RECENT BLOG NEWS

On October 13th & 14th wolfSSL will be hosting two live webinars, one will cover FIPS 140-3 Certification and the other will be on Migrating from OpenSSL to wolfSSL. Read below for more information as well as a links to register.

Oct 13, 9:00 AM PST: FIPS 140-3
Register Here: https://us02web.zoom.us/webinar/register/WN_WCO3LQ5dRiKifbbg5OCnYA

wolfSSL is thrilled to be the first in FIPS 140-3 certification and we want to share it with you! Join the wolfSSL team, Kaleb Himes, Senior Engineer & FIPS authority, as we cover all things FIPS 140-3. There will be a live Q&A so bring all your FIPS-related questions. We will cover the current transition to FIPS 140-3, its importance for cybersecurity, as well as how wolfSSL is implementing it in our products.

Oct 14, 9:00 AM PST: Migrating from OpenSSL to wolfSSL
Register Here: https://us02web.zoom.us/webinar/register/WN_7oyLVSq6Tba5828QvfFzcQ

There are many reasons why a user might want to switch from OpenSSL to wolfSSL. In order to facilitate this transition, wolfSSL has an accessible compatibility layer. Join us as wolfSSL Engineer, Jacob, talks about the top reasons why people migrate from OpenSSL to wolfSSL as well as how to get started. He will cover how to build with the compatibility layer as well as some examples of applications.

Both webinars will include a Q&A section, so please bring any questions you may have.

If you have any other questions or concerns please reach out to facts@wolfssl.com or support@wolfssl.com anytime.

We’re actually going somewhere! Come see wolfSSL at it-sa ’21 in Nuremberg, Germany this week.

it-sa ‘21: October 12th – 14th, 2021
Get a pass: https://www.mwcbarcelona.com/attend/registration#tab-physical-passes
Exhibition hours: 09:00 – 18:00 (Tuesday and Wednesday) 09:00 – 17:00 (Thursday)

wolfSSL will be at booth 7-611, with Business Directors Wolfram Kusterer and wolfSSL Engineer Juliusz Sosinowicz on the ground to answer all your embedded security questions. Plus, our full sales team will be on standby in the virtual booth to talk to you! Email facts@wolfSSL.com if you’d like to book a meeting ahead of the event. 

If you’re new to wolfSSL, here’s how we can help you win big in mobile industry and beyond:
– wolfSSL is up to 20x smaller than OpenSSL
– First commercial implementation of TLS 1.3, with TLS 1.3 Sniffer
– First in FIPS 140-3
– Best tested, most secure, fastest crypto on the market with incomparable certifications and highly customizable modularity
– Access to 24×7 support from a real team of Engineers
– Support for the newest standards (including TLS 1.2, TLS 1.3, DTLS 1.2, and DTLS 1.3 forthcoming)
– Multi-platform, dual-licensed, royalty free, with an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package
– Full product suite including MQTT with support up to v5.0, Secure Boot, wolfSentry IDPS, SSHv2 server, TPM 2.0 portable project, Java wrappers and JSSE support, plus commercial curl support at the enterprise level. 

To learn more, come meet us at it-sa ’21 or email facts@wolfSSL.com.  

Love it? Star wolfSSL on GitHub.
Discover MWC ‘21 here.
Follow @wolfSSL on Twitter for daily updates!

Thanks to the portability of our wolfCrypt library, plus our team of expert engineers, wolfSSL is frequently adding new ports. Keep an eye out as we continue showcasing a few of the latest open source project ports over the next few weeks!

We have recently integrated wolfSSL with the socat tool for Linux. This port allows for the use of socat with our FIPS-validated crypto library, wolfCrypt. Socat is a command line based utility that allows for bidirectional data transfers between two independent channels. For more information on socat, please visit the project’s website at www.dest-unreach.org/socat. 

As of wolfSSL version 4.8.0, we have enabled socat to be able to call into wolfSSL through the OpenSSL compatibility layer. You can access the GitHub page here: https://github.com/wolfSSL/osp/tree/master/socat

Need more? Subscribe to our YouTube channel for access to wolfSSL webinars!
Love it? Star us on GitHub!

The wolfSSL library is now safe against the “Harvest Now, Decrypt Later” post-quantum threat model with the addition of our new TLS 1.3 post-quantum groups. But where does that leave wolfSSH? It is still only using RSA and elliptic curve key exchange algorithms which are vulnerable to the threat model mentioned above. If you are interested in knowing about our plans to protect wolfSSH using post-quantum key exchanges, please get in contact with us at facts@wolfssl.com.

Join our live wolfEngine  webinar, where we introduce one of our newest products wolfEngine, a separate standalone library which links against wolfSSL (libwolfssl) and OpenSSL. wolfEngine implements and exposes an OpenSSL engine implementation which wraps the wolfCrypt native API internally. Algorithm support matches that as listed on the wolfCrypt FIPS 140-2 certificate #3389.

Learn about about what wolfEngine is, why you should care, and why wolfEngine could be the solution to all of your problems. As always bring your questions for the Q&A following the presentation.

wolfEngine : wolfCrypt as an Engine for OpenSSL
Time: Oct 7, 2021 09:00 AM in Pacific Time
Register here: https://us02web.zoom.us/webinar/register/WN_1gPXMVUgReClAodxe7sTPg

If you have any other questions or concerns please reach out to facts@wolfssl.com or support@wolfssl.com anytime.

wolfSSL Linux kernel module support has grown by leaps and bounds, with new support for public key (PK) cryptographic acceleration, FIPS 140-3, accelerated crypto in IRQ handlers, portability improvements, and overall feature completeness.

The module provides the entire libwolfssl API natively to other kernel modules, allowing fully kernel-resident TLS/DTLS endpoints with in-kernel handshaking.  Configuration and building is turnkey via the --enable-linuxkm option, and can optionally be configured for cryptographic self-test at load time (POST), including full FIPS 140-3 core hash integrity verification and self-test.

As with library builds, the kernel module can be configured in detail to meet application requirements, while staying within target capabilities and limitations.  In particular, developers can opt to link in only the wolfCrypt suite of low level cryptographic algorithms, or can include the full TLS protocol stack with TLS 1.3 support.

For PK operations, the kernel module leverages our new function-complete SP bignum implementation, featuring state of the art performance and side channel attack immunity.  AVX2 and AES-NI accelerations are available on x86, and are usable from both normal kernel threads and from interrupt handler contexts. When configured for AES-NI acceleration, the module delivers AES256-GCM encrypt/decrypt at better than 1 byte per cycle.

Kernel module builds of libwolfssl are supported in wolfSSL release 4.6 and newer, and are available in our mainline github repository, supporting the 3.x, 4.x, and 5.x Linux version lines on x86-64, with limited support for ARM and MIPS. Full FIPS 140-3 support on x86-64 will be available in the forthcoming wolfSSL Version 5.0 release.

Need more? Subscribe to our YouTube channel for access to wolfSSL webinars!
Love it? Star us on GitHub!

It came to our attention that OpenSSL just published two new vulnerabilities.

• CVE-2021-3711 – “SM2 decryption buffer overflow” (nakedsecurity)
• CVE-202103712 – “Read buffer overruns processing ASN.1 strings.” (nakedsecurity)

These were specific OpenSSL issues and do not affect wolfSSL. For a list of CVEs that apply to wolfSSL please watch the security page on our website here: https://www.wolfssl.com/docs/security-vulnerabilities/

We wanted to take this opportunity to remind our customers and users that wolfSSL is in no way related to OpenSSL. wolfSSL was written from the ground up and is a unique SSL/TLS implementation.

That being said, wolfSSL does support an OpenSSL compatibility layer allowing OpenSSL users to drop in wolfSSL but continue to use the most commonly found OpenSSL API’s after re-compiling their applications to link against wolfSSL.

One individual also pointed out the time delta between report and fix on the above CVEs and wolfSSL would like to remind our customers and users of how proud we are of our less than 48 hour delta between report and fix. For more on our response time and process regarding vulnerabilities check out https://www.wolfssl.com/everything-wanted-know-wolfssl-support-handles-vulnerability-reports-afraid-ask/

If you have any other questions or concerns please reach out to facts@wolfssl.com or support@wolfssl.com anytime.

A quick followup to the post “wolfSSLs’ Proprietary ACVP client”.

wolfSSL Inc. is proud to announce a recent addition to the wolfCrypt FIPS cert 3389!

• CMSIS-RTOS2 v2.1.3 running on a Silicon Labs EFM32G (Giant Gecko) chipset with wolfCrypt v4.6.1

Testing and standup for the EFM32 Giant Gecko was done collaboratively between wolfSSL Inc. and one of wolfSSLs’ customers. wolfCrypt had not previously been ported to or run on an EFM32 device so this was an exciting opportunity to both test on an EFM32 for the first time and to take wolfCrypt, running on the EFM32, through FIPS certification!
If you have any questions about getting wolfCrypt or wolfSSL up and running on your EFM32 target, not only is it possible, it is possible with FIPS 140-2 (and soon FIPS 140-3) certification as well!

Other OE’s added since the original ACVP client post are:

• Linux 4.14 running on ARMv8 Cortex A53 with and without PAA (module version 4.5.4)
• Windows CE 6.0 running on ARM Cortex-A8 (module version 4.6.2)
• Linux 4.19 running on ARMv8 Cortex A53 with and without PAA (module version 4.5.4)

At the time of this posting wolfSSL has:

• 10 OE additions (1SUB) in coordination phase with the CMVP to be added to cert 3389
• 4 OE additions (1SUB) that have completed all testing and are ready to be submitted to the CMVP
• 5 OE additions (1SUB) actively in the testing process
• 1 OE addition (1SUB) in the queue to start

While the CMVP is no longer accepting 3SUB and 5SUB submissions for FIPS 140-2 (Cutoff date was 22 Sep 2021) wolfSSL Inc. continues to work on 1SUB OE additions. wolfSSL Inc. will continue to work on 1SUB OE additions to cert 3389 until 7 months before the expiration date of cert 3389.

wolfSSL Inc. was one of the first to submit for FIPS 140-3 and we expect to be one of the first to receive a 140-3 certificate. If you are looking for a commercial FIPS 140-3 solution, then look no further!

If you need FIPS 140-2 or 140-3 please don’t hesitate to reach out to fips@wolfssl.com anytime.