Hi! We`ve scheduled ourselves to implement ChaCha20 and Poly1305 into wolfSSL this summer. If you`re learning about what these are, see these links: http://cr.yp.to/mac.html https://www.imperialviolet.org/2013/10/07/chacha20.html We`re excited about this addition to our code. If you have comments, questions, or need it in our code sooner than this summer, then let us know! We can be […]
Read MoreMore TagMonth: April 2014
wolfSSL’s Todd Ouska Comments on Heartbleed Bug
As a follow up to the recent Heartbleed bug in OpenSSL, Embedded Computing Design interviewed wolfSSL’s CTO, Todd Ouska for an article titled “Heartbleed: (Not) one in a million”. You can read the article at the following URL: http://embedded-computing.com/20937-heartbleed-not-one-in-a-million
Read MoreMore TagOpenBSD team is refactoring OpenSSL
The OpenBSD team is refactoring OpenSSL, which is admirable work. You can see their progress at http://opensslrampage.org. If you read the OpenSSL Rampage blog, you can see that they have their work cut out for them. The OpenSSL code base is very old, and has had literally hundreds of unknown hands making changes over its 20+ […]
Read MoreMore TagwolfSSL JNI 1.1.0 Released
Version 1.1.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used CyaSSL lightweight SSL/TLS library, including support for TLS 1.2 and DTLS 1.2. This release contains bug fixes and features including: – Updated support for CyaSSL, tested against CyaSSL 2.9.4 – Updated example […]
Read MoreMore TagCommon Terms and Types in wolfSSL Lightweight SSL
If you are using or thinking about using the wolfSSL lightweight SSL/TLS library in your application or project, it’s oftentimes helpful to get a general overview of some of the terms and types which are used in a simple wolfSSL connection. Below we have included a general summary of these types. 1) socket: wolfSSL uses […]
Read MoreMore TagNice Overview Article on Securing the Internet of Things
Dark Reading has a nice overview article covering IoT security issues. See: http://www.darkreading.com/vulnerabilities—threats/thingularity-triggers-security-warnings/d/d-id/1141587
Read MoreMore TagwolfSSL Security Advisory: April 9, 2014
Issue #1 (Memory Corruption)CVE-ID: CVE-2014-2896Product: CyaSSLVendor: wolfSSL Inc.Affected Versions: CyaSSL 2.9.0 and previous versionsVulnerability Type: Improper Input Validation (CWE-20) Description: The TLS and DTLS implementations in wolfSSL CyaSSL before 2.9.4 lack a buffer length check in DoAlert(), possibly allowing an attacker to set the read index by up to 2 bytes past the length of […]
Read MoreMore TagwolfSSL and CyaSSL Users SAFE from Heartbleed Bug
A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160. The purpose of this note is not to gloat over a competing projects problems, as […]
Read MoreMore TagwolfSSL 2.9.4 Released
Release 2.9.4 includes important Security Fixes for issues found by Ivan Fratric of the Google Security Team and Suman Jana with security researchers at UT Austin and UC Davis. CVE details to be posted today for issues with memory corruption, null pointer deference, out of bound read, and unknown certificate extensions. All users should upgrade […]
Read MoreMore Tag