RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 3.15.5 is Now Available

This release contains many new exciting additions to the wolfSSL embedded IoT library and some fixes to existing features. One of the changes with TLS 1.3 was adding in the capability of doing a TLS 1.3 only build. In addition to having the TLS 1.3 only build, OCSP stapling support with TLS 1.3 was added along with some fixes for asynchronous crypto use with the TLS 1.3 implementation.

Enhancements and fixes were made for PKCS parsing:

  • Added support for dynamic allocation of PKCS7 structure using wc_PKCS7_New and wc_PKCS7_Free functions
  • Support for PKCS#11 added with “--enable-pkcs11
  • Expanded PKCS#7 CMS support with KEKRI, PWRI and ORI
  • Streaming capability for PKCS#7 decoding and sign verify added
  • Added support for constructed OCTET_STRING with PKCS#7 signed data
  • Fix for PKCS8 padding with encryption
  • Added support for generic ECC PEM header/footer with PKCS8 parsing

Additional ports were added and some of the existing ports were updated to make it easy to use wolfSSL in new environments:

  • Port for ASIO added with “--enable-asio” configure flag
  • Port to apache mynewt added in the directory wolfssl-3.15.5/IDE/mynewt/*
  • Added a wolfSSL static library project for Atollic TrueSTUDIO
  • Contiki port added with macro WOLFSSL_CONTIKI
  • AF_ALG and cryptodev-linux crypto support added
  • Added support for the STM32L4 with AES/SHA hardware acceleration
  • Renesas e2studio project files added
  • Renesas RX example project added
  • Added reference STSAFE-A100 public key callbacks for TLS support
  • Added reference ATECC508A/ATECC608A public key callbacks for TLS support

Existing ports that were updated:

  • Update to Intel® SGX port, files included by Windows version and macros defined when using WOLFSSL_SGX
  • Updated support for latest CryptoAuthLib (10/25/2018)
  • Fixes for MQX classic 4.0 with IAR-EWARM
  • Updates to Nucleus version supported
  • Updates to Rowley-Crossworks settings for CMSIS 4
  • Updates to support Lighttpd
  • Fixes for OCSP use with NGINX port
  • Updates to XCODE build with wolfSSL
  • PIC32MZ hardware acceleration buffer alignment fixes
  • Fixes and enhancements for NXP K82 support
  • Relocate compatibility layer functions for OpenSSH port update
  • Updates and enhancements to the GCC-ARM example
  • Updates for wolfcrypt JNI wrapper

Additional Features:

  • Added DTLS either (server/client) side initialization setting
  • Flag to disable AES-CBC and have only AEAD cipher suites with TLS “--disable-aescbc
  • Added “--enable-asn=nocrypt” for certificate only parsing support
  • Benchmark enhancements to print in CSV format and in Japanese
  • Added Japanese output to example server and client with “-1 1” flag
  • Added USE_ECDSA_KEYSZ_HASH_ALGO macro for building to use digest sizes that match ephemeral key size
  • Additional compatibility API’s added, including functions like wolfSSL_X509_CA_num and wolfSSL_PEM_read_X509_CRL
  • Adds checking for critical extension with certificate Auth ID and the macro WOLFSSL_ALLOW_CRIT_SKID to override the check
  • Added public key callbacks to ConfirmSignature function to expand public key callback support
  • Added ECC and Curve25519 key generation callback support
  • Additional support for parsing certificate subject OIDs (businessCategory, jurisdiction of incorporation country, and jurisdiction of incorporation state)
  • Added  wc_ecc_ecport_ex and wc_export_inti API's for ECC hex string exporting
  • Added support for parsing PIV format certificates with the function wc_ParseCertPIV and macro WOLFSSL_CERT_PIV
  • Added APIs to support GZIP
  • Version resource added for Windows DLL builds

Optimizations:

  • Memory free optimizations with adding in earlier free’s where possible
  • ALT_ECC_SIZE use with SP math
  • Stack size reduction with smallstack build
  • Fix for assembly optimized version of Curve25519
  • Fix for DH algorithm when using SP math with ARM assembly

Macro and Behavior Changes:

  • Renamed the macro INLINE to WC_INLINE for inline functions
  • Made modifications to the primality testing so that the Miller-Rabin tests check against up to 40 random numbers rather than a fixed list of small primes
  • Make SOCKET_PEER_CLOSED_E consistent between read and write cases

For a full list of changes see the changelog located at https://www.wolfssl.com/docs/wolfssl-changelog/

wolfMQTT support for the 5.0 specification is here!

The wolfMQTT client now supports connecting to v5.0 enabled brokers. Handling properties received from the server is accomplished via a customizable callback. The following v5.0 specification features are supported by the wolfMQTT client:

  • AUTH packet
  • User properties
  • Server connect ACK properties
  • Format and content type for publish
  • Server disconnect
  • Reason codes and strings
  • Maximum packet size
  • Server assigned client identifier
  • Subscription ID
  • Topic Alias

As a side note, wolfMQTT uses the wolfSSL embedded SSL/TLS library for SSL/TLS support.  Since wolfSSL supports TLS 1.3, your wolfMQTT-based projects can now use MQTT with TLS 1.3 with a supported broker!

You can download the latest release from our website or clone on GitHub. For more information please email us at info@wolfssl.com.

TLS 1.3 combined with FIPS (#FIPS #TLS13)

wolfSSL is a lightweight TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.

Because there is a FIPS 140-2 validated version of wolfCrypt, this means that wolfSSL not only has support for the most current version of TLS, but it also has the encryption backbone to support your FIPS 140-2 needs if required.

Some key benefits of combining TLS 1.3 with FIPS validated software include:

  1. Software becomes marketable to federal agencies - without FIPS, a federal agency is not able to use cryptographic-based software
  2. Single round trip
  3. 0-RTT (a mode that enable zero round trip time)
  4. After Server Hello, all handshake messages are encrypted.

And much more! For more information regarding the benefits of using TLS 1.3 or using the FIPS validated version of wolfCrypt, check out wolfSSL's TLS 1.3 Protocol Support and our wolfCrypt FIPS page.

FIPS 140-2 is a government validation that certifies that an encryption module has successfully passed rigorous testing and meets high encryption standards as specified by NIST. For more information or details on FIPS 140-2, it may be helpful to view this Wikipedia article: https://en.wikipedia.org/wiki/FIPS_140-2

For more details about wolfSSL, TLS 1.3, or if you have any other general inquiries please contact info@wolfssl.com

To find out more about FIPS, check out the NIST FIPS publications or contact fips@wolfssl.com

wolfMQTT Adds Support for MQTT-SN

The MQTT Sensor Network standard provides a lightweight networking protocol perfectly suited to low cost, low power hardware. The protocol allows using small topic identifiers in place of the full topic name when sending and receiving publish data.

The wolfMQTT SN Client implementation is based on the OASIS MQTT-SN v1.2 specification. The SN API is configured with the --enable-sn option. There is a separate API for the sensor network API, which all begin with the "SN_" prefix. The wolfMQTT SN Client operates over UDP, which is distinct from the wolfMQTT clients that use TCP. The following features are supported by the wolfMQTT SN Client:

  • Register
  • Will topic and message set up
  • Will topic and message update
  • All QoS levels
  • Variable-sized packet length field

You can download the latest release of wolfMQTT from our website or clone on GitHub. For more information please email us at info@wolfssl.com.

wolfSSL Intel SGX (#SGX) + FIPS 140-2 (#FIPS140)!

wolfSSL is pleased to announce the following addition to the wolfSSL FIPS certificate!

Debian 8.7.0 Intel ® Xeon® E3 Family with SGX support Intel®x64 Server System R1304SP
Windows 10 Pro Intel ® Core TM i5 with SGX support Dell LatitudeTM 7480

The wolfCrypt FIPS validated cryptographic module has been validated while running inside an Intel SGX enclave and examples have been setup for both Linux and Windows environments.

Intel ® SGX (Software Guard Extensions) can be thought of as a black-box where no other application running on the same device can see inside regardless of privilege. From a security standpoint this means that even if a malicious actor were to gain complete control of a system including root privileges, that actor, no matter what they tried, would not be able to access data inside of this “black-box”.

An Intel enclave is a form of user-level Trusted Execution Environment (TEE) which can provide both storage and execution. Meaning one can store sensitive information inside and also move sensitive portions of a program or an entire application inside.

While testing, wolfSSL has placed both individual functions and entire applications inside the enclave. One of the wolfSSL examples shows a client inside the enclave with the only entry/exit points being “start_client”, “read”, and “write”. The client is pre-programmed with a peer to connect with and specific functionality. When “start_client” is invoked it connects to the peer using SSL/TLS and executes the pre-programmed tasks where the only data entering and leaving the enclave is the info being sent to and received from the peer. Other examples show placing a single cryptographic operation inside the enclave, passing in plain-text data and receiving back encrypted data masking execution of the cryptographic operations.

If you are working with SGX and need FIPS validated crypto running in an enclave contact us at fips@wolfssl.com or support@wolfssl.com with any questions. We would love the opportunity to field your questions and hear about your project!

Resources:
https://software.intel.com/en-us/blogs/2016/12/20/overview-of-an-intel-software-guard-extensions-enclave-life-cycle

wolfSSL at ECS 2018

wolfSSL will be attending ECS 2018 this upcoming week in Stockholm, Sweden. Stop by to talk with engineering manager and software developer Chris Conlon, or with business director Rodney Weaver.

ECS 2018 will be held on November 6th and 7th, at the Kitsamässan event center, with wolfSSL attending both of these days.

Additionally, Chris Conlon will be giving a talk titled "Secure Communications with TLS using wolfSSL", on November 6th at 11:30am, in Room M1.

Stop by to hear more about wolfSSL, TLS, licensing, to hear Chris's talk, or to pick up some neat stickers! We look forward to seeing you there!

For more information about wolfSSL's attendance at this event or future events, please feel free to contact info@wolfssl.com.

wolfSSL FAQ page

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

  1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
  2. How do I manage the build configuration of wolfSSL?
  3. How much Flash/RAM does wolfSSL use?
  4. How do I extract a public key from a X.509 certificate?
  5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at support@wolfssl.com.

Renesas RX Alpha Project uITRON and TINET Demo Projects

Are you curious about wolfSSL support for the uITRON RTOS?  We recently added SSL/TLS server/client example projects running on top of uITRON and TINET (their network layer API). This API is incompatible with BSD,  so this is also a good demo how wolfSSL can fit into a non-BSD API easily.

These demo projects are currently in the wolfSSL master branch on GitHub, and will roll into the next stable release of wolfSSL!

You can download the demo today by cloning an up to date wolfSSL package from our repository:
https://github.com/wolfssl/wolfssl

The demo files are located under “IDE/Renesas/cs+/Projects/t4_demo”. This demo is assumed to be built with AlphaProject board with Renesas RX family MPU and its default firmware or driver. It includes TINET TCP/IP compatible Renesas firmware, T4Tiny. For information on building the project, refer to the README located in the demo directory.

Renesas: https://www.renesas.com/us/en/
Renesas RX family: https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rx.html
AlphaProject: https://www.apnet.co.jp/

If you are interested in using the wolfSSL embedded SSL/TLS library on this platform, contact us at support@wolfssl.com for help getting up and running! wolfSSL also supports TLS 1.3, FIPS 140-2, and integration into many different hardware cryptography implementations!

Additionally, the picture below displays the AlphaProject board with the Renesas RX family MPU itself:

wolfSSH with SFTP and SCP

wolfSSL has added in SFTP (SSH File Transfer Protocol) server and client capabilities with the wolfSSH product. An SFTP connection can be used to transfer files, create new directories, modify directory contents, and much more. The SFTP feature was created to allow for use in an embedded IoT project and was made to be easily portable for new environments. In addition to SFTP capabilities the wolfSSH library uses the progressive crypto library wolfCrypt from wolfSSL. This includes the ability to use FIPS code along with making use of the best tested crypto!

To enable SFTP or SCP, build wolfSSH with the following enable flags: --enable-sftp --enable-scp.

If you have questions, or need SFTP/SCP services, contact us at info@wolfssl.com

 

wolfSSL is the Secure Socket Solution for QT

The QSslSocket class in QT makes it easy to add encryption to your application.

wolfSSL makes it secure!

The wolfSSL embedded SSL/TLS library is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set.  It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross-platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2 levels, is up to 20 times smaller than OpenSSL, supports FIPS, and has critical interfaces like TPM 2.0 and  PKCS#11.

The recent wolfSSL integration with QT provides a lightweight and performance-minded alternative for the QT Network backend for SSL/TLS.

To learn more about the advantages of using wolfSSL, visit our page on “wolfSSL vs. OpenSSL”.  If you have any questions about using wolfSSL in your application or replacing OpenSSL with wolfSSL, please reach out to our support team at support@wolfssl.com!

i.MX6 CAAM with Integrity OS

wolfSSL provides support for the i.MX6 and i.MX7, which can use NXP's Cryptographic Assistance and Assurance Module (CAAM) to perform hardware encryption. This use of hardware encryption provides a significant performance increase when used on larger buffers, which can be seen on wolfSSL's benchmark page.

 To show this performance increase in action, wolfSSL has run its benchmarks on an NXP i.MX6 with Green Hills INTEGRITY OS. The wolfSSL benchmark application runs various hashing algorithms and records the how efficiently and quickly they were performed. Below is a comparison of the data from software encryption benchmarks and hardware encryption benchmarks, showing how well the CAAM can improve performance:

Hardware encryption speeds (MB/s):

Block size - bytes

SHA1

SHA224

SHA256

HMAC-SHA256

16

1.897

1.889

1.884

1.259

512

13.752

14.144

14.143

12.614

1024

21.337

22.291

22.314

20.192

2048

29.031

31.024

31.102

29.074

4096

34.879

37.996

38.027

36.450

Software encryption speeds (MB/s):

Block size - bytes

SHA1

SHA224

SHA256

HMAC-SHA256

16

15.419

7.484

7.476

5.282

512

21.423

9.129

9.126

8.972

1024

21.565

9.165

9.162

9.082

2048

21.625

9.174

9.165

9.137

4096

21.686

9.192

9.195

9.174

References:
More information about NXP's cryptographic acceleration technology: https://www.nxp.com/applications/solutions/internet-of-things/secure-things/network-security-technology/cryptographic-acceleration-technology:NETWORK_SECURITY_CRYPTOG
NXP's i.MX6 product pages: https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/i.mx-applications-processors/i.mx-6-processors:IMX6X_SERIES
NXP's i.MX7 product pages: https://www.nxp.com/products/processors-and-microcontrollers/arm-based-processors-and-mcus/i.mx-applications-processors/i.mx-7-processors:IMX7-SERIES

 

Posts navigation

1 2 3 4 79 80 81

Weekly updates

Archives

Latest Tweets