Provides the WolfSSL SSL/TLS solution.
Provides the WolfSSL SSL/TLS solution.
This package provides an embedded SSL/TLS library specifically developed for memory-constrained devices.
wolfSSL’s software is available under two distinct licensing models: Open Source (GPLv2) or proprietary.
wolfSSL (formerly CyaSSL) offers multiple products including, but not limited to:
wolfSSL wolfCrypt wolfMQTT wolfSSH
These software products are free software and may be modified to the needs of the user as long as the user adheres to version two of the GPL License. The GPLv2 license can be found on the gnu.org website (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html).
Businesses and enterprises who wish to incorporate wolfSSL products into proprietary appliances or other commercial software products for re-distribution must license commercial versions. Commercial licenses for wolfSSL, yaSSL, and wolfCrypt are available. Licenses are generally issued for one product and include unlimited royalty-free distribution. Custom licensing terms are also available.
Commercial licenses are also available for wolfMQTT and wolfSSH. Please contact firstname.lastname@example.org@m.@email@example.com..firstname.lastname@example.org with inquiries.
wolfSSL is securing over 2 billion end points today and is one of the industry leading SSL/TLS/Cryptographic providers for embedded systems and the IoT space. wolfSSL is very excited to be working with the RIOT-OS team!
You can easily take advantage of wolfSSL by using the following in your application Makefile:
Don't forget to use the wolfSSL settings header in your app. This header should always be included FIRST preceding any other wolfSSL headers to ensure the correct configuration is picked up when including other wolfSSL headers:
Because wolfSSL was designed with embedded systems in mind the library is extremely modular. There are very few dependencies in wolfSSL Cryptographic library and we have chosen to setup the pkg makefile to allow for easy modification by developers. We chose to include the core of our library in a singular list and then separate out the features that a developer may or may not wish to use by default. Please reference the Makefile.wolfssl in "<RIOT-root>/pkg/wolfssl" directory. wolfSSL has chosen to enable a significant portion of our wolfcrypt functionality by default and provided informative comments to explain how a feature might be enabled/disabled.
Features should be controlled with the header "user_settings.h" included with the package. On RIOT-OS, wolfSSL and wolfCrypt libraries can be configured using PSEUDOMODULES. After selecting the wolfSSL package via:
Single ciphers, algorithms and features can be selected by including the associated pseudomodule, e.g.:
NOTES ON TRANSPORT LAYER:
wolfSSL package for RIOT-OS supports two types of socket communication:
By default, GNRC support is compiled in for UDP/IP communication when the module
wolfssl_dtls is selected. Ensure that the module
gnrc_sock_udp is also included in the build.
Alternatively, to enable full-POSIX TLS/DTLS, select the
wolfssl_socket module by adding the following to the application's Makefile:
Refer to the examples in the following section for more details about the API and the integration with the transport layer.
wolfSSL has provided a few examples of using this package in the RIOT examples directory. To test these do any of the following:
wolfSSL Test/Benchmark: Useful to verify that the ciphers are working properly on the target, and comparing performance on different platforms.
ED25519 signature verification demo Very small footprint application to demonstrate Ed25519 signature verification with a very small footprint and memory requirements
DTLS Client and Server Example DTLS example over GNRC UDP/IP stack. See documentation in
QUESTIONS / CONCERNS / FEEDBACK:
For any questions, concerns, or other feedback please contact email@example.com@firstname.lastname@example.org@email@example.com anytime, we are always happy to help in any way we can!!