Month: February 2021

Join us for our upcoming webinar on March 3, 2021 with wolfSSL Engineering Manager, Chris Conlon. This webinar will provide attendees with the basics and best practices needed to get started using the wolfSSL TLS library in products and projects into 2021! Topics will include a brief overview of TLS 1.3, wolfSSL package structure, how to build wolfSSL, running the wolfCrypt cryptography test and benchmark applications, wolfSSL basic API usage, tips on debugging, and more! Bring your questions for the Q&A session to follow!

When: Mar 3, 2021 09:00 AM Pacific Time (US and Canada)
Topic: Getting Started with wolfSSL
Register in advance for this webinar https://us02web.zoom.us/webinar/register/WN_Xk3ez1LOQgK1_oc2bKe_dw.

After registering, you will receive a confirmation email containing information about joining the webinar.

wolfSSL will be attending the Virtual MSU Spring Career Fair next week! wolfSSL regularly attends Career Fairs at Montana State University in Bozeman, MT. This year, the MSU Career Fair will be in a virtual format, hosted on the Handshake platform.

wolfSSL will be participating in the career fair on both Wednesday (03/03/2021) and Thursday (03/04/2021). We will be hosting several 30-minute sessions on the Handshake platform which will introduce wolfSSL, our products, and our open internship positions for summer 2021! Each session can hold a maximum of 50 attendees. Current session blocks are scheduled for:

Day 1 – Wednesday (03/03/2021)
– 11:30 – 12:00pm MDT
– 1:00 – 1:30pm MDT

Day 2 – Thursday (03/04/2021)
– 10:00 – 10:30am MDT
– 11:30 – 12:00pm MDT
– 1:00 – 1:30pm MDT

There will also be several 10-minute 1:1 time slots available for students who would like to talk directly with a wolfSSL representative. For more information, visit the MSU Career Fair events on Handshake:

Montana State University Spring Career Fair 2020 – Virtual Fair Day 1
Montana State University Spring Career Fair 2020 – Virtual Fair Day 2

For more information, contact facts@wolfssl.com, or download wolfSSL products from our download page to try them out. We look forward to meeting you!

We are exited to invite you to attend our new partner webinar with ST Micro! This webinar is about how to integrate wolfSSL Software features to enhance STM32CubeMX software.

Watch the webinar here: https://docs.google.com/forms/d/e/1FAIpQLSf-tFhpDxDUh4vJPIXM7GGcyZnsl_mnCJiR8QcBZDQqX3ZlNw/viewform

wolfSSL software is now compatible with STM32 Toolset, adding on to previous support for the STM32 Standard Peripheral Library and STM32Cube HAL (Hardware Abstraction Layer). wolfSSL offers and maintains an STM32Cube Expansion Package for wolfSSL (I-CUBE-WOLFSSL) to make it easy for users to pull wolfSSL directly into STM32CubeMX and STM32CubeIDE projects.

You will learn

• About the new features of the latest STM32CubeMX tool from ST
• How wolfSSL embedded security features offer development speed and portability
• How to easily integrate wolfSSL into your project using the STM32CubeMX tool

Additional Resources

Please contact us at facts@wolfssl.com with any questions about the webinar. For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

 

The wolfSSL OpenSSL compatibility layer is a means to switch applications designed for OpenSSL over to use wolfSSL. In addition to this, it is constantly expanded and currently has more than 500 commonly used OpenSSL functions. wolfSSL also provides Crypto API support to enable easier migration of projects.

We recently added some more in our wolfSSL 4.7.0 release!

• SSL_get_verify_mode
• X509_VERIFY_PARAM API
• X509_STORE_CTX API

… to name a few.

Why might one want to make the migration from OpenSSL and turn on this compatibility in the first place? To start, wolfSSL has numerous benefits over its counterpart, OpenSSL. Some of these include hardware acceleration implementations, progressive adoptions of TLS 1.3 as well as a reduced footprint size. In addition to this, there is the potential to use wolfCrypt FIPS. wolfSSL maintains current FIPS 140-2 (and soon to be 140-3) support which is used in numerous applications. We also provide FIPS Ready builds to help get projects ready for FIPS verification. All of this is supported by a team of trained wolfSSL engineers.

For more information about the OpenSSL compatibility layer or the wolfSSL embedded SSL/TLS library, contact us today at facts@wolfssl.com!

wolfSSL is happy to announce support for user_settings.h in CMake builds in wolfSSL 4.7.0. To enable this feature, add -DWOLFSSL_USER_SETTINGS=yes to your cmake command and proceed to use user_settings.h as you normally would. For more about user_settings.h, continue reading below.

When building for embedded devices the best way to configure the wolfSSL library is to create a header named “user_settings.h”. Then, at the global level in your application define WOLFSSL_USER_SETTINGS so that when <wolfssl/wolfcrypt/settings.h> is included throughout the library the user_settings.h header is also pulled in. The application should include <wolfssl/wolfcrypt/settings.h>, BEFORE all other wolfSSL headers. A good example user_settings.h for getting started on an embedded project can be found at wolfssl-4.7.0/IDE/GCC-ARM/Header/user_settings.h. That example is well commented and provides a good starting point for any embedded project, even non-ARM based ones!

Please contact wolfSSL at facts@wolfssl.com with any questions or for help using wolfSSL with your project! wolfSSL supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!

As some may be aware, wolfSSL added support for strongSwan in April of 2019. The upstream commit can be reviewed here: https://github.com/strongswan/strongswan/pull/133

Users can test the latest development master of wolfSSL with the latest version of strongSwan using the following setup:

wolfSSL Build and Installation Steps

$ git clone https://github.com/wolfSSL/wolfssl.git

$ cd wolfssl
$ ./autogen.sh

$ ./configure --enable-opensslall --enable-keygen --enable-rsapss --enable-des3 --enable-dtls --enable-certgen --enable-certreq --enable-certext --enable-sessioncerts --enable-crl --enable-ocsp CFLAGS="-DWOLFSSL_DES_ECB -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA"

$ make
$ make check
$ sudo make install

strongSwan Build and Installation Steps

# if the following packages are not already installed:
$ sudo apt-get install flex bison byacc libsoup2.4-dev gperf

$ git clone https://github.com/strongswan/strongswan.git
$ cd strongswan
$ ./autogen.sh

# if packages are missing autogen.sh must be re-run

$ ./configure --disable-defaults --enable-pki --enable-wolfssl --enable-pem
$ make
$ make check
$ sudo make install

wolfSSL has had interest in enabling FIPS 140-2/140-3 support with strongSwan so our engineers verified everything is working with the wolfCrypt FIPS 140-2 validated Module!

The steps wolfSSL used for testing are as follows:

Testing was done using the wolfSSL commercial FIPS release v4.7.0 which internally uses the wolfCrypt v4.0.0 FIPS 140-2 validated Crypto Module. It was located in the /home/user-name/Downloads directory on the target test system, Linux 4.15 Ubuntu 18.04 LTS running on Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz.

1. wolfSSL was configured and installed with these settings:

./configure --enable-opensslall --enable-keygen --enable-rsapss --enable-des3 --enable-dtls --enable-certgen --enable-certreq --enable-certext --enable-sessioncerts --enable-crl --enable-ocsp CFLAGS="-DWOLFSSL_DES_ECB -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA -DFP_MAX_BITS=8192" --enable-ed25519 --enable-curve25519 --enable-fips=v2 --enable-intelasm --prefix=$(pwd)/../fips-install-dir
 make
 make install

2. A custom install location was used which equated to /home/user-name/Downloads/fips-install-dir and the configuration for strongSwan accounted for this.
3. strongSwan was cloned to /home/user-name/Downloads with “git clone https://github.com/strongswan/strongswan.git”
4. StongSwan was configured and installed with these settings:

./configure --disable-defaults --enable-pki --enable-wolfssl --enable-pem --prefix=$(pwd)/../strongswan-install-dir wolfssl_CFLAGS="-I$(pwd)/../fips-install-dir/include" wolfssl_LIBS="-L$(pwd)/../fips-install-dir/lib -lwolfssl"
 make
 make install
 make check

5. In the make check stage of the test, it was observed that 1 test was failing.

 Passed 34 of 35 'libstrongswan' suites
 FAIL: libstrongswan_tests
 ==================
 1 of 1 test failed
 ==================

6. Reviewing the logs it was apparent one of the RSA tests was failing.
7. Upon further debugging it turned out the failure was a test in strongSwan that was attempting to create an RSA key size of 1536-bits.

Running case 'generate':
 DEBUG: key_sizes[_i] set to 1024
 + PASS
 DEBUG: key_sizes[_i] set to 1536
 - FAIL
 DEBUG: key_sizes[_i] set to 2048
 + PASS
 DEBUG: key_sizes[_i] set to 3072
 + PASS
 DEBUG: key_sizes[_i] set to 4096
 + PASS

wolfSSL has a function RsaSizeCheck() which in FIPS mode will specifically reject any non FIPS RSA key sizes so this failure was not only expected, but it is a good thing for those wanting to use strongSwan in FIPS mode and ensure only FIPS-validated RSA key sizes will be supported!

wolfSSL is pleased that with the latest release of wolfSSL v4.7.0 and the wolfCrypt FIPS 140-2 module validated on FIPS certificate 3389, strongSwan support is working splendidly and wolfSSL engineers will be making efforts to ensure continued support into the future!

If you have any questions about wolfSSL, wolfCrypt FIPS, or strongSwan and wolfSSL together please contact our support staff anytime at support@wolfssl.com or via our Zendesk portal by registering and opening a support incident at wolfssl.zendesk.com.

Please join us for our upcoming Webinar: FIPS 140-3!

wolfSSL is thrilled to be the first in FIPS 140-3 certification and we want to share it with you! Join the wolfSSL team, Kaleb Himes and John Safranek, Senior Engineers & FIPS authorities, as we cover all things FIPS 140-3. There will be a live Q&A so bring all your FIPS-related questions. We will cover the current transition to FIPS 140-3, its importance for cybersecurity, as well as how wolfSSL is implementing it in our products.

When: February 24, 2021 at 9:00 AM PT
Topic: Webinar- FIPS 140-3
Register in advance for the webinar:
https://us02web.zoom.us/webinar/register/WN_cuTKyjtwTceVad7x2vvIiA
After registering, you will receive a confirmation email containing information about joining the webinar.

Bring any questions you may have, and we look forward to seeing you there!

After registering, you will receive a confirmation email containing information about joining the webinar.
Bring any questions you may have, and we look forward to seeing you there!

Additional Resources

Please contact us at facts@wolfssl.com with any questions about the webinar. For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

Three of our biggest engineering investments at wolfSSL are testing, testing, and testing. We invest heavily in testing, so that you don’t have to. We develop and test with 30+ operating systems, 10+ compilers, 50+ chipsets, 20+ hardware encryption IP schemes, and 15+ secure enclaves. We add more of the above to our Jenkins based CI/CD package every day. We do unit tests on everything, we run 5 static analyzers, and we run 7 internal fuzz testers. We employ sophisticated outside consultants to run additional fuzz testing.

Oh, yeah, we’ve had our code audited by every major vendor in computing, because they are all our customers, and need to review our code to ensure their own security and branding.

We’ve also been audited by over 20 security research teams in academia.

Finally, we’ve been through industry specific testing like DO-178 in aviation, MISRA and ASPICE in automotive, and FIPS 140 in government.

Contrast all of that with the testing and assurance you get from our competitors on your particular platform. It won’t compare.

Want to hear more about why we have the best tested cryptography and TLS 1.3? Email us at facts at wolfSSL dot com!

wolfSSL is happy to announce support for the latest stable version of stunnel, version 5.57. Per the stunnel website, “Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code.” wolfSSL also supports version 5.40 of stunnel. If you’re in need of a fast, low memory, and FIPS-validated TLS 1.3 implementation for stunnel, please reach out to facts@wolfssl.com!

The winter release of wolfMQTT, v1.8.0, is now available! This release has several bug fixes and optimizations including:

• Fixes for non-blocking in WIN32 and large payload (PR #202)
• Make TLS IO callback functions public (PR #201)
• Bug fixes (PR #186, 188, 189, 193, 196, 199, 200)
• Update default test broker (PR #194)
• MQTT-SN fixes for multithread and register topic name (PR #185, 190)
• Fix multi-thread to use pthread mutex with condition (PR #183)
• Fix for WIN thread create macro (PR #182)
• Use options.h with Arduino build (PR #181)
• Use MqttClient_Ping_ex instead of MqttClient_Ping in examples (PR #179)
• Fixes for building with MinGW (PR #178)
• MQTT-SN support for multithread (PR #176)
• TLS mutual auth in client examples (PR #175)
• MQTT-SN feature enhancements (PR #173)
• Add runtime message option to client (PR #171)

Check out the ChangeLog from the download for a full list of features and fixes, or contact us at facts@wolfssl.com with any questions:
https://github.com/wolfSSL/wolfMQTT/blob/master/ChangeLog.md

While you’re there, show us some love and give the wolfMQTT project a Star!
You can download the latest release here: https://www.wolfssl.com/download/
Or clone directly from our GitHub repository: https://github.com/wolfSSL/wolfMQTT