Category: Uncategorized

Affected Users: User of wolfSSL v4.0.0 are affected. Summary of issue: wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. The identity data field of the PSK extension of the packet contains data beyond the buffer length to be stored in the […]

Read MoreMore Tag

Settings that mitigate this vulnerability in affected versions (secp256r1 only, all other curves are affected): –enable-sp –enable-sp-asm –enable-fpecc Affected Users: Users with long-term private ECC ECDSA keys performing ECDSA sign operations with the USE_FAST_MATH setting (–enable-fastmath). Users who have disabled the default enabled timing resistance while also using fastmath (–disable-harden) or using normal math (–disable-fastmath) […]

Read MoreMore Tag

wolfSSL is excited to announce its summer release of the wolfSSL embedded SSL/TLS library version 4.1.0! As with each release, wolfSSL 4.1.0 comes with many feature additions, bug fixes, and improvements to the wolfSSL library.  The list below outlines some of the new features and notable fixes added for version 4.1.0: Fixes and updates for […]

Read MoreMore Tag

wolfSSL’s embedded SSL/TLS library has included support for TLS 1.3 since early releases of the TLS 1.3 draft. Since then, wolfSSL has remained up-to-date with the TLS 1.3 specification. In this post, the major upgrades of TLS 1.3 from TLS 1.2 are outlined below: TLS 1.3 This protocol is defined in RFC 8446. TLS 1.3 […]

Read MoreMore Tag

The most requested feature for the wolfMQTT client library is now available! Multithreading support allows an application to create multiple threads that use the wolfMQTT client library. There is a new example that demonstrates this functionality, located in `examples/multithread/`. This example creates a thread that subscribes to a topic and then waits for incoming messages; […]

Read MoreMore Tag

The wolfSSL library is NOT vulnerable to these attacks, thanks to previous fixes we’ve made and our extensive testing.  Ongoing research regarding CBC padding oracle attacks against TLS will be presented in August 2019 at USENIX Security. These attacks were originally presented by Craig Young at BlackHat Asia in March 2019 (slides).  Both attacks target […]

Read MoreMore Tag

We wanted to cover building for TLS 1.3 today for our Windows users! For those interested in testing with TLS 1.3 on Windows system please use the wolfssl64.sln located in the root directory of our download (wolfssl-x.x.x/wolfssl64.sln). The wolfssl64.sln solution provides builds configurations for: WIN32 | Debug WIN32 | DLL Debug WIN32 | Release WIN32 […]

Read MoreMore Tag

Ever wondered how to use PSK with the embedded wolfSSL library?  PSK is useful in resource constrained devices where public key operations may not be viable.  It`s also helpful in closed networks where a Certificate Authority structure isn`t in place.  To enable PSK with wolfSSL you can simply do: $ ./configure –enable-psk Using PSK on […]

Read MoreMore Tag

wolfCrypt adds support for cryptographic callbacks that can be registered for replacing stock software calls with your own custom implementations. The goal is to make adding hardware cryptographic support easier. Currently supported crypto callbacks: RNG and RNG Seed ECC (key gen, sign/verify and shared secret) RSA (key gen, sign/verify, encrypt/decrypt) AES CBC and GCM SHA1 […]

Read MoreMore Tag

We have added support for RISC-V hardware in our wolfBoot library. The reference example uses the SiFive HiFive1 FE310 board to demonstrate a secure bootloader and firmware upgrade. The HiFive1 is a 32-bit E31 RISC-V core capable of running at 320MHz. It includes 4MB of external flash and 16KB of internal RAM. The wolfBoot library […]

Read MoreMore Tag