Category: wolfSSL/ wolfCrypt

wolfSSL’s crypto callback framework lets you offload cryptographic operations to hardware. PR #9851 extends this framework with two new callback utilities, Set Key and Export Key, which provide a standardized way to move key material between wolfSSL and your hardware across AES, HMAC, RSA, and ECC. How It Works When a key is bound to […]

Read MoreMore Tag

wolfSSL now includes support for the Secure Hardware Extension (SHE) key management standard (see PR #10009). This new wolfCrypt module provides software-based generation and verification of SHE key update messages (M1–M5), with built-in support for hardware offload via crypto callbacks. What is SHE? The SHE specification was developed by the Hersteller Initiative Software (HIS) consortium […]

Read MoreMore Tag

We are excited to announce that we will be working on CHERIoT support for wolfSSL! CHERIoT (Capability Hardware Extension to RISC-V for IoT) is a hardware-software platform that brings capability-based memory protection to small embedded devices. It enforces memory safety at the hardware level, catching entire classes of vulnerabilities like buffer overflows and use-after-free automatically. […]

Read MoreMore Tag

TLS session resumption reuses previously negotiated keying material to shorten handshakes and reduce CPU and network overhead. Resumption saves latency and power on constrained devices by avoiding a full handshake when a safe cached session is available.—–Understanding Session IDs and Tickets Session IDs are a server-issued identifier used by TLS ≤ 1.2 where the server […]

Read MoreMore Tag

As a member of the wolfSSL team, each day is a new opportunity to learn. This time, we delve into Caliptra and our plans for it in the near future. Architecture and Purpose Caliptra isn’t just a piece of software or hardware, it is a specification for software combined with hardware as its own module, […]

Read MoreMore Tag

The engineering team at wolfSSL is working on integrating wolfCrypt as a cryptographic service provider for FD.io’s Vector Packet Processing framework. This will give VPP deployments access to FIPS 140-3 validated cryptography, hardware acceleration support, and wolfSSL’s battle-tested implementations directly within the high-performance data plane. This work targets network packet workloads demanding both regulatory compliance […]

Read MoreMore Tag

wolfSSL has long provided solid CRL decode and validation support. This update builds on that foundation by adding CRL generation and signing capabilities, along with certificate extension helpers that improve revocation-aware certificate creation workflows. What is a CRL? A Certificate Revocation List (CRL) is a signed list published by a certificate authority (CA) that identifies […]

Read MoreMore Tag

wolfSSL is excited to announce the release of its new user-space VPN client. This client is written entirely in Rust, leveraging the language’s safety and performance characteristics. The implementation is based on the popular open-source boringtun project. Crucially, this new client incorporates FIPS-validated cryptography through the use of the wolfGuard protocol. This solution ensures a […]

Read MoreMore Tag

Sometimes, X.509 certificates need to be revoked. One way that can happen is via CRL (Certificate Revocation List), but that’s a topic for another time. Today we’ll focus on OCSP (Online Certificate Status Protocol). The OCSP protocol is designed to allow a client to send a real-time query to a certificate authority’s OCSP responder, which […]

Read MoreMore Tag

Secure Element Offload via Crypto Callbacks in wolfSSL Modern embedded and security-critical systems increasingly rely on Secure Elements, TPMs, and hardware cryptographic accelerators to protect private keys. In wolfSSL, asymmetric keys such as ECC private keys can already reside entirely inside hardware using Crypto Callbacks. Until now, however, TLS 1.3 AES-GCM session keys were still […]

Read MoreMore Tag