wolfSSL is happy to announce that we’ve recently added support for AES-SIV (synthetic initialization vector). Our implementation is based on the specification in RFC 5297. SIV mode is designed to be resistant to security degradation from accidental nonce reuse. Notably, AES-SIV is a mandatory AEAD algorithm for network time protocol (NTP) servers supporting network time […]
Read MoreMore TagAuthor: Kajal Sapkota
Math Library Improvements in wolfSSL 5.1.1
Significant improvements to the C-only implementation of Single Precision math for P-256 and P-384 have been made in wolfSSL 5.1.1. Previously the Montgomery reduction implementation was performed generically. This function makes up a significant proportion of the time to perform ECC operations. By adding an optimised implementation the performance of the 32-bit C code improved […]
Read MoreMore TagPost-Quantum Goodies in wolfSSL 5.1.1: FALCON
This is a quote from a message posted by Dustin Moody of NIST on the NIST PQC Forum at https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/fvnhyQ25jUg : “Yes – the 3rd round will shortly be ending. NIST is actively writing the 3rd Round report which will explain our rationale for which algorithms we will standardize. We hope to be able […]
Read MoreMore TagDeprecation of FIPS v1
Here at wolfSSL, we have been supporting your FIPS needs for several years now with our FIPS Ready, certificate #2425 and certificate #3389 source bundles. This support is going to continue with the soon to be granted FIPS 140-3 certificate. With the new certificate coming soon, we thought this might be a good time to […]
Read MoreMore TagTop 10 wolfSSL Library Configurations
Here at wolfSSL, we strive to support our customers’ needs for customization and finding the right trade-offs. The following table is a list of the top 10 things you can do with wolfSSL’s configuration flags. Task Configure Flag(s) Details Get Ready for Your First FIPS Customer –enable-fips=ready You will need to have a fips-ready bundle […]
Read MoreMore TagwolfSSL provider support for PKCS11
We now support wolfCrypt as a PKCS11 provider for applications to consume. The new wolfPKCS11 library adds a PKCS11 layer on top of the wolfCrypt API’s to enable customers who wish to standardize on an API interface or may already have developed code against PKCS #11. PKCS #11 is an OASIS standard for “Cryptographic Token […]
Read MoreMore TagwolfCLU ‘ca’ Command Added
wolfCLU (wolfSSL command line utility) has seen many feature additions! One of the features added was support for the command ‘ca’. This command now can handle basic conf. files for use with signing certificates. It is useful in projects to make a quick certificate with a given CA while avoiding having to write the code […]
Read MoreMore TagwolfBoot 1.10 – Secure Bootloader with Unique Features
A new version of wolfBoot (1.10) has been recently released and can be downloaded from our website, or cloned from our github repository. A full list of features can be found in our Changelog. As we recently announced, we have ported wolfBoot to run as an EFI application to verify the subsequent stages in the boot […]
Read MoreMore TagWhat are the Advantages of wolfTPM?
At wolfSSL, we have been developing a TPM stack with customers for many years called wolfTPM, a portable, open-source TPM stack with backward API compatibility, designed for embedded use. It is highly portable, and has native support for Linux and Windows. RTOS and bare metal environments can take advantage of a single IO callback for […]
Read MoreMore TagFIPS 140-3 and the TLS KDF
There has been a little turmoil between the CAVP and the FIPS community regarding the TLS KDF. The CAVP deprecated testing of the kdf-component-tls-1.0 at the beginning of the year. The community wasn’t ready and it was temporarily un-deprecated. wolfSSL and our wolfCrypt cryptography library are ready for the transition to the RFC7627 TLS KDF. […]
Read MoreMore Tag