone-M. Measured boot is now available through the integration with wolfTPM.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Don’t forget to check our GitHub Repository for documentation and to stay up to date with our latest developments. And while you are there, please give us a star!
Hi! As our readers know, wolfSSL produces the first embedded TLS library that has begun testing for the new FIPS 140-3 standard, as listed here: https://csrc.nist.gov/projects/cryptographic-module-validation-program/modules-in-process/iut-list
There are a few significant changes coming with FIPS 140-3. Over the years with many specification updates, a few things got a little inconsistent, so these inconsistencies have been brought back in line. wolfSSL is prepared to deliver the first and best implementation of FIPS 140-3, so get ready.
As FIPS 140-3 is the replacement for FIPS 140-2 it is always a good idea to switch over to it as soon as possible. You will also want wolfSSL’s FIPS 140-3 Certificate for many additional reasons that include:
– Merging the FIPS + ISO Standard (see this https://www.corsec.com/fips-140-3/)
– CAST Testing Streamlined – just testing the algos they are actually using.
– Addition of TLS KDF in FIPS Boundary
– Addition of SSH KDF in FIPS Boundary
– Addition of RSA 4096
– Addition of ECDSA + SHA-3
– Removal of insecure algorithms: example Triple DES
Additional Resources
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.
wolfSSH version 1.4.6 is now available for download! Some of the notable changes in this version of wolfSSH are fixes for issues that came about from additional fuzz testing using OSS-Fuzz, improved modularity in the build to assist with resource constrained environments, updates for use with MQX, and expansion of the bundled examples. A full list of the changes can be seen in the ChangeLog.md file bundled with wolfSSH.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
wolfSSL supports embedded customers achieving secure communications in the tightest constraints. For TLS 1.3, this means avoiding certificates and large code size algorithms like RSA and ECC and using Pre-Shared Keys (PSK) with no key exchange.
wolfSSL 4.6.0 has been optimized to be compiled for this configuration only with minimal code and memory usage. This has been achieved by careful exclusion of code across the TLS implementation to only include the parts that are necessary. In fact, the library code can be compiled to less than 50 kB!
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
With the newest release of wolfSSL, you can now set the Intel CPU ID flags rather than let them be discovered. The CPU ID flags indicate which instructions are implemented in the CPU. wolfSSL uses this information to decide which is the fastest optimized implementation that will execute!
wolfSSL’s normal discovery works just fine when running on physical CPUs, but emulation in virtual environments does not always report the true state. In these cases users can call cpuid_set_flag() to enable the flag that is needed. Bugs do occur in CPU implementations and in these cases turning off a flag with cpuid_clear_flag() enables switching to different implementations across potentially a number of different cryptographic algorithms. Alternatively, the exact list of flags that you want can be selected with cpuid_select_flags().
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
The wolfSSL embedded SSL/TLS library supports LwIP, the light weight internet protocol implementation, out of the box! Users should define WOLFSSL_LWIP when compiling wolfSSL, or uncomment the line /* #define WOLFSSL_LWIP */ in wolfssl/wolfcrypt/settings.h to use wolfSSL with LwIP. This will enable wolfSSL’s LwIP port, which uses LwIP’s BSD socket API. LwIP users who are using the native LwIP API can also use wolfSSL by defining HAVE_LWIP_NATIVE, then writing and registering their own Input/Output callbacks.
The focus of LwIP is to reduce RAM usage while still providing a full TCP stack. That focus makes LwIP great for use in embedded systems, the same area where wolfSSL is an ideal match for SSL/TLS needs. An active community exists with contributor ports for many systems.
In addition to LwIP, wolfSSL also supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
In this blog series, we are giving our users more details about wolfSSL‘s new SP Math All math library. So far, we have introduced SP Math All, and provided comparisons to both wolfSSL’s normal Big Integer library and wolfSSL’s TFM library. And up next, what about OpenSSL? Is the SP Math All better than OpenSSL?
When compiling OpenSSL, you will get the highly optimized and large implementations by default. wolfSSL already has the Single Precision code that is as good or better! If you choose to compile OpenSSL without assembly then wolfSSL wins again.
Compiling both with no assembly and the SP Math All fast variation (the smaller of the two fast builds) has the following results:
| Architecture: x64 | Percent Faster (wolfSSL vs. OpenSSL) |
|---|---|
| RSA 2048 Sign | 8.27% |
| RSA 2048 Verify | 29.75% |
| ECC P-256 Agree | 20.56% |
| ECC P-256 Sign | 25.31% |
| ECC P-256 Verify | 24.13% |
Better across the aboard! And the size? It is difficult to obtain an accurate number for OpenSSL without writing a custom application. But looking at the size of the BN symbols indicates to us that OpenSSL would be as much as twice the size.
So you can see, the new SP Math All implementation is perfect for all your needs regardless of whether you are developing a memory limited embedded application, other embedded application or a mobile app. And don’t forget that Single Precision implements RSA and ECC algorithms at specific sizes to run blindingly fast in your mobile, desktop or server app and co-exists with SP Math All.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
Don’t miss this exclusive opportunity, to gain access to the top thought leaders in the digital space, Ellen Boehm, VP of IoT Strategy at Keyfactor, and Chris Conlon, Engineering Manager at wolfSSL.
Register for the Q&A now to get your questions answered on how to navigate the fast paced world of IoT, and to gain insights on how to embed strong cryptography into vehicles and other connected devices with topics like:
-Unique security challenges that engineers face when securing connected devices
-The role that cryptography plays in securing vehicles
-Practical advice on how these principles can improve security for other connected IoT devices
Watch the webinar here: Everything about Automotive Security
See you there!
Additional Resources
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.
New year new projects!
We are super excited to announce that we are expanding our post-quantum cryptography needs into SSH.
At wolfSSL we try to be progressive with our support of new cryptography technology. To prepare for a post-quantum world where quantum computing presents a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time, the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantum-resistant key encapsulation and authentication schemes, especially to address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH).
In preparation for the future we are planning for the transition into post quantum cryptography by planning on adding post quantum algorithms in SSH.
The future on the cryptography landscape is scary and exciting. We at wolfSSL Inc want to help you navigate these dangers with cutting edge technologies with quantum computing safe algorithms.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.
