Join Us in Stockholm for curl-up 2024
Exciting news from cURL! We’re thrilled to announce that in just 2 days, the much-anticipated curl-up 2024 event will kick off in Stockholm, Sweden from May 4th to the 5th. This event is a key gathering for software developers, open-source enthusiasts, and network professionals who use or contribute to cURL.
We’re inviting all cURL contributors, maintainers, and fans to join us. This is a perfect opportunity for you to engage directly with Daniel Stenberg, the founder and maintainer of cURL, as well as network with other speakers and industry experts in software development and open-source technology.
Date: May 4th to the 5th
Location: Best Western, Döbelnsgatan 17, 111 40 Stockholm, Sweden
Stay updated on event details, including the venue and agenda, on our dedicated web page, curl-up 2024.
We are excited to support our top-100 contributors with traveling and lodging expenses. Please consult the funding attendance section on our website to view the regulations and eligibility requirements.
Registration is mandatory. Register now to secure your space! Let’s make curl-up 2024 an unforgettable weekend. We can’t wait to see you there!
For any inquiries regarding the event, please don’t hesitate to contact us at facts@wolfSSL.com or call us at +1 425 245 9247.
Download wolfSSL Now
wolfSSL on Microblaze
MicroBlaze, developed by Xilinx, is a soft processor core optimized for Xilinx FPGAs. It offers flexibility and scalability, making it suitable for a wide range of applications, including embedded systems and IoT devices. Integrating wolfSSL’s AES-GCM with MicroBlaze is possible and has been done running on a soft CPU on MicroBlaze. In the latest wolfSSL release this integration saw some additional enhancements. When used on a MicroBlaze, wolfSSL’s AES-GCM enhances the security capabilities of FPGA-based systems, enabling developers to implement secure communication protocols and data encryption mechanisms. There is also the option of setting up wolfSSL so that it makes use of Xilinx’s xilsecure while running on the Microblaze. Increasing the AES-GCM performance significantly.
For more information about using wolfSSL on a MicroBlaze or if you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
RSA-PSS with CRL’s
Did you know wolfSSL has integration of RSA-PSS signatures with Certificate Revocation List (CRL) support?
RSA-PSS: Enhancing Security Layers
RSA-PSS, or Probabilistic Signature Scheme, represents a modern approach to digital signatures. Unlike traditional RSA signatures, RSA-PSS offers improved security properties, making it more resilient against various cryptographic attacks. By adopting RSA-PSS, wolfSSL users benefit from heightened security, enhancing the integrity of cryptographic operations.
Certificate Revocation List (CRL): Managing Certificate Integrity
In the realm of certificate management, CRL plays a pivotal role. It serves as a mechanism for indicating the revocation status of digital certificates. With CRL, systems can promptly identify and reject compromised or revoked certificates, bolstering the overall security posture. Integrating CRL support into wolfSSL empowers users with efficient certificate management capabilities, ensuring the authenticity and integrity of cryptographic transactions.
Empowering wolfSSL with RSA-PSS and CRL Integration
The fusion of RSA-PSS with CRL support within wolfSSL is a logical step when providing cutting-edge security solutions. Now, wolfSSL users can leverage the combined strength of RSA-PSS signatures and CRL management to fortify their cryptographic environments.
To delve deeper into the RSA-PSS with CRL integration in wolfSSL, visit our GitHub repository (https://github.com/wolfSSL/wolfssl/pull/7119) or reach out to facts@wolfSSL.com for assistance.
Thank you for entrusting wolfSSL as your ally in cybersecurity.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Removal of user RSA
In the last release of wolfSSL there was some house cleaning done on older RSA implementations. The user RSA layer was removed along with the hooks used for tying in IPP. When those were first introduced we had yet to implement SP (single precision) versions of RSA. Fast forward to today, and there is a faster implementation of RSA in wolfSSL itself. In IPP v0.9 it was able to do 990.09 RSA 2048 bit sign operations per second and in wolfSSL 5.7.0 it was able to run 1,015.23 operations per second. Verify operations took around the same time with both libraries now at 35,714 operations per second on average. These measurements were collected on an older Intel(R) Core(TM) i7-4870HQ CPU. Along with a performant implementation of RSA there are now the crypto callbacks if desiring to plug in custom RSA operations. This being the case the –enable-fastrsa, user RSA, and IPP hooks were dropped to lower maintenance and reduce bundle size.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
Live Webinar: Migrating from Mocana to wolfSSL
Join our upcoming webinar, ‘Migrating from Mocana to wolfSSL,’ on May 2nd at 10 am PT hosted by wolfSSL Senior Software Engineer, Eric Blankenhorn. He will unveil the advantages of switching to wolfSSL, offering a superior alternative to Mocana with better support and a smoother workflow.
Watch the webinar here: Migrating from Mocana to wolfSSL
During this session, Eric will provide in-depth insights into what makes wolfSSL different from Mocana and address the gaps you might be experiencing while using Mocana. Discover a smooth transition from Mocana to wolfSSL, along with best practices for ensuring security continuity. Explore the potential benefits of using wolfSSL and learn how to optimize performance during the migration process. Let us introduce you to solutions that work best for your projects!
Watch now, for this informative webinar on migrating from Mocana to wolfSSL and ensure your cybersecurity remains robust and up-to-date!
As always, our webinars will include Q&A sessions throughout. If you have questions on any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
How to unload intermediate certificates with wolfSSL?
Recently, a notable modification was introduced in wolfSSL, a prominent provider of security solutions. Pull request #7245 (https://github.com/wolfSSL/wolfssl/pull/7245) focuses on optimizing memory management by introducing a function to unload intermediate CA certificates and free up memory. Let’s explore the significance of this code change and its potential impact on enhancing efficiency and resource utilization within cryptographic applications.
Specifically, the code change addresses the need to efficiently handle intermediate Certificate Authority (CA) certificates. These certificates, while essential for establishing trust chains in cryptographic operations, can consume valuable memory resources, particularly in resource-constrained environments.
The essence of the code change lies in the introduction of a dedicated function (wolfSSL_CertManagerUnloadIntermediateCerts()) to unload intermediate CA certificates from memory when they are no longer needed. By using this function, developers can optimize resource utilization, thereby enhancing the overall efficiency and stability of cryptographic operations.
Key Benefits: The introduction of the function to unload intermediate CA certificates brings several notable benefits:
- Efficient Memory Management: By providing a mechanism to unload intermediate CA certificates from memory, the code change ensures efficient utilization of resources. This is particularly crucial in environments where memory constraints are a concern, such as embedded systems and IoT devices.
- Prevention of Memory Leaks: Memory leaks can pose significant security and reliability risks in software applications. The new function helps prevent memory leaks by explicitly releasing memory allocated for intermediate CA certificates when they are no longer required, thereby improving the robustness of cryptographic operations.
- Scalability and Performance: Optimal memory management contributes to improved scalability and performance of cryptographic applications. By freeing up memory resources, the code change enables applications to handle larger workloads more efficiently, leading to enhanced responsiveness and overall performance.
By incorporating the function to unload intermediate CA certificates, developers can optimize resource utilization and mitigate potential security risks associated with memory management issues. This not only enhances the reliability and stability of cryptographic applications but also contributes to the overall security resilience of the systems in which they are deployed.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
ML-KEM and ML-DSA at the CAVP
The CAVP (Cryptographic Algorithm Validation Program) now has testing available for ML-KEM (Kyber) and ML-DSA (Dilithium). Initial Draft standards for these algorithms have been released as FIPS-203 and FIPS-204 respectively.
You can find the various .json test cases here:
- https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-keyGen-FIPS204
- https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-sigGen-FIPS204
- https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-sigVer-FIPS204
- https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-keyGen-FIPS203
- https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-encapDecap-FIPS203
Whenever you’re ready, we’ll be able to do CAVP testing of our implementations of these algorithms. Let us know about your interest in this!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now
cURL Up 2024
Exciting news from cURL! We’re thrilled to announce the return of curl-up, scheduled to take place in Stockholm, Sweden from May 4th to the 5th! Our goal is to bring the community together for an unforgettable weekend of collaboration and learning.
We’re inviting all curl contributors, maintainers and fans to join us. Perfect opportunity for you to engage with Daniel Stenberg, the cURL founder, and maintainer of cURL, as well as other speakers and industry experts.
Save the date
- Date: May 4th to the 5th
- Location: Stockholm, Sweden
Stay updated on event details, including venue and agenda, on our dedicated web page, curl-up 2024. We’re open to agenda suggestions. Share your ideas on a curl mailing list or in the discussions section.
We would like to support our top-100 contributors with traveling and lodging expenses. Please read the funding attendance to see the regulation and eligibility requirements.
Registration is mandatory. Register now to secure your space! Let’s make curl-up 2024 an unforgettable weekend. See you there!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 9247.
Download wolfSSL Now
Accelerating AES Encryption with Nvidia CUDA: WolfCrypt Performance Boost
We have tested wolfCrypt using the Nvidia A10, A100, and H100 GPU architectures. Using the AesEncrypt_C function from wolfCrypt, we added the CUDA acceleration wrappers to determine the performance of the algorithm running on a GPU. The implementation simply hijacks the calls to AesEncrypt_C and AesEncryptBlock_C and uses the CUDA wrappers to run the function on the hardware. To gain performance, the hardware simultaneously calculates the blocks within the cipher instead of using a ‘for’ loop to iterate through.
The code is available for review as part of this merged PR. You now also have the option of comparing two benchmark results with our new ‘benchmark_compare.sh’ in the wolfSSL ‘scripts’ folder.
AES-GCM, AES-ECB, AES-XTS, and AES-CTR seem to get a 1.6x, 5x, 2.6x and 3x performance boost respectively on the A-series chips, and 2.6x, 10.8x, 3.5x and 5.3x boost on the H100, respectively. When the data to be encrypted is passed to the hardware, it calculates each block simultaneously as opposed to sequentially in the CPU.
Algorithms like AES-CBC, AES-CFB, AES-OFB, AES-CCM, AES-SIV and AES-CMAC grind to a halt because they can’t be independently parallelized. The output of the next block depends on the previous block.
Going forward, we are planning to optimize for even better cryptographic performance on GPUs. It just makes sense for us to add additional algorithmic support as well as full FIPS 140-3 support for Nvidia GPUs such that government consumers can have maximum assurance when encrypting sensitive video and audio with AES-XTS, for example.
If you need FIPS 140-3 encryption for GPUs it can be as simple as adding an operating environment to our certificate. See our contact details at the end of the post.
See some of the test results compared below:
Visit our download page to download the latest release, or clone it from wolfSSL GitHub. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or call us at +1 425 245 8247.
Share this blog on your favorite social platforms and let’s spark conversations that inspire positive change in AES encryption.
Download wolfSSL Now
wolfSSL Loves Robots!
Did you say robots? At wolfSSL we love robots! We even have one to clean our office in Bozeman, Montana. But even more than that little cleaner, we love securing robots.
If you are in the robotics and automation space, you already know that it’s all about scaling up. Sure a robot can clean an office, but that’s not the end goal. Once you’ve proven your product in one location, it can clean every location your client has. But in order to scale, you need a big customer. What better customer than government agencies?
But you need reliable security. That means confidentiality of all transmissions and proper authentication of all commands. That means authenticating your firmware to prevent tampering by nefarious actors. After all, you’re likely operating in healthcare, law enforcement or government. In all these industries, you’ll need to fulfill your regulatory requirements such as FIPS-140 or DO-178 before you even approach your customers. You specialize in making the robots do what they do so let our experts help you with those regulatory requirements.
Here at wolfSSL, we’ve helped numerous robotics companies with their FIPS-140 efforts with our support for the Robot Operating System (ROS).
But even more importantly than that, we support just about any real-time embedded platform you throw at us and have the best performance to boot! We understand you have millisecond real-time reaction requirements due to safety standards and can’t have processes locked up doing cryptographic operations. Send us a message asking about our asynchronous cryptographic APIs and we’ll set you up with a call with our expert engineers to hash out the details.
If you’re making robots, we need to have a conversation!
If you have questions about any of the above, please reach out to facts@wolfSSL.com or call us at +1 425 245 8247.
Download wolfSSL Now