RECENT BLOG NEWS
wolfSSL Inc Partners with Freescale to Deliver Advanced, High Performance IoT Security Solutions, Complete with Embedded SSL and Hardware Based Encryption
“wolfSSL enables Freescale`s hardware encryption for embedded tls, embedded cryptography, and the IoT”
wolfSSL Inc, the most popular embedded SSL, cryptography, and FIPS 140-2 provider for the IoT, has partnered with Freescale to deliver high performance, hardware enabled cryptography for Freescale`s MQX RTOS on the Kinetis platform. The hardware cryptography is enabled through wolfSSL`s well integrated and deeply tested support for the Kinetis platform`s MMCAU, which supports AES, SHA, and 3DES.
Larry Stefonic, wolfSSL Inc CEO noted that “Our support for the latest hardware cryptography from Freescale affords IoT developers a world of security and performance advantages. By combining forces with Freescale to leverage the Kinetis based crypto, we support the IoT community by providing smaller footprint, dramatically increased performance, and faster time to market. Securing a new IoT device can be daunting, but our joint effort with Freescale makes it much easier.”
More details and benchmarks for wolfSSL running on Kinetis can be found here:
https://www.wolfssl.com/docs/nxp/
About wolfSSL:
Founded in 2004, wolfSSL Inc provides high-end security, while also having a small enough footprint to be perfect for the IoT.
Reference: http://www.prweb.com/releases/2015/06/prweb12795767.htm
Expert Interview: Is the future of wearables now?
Larry Stefonic, our CEO, was recently interviewed by TechnologyAdvice on the future of wearables: an important space for embedded SSL/TLS and cryptography.
With the advent of the Internet of Things we are increasingly using connected devices throughout our day. Unsecured, these devices leave us vulnerable in ways not even imaginable 20 years ago. Larry talks about wolfSSL’s role in meeting customer demand for securing these varied devices from diverse and dedicated attackers.
With medical devices in particular becoming connected, he positions us as having exciting challenges securing new attack surfaces that have never before existed. As doctors and medical companies push the boundaries of what devices can be built, we work on ensuring that those devices and their patients are secure. Read more below.
wolfSSL 3.6.0 Released
The new release of the wolfSSL embedded SSL library has bug fixes and new features including:
– Max Strength build that only allows TLSv1.2, AEAD ciphers, and PFS (Perfect
Forward Secrecy). With –enable-maxstrength.
– Server side session ticket support, the example server and echoserver use the
example callback myTicketEncCb(), see wolfSSL_CTX_set_TicketEncCb().
– FIPS version submitted for iOS.
– TI Crypto Hardware Acceleration.
– DTLS fragmentation fixes.
– ECC key check validation with wc_ecc_check_key().
– 32bit code options to reduce memory for Curve25519 and Ed25519.
– wolfSSL JNI build switch with –enable-jni.
– PicoTCP support improvements.
– DH min ephemeral key size enforcement with wolfSSL_CTX_SetMinDhKey_Sz().
– KEEP_PEER_CERT and AltNames can now be used together.
– ChaCha20 big endian fix, big endian users should update.
– SHA-512 signature algorithm support for key exchange and verify messages.
– ECC make key crash fix on RNG failure, ECC users must update.
– Improvements to usage of time code.
– Improvements to VS solution files.
– GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
– No high level security fixes that requires an update though we always
recommend updating to the latest (except note 14, ecc RNG failure)
See INSTALL file for build instructions.
More info can be found on-line at http://wolfssl.com/yaSSL/Docs.html
Level of Security provided in ChaCha20-Poly1305 AEAD
Have you heard about the recent ChaCha20-Poly1305 AEAD and are wondering about how secure it is? It`s comprised of two ciphers, ChaCha20 and Poly1305, that are designed to be constant time, making it naturally resistant to timing attacks. The AEAD is being used by many notable companies that also trust it for their security – such as Google Chrome and Apple’s HomeKit. ChaCha20-Poly1305 has gone through security analysis and is considered secure.
To view a formal security analysis done on Adam Langley`s IETF protocol using ChaCha20-Poly1305 see https://eprint.iacr.org/2014/613.pdf
For added analysis done on Salsa (what ChaCha is based from) see section 5 from http://cr.yp.to/snuffle/salsafamily-20071225.pdf
For any questions about wolfSSL please contact us at facts@wolfssl.com.
wolfSSL Unaffected by Recent OpenSSL Security Fixes
OpenSSL released a security advisory on June 11th 2015: https://www.openssl.org/news/secadv_20150611.txt. Some wolfSSL embedded TLS users are probably wondering if similar security fixes are needed in wolfSSL. The answer to that is no. Specifically, CVE-2015-1788 – 1792 and CVE-2014-8176 are OpenSSL implementation bugs. Since wolfSSL and CyaSSL embedded SSL libraries have a completely different code base from OpenSSL we do not share these defects. The other advisory is about Logjam and export grade crypto, wolfSSL is not vulnerable to that either. Please see this blog post for more details: http://wolfssl.com/wolfSSL/Blog/Entries/2015/5/20_wolfSSL_and_CyaSSL_are_Not_Vulnerable_to_the_Recent_Logjam_Attack.html
Please contact wolfSSL by email at info@wolfssl.com, or call us at 425 245 8247 if you have any security related questions.
FIPS 186-4 KeyGen
To support our customers pursuing FIPS 140-2 validations or Common Criteria evaluations, wolfSSL is adding FIPS 186-4 KeyGen to our next FIPS 140-2 validation.
We are scheduled to complete CAVP algorithm testing in June and testing with our FIPS Laboratory in July.
Please contact wolfSSL at fips@wolfssl.com if you need a tested implementation of FIPS 186-4 KeyGen.
wolfSSL JNI 1.2.0 Released
Version 1.2.0 of wolfSSL JNI is now available for download. wolfSSL JNI provides Java applications with a convenient Java API to the widely-used wolfSSL embedded SSL/TLS library, including support for TLS 1.2 and DTLS 1.2.
This release contains bug fixes and features including:
– Updated support for wolfSSL 3.4.6 and CyaSSL to wolfSSL name change
– Benchmark functionality in example client
– Updated example certificates
– Better detection of Java home on Mac and Linux
wolfSSL JNI 1.2.0 can be downloaded from the wolfSSL download page and the wolfSSL JNI Manual can be found here.
SP 800-90A Health Testing Mandatory for FIPS 140-2 Cryptographic Modules
Effective immediately, FIPS Testing Laboratories must verify that cryptographic modules implement the health testing described in SP 800-90A (Section 11.3).
The wolfCrypt FIPS 140-2 Cryptographic Module (currently in “Coordination” at the CMVP) implements the health testing for the SP 800-90A Hash_DRBG.
Cryptographic modules that do not include health testing will be placed on “HOLD” by the CMVP. The status on the NIST Modules in Process list will return to “IUT” (Implementation Under Test) until the health testing is implemented and retesting is completed.
See the recent blog post from InfoGard Laboratories for additional details: http://fips140.blogspot.com/2015/05/urgent-cmvp-guidance-effective.html
Please contact wolfSSL by email at fips@wolfssl.com, or call us at 425 245 8247 if you have any FIPS 140-2 questions.
wolfSSL and CyaSSL are Not Vulnerable to the Recent Logjam Attack
The Logjam Attack exploits legacy SSL cipher suites from the 1990s that use DH and DHE export keys. By definition a server in export mode has to use a low bit strength DH key (512 bits or less), which can now be cracked swiftly. Even if a client supports export cipher suites but doesn’t broadcast support for them a man in the middle attacker can force the server to use the low grade key. Fortunately for wolfSSL embedded SSL users we do not support export cipher suites. No versions of wolfSSL or CyaSSL are vulnerable to the Logjam attack. Our next version will allow build-time or run-time setting of minimum ephemeral key strengths for embedded TLS.
For more information check out https://weakdh.org.
wolfSSL Increases Crypto Performance
“wolfSSL uses Intel`s extended instructions to accelerate crypto algorithms for IoT.
wolfSSL, an open source SSL/TLS security company has optimized the wolfSSL Transport Layer Security (TLS) library on 5th generation Intel® Core™ processors. With the inclusion of Intel’s extended instructions developers can use the wolfSSL libraries for applications on many devices, including embedded technologies. The resulting improvements mean end users will see enhanced speed and security with reduced power consumption across a wide range of devices including Internet of Things.
While cryptography arithmetic is often larger than many systems can support, even for 64-bit systems, by using Intel`s AVX1/2 SIMD instructions, developers can make use of the new optimizations to whittle down the compute needed, thereby reducing complexity and increasing performance. wolfSSL benchmarks show the wolfSSL secure hash algorithms are now significantly faster. The Advanced Vector Extensions perform multiple word operations with a single instruction (in parallel) to provide this boost in speed. wolfSSL also integrated Intel® Secure Key Technology (https://software.intel.com/en-us/blogs/2012/05/14/what-is-intelr-secure-key-technology ) to provide a high-quality, high-performance entropy source and random number generator.
Larry Stefonic, CEO of wolfSSL, adds “Handcrafting the world`s best crypto is our nature, so it is great to leverage Intel`s fantastic engineering support for the primitives to enhance our product. Our wolfSSL customers will enjoy better performance as a result of these software optimizations on 5th generation Intel Core processors.”
More detail on the performance can be found on the wolfSSL blog (https://www.wolfssl.com/intels-extended-instructions-accelerates-hash-algorithms/) while developers can download the latest release of wolfSSL on their website https://www.wolfssl.com/download/.
About wolfSSL:
Founded in 2004, wolfSSL is a dual licensed, open source and commercial company. wolfSSL provides high-end security, while also having a small enough footprint to be perfect for embedded systems.
For more information, please visit https://www.wolfSSL.com.”
Reference: http://www.prweb.com/releases/2015/04/prweb12660791.htm
Weekly updates
Archives
- December 2024 (19)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)