RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfTPM first to support Nuvoton NPCT75x extra GPIO for safety-critical applications

wolfTPM is the leading TPM library for embedded and baremetal applications. It is widely used in aerospace, military, and medical systems because the wolfSSL TPM 2.0 library is designed specifically for embedded systems. wolfTPM offers a low memory footprint and supports all of the TPM 2.0 commands and operations; as well as provids examples of: attestation, NVRAM usage, secure storage, and sealing.

Today, we have expanded on the new  TPM 2.0 feature called Extra GPIO, by adding support for the newest variant of NPCT75x modules by Nuvoton.

It is now possible to protect and control GPIO by using TPM 2.0 authorization. This way, extra GPIO on the TPM chip becomes a great tool for signaling of critical events across subsystems.

Since, wolfTPM already offers support for extra GPIO for ST33 modules from STMicroelectronics. Here is a brief comparison of the GPIO capabilities between ST33 and NPCT75x :

Manufacturer Model Extra GPIO availability GPIO modes
Nuvoton NPCT75x 2 GPIO for SPI & I2C 3 output modes
STMicroelectronics ST33 2 GPIO for SPI

4 GPIO for I2C
6 modes in total

In safety-critical systems, extra GPIO control through the TPM 2.0 module provides signaling for security events and important changes of the system state. Such use cases are observed in the rising railway IoT automation and in modern automotive systems.

We want to thank the team at Nuvoton led by Mr. Oren and the amazing field application engineer Ms. Dana for collaborating on this project.

If you want to use TPM 2.0 and secure GPIO signaling in your next project please contact us at facts@wolfssl.com

wolfMQTT Client Supports HiveMQ Cloud

The wolfMQTT client library “mqttclient” example demonstrates securely connecting over TLS provided by wolfSSL.

We set up a HiveMQ Cloud cluster that can be used for testing. The HiveMQ Cloud broker uses the Server Name Indicator (SNI) extension for TLS client authentication, which is specified using the `-S ` option. The example is located in `/examples/mqttclient/`. You can test with our HiveMQ Cloud cluster using:

./examples/mqttclient/mqttclient -h 833f87e253304692bd2b911f0c18dba1.s1.eu.hivemq.cloud -t -S -u wolf1 -w NEZjcm7i8eRjFKF -p 8883

Everyone deserves to have their IoT data secure, and wolfSSL provides the best libraries to accomplish that! Secure-IoT-Love from the wolfSSL team!

You can download the latest release here: https://www.wolfssl.com/download/

Or clone directly from our GitHub repository: https://github.com/wolfSSL/wolfMQTT

Don’t forget to add a star while you’re there!  Contact us at facts@wolfssl.com with any questions or for help using wolfMQTT in your project!

Embedded SSH client with TPM protected keys

We are adding hardware security to wolfSSH to meet the rising security requirements for connected systems.

Thanks to the widely available Trusted Platform Module (TPM) and our portable wolfTPM library, wolfSSH can have the user’s private SSH key stored and used directly from a hardware security module. This way the private key material is never exposed in raw form and the system has physical tamper-proof protection of its important secrets.

wolfSSH is a portable SSH v2.0 client and server. It also supports the SCP and SFTP protocols. This makes wolfSSH a preferred choice for embedded systems and applications. 

wolfTPM is a portable TPM 2.0 library, designed for baremetal and embedded systems. wolfTPM has its own TPM Interface Layer (TIS) developed in accordance with the Trusted Computing Group Group (TCG). This allows wolfTPM to operate in every operating environment, because it does not require a TPM driver.

For information on our wolfSSH capabilities see https://www.wolfssl.com/products/wolfssh/.

Do you want to use SSH with hardware protected keys? Please email us at facts@wolfssl.com

Integration update: wolfSSL is the Secure Socket Solution for Qt

The QSslSocket class in Qt makes it easy to add encryption to your application. wolfSSL makes it secure!

The wolfSSL embedded SSL/TLS library is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments – primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross-platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, supports FIPS, and has critical interfaces like TPM 2.0 and  PKCS#11.

Qt has traditionally used OpenSSL as the provider for SSL/TLS in Qt Network for secure network communications. wolfSSL 4.4.0 adds support for building Qt 5.12 and 5.13 against the wolfSSL embedded SSL/TLS library instead of the default OpenSSL backend! The wolfSSL integration with Qt provides a performance-minded alternative, ideal for Qt developers who are looking for a lightweight, progressive, and well-tested SSL/TLS implementation.  

Using wolfSSL as a TLS provider in Qt can have many advantages, depending on application and industry.  Some of these may include:

To learn more about the advantages of using wolfSSL, visit our page on “wolfSSL vs. OpenSSL”. For more insight into building Qt with wolfSSL, the advantages it brings to Qt developers when used in place of OpenSSL, and the current state of SSL/TLS and the cryptography algorithms used, watch this recorded talk by our Engineering Manager, Chris Conlon. 

For instructions on how to compile Qt with the wolfSSL patch, please visit Building Qt with wolfSSL

Questions? Reach out to our support team at support@wolfssl.com!

cURL Security Advisories

The 200th curl release found 3 major security advisories from the curl bug-bounty program. These are the advisories:

This is a Use-After-Free in the OpenSSL backend code that in the absolutely worst case can lead to an RCE, a Remote Code Execution. The flaw is reasonably recently added and it’s very hard to exploit but you should upgrade or patch immediately.

The issue occurs when TLS session related info is sent from the TLS server when the transfer that previously used it is already done and gone.

When libcurl accepts custom TELNET options to send to the server, it the input parser was flawed which could be exploited to have libcurl instead send contents from the stack.

In the Schannel backend code, the selected cipher for a transfer done with was stored in a static variable. This caused one transfer’s choice to weaken the choice for a single set transfer could unknowingly affect other connections to a lower security grade than intended.

Upcoming Webinar: Introducing wolfSentry, an Embeddable IDPS

wolfSSL personally invites you to our wolfSentry webinar, where we are introducing our newest product wolfSentry, a universal, dynamic, embeddable IDPS (intrusion detection and prevention system)! Join us to learn about about what an IDPS is, why you should care, and wolfSentry is the solution to all of your problems

About the webinar:

When: Thursday, July 8th at 10AM Pacific time (GMT-8)
Topic: wolfSentry IDPS webinar presented by wolfSSL

Register: https://us02web.zoom.us/webinar/register/WN_Q45RL7XlTPOy5Sc-LOg5vg

After registering, you will receive a confirmation email containing information about joining the webinar.

Please bring any questions you have, and we look forward to seeing you there!

wolfSSL at Black Hat USA 2021

wolfSSL will be at Black Hat in Las Vegas this year! Catch our team in the Exhibition Hall August 4th and 5th to dive into the latest in cybersecurity. 

BHUSA – 7/31-8/5 2021 – Las Vegas, NV, USA
Register for virtual or in-person access: https://www.blackhat.com/us-21/registration.html 

We’ll have Engineers and Business Directors hanging out at Booth 1472, ready to answer all your security questions, talk through getting started with wolfSSL, as well as:

  • TLS 1.3 sniffer support in the latest wolfSSL version 4.7.0
  • The advantages of TLS 1.3 
  • Getting to FIPS 140-3 first
  • wolfSentry embedded IDPS (intrusion detection and prevention system) 
  • wolfBoot Secure Boot
  • wolfEngine, otherwise known as the wolfCrypt FIPS engine for OpenSSL
  • Commercial curl support for your use case 
  • DO-178 for secure avionics
  • NXP CAAM driver support 

Email facts@wolfSSL.com to set up a meeting at the show, or come find us at Booth 1472! We can’t wait to see you. It’s been too long.

Follow wolfSSL on Twitter
Connect with us on LinkedIn

Upcoming wolfSSL Webinar: FIPS 140-3

In case you missed it, we’re revisiting the latest on FIPS 140-3 from wolfSSL. Join us to get all the details from the experts at being first in FIPS! Bring all your FIPS questions–we’ve got you covered.

When: Thursday, July 1st, 2021 at 10:00 AM PT
Topic: Webinar – FIPS 140-3
Registration: https://us02web.zoom.us/webinar/register/WN_gMGaw43PRuStyXtqpQBEyw

wolfSSL is currently the leader in embedded FIPS certificates. With current FIPS 140-2 certificate #3389 for the wolfCrypt Cryptographic Module, wolfSSL is thrilled to be the first in upcoming FIPS 140-3 certification. Join the wolfSSL team as we cover all things FIPS 140-3. There will be a live Q&A so bring all your FIPS-related questions. We will cover the current transition to FIPS 140-3, its importance for cybersecurity, as well as how wolfSSL is implementing it in our products.

Register in advance for this webinar:
https://us02web.zoom.us/webinar/register/WN_gMGaw43PRuStyXtqpQBEyw

If you are interested in a FIPS 140-3 validated version of wolfCrypt, or would like to learn how wolfSSL can help meet your FIPS requirements, shoot us an email at fips@wolfssl.com.

Catch Daniel Stenberg at virtual MWC!

Daniel Stenberg is holding office hours at Mobile World Congress in Barcelona this Tuesday 14:00 – 16:00 (CEST). Sign on to talk libcurl latest release 7.77.0, FIPS, MQTT support, cURL TPM/HSM Integration, tinycurl, and more!

We’re in-person at MWC this year, but if you can’t be there to meet with wolfSSL at booth 1L12, you can still register for a Virtual pass to chat with our team via the digital event. 

Register for a virtual pass and download the MWC app to join in on the conversation!

 

Follow Daniel on Twitter: @bagder
Follow @wolfSSL on Twitter: @wolfSSL

U-Boot with wolfTPM

We are integrating wolfTPM into U-Boot. This will extend the TPM 2.0 capabilities in U-Boot to include signature verification and measured boot.

For many platforms we can replace U-Boot such as on the Xilinx UltraScale+ MPSoC.

Our wolfBoot allows many features including:
* Partition signature verification using ED25519, RSA and ECC
* Encryption of partitions
* Updating of partitions in the boot loader
* Measured boot with TPM 2.0 PCR registers
* Offloading to crypto coprocessors like the TPM 2.0 modules
* Version checking for updates
* Rollback on failed updates

For information on our wolfBoot TPM integration see https://www.wolfssl.com/products/wolfboot/.

If you are interested in our U-Boot wolfTPM integration please email facts@wolfssl.com.

 

Connect with wolfSSL:
Twitter
LinkedIn
Facebook

Posts navigation

1 2 3 4 5 134 135 136

Weekly updates

Archives

Latest Tweets