wolfSSL + embOS

wolfSSL has added support for embOS in the wolfCrypt embedded cryptography library. We have example projects in the “/IDE/IAR-EWARM/embOS/” directory which include a library to link against, a benchmark, and wolfcrypt_test that are preconfigured for Atmel’s SAMV71 Xplained Ultra when using IAR Embedded Workbench for ARM (EWARM). These examples are set up to build and run with no user modifications by default (After you download the documented software and have on hand the necessary hardware).

The examples will be available in the next stable release of the wolfSSL embedded SSL/TLS library and are currently available in the wolfSSL development branch at: https://github.com/wolfssl/wolfssl

There is a README_custom_port that will assist in creating a project that targets a different MPU as well. As always we are more than willing to help anyone get setup and going so please feel free to contact us support@wolfssl.com if you ever have any questions!

wolfSSL Patch for MYSQL 5.6.30

When using wolfSSL with MYSQL the portability and robustness refined in the IoT realm meets databases. The patch has been updated to MYSQL version 5.6.30 and allows for easy replacement of the bundled TLS/SSL library to a recent version of wolfSSL. Using the patch leverages the progressive, lightweight wolfSSL embedded SSL/TLS library when securing database connections. The patch, along with instructions on how to apply it, can be found on github at this repository https://github.com/wolfSSL/mysql-patch.

For more information contact wolfSSL at info@wolfssl.com

Whitewood Quantum RNG Support in wolfSSL

Are you interested in seeding wolfSSL with quantum entropy?  wolfSSL has recently partnered with Whitewood Encryption Systems to bring support for the Whitewood netRandom client library to wolfSSL.

Whitewood netRandom is a client/server solution for delivery true random numbers.  The netRandom server includes the Whitewood Entropy Engine – a hardware-based high-performance, quantum random number generator.  A netRandom client securely connects to this server to retrieve quantum entropy.  This is beneficial in environments where it is tough or impossible to locally generate good random numbers.  Since the security of a cryptosystem is dependent on true random numbers, this is very important for users of wolfSSL and wolfCrypt.

When wolfSSL is compiled with support for the netRandom client library API, wolfSSL’s PRNG will be seeded with quantum random numbers from the netRandom server.  Users can compile wolfSSL with netRandom support by using the following ./configure option or by defining HAVE_WNR when compiling wolfSSL:

–with-wnr=PATH      Path to Whitewood netRandom install (default /usr/local)

netRandom support adds the following two functions to the wolfSSL API, through the header:

int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout);
int wc_FreeNetRandom(void);

An application should call wc_InitNetRandom() once during startup, passing it the netRandom configuration file, optional HMAC callback, and entropy timeout.  wc_FreeNetRandom() should be called upon application shutdown to free the netRandom context.

Usage examples can be found in the wolfSSL example applications, located in under the “./examples” directory of the wolfSSL download.  netRandom support is currently available in the development branch of wolfSSL and will be incorporated into the next stable release as well.

For more information about using the wolfSSL embedded SSL/TLS library with the Whitewood netRandom client library, contact us at info@wolfssl.com.

References:
Whitewood Encryption Systems
Whitewood netRandom

wolfSSL unaffected by May 3rd, 2016 OpenSSL high severity security fixes

OpenSSL released a security advisory on May 3rd 2016: https://www.openssl.org/news/secadv/20160503.txt. Some wolfSSL embedded TLS users are probably wondering if similar security fixes are needed in wolfSSL.  The answer to that is no.  Specifically, CVE-2016-2107 and CVE-2016-2108 are OpenSSL implementation bugs.  Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects.

Please contact wolfSSL by email at info@wolfssl.com, or call us at 425 245 8247 if you have any security related questions.