Do you have a Linux application, service, container, or distribution that depends on OpenSSL and must meet FIPS 140 requirements, or interoperate with systems operating in FIPS-approved mode? wolfProvider is an OpenSSL provider module that enables OpenSSL-based applications to use wolfSSL’s FIPS-validated cryptographic implementations. wolfProvider replaces OpenSSL’s cryptographic engine as the provider layer. Existing OpenSSL […]
Read MoreMore TagCategory: Uncategorized
Securing wolfHSM POSIX Transport with TLS
The recent addition of a TLS transport to the wolfHSM project provides improved transport-level protection for POSIX-based communications and was included with the latest release. Previously, when wolfHSM was used over POSIX transports (such as TCP sockets on a local system), security largely depended on controlling access to that transport. If an attacker could access […]
Read MoreMore TagNew X.509 Certificate Extension APIs in wolfSSL and wolfSSL JNI
wolfSSL now adds new public X.509 certificate-generation APIs for key identifiers, CRL distribution points, and Netscape certificate type handling. wolfSSL JNI builds on top of these APIs and now exposes matching Java methods in WolfSSLCertificate. New public wolfSSL APIs (C) int wolfSSL_X509_set_subject_key_id(WOLFSSL_X509* x509, const unsigned char* skid, int skidSz); int wolfSSL_X509_set_subject_key_id_ex(WOLFSSL_X509* x509); int wolfSSL_X509_set_authority_key_id(WOLFSSL_X509* x509, […]
Read MoreMore TagWebSocket Support Comes to the wolfMQTT Broker
wolfMQTT clients have been able to speak MQTT over WebSocket for a while. Now the broker can too. Starting with the latest code on master, the wolfMQTT broker accepts WebSocket connections alongside standard TCP – no proxy, no bridge, no extra infrastructure. Pass -w to open a WebSocket listener: ./src/broker -p 1883 -w 9001 This […]
Read MoreMore TagMigrating CRL Workflows from Bouncy Castle to wolfSSL JNI
If your Java stack currently uses Bouncy Castle for certificate tooling, moving CRL generation to wolfSSL’s JNI is straightforward once you map the flow correctly. wolfSSL JNI/JSSE uses wolfSSL’s native C crypto/TLS library, so projects can share one crypto implementation across Java and non-Java components. In environments that require validated cryptography, wolfSSL has significant experience […]
Read MoreMore TagExpanded CRL Support: Generating a CRL
wolfSSL has long provided solid CRL decode and validation support. This update builds on that foundation by adding CRL generation and signing capabilities, along with certificate extension helpers that improve revocation-aware certificate creation workflows. What is a CRL? A Certificate Revocation List (CRL) is a signed list published by a certificate authority (CA) that identifies […]
Read MoreMore TagNew! wolfSSL Launches User-Space FIPS VPN Client in Rust
wolfSSL is excited to announce the release of its new user-space VPN client. This client is written entirely in Rust, leveraging the language’s safety and performance characteristics. The implementation is based on the popular open-source boringtun project. Crucially, this new client incorporates FIPS-validated cryptography through the use of the wolfGuard protocol. This solution ensures a […]
Read MoreMore TagwolfSSL’s OCSP and OCSP-Stapling Support
Sometimes, X.509 certificates need to be revoked. One way that can happen is via CRL (Certificate Revocation List), but that’s a topic for another time. Today we’ll focus on OCSP (Online Certificate Status Protocol). The OCSP protocol is designed to allow a client to send a real-time query to a certificate authority’s OCSP responder, which […]
Read MoreMore TagKeeping TLS 1.3 AES-GCM Session Keys Out of RAM
Secure Element Offload via Crypto Callbacks in wolfSSL Modern embedded and security-critical systems increasingly rely on Secure Elements, TPMs, and hardware cryptographic accelerators to protect private keys. In wolfSSL, asymmetric keys such as ECC private keys can already reside entirely inside hardware using Crypto Callbacks. Until now, however, TLS 1.3 AES-GCM session keys were still […]
Read MoreMore TagSimplified Networking: wolfIP Now Supports STM32CubeMX
Developing robust, secure networking for embedded systems just got a whole lot smoother. We are excited to announce that wolfIP now features official STM32CubeMX Pack support. Manual integration of networking stacks can be a headache, often requiring tedious porting and configuration. By introducing this CubePack, we’ve bridged the gap between the wolfIP stack and the […]
Read MoreMore Tag