RECENT BLOG NEWS
wolfSSL Embedded SSL on ColdFire 547X/548X with Hardware Encryption Acceleration
Hi! The CyaSSL Embedded SSL engine, wolfCrypt cryptography library, and the wolfSSL Embedded Web Server now support Freescale`s ColdFire hardware encryption. Our initial benchmarks show that AES and 3DES cryptography operations are up to 10 times faster when done with ColdFire`s hardware acceleration. If you would like to use one of our products with ColdFire, and leverage ColdFire`s hardware cryptography, then contact us at facts@wolfssl.com.
SSL/TLS Programming Tutorial
Are you just learning about SSL/TLS, or interested in learning how to layer it into an existing application? If so, we include an SSL tutorial in Chapter 11 of our wolfSSL Manual which provides a good introduction to integrating wolfSSL into a typical TCP socket-based application.
Our SSL/TLS Tutorial uses base examples found in the popular “Unix Network Programming” book by Richard Stevens, Bill Fenner, and Andrew Rudoff. It then walks the programmer through the integration of wolfSSL step by step, eventually giving them a working application with secure communication through SSL.
The tutorial can be found at the following URL:
wolfSSL SSL/TLS Tutorial
Please contact us at facts@wolfssl.com with any questions or comments regarding the tutorial or the wolfSSL lightweight SSL/TLS library.
Serpent Cipher in wolfSSL Embedded SSL
Hi! One of the alternative ciphers we`ve considered implementing in wolfSSL is the Serpent Cipher. Not only does it have a cool sounding alliterative name, but it is theoretically more secure than Rijndael/AES. In fact, it was a finalist for AES. An overview of the Serpent Cipher can be found here: http://en.wikipedia.org/wiki/Serpent_(cipher).
If you think it is productive for us to add Serpent to wolfSSL, then just let us know at facts@wolfssl.com.
In unrelated news, We Are The Champions http://www.youtube.com/watch?v=04854XqcfCY of National Cyber Security Awareness Month. See: https://staysafeonline.org/ncsam/ncsam-champions/, for the complete list of champions, and how to get involved.
wolfSSL does _not_ implement Dual_EC_DRBG
Hi! It is rare for a cryptography algorithm to make the pages of the popular press, but Dual_EC_DRBG has done just that! The best article we`ve seen to date is Kim Zetter`s lucid article in Wired: https://www.wired.com/2013/09/nsa-backdoor/.
For the record, we have never implemented the Dual_EC_DRBG algorithm, nor gone so far as to set it as a default. See: http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
We`re moths to the flame when it comes to alternative and new crypto, as witnessed by our implementations of NTRU, SHA-3, HC-128, and Rabbit. We like trying new things and then benchmarking them in our test rigs, but on Dual_EC_DRBG, we passed.
All that said, we deliver our products in open source, and you and everyone else are welcome to inspect them. Our position on our cryptography implementation follows:
1. We can trace all of our code to a very limited set of developers in our company. We are open source, but unlike some projects, we tightly control and inspect the code that goes into our mainline.
2. Our code is vetted out not only by wolfSSL staff, but by a diverse and wide array of people in open source, cryptography, and commercial security companies.
The above is not true for the OpenSSL project. As Matthew Green says, OpenSSL is “a patchwork nightmare originally developed by a programmer who thought it would be a fun way to learn Bignum division.* Part of it is because crypto is unbelievably complicated. Either way, there are very few people who really understand the whole codebase.” See: http://blog.cryptographyengineering.com/2013/09/on-nsa.html. Our thoughts on comparing CyaSSL to OpenSSL are here: https://www.wolfssl.com/how-does-wolfssl-compare-to-openssl/, and here: https://www.wolfssl.com/openssl-in-devices-gets-cracked-when-trying-to-enhance-randomness-2/
Finally, a comment from Bruce Schneier on staying Secure:
“Closed-source software is easier for the NSA to backdoor than open-source software. “
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
We are open source, and we believe in open source. Open source is the best way to develop, deliver, and support cryptography. Ipso Facto. Over and out from team wolfSSL.
Implementation and Performance of AES-NI in wolfSSL Lightweight SSL
Do you have a processor and compiler which support Intel’s AES-NI? If so, you can take advantage of the increase in performance provided by AES-NI in CyaSSL and wolfCrypt.
wolfSSL has worked with Intel to publish a white paper describing how Intel’s AES-NI can be used with the CyaSSL embedded SSL library. This paper provides a brief overview of the Intel AES-NI instructions and demonstrates the performance gains realized when Intel AES-NI is used in place of a more traditional software-only based AES implementation. The CyaSSL embedded SSL library is used as a test bed in the white paper to perform the comparison as it can be built with either traditional software-based AES or hardware-based AES-NI support at compile time. As a secondary goal to demonstrating Intel AES-NI performance, this paper explains how to determine if a pre-built SSL library (static or shared) offers built-in support for the Intel Advanced Encryption Standard New Instructions.
The white paper can be downloaded directly from the wolfSSL website at the following location. If you have any questions about using CyaSSL on Intel hardware, please contact us at facts@wolfssl.com.
CyaSSL AES-NI White Paper: wolfSSL White Papers (http://yassl.com/yaSSL/cyassl-embedded-ssl-white-papers.html)
wolfSSL STM32 Hardware Crypto and RNG Support
Did you know that the CyaSSL lightweight SSL library has support for hardware-based cryptography and random number generation offered by the STM32 processor? Supported cryptographic algorithms include AES (CBC, CTR), DES (ECB, CBC), 3DES, MD5, and SHA1. For details regarding the STM32 crypto and hash processors, please see the STM32F2xx Standard Peripheral Library document (linked below).
Devices using the STM32 with CyaSSL can see substantial speed improvements when using hardware crypto versus using CyaSSL’s software crypto implementation. The following benchmarks were gathered from the CTaoCrypt benchmark application (ctaocrypt/benchmark/benchmark.c) running on the STM3221G-EVAL board (STM32F2) using the STM32F2 Standard Peripheral Library and FreeRTOS.
CyaSSL Software Crypto, Normal Big Integer Math Library
AES 1024 kB took 0.822 seconds, 1.22 MB/s
ARC4 1024 KB took 0.219 seconds, 4.57 MB/s
DES 1024 KB took 1.513 seconds, 0.66 MB/s
3DES 1024 KB took 3.986 seconds, 0.25 MB/s
MD5 1024 KB took 0.119 seconds, 8.40 MB/s
SHA 1024 KB took 0.279 seconds, 3.58 MB/s
SHA-256 1024 KB took 0.690 seconds, 1.45 MB/s
RSA 2048 encryption took 111.17 milliseconds, avg over 100 iterations
RSA 2048 decryption took 1204.77 milliseconds, avg over 100 iterations
DH 2048 key generation 467.90 milliseconds, avg over 100 iterations
DH 2048 key agreement 538.94 milliseconds, avg over 100 iterations
STM32F2 Hardware Crypto, Normal Big Integer Math Library
AES 1024 kB took 0.105 seconds, 9.52 MB/s
ARC4 1024 KB took 0.219 seconds, 4.57 MB/s
DES 1024 KB took 0.125 seconds, 8.00 MB/s
3DES 1024 KB took 0.141 seconds, 7.09 MB/s
MD5 1024 KB took 0.045 seconds, 22.22 MB/s
SHA 1024 KB took 0.047 seconds, 21.28 MB/s
SHA-256 1024 KB took 0.690 seconds, 1.45 MB/s
RSA 2048 encryption took 111.09 milliseconds, avg over 100 iterations
RSA 2048 decryption took 1204.88 milliseconds, avg over 100 iterations
DH 2048 key generation 467.56 milliseconds, avg over 100 iterations
DH 2048 key agreement 542.11 milliseconds, avg over 100 iterations
To enable STM32 hardware crypto and RNG support, define STM32F2_CRYPTO and STM32F2_RNG when building CyaSSL. For a more complete list of defines which may be required, please see the CYASSL_STM32F2 define in
If you would like to use CyaSSL with STM32 hardware-based cryptography or RNG, or have any questions, please contact us at facts@wolfssl.com for more information. The latest stable release of CyaSSL is available for download under the GPLv2 direct from the wolfSSL website.
CyaSSL embedded SSL library: http://wolfssl.com/yaSSL/Products-cyassl.html
STM32: http://www.st.com/internet/mcu/class/1734.jsp
STM32F2 Standard Peripheral Library documentation: http://www.st.com/internet/com/TECHNICAL_RESOURCES/TECHNICAL_LITERATURE/USER_MANUAL/DM00023896.pdf
CyaSSL Release 2.8.0 Now Available
The bi-monthly release of CyaSSL, 2.8.0, is now ready to download from our website. New features include:
– AES-GCM and AES-CCM use AES-NI
– NetX default IO callback handlers
– IPv6 fixes for DTLS Hello Cookies
– The ability to unload Certs/Keys after the handshake, CyaSSL_UnloadCertsKeys()
– SEP certificate extensions
– Callback getters for easier resource freeing
– External CYASSL_MAX_ERROR_SZ for correct error buffer sizing
– MacEncrypt and DecryptVerify Callbacks for User Atomic Record Layer Processing
– Public Key Callbacks for ECC and RSA
– Client now sends blank cert upon request if doesn’t have one with TLS <= 1.2
Please see the README and our on-line documentation for more information or feel free to contact us.
Recent Security Compromise in Android Apps using Java Cryptography Architecture (JCA)
Earlier this month, Google announced that a security compromise had been found which affects applications that improperly initialize, or fail to initialize completely, the PRNG (pseudorandom number generator) before using it for key generation, signing, or random number generation.
On the Android Developers Blog, Alex Klyubin, Android Security Engineer, stated that “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG. Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected”, but also noted that “Applications that establish TLS/SSL connections using the HttpClient and java.net classes are not affected as those classes do seed the OpenSSL PRNG with values from /dev/urandom.”
The Android Developers Blog link provides Android developers with a workaround, suggesting that the PRNG be initialized with entropy from /dev/urandom or /dev/random.
For our wolfSSL and wolfCrypt users on Android, applications should not be affected as wolfSSL and wolfCrypt seed their PRNG from /dev/urandom or /dev/random by default. When using crypto directly through wolfCrypt, this happens when the application calls InitRng(). When using SSL/TLS through wolfSSL, the PRNG is automatically seeded.
For users who want to write their own seed generation code, wolfSSL and wolfCrypt allow programmers to define NO_DEV_RANDOM and write their own GenerateSeed() function in
“Some SecureRandom Thoughts”, Android Developers Blog: http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
CyaSSL and SEP 2.0
Hi! If you are interested in IoT and specifically security of IoT, then you’ll probably like this article on SEP 2.0. SEP stands for Smart Energy Profile. This note is just to let our users know that we’re following the evolution of the standard as it relates to SSL/TLS, and have provided our CyaSSL embedded TLS solution to a number of progressive companies that are building out the smart grid. If you have questions about how CyaSSL fits into the smart grid and SEP 2.0, then contact us at facts@wolfssl.com.
If you need background information, there is an excellent article at EE Times that you can review here: https://www.eetimes.com/document.asp?doc_id=1280846
Using CyaSSL with Cavium NITROX Security Processors
CyaSSL now supports the Cavium NITROX processors, thus enabling CyaSSL users to take advantage of the incredible performance boosts provided by the NITROX family. Cavium’s NITROX processors combine cryptographic acceleration with the latest security algorithms.
The NITROX PX family can deliver performance ranging from 500 Mbps to 2.5 Gbps for full SSL protocol offload, and anywhere from 4K to 17K RSA operations per second using 1024bit exponent RSA. The NITROX III family can additionally boost SSL offload performance to anywhere from 5 Gbps to 40 Gbps, and can provide 35K to 200K RSA operations per second using 1024bit exponent RSA.
Are you interested in using CyaSSL with a Cavium NITROX processor? If so, let us know at facts@wolfssl.com.
NITROX Security Processors: https://www.cavium.com/processor_security.html
Weekly updates
Archives
- December 2024 (18)
- November 2024 (29)
- October 2024 (18)
- September 2024 (21)
- August 2024 (24)
- July 2024 (27)
- June 2024 (22)
- May 2024 (28)
- April 2024 (29)
- March 2024 (21)
- February 2024 (18)
- January 2024 (21)
- December 2023 (20)
- November 2023 (20)
- October 2023 (23)
- September 2023 (17)
- August 2023 (25)
- July 2023 (39)
- June 2023 (13)
- May 2023 (11)
- April 2023 (6)
- March 2023 (23)
- February 2023 (7)
- January 2023 (7)
- December 2022 (15)
- November 2022 (11)
- October 2022 (8)
- September 2022 (7)
- August 2022 (12)
- July 2022 (7)
- June 2022 (14)
- May 2022 (10)
- April 2022 (11)
- March 2022 (12)
- February 2022 (22)
- January 2022 (12)
- December 2021 (13)
- November 2021 (27)
- October 2021 (11)
- September 2021 (14)
- August 2021 (10)
- July 2021 (16)
- June 2021 (13)
- May 2021 (9)
- April 2021 (13)
- March 2021 (24)
- February 2021 (22)
- January 2021 (18)
- December 2020 (19)
- November 2020 (11)
- October 2020 (3)
- September 2020 (20)
- August 2020 (11)
- July 2020 (7)
- June 2020 (14)
- May 2020 (13)
- April 2020 (14)
- March 2020 (4)
- February 2020 (21)
- January 2020 (18)
- December 2019 (7)
- November 2019 (16)
- October 2019 (14)
- September 2019 (18)
- August 2019 (16)
- July 2019 (8)
- June 2019 (9)
- May 2019 (28)
- April 2019 (27)
- March 2019 (15)
- February 2019 (10)
- January 2019 (16)
- December 2018 (24)
- November 2018 (9)
- October 2018 (15)
- September 2018 (15)
- August 2018 (5)
- July 2018 (15)
- June 2018 (29)
- May 2018 (12)
- April 2018 (6)
- March 2018 (18)
- February 2018 (6)
- January 2018 (11)
- December 2017 (5)
- November 2017 (12)
- October 2017 (5)
- September 2017 (7)
- August 2017 (6)
- July 2017 (11)
- June 2017 (7)
- May 2017 (9)
- April 2017 (5)
- March 2017 (6)
- January 2017 (8)
- December 2016 (2)
- November 2016 (1)
- October 2016 (15)
- September 2016 (6)
- August 2016 (5)
- July 2016 (4)
- June 2016 (9)
- May 2016 (4)
- April 2016 (4)
- March 2016 (4)
- February 2016 (9)
- January 2016 (6)
- December 2015 (4)
- November 2015 (6)
- October 2015 (5)
- September 2015 (5)
- August 2015 (8)
- July 2015 (7)
- June 2015 (9)
- May 2015 (1)
- April 2015 (4)
- March 2015 (12)
- January 2015 (4)
- December 2014 (6)
- November 2014 (3)
- October 2014 (1)
- September 2014 (11)
- August 2014 (5)
- July 2014 (9)
- June 2014 (10)
- May 2014 (5)
- April 2014 (9)
- February 2014 (3)
- January 2014 (5)
- December 2013 (7)
- November 2013 (4)
- October 2013 (7)
- September 2013 (3)
- August 2013 (9)
- July 2013 (7)
- June 2013 (4)
- May 2013 (7)
- April 2013 (4)
- March 2013 (2)
- February 2013 (3)
- January 2013 (8)
- December 2012 (12)
- November 2012 (5)
- October 2012 (7)
- September 2012 (3)
- August 2012 (6)
- July 2012 (4)
- June 2012 (3)
- May 2012 (4)
- April 2012 (6)
- March 2012 (2)
- February 2012 (5)
- January 2012 (7)
- December 2011 (5)
- November 2011 (7)
- October 2011 (5)
- September 2011 (6)
- August 2011 (5)
- July 2011 (2)
- June 2011 (7)
- May 2011 (11)
- April 2011 (4)
- March 2011 (12)
- February 2011 (7)
- January 2011 (11)
- December 2010 (17)
- November 2010 (12)
- October 2010 (11)
- September 2010 (9)
- August 2010 (20)
- July 2010 (12)
- June 2010 (7)
- May 2010 (1)
- January 2010 (2)
- November 2009 (2)
- October 2009 (1)
- September 2009 (1)
- May 2009 (1)
- February 2009 (1)
- January 2009 (1)
- December 2008 (1)