Month: June 2020

wolfSSL 4.4.0 introduces new ChaCha20/Poly1305 API’s for AEAD to allow “chunked” updates of data followed by a final calculation for the authentication tag. This uses the same “Init”, “Update”, “Final” conventions commonly available with our hash algorithms.

New API’s are available by default and can be disabled using: NO_CHACHAPOLY_AEAD_IUF.

wc_ChaCha20Poly1305_CheckTag
wc_ChaCha20Poly1305_Init
wc_ChaCha20Poly1305_UpdateAad
wc_ChaCha20Poly1305_UpdateData
wc_ChaCha20Poly1305_Final
wc_Poly1305_Pad
wc_Poly1305_EncodeSizes

These additions resulted in the following additional enhancements to the wolfSSL library and regression testing:

1. Refactor of functions wc_ChaCha20Poly1305_Encrypt and wc_ChaCha20Poly1305_Decrypt to use the new ChaChaPoly_Aead context and the new init/update/final functions.
2. Refactor of the Poly1305 AEAD / MAC to reduce duplicate code (Footprint Optimizations)
3. Tests for TLS v1.3 interop and ChaCha20/Poly1305 AEAD test vectors.

If you have any questions about the wolfSSL embedded SSL/TLS library, or using ChaCha20/Poly1305 in your application, contact us today at facts@wolfssl.com.

wolfSSL 4.4.0 adds support for building Qt 5.12 and 5.13 against the wolfSSL embedded SSL/TLS library instead of the default OpenSSL backend!  Using wolfSSL as a TLS provider in Qt can have many advantages, depending on application and industry.  Some of these may include:

• Progressive TLS protocol support (up to TLS 1.3)
• Smaller footprint size (wolfSSL is up to 20 times smaller than OpenSSL)
• Extensive testing (wolfSSL is the best-tested SSL/TLS implementation available today)
• Certifications (FIPS 140-2, DO-178C)
• Portability (wolfSSL supports over 30 operating systems)
• Hardware cryptography support
• Commercial support
• Consulting services and training available

To compile wolfSSL for Qt, we have added a new configure option named “–enable-qt“.  To compile Qt with the wolfSSL patch:

1. Follow the Building Qt Guide to download needed Qt dependencies and initialize the Qt repository.
2. Change directories into the qt5 directory and checkout a branch between 5.12-5.13.

$ cd qt5
$ git checkout [branch_name]

3. Apply the wolfSSL Qt patch file to qt5.

$ cd qt5/qtbase
$ patch -p1 < /path/to/wolfssl_qt_src.patch

4. Link to wolfSSL directly by setting the WOLFSSL_LIBS variable.

$ export WOLFSSL_LIBS="-L/path/to/wolf-install/lib -lwolfssl"

5. Configure Qt using the “-wolfssl-linked” option, and add wolfSSL header directories to the include path.

$ ./configure -wolfssl-linked -I/path/to/wolf-install/include/wolfssl -I/path/to/wolf-install/include

6. Build Qt.

$ make

7. Test the build.

$ make test

8. Or, run tests individually:

$ qtbase/tests/auto/network/ssl/qsslcertificate/tst_qsslcertificate
$ qtbase/tests/auto/network/ssl/qasn1element/tst_qasn1element
$ qtbase/tests/auto/network/ssl/qpassworddigestor/tst_qpassworddigestor 
$ qtbase/tests/auto/network/ssl/qsslcipher/tst_qsslcipher
$ qtbase/tests/auto/network/ssl/qssldiffiehellmanparameters/tst_qssldiffiehellmanparameters
$ qtbase/tests/auto/network/ssl/qsslellipticcurve/tst_qsslellipticcurve 
$ qtbase/tests/auto/network/ssl/qsslerror/tst_qsslerror 
$ qtbase/tests/auto/network/ssl/qsslkey/tst_qsslkey 
$ qtbase/tests/auto/network/ssl/qsslsocket/tst_qsslsocket
$ qtbase/tests/auto/network/ssl/qsslsocket_onDemandCertificates_member/tst_qsslsocket_onDemandCertificates_member
$ qtbase/tests/auto/network/ssl/qsslsocket_onDemandCertificates_static/tst_qsslsocket_onDemandCertificates_static

wolfSSL’s port into Qt has not been merged upstream yet, and is currently distributed in patch form.  To request access to the wolfSSL Qt patch file, please email us at facts@wolfssl.com!

Don’t miss this hot topic! wolfSSL Chris Conlon, Engineering Manager presents:

https://resources.qt.io/videos/ssl-tls-in-qt-introduction-to-wolfssl-wolfssl-qt-virtual-tech-con-2020 

Qt has traditionally used OpenSSL as the provider for SSL/TLS in Qt Network for secure network communications. Qt developers who are looking for a lightweight, progressive, and well-tested SSL/TLS implementation will be happy to learn how Qt can be used with the wolfSSL embedded SSL/TLS library.

wolfSSL provides progressive SSL/TLS protocol support up to TLS 1.3, maintains a minimal memory footprint, and focuses on extensive testing to reduce bugs and vulnerabilities. This session provides an overview of wolfSSL and advantages it brings to Qt developers when used in place of OpenSSL. Viewers will gain insight into how they can build Qt with wolfSSL, learn about the current state of SSL/TLS and the cryptography algorithms it uses, and have a chance to ask the experts about their SSL/TLS questions.

Email us at facts@wolfssl.com with any questions.

wolfSSL Inc is adding support for the SSH-AGENT authentication to wolfSSH. The SSH-AGENT allows one to log in through multiple machines with a single private key on one’s local terminal. A good example is logging onto a test server and then accessing GitHub with git which uses SSH. Git will ask SSH on the test server to sign its handshake message, and that request is forwarded back to your local terminal over the SSH tunnel where the data is signed with your private key. No fuss, no muss. The wolfSSH agent will interoperate with OpenSSH and Dropbear.

For questions on wolfSSH or SSH agent support contact us at facts@wolfssl.com!