RECENT BLOG NEWS

wolfSSL has a new feature to allow for users to plug in their own crypto for RSA if they so choose. This is a great feature for students looking to test their own RSA operations in a SSL/TLS connection or for those wanting to see if they can speed up operations in the IoT realm and on embedded devices. This option can be used with the build flag “–with-user-crypto”. An example of building a module can be found in the directory “wolfssl_root/wolfcrypt/user-crypto/” and built with the commands:

cd wolfcrypt/user-crypto/
./autogen.sh
./configure
make
sudo make install

This example makes use of Intel’s IPP libraries and needs them installed and existing on the system before being able to build. For any questions on use, or about the wolfSSL embedded SSL/TLS library in general, contact us at facts@wolfssl.com

Intel IPP libraries https://software.intel.com/en-us/intel-ipp .

The wolfMQTT v0.3 release adds a new example for secure firmware update. This example uses the wolfSSL embedded SSL/TLS library to hash/sign the binary image and send it over MQTT. The example has two applications. One is called fwpush, which hashes, signs and publishes the firmware image over TLS to an MQTT broker. The second is called fwclient, which subscribes to the example firmware update topic, receives the firmware image and validates the signature of it. This example is located in examples/firmware.

The latest wolfMQTT releases can be downloaded at: 
https://wolfssl.com/download

Documentation for wolfMQTT can be found here:
https://www.wolfssl.com/docs/wolfmqtt-manual/

The latest source code can be found on our GitHub repo at:
https://github.com/wolfSSL/wolfMQTT

For questions please contact support at support@wolfssl.com.

We’ve added some useful wrappers to the wolfSSL embedded SSL/TLS library for signature generation/verification and hashing. The signature wrappers support ECC and RSA. The hashing wrappers support MD5 and SHA, SHA256, SHA384 and SHA512.

Documentation for these new wrapper functions is in the wolfCrypt API Reference – Signature API and wolfCrypt Init and Cleanup.

New API functions:

#include <wolfssl/wolfcrypt/signature.h>
wc_SignatureGetSize
wc_SignatureVerify
wc_SignatureGenerate.

#include <wolfssl/wolfcrypt/hash.h>
wc_HashGetDigestSize
wc_Hash

An example for these new wrapper functions can be found here https://github.com/wolfSSL/wolfssl-examples/tree/master/signature. There is also an example for the wc_Hash function in wolfcrypt/src/signature.c.

For questions please contact support at support@wolfssl.com.

We are receiving questions on TLS 1.3 with greater frequency during the last 6 months. This note is intended to answer those questions and make clear our positions on TLS 1.3, so here are our thoughts:

1. We intend to have an implementation of TLS 1.3 available when the specification goes final from the IETF. Our big challenge is that since we will be the first to offer TLS 1.3, our interoperability testing will be limited at that time.

2. We will implement some of the individual features of TLS 1.3 as they become consensus and subsequently final from the IETF TLS working group. This will give us and our users a jump on the process of migrating to the new standard.

3. FIPS 140-2: We will be working with our lab to ensure that our TLS 1.3 implementation also supports FIPS.

4. As the leading embedded SSL/TLS, we will continue to maintain our lean and fast like a wolf design philosophy, such that our TLS 1.3 implementation will consume minimal resources.

As always, you are welcome to contact us at facts@wolfssl.com or at +1 425 245 8247 with your comments or questions.

wolfSSL has released version 0.2 of the wolfMQTT client library. This addition to the wolfSSL product portfolio provides a Pub/Sub client for use in M2M and IoT. The wolfMQTT client library is written in C and was built from the ground up to be multi-platform, space conscience and extensible.

Features
– Built from scratch by wolfSSL engineers
– Based on MQTT v3.1.1 specification
– Supports all client side packet types and protocol options
– QoS Levels 0-2 (guarenteed delivery)
– Supports plain TCP or TLS (via the wolfSSL library)
– Single threaded model and single message callback
– Written in Native C89 with portability/compatibility in mind
– Space conscience design (Compiled size is about 3.6KB)
– User manual with build instructions, example overview and API documentation
– Example MQTT client implementations
– Network interface is abstracted via callbacks for extensibility
– Packet parsing encoding/decoding structured for custom use
– Minimal external dependencies (strlen, memcpy, memset)
– Detailed error checking/handling
– Doxygen style inline documentation
– Less than 1200 lines of well structured C code
– Tested on multiple variants of MQTT broker servers, QoS levels 0-2 with/without TLS.
– Tested on Linux, Mac OS X and Freescale Kinetis K64.
– Inherits wolfSSL library features such as lightweight TLS using ChaCha20/Poly1305 AEAD, small size and portability.
– Open source (GPLv2)

wolfMQTT Product Page
wolfMQTT User Manual
Download wolfMQTT

For questions or additional information please contact wolfSSL at facts@wolfssl.com.

Did you know that the wolfSSL embedded SSL/TLS library has support for the Digital Signature Algorithm (DSA)? Many of us in security are familiar with Ron Rivest, Adi Shamir, and Leonard Adleman (RSA). DSA is a public key operation like RSA. When using keys of the same length RSA and DSA are considered to be of equivalent strength.

DSA is faster than RSA at decryption and signature generation.

Why might this matter to you? If you are designing an application that will use encryption and decryption, you might want to consider which operation it will do most frequently. For heavy decryption and light encryption, the more optimal public key operation by performance would be DSA.

More details on DSA can be found on the DSA wikipedia page.

For more information about DSA support in wolfSSL and wolfCrypt, please reference Section 10.5.4 of the wolfSSL Manual.  Please contact us at facts@wolfssl.com with any questions.

Have you heard about the recent ChaCha20-Poly1305 AEAD supported by wolfSSL embedded SSL/TLS and are wondering how secure it is? It`s comprised of two ciphers: ChaCha20 and Poly1305, designed to be constant time, making it naturally resistant to timing attacks. The AEAD is being used by many notable companies that also trust it for their security, such as Google Chrome and Apple’s HomeKit. ChaCha20-Poly1305 has gone through security analysis and is considered secure.

To view a formal security analysis done on Adam Langley`s IETF protocol using ChaCha20-Poly1305 seehttps://eprint.iacr.org/2014/613.pdf

For added analysis done on Salsa (what ChaCha is based from) see section 5 from http://cr.yp.to/snuffle/salsafamily-20071225.pdf

For any questions about wolfSSL please contact us at facts@wolfssl.com

wolfSSL has a new release out, version 3.7.0. In this release we have added features and bug fixes to the wolfSSL embedded SSL/TLS library and further increased its ease of use on platforms in the realm of IoT, with the addition of a Rowley Crossworks example. Along with additions for Rowley there has been an update to the MDK5-ARM and FreeRTOS project keeping wolfSSL at the cutting edge of embedded TLS/SSL.

Some of the features added to our TLS and wolfCrypt layer are: the IDEA cipher, an example of plugging in user choice of external RSA cryptography, and support for the ALPN, which allows making connections over HTTP2.

For a full list of features, and to try them out, download wolfSSL 3.7.0 from the download page, or follow our development branch on GitHub.

For more information about wolfSSL contact us at facts@wolfssl.com

MQTT (Message Queuing Telemetry Transport) is a light weight open messaging protocol that was developed for constrained environments such as M2M (Machine to Machine) and IoT (Internet of Things), where a small code footprint is required. MQTT is based on the Pub/Sub messaging principle of publishing messages and subscribing to topics. The protocol efficiently packs messages to keep the overhead very low. The MQTT specification recommends TLS as a transport option to secure the protocol using port 8883 (secure-mqtt). Constrained devices can benefit from using TLS session resumption to reduce the reconnection cost.

We have posted an example implementation of MQTT with TLS (MQTTS) on mbed:
https://developer.mbed.org/users/wolfSSL/code/HelloMQTTS/
https://developer.mbed.org/users/wolfSSL/code/MQTTS/

wolfSSL is also working on an open source secure MQTT client for IoT security that will be released soon which will work seamlessly with the wolfSSL embedded SSL/TLS library.

The MQTT Version 3.1.1 Specification can be found here on OASIS:
http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html

wolfSSL has become a Champion of National Cyber Security Awareness Month (NCSAM), joining a growing global effort among colleges and universities, businesses, government agencies, associations, nonprofit organizations and individuals to promote online safety awareness.

Celebrated every October, National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure everyone has the resources needed to stay safer and more secure online.

Coordinated and led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security, NCSAM has grown exponentially since its inception, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation and internationally. This year marks the 12th year of NCSAM.