Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/18/2020
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

wolfSSL Releases Version 4.4.0 of Embedded TLS Library wolfSSL

Also announces updates to related products.

wolfSSL, a leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, is proud to announce wolfSSL v4.4.0, the embedded TLS library for devices, IoT, and the cloud.

Included in the latest wolfSSL version 4.4.0 release:

  • Qualcomm Hexagon SDK support. The Hexagon SDK is used for building code to run on DSP processors. Use of the Hexagon toolchain to offload ECC verify operations has been added to wolfSSL. This can free up the main CPU for other operations or lead to future optimizations with HVX on some algorithms that use vector operations. The Makefile for building with the Hexagon toolchain and a README with more information can be found in the directory wolfssl-4.4.0/IDE/HEXAGON.
  • Apache 2.4.39 support. Use wolfSSL with Apache’s mod_ssl. Apache is the most commonly used web server in the world. You can now use wolfSSL as a part of your Apache installation. You can benefit from wolfSSL’s world class support. Ask us for more information.
  • OpenVPN support. Use wolfSSL with OpenVPN. OpenVPN is one of the top VPN products on the market. wolfSSL can secure your connections.
  • Renesas Synergy S7G2 support. wolfCrypt can take advantage of its on-board cryptography hardware. It benefits developers prototyping a new embedded application with a Renesas Synergy S7G2 board.Offload AES, RSA, SHA, and GHASH to the hardware. See our benchmarks page to see the comparison of the software crypto and the hardware acceleration.
  • Curve448, X448, and Ed448 support. We at wolfSSL like to stay on top of progressive ciphers. Curve448 is an efficient to calculate elliptic curve. It offers 224-bits of security and works well with ECDH key agreement.

 

There have been significant updates made to other products working with wolfSSL.

wolfMQTT v1.6.0 release is focused on polishing the user experience and squashing bugs. The multithread feature was thoroughly tested, and corrected a few synchronization issues that were reported. Additionally a new “simple client” example was added that demonstrates the bare-bones essential API needed to allow an IoT device to communicate with a broker service.

wolfTPM v1.8.0 release brings new platform support for Xilinx Zynq UltraScale+ MPSoC and new operating environment support for Linux users. wolfTPM is now tested with two more TPM modules - the Nuvoton NPCT650 and NationsTech Z32H330. To reduce the time needed for new applications on Linux, support for the Linux TIS kernel driver (“/dev/tpm#”) was added. This allows applications using wolfTPM under Linux to exist alongside the Linux TPM tools. It also makes it easier for users to leverage existing Linux TPM modules and LPC bus support without the need for additional system configuration. This release also resolves some build issues with the crypto callback support for TLS and adds examples for using an ECC primary storage root key.

wolfSSH v1.4.0 release now includes an example SCP client tool, named wolfSCP. It can be used to copy single files or directories between two endpoints. This release also brings support for VxWorks. wolfSSH may now be compiled to run on the VxWorks RTOS from Wind River Systems. It doesn’t require any special configuration, just compile and go.

wolfBoot v1.5.0 release includes support for SHA-3 digest for firmware images, RSA-4096 signature authentication as well as support for the ARMv8 64bit architecture. The release also includes support for the LPC54xx, Raspberry Pi and Xilinx Zynq new targets and platforms, improved experience for development in MS Windows environments and virtual storage over UART. wolfBoot is now capable of securing the boot process in embedded Linux systems based on the ARM Cortex-A CPU. wolfBoot integrates with an existing platform chain-of-trust, adding support for reliable and trusted firmware updates. All the execution levels on systems using ARM TrustZone to separate privileges among boot stages are supported in the new boot procedure. Using wolfBoot 1.5, it is now possible to set up a virtual update partition on a neighbor system, which can be accessed using UART. Example code is provided to demonstrate this feature. The developer experience in windows environments has been improved by adding official support for IAR and integrating a Visual Studio solution to facilitate the compilation and the integration of key management tools. Integrating secure boot in your embedded systems has never been this easy.

wolfSSL Async v4.4.0 release includes bug fixes for uninitialized `supSha3` warning, fixes the use of incorrect devId for wolfSSL_SHA3_256_Init, fix for QAT with Shake256 and a fix for QAT example `./build.sh`. The wolfSSL / wolfCrypt libraries support asynchronous (non-blocking) crypto using hardware acceleration with the Intel QuickAssist and Cavium Nitrox-III/V adapters. These are PCIe devices that accelerate crypto operations. For server platforms requiring high connection rates and throughput this allows greatly increased performance.

wolfSSL FIPS Ready v4.4.0 release is the wolfCrypt FIPS enabled cryptography layer code included in the wolfSSL source tree. wolfCrypt FIPS leverages wolfSSL's underlying wolfCrypt module, that has undergone FIPS 140-2 Level 1 validation, providing commercial organizations a time to market, quality and lower cost of ownership advantage to achieve and maintain FIPS validation.

About wolfSSL
wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL and TLS products and its crypto library, wolfSSL is supporting high security designs in the automotive, the avionic, and other industries. In avionics, it has support for complete RTCA DO-178C level A certification. In automotive, it supports MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2, with upcoming Common Criteria support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. wolfSSL products are open source, giving customers the freedom to look under the hood.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...