Latest Posts

  • uncategorized

    wolfSSL Vulnerabilities In 2020

    chris
    Last year wolfSSL fixed 8 vulnerabilities and documented them in the wolfSSL embedded SSL/TLS library release notes. Thanks to all of the researcher reports, and to the dedicated wolfSSL team, the fixes were identified and resolved rapidly. How rapidly you may ask? The average time to get a fix submitted...
    Read more
  • uncategorized

    Distribution of Crypto Operations

    chris
    wolfSSL is developing a library to handle the location of where crypto operations run amongst multiple cores. For large systems that have many sign/verify operations happening at once this library would be able to distribute those sign/verify requests based on a user’s input. In addition to managing where the operation...
    Read more
  • uncategorized

    Sniffing traffic with TLS v1.3

    chris
    The wolfSSL library includes a useful tool for sniffing TLS traffic. This can be used to capture and decrypt live or recorded PCAP traces when at least one of the keys is known. Typically a static RSA ciphersuite would be used, however with TLS v1.3 only Perfect Forward Secrecy (PFS)...
    Read more
  • uncategorized

    wolfSSL Use With Hexagon Toolchain

    chris
    The Qualcomm Hexagon SDK  is used for building code to run on DSP processors. Use of the Hexagon toolchain to offload ECC verify operations has been added to wolfSSL. This can free up the main CPU for other operations or lead to future optimizations with HVX on some algorithms that...
    Read more
  • uncategorized

    What is TPM parameter encryption?

    chris
    Trusted Platform Modules (TPM) give us a secure vault for storing keys and secrets. We could also use a TPM as root-of-trust for reporting the health and integrity of our servers or bare metal systems (e.g. IoT). However, TPMs are physical devices. The communication between our software and the TPM...
    Read more
  • uncategorized

    wolfSSL adds Silicon Labs Hardware acceleration support

    paul
    wolfSSL is excited to announce support for using Silicon Labs Hardware acceleration. The EFR32 family of devices support multiple wireless interfaces with hardware cryptographic operations. wolfSSL can now offload cryptographic operations for dramatically increased performance on the Silicon Labs EFR32 family! Our new support includes hardware acceleration of the following...
    Read more
  • uncategorized

    wolfSSL Cisco libest Port

    chris
    With wolfSSL 4.6.0, the cisco/libest EST library has been ported to work with wolfSSL. The Enrollment over Secure Transport (EST) protocol defines “enrollment for clients using Certificate Management over CMS (CMC) [RFC5272] messages over a secure transport.” It uses TLS >1.1 and the Hypertext Transfer Protocol (HTTP) to facilitate secure...
    Read more
  • uncategorized

    (D)TLS 1.2 Secure Renegotiation Application Data

    chris
    One of the new features in wolfSSL 4.6.0 is the ability to process application data during a (D)TLS 1.2 secure renegotiation. The new functionality (added in commit 7c89d10e5362ec281ce61ff12f37a091aa124e98) allows users to send and receive their data during the re-handshake process. Sending data can be accomplished, when using non-blocking sockets, by...
    Read more
  • uncategorized

    Updated wolfSSL Yocto and OpenEmbedded Recipes

    chris
    We recently validated the compatibility of our “meta-wolfssl” layer with Yocto 3.0 Zeus, and also updated our wolfSSL recipe to match our newest 4.6.0 release! We offer recipes for wolfSSL, wolfSSH, wolfMQTT, and wolfTPM, all available for Yocto Project or OpenEmbedded based projects.
    Read more