RECENT BLOG NEWS

Since version 3.6.6, wolfSSL has had continually improving support for stunnel, a lightweight TLS proxy, designed to add SSL/TLS encryption to unsecured applications without changes to the program`s source code. Licensed under GNU GPLv2 and with an alternative commercial option, stunnel can be utilized to secure a host of different applications, including: mail exchange (SMTP, IMAP, POP3), web hosting (HTTP), remote shell, and virtually any other unprotected protocol desired.

Porting stunnel to use wolfSSL`s embedded SSL/TLS library means taking advantage of wolfSSL`s minimal footprint and high speed crypto implementation to increase performance and decrease required resources when compared to the previous SSL library. Not only that, but using wolfSSL with stunnel combines these benefits with the peace of mind that your application is secured by a progressive, transparent and stable SSL/TLS library, known for its quality, integrity and efficiency.

To build wolfSSL for use with stunnel, simply configure wolfSSL with:

$ ./configure --enable-stunnel

from wolfSSL`s main directory, then make and make install.

For a version of stunnel that links to the wolfSSL library, or for more information, contact us at facts@wolfssl.com.

Many technology vendors implement OpenSSH with OpenSSL in their embedded system or appliance prior to starting a FIPS 140-2 validation. During the FIPS testing process, the vendor discovers that the FIPS Laboratory must verify the OpenSSH implementation:

1. Uses FIPS Approved cryptographic algorithms (with CAVP certificates)
2. Includes self-tests for the FIPS Approved algorithms
3. Prevents use of non-approved algorithms
4. Enters an error state upon self-test failure

This strategy of implementing OpenSSH with OpenSSL creates additional challenges for the vendor in an already complex and time-consuming FIPS testing process.

wolfSSL Inc.’s wolfCrypt FIPS Module for OpenSSH provides a fast path to a FIPS 140-2 validation by meeting all of the FIPS requirements. Only FIPS Approved algorithms are available to OpenSSH. The self-tests are optimized. And the wolfSSL team will perform the CAVP algorithm testing (including SSH KDF and FIPS 186-4 KeyGen) for you on your target platform.

Streamline and simplify your OpenSSH implementation by using the wolfCrypt FIPS Module for OpenSSH. Please contact fips@wolfSSL.com to receive expert guidance on your FIPS 140-2 project.

Version 3.6.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also includes bug fixes and new features including:

– Two High level security fixes, all users SHOULD update.

a) If using wolfSSL for DTLS on the server side of a publicly accessible machine you MUST update.
b) If using wolfSSL for TLS on the server side with private RSA keys allowing ephemeral key exchange without low memory optimizations you MUST update and regenerate the private RSA keys.

Please see our recent vulnerability blog post for more details

– No filesystem build fixes for various configurations
– Certificate generation now supports several extensions including KeyUsage, SKID, AKID, and Certificate Policies
– CRLs can be loaded from buffers as well as files now
– SHA-512 Certificate Signing generation
– Fixes for sniffer reassembly processing

For more information about using and compiling wolfSSL, please visit the wolfSSL Documentation page or wolfSSL Manual. If you have questions about the wolfSSL embedded SSL/TLS library, or about using it in your project, please Contact Us.

Download wolfSSL 3.6.8: https://www.wolfssl.com/

Attack on RSA CRT:

A recent paper written by Florian Weimer of the Red Hat Product Security group shows a fault attack on RSA. Many cryptographic libraries that perform RSA operations use an optimization called CRT (Chinese Remainder Theorem). The attack is based off of creating a fault during the CRT process, for example; by causing the system to overheat, using a race condition, or simply a faulty CPU. With the introduction of this attack the function wc_RsaSSL_VerifyInline is now used to verify no fault has happened, this verify function is now automatically used on all TLS connections that were previously affected.

Only a small subset of wolfSSL embedded SSL/TLS builds were affected by the attack on RSA CRT. Those using wolfSSL for TLS connections on the server side with private RSA keys, allowing the use of ephemeral key exchange and without using the low memory setting are affected. An example of this is a wolfSSL TLS server side that uses the suite ECDHE-RSA-AES256-SHA256 having ephemeral key exchange and loading in a private RSA to create the connection, the client side of this connection is not affected. We recommend updating to the most recent wolfSSL release 3.6.8 and renewing all RSA private keys if you meet the affected criteria. If using wolfSSL on the client side this attack is not an issue.

CVE-2015-7744 has been assigned to this vulnerability.

DoS on DTLS:

Recently a researcher (thanks to Sebastian Ramacher from the Institute for Applied Information Processing and Communications at Graz University of Technology) notified wolfSSL of the potential to amplify a DTLS denial of service attack. The original cookie generation callback used a hash of the current socket peer’s IP address and port number. Now the cookie is based on the client’s hello message per the RFC (client IP address, client port number, version, random, cipher suites, compression) and HMACed with an application provided secret.

Only those using DTLS on the server side of a publicly accessible machine are affected. We recommend affected servers to update to release 3.6.8 which now generates an unpredictable cookie using HMAC.

CVE-2015-6925 has been assigned to this vulnerability.

For any questions contact us at facts@wolfssl.com
Link to paper written about the RSA-CRT attack https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf

FIPS 140-2 revalidation testing requires the implemented algorithms to successfully complete the cryptographic algorithm validation process on the target operating environment (algorithm certificates for tested operating environments are here: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program).

The cryptographic module must also successfully complete operational testing on the operating environment with a FIPS testing laboratory.

The wolfCrypt FIPS 140-2 certificate #2425 will soon include all of the following tested environments:
• Windows 7
• FreeRTOS
• iOS
• Android
• Linux

If you do not see your operating environment of choice, the wolfSSL team can add yours to our list. We accelerate FIPS projects by providing validated cryptography and testing services to our customers.

wolfCrypt has received two certificates since – #2425, #3389

Please contact fips@wolfSSL.com to receive expert guidance on your FIPS 140-2 project.

Lighttpd (pronounced lighty) is a web server that has a small footprint size in comparison to other web servers. Setting up Lighttpd allows for handling HTTP requests and with the addition of TLS/SSL also handling HTTPS requests. The benefit of having a small footprint size is that it takes up less memory for total installation and for each connection made. This allows it to be more scalable and also use less resources.

Combining the small footprint size of wolfSSL with Lighttpd makes for an extremely light weight web server. Perfect for use on IoT devices with constrained amounts of memory and on large servers looking for scalability. With the use of wolfSSL, users can get the progressiveness and solid security that the embedded TLS/SSL library offers on their web servers. To build wolfSSL for use with Lighttpd simply run the configure option “./configure –enable-lighty” from wolfSSL`s main directory, then make and make install.

For a version of Lighttpd that links to the wolfSSL library, or for more information, contact us at facts@wolfssl.com.

Strong cryptographic algorithms and secure protocol implementations are a vital foundation to securing the Internet of today and tomorrow. Securing over a billion active connections on the Internet today, wolfSSL knows this very well. A recent announcement by the National Security Agency conveyed their plans to transition from recommending the Suite B set of algorithms to a quantum resistant solution.

Suite B is currently specified by NIST and used by NSA’s Information Assurance Directorate in solutions approved for protecting classified and unclassified National Security Systems (NSS).

During the transition phase, the NSA is recommending that the following algorithms and key sizes be used to protect up to TOP SECRET:

Advanced Encryption Standard (AES) with 256-bit keys
Elliptic Curve Diffie-Hellman (ECDH) Key Exhange, with Curve P-384
Elliptic Curve Digital Signature Algorithm (ECDSA), with Curve P-384
Secure Hash Algorithm (SHA-384)
Diffie-Hellman Key Exchange (DH), with a minimum of 3072-bit modulus
RSA, with a minimum of 3072-bit modulus

The wolfSSL embedded SSL/TLS library supports all of the above cryptographic algorithms, curves, and key sizes. In addition to these algorithms, wolfSSL supports the NTRU public key algorithm which is quantum resistant. As of version 3.6.6, wolfSSL includes support for “Quantum-safe hybrid” ciphersuites through the partnership with Security Innovation.

NSA Article: https://www.nsa.gov/what-we-do/cybersecurity/
Ars Technica Article: http://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/
Wikipedia, Post-Quantum Cryptography: https://en.wikipedia.org/wiki/Post-quantum_cryptography

Version 3.6.6 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.6 of wolfSSL has bug fixes and new features including:

– OpenSSH, stunnel, and lighttpd Compatibility

OpenSSH compatibility with “–enable-openssh”
stunnel compatibility with “–enable-stunnel”
lighttpd web server compatibility with “–enable-lighttpd”

– SSL 3.0 is now disabled by default

We have previously announced our plans to deprecate and remove support for SSL 3.0 in the wolfSSL library, encouraged to do so by the POODLE attack. With this release, we have disabled SSL 3.0 support by default. Users who still want to use SSL 3.0 can enable it by using the “–enable-sslv3” ./configure option.

– Ephemeral key cipher suites only are now supported by default

To enable static ECDH cipher suites define WOLFSSL_STATIC_DH
To enable static RSA cipher suites define WOLFSSL_STATIC_RSA
To enable static PSK cipher suites define WOLFSSL_STATIC_PSK

– Added QSH (Quantum-Safe Handshake) Extension

wolfSSL, in partnership with Security Innovation, has added support for the proposed “Quantum-safe hybrid” ciphersuite. Having this cipher suite supported in the wolfSSL embedded TLS library allows two parties to use any existing ciphersuite and “quantum-safe” any traffic protected by that ciphersuite. This means that an attacker who records the traffic and later develops a quantum computer cannot go back and crack the session.

Support for QSH extension can be enabled by using the “–enable-ntru” ./configure option.

– SRP is now part of wolfCrypt

SRP is a password authentication and key-exchange protocol suitable for authenticating users and exchanging keys over an untrusted network designed by Thomas Wu at the Computer Science Department of Stanford University.

Support for SRP in wolfCrypt can be enabled with the “–enable-srp” ./configure option.

– Certificate handshake message fragmentation support

Certificate handshake messages can now be sent fragmented if the record size is smaller than the total message size, no user action required.

– DTLS duplicate message fixes

– Visual Studio project files now support DLL and static builds for 32/64bit

For information on compiling wolfSSL with Visual Studio, reference Chapter 2 of the wolfSSL Manual, or the “Using wolfSSL with Visual Studio” webpage.

– Support for new Freesacle I/O

Freescale KSDK and Kinetis Design Studio users can now compile wolfSSL for the new KSDK version of MQX by defining FREESCALE_KSDK_MQX in settings.h or by adding it to the list of preprocessor defines.

– FreeRTOS FIPS support

This release includes FIPS support for FreeRTOS platforms.

This release contains no high level security fixes that requires an update though we always recommend updating to the latest version of wolfSSL.

For more information about using and compiling wolfSSL, please visit the wolfSSL Documentation page or wolfSSL Manual. If you have questions about the wolfSSL embedded SSL/TLS library, or about using it in your project, please Contact Us.

Download wolfSSL 3.6.6: https://www.wolfssl.com/

The Cryptographic Module Validation Program (CMVP) has issued FIPS 140-2 Certificate #2425 (most up-to-date certificate: #3389) for the wolfCrypt Module developed by wolfSSL Inc. The CMVP was established by the National Institute of Standards and Technology (NIST) to validate FIPS 140-2 cryptographic modules and oversee the independent laboratories performing the cryptographic module testing.

FIPS 140-2 requires the use of validated cryptography in the security systems implemented by federal agencies to protect sensitive information.

The wolfCrypt Module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency. The wolfCrypt Module was initially tested on Linux, iOS, and Android platforms. FreeRTOS and Windows platforms (including Windows Kernel) will soon be included on the FIPS 140-2 certificate.

“The wolfCrypt Module successfully completed the rigorous FIPS 140-2 Level 1 validation process. This process includes verification of proper documentation, configuration management review, algorithm testing, source code review, operational testing, and coordination with the CMVP,” said Marc Ireland, FIPS Program Manager at InfoGard Laboratories.

“wolfSSL customers are using our software FIPS cryptographic module in small embedded devices, network appliances, and large server systems,” said Larry Stefonic, Founder and CEO of wolfSSL Inc. “We are committed to adding new platforms and performing custom FIPS validations to offload the certification testing burden from our customers.”

Important differentiators in the wolfCrypt Module include the implementation of a Default Entry Point and DRBG Health Testing.

wolfCrypt implements a Default Entry Point to meet FIPS 140-2 Implementation Guidance 9.10. Many other software FIPS modules require the calling application to initiate the power-on self-tests. Those previously validated modules do not meet current guidance from the CMVP and unnecessary risk is being forced on the users of those modules.

In May 2015, the CMVP provided strict guidance to all of the Testing Laboratories that Health Testing is required for FIPS Approved DRBGs. During the wolfCrypt FIPS validation process, InfoGard Laboratories verified through source code review and operational testing that the DRBG Health Testing (described in SP800-90A Section 11.3) was implemented to the requirements.

Please contact wolfSSL Inc. (fips@wolfssl.com) to accelerate your FIPS 140-2 project.

If you are working on integrating wolfSSL into an application that already has existing logging functionality, but still want access wolfSSL`s built-in debug messaging, you can register a custom logging callback with wolfSSL to output wolfSSL`s detailed debug messaging.

To enable this functionality, add the configure option “–enable-debug” to wolfSSL. Then, in your application simply:
• Include
• Call wolfSSL_Debugging_ON();
• Call wolfSSL_SetLoggingCb(&custom_logging_cb);

The custom logging function provided to wolfSSL_SetLoggingCb should be of type:

void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

Adding this logging support will enable wolfSSL debug messaging with general information (including which function is currently executing), notes about function execution and code path, as well as additional information on any errors occurring during execution. It`s a great tool to help track down any bugs you run into when integrating wolfSSL. For more information please see the debugging section in the wolfSSL embedded SSL/TLS manual: http://www.wolfssl.com/docs/wolfssl-manual/ch8/