RECENT BLOG NEWS

Join our wolfSSL webinar about Kernel Mode presented by wolfSSL engineer Daniel Pouzzner tomorrow at 10AM Pacific.

In December 2020, wolfSSL 4.6.0 featured initial support for building as a Linux kernel module, supplying the entire native wolfCrypt and wolfSSL APIs directly to other kernel modules.

We have support with in-kernel FIPS 140-3, additional accelerated cryptography options on x86, and substantial improvements in stack usage.

Porting a library as large and complex as wolfSSL to the Linux kernel has been a multi-phase undertaking, guided by three key objectives:

A build process that is completely turnkey on supported kernel lines, via configure –enable-linuxkm and –with-linux-source=/source/tree/top.

A source tree that remains unified: the library and the kernel module are built from the same codebase, and differ only in various settings, and in kernel-specific glue logic.

Module builds that use the Linux in-tree Kbuild toolchain, rather than a bespoke out-of-tree build system, to facilitate simultaneous and continuing support for a wide variety of old and new kernel releases.

The Linux kernel is not a POSIX target, and many facilities commonly available to libraries and applications are unavailable (e.g. stack red zones, the C library, thread-local storage) or severely restricted (e.g. stack depth and vectorized instructions). Additionally, each minor kernel version and hardware target has peculiarities that cannot be ignored.

In this presentation, we will chronicle some of the challenges we encountered porting wolfSSL to this unusual target, and the solutions we developed.

As always we will have a Q&A Session following the webinar.

Register here.

The cURL Project and wolfSSL is happy to announce the annual cURL Developers Conference, cURL Up is being held in San Fransisco CA, USA this year! The event is on June 6th, 2022 at the Fort Mason Firehouse!

cURL Up is the annual curl developers conference where we gather and talk Internet protocols, curl’s past, current situation and how to design its future.

This is an intimate  and very friendly meetup where you will have the opportunity to talk to Daniel Stenberg, founder and maintainer of cURL, as well as other speakers and sponsors about cURL and related technologies.

There are only 100 slots available, stay tuned for when the registration page goes live!

If you have questions or comments contact us at facts@wolfssl.com

Are you a college or university student interested in application, device, and Internet security?  Do you want to learn more about cryptography, SSL/TLS, SSH, MQTT, TPM, secure boot, and other protocols used to secure connected applications and devices?  If so, continue reading to learn about the wolfSSL Summer of Security internship program!

wolfSSL is the leading global producer of Open Source Internet security products, securing over 2 Billion active connections on the Internet today. The wolfSSL “Summer of Security” program is an internship which spans the Summer months and brings qualified students on-board to learn about how security software is written, tested, and used around the world.

Interns who participate in this program gain valuable knowledge in the embedded SSL/TLS and security industry as well as C programming experience on Linux and embedded systems.  Throughout the summer, interns play a role in improving wolfSSL products – working on testing, documentation, examples, porting, marketing, and interacting with our community.

This program is a great opportunity to be part of the Open Source community, learn how real-world software is created and maintained, gain work experience in the field of Computer Science, and work towards a potential career with the wolfSSL team.

Requirements

Ideal candidates are students who have experience in C programming.  Prior experience with embedded systems, network programming, Linux/Unix, and familiarity with git/GitHub are a plus.

Apply Today!

If you are interested in learning more about the wolfSSL Summer of Security internship program, please send the following items to internships@wolfssl.com:

1. Resume with Cover Letter
2. C Programming Sample
   • A C application which best demonstrates your C programming ability.  There are no requirements on the category or length of the application.
3. Technical Writing Sample
   • A writing sample which best demonstrates your writing ability.  There is no requirement of topic or length of this sample.

Learn More

wolfSSL Homepage
wolfSSL Products Page
wolfSSL User Manual
TLS 1.3 Support!
wolfSSL Examples Repository (GitHub)

Over the past few months the engineering team at wolfSSL have been working on a new reference documentation system for all of the wolfSSL products. The first fruits of this can be found in the form of the wolfSSL library documentation which is also available in PDF form.

This project had several goals:

• Update the documentation as much as possible
• Unify documentation locations and standards
• Reduce the barrier of entry to getting new edits into the documentation
• Reduce the barrier of entry to consuming the documentation
• Create methods of automatically building and deploying the documentation

The documentation source itself is in two parts, the first is the long form documentation pages which were previously shared documents to be edited. These are now Markdown documents in a GitHub repository. The second part is the Doxygen reference you can find in the repository with the code. Our new build system dynamically converts the Doxygen to Markdown, merges it with the long form pages, does some other minor cleanups and manipulations and then generates HTML and PDF outputs.

There are now fully working cross-links in the documentation to learn more about specific options and the formatting has been standardized across the entire documentation.

Over the coming weeks we will be automating the build and deployment of the documentation so it is always up-to-date every day. We will also be releasing documentation using the same system for the full suite of wolfSSL products. We will also be making edits over time to refine and improve the documentation that is there. We welcome any feedback to support@wolfssl.com!

For other questions about the wolfSSL embedded SSL/TLS library, TLS 1.3, or other products, contact us at facts@wolfssl.com.

Have you been noticing the shiny little wolfSSL stickers floating around the HACS event (https://www.hacs-workshop.org/)? That’s right, our man in Amsterdam Anthony Hu has been giving out stickers at HACS! If you didn’t get one, don’t panic. He will also be attending RWC so if you want one, please find him to get one.

HACS was an energetic and productive event for wolfSSL where we were able to network and get some productive interactions.  But now that it is over, it is time for RWC to begin! If you are also attending RWC, come find Anthony Hu to get your wolfSSL sticker.

After much work, wolfSSL is proud to announce that wolfCrypt v5 has been submitted to the CMVP and wolfCrypt is on the Modules in Process list for FIPS 140-3 Approval.

We’ve added more algorithms to our testing. We have AES-OFB mode. We added the TLSv1.2 and TLSv1.3 KDFs, including the extended master secret, and the SSH KDF. We’ve also testing 4096-bit RSA and ECDSA with SHA-3.

If you need to use TLSv1.3 in a FIPS environment, we have you covered! wolfCrypt FIPS also works with our other products including wolfBoot, wolfEngine, and wolfSSH.

More about FIPS 140-3

FIPS 140-3 is an incremental advancement of FIPS 140-2, which now standardizes on the ISO 19790:2012 and ISO 24759:2017 specifications. Historically, ISO 19790 was based on FIPS 140-2, but has continued to advance since that time. FIPS 140-3 will now point back to ISO 19790 for security requirements. Keeping FIPS 140-3 as a separate standard will still allow NIST to mandate additional requirements on top of what the ISO standard contains when needed.

Among the changes for FIPS 140-3 are conditional algorithm self-tests, where the algorithm self-tests are only performed if used. The pre-operational self-test is now faster, as all the algorithms are not tested until needed. This helps with startup times as the public key self-testing can be time consuming. The self tests can be run at appropriate times for your application startup. Also, there is additional testing of the DRBG entropy sources.

For more information, please visit our FIPS page here.

If you want an up to date cryptography library and TLS stack that is ready for FIPS 140-3, contact us at fips@wolfssl.com.

Love it? Star wolfSSL on GitHub!

Story time with wolfSSL! Join us for a comprehensive presentation on how to leverage wolfSSL for all of your Automotive Security needs as we go through a variety of different use cases and example with the specific engineering details for each story. As always bring your questions for the Q&A following the presentation.

Register here and join us this Thursday (April 14th) at 10AM Pacific (US and Canada)!

We’re happy to announce the first major release of wolfEngine, version 1.0.0. This release brings several improvements to wolfEngine. Here are some notable ones:

– Improved Visual Studio support.

– Improvements to the initialization code to support our upcoming FIPS 140-3 module.

– A rework of the AES-GCM implementation to support all OpenSSL use cases.

– New control commands for enabling wolfSSL debug logging.

– Better logging around the failure of the FIPS integrity check.

– A set of examples in the examples/ subdirectory.

– Additional HMAC functionality.

If you’re interested in using wolfEngine to satisfy FIPS requirements, please reach out to facts@wolfssl.com and we can discuss getting you a commercial version!

wolfSSL has added support for git 2.35.1. git is a version control system that handles projects of all sizes. It is capable of handling the version history of projects all the way up to the size of the Linux kernel. git uses SSL/TLS for its imap-send command. This command sends a collection of patches from stdin to an IMAP folder. git can also be configured to use the crypto library for all SHA-1 and SHA-256 hashing. wolfSSL supports all of this functionality in our port. (https://github.com/wolfSSL/osp/tree/master/git)

Compile wolfSSL with

./configure --enable-opensslextra

make

make install

Compile git with:

patch -p1 < /path/to/our/patch

make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1

make USE_WOLFSSL=1 OPENSSL_SHA1=1 OPENSSL_SHA256=1 install

git uses external dependencies for most of its communication protocols. The two more common protocols used within git are https and ssh. git builds and links against the system available curl for http and https support and uses the ssh utility that is available at runtime in $PATH for ssh support. To use only wolfSSL in git make sure that all dependencies are using wolfSSL. curl can be built to use wolfSSL using a configure option (https://everything.curl.dev/source/build/tls#wolfssl) while you can build OpenSSH against wolfSSL using our patches (https://github.com/wolfSSL/osp/tree/master/openssh-patches).

To find out more please email facts@wolfssl.com.

Join us Thursday, April 7th at 9AM Pacific!

This webinar will highlight wolfSSL’s Microchip partnership and our support for their microcontrollers and secure elements. We will discuss best practices for securing IoT devices using wolfSSL and Microchip. Join us to learn about using Microchip MPLABX and Harmony for embedded projects and use of the ATECC608 secure element with wolfSSL for TLS and MQTT.

Register here.

As always, bring your questions for the Q&A following the presentation.