wolfSSL Year In Review 2013

If you missed our recent presentation at FOSDEM, we just put our slide deck up online at the following URL:

https://speakerdeck.com/wolfssl/wolfssl-year-in-review

wolfSSL made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of platforms and environments. These slides (and talk) provides an overview of technical progress in the last year (2013) and news on the current state of wolfSSL. Details on what`s new include the addition of new crypto ciphers and algorithms, better hardware cryptography support, more flexible abstraction layers, a JNI wrapper, new platform support, and better development tool integration.

As always, if you have any questions or comments, we welcome them at facts@wolfssl.com.

wolfSSL Release v2.9.0 Now Available

The new release of wolfSSL, v2.9.0, is now ready to download from our website. New features include:

Platforms:
– Freescale Kinetis
* RNGB support (K53 Sub-Family Reference Manual, Chapter 33)
* mmCAU support (ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User Guide)

– Microchip
* MPLAB Harmony support

TLS Extensions:
Supported Curves
– Secure Renegotiation
Truncated HMAC

Public-Key Cryptography Standards:
– PKCS #7 Enveloped data and signed data
– PKCS #10 Certificate Signing Request generation

OCSP: (The new CRL):
– API change to integrate into Certificate Manager
– IPv4/IPv6 agnostic
– example client/server support
– OCSP nonces are optional

DTLS:
Sliding window (Anti-replay)

ECC:
– Encrypt/Decrypt primitives
– Certificate generation

Others:
GMAC hashing
– Additional X.509 inspection functions

Please see the README and our on-line documentation for more information or feel free to contact us.

Using Supported Elliptic Curves Extension with wolfSSL

We are back to talk about TLS extensions again. Today we present the addition of Supported Elliptic Curves on wolfSSL!

RFC 4492 introduces five new ECC-based key exchange algorithms for TLS: ECDH_ECDSA, ECDHE_ECDSA, ECDH_RSA, ECDHE_RSA and ECDH_anon. However, it may be desirable in constrained environments to only support a limited number of curves. When a client uses this extension, servers that understands it MUST NOT negotiate the use of an ECC cipher suite unless they can complete the handshake while respecting the choice of curves specified by the client. This eliminates the possibility that a negotiated ECC handshake will be subsequently aborted due to a client’s inability to deal with the server’s ECC key.

To enable the usage of Supported Elliptic Curves in wolfSSL you can simply do:

./configure –enable-supportedcurves

Using Supported Elliptic Curves on the client side requires additional function calls, which should be one of the following functions:

wolfSSL_CTX_UseSupportedCurve();
wolfSSL_UseSupportedCurve();

wolfSSL_CTX_UseSupportedCurve() is most recommended when the client would like to enable Supported Curves for all sessions. Setting the Supported Elliptic Curves extension at context level will enable it in all SSL objects created from that same context from the moment of the call forward.

wolfSSL_UseSupportedCurve() will enable it for one SSL object only, so it`s recommended to use this function when there is no need for Supported Elliptic Curves on all sessions.

These functions can be called more than once to indicate the support of multiple curves.

On the server side no call is required. The server will automatically attend to the client`s request selecting ECC cipher suites only if the supported curves are allowed.

All TLS extensions can also be enabled with:

./configure –enable-tlsx

If you have any questions about using TLS Extensions with wolfSSL please let us know at facts@wolfssl.com.