RECENT BLOG NEWS

wolfSSL has a port to devkitPro, giving an option to game developers to secure information with the embedded, lightweight, wolfSSL TLS/SSL library. The low memory footprint size of wolfSSL allows for efficient use of security while leaving plenty of room for the game itself. The low memory size of wolfSSL is something that has been perfected in the IoT realm and those benefits that are seen in IoT transfer nicely into the game development realm. We have updated and verified the port to devkitPPC with the most recent release of wolfSSL.

For more information, or an example of use, contact us at facts@wolfssl.com.

wolfSSL version 3.8.0 has been released and is now available for download. The release has many new feature additions and some minor fixes. One of the new feature additions is that there have been APIs added for single shot hashing, creating a signature, and verifying a signature. This allows users to easily create a hash or signature for single time use by just calling one API. Cutting out the time needed to manage structs for the algorithms used in the process. Another feature added is a C# wrapper to allow using the wolfSSL embedded TLS/SSL library when working with C#.

A couple of the fixes in release 3.8.0 were for IDEA on 16 and 32-bit systems along with a fix for LowResTimer on Microchip ports. No high level security fixes were needed with this release but we always recommend updating to the latest release version.

The full list of changes in this release, taken from the README are listed below:

– Example client/server with VxWorks
– AES-NI use with AES-GCM
– stunnel compatibility enhancements
– Single shot hash and signature/verify API added
– Update Cavium NITROX port
– LPCXpresso IDE support added
– C# wrapper to support wolfSSL use by a C# program
– (BETA version)OCSP stapling added
– Update OpenSSH compatibility
– Improve DTLS handshake when retransmitting finished message
– fix idea_mult() for 16 and 32bit systems
– fix LowResTimer on Microchip ports

For more information about wolfSSL contact us at facts@wolfssl.com.

wolfSSL Inc, embedded SSL/TLS and cryptography provider for the IoT, has partnered with Renesas Electronics, a global leader of semiconductor manufacture. Through the support for their high performance microprocessor series of RX and RZ, wolfSSL delivers secure connections of IoT solution with a lightweight high throughput secure communication library.

Renesas Website
wolfSSL Embedded SSL/TLS Library

PSK cipher suites are a superb choice in low resource environments where both ends of the connection can be controlled. With PSK, each side of the connection has an already agreed upon key to use rather than agreeing on one during the TLS handshake. This reduces resource consumption for each session using PSK.

For example, on one of wolfSSL’s test machines the cipher suite DHE-PSK-AES128-CBC-SHA256 has an average connection time of 3.498 milliseconds with a peak byte usage of 6,335. On the same machine a similar cipher suite DHE-RSA-AES128-SHA256, not using PSK, has an average connection time of 7.146 milliseconds and peak byte usage of 19,431. wolfSSL always recommends using ephemeral keys (DHE or ECDHE) to maintain forward secrecy but in an ultra limited resource environment, memory and speed can be further improved by using a static PSK cipher suite such as PSK-AES128-CBC-SHA.

In addition to RAM reduction, using PSK can reduce the library footprint size as well. One of the smallest wolfSSL builds to date has been the LeanPSK build, which comes in at around 21kB.  For comparison, a typical build on an embedded, optimized compiler will be 60-100kB.

For information regarding the use of PSK cipher suites or general inquiries about wolfSSL’s embedded SSL/TLS library, please contact us at facts@wolfssl.com.

Wikipedia: https://en.wikipedia.org/wiki/TLS-PSK

Version 1.3.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used wolfSSL embedded SSL/TLS library, including support for TLS 1.2 and DTLS 1.2.

Release 1.3.0 has bug fixes and new features including:

– Updated support to wolfSSL 3.7.0
– Added finalizers for WolfSSLContext and WolfSSLSession classes
– Fix for SSLv3 now disabled by default in wolfSSL proper
– SSLv3 now marked as @Deprecated
– PSK (pre-shared key) support for client and server
– Better error checking and exception handling
– New WolfSSLJNIException class
– WolfSSLSession now cached in native WOLFSSL struct for callbacks
– Easier inclusion of junit4 in build.xml

wolfSSL JNI 1.3.0 can be downloaded from the wolfSSL download page and the wolfSSL JNI Manual can be found here.

wolfSSL has a new feature to allow for users to plug in their own crypto for RSA if they so choose. This is a great feature for students looking to test their own RSA operations in a SSL/TLS connection or for those wanting to see if they can speed up operations in the IoT realm and on embedded devices. This option can be used with the build flag “–with-user-crypto”. An example of building a module can be found in the directory “wolfssl_root/wolfcrypt/user-crypto/” and built with the commands:

cd wolfcrypt/user-crypto/
./autogen.sh
./configure
make
sudo make install

This example makes use of Intel’s IPP libraries and needs them installed and existing on the system before being able to build. For any questions on use, or about the wolfSSL embedded SSL/TLS library in general, contact us at facts@wolfssl.com

Intel IPP libraries https://software.intel.com/en-us/intel-ipp .

The wolfMQTT v0.3 release adds a new example for secure firmware update. This example uses the wolfSSL embedded SSL/TLS library to hash/sign the binary image and send it over MQTT. The example has two applications. One is called fwpush, which hashes, signs and publishes the firmware image over TLS to an MQTT broker. The second is called fwclient, which subscribes to the example firmware update topic, receives the firmware image and validates the signature of it. This example is located in examples/firmware.

The latest wolfMQTT releases can be downloaded at: 
https://wolfssl.com/download

Documentation for wolfMQTT can be found here:
https://www.wolfssl.com/docs/wolfmqtt-manual/

The latest source code can be found on our GitHub repo at:
https://github.com/wolfSSL/wolfMQTT

For questions please contact support at support@wolfssl.com.

We’ve added some useful wrappers to the wolfSSL embedded SSL/TLS library for signature generation/verification and hashing. The signature wrappers support ECC and RSA. The hashing wrappers support MD5 and SHA, SHA256, SHA384 and SHA512.

Documentation for these new wrapper functions is in the wolfCrypt API Reference – Signature API and wolfCrypt Init and Cleanup.

New API functions:

#include <wolfssl/wolfcrypt/signature.h>
wc_SignatureGetSize
wc_SignatureVerify
wc_SignatureGenerate.

#include <wolfssl/wolfcrypt/hash.h>
wc_HashGetDigestSize
wc_Hash

An example for these new wrapper functions can be found here https://github.com/wolfSSL/wolfssl-examples/tree/master/signature. There is also an example for the wc_Hash function in wolfcrypt/src/signature.c.

For questions please contact support at support@wolfssl.com.

We are receiving questions on TLS 1.3 with greater frequency during the last 6 months. This note is intended to answer those questions and make clear our positions on TLS 1.3, so here are our thoughts:

1. We intend to have an implementation of TLS 1.3 available when the specification goes final from the IETF. Our big challenge is that since we will be the first to offer TLS 1.3, our interoperability testing will be limited at that time.

2. We will implement some of the individual features of TLS 1.3 as they become consensus and subsequently final from the IETF TLS working group. This will give us and our users a jump on the process of migrating to the new standard.

3. FIPS 140-2: We will be working with our lab to ensure that our TLS 1.3 implementation also supports FIPS.

4. As the leading embedded SSL/TLS, we will continue to maintain our lean and fast like a wolf design philosophy, such that our TLS 1.3 implementation will consume minimal resources.

As always, you are welcome to contact us at facts@wolfssl.com or at +1 425 245 8247 with your comments or questions.

wolfSSL has released version 0.2 of the wolfMQTT client library. This addition to the wolfSSL product portfolio provides a Pub/Sub client for use in M2M and IoT. The wolfMQTT client library is written in C and was built from the ground up to be multi-platform, space conscience and extensible.

Features
– Built from scratch by wolfSSL engineers
– Based on MQTT v3.1.1 specification
– Supports all client side packet types and protocol options
– QoS Levels 0-2 (guarenteed delivery)
– Supports plain TCP or TLS (via the wolfSSL library)
– Single threaded model and single message callback
– Written in Native C89 with portability/compatibility in mind
– Space conscience design (Compiled size is about 3.6KB)
– User manual with build instructions, example overview and API documentation
– Example MQTT client implementations
– Network interface is abstracted via callbacks for extensibility
– Packet parsing encoding/decoding structured for custom use
– Minimal external dependencies (strlen, memcpy, memset)
– Detailed error checking/handling
– Doxygen style inline documentation
– Less than 1200 lines of well structured C code
– Tested on multiple variants of MQTT broker servers, QoS levels 0-2 with/without TLS.
– Tested on Linux, Mac OS X and Freescale Kinetis K64.
– Inherits wolfSSL library features such as lightweight TLS using ChaCha20/Poly1305 AEAD, small size and portability.
– Open source (GPLv2)

wolfMQTT Product Page
wolfMQTT User Manual
Download wolfMQTT

For questions or additional information please contact wolfSSL at facts@wolfssl.com.