Author: wolfSSL

We`ve implemented ChaCha20 allowing for the use of both 128 bit and 256 bit keys and are in the process of implementing Poly1305 into wolfSSL. Both crypt tools and a suite using the two are on schedule to be released by the end of the summer.

The ChaCha20 and Poly1305 algorithms, originally developed by Bernstein, have been shown to be very secure. Further reading about these algorithms can be found in the link below.

http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04

We`re excited about this addition to our code.  If you have comments, questions, or need it in our code sooner than the end of this summer, let us know!  We can be reached at facts@wolfssl.com or by phone at +1 425 245 8247.

Hi everyone, we’re curious if anyone is interested in using wolfSSL with the Oculus Rift? If you don’t know what an Oculus Rift is, it is a Next Generation Virtual Reality Technology for video games or any Virtual Reality Applications. You can learn more at the following URL:

http://www.oculusvr.com/

If you have any questions, or would like to see wolfSSL working with the Oculus Rift, please email us at facts@wolfssl.com. 

OpenSSL released several security advisories yesterday: http://www.openssl.org/news/secadv_20140605.txt. None of these are attacks on the SSL/TLS protocols themselves.  They are all implementation bugs.  Most are critical bug fixes to DTLS (TLS over UDP).  As a clean room implementation of SSL, wolfSSL does not use any OpenSSL code and is free from these defects.  The most critical report seems to be the Man in the Middle vulnerability where an attacker can inject a Change Cipher Spec message to force a weak key stream (CVE-2014-0224).  wolfSSL does not create the keying material upon receipt of the Change Cipher Spec message as OpenSSL did/does and is free from this problem.

The purpose of this note is not to critique OpenSSL, but rather to inform our user base about how they may be affected.  For additional information or questions about CyaSSL please contact us at facts@wolfssl.com

Hi!  We`ve been supporting AES-NI for a few years now.  We`ve decided to extend that support to Visual Studio users.  If you would like to use AES-NI with Visual Studio, then let us know.  Beta code will be available shortly.  Contact us at facts@wolfssl.com if you have questions.

For those of you interested in how CyaSSL fits into IoT, here is an example you should take a look at!

We have prepared a demo with CyaSSL, Xively, and mbed. It runs on various mbed platforms with Ethernet connections, including NXP LPC1768 whose RAM size is as small as 32k for applications + 32k for drivers.

In the demo configuration, mbed sends sensor data every 10 seconds through SSL to the Xively server, and you can see it through the browser on your pc.

 “mbed with Sensors” –[https]–> “Xively Server” <–[https]– “Browser on PC”

Xively is a cloud IoT service. It provides both HTTP and HTTPS APIs for IoT clients, in which they highly recommend HTTPS for obvious reasons, especially for commercial applications.

The demo includes the CyaSSL-based https client class. It is forked from the standard mbed http client class. So you can find out how it can be embedded into a socket-based program as well.

To use the project, please go to our mbed site and import the demo.

http://mbed.org/users/wolfSSL/

http://mbed.org/users/wolfSSL/code/CyaSSL-Xively/

For more information:

Xively: http://xively.com

mbed: http://mbed.org

mbed HTTPClient class:

    http://mbed.org/users/donatien/code/HTTPClient/

    http://mbed.org/handbook/TCP-IP-protocols-and-APIs

Understanding the stack and the heap are fundamental steps for all software developers. The importance of such understanding is inversely proportional to the amount of memory available on the platform, as both compete for a piece of the total memory space available on a system.

In some cases the developer has the choice of when to use one (either the stack or heap) more than the other. In other cases, a scenario may force the developer to work with minimal use of the stack, the heap, or both.

With this in mind, wolfSSL is introducing a new build option in CyaSSL. Developers can now choose a CyaSSL build that best matches their needs of using more stack and less heap OR more heap and less stack. This process is being accomplished by the refactoring of the CyaSSL code. Currently 90% of the encryption layer has been refactored to use the new option.

Small stack usage is not enabled by default. To enable it users must use the option “–enable-small-stack” when configuring the CyaSSL build as in the following example:

./configure –enable-small-stack [other options]

For users who don`t use CyaSSL`s configure script for compilation, smaller stack usage is not enabled by default. In this case, users will need to add the compiler directive CYASSL_SMALL_STACK in config.h file or settings.h to enjoy its benefits as in the following example:

#define CYASSL_SMALL_STACK

or

#define CYASSL_SMALL_STACK 1

If you have any questions about stack usage with CyaSSL please let us know at facts@wolfssl.com.

Hi!  Some of you know that the IETF working group on TLS is creating the specification for TLS 1.3.  We plan to upgrade wolfSSL to the TLS 1.3 specification as soon as the spec is finalized, or even close to finalized.  We are always aggressive with implementing the new TLS specifications, because we like to supply the community with a good test bed.  We did a great job getting TLS 1.2 out right away, as well as DTLS 1.2, and the community appreciated the effort.  We plan to continue our tradition of being quick with new protocol level changes.  

If you`re interested in what TLS 1.3 thinking is so far, then look here:  https://www.ietf.org/proceedings/87/slides/slides-87-tls-5.pdf.  If you have TLS 1.3 questions or comments, you are welcome to email us at facts@wolfssl.com or call us at +1 425 245 8247.

The new release of wolfSSL, v3.0.0, is now ready to download from our website.  New features include:

– FIPS release candidate
– X.509 improvements that address items reported by Suman Jana with security researchers at UT Austin and UC Davis
– Small stack size improvements, –enable-smallstack. Offloads large local variables to the heap. (Note this is not complete.)
– Updated AES-CCM-8 cipher suites to use approved suite numbers.

Please see the README and our on-line documentation for more information or feel free to contact us.

Hi!  We`ve scheduled ourselves to implement ChaCha20 and Poly1305 into wolfSSL this summer.  If you`re learning about what these are, see these links:

http://cr.yp.to/mac.html

https://www.imperialviolet.org/2013/10/07/chacha20.html

We`re excited about this addition to our code.  If you have comments, questions, or need it in our code sooner than this summer, then let us know!  We can be reached at facts@wolfssl.com or by phone at +1 425 245 8247.

As a follow up to the recent Heartbleed bug in OpenSSL, Embedded Computing Design interviewed wolfSSL’s CTO, Todd Ouska for an article titled “Heartbleed: (Not) one in a million”. You can read the article at the following URL:

http://embedded-computing.com/20937-heartbleed-not-one-in-a-million