RECENT BLOG NEWS

We’ve fully added support for SHA-3 to the wolfSSL embedded TLS library. We have also included SHA-3 support to HMAC and HKDF. Our SHA-3 offering includes 224, 256, 384, and 512-bit digests. It is tied into our hashing and signature infrastructure, so it will be available to TLS v1.2 or TLS v1.3 when the IETF adds cipher suites using SHA-3. There are also two build flavors to trade between size and speed, good for large server environments and for small embedded applications. If you are a FIPS user, we shall have SHA-3 available inside of our FIPS boundary later this year.

For more information please email us at facts@wolfssl.com.

At wolfSSL, we are dedicated to 3rd party integration and have been improving our support for Nginx. wolfSSL now has tested patches for Nginx 1.13.8, 1.12.2 and other point releases.

Nginx builds with OpenSSL by default and this makes getting FIPS 140-2 compliance difficult. Compiling Nginx with wolfSSL is simple and we can help you through the validation process for your platform.

No code changes to Nginx are required for FIPS but make sure your configuration is set appropriately. This includes using:

• RSA with keys of 2048-bits or more
• ECC with P-256 or P-384
• Key exchange with (EC) Diffie-Hellman ephemeral over static
• Ciphers AES-128 or AES-256 in GCM over CBC mode
• Digest and MAC with SHA-256 or SHA-384

The recommended cipher suites are:

• ECDHE-ECDSA-AES128-GCM-SHA256
• ECDHE-RSA-AES128-GCM-SHA256
• DHE-RSA-AES128-GCM-SHA256

Nginx has enabled support for TLS 1.3 and this is also available with wolfSSL. Note that the new draft revision of SP 800-52 requires, for government-only applications, the use of TLS v1.2 and should be configured to use TLS v1.3. wolfSSL has been implementing the TLS v1.3 drafts and performed interoperability testing. We are on track to support the final release of the TLS v1.3 specification.

We’ve expanded our STM32F series support in the wolfSSL embedded TLS library to include the STM32F1, STM32F2, STM32F4 and STM32F7. This supports using either the CubeMX HAL or the Standard Peripheral Library. If the chip supports symmetric hardware crypto such as AES (CBC/GCM), 3DES, MD5, SHA1 or SHA256 we support using this from wolfCrypt native API’s or naturally through wolfSSL’s TLS client/server. The performance is about 10 times greater with the symmetric crypto hardware, making it a perfect fit for IoT TLS and performance-constrained devices. If the chip supports hardware based Random Number Generation (RNG) we support that as well.

You can find a list of build-time options for configuring this here:
https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/settings.h#L988

You can find an example STM32Cube project here:
https://github.com/wolfSSL/wolfssl/tree/master/IDE/STM32Cube

For more information please email us at facts@wolfssl.com.

Thanks to feedback from Xidian University we’ve improved the strictness of the X.509 checking in the wolfSSL embedded TLS library. Xidian researchers wrote a tool to take the RFC 5280 specification and parse for “MUST” clauses and generate certificates to test these criteria. They found three places wolfSSL was not strictly enforcing the RFC. Although these were non-critical issues its a great example of why open source security software is so effective.

Details for these improvements can be found on GitHub in pull request (PR) #1353 here:
https://github.com/wolfSSL/wolfssl/pull/1353

These changes are included in the 3/2/18 release v3.14.0, which can be downloaded from the wolfSSL Download Page:

For more information please email us at facts@wolfssl.com.

Some of our users have been wondering if we were doing benchmarks of our SSL/TLS and cryptography performance. Here are the results we have gathered so far: wolfSSL / wolfCrypt Benchmarking.  This page includes several reference benchmarks as well as comparisons of software versus hardware cryptography.

Let us know if we should do a different kind of benchmark at facts@wolfssl.com.

• This implementation provides all TPM 2.0 API’s in compliance with the specification.
• This uses the TPM Interface Specification (TIS) to communicate over SPI.
• The design allows for easy portability to different platforms:
  1. Native C code designed for embedded use.
  2. Single IO callback for hardware SPI interface.
  3. No external dependencies.
  4. Compact code size and minimal memory use.
• Examples for the Raspberry Pi and STM32 with CubeMX.
• Includes demo code for the most commonly used API’s.
• Includes wrappers for Key Generation, RSA encrypt/decrypt, ECC sign/verify and ECDH.
• Testing done using the Infineon OPTIGA SLB9670 module.

To the benefit of our end users and customers, wolfSSL completed yet another year of successful growth in our technology advancement, our business, and our personnel. Our build out of the company is on track and we expect another banner year in 2018! Our advancement is outlined in detail below, but particular attention should be paid to some key improvements:

1. TLS 1.3: As we near finalization of the new standard, wolfSSL plans to release our implementation concurrently with the IETF’s release. TLS 1.3 is a game changer in a variety of applications, from heavy load server side consumers, to the smallest devices on networks with high latency. We see particularly interesting design opportunities in automotive and satellite communications. A world of intellect and experience has been poured into TLS 1.3, and it will be widely adopted quickly.
2. Japan: wolfSSL has always been popular with Japanese IoT users. In anticipation of further growth in Japan, we have added additional development staff to support the user base. We have also appointed Yoko Suga as President, wolfSSL Japan, to work with Takashi Kojo-sama and the team.
3. 24×7 Support: Our users demand the best support, and they get it! In 2017, we rolled out 24×7 support. We are the only TLS and Cryptography provider to make 24×7 support available to the market.
4. FIPS: We have continued to accelerate our support of the FIPS 140-2 standard by adding a number of key operating environments to our existing FIPS certificate. For added security, our users can now even benefit by running FIPS certified cryptography within a secure element like Intel’s SGX.

We are fortunate to be able to provide all of the above, and more, to our users! It is with great zeal that we develop and deliver our products, because we think it is important to the market to have a high quality, independent provider of crypto. Thank you all for your trust.

Team wolfSSL
Securing two billion connections and counting

wolfSSL Technical Progress

A total of six releases of the wolfSSL embedded TLS library were delivered in 2017, each with bug fixes, enhancements, and new feature additions. Highlights of these releases included:

1. New Features
   • TLS 1.3 support (Drafts 18, 20, 21, 22) including support for 0RTT
   • DTLS multicast (–enable-mcast)
   • SHA3 Keccak (–enable-sha3)
   • AES-XTS (–enable-xts)
   • AES-CFB (–enable-aescfb)
   • RSA-PSS signature generation and verification
   • ECC Cofactor DH (ECC-CDH)
   • Intel QuickAssist asynchronous support
   • NXP i.MX6 hardware encryption support (CAAM)
   • Expanded OpenSSL compatibility layer
   • PKCS#7 SignedData ECDSA support
   • TLS Supported Point Formats extension (ec_point_formats)
   • ASN Extended Key Usage Support
   • ECC public key generation from private key
   • PKCS#8 key creation functionality
2. Performance Optimization Changes
   • Intel AVX1/2 performance improvements
   • AES-GCM, SHA-2, ChaCha20/Poly1305
   • Improved performance with Intel RDRAND to use full 64-bit output
   • Speedups for AES-GCM with AES-NI
   • Improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V
   • SHA-3 size and performance optimizations
   • Ed25519 performance optimizations
   • Math updates with added TFM_MIPS speedup
   • Single Precision math option for RSA, DH and ECC (“–enable-sp”)
   • Added Curve25519 51-bit implementation, increasing performance on systems that have 128-bit types
   • Normal math speed-up to not allocate on mp_int and defer until mp_grow
   • Improve fp_copy performance with ALT_ECC_SIZE
   • Increase performance with ECC_CACHE_CURVE option
3. Substantial Code Changes
   • Disabled TLS 1.0 by default
   • Removed RNG ARC4 support
   • OCSP and OCSP Stapling updates and improvements
   • Refactored struct and hash type names to allow for OpenSSL coexistence
   • Async blocking support for wolfSSL sniffer, Async fixes for GCC 7.1
4. Memory Reduction Changes
   • USE_SLOW_SHA256, reduce SHA-256 code size at expense of performance
   • WOLFMEM_IO_SZ, allow adjusting static I/O buffer size
   • Support use of static memory with PKCS7
   • Reduce heap usage with fastmath when not using ALT_ECC_SIZE
5. Examples and Benchmark Apps
   • Static memory support added to the wolfSSL example client
   • wolfCrypt benchmark option added to benchmark individual algorithms
   • wolfCrypt benchmark option added to display benchmarks in powers of 10
   • Added HMAC benchmark and expanded AES key size benchmarks
   • Added block size argument to wolfCrypt benchmark
   • Expanded SSL/TLS and crypto examples available in wolfssl-examples repo
   • Added TLS by cipher suite benchmark utility
6. Build Updates and New Ports
   • Added simple GCC ARM Makefile example
   • Added new Xilinx port for Zynq UltraScale+
   • Added port for using Intel SGX with Linux
   • Added NXP Hexiwear example
   • Added tenAsys INtime RTOS port
   • Added STM32CubeMX support
   • Added Docker container support
   • Updated Visual Studio for ARM builds
   • Updated Visual Studio DLL projects
   • Updated Texas Instruments TI-RTOS build
   • Updated IAR EWARM project files
   • Updated Apple Xcode projects with new benchmark project
   • Updated MySQL with wolfSSL build support
   • Updated Micrium uC/OS-III Port
   • Updated ARMv8 port with SHA224 and AES key wrap
   • Updated MQX Classic and mmCAU ports
   • Updated STM32F4 and STM32F7 AES-GCM support
   • Updated Arduino build script
   • Updated uT-Kernel port (iTron)
7. Testing
   • Expanded API unit tests, including:
     • MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD, HMAC, 3DES, IDEA, ChaCha20, ChaCha20-Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, HC-128, ECC
   • Extended test code coverage for the wolfCrypt test (test.c)
   • Added wolfCrypt hash tests for empty strings and large data
   • Code updates for warnings reported by Coverity Scan
   • Added scripted PSK interoperability testing
   • Added new fuzzers (libfuzzer, tlsfuzzer, OSS-Fuzz, AFL)
   • Added automated FIPS testing (Windows and Linux)
   • Added lots of horsepower and architectures to our test rig
8. Wrappers
   • Expand wolfSSL Python wrapper to now include a client side implementation
   • Expand wolfSSL C# wrapper
9. Open Source Project Ports
   • Support for Nginx web server
   • Support for HAproxy load balancer
   • Updated WPA Supplicant and Host AP support
   • Update stunnel port for version 5.40
10. Config Changes
    • “–enable-all”, enable all features
    • “–enable-wolfssh”, for building wolfSSL for wolfSSH
    • “–disable-oldnames”, allow for using OpenSSL along-side wolfSSL headers
    • “–enable-lowresource”, memory reduced build
    • “–enable-trackmemory”, new memory tracking feature
    • “–enable-intelrand”, indicate use of RDRAND preference for RNG source
11. Additional Product Enhancements
    • wolfMQTT
      • Two new releases with bug fixes and enhancements.
    • wolfSSH
      • Added ECDH Group Exchange with SHA-2 hashing and NIST curves P-256, P-384, and P-521
      • Added ECDSA signing with SHA-2 hashing and NIST curves P-256, P-384, and P-521
      • Added AES128-GCM encryption compatible with OpenSSH
      • Added a Visual Studio solution
      • Added client protocol support
      • Added example client to talk to the example echoserver
      • Miscellaneous bug fixes and enhancements

wolfSSL Top 10 Blog Posts/Technical Announcements

1. Difference between TLS 1.2 and TLS 1.3
2. TLS 1.3 Reducing Latency
3. wolfSSL Asynchronous Intel QuickAssist Support
4. wolfSSL in Intel SGX
5. Overview of Testing in wolfSSL
6. How to use the 0-RTT rope to climb, without hanging yourself!
7. wolfSSL Xilinx Support
8. Using wolfSSL on the Atmel ATECC508A with TLS 1.3
9. wolfCrypt/wolfSSL Benchmarks with iPhone 8/8 Plus/X(A11)
10. Using Alternative I/0 with wolfSSL Lightweight TLS

You’ll undoubtedly notice one the themes for this year was the early adoption of TLS 1.3 because the smaller footprint, less resource use, reduction of latency, and frankly better security. The other two themes that may not be so obvious is our focus on Hardware Based Security Enclaves or Elements to provide secure key storage, and our work on Asynchronous Crypto which passes off asymmetric operations to network acceleration cards like Cavium Nitrox and Intel QuickAssist.

wolfSSL Organizational Growth

• wolfSSL represents one of the largest teams focused on a single implementation of TLS/Crypto worldwide. If you know of anyone who fits the following description, please let us know.
  https://www.wolfssl.com/job-posting-embedded-systems-engineer/
• We expanded our customer base considerably, now we are securing connections for over 1000 products, have partner relationships with over 30 vendors, and are securing well over 2 Billion connections on any given day.
• wolfSSL Japan is official! We recently opened a new office in Tokyo and expanded the team to 4 local engineers.
• We got the word out, we attended over 32 trade-events (see below). You may ask yourself, why is wolfSSL visiting so many venues? The answer we are trying to save the world from using bad implementations of Crypto and TLS.
  • To see a list of upcoming events, check out our upcoming events page.

wolfSSL Events and Tradeshows

The wolfSSL team participated in a total of 32 events in 2017, which was up from 20 in 2016! As part of these events we were in 22 cities, 10 US states, and 6 countries! The events we participated this last year included:

1. CES (Las Vegas, NV)
2. Cybertech Israel (Tel Aviv, Israel)
3. FOSDEM (Brussels, Belgium)
4. RSA (San Francisco, CA)
5. Industry of Things World (San Diego, CA)
6. Mobile World Congress (Barcelona, Spain)
7. IoT Pro Expo/Cloud fair (Tokyo, Japan)
8. Embedded World 2017 (Nuremberg, Germany)
9. Renesas Japan (Tokyo, Japan)
10. IoT DevCon (Santa Clara, CA)
11. ESC – Boston (Boston, MA)
12. LinuxFest (Bellingham, WA)
13. Internet of Things World (Santa Clara, CA)
14. Embedded Systems-IoT M2M Japan-Japan IT week (Osaka, Japan)
15. ICMC (Washington, DC)
16. NXP FTF Connects (San Jose, CA)
17. Sensor Expo West (San Jose, CA)
18. Black Hat 2017 (Las Vegas, NV)
19. Microchip Masters 2017 (Phoenix, AZ)
20. Fort Meade It & Cyber Day (Fort Meade, MD)
21. ST Developers Conference (Santa Clara, CA)
22. Mobile World Congress Americas (San Francisco, CA)
23. IoT Oil and Gas (Houston, TX)
24. RIOT Summit (Berlin, Germany)
25. Sensors Midwest (Rosemont, IL)
26. Defense Innovation Technology (Tampa, FL)
27. ARM TechCon (Santa Clara, CA)
28. ESC Minneapolis (Minneapolis, MN)
29. Embedded Technology 2017 Yokohama (Yokohama, Japan)
30. IoT Tech Expo (Santa Clara, CA)
31. ESC San Jose (San Jose, CA)
32. ARM Tech Symposia (Tokyo, Japan)

To see upcoming events that wolfSSL will be attending, check out our upcoming events page.

In summary, we had a great year! 2017 was successful for us on multiple fronts, and we look forward to serving our customers and community with ever more secure and functional software in 2018! As always, your feedback is welcome at facts@wolfssl.com!

It has been 4 years since the TLS v1.3 specification came out with Draft 1 and it looks like it has been finalized! With the release of Draft 24 the last of the WG comments have been addressed. Now the IESG will review the document and it is expected that it will soon be ratified as an RFC.

wolfSSL has updated its TLS v1.3 code to include support for Draft 22 and 23. Draft 24 is not significantly different and with the highly anticipated release of the RFC, we are looking forward to finalizing the TLS v1.3 code.

The last time we discussed TLS v1.3 the specification was at Draft 21. Since then a number of changes have been made to deal with middlebox incompatibilities.

Middleboxes are devices that sit between the client and the server that typically inspect, filter or act as a proxy. They are a necessary part of the Internet ecosystem. Inspection middleboxes are used to monitor network traffic and to collect statistics. Filters attempt to detect and remove undesirable network traffic that is malformed or malicious. Proxy-servers are used to terminate TLS connections to better manage the network traffic and spread load.

Middleboxes include embedded devices that are updated by changes to the firmware. Therefore updates are seldom made and the TLS v1.3 specification had to be modified to work with the deployed systems.

Mozilla performed a customer test with their browser connecting to a controlled website supporting Draft 18. The results (https://www.ietf.org/mail-archive/web/tls/current/msg25091.html) were that TLS v1.3 Draft 18 failed 2.91% of the time compared to TLS v1.2 failure rate of 1.58%. This was statistically significant. After some compatibility changes the failure rate fell to 1.63%. It was clear the changes were needed.

The changes required include:

• Changing the ServerHello version and record layer version post ServerHello to 0x0303
• Restoring missing fields from the ServerHello message.
• Merging the HelloRetryRequest into the ServerHello message.
• Ignoring ChangeCipherSpec messages in handshake.

It was first assumed that middleboxes would inspect ClientHello messages and pretty much ignore the responses like ServerHello and HelloRetryRequest messages. This didn’t work out in the real world. Therefore some of the ServerHello changes from TLS v1.2 had to be undone. All required changes are now available in wolfSSL.

Further optional compatibility changes are specified. This includes sending a ChangeCipherSpec before any encrypted data, thus the previous requirement to ignore these messages. wolfSSL has the ability to enable these with the use of the define: WOLFSSL_TLS13_MIDDLEBOX_COMPAT.

A more extensive test was performed by Mozilla after Draft 22 was released. The results (https://www.ietf.org/mail-archive/web/tls/current/msg25179.html) were:

• TLS v1.2 failure rate: 4.85% (3.25% US only)
• TLS v1.3 Draft 22: 5.02% (3.45% US only)
• TLS v1.3 Draft 22 Compat: 4.81% (3.24% US Only)

It is clear that the Draft 22 changes are working.

Draft 23 renumbered the KeyShare extension to allow for compatibility with CANON printers that were based on BSAFE and added a separate extension for negotiating certificate signatures.

wolfSSL by default supports Draft 23 but can be configured to support Draft 22 with: –enable-tls13-draft22. Also, for backwards compatibility for early adopters, Draft 18 support can be configured with: –enable-tls13-draft18.

If you have any questions or issues with wolfSSL’s TLS 1.3 implementation, please email us at facts@wolfssl.com, or our support team at support@wolfssl.com.

MySQL (#mysql) currently comes bundled with yaSSL to provide an option for SSL/TLS connections when using a database. A patch for securing MySQL with the wolfSSL embedded SSL/TLS library is available for MySQL version 8.0.0 here https://github.com/wolfSSL/mysql-patch.

Along with an increased level of security comes the potential to use progressive features offered by wolfSSL – such as TLS 1.3 and ChaCha20 / Poly1305 AEAD cipher suites (ex: ECDHE-RSA-CHACHA20-POLY1305). Another great feature is that wolfSSL cryptography is FIPS 140-2 validated! The change from yaSSL to wolfSSL will fit nicely into both Open Source and commercial applications, as it is dual licensed under both GPLv2 and standard commercial license terms.

For more information about the port, or to provide us feedback, contact us at facts@wolfssl.com!