RECENT BLOG NEWS

wolfSSL is developing a library to handle the location of where crypto operations run amongst multiple cores. For large systems that have many sign/verify operations happening at once this library would be able to distribute those sign/verify requests based on a user’s input. In addition to managing where the operation runs it can be used […]

The wolfSSL library includes a useful tool for sniffing TLS traffic. This can be used to capture and decrypt live or recorded PCAP traces when at least one of the keys is known. Typically a static RSA ciphersuite would be used, however with TLS v1.3 only Perfect Forward Secrecy (PFS) ciphers are allowed. For TLS […]

The Qualcomm Hexagon SDK  is used for building code to run on DSP processors. Use of the Hexagon toolchain to offload ECC verify operations has been added to wolfSSL. This can free up the main CPU for other operations or lead to future optimizations with HVX on some algorithms that use vector operations. The Makefile […]

Trusted Platform Modules (TPM) give us a secure vault for storing keys and secrets. We could also use a TPM as root-of-trust for reporting the health and integrity of our servers or bare metal systems (e.g. IoT). However, TPMs are physical devices. The communication between our software and the TPM happens over a physical interface, […]

wolfSSL is excited to announce support for using Silicon Labs Hardware acceleration. The EFR32 family of devices support multiple wireless interfaces with hardware cryptographic operations. wolfSSL can now offload cryptographic operations for dramatically increased performance on the Silicon Labs EFR32 family! Our new support includes hardware acceleration of the following algorithms: RNG AES-CBC AES-GCM AES-CCM […]

With wolfSSL 4.6.0, the cisco/libest EST library has been ported to work with wolfSSL. The Enrollment over Secure Transport (EST) protocol defines “enrollment for clients using Certificate Management over CMS (CMC) [RFC5272] messages over a secure transport.” It uses TLS >1.1 and the Hypertext Transfer Protocol (HTTP) to facilitate secure and authenticated Public Key Infrastructure […]

One of the new features in wolfSSL 4.6.0 is the ability to process application data during a (D)TLS 1.2 secure renegotiation. The new functionality (added in commit 7c89d10e5362ec281ce61ff12f37a091aa124e98) allows users to send and receive their data during the re-handshake process. Sending data can be accomplished, when using non-blocking sockets, by calling the wolfSSL_write API during […]

We recently validated the compatibility of our “meta-wolfssl” layer with Yocto 3.0 Zeus, and also updated our wolfSSL recipe to match our newest 4.6.0 release! We offer recipes for wolfSSL, wolfSSH, wolfMQTT, and wolfTPM, all available for Yocto Project or OpenEmbedded based projects. Adding the wolfSSL products to your project happens in just three steps: Clone […]

One of the features included in the new wolfSSL 4.6.0 release is support for RC2-ECB/CBC and its integration into wolfSSL’s PKCS#12 functionality. RC2-ECB/CBC has been added to wolfCrypt for users who have backwards compatibility requirements and may need to interop with older existing applications or devices. This feature is disabled by default and can be […]

Guest blog, written by Robert Hörr (e-mail: robert (dot) hoerr (at) t-systems (dot) com) (Security Evaluator of Deutsche Telekom Security GmbH) My name is Robert Hörr and I am working as a penetration tester at Deutsche Telekom Security GmbH. Pentesting is mostly done on security software, as for instance the wolfSSL TLS library to discover […]