RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL Version 4.7.0 Is Available!

Version 4.7.0 of wolfSSL has general fixes and optimizations, a few excellent feature additions, and some vulnerability fixes. Some of the new features added are support for S/MIME bundles which are commonly used with email traffic, an --enable-reproducable-build flag to help out with inspecting the wolfSSL library created, expansion to the OpenSSL compatibility layer, and additional session ticket API’s that help modularly control which TLS protocol version can use session tickets.

A few of the improvements and optimizations in the release are to linux kernel module support, DTLS resending of a flight after timeouts, the CMake build with a user settings file and out of directory builds of wolfSSL.

This release fixes 3 vulnerabilities, one of them being a TLS 1.3 client side issue that is rated as high. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report on this TLS 1.3 issue.

A full list of items in the release can be seen in the ChangeLog.md bundled with wolfSSL or on our main webpage. For further reading about vulnerabilities see our webpage or contact us at facts@wolfssl.com for general wolfSSL information.

Embedded Bootloader with hardware acceleration and cryptography

Most bootloaders do not use hardware acceleration and cryptography.

wolfSSL’s wolfBoot is an exception.

 

wolfBoot can use Secure Elements, such as ATECC508A. Thanks to integration with wolfTPM, wolfBoot can also leverage TPM 2.0, such as STMicroelectronics ST33, Infineon SLB9670, Nuvoton NPC750 and other TPM modules.

 

Thanks to wolfSSL’s cryptographic engine, wolfBoot can take advantage of the hardware acceleration for cryptography operations of many embedded and server platforms. Here are highlights of our platforms support list:

 

Manufacture Vendor Platform
STMicroelectronics STM32F1 / F2 / F4 / L1 / WB / F7 / H7

STM32L5 (with Trustzone support)

NXP Kinetis K50 / K60 / K70 / K80
NXP RT 1060 with DCP support, and LPC54xxx
NXP iMX6 iMX7 iMX8 with CCAM support
Microchip PIC32, MX and MZ series
Microchip (Atmel) SAM R21
Cypress PSoC6
Texas Instruments TM4C1294 (ARM Cortex-M4F)
SiFive (RISC-V) FE310 / HiFive1
Marvell (CAVIUM) NITROX V, NITROX III
XILINX Zynq UltraScale+
Intel and AMD x86 AES-NI, AVX1 / AVX2, RDRAND / RDSEED

 

wolfBoot is a solution for firmware update and authentication that can take advantage of your platform’s hardware acceleration and cryptography. This way we achieve a small memory footprint and high performance during secure updates over the air(OTA).

If you do not see your platform supported or have any questions, please contact us at support@wolfssl.com.

wolfCrypt FIPS 140-3 status update!

Hi! We continue to make progress on our upcoming FIPS 140-3 certification. We have now completed code review, and are working with our lab on operational testing. The process will be in NIST’s hands after that. Our goal is to be the first software cryptographic library with a FIPS 140-3 certification, and that looks like it is on track!

If you have questions on wolfCrypt’s FIPS 140-3 certificate, contact us at facts@wolfssl.com! For more information on wolfCrypt’s previous 140-2 certificates, visit our FIPS page here.

Leveraging Virtual Memory in the Linux Kernel

In wolfSSL release 4.7, the Linux kernel module implementation has been enhanced to use kvmalloc() and kvfree() for heap-based storage. The typical approach using kmalloc() allocates physically contiguous memory, with meaningful limitations on the maximum size of allocation and the impact of those allocations on other system components. kvmalloc(), by contrast, uses vmalloc() internally to make non-contiguous use of memory for large allocations, which is more efficient and less contentious. The wolfSSL kernel module now leverages this capability when targeted to Linux kernel 4.12 or newer, relaxing potential resource constraints and minimizing the likelihood of interference in the kernel.

For questions or help getting started using wolfSSL in your project, contact us at facts@wolfssl.com!  wolfSSL supports TLS 1.3FIPS 140-2/140-3DO-178C, and more!

Reproducible Builds for Confident Testing and Release Engineering

wolfSSL release 4.7 includes --enable-reproducible-build, a new configuration option that suppresses the binary jitter (timestamps and other non-functional metadata) that is otherwise common in various build processes. With --enable-reproducible-build, test and release engineers can carefully align build environments, then generate bitwise-identical binary packages with identical hashes. Using --enable-reproducible-build, FOSS binary distributors can publish their build environment attributes and parameters, then third parties can verify binary distributions by replicating the build process and comparing hashes. Similar processes can be used internal to an organization to confirm the integrity of build environments and source archives.

For questions or help getting started using wolfSSL in your project, contact us at facts@wolfssl.com!  wolfSSL supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!

wolfBoot support for ARM TrustZone

Since version 1.7.1, wolfBoot provides support for secure boot on systems with a Trusted Execution Environment (TEE).

wolfBoot provides embedded developers with a code base that complies with the specification for the separation between secure and non-secure world, on those CPUs and microcontrollers that support it. On ARMv8 Cortex-A CPU and Cortex-M microcontrollers it is now possible to create a hardware-enforced separation between the two worlds, using the ARM TrustZone technology.

Our first reference implementation has been made in collaboration with ST using STM32L5 target. This device can be configured to keep the running application or operating system from accessing the Secure world resources, including the partition containing the bootloader itself on the FLASH memory, and other hardware resources that may be configured as secure at boot time.

For more information, check out the wolfBoot product page. Contact us at facts@wolfssl.com for more information on using wolfBoot as a secure bootloader in your Trusted Execution Environment.

Upcoming Webinar: Getting Started with wolfSSL

Join us for our upcoming webinar on March 3, 2021 with wolfSSL Engineering Manager, Chris Conlon. This webinar will provide attendees with the basics and best practices needed to get started using the wolfSSL TLS library in products and projects into 2021! Topics will include a brief overview of TLS 1.3, wolfSSL package structure, how to build wolfSSL, running the wolfCrypt cryptography test and benchmark applications, wolfSSL basic API usage, tips on debugging, and more! Bring your questions for the Q&A session to follow!

When: Mar 3, 2021 09:00 AM Pacific Time (US and Canada)
Topic: Getting Started with wolfSSL
Register in advance for this webinar https://us02web.zoom.us/webinar/register/WN_Xk3ez1LOQgK1_oc2bKe_dw.

After registering, you will receive a confirmation email containing information about joining the webinar.

wolfSSL at MSU Virtual Spring Career Fair 2021

wolfSSL will be attending the Virtual MSU Spring Career Fair next week! wolfSSL regularly attends Career Fairs at Montana State University in Bozeman, MT. This year, the MSU Career Fair will be in a virtual format, hosted on the Handshake platform.

wolfSSL will be participating in the career fair on both Wednesday (03/03/2021) and Thursday (03/04/2021). We will be hosting several 30-minute sessions on the Handshake platform which will introduce wolfSSL, our products, and our open internship positions for summer 2021! Each session can hold a maximum of 50 attendees. Current session blocks are scheduled for:

Day 1 – Wednesday (03/03/2021)
– 11:30 – 12:00pm MDT
– 1:00 – 1:30pm MDT

Day 2 – Thursday (03/04/2021)
– 10:00 – 10:30am MDT
– 11:30 – 12:00pm MDT
– 1:00 – 1:30pm MDT

There will also be several 10-minute 1:1 time slots available for students who would like to talk directly with a wolfSSL representative. For more information, visit the MSU Career Fair events on Handshake:

Montana State University Spring Career Fair 2020 – Virtual Fair Day 1
Montana State University Spring Career Fair 2020 – Virtual Fair Day 2

For more information, contact facts@wolfssl.com, or download wolfSSL products from our download page to try them out. We look forward to meeting you!

Please join us for our upcoming ST Micro Partner Webinar!

We are exited to invite you to attend our new partner webinar with ST Micro! This webinar is about how to integrate wolfSSL Software features to enhance STM32CubeMX software.

Watch the webinar here: https://docs.google.com/forms/d/e/1FAIpQLSf-tFhpDxDUh4vJPIXM7GGcyZnsl_mnCJiR8QcBZDQqX3ZlNw/viewform

wolfSSL software is now compatible with STM32 Toolset, adding on to previous support for the STM32 Standard Peripheral Library and STM32Cube HAL (Hardware Abstraction Layer). wolfSSL offers and maintains an STM32Cube Expansion Package for wolfSSL (I-CUBE-WOLFSSL) to make it easy for users to pull wolfSSL directly into STM32CubeMX and STM32CubeIDE projects.

You will learn

  • About the new features of the latest STM32CubeMX tool from ST
  • How wolfSSL embedded security features offer development speed and portability
  • How to easily integrate wolfSSL into your project using the STM32CubeMX tool

Additional Resources

Please contact us at facts@wolfssl.com with any questions about the webinar. For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

 

wolfSSL Expands Compatibility Layer for OpenSSL Applications

The wolfSSL OpenSSL compatibility layer is a means to switch applications designed for OpenSSL over to use wolfSSL. In addition to this, it is constantly expanded and currently has more than 500 commonly used OpenSSL functions. wolfSSL also provides Crypto API support to enable easier migration of projects.

We recently added some more in our wolfSSL 4.7.0 release!

  • SSL_get_verify_mode
  • X509_VERIFY_PARAM API
  • X509_STORE_CTX API

… to name a few.

Why might one want to make the migration from OpenSSL and turn on this compatibility in the first place? To start, wolfSSL has numerous benefits over its counterpart, OpenSSL. Some of these include hardware acceleration implementations, progressive adoptions of TLS 1.3 as well as a reduced footprint size. In addition to this, there is the potential to use wolfCrypt FIPS. wolfSSL maintains current FIPS 140-2 (and soon to be 140-3) support which is used in numerous applications. We also provide FIPS Ready builds to help get projects ready for FIPS verification. All of this is supported by a team of trained wolfSSL engineers.

For more information about the OpenSSL compatibility layer or the wolfSSL embedded SSL/TLS library, contact us today at facts@wolfssl.com!

wolfSSL 4.7.0 Supports user_settings.h for CMake Builds

wolfSSL is happy to announce support for user_settings.h in CMake builds in wolfSSL 4.7.0. To enable this feature, add -DWOLFSSL_USER_SETTINGS=yes to your cmake command and proceed to use user_settings.h as you normally would. For more about user_settings.h, continue reading below.

When building for embedded devices the best way to configure the wolfSSL library is to create a header named “user_settings.h”. Then, at the global level in your application define WOLFSSL_USER_SETTINGS so that when <wolfssl/wolfcrypt/settings.h> is included throughout the library the user_settings.h header is also pulled in. The application should include <wolfssl/wolfcrypt/settings.h>, BEFORE all other wolfSSL headers. A good example user_settings.h for getting started on an embedded project can be found at wolfssl-4.7.0/IDE/GCC-ARM/Header/user_settings.h. That example is well commented and provides a good starting point for any embedded project, even non-ARM based ones!

Please contact wolfSSL at facts@wolfssl.com with any questions or for help using wolfSSL with your project! wolfSSL supports TLS 1.3, FIPS 140-2/140-3, DO-178C, and more!

Posts navigation

1 2 3 4 126 127 128

Weekly updates

Archives

Latest Tweets