In cryptography when we talk about hardening a library, we mean enabling resistance to timing attacks and cache attacks, using RSA blinding and protecting against glitching. Enabling and Disabling Our code has many related macros which can be controlled via configure script flags such as the harden flag and maxstrength flag. When hardening is enabled, […]
Read MoreMore TagAuthor: Kajal Sapkota
wolfSSL + nuttX initial testing success!
wolfSSL is pleased to announce initial run-time testing of wolfCrypt + NuttX was successfully completed (Crypto algorithm tests and benchmarking) on both BL602 (RISC-V) and NUCLEO-L552ZE-Q (Cortex-M33) targets! wolfSSL engineers are now working on making a publically available drop-in for the NuttX-apps directory that users can take for a spin! The wolfSSL team is very […]
Read MoreMore TagHeard of NuttX?
Heard of NuttX? Fresh out of the Apache incubator, it’s a small RTOS with a focus on POSIX and ANSI standards compliance, scales from 8 to 64-bit microcontrollers, is extensively documented, ported to many platforms, and is very easy to get started with! Here at wolfSSL we are hard at work testing wolfSSL with NuttX. […]
Read MoreMore TagwolfSSH v1.4.12 Release
wolfSSL are proud to announce a new incremental update to wolfSSH: v1.4.12! In this release, we have wolfSSHD running. It seamlessly fits in where other SSHDs are, and is able to parse and make use of existing sshd_config files that are in place. We are also proud to announce that wolfSSH builds and runs in […]
Read MoreMore TagwolfSSL 5.5.4 Release!
Merry Christmas! The Christmas release of wolfSSL is here, version 5.5.4! This includes some minor feature additions, QUIC related changes for HAProxy use, port to the MAXQ hardware, improvements in performance, as well as additional enhancements and fixes. In this development cycle we also did testing of using wolfSSL with NuttX, and wolfSSL is ready […]
Read MoreMore TagHPKE support in wolfCrypt
HPKE (Hybrid Public Key Encryption) is a key encapsulation and encryption standard that allows two parties to derive a common secret and encrypt/decrypt messages using that common secret (https://www.ietf.org/archive/id/draft-irtf-cfrg-hpke-12.txt) HPKE has three steps in single-shot mode: Key encapsulation (KEM) – ECC P256, P384, P521 or X25519 Hash based Key Derivation (HKDF) – SHA2-256, SHA2-384, SHA2-512 […]
Read MoreMore TagEncrypted Client Hello (ECH) now supported in wolfSSL
ECH (Encrypted Client Hello) is a draft extension for TLS 1.3 that enables a client to encrypt its client_hello in the TLS handshake to prevent leaking sensitive metadata that is sent in the clear during the normal TLS handshake. ECH was originally proposed as ESNI (Encrypted Server Name Indication), since the server name indication is […]
Read MoreMore TagwolfSSL on Softcore RISC-V
In our never-ending quest to have wolfSSL supported and running on all platforms, everywhere, for everyone, we are proud to announce we are now supporting Softcore RISC-V Environments. What is a Softcore RISC-V CPU? We’re glad you asked! Softcore means the electronics are created on a “soft” and reusable FPGA instead of the one-time, hard […]
Read MoreMore TagRocky Linux FIPS
Are you interested in utilizing FIPS 140-2 cryptography on the Rocky Linux™ platform? wolfSSL will soon be adding the Rocky Linux Operating Environment to our wolfCrypt FIPS certificate. Let us know your exact hardware to ensure we add the configuration you need. The wolfCrypt FIPS module can be used with wolfSSL, wolfSSH, third party Open […]
Read MoreMore TagDHE Vulnerability of CVE 2022-40735
Customers have asked about CVE 2022-40735 (https://nvd.nist.gov/vuln/detail/CVE-2022-40735) and whether they are vulnerable as users of wolfSSL. The short is answer is: No. But, there are ways that you can put yourself at risk. Let’s delve into the CVE and how best to protect yourself from attacks like this. First of all, a description of the […]
Read MoreMore Tag