A recent paper used wolfSSL as a test bed for proving out their attack on Ed25519 signatures. You can read the paper here: https://eprint.iacr.org/2017/985.pdf . This was not an attack on wolfSSL itself or its implementation, but rather a differential power attack that involves SHA-512 and Ed25519. The recommended countermeasure is to change Ed25519 and […]
Read MoreMore TagCategory: Uncategorized
KRACK Attacks: Wi-Fi Security Has Been Breached
According to a recent article, researchers have announced that Wi-Fi security has a protocol level exploit that can render all Wi-Fi traffic vulnerable to sniffing or manipulation. The good news is that if you are already using an independent form of end-to-end encryption such as SSL/TLS then the stolen packets are of little use as […]
Read MoreMore TagwolfSSL Intel SGX Testing
wolfSSL has support for Intel SGX and we do continuous integration testing on that support. This means that every night a process starts up and runs unit tests on crypto operations in a secure Enclave. Here’s a peek at some of the on going tests in action… LINK => App GEN => trusted/Wolfssl_Enclave_t.c CC <= […]
Read MoreMore TagwolfSSL with Improved ThreadX/NetX Support
wolfSSL has supported the ThreadX/NetX RTOS with the TLS protocol. Recently we added the ability to use DTLS with NetX. Out of the box, wolfSSL has the I/O callback functions for handling UDP packets for DTLS. As an extension to DTLS, wolfSSL also supports Multicast DTLS. If you would like to know more please contact our sales team […]
Read MoreMore TagHow to use the 0-RTT rope to climb, without hanging yourself!
One of the major new features of TLS v1.3 is the 0-RTT handshake protocol. This variation of the handshake, using Pre-Shared Keys (PSKs), allows the client to send encrypted data to the server in the first flight. This is particularly useful for TLS on embedded devices. Take the example of IoT. There may be thousands […]
Read MoreMore TagOverview of Testing in wolfSSL
The security of wolfSSL products is always on our mind and holds high importance. Conducting regular, diligent, and well-planned testing helps maintain wolfSSL’s robustness and security. We strive to write and maintain clean, readable, and understandable code. Like the halting problem, we know it is impossible to test every single possible path through the software, but […]
Read MoreMore TagwolfSSL STM32F7 Support
We would like to announce that the wolfSSL embedded SSL library now has support for hardware-based cryptography and random number generation offered by the STM32F7. Supported cryptographic algorithms include AES (CBC, CTR), DES (ECB, CBC), 3DES, MD5, and SHA1. For details regarding the STM32F7 crypto and hash processors, please see the STM32F7 Hardware Abstraction Layer (HAL) and […]
Read MoreMore TagwolfSSL with PikeOS and ElinOS and TLS 1.3
Are you a user of PikeOS or ElinOS, and interested in a lightweight TLS 1.3 implementation? The wolfSSL embedded SSL/TLS library now supports TLS 1.3 (drafts 18 and 20). TLS 1.3 improves performance of establishing TLS connections by reducing the required number of round trips during the TLS handshake (including a new 0-RTT option where applications can […]
Read MoreMore TagNXP CAU, mmCAU, and LTC Hardware Cryptography with TLS 1.3
As you may know, wolfSSL includes support for offloading cryptography operations into NXP Coldfire and Kinetis devices that include the CAU, mmCAU, or LTC hardware crypto modules. Taking advantage of these modules improves performance of both the cryptography and the SSL/TLS layer running on top of it. Here is a quick comparison of performance between […]
Read MoreMore TagMicrochip PIC32MZ with TLS 1.3
As you may know, wolfSSL includes support for offloading cryptography operations into the PIC32MZ hardware crypto module. This improves performance of both the cryptography and the SSL/TLS layer running on top of it. Here is a quick comparison of performance between software cryptography and the hardware-based cryptography offered by the PIC32MZ: Software Crypto Hardware […]
Read MoreMore Tag