Removal of user RSA

In the last release of wolfSSL there was some house cleaning done on older RSA implementations. The user RSA layer was removed along with the hooks used for tying in IPP. When those were first introduced we had yet to implement SP (single precision) versions of RSA. Fast forward to today, and there is a faster implementation of RSA in wolfSSL itself. In IPP v0.9 it was able to do 990.09 RSA 2048 bit sign operations per second and in wolfSSL 5.7.0 it was able to run 1,015.23 operations per second. Verify operations took around the same time with both libraries now at 35,714 operations per second on average. These measurements were collected on an older Intel(R) Core(TM) i7-4870HQ CPU. Along with a performant implementation of RSA there are now the crypto callbacks if desiring to plug in custom RSA operations. This being the case the –enable-fastrsa, user RSA, and IPP hooks were dropped to lower maintenance and reduce bundle size.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: Migrating from Mocana to wolfSSL

Join our upcoming webinar, ‘Migrating from Mocana to wolfSSL,’ on May 2nd at 10 am PT hosted by wolfSSL Senior Software Engineer, Eric Blankenhorn. He will unveil the advantages of switching to wolfSSL, offering a superior alternative to Mocana with better support and a smoother workflow.

Watch the webinar here: Migrating from Mocana to wolfSSL

During this session, Eric will provide in-depth insights into what makes wolfSSL different from Mocana and address the gaps you might be experiencing while using Mocana. Discover a smooth transition from Mocana to wolfSSL, along with best practices for ensuring security continuity. Explore the potential benefits of using wolfSSL and learn how to optimize performance during the migration process. Let us introduce you to solutions that work best for your projects!

Watch now, for this informative webinar on migrating from Mocana to wolfSSL and ensure your cybersecurity remains robust and up-to-date!

As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

How to unload intermediate certificates with wolfSSL?

Recently, a notable modification was introduced in wolfSSL, a prominent provider of security solutions. Pull request #7245 (https://github.com/wolfSSL/wolfssl/pull/7245) focuses on optimizing memory management by introducing a function to unload intermediate CA certificates and free up memory. Let’s explore the significance of this code change and its potential impact on enhancing efficiency and resource utilization within cryptographic applications.

Specifically, the code change addresses the need to efficiently handle intermediate Certificate Authority (CA) certificates. These certificates, while essential for establishing trust chains in cryptographic operations, can consume valuable memory resources, particularly in resource-constrained environments.

The essence of the code change lies in the introduction of a dedicated function (wolfSSL_CertManagerUnloadIntermediateCerts()) to unload intermediate CA certificates from memory when they are no longer needed. By using this function, developers can optimize resource utilization, thereby enhancing the overall efficiency and stability of cryptographic operations.

Key Benefits: The introduction of the function to unload intermediate CA certificates brings several notable benefits:

  1. Efficient Memory Management: By providing a mechanism to unload intermediate CA certificates from memory, the code change ensures efficient utilization of resources. This is particularly crucial in environments where memory constraints are a concern, such as embedded systems and IoT devices.
  2. Prevention of Memory Leaks: Memory leaks can pose significant security and reliability risks in software applications. The new function helps prevent memory leaks by explicitly releasing memory allocated for intermediate CA certificates when they are no longer required, thereby improving the robustness of cryptographic operations.
  3. Scalability and Performance: Optimal memory management contributes to improved scalability and performance of cryptographic applications. By freeing up memory resources, the code change enables applications to handle larger workloads more efficiently, leading to enhanced responsiveness and overall performance.

By incorporating the function to unload intermediate CA certificates, developers can optimize resource utilization and mitigate potential security risks associated with memory management issues. This not only enhances the reliability and stability of cryptographic applications but also contributes to the overall security resilience of the systems in which they are deployed.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

ML-KEM and ML-DSA at the CAVP

The CAVP (Cryptographic Algorithm Validation Program) now has testing available for ML-KEM (Kyber) and ML-DSA (Dilithium). Initial Draft standards for these algorithms have been released as FIPS-203 and FIPS-204 respectively.

You can find the various .json test cases here:

Whenever you’re ready, we’ll be able to do CAVP testing of our implementations of these algorithms. Let us know about your interest in this!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

cURL Up 2024

Exciting news from cURL! We’re thrilled to announce the return of curl-up, scheduled to take place in Stockholm, Sweden from May 4th to the 5th! Our goal is to bring the community together for an unforgettable weekend of collaboration and learning.

We’re inviting all curl contributors, maintainers and fans to join us. Perfect opportunity for you to engage with Daniel Stenberg, the cURL founder, and maintainer of cURL, as well as other speakers and industry experts.

Save the date

  • Date: May 4th to the 5th
  • Location: Stockholm, Sweden

Stay updated on event details, including venue and agenda, on our dedicated web page, curl-up 2024. We’re open to agenda suggestions. Share your ideas on a curl mailing list or in the discussions section.

We would like to support our top-100 contributors with traveling and lodging expenses. Please read the funding attendance to see the regulation and eligibility requirements.

Registration is mandatory. Register now to secure your space! Let’s make curl-up 2024 an unforgettable weekend. See you there!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.

Download wolfSSL Now

Accelerating AES Encryption with Nvidia CUDA: WolfCrypt Performance Boost

We have tested wolfCrypt using the Nvidia A10, A100, and H100 GPU architectures. Using the AesEncrypt_C function from wolfCrypt, we added the CUDA acceleration wrappers to determine the performance of the algorithm running on a GPU. The implementation simply hijacks the calls to AesEncrypt_C and AesEncryptBlock_C and uses the CUDA wrappers to run the function on the hardware. To gain performance, the hardware simultaneously calculates the blocks within the cipher instead of using a ‘for’ loop to iterate through.

The code is available for review as part of this merged PR. You now also have the option of comparing two benchmark results with our new ‘benchmark_compare.sh’ in the wolfSSL ‘scripts’ folder.

AES-GCM, AES-ECB, AES-XTS, and AES-CTR seem to get a 1.6x, 5x, 2.6x and 3x performance boost respectively on the A-series chips, and 2.6x, 10.8x, 3.5x and 5.3x boost on the H100, respectively. When the data to be encrypted is passed to the hardware, it calculates each block simultaneously as opposed to sequentially in the CPU.

Algorithms like AES-CBC, AES-CFB, AES-OFB, AES-CCM, AES-SIV and AES-CMAC grind to a halt because they can’t be independently parallelized. The output of the next block depends on the previous block.

Going forward, we are planning to optimize for even better cryptographic performance on GPUs. It just makes sense for us to add additional algorithmic support as well as full FIPS 140-3 support for Nvidia GPUs such that government consumers can have maximum assurance when encrypting sensitive video and audio with AES-XTS, for example.

If you need FIPS 140-3 encryption for GPUs it can be as simple as adding an operating environment to our certificate. See our contact details at the end of the post.

See some of the test results compared below:

Comparing wolfCrypt's AesEncrypt_C per algorithm speed(MB/s)
Comparing wolfCrypt's AesEncrypt_C per algorithm speed(MB/s)
Comparing wolfCrypt's AesEncrypt_C per algorithm speed(MB/s)

Visit our download page to download the latest release, or clone it from wolfSSL GitHub. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or call us at +1 425 245 8247.

Share this blog on your favorite social platforms and let’s spark conversations that inspire positive change in AES encryption.

Download wolfSSL Now

wolfSSL Loves Robots!

Did you say robots? At wolfSSL we love robots! We even have one to clean our office in Bozeman, Montana. But even more than that little cleaner, we love securing robots.

If you are in the robotics and automation space, you already know that it’s all about scaling up. Sure a robot can clean an office, but that’s not the end goal. Once you’ve proven your product in one location, it can clean every location your client has. But in order to scale, you need a big customer. What better customer than government agencies?

But you need reliable security. That means confidentiality of all transmissions and proper authentication of all commands. That means authenticating your firmware to prevent tampering by nefarious actors. After all, you’re likely operating in healthcare, law enforcement or government. In all these industries, you’ll need to fulfill your regulatory requirements such as FIPS-140 or DO-178 before you even approach your customers. You specialize in making the robots do what they do so let our experts help you with those regulatory requirements.

Here at wolfSSL, we’ve helped numerous robotics companies with their FIPS-140 efforts with our support for the Robot Operating System (ROS).

But even more importantly than that, we support just about any real-time embedded platform you throw at us and have the best performance to boot! We understand you have millisecond real-time reaction requirements due to safety standards and can’t have processes locked up doing cryptographic operations. Send us a message asking about our asynchronous cryptographic APIs and we’ll set you up with a call with our expert engineers to hash out the details.

If you’re making robots, we need to have a conversation!

If you have questions about any of the above, please reach out to facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Live Webinar: An introduction to Stateful Hash-Based Signature Schemes

Get ready to embark on a journey into another cutting-edge realm of cybersecurity with wolfSSL! Join us for an exciting webinar, “An Introduction to Stateful Hash-Based Signature Schemes,” led by Senior Software Developer Anthony Hu. Mark your calendars for April 25th at 10 am PT, as we explore the fundamentals of stateful hash-based signature schemes and their implications for the future of digital security.

Watch the Webinar Here: An Introduction to Stateful Hash-Based Signature Schemes

  • Gain insight into the importance of staying ahead of the CNSA 2.0 timeline
  • Dive into the One Time Signatures (OTS)
  • Discover how Merkle Trees hierarchical data structures enhance security and scalability
  • Understanding the significance of the state in these algorithms
  • Explore future advancements and beyond
    And much more

Don’t miss out on this exclusive opportunity to boost your cybersecurity knowledge. This webinar promises to equip you with invaluable insights and practical skills to navigate the complexities of modern digital security.

Mark your calendar for April 25th at 10am PT and join us for an enlightening exploration of stateful hash-based signature schemes.

As always, our webinar includes Q&A sessions throughout. If you have any questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL LTS Announcement

wolfSSL is announcing a long term support (LTS) version of the wolfSSL library. The goal of this product will be to provide users with fully ABI compatible releases of wolfSSL that are secure against all known vulnerabilities. Patches for vulnerabilities will be backported to the LTS branch in an ABI compatible way to guarantee security and stability.

ABI (Application Binary Interface) is a low-level interface that defines how functions and data structures are accessed in machine code. ABI specifies how parameters are passed to functions, how return values are retrieved, and how data structures are arranged in memory. Guaranteeing ABI stability means that compiling a newer version of the library with the same configuration will work with programs linked against an older release.

wolfSSL LTS will provide users with a stable and reliable library that can be kept up to date with no additional headache. Your programs will always be compatible with the latest wolfSSL LTS release and will be safe from discovered vulnerabilities. Separating out a LTS branch will allow us to continue developing and improving wolfSSL without the strict restrictions of ABI backwards compatibility. Users will be able to choose the appropriate version for them based on their individual priorities.

wolfSSL LTS, like all of our libraries, will be offered under a dual-license model. GPL will be available for open source users and a commercial license will be available for customers integrating it in commercial products. Additional limited backporting services will also be available for customers.

If you’re interested in wolfSSL LTS or have questions about any of the above, please reach to us at facts@wolfSSL.com or call us at +1 425 245 8247!

Download wolfSSL Now

wolfSSH Now Includes Curve25519 Support

wolfSSH now has Curve25519 support as of version 1.4.17! Go ahead and download it today. You’ll need both wolfSSL and wolfSSH. Here are instructions to get this up and running to try out yourself.

Compile wolfSSL with support for wolfSSH and Curve25519.

$ cd wolfssl
$ ./configure --enable-wolfssh --enable-curve25519
$ make all
$ sudo make install
$ sudo ldconfig

After building and installing wolfSSL, you can simply configure wolfSSH with no options and build:

$ cd wolfssh
$ ./configure
$ make all

The wolfSSH client and server will automatically negotiate the use of Curve25519 for key exchange.

Run the server:

$ ./examples/echoserver/echoserver -f

In a separate terminal, run the client: 


$ ./examples/client/client -u jill -P upthehill

Congratulations! You’ve just made an SSH connection where the key exchange was done with Curve25519.

Our next natural step is to add support for hybrid Curve25519 and Kyber/ML-KEM at NIST security level 1. Want to see this work at a higher priority and accelerated? Let our management know. Simply send a message saying you support our efforts in developing this implementation to facts@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3