RECENT BLOG NEWS
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.
We’re happy to announce that we’ve added wolfSSL support to rsyslog 8.2106.0 using our OpenSSL compatibility layer! rsyslog is “the rocket-fast system for log processing”. The wolfSSL port allows you to use rsyslog with our FIPS-certified wolfCrypt library.
Ever wonder exactly how much power your crypto is consuming? How long the battery of your device will last after adding in security? wolfSSL has worked with EEMBC to plug wolfSSL into SecureMark TLS for benchmarking a hardware’s performance and power consumption (https://github.com/eembc/securemark-tls). One of the algorithms benchmarked with SecureMark is ECDSA which makes up the bulk of the power and time taken for TLS 1.3 and TLS 1.2 handshakes using ECDSA cipher suites.
If you have interest in seeing how much power wolfSSL consumes on your device contact us at firstname.lastname@example.org.
wolfSSL will be attending Automative Tech Week 2021! This onsite conference takes place in Novi, Michigan on November 15-17 from 9:00AM – 6:00PM ET. Join us at Booth #623 to connect with wolfSSL engineer Eric Blankenhorn and sales expert Paul Dennison, who are ready to answer all your embedded security questions!
For registration and more information, visit https://wardsauto.informa.com/auto-tech-week/.
Version 1.2.0 of wolfCrypt JCE and JNI is now available for download! The wolfCrypt JCE provider and JNI wrapper provide Java applications with a convenient Java API to the widely-used wolfCrypt cryptography library, including support for FIPS 140-2/140-3! This package provides both a Java JCE Provider as well as a thin JNI wrapper around native wolfCrypt.
Release 1.2.0 includes FIPS 140-3 compatibility, bug fixes and changes including:
- Add FIPS 140-3 compatibility when using wolfCrypt FIPS or FIPS Ready
- Increase junit version from 4.12 to 4.13 in pom.xml
- Add local “./lib” directory to “java.library.path” in pom.xml
- Fix debug builds using the “WOLFCRYPT_JNI_DEBUG_ON” define
- Fix compatibility with wolfCrypt “NO_OLD_*” defines
- Fix compatibility with wolfSSL “./configure –enable-all” and ECC tests
For any questions, or to get help using wolfSSL in your product or project, contact us at email@example.com.
wolfSSL often recognizes the work of our amazing community through GitHub. Today, we’re giving visibility to the excellent work of Kasper Kyllönen and Dr. Ian Oliver, on their fork of the wolfBoot GitHub repository. Visit their fork and check out their changes here: https://github.com/nokia/wolfBoot
Their wolfBoot fork has some Raspberry Pi related improvements for testing, measured boot and debugging.
wolfBoot is a portable secure bootloader solution that offers firmware authentication and firmware update mechanisms. It can be easily ported and integrated in existing embedded software projects to provide a secure firmware update mechanism. Check out our GitHub page for our wolfBoot repository, as well as repositories of our other products!
For more information, contact firstname.lastname@example.org.
Version 1.8.0 of wolfSSL JSSE and JNI is now available for download! The wolfSSL JSSE provider and JNI wrapper provide Java applications with a convenient Java API to the widely-used wolfSSL embedded SSL/TLS library, including support for TLS 1.3 and FIPS 140-2/140-3! This package provides both a Java JSSE Provider as well as a thin JNI wrapper around native wolfSSL.
Release 1.8.0 includes FIPS 140-3 compatibility, bug fixes and new features including:
- wolfCrypt FIPS 140-3 and FIPS Ready compatibility
- Add Socket method wrappers, fixes behavior when inner Socket used with JSSE
- Add wrappers to get FIPS verifyCore hash (FIPS error cb or directly)
- Fix potential NullPointerException with several clone() methods
- Refactor of SSLSessionContext implementation
- Fix behavior of WolfSSLSocket.getSoTimeout() when external Socket is wrapped
- Fix timeout used in socketSelect to correctly handle fractional sec timeouts
- Fix memory leak when custom X509TrustManager is used with wolfJSSE
- Add support for multiple X509TrustManager objects across multiple sessions
- Call WolfSSL.cleanup() in finalizer to release library resources earlier
- Release native WOLFSSL memory sooner, when WolfSSLSocket is closed
- Better management and freeing of native WolfSSLCertificate memory
- Release native logging callback when library is freed
- Release native wolfCrypt FIPS callback when library is freed
- Release CTX-level Java verify callback when CTX is freed
- Release CTX-level Java CRL callback when CTX is freed
- Better global reference cleanup in error conditions
- Fix unused variable warnings in non-FIPS builds
- Use one static WolfSSL object across all WolfSSLProvider objects
- Release local JNI array inside WolfSSLSession.read() on function exit
- Add multi-threaded JSSE provider client and server examples
- Update Android AOSP install script to create missing blank files if needed
- Update Android AOSP build fixes to define `SIZEOF_LONG` and `SIZEOF_LONG_LONG`
- Update IDE/Android example Android Studio project
- Fix default cipher suite list order used in JSSE WolfSSLContext objects
- Fix FIPS Ready compatibility with `WC_RNG_SEED_CB`
- Update Android AOSP Android.mk to compile wolfCrypt kdf.c
For any questions, or to get help using wolfSSL in your product or project, contact us at email@example.com.
We have added wolfCrypt support to SQLCipher, which enables encryption of a SQLite database. The port also supports using our wolfCrypt FIPS module.
SQLCipher extends the SQLite database library to add security enhancements that make it more suitable for encrypted local data storage like :
- on-the-fly encryption
- tamper detection
- memory sanitization
- strong key derivation
This feature is enabled with `./configure –with-crypto-lib=wolfssl`.
See pull request https://github.com/sqlcipher/sqlcipher/pull/411 for details.
 From the SQLCipher README.md. https://github.com/sqlcipher/sqlcipher#sqlcipher
For questions please email firstname.lastname@example.org
We are excited to announce our wolfTPM v2.3 release. This includes some minor fixes and features for PCR and GPIO.
If using a big endian platform consider updating to resolve a byte swapping issue with the TIS layer.
We have refactored the GPIO configuration example for use with either STM ST33 or Nuvoton NPCT750 TPM 2.0 modules.
The PCR example now includes a standalone read example.
- Refactor GPIO support (single gpio_config) (PR #194)
- Fix for Linux HAL IO try again timeout logic (PR #194)
- Fix for big endian in TIS layer (PR #191)
- Fix for RSAES padding (RSA_Encrypt) (PR #187)
- Fix in tests to allow command code error for CreateLoaded (not supported on hardware) (PR #184)
- Fix for compiler warning for file read in make_credential.c (PR #182)
- Fixes for Windows builds (PR #181)
- Fixes for RSA RNG in edge case builds (fixes wolfBoot build error) (PR #180)
- Added PCR Read example (PR #185)
Happy Fall! wolfSSL has a great treat for all, we released version 5.0.0 and it is now ready for download! This includes a new major feature, having our FIPS 140-3 code added in. Stay tuned for more information in upcoming blog posts regarding the FIPS 140-3 code additions! It also includes notable feature additions such as the post quantum resistant code supporting use of liboqs, expansion to the compatibility layer for ease of replacing OpenSSL and many more features and fixes.
Key New Feature Additions
- FIPS 140-3 — currently undergoing laboratory testing, code review and ultimately CMVP validation. Targeting the latest FIPS standard.
- Federal Information Processing Standards (FIPS) 140-3 is a mandatory standard for the protection of sensitive or valuable data within Federal systems. FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications.
- Support for OQS‘s (liboqs version 0.7.0) implementation of NIST Round 3 KEMs as TLS 1.3 groups –with-liboqs
- Hybridizing NIST ECC groups with the OQS groups
- Remove legacy NTRU and QSH
- Make quantum-safe groups available to the compatibility layer
Linux Kernel Module
- Full support for FIPS 140-3, with in-kernel power on self test (POST) and conditional algorithm self test(s) (CAST)
- –enable-linuxkm-pie — position-independent in-kernel wolfCrypt container, for FIPS
- Vectorized x86 acceleration in PK algs (RSA, ECC, DH, DSA) and AES/AES-GCM
- Vectorized x86 acceleration in interrupt handlers
- Support for Linux-native module signatures
- Complete SSL/TLS and Crypto API callable from other kernel module(s)
- Support for LTS kernel lines: 3.16, 4.4, 4.9, 5.4, 5.10
- KCAPI: add support for using libkcapi for crypto
Compatibility Layer Expansion
- Numerous API/Structs Added
The release contained two vulnerabilities – one regarding a hang with DSA sign creation and the other regarding the handling of certificate name constraints.
- [Low] Hang with DSA signature creation when a specific q value is used in a maliciously crafted key. If a DSA key with an invalid q value of either 1 or 0 was decoded and used for creating a signature, it would result in a hang in wolfSSL. Users that are creating signatures with DSA and are using keys supplied from an outside source are affected.
- [Low] Issue with incorrectly validating a certificate that has multiple subject alternative names when given a name constraint. In the case where more than one subject alternative name is used in the certificate, previous versions of wolfSSL could incorrectly validate the certificate. Users verifying certificates with multiple alternative names and name constraints, are recommended to either use the certificate verify callback to check for this case or update the version of wolfSSL used. Thanks to Luiz Angelo Daros de Luca for the report.
For a full list of changes, check out the updated ChangeLog.md bundled with wolfSSL or view our page on GitHub here (https://github.com/wolfSSL/wolfssl). Any questions can be sent directly to email@example.com.
wolfSSL was developed with security and open source development in mind. As such we have continued to make sure our products are open source, so that they are free to download and modify under a GPL licence.
We are so happy to announce that our product wolfEngine and our OpenSSL Provider solution with FIPS are now public under a GPL v.3 license! wolfEngine is a FIPS-certified crypto module (wolfCrypt) with OpenSSL as an OpenSSL engine. You may also know that OpenSSL 3.0 has done away with the engines paradigm in favor of a new concept, called providers. wolfSSL has developed an OpenSSL 3.0 provider, allowing you to use the latest version of OpenSSL backed by our FIPS-certified wolfCrypt library. Like wolfEngine, the wolfSSL provider for OpenSSL is an excellent pathway for users looking to get FIPS compliance fast while still using OpenSSL.
Check them out in our GitHub Repository here!
If you have any questions regarding wolfEngine, open source, or securing an embedded device, please contact us at firstname.lastname@example.org
- January 2022 (8)
- December 2021 (13)
- November 2021 (29)
- October 2021 (15)
- September 2021 (15)
- August 2021 (13)
- July 2021 (21)
- June 2021 (19)
- May 2021 (12)
- April 2021 (12)
- March 2021 (27)
- February 2021 (29)
- January 2021 (22)
- December 2020 (21)
- November 2020 (14)
- October 2020 (7)
- September 2020 (22)
- August 2020 (11)
- July 2020 (8)
- June 2020 (14)
- May 2020 (15)
- April 2020 (14)
- March 2020 (4)
- February 2020 (24)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (24)
- August 2019 (21)
- July 2019 (8)
- June 2019 (13)
- May 2019 (35)
- April 2019 (31)
- March 2019 (20)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (10)
- October 2018 (18)
- September 2018 (18)
- August 2018 (8)
- July 2018 (15)
- June 2018 (29)
- May 2018 (15)
- April 2018 (11)
- March 2018 (19)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (7)
- September 2017 (8)
- August 2017 (6)
- July 2017 (11)
- June 2017 (8)
- May 2017 (10)
- April 2017 (5)
- March 2017 (7)
- February 2017 (1)
- January 2017 (8)
- December 2016 (3)
- November 2016 (2)
- October 2016 (18)
- September 2016 (8)
- August 2016 (5)
- July 2016 (4)
- June 2016 (10)
- May 2016 (4)
- April 2016 (5)
- March 2016 (4)
- February 2016 (12)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (6)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (13)
- January 2015 (6)
- December 2014 (7)
- November 2014 (3)
- October 2014 (2)
- September 2014 (11)
- August 2014 (6)
- July 2014 (9)
- June 2014 (11)
- May 2014 (11)
- April 2014 (9)
- March 2014 (3)
- February 2014 (3)
- January 2014 (5)
- December 2013 (9)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (8)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (9)
- December 2012 (13)
- November 2012 (5)
- October 2012 (7)
- September 2012 (4)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (5)
- April 2012 (7)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (6)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (12)
- February 2011 (8)
- January 2011 (13)
- December 2010 (17)
- November 2010 (12)
- October 2010 (14)
- September 2010 (11)
- August 2010 (20)
- July 2010 (14)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)