RECENT BLOG NEWS
wolfSSL at RISC-V Workshop
wolfSSL is at this month's RISC-V workshop! RISC-V is a free and open ISA enabling a new era of processor innovation through open standard collaboration. Founded in 2015, the RISC-V Foundation comprises more than 235 members building the first open, collaborative community of software and hardware innovators powering innovation at the edge forward. For June, this RISC-V workshop will be held in Zurich, Switzerland.
Where RISC-V will be held for 2019:
Venue: ETH Zurich
When: June 11-13
Directions: https://tmt.knect365.com/risc-v-workshop-zurich/plan-your-visit
Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, or to meet the wolfSSL team! Feel free to say hello!
Additionally, wolfSSL software engineers David Garske and Daniele Lacamera will be presenting a talk on secure booting with RISC-V! Their talk will cover the porting of wolfBoot to RISC-V for implementing a secure bootloader and firmware update mechanism, and will be held at 1:55pm on June 11th.
For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.
More information about RISC-V can be found here: https://riscv.org/events/upcoming-events/.
wolfSSL at TU Automotive 2019
wolfSSL is at TU Automotive this year! TU-Automotive Detroit is the world's largest auto tech conference & exhibition, shaping the future of connected automobiles. For 2019, TU Automotive will be held in Novi, MI.
Where TU Automotive will be held for 2019:
Venue: Suburban Collection Showplace
Booth #: A33
When: June 5, 6
Directions: https://automotive.knect365.com/tu-auto-detroit/plan-your-visit
Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, or to meet the wolfSSL team! Feel free to say hello!
For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.
More information about TU Automotive can be found here: https://automotive.knect365.com/tu-auto-detroit/.
wolfSSL at RTCA
wolfSSL is at RTCA this year! RTCA’s annual event attracts hundreds of executives from FAA, airlines, airports, manufacturers, service providers, UAS, aviation associations, general aviation and businesses from the US and around the world to examine current and emerging issues facing the aviation community. For 2019, RTCA will be held in Crystal City, VA.
Where RTCA will be held for 2019:
Venue: Hyatt Regency Crystal City
When: June 5
Directions: https://www.rtca.org/content/hoteltravel
Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, or to meet the wolfSSL team! Feel free to say hello!
For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.
More information about RTCA can be found here: https://www.rtca.org/content/symposium-overview.
What is Asymmetric Cryptography?
It's common to hear the term asymmetric or symmetric cryptography but what does this actually mean? A brief explanation is that asymmetric cryptography is cryptography that has two keys which is why it is also called public-key cryptography. Both keys in the algorithm are linked to each other in a mathematical way, which allows for using EPKE (Enveloped Public Key Encryption) in the common TLS connection. EPKE using an asymmetric cryptography algorithm allows for security from the message being read and from it being tampered with.
The wolfSSL embedded SSL/TLS library supports several different asymmetric algorithms, including RSA, ECC, and Ed25519!
For more information about asymmetric cryptography used in wolfSSL contact us at facts@wolfssl.com.
wolfBoot – wolfSSL’s Secure Bootloader
wolfBoot is wolfSSL's own implementation of a secure bootloader that leverages wolfSSL's underlying wolfCrypt module to provide signature authentication for the running firmware.
The role of a secure bootloader is to effectively prevent the loading of malicious or unauthorized firmware on the target. Additionally, wolfBoot provides a fail-safe update mechanism, that can be interrupted at any time, and resumed at next boot.
wolfBoot is designed to be a portable, OS-agnostic, secure bootloader solution for all 32-bit microcontrollers, relying on wolfCrypt for firmware authentication.
Due to its minimalist design and the tiny Hardware Abstraction Layer (HAL) API, wolfBoot is completely independent of any OS or bare-metal application, and can be easily ported and integrated into existing embedded software solutions.
wolfBoot provides the basis for secure firmware update (OTA) management at boot time, cutting down the development effort needed to implement and validate the required mechanisms to handle the updates. It reduces the development effort to just receiving the image using a secure channel within the application/OS. We recommend using wolfSSL to encrypt the firmware transfer over TLS, to avoid eavesdropping. Once the image is transferred and stored into the update partition, wolfBoot takes care of the update procedure at the next boot.
Remote updates that would lead to a faulty firmware are automatically reverted by wolfBoot after the first 'test' boot, by restoring the original firmware image whenever the update has failed to boot properly. This mechanism protects the target device from accidental updates on the field.
wolfBoot can be downloaded from the wolfSSL download page here: https://www.wolfssl.com/download/
More about boot loaders can be found here: https://en.wikipedia.org/wiki/Booting#BOOT-LOADER
More about wolfSSL: https://www.wolfssl.com/products/wolfssl/
More about wolfCrypt: https://www.wolfssl.com/products/wolfCrypt/
Contact facts@wolfssl.com for any questions or for more information
wolfSSL at NXP Connects
wolfSSL is at NXP Connects this year! NXP Connects represents the energy, depth, and scope of a large-scale conference designed in a concentrated format to offer a more personalized experience. Combining a wide range of technical sessions, live-demonstrations, panel discussions and networking opportunities at a regional level, attendees can focus their time on embedded solutions that specifically address their current and future designs. For 2019, NXP Connects will be held in Santa Clara, CA.
Where NXP Connects will be held for 2019:
Venue: Hyatt Regency Santa Clara and Convention Center
When: June 12-13
Directions: https://www.hyatt.com/en-US/hotel/california/hyatt-regency-santa-clara/clara/maps-parking-transportation
Stop by to hear more about the wolfSSL embedded SSL/TLS library, the wolfCrypt encryption engine, or to meet the wolfSSL team! Feel free to say hello!
For more information about wolfSSL, its products, or future events, please contact facts@wolfssl.com.
More information about Wireless IoT can be found here: https://www.nxp.com/support/training-events/nxp-connects:NXP-CONNECTS
wolfSSL FIPS-Ready
With the release of wolfSSL 4.0.0, the wolfSSL team has also released a new product: the wolfSSL FIPS Ready library. This product features new, state of the art concepts and technology. In a single sentence, wolfSSL FIPS Ready is a testable and free to download open source embedded SSL/TLS library with support for FIPS validation, with FIPS enabled cryptography layer code included in the wolfSSL source tree. To further elaborate on what FIPS Ready really means, you do not get a FIPS certificate and you are not FIPS approved. FIPS Ready means that you have included the FIPS code into your build and that you are operating according to the FIPS enforced best practices of default entry point, and Power On Self Test (POST).
FIPS validation is a government certification for cryptographic modules that states that the module in question has undergone thorough and rigorous testing to be certified. FIPS validation specifies that a software/encryption module is able to be used within or alongside government systems. The most recent FIPS specification is 140-2, with various levels of security offered (1-5). Currently, wolfCrypt has FIPS 140-2 validation with certificates #2425 and #3389. When trying to get software modules FIPS validated, this is often a costly and time-consuming effort and as such causes the FIPS validated modules to have high price tags.
Since the majority of wolfSSL products use the wolfCrypt encryption engine, this also means that if wolfSSH, wolfMQTT (with TLS support), wolfBoot, and other wolfSSL products in place can be tested FIPS validated code with their software before committing.
wolfSSL FIPS Ready can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/
For more information about wolfSSL and its FIPS Ready initiative, please contact facts@wolfssl.com.
wolfCrypt as an engine for OpenSSL
As many people know, the OpenSSL project is struggling with FIPS, and their new FIPS release is not expected until December 2020. The version of OpenSSL that supports FIPS goes into End Of Life and is no longer supported in December of 2019.
This means that OpenSSL users will not have a supported package for over a year. This is a big issue for companies that rely on security.
To fill this breach, wolfSSL has integrated our FIPS certified crypto module with OpenSSL as an OpenSSL engine. This means that:
1. OpenSSL users can get a supported FIPS solution, with packages available up to the 24×7 level,
2. The new wolfCrypt FIPS solution also supports the TLS 1.3 algorithms, so your package can support TLS 1.3,
3. You can support hardware encryption with your package, as the new wolfCrypt solution has full hardware encryption support.
Additionally, should you be using one of the OpenSSL derivatives like BoringSSL, we can also support you.
Contact us at facts@wolfssl.com if you would like to learn more!
We love you.
Team wolfSSL
wolfCrypt FIPS Certificate #3389
The National Institute of Standards and Technology (NIST) has completed the validation of the wolfCrypt module version 4 for an updated Federal Information and Processing Standards (FIPS) 140-2 certificate in addition to its previous FIPS 140-2 certificate. This new certificate includes updated and more secure algorithms added to the wolfCrypt module's boundary, some of which are listed further below.
FIPS 140-2 is a government standard that specifies a software module is compatible and allowed to be used in government systems. This includes such areas as drone software, government databases, and other high-security/high-power uses.
The new FIPS 140-2 validation has certificate #3389. The Operating Environments (OEs) tested are Ubuntu Linux (16.04) and Windows 10 on Intel Core i5 processors. Full details about the OEs can be found on the CSRC certificate page. Additionally, the certificate also includes the following algorithms: AES (CBC, GCM, CTR, ECB), CVL, Hash DRBG, DSA, DHE, ECDSA (key generation, sign, verify), HMAC, RSA (key generation, sign, verify), SHA-3, SHA-2, SHA-1, and Triple-DES.
For more information about wolfSSL, wolfCrypt, or our FIPS 140-2 validations, please view our resources below.
- wolfSSL FIPS page: https://www.wolfssl.com/license/fips/
- wolfSSL product page: https://www.wolfssl.com/products/wolfssl/
- wolfCrypt product page: https://www.wolfssl.com/products/wolfcrypt/
Other information can be obtained, or questions can also be answered by contacting facts@wolfssl.com.
Need a Secure Bootloader with MISRA C?
wolfBoot is wolfSSL’s portable, OS-agnostic, secure bootloader solution for 32-bit microcontrollers, relying on wolfCrypt for firmware authentication. wolfBoot also provides firmware update mechanisms.
MISRA C is a set of rules and guidelines for C code targeting Automotive applications. The focus of the guidelines is on security and safety.
wolfSSL is considering making wolfBoot compliant with the MISRA C standard. Please let us know if you have an interest in testing this combination.
For questions about wolfBoot or using wolfSSL technology with MISRA C contact us at facts@wolfssl.com.
Download wolfBoot here: https://www.wolfssl.com/download/
More information about MISRA C can be found here: https://misra.org.uk
Weekly updates
Archives
- March 2024 (11)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (9)
- September 2022 (7)
- August 2022 (12)
- July 2022 (11)
- June 2022 (15)
- May 2022 (11)
- April 2022 (14)
- March 2022 (12)
- February 2022 (22)
- January 2022 (13)
- December 2021 (13)
- November 2021 (29)
- October 2021 (15)
- September 2021 (15)
- August 2021 (13)
- July 2021 (21)
- June 2021 (19)
- May 2021 (12)
- April 2021 (13)
- March 2021 (27)
- February 2021 (29)
- January 2021 (22)
- December 2020 (21)
- November 2020 (14)
- October 2020 (7)
- September 2020 (22)
- August 2020 (11)
- July 2020 (8)
- June 2020 (14)
- May 2020 (15)
- April 2020 (14)
- March 2020 (4)
- February 2020 (24)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (24)
- August 2019 (21)
- July 2019 (8)
- June 2019 (13)
- May 2019 (35)
- April 2019 (31)
- March 2019 (20)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (10)
- October 2018 (18)
- September 2018 (18)
- August 2018 (8)
- July 2018 (15)
- June 2018 (29)
- May 2018 (15)
- April 2018 (11)
- March 2018 (19)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (7)
- September 2017 (8)
- August 2017 (6)
- July 2017 (11)
- June 2017 (8)
- May 2017 (10)
- April 2017 (5)
- March 2017 (7)
- February 2017 (1)
- January 2017 (8)
- December 2016 (3)
- November 2016 (2)
- October 2016 (18)
- September 2016 (8)
- August 2016 (5)
- July 2016 (4)
- June 2016 (10)
- May 2016 (4)
- April 2016 (5)
- March 2016 (4)
- February 2016 (12)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (6)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (13)
- January 2015 (6)
- December 2014 (7)
- November 2014 (3)
- October 2014 (2)
- September 2014 (11)
- August 2014 (6)
- July 2014 (9)
- June 2014 (11)
- May 2014 (11)
- April 2014 (9)
- March 2014 (3)
- February 2014 (3)
- January 2014 (5)
- December 2013 (9)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (8)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (9)
- December 2012 (13)
- November 2012 (5)
- October 2012 (7)
- September 2012 (4)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (5)
- April 2012 (7)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (6)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (12)
- February 2011 (8)
- January 2011 (13)
- December 2010 (17)
- November 2010 (12)
- October 2010 (14)
- September 2010 (11)
- August 2010 (20)
- July 2010 (14)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)