RECENT BLOG NEWS

So, what’s new at wolfSSL? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.
In addition, wolfSSL now has a support-specific blog page dedicated to answering some of the more commonly received support questions.

wolfSSL 2.9.4 Released

Release 2.9.4 includes important Security Fixes for issues found by Ivan Fratric of the Google Security Team and Suman Jana with security researchers at UT Austin and UC Davis.  CVE details to be posted today for issues with memory corruption, null pointer deference, out of bound read, and unknown certificate extensions.  All users should upgrade immediately.

This release also includes sniffer fixes for corrupted Jumbo Frames, ARM thumb mode assembly fixes, XCode 5.1 support, PIC32 MZ hardware support, a sample I/O pool, and FIPS mode for algorithms including AES, 3DES, SHA-1, SHA-2, HMAC, and RSA.

wolfSSL and CyaSSL Users SAFE from Heartbleed Bug

A recently-discovered bug in OpenSSL’s implementation of the TLS Heartbeat Extension makes it possible for malicious attackers to potentially recover the private keys and sensitive data that should normally be secured by SSL/TLS. The vulnerability has been recorded as CVE-2014-0160.

The purpose of this note is not to gloat over a competing projects problems, as some others have done, but rather to inform our user base.  The OpenSSL team and their supporters have done a good job on getting the bug fixed as well as informing their users.  We want to be the first to note that secure coding is not for the faint of heart, because it is a specialized expertise.  Building cryptography and the protocols on top of it is a difficult expertise to practice.

We want to assure our users and customers that CyaSSL and wolfSSL products are NOT affected by the Heartbleed bug in any way. We are a clean room implementation of SSL/TLS, and did not employ any of OpenSSL`s code base, which many others have done.  We should also note that the bug is not a protocol level bug that effects all SSL/TLS implementations. This was a bug specific to OpenSSL’s implementation of the TLS Heartbeat Extension. This bug existed in OpenSSL for over two years, with vulnerable versions including OpenSSL 1.0.1 – 1.0.1f (inclusive).

Interested parties can learn more about this bug in OpenSSL at the following links:

http://heartbleed.com/
https://www.openssl.org/news/secadv_20140407.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

For additional information or questions about CyaSSL, please contact us at facts@wolfssl.com.

Visit with wolfSSL This Week at EE Live and Interop 2014

As you may have read from our previous blog entries, the wolfSSL team will be exhibiting at two separate conferences this week. We’ll be at both EE Live! (DESIGN West) in San Jose, CA as well as Interop 2014 in Las Vegas, NV.

We’re looking forward the chance to visit with users, customers, and attendees about the CyaSSL embedded SSL library and wolfCrypt Crypto Engine. For those attending one of the shows, you can find our booth information and expo hours for each conference below:

EE Live! 2014 (Booth #1637)
McEnery Convention Center
San Jose, CA

Expo Hours:
TUES: 10:30am – 5:00pm
WED: 10:30am – 5:00pm
THURS: 10:30am – 1:30pm

Interop 2014 (Booth #854)
Mandalay Bay Convention Center
Las Vegas, NV

Expo Hours:
TUES: 2:00pm – 7:00pm
WED: 10:30am – 5:00pm
THURS: 10:30am – 3:00pm

wolfSSL will be Exhibiting at EE Live 2014

wolfSSL will be exhibiting in booth 1637 at EE Live! 2014 (DESIGN West) this year in San Jose, CA.  The conference will be held March 31 – April 3, 2014 at the McEnery Convention Center.  The wolfSSL team will be visiting with attendees, users, and customers about the advantages of using the CyaSSL embedded SSL library, wolfCrypt crypto engine in embedded applications and devices, IoT, smart energy, and much more.

If you are planning on attending EE Live! this year, we invite you to stop by our booth to visit.  If you would like to set up a specific meeting time, please email us at facts@wolfssl.com.

wolfSSL will be Exhibiting at Interop 2014

wolfSSL will be exhibiting in booth 854 at Interop this year in Las Vegas, NV.  The conference will be held March 31 – April 4, 2014 at the Mandalay Bay Convention Center.  As usual, the wolfSSL team will be visiting with attendees about the CyaSSL embedded SSL library, wolfCrypt crypto engine, SSL inspection, and securing a wide range of connected devices and applications.

If you will be attending the conference this year, please stop by our booth to visit and say hello.  If you would like to set up a specific meeting time, please email us at facts@wolfssl.com.

wolfSSL Year In Review 2013

If you missed our recent presentation at FOSDEM, we just put our slide deck up online at the following URL:

https://speakerdeck.com/wolfssl/wolfssl-year-in-review

wolfSSL made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of platforms and environments. These slides (and talk) provides an overview of technical progress in the last year (2013) and news on the current state of wolfSSL. Details on what`s new include the addition of new crypto ciphers and algorithms, better hardware cryptography support, more flexible abstraction layers, a JNI wrapper, new platform support, and better development tool integration.

As always, if you have any questions or comments, we welcome them at facts@wolfssl.com.

wolfSSL Release v2.9.0 Now Available

The new release of wolfSSL, v2.9.0, is now ready to download from our website. New features include:

Platforms:
– Freescale Kinetis
* RNGB support (K53 Sub-Family Reference Manual, Chapter 33)
* mmCAU support (ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User Guide)

– Microchip
* MPLAB Harmony support

TLS Extensions:
Supported Curves
– Secure Renegotiation
Truncated HMAC

Public-Key Cryptography Standards:
– PKCS #7 Enveloped data and signed data
– PKCS #10 Certificate Signing Request generation

OCSP: (The new CRL):
– API change to integrate into Certificate Manager
– IPv4/IPv6 agnostic
– example client/server support
– OCSP nonces are optional

DTLS:
Sliding window (Anti-replay)

ECC:
– Encrypt/Decrypt primitives
– Certificate generation

Others:
GMAC hashing
– Additional X.509 inspection functions

Please see the README and our on-line documentation for more information or feel free to contact us.

Using Supported Elliptic Curves Extension with wolfSSL

We are back to talk about TLS extensions again. Today we present the addition of Supported Elliptic Curves on wolfSSL!

RFC 4492 introduces five new ECC-based key exchange algorithms for TLS: ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA and ECDH_anon. However, it may be desirable in constrained environments to only support a limited number of curves. When a client uses this extension, servers that understands it MUST NOT negotiate the use of an ECC cipher suite unless they can complete the handshake while respecting the choice of curves specified by the client. This eliminates the possibility that a negotiated ECC handshake will be subsequently aborted due to a client’s inability to deal with the server’s ECC key.

To enable the usage of Supported Elliptic Curves in wolfSSL you can simply do:

./configure –enable-supportedcurves

Using Supported Elliptic Curves on the client side requires additional function calls, which should be one of the following functions:

wolfSSL_CTX_UseSupportedCurve();
wolfSSL_UseSupportedCurve();

wolfSSL_CTX_UseSupportedCurve() is most recommended when the client would like to enable Supported Curves for all sessions. Setting the Supported Elliptic Curves extension at context level will enable it in all SSL objects created from that same context from the moment of the call forward.

wolfSSL_UseSupportedCurve() will enable it for one SSL object only, so it`s recommended to use this function when there is no need for Supported Elliptic Curves on all sessions.

These functions can be called more than once to indicate the support of multiple curves.

On the server side no call is required. The server will automatically attend to the client`s request selecting ECC cipher suites only if the supported curves are allowed.

All TLS extensions can also be enabled with:

./configure –enable-tlsx

If you have any questions about using TLS Extensions with wolfSSL please let us know at facts@wolfssl.com.

OCSP in wolfSSL Embedded SSL

Hi!  Do you need OCSP (Online Certificate Status Protocol) in wolfSSL?  We added OCSP as a wolfSSL feature back in 2011.  At this point it is well tested by our users and well into the deployment phase.  More information on the protocol is available here:  http://www.ietf.org/rfc/rfc2560.txt.  The gist of the feature is that a client can go out and check to see the status of a certificate.  OCSP is the modern CRL.

If you have questions about our OCSP support, just email us at facts@wolfssl.com.

Interesting SmartGrid use case for wolfSSL: ISO 15118

Hi!  If you`re interested in smart grid security, and specifically the security required when connecting an electric car to the smart grid, this post is for you!

wolfSSL has recently been supporting the development efforts of eNterop (as of 26 March 2018 at 9:30m MDT, this link no longer works and has no alternative), which is a group led by Germany`s Federal Ministry of Economics and Technology (BMWi), and includes Germany`s Continental AG, a leading auto parts manufacturer, as well as DaimlerVolkswagenBMW and Siemens.  The eNterop group is putting together an open source implementation of the vehicle-to-grid (V2G) standard ISO 15118.  A component of their open source release will be CyaSSL.  

The standards designers for ISO 15118 knew they had some security critical data flowing between the vehicle and the smartgrid, including billing data, Customer ID, location data, firmware and software updates.  As such, security is a critical part of the standard, and TLS 1.2 is the chosen method, which is where CyaSSL comes in.

As the most widely used embedded implementation of the TLS 1.2 standard, CyaSSL is the ideal choice for electric vehicle to grid security.  

If you`re curious to hear more about CyaSSL in ISO 15118, feel free to contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Posts navigation

1 2 3 81 82 83 84 85 86 87 116 117 118

Weekly updates

Archives

Latest Tweets