Category: Uncategorized

I sat down with Chris Conlon, an employee here at wolfSSL and got to ask him a few questions:

Q: How did you start working with the company, and how long have you been here?
“I`ve been here going on four years now. I got the job directly out of MSU with a BS in Computer Science and minor in Management of IT. I met our CEO, Larry Stefonic, here in Bozeman, was offered an internship, and was really excited about working for a fast-paced and growing company. This also allowed me to stay in Bozeman where I could hike and ski, which I love to do.”

Q: What projects have you worked on?
“I`ve worked on a very diverse range of projects. The first one I worked on was related to Android. I was trying to see how difficult it would be to replace OpenSSL with CyaSSL. The final project was a Java SSL Provider for Linux and Android – both of which can be found on our website. I also worked with MIT on porting the Kerberos Authentication Protocol to Android. Since then, there have been many customer-specific projects ranging from “Smart” door locks to different forms of machine-to-machine (M2M) communication. One of the more recent larger projects was our wolfSSL JNI product, which was a lot of fun. Besides engineering projects, I`ve worked on a number of things to help the company grow including developing the website and various marketing and partnership activities.”

Q: What are your daily responsibilities like?
“It varies from day to day, but there are a few consistencies: managing our technical support, helping with pre-sales technical discussions, engineering projects, website work, and marketing activities. Customer projects vary in type of application and tools used so, like several of our employees, I end up working with a large variety of development tools and platforms.

I also speak and write on behalf wolfSSL for many of our presentations, magazine articles, and case studies. Last year I gave presentations at FOSDEM in Brussels, Belgium, Embedded World in Nuremberg, Germany, and at the ARM Technology Conference in San Jose, CA. Those were a lot of fun.

My most recent task, and one which I`m very excited to be part of, is supervising six interns here in Bozeman over the Summer of 2014. I know the whole team is really excited to bring this group of interns into the company for the Summer. It`s exciting to see the company expanding, and the fact that we`ve reached the point where we are able to handle six interns shows us just how much we have grown as a company. And that`s really cool for all of us to see.”

Q: You`ve worked on a lot. What was your favorite project? Your most challenging?
“I really enjoyed working on the wolfSSL JNI wrapper, but I feel like all the projects I`ve worked on were unique enough to where I enjoyed them all. Everything keeps me busy with new challenges. As far as the most challenging project, I would have to say that either porting Kerberos to Android or working on ASN-encoding related projects have taken that spot.”

Q: How did you overcome these challenging situations?
“I think the best way to solve problems is flexibility and having an open mind to learning new things. One of the reasons I enjoy working in this field is because I think it`s really exciting to be working with new technologies – and with the rapid expansion of the embedded Internet and IoT it really keeps things interesting.”

Q: What do you find most rewarding about working here?
“Lots of things are rewarding, but I think getting to see the impact we make on the communications security market and even on the technology itself is the most rewarding. Even being a small company we`ve got to work on lots of projects that help the field evolve and expand. Working with such a talented group of individuals here at wolfSSL and our partner companies is rewarding and inspiring.”

Q: What are your final thoughts?
“I think the whole team is really excited to bring on our new interns this Summer. I`ve enjoyed being part of yaSSL (now wolfSSL) for the past four years, and am looking forward to continuing to work with the wolfSSL team into the future.”

About the author:

My name is CJ Smith, and I am one of the interns that wolfSSL has taken on over the summer of 2014. I`m really looking forward to working for such a great company in an extremely exciting field. I`m a Sophomore at Montana State University working toward a BA in Computer Engineering. In my spare time I like to read, play games, hike, and mess around with programming. I haven`t done much in this field outside of school, so this summer should be a great learning experience as well as a huge opportunity to see the real-world applications of everything I have learned.

Meet Todd Ouska, the Co-Founder of wolfSSL. Starting wolfSSL wasn`t a simple task. Todd had many obstacles to overcome, some of which included becoming an expert in all of the technology behind SSL/TLS and encryption and providing users with someone they could trust who had done it and done it correctly. Todd`s future hopes for the company are to expand wolfSSL’s products and to secure more devices around the world. Todd is fluent in C, C++, and x86 Assembly but prefers C++ because it has much stronger type checking compared to C, it`s easier to use modern design patterns because you have access to full objects, and it has the abstractions of a high level language but also the direct access to memory benefits that you get with C.

Outside of work Todd enjoys cycling and tries to do so a few times a week. His cycling trips tend to stretch as far as 50 miles. Next to cycling Todd enjoys reading non-fiction, listening to music, and modifying his sound system. When asked if he could work in any one single place, Todd said that he`d live in Portland; he`d lived in Seattle for a few years but moved back to Portland simply because he liked it.

About the Author:
My name is Shane Israel. I am an intern at wolfSSL working out of Bozeman, MT. I am currently a senior at Montana State University working towards my B.A. in Computer Science. In my spare time if I am not out hiking, camping, or kayaking I am likely playing video games or making games – lately mobile Android games. I love creativity and originality and find I can incorporate both in designing and making games on my free time. I`m looking forward to working with wolfSSL and learning more about this area of CS.

Larry Stefonic is one of the co-founders of wolfSSL, a company that develops SSL/TLS and cryptography libraries for adding security to devices and applications. wolfSSL began when Larry saw a need for proper security in embedded devices and knew that it was possible to develop a more lightweight SSL implementation. His main goal for wolfSSL is producing and maintaining secure, clean, and readable code, which can be a challenge with today’s rapidly advancing security technology. wolfSSL’s products are included in many different and unique markets ranging from embedded devices to enterprise solutions. His goal is to lead wolfSSL into the top spot in SSL deployments worldwide. Currently, wolfSSL has secured over 1 billion connections and this number is growing rapidly.

Being one of the leaders at one of the world’s top notch Internet security corporations, Larry strives to build a company that not only provides top of the line security software, but also connects cultures around the world. His vision for building wolfSSL includes a meta-national philosophy that melds and augments different ideas and viewpoints from various unique cultures. This worldly advantage contributes to wolfSSL’s tremendous success.

Larry enjoys every aspect of his work at wolfSSL, but he is most fond of developing the team environment. This team includes employees throughout the United States as well as around the globe. The company hosts weekly engineering and team meetings where they discuss current and future projects and ideas and maintain a close working relationship, even if separated by oceans, languages, and cultures.

On a more personal level, Larry is a graduate of Purdue University, and still enjoys following Boilermaker sports. He still enjoys a healthy and active lifestyle and has competed in a number of marathons.  

To learn more about Larry Stefonic and wolfSSL, feel free to explore the company web site at wolfssl.com.

About the Author
Leah Thompson is a development intern at wolfSSL in Bozeman, Montana. She is currently studying at Montana State University, working towards her master’s degree in Computer Science. She enjoys living in the great state of Montana, taking advantage of everything it has to offer including mountain biking, golfing and skiing. Leah is excited to be a part of such a great company and is learning more than she ever thought possible from the experienced team at wolfSSL.

For those of you interested in how CyaSSL fits into IoT, here is an example you should take a look at!

We have prepared a demo with CyaSSL, Xively, and mbed. It runs on various mbed platforms with Ethernet connections, including NXP LPC1768 whose RAM size is as small as 32k for applications + 32k for drivers.

In the demo configuration, mbed sends sensor data every 10 seconds through SSL to the Xively server, and you can see it through the browser on your pc.

 “mbed with Sensors” –[https]–> “Xively Server” <–[https]– “Browser on PC”

Xively is a cloud IoT service. It provides both HTTP and HTTPS APIs for IoT clients, in which they highly recommend HTTPS for obvious reasons, especially for commercial applications.

The demo includes the CyaSSL-based https client class. It is forked from the standard mbed http client class. So you can find out how it can be embedded into a socket-based program as well.

To use the project, please go to our mbed site and import the demo.

http://mbed.org/users/wolfSSL/

http://mbed.org/users/wolfSSL/code/CyaSSL-Xively/

For more information:

Xively: http://xively.com

mbed: http://mbed.org

mbed HTTPClient class:

    http://mbed.org/users/donatien/code/HTTPClient/

    http://mbed.org/handbook/TCP-IP-protocols-and-APIs

Understanding the stack and the heap are fundamental steps for all software developers. The importance of such understanding is inversely proportional to the amount of memory available on the platform, as both compete for a piece of the total memory space available on a system.

In some cases the developer has the choice of when to use one (either the stack or heap) more than the other. In other cases, a scenario may force the developer to work with minimal use of the stack, the heap, or both.

With this in mind, wolfSSL is introducing a new build option in CyaSSL. Developers can now choose a CyaSSL build that best matches their needs of using more stack and less heap OR more heap and less stack. This process is being accomplished by the refactoring of the CyaSSL code. Currently 90% of the encryption layer has been refactored to use the new option.

Small stack usage is not enabled by default. To enable it users must use the option “–enable-small-stack” when configuring the CyaSSL build as in the following example:

./configure –enable-small-stack [other options]

For users who don`t use CyaSSL`s configure script for compilation, smaller stack usage is not enabled by default. In this case, users will need to add the compiler directive CYASSL_SMALL_STACK in config.h file or settings.h to enjoy its benefits as in the following example:

#define CYASSL_SMALL_STACK

or

#define CYASSL_SMALL_STACK 1

If you have any questions about stack usage with CyaSSL please let us know at facts@wolfssl.com.

Hi!  Some of you know that the IETF working group on TLS is creating the specification for TLS 1.3.  We plan to upgrade wolfSSL to the TLS 1.3 specification as soon as the spec is finalized, or even close to finalized.  We are always aggressive with implementing the new TLS specifications, because we like to supply the community with a good test bed.  We did a great job getting TLS 1.2 out right away, as well as DTLS 1.2, and the community appreciated the effort.  We plan to continue our tradition of being quick with new protocol level changes.  

If you`re interested in what TLS 1.3 thinking is so far, then look here:  https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf.  If you have TLS 1.3 questions or comments, you are welcome to email us at facts@wolfssl.com or call us at +1 425 245 8247.

The new release of wolfSSL, v3.0.0, is now ready to download from our website.  New features include:

– FIPS release candidate
– X.509 improvements that address items reported by Suman Jana with security researchers at UT Austin and UC Davis
– Small stack size improvements, –enable-smallstack. Offloads large local variables to the heap. (Note this is not complete.)
– Updated AES-CCM-8 cipher suites to use approved suite numbers.

Please see the README and our on-line documentation for more information or feel free to contact us.

Hi!  We`ve scheduled ourselves to implement ChaCha20 and Poly1305 into wolfSSL this summer.  If you`re learning about what these are, see these links:

http://cr.yp.to/mac.html

https://www.imperialviolet.org/2013/10/07/chacha20.html

We`re excited about this addition to our code.  If you have comments, questions, or need it in our code sooner than this summer, then let us know!  We can be reached at facts@wolfssl.com or by phone at +1 425 245 8247.

As a follow up to the recent Heartbleed bug in OpenSSL, Embedded Computing Design interviewed wolfSSL’s CTO, Todd Ouska for an article titled “Heartbleed: (Not) one in a million”. You can read the article at the following URL:

http://embedded-computing.com/20937-heartbleed-not-one-in-a-million

Version 1.1.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used CyaSSL lightweight SSL/TLS library, including support for TLS 1.2 and DTLS 1.2.

This release contains bug fixes and features including:

– Updated support for CyaSSL, tested against CyaSSL 2.9.4
– Updated example certificates and CRLs for use with the included example client and server applications
– Test framework modification which now expects the user to have JUnit JARs installed on the development platform
– Updated unit tests and conversion from JUnit3 to JUnit4
– Android NDK support
– CRL monitor is now optional in server mode

Additional information regarding using wolfSSL JNI with Android NDK-based applications will follow in a separate post. wolfSSL JNI 1.1.0 can be downloaded from the wolfSSL download page and the wolfSSL JNI Manual can be found here.