Road to embedded world '23: Bozeman, Montana, wolfSSL

By Chad Cox

Associate Editor

Embedded Computing Design

February 06, 2023

News

Road to embedded world '23: Bozeman, Montana, wolfSSL

wolfSSL will be arriving at embedded world 2023 showcasing its embedded TLS library, a portable, C-language-based SSL/TLS library for applications in the areas of IoT, embedded, and RTOS environments. While attending ew '23, stop by booth 4-610 and say hello to wolfSSL.

The Industry standards TLS 1.3 and DTLS 1.3 are supported by wolfSSL, along with, OpenSSL compatibility layer, wolfCrypt cryptography library, OCSP/CRL support, and a simple API. The solution cohabitates with desktop, enterprise, and cloud environments.

Highlights of the Embedded SSL/TLS Library:

  • Up to TLS 1.3 and DTLS 1.3
  • Full client and server support
  • Progressive list of supported ciphers
  • Key and Certificate generation
  • OCSP, CRL support
  • Commercially supported
  • Small size: 20-100kB
  • Runtime memory: 1-36kB
  • 20x smaller than OpenSSL
  • Abstraction Layers (OS, Custom I/O, Standard C library, and more)
  • Simple API
  • OpenSSL Compatibility Layer

Features:

  • SSL version 3.0 and TLS versions 1.0, 1.1, 1.2, and 1.3 (client and server)
  • DTLS versions 1.0, 1.2, and 1.3 (client and server)
  • Minimum footprint size of 20-100 kB, depending on build options and operating environment
  • Runtime memory usage between 1-36 kB (depending on I/O buffer sizes, public key algorithm, and key size)
  • OpenSSL compatibility layer
  • Simple API
  • QUIC support
  • OCSP, OCSP Stapling, and CRL support
  • Hybrid Public Key Encryption (HPKE) and Encrypted Client Hello (ECH)
  • Hash Functions:
  • MD2, MD4, MD5, SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA-3, RIPEMD-160, Poly1305
  • Block, Stream, and Authenticated Ciphers:
  • AES (CBC, CTR, OFB, XTS, GCM, CCM, GMAC, CMAC), Camellia, DES, 3DES, ARC4, ChaCha20, XChaCha20
  • Public Key Algorithms:
  • RSA, DSA, DH, EDH, ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA
  • Password-based Key Derivation: HMAC, PBKDF2
  • Curve25519 and Ed25519
  • ECC and RSA Key Generation
  • ECC curve types:
  • SECP, SECPR2, SECPR3, BRAINPOOL, KOBLITZ
  • ECC key lengths:
  • 112, 128, 160, 192, 224, 239, 256, 320, 384, 512, 521
  • Post Quantum Cryptography support, including:
  • Dilithium and FALCON Signature Schemes, SPHINCS+, Kyber KEM (hybridized with NIST ECC curves, allowing FIPS-compliance!)
  • X.509v3 RSA and ECC Signed Certificate Generation
  • PEM and DER certificate support
  • Hash-based PRNG (Hash_DRBG)
  • Mutual authentication support (client/server)
  • PSK (Pre-Shared Keys)
  • Persistent session and certificate cache
  • zlib compression support
  • Interchangeable crypto and certificate libraries
  • Modular cryptography library (wolfCrypt)
  • Supported TLS Extensions:
  • SNI (Server Name Indication), Maximum Fragment Length, Truncated HMAC, Supported Elliptic Curves, ALPN (Application Layer Protocol Negotiation), Extended Master Secret
  • Standalone Certificate Manager
  • SRP (Secure Remote Password)
  • Asynchronous crypto support: Intel QuickAssist, Cavium Nitrox
  • Hardware Cryptography Support:
  • Intel AES-NI, AVX1/2, RDRAND, RDSEED, SGX, Cavium NITROX, Intel QuickAssist, STM32F2/F4, Freescale/NXP (CAU, mmCAU, SEC, LTC), Microchip PIC32MZ, ARMv8, Renesas TSIP, ARM CryptoCell, PSA Crypto API, and more!
  • SSL Sniffer (SSL Inspection) Support
  • IPv4 and IPv6 support
  • Abstraction Layers / User Callbacks:
  • C Standard Library, Custom I/O, Memory hooks, Logging callbacks, User Atomic Record Layer Processing, Public Key
  • Open Source Project Integrations:
  • MySQL, OpenSSH, Apache httpd, nginx, wpa_supplicant, Open vSwitch, stunnel, Lighttpd, GoAhead, Mongoose, and more!
  • PKCS#1 (RSA Cryptography Standard) support
  • PKCS#3 (Diffie-Hellman Key Agreement Standard) support
  • PKCS#5 (Password-Based Encryption Standard) support
  • PKCS#7 (Cryptographic Message Syntax - CMS) support
  • PKCS#8 (Private-Key Information Syntax Standard) support
  • PKCS#9 (Selected Attribute Types) support
  • PKCS#10 (Certificate Signing Request - CSR) support
  • PKCS#11 (Cryptographic Token Interface) support
  • PKCS#12 (Certificate/Personal Information Exchange Syntax Standard) support

For more information, visit wolfssl.com.