Category: wolfSSL/ wolfCrypt

wolfSSL’s crypto callback framework lets you offload cryptographic operations to hardware. PR #9851 extends this framework with two new callback utilities, Set Key and Export Key, which provide a standardized way to move key material between wolfSSL and your hardware across AES, HMAC, RSA, and ECC. How It Works When a key is bound to […]

wolfSSL now includes support for the Secure Hardware Extension (SHE) key management standard (see PR #10009). This new wolfCrypt module provides software-based generation and verification of SHE key update messages (M1–M5), with built-in support for hardware offload via crypto callbacks. What is SHE? The SHE specification was developed by the Hersteller Initiative Software (HIS) consortium […]

We are excited to announce that we will be working on CHERIoT support for wolfSSL! CHERIoT (Capability Hardware Extension to RISC-V for IoT) is a hardware-software platform that brings capability-based memory protection to small embedded devices. It enforces memory safety at the hardware level, catching entire classes of vulnerabilities like buffer overflows and use-after-free automatically. […]

TLS session resumption reuses previously negotiated keying material to shorten handshakes and reduce CPU and network overhead. Resumption saves latency and power on constrained devices by avoiding a full handshake when a safe cached session is available.—–Understanding Session IDs and Tickets Session IDs are a server-issued identifier used by TLS ≤ 1.2 where the server […]

As a member of the wolfSSL team, each day is a new opportunity to learn. This time, we delve into Caliptra and our plans for it in the near future. Architecture and Purpose Caliptra isn’t just a piece of software or hardware, it is a specification for software combined with hardware as its own module, […]

The engineering team at wolfSSL is working on integrating wolfCrypt as a cryptographic service provider for FD.io’s Vector Packet Processing framework. This will give VPP deployments access to FIPS 140-3 validated cryptography, hardware acceleration support, and wolfSSL’s battle-tested implementations directly within the high-performance data plane. This work targets network packet workloads demanding both regulatory compliance […]

wolfSSL has long provided solid CRL decode and validation support. This update builds on that foundation by adding CRL generation and signing capabilities, along with certificate extension helpers that improve revocation-aware certificate creation workflows. What is a CRL? A Certificate Revocation List (CRL) is a signed list published by a certificate authority (CA) that identifies […]

wolfSSL is excited to announce the release of its new user-space VPN client. This client is written entirely in Rust, leveraging the language’s safety and performance characteristics. The implementation is based on the popular open-source boringtun project. Crucially, this new client incorporates FIPS-validated cryptography through the use of the wolfGuard protocol. This solution ensures a […]