Category: Uncategorized

wolfBoot version 1.5 has been released and can be downloaded from our website. New features that are available starting from this release include:

• Support for SHA-3 digest for firmware images
• Support for RSA-4096 signature authentication
• Support for a new architecture (ARMv8 64bit)
• Support for new targets and platforms (LPC54xx, raspberry pi, Xilinx Zynq)
• Improved experience for development in MS Windows environments
• Virtual storage over UART

wolfBoot is now capable of securing the boot process in embedded Linux systems based on the ARM Cortex-A CPU. wolfBoot integrates with your platform chain-of-trust, adding support for reliable and trusted
firmware updates. All the execution levels on systems using ARM TrustZone to separate privileges among boot stages are supported in the new boot procedure.

Using wolfBoot 1.5 it is now possible to set up a virtual update partition on a neighbor system, which can be accessed using UART. Example code is provided to demonstrate this feature.

The developer experience in windows environments has been improved by adding official support for IAR and integrating a Visual Studio solution to facilitate the compilation and the integration of key management tools. Integrating secure boot in your embedded systems has never been this easy.

Check out our release notes for more details, and feel free to contact us at facts@wolfssl.com with any questions.

wolfSSL Inc is proud to announce the release of wolfSSH v1.4.4, the embedded SSH library for devices, IoT, and the cloud. Included in the release are:

• wolfSCP client. Included now is an example SCP client tool, wolfSCP. It can be used to copy single files or directories between two endpoints.
• VxWorks support. wolfSSH may now be compiled to run on the VxWorks RTOS from Wind River Systems. It doesn’t require any special configuration, just compile and go.

Contact us at facts@wolfssl.com with any questions about using new features available in the wolfSSH embedded SSH library!  Download the new release today from the wolfSSL download page or direct from GitHub.

wolfTPM Version 1.8 has been released and is now available for download on our website. This release brings new platform support for Xilinx Zynq UltraScale+ MPSoC and new operating environment support for Linux users. We have now tested with two more TPM modules, the Nuvoton NPCT650 and NationsTech Z32H330.

To reduce the time needed for new applications on Linux we’ve added support for the Linux TIS kernel driver (“/dev/tpm#”). This allows applications using wolfTPM under Linux to exist alongside the Linux TPM tools. It also makes it easier for users to leverage existing Linux TPM module and LPC bus support without the need for additional system configuration.

The default build-behavior is to use the “/dev/spidev#.#” directly via the HAL IO callback. To enable the “/dev/tpm#” support use the “./configure –enable-devtpm” build option.

This release also resolves some build issues with the crypto callback support for TLS and adds examples for using an ECC primary storage root key.

For questions please email facts@wolfssl.com.

Do you have a product you are working on that may one day be utilized by a government agency either foreign or domestic or any agency that requires a FIPS certification? If you think your product is a candidate for FIPS use but are not quite sure when you may have a FIPS purchase come through wolfSSL FIPS Ready is exactly what you are looking for!

What is FIPS Ready?

wolfSSL FIPS Ready is the wolfCrypt FIPS enabled cryptography layer code included in the wolfSSL source tree. With wolfSSL FIPS Ready you get to benefit from all the enhanced security features that come with a FIPS module but you don’t have to get a certificate until you are confident you have a FIPS customer that will justify the effort of getting the cert!

What are the Limitations?

With wolfSSL FIPS Ready you are not FIPS approved, but you will be READY to get approved at a moments’ notice saving you time when that FIPS customer comes knocking. Being FIPS Ready means you have included the FIPS code in your build, you are already operating according to the FIPS enforced best practices of default entry point, you have a code integrity check of your crypto module and you are running the power on self test to ensure proper cryptographic functionality. When the time comes, you can get your operating environment tested and validated and all the coding work will have already been done in advance making the validation process much faster!

Can I deploy it today?

FIPS Ready is open source and dual-licensed. We distribute FIPS Ready wolfSSL with the GPLv3 license or we can negotiate commercial licensing terms with support!

You can download a copy of the wolfssl-4.4.0-gplv3-fips-ready.zip from the DOWNLOADS page on the wolfSSL website.

FIPS is a complicated topic so if you have questions after reviewing this post, then just contact us at facts@wolfssl.com anytime, we are always happy to help in any way we can!

The team at wolfSSL is proud to announce the latest iteration of wolfMQTT. This release is focused on polishing the user experience and squashing bugs. The multithread feature was thoroughly tested, and we managed to correct a couple of synchronization issues that were reported. Additionally a new “simple client” example was added that demonstrates the bare-bones essential API needed to allow an IoT device to communicate with a broker service.

Check out the changelog here:
https://github.com/wolfSSL/wolfMQTT/blob/master/ChangeLog.md

While you’re there, show us some love and give the wolfMQTT project a Star!
You can download the latest release here: https://www.wolfssl.com/download/
Or clone directly from our GitHub repository: https://github.com/wolfSSL/wolfMQTT

To learn more about wolfMQTT, the wolfSSL embedded SSL/TLS library, or one of our other products, contact us today at facts@wolfssl.com.

The Netflix Tech Blog recently shared how Netflix is leveraging TLS 1.3 for faster and more secure connections.  They concluded:

“From the security analysis, we are confident that TLS 1.3 improves communication security over TLS 1.2. From the field test, we are confident that TLS 1.3 provides us a better streaming experience.

At the time of writing this article, the Internet is experiencing higher than usual traffic and congestion. We believe saving even small amounts of data and round trips can be meaningful and even better if it also provides a more secure and efficient streaming experience.

Therefore, we have started deploying TLS 1.3 on newer consumer electronics devices and we are expecting even more devices to be deployed with TLS 1.3 capability in the near future.”

The wolfSSL embedded SSL/TLS library was one of the first TLS libraries to implement support for TLS 1.3, and we are happy to see successful adoption stories like this!  Contact us at facts@wolfssl.com to start using TLS 1.3 in your projects!

Earlier this month, we worked on adding MQTT support to cURL which is now available as “experimental” in the latest curl 7.70.0 release! For full details of the current integration, see Daniel Stenberg’s blog post titled “CURL + MQTT = TRUE“.

We’re curious how our users want to use MQTT in cURL, and we want to hear your feedback to help direct our future cURL+MQTT plans! We think MQTT support could be helpful for a variety of use cases ranging from service techs that require a tool to help test and develop MQTT-based solutions, to easily scripting MQTT commands. Let us know your feedback at facts@wolfssl.com and we’ll be happy to listen!

wolfSSL Inc is proud to announce the release of wolfSSL v4.4.0, the embedded TLS library for devices, IoT, and the cloud. Included in the release are:

• Qualcomm Hexagon SDK support. The Hexagon SDK is used for building code to run on DSP processors. Use of the Hexagon toolchain to offload ECC verify operations has been added to wolfSSL. This can free up the main CPU for other operations or lead to future optimizations with HVX on some algorithms that use vector operations. The Makefile for building with the Hexagon toolchain and a README with more information can be found in the directory wolfssl-4.4.0/IDE/HEXAGON.
• Apache 2.4.39 support. Use wolfSSL with Apache’s mod_ssl. Apache is the most commonly used web server in the world. You can now use wolfSSL as a part of your Apache installation. You can benefit from wolfSSL’s world class support. Ask us for more information.
• OpenVPN support. Use wolfSSL with OpenVPN. OpenVPN is one of the top VPN products on the market. wolfSSL can secure your connections.
• Renesas Synergy S7G2 support. Are you prototyping a new embedded application with a Renesas Synergy S7G2 board? wolfCrypt can take advantage of its on-board cryptography hardware. Offload AES, RSA, SHA, and GHASH to the hardware. See our benchmarks page to see the comparison of the software crypto and the hardware acceleration.
• Curve448, X448, and Ed448 support. We at wolfSSL like to stay on top of progressive ciphers. Curve448 is an efficient to calculate elliptic curve. It offers 224-bits of security and works well with ECDH key agreement.

Contact us at facts@wolfssl.com with any questions about using new features available in the wolfSSL embedded SSL/TLS library!

ACVP stands for (Automated Cryptographic Validation Protocol) and it is the upcoming protocol that will be used for FIPS validation. It makes testing cryptographic algorithms and modules more efficient than the current method and more automated. There are three main parts to ACVP – a server, a proxy, and a client.

• The server side handles requests for test vectors and requests for validation among other requests. This side is operated by a FIPS lab or by NIST themselves.
• A proxy with ACVP can be used to communicate to offline systems and handle transferring information from the system being tested to the server. Often an ACVP client is used instead.
• The last part being a client, which is most relevant to users who are wanting to get their cryptography FIPS validated. An ACVP client is directly hooked up to the module to be tested and then communicates with the ACVP server to send requests for test vectors, responses of the results from running those tests, and requests for algorithm validation. There are multiple pieces required to build a ACVP client in order to complete a validation process, some of the large portions of the effort go into
  • JSON parsing / creation for communication with a ACVP server
  • HTTPS GET / POST / PUT / DELETE messages used for securely transporting information
  • 2 factor authentication with TOTP (Time-Based One-Time Password Algorithm)
  • Plugging in the test harness that runs crypto operations

Ultimately an ACVP client communicates with the server to validate cryptographic operations. This includes creating, or referencing meta data such as; vendor, OE, and module information. A simplified message flow for getting an algorithm validated is as follows:

wolfSSL is in the process of developing our own ACVP client based off of the current draft (draft-fussell-acvp-spec-01). Having many algorithms already completing the validation process through the NIST operated ACVP Demo server. Where our test vendor information can be seen publicly listed on the demo site here (https://demo.acvts.nist.gov/home). We can assist with your FIPS needs. Contact us at facts@wolfssl.com for questions or more information.

More information from NIST’s website about the ACVP project can be found here:
https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing.