RECENT BLOG NEWS
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.
Webinar Alert: Kernel Mode
Join our wolfSSL webinar about Kernel Mode presented by wolfSSL engineer Daniel Pouzzner tomorrow at 10AM Pacific.
In December 2020, wolfSSL 4.6.0 featured initial support for building as a Linux kernel module, supplying the entire native wolfCrypt and wolfSSL APIs directly to other kernel modules.
We have support with in-kernel FIPS 140-3, additional accelerated cryptography options on x86, and substantial improvements in stack usage.
Porting a library as large and complex as wolfSSL to the Linux kernel has been a multi-phase undertaking, guided by three key objectives:
A build process that is completely turnkey on supported kernel lines, via configure –enable-linuxkm and –with-linux-source=/source/tree/top.
A source tree that remains unified: the library and the kernel module are built from the same codebase, and differ only in various settings, and in kernel-specific glue logic.
Module builds that use the Linux in-tree Kbuild toolchain, rather than a bespoke out-of-tree build system, to facilitate simultaneous and continuing support for a wide variety of old and new kernel releases.
The Linux kernel is not a POSIX target, and many facilities commonly available to libraries and applications are unavailable (e.g. stack red zones, the C library, thread-local storage) or severely restricted (e.g. stack depth and vectorized instructions). Additionally, each minor kernel version and hardware target has peculiarities that cannot be ignored.
In this presentation, we will chronicle some of the challenges we encountered porting wolfSSL to this unusual target, and the solutions we developed.
As always we will have a Q&A Session following the webinar.
Register here.
cURL Up 2022 – Save The Date
The cURL Project and wolfSSL is happy to announce the annual cURL Developers Conference, cURL Up is being held in San Fransisco CA, USA this year! The event is on June 6th, 2022 at the Fort Mason Firehouse!
cURL Up is the annual curl developers conference where we gather and talk Internet protocols, curl’s past, current situation and how to design its future.
This is an intimate and very friendly meetup where you will have the opportunity to talk to Daniel Stenberg, founder and maintainer of cURL, as well as other speakers and sponsors about cURL and related technologies.
There are only 100 slots available, stay tuned for when the registration page goes live!
If you have questions or comments contact us at facts@wolfssl.com
wolfSSL Summer of Security Internship Program 2022
Are you a college or university student interested in application, device, and Internet security? Do you want to learn more about cryptography, SSL/TLS, SSH, MQTT, TPM, secure boot, and other protocols used to secure connected applications and devices? If so, continue reading to learn about the wolfSSL Summer of Security internship program!
wolfSSL is the leading global producer of Open Source Internet security products, securing over 2 Billion active connections on the Internet today. The wolfSSL “Summer of Security” program is an internship which spans the Summer months and brings qualified students on-board to learn about how security software is written, tested, and used around the world.
Interns who participate in this program gain valuable knowledge in the embedded SSL/TLS and security industry as well as C programming experience on Linux and embedded systems. Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with our community.
This program is a great opportunity to be part of the Open Source community, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential career with the wolfSSL team.
Requirements
Ideal candidates are students who have experience in C programming. Prior experience with embedded systems, network programming, Linux/Unix, and familiarity with git/GitHub are a plus.
Apply Today!
If you are interested in learning more about the wolfSSL Summer of Security internship program, please send the following items to internships@wolfssl.com:
- Resume with Cover Letter
- C Programming Sample
- A C application which best demonstrates your C programming ability. There are no requirements on the category or length of the application.
- Technical Writing Sample
- A writing sample which best demonstrates your writing ability. There is no requirement of topic or length of this sample.
Learn More
wolfSSL Homepage
wolfSSL Products Page
wolfSSL User Manual
TLS 1.3 Support!
wolfSSL Examples Repository (GitHub)
New wolfSSL Documentation Launched
Over the past few months the engineering team at wolfSSL have been working on a new reference documentation system for all of the wolfSSL products. The first fruits of this can be found in the form of the wolfSSL library documentation which is also available in PDF form.
This project had several goals:
- Update the documentation as much as possible
- Unify documentation locations and standards
- Reduce the barrier of entry to getting new edits into the documentation
- Reduce the barrier of entry to consuming the documentation
- Create methods of automatically building and deploying the documentation
The documentation source itself is in two parts, the first is the long form documentation pages which were previously shared documents to be edited. These are now Markdown documents in a GitHub repository. The second part is the Doxygen reference you can find in the repository with the code. Our new build system dynamically converts the Doxygen to Markdown, merges it with the long form pages, does some other minor cleanups and manipulations and then generates HTML and PDF outputs.
There are now fully working cross-links in the documentation to learn more about specific options and the formatting has been standardized across the entire documentation.
Over the coming weeks we will be automating the build and deployment of the documentation so it is always up-to-date every day. We will also be releasing documentation using the same system for the full suite of wolfSSL products. We will also be making edits over time to refine and improve the documentation that is there. We welcome any feedback to support@wolfssl.com!
For other questions about the wolfSSL embedded SSL/TLS library, TLS 1.3, or other products, contact us at facts@wolfssl.com.
wolfSSL at HACS/RWC
Have you been noticing the shiny little wolfSSL stickers floating around the HACS event (https://www.hacs-workshop.org/)? That’s right, our man in Amsterdam Anthony Hu has been giving out stickers at HACS! If you didn’t get one, don’t panic. He will also be attending RWC so if you want one, please find him to get one.
HACS was an energetic and productive event for wolfSSL where we were able to network and get some productive interactions. But now that it is over, it is time for RWC to begin! If you are also attending RWC, come find Anthony Hu to get your wolfSSL sticker.
wolfCrypt Submitted for FIPS 140-3!
After much work, wolfSSL is proud to announce that wolfCrypt v5 has been submitted to the CMVP and wolfCrypt is on the Modules in Process list for FIPS 140-3 Approval.
We’ve added more algorithms to our testing. We have AES-OFB mode. We added the TLSv1.2 and TLSv1.3 KDFs, including the extended master secret, and the SSH KDF. We’ve also testing 4096-bit RSA and ECDSA with SHA-3.
If you need to use TLSv1.3 in a FIPS environment, we have you covered! wolfCrypt FIPS also works with our other products including wolfBoot, wolfEngine, and wolfSSH.
More about FIPS 140-3
FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.
Among the changes for FIPS 140-3 are conditional algorithm self-tests, where the algorithm self-tests are only performed if used. The pre-operational self-test is now faster, as all the algorithms are not tested until needed. This helps with startup times as the public key self-testing can be time consuming. The self tests can be run at appropriate times for your application startup. Also, there is additional testing of the DRBG entropy sources.
For more information, please visit our FIPS page here.
If you want an up to date cryptography library and TLS stack that is ready for FIPS 140-3, contact us at fips@wolfssl.com.
Love it? Star wolfSSL on GitHub!
Webinar Alert: Looking Under the Hood – wolfSSL Automotive Stories and Examples!
Story time with wolfSSL! Join us for a comprehensive presentation on how to leverage wolfSSL for all of your Automotive Security needs as we go through a variety of different use cases and example with the specific engineering details for each story. As always bring your questions for the Q&A following the presentation.
Register here and join us this Thursday (April 14th) at 10AM Pacific (US and Canada)!
wolfEngine 1.0.0 Released
We’re happy to announce the first major release of wolfEngine, version 1.0.0. This release brings several improvements to wolfEngine. Here are some notable ones:
– Improved Visual Studio support.
– Improvements to the initialization code to support our upcoming FIPS 140-3 module.
– A rework of the AES-GCM implementation to support all OpenSSL use cases.
– New control commands for enabling wolfSSL debug logging.
– Better logging around the failure of the FIPS integrity check.
– A set of examples in the examples/ subdirectory.
– Additional HMAC functionality.
If you’re interested in using wolfEngine to satisfy FIPS requirements, please reach out to facts@wolfssl.com and we can discuss getting you a commercial version!
wolfSSL Supports git
wolfSSL has added support for git 2.35.1. git is a version control system that handles projects of all sizes. It is capable of handling the version history of projects all the way up to the size of the Linux kernel. git uses SSL/TLS for its imap-send command. This command sends a collection of patches from stdin to an IMAP folder. git can also be configured to use the crypto library for all SHA-1 and SHA-256 hashing. wolfSSL supports all of this functionality in our port. (https://github.com/wolfSSL/osp/tree/master/git)
Compile wolfSSL with
./configure --enable-opensslextra make make install
Compile git with:
patch -p1 < /path/to/our/patch make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 install
git uses external dependencies for most of its communication protocols. The two more common protocols used within git are https and ssh. git builds and links against the system available curl for http and https support and uses the ssh utility that is available at runtime in $PATH for ssh support. To use only wolfSSL in git make sure that all dependencies are using wolfSSL. curl can be built to use wolfSSL using a configure option (https://everything.curl.dev/source/build/tls#wolfssl) while you can build OpenSSH against wolfSSL using our patches (https://github.com/wolfSSL/osp/tree/master/openssh-patches).
To find out more please email facts@wolfssl.com.
Webinar Alert: Securing IoT Devices with Microchip Security Solutions
Join us Thursday, April 7th at 9AM Pacific!
This webinar will highlight wolfSSL’s Microchip partnership and our support for their microcontrollers and secure elements. We will discuss best practices for securing IoT devices using wolfSSL and Microchip. Join us to learn about using Microchip MPLABX and Harmony for embedded projects and use of the ATECC608 secure element with wolfSSL for TLS and MQTT.
Register here.
As always, bring your questions for the Q&A following the presentation.
Webinar Alert: Kernel Mode
Join our wolfSSL webinar about Kernel Mode presented by wolfSSL engineer Daniel Pouzzner tomorrow at 10AM Pacific.
In December 2020, wolfSSL 4.6.0 featured initial support for building as a Linux kernel module, supplying the entire native wolfCrypt and wolfSSL APIs directly to other kernel modules.
We have support with in-kernel FIPS 140-3, additional accelerated cryptography options on x86, and substantial improvements in stack usage.
Porting a library as large and complex as wolfSSL to the Linux kernel has been a multi-phase undertaking, guided by three key objectives:
A build process that is completely turnkey on supported kernel lines, via configure –enable-linuxkm and –with-linux-source=/source/tree/top.
A source tree that remains unified: the library and the kernel module are built from the same codebase, and differ only in various settings, and in kernel-specific glue logic.
Module builds that use the Linux in-tree Kbuild toolchain, rather than a bespoke out-of-tree build system, to facilitate simultaneous and continuing support for a wide variety of old and new kernel releases.
The Linux kernel is not a POSIX target, and many facilities commonly available to libraries and applications are unavailable (e.g. stack red zones, the C library, thread-local storage) or severely restricted (e.g. stack depth and vectorized instructions). Additionally, each minor kernel version and hardware target has peculiarities that cannot be ignored.
In this presentation, we will chronicle some of the challenges we encountered porting wolfSSL to this unusual target, and the solutions we developed.
As always we will have a Q&A Session following the webinar.
Register here.
cURL Up 2022 – Save The Date
The cURL Project and wolfSSL is happy to announce the annual cURL Developers Conference, cURL Up is being held in San Fransisco CA, USA this year! The event is on June 6th, 2022 at the Fort Mason Firehouse!
cURL Up is the annual curl developers conference where we gather and talk Internet protocols, curl’s past, current situation and how to design its future.
This is an intimate and very friendly meetup where you will have the opportunity to talk to Daniel Stenberg, founder and maintainer of cURL, as well as other speakers and sponsors about cURL and related technologies.
There are only 100 slots available, stay tuned for when the registration page goes live!
If you have questions or comments contact us at facts@wolfssl.com
wolfSSL Summer of Security Internship Program 2022
Are you a college or university student interested in application, device, and Internet security? Do you want to learn more about cryptography, SSL/TLS, SSH, MQTT, TPM, secure boot, and other protocols used to secure connected applications and devices? If so, continue reading to learn about the wolfSSL Summer of Security internship program!
wolfSSL is the leading global producer of Open Source Internet security products, securing over 2 Billion active connections on the Internet today. The wolfSSL “Summer of Security” program is an internship which spans the Summer months and brings qualified students on-board to learn about how security software is written, tested, and used around the world.
Interns who participate in this program gain valuable knowledge in the embedded SSL/TLS and security industry as well as C programming experience on Linux and embedded systems. Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with our community.
This program is a great opportunity to be part of the Open Source community, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential career with the wolfSSL team.
Requirements
Ideal candidates are students who have experience in C programming. Prior experience with embedded systems, network programming, Linux/Unix, and familiarity with git/GitHub are a plus.
Apply Today!
If you are interested in learning more about the wolfSSL Summer of Security internship program, please send the following items to internships@wolfssl.com:
- Resume with Cover Letter
- C Programming Sample
- A C application which best demonstrates your C programming ability. There are no requirements on the category or length of the application.
- Technical Writing Sample
- A writing sample which best demonstrates your writing ability. There is no requirement of topic or length of this sample.
Learn More
wolfSSL Homepage
wolfSSL Products Page
wolfSSL User Manual
TLS 1.3 Support!
wolfSSL Examples Repository (GitHub)
New wolfSSL Documentation Launched
Over the past few months the engineering team at wolfSSL have been working on a new reference documentation system for all of the wolfSSL products. The first fruits of this can be found in the form of the wolfSSL library documentation which is also available in PDF form.
This project had several goals:
- Update the documentation as much as possible
- Unify documentation locations and standards
- Reduce the barrier of entry to getting new edits into the documentation
- Reduce the barrier of entry to consuming the documentation
- Create methods of automatically building and deploying the documentation
The documentation source itself is in two parts, the first is the long form documentation pages which were previously shared documents to be edited. These are now Markdown documents in a GitHub repository. The second part is the Doxygen reference you can find in the repository with the code. Our new build system dynamically converts the Doxygen to Markdown, merges it with the long form pages, does some other minor cleanups and manipulations and then generates HTML and PDF outputs.
There are now fully working cross-links in the documentation to learn more about specific options and the formatting has been standardized across the entire documentation.
Over the coming weeks we will be automating the build and deployment of the documentation so it is always up-to-date every day. We will also be releasing documentation using the same system for the full suite of wolfSSL products. We will also be making edits over time to refine and improve the documentation that is there. We welcome any feedback to support@wolfssl.com!
For other questions about the wolfSSL embedded SSL/TLS library, TLS 1.3, or other products, contact us at facts@wolfssl.com.
wolfSSL at HACS/RWC
Have you been noticing the shiny little wolfSSL stickers floating around the HACS event (https://www.hacs-workshop.org/)? That’s right, our man in Amsterdam Anthony Hu has been giving out stickers at HACS! If you didn’t get one, don’t panic. He will also be attending RWC so if you want one, please find him to get one.
HACS was an energetic and productive event for wolfSSL where we were able to network and get some productive interactions. But now that it is over, it is time for RWC to begin! If you are also attending RWC, come find Anthony Hu to get your wolfSSL sticker.
wolfCrypt Submitted for FIPS 140-3!
After much work, wolfSSL is proud to announce that wolfCrypt v5 has been submitted to the CMVP and wolfCrypt is on the Modules in Process list for FIPS 140-3 Approval.
We’ve added more algorithms to our testing. We have AES-OFB mode. We added the TLSv1.2 and TLSv1.3 KDFs, including the extended master secret, and the SSH KDF. We’ve also testing 4096-bit RSA and ECDSA with SHA-3.
If you need to use TLSv1.3 in a FIPS environment, we have you covered! wolfCrypt FIPS also works with our other products including wolfBoot, wolfEngine, and wolfSSH.
More about FIPS 140-3
FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.
Among the changes for FIPS 140-3 are conditional algorithm self-tests, where the algorithm self-tests are only performed if used. The pre-operational self-test is now faster, as all the algorithms are not tested until needed. This helps with startup times as the public key self-testing can be time consuming. The self tests can be run at appropriate times for your application startup. Also, there is additional testing of the DRBG entropy sources.
For more information, please visit our FIPS page here.
If you want an up to date cryptography library and TLS stack that is ready for FIPS 140-3, contact us at fips@wolfssl.com.
Love it? Star wolfSSL on GitHub!
Webinar Alert: Looking Under the Hood – wolfSSL Automotive Stories and Examples!
Story time with wolfSSL! Join us for a comprehensive presentation on how to leverage wolfSSL for all of your Automotive Security needs as we go through a variety of different use cases and example with the specific engineering details for each story. As always bring your questions for the Q&A following the presentation.
Register here and join us this Thursday (April 14th) at 10AM Pacific (US and Canada)!
wolfEngine 1.0.0 Released
We’re happy to announce the first major release of wolfEngine, version 1.0.0. This release brings several improvements to wolfEngine. Here are some notable ones:
– Improved Visual Studio support.
– Improvements to the initialization code to support our upcoming FIPS 140-3 module.
– A rework of the AES-GCM implementation to support all OpenSSL use cases.
– New control commands for enabling wolfSSL debug logging.
– Better logging around the failure of the FIPS integrity check.
– A set of examples in the examples/ subdirectory.
– Additional HMAC functionality.
If you’re interested in using wolfEngine to satisfy FIPS requirements, please reach out to facts@wolfssl.com and we can discuss getting you a commercial version!
wolfSSL Supports git
wolfSSL has added support for git 2.35.1. git is a version control system that handles projects of all sizes. It is capable of handling the version history of projects all the way up to the size of the Linux kernel. git uses SSL/TLS for its imap-send command. This command sends a collection of patches from stdin to an IMAP folder. git can also be configured to use the crypto library for all SHA-1 and SHA-256 hashing. wolfSSL supports all of this functionality in our port. (https://github.com/wolfSSL/osp/tree/master/git)
Compile wolfSSL with
./configure --enable-opensslextra make make install
Compile git with:
patch -p1 < /path/to/our/patch make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 install
git uses external dependencies for most of its communication protocols. The two more common protocols used within git are https and ssh. git builds and links against the system available curl for http and https support and uses the ssh utility that is available at runtime in $PATH for ssh support. To use only wolfSSL in git make sure that all dependencies are using wolfSSL. curl can be built to use wolfSSL using a configure option (https://everything.curl.dev/source/build/tls#wolfssl) while you can build OpenSSH against wolfSSL using our patches (https://github.com/wolfSSL/osp/tree/master/openssh-patches).
To find out more please email facts@wolfssl.com.
Webinar Alert: Securing IoT Devices with Microchip Security Solutions
Join us Thursday, April 7th at 9AM Pacific!
This webinar will highlight wolfSSL’s Microchip partnership and our support for their microcontrollers and secure elements. We will discuss best practices for securing IoT devices using wolfSSL and Microchip. Join us to learn about using Microchip MPLABX and Harmony for embedded projects and use of the ATECC608 secure element with wolfSSL for TLS and MQTT.
Register here.
As always, bring your questions for the Q&A following the presentation.
Weekly updates
Archives
- June 2022 (15)
- May 2022 (11)
- April 2022 (14)
- March 2022 (12)
- February 2022 (21)
- January 2022 (13)
- December 2021 (13)
- November 2021 (29)
- October 2021 (15)
- September 2021 (15)
- August 2021 (13)
- July 2021 (21)
- June 2021 (19)
- May 2021 (12)
- April 2021 (12)
- March 2021 (27)
- February 2021 (29)
- January 2021 (22)
- December 2020 (21)
- November 2020 (14)
- October 2020 (7)
- September 2020 (22)
- August 2020 (11)
- July 2020 (8)
- June 2020 (14)
- May 2020 (15)
- April 2020 (14)
- March 2020 (4)
- February 2020 (24)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (24)
- August 2019 (21)
- July 2019 (8)
- June 2019 (13)
- May 2019 (35)
- April 2019 (31)
- March 2019 (20)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (10)
- October 2018 (18)
- September 2018 (18)
- August 2018 (8)
- July 2018 (15)
- June 2018 (29)
- May 2018 (15)
- April 2018 (11)
- March 2018 (19)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (7)
- September 2017 (8)
- August 2017 (6)
- July 2017 (11)
- June 2017 (8)
- May 2017 (10)
- April 2017 (5)
- March 2017 (7)
- February 2017 (1)
- January 2017 (8)
- December 2016 (3)
- November 2016 (2)
- October 2016 (18)
- September 2016 (8)
- August 2016 (5)
- July 2016 (4)
- June 2016 (10)
- May 2016 (4)
- April 2016 (5)
- March 2016 (4)
- February 2016 (12)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (6)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (13)
- January 2015 (6)
- December 2014 (7)
- November 2014 (3)
- October 2014 (2)
- September 2014 (11)
- August 2014 (6)
- July 2014 (9)
- June 2014 (11)
- May 2014 (11)
- April 2014 (9)
- March 2014 (3)
- February 2014 (3)
- January 2014 (5)
- December 2013 (9)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (8)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (9)
- December 2012 (13)
- November 2012 (5)
- October 2012 (7)
- September 2012 (4)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (5)
- April 2012 (7)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (6)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (12)
- February 2011 (8)
- January 2011 (13)
- December 2010 (17)
- November 2010 (12)
- October 2010 (14)
- September 2010 (11)
- August 2010 (20)
- July 2010 (14)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)
Latest Tweets