RECENT BLOG NEWS

FIPS 140-2 requirements for CAVP testing have been deprecated in favor of the cutting edge ACVP test requirements! wolfSSL is currently working on (to our knowledge) the first ever embedded validation that will use the new ACVP test requirements!

References
https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing
https://github.com/usnistgov/ACVP

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Now, with the Azure Sphere OS 20.07 release, Microsoft has licensed and exposed a subset of wolfSSL, the first commercial implementation of TLS 1.3, for use on Azure Sphere devices. This strategic pairing allows software developers to create client TLS connections directly using the Azure Sphere SDK. Software developers no longer need to package their own TLS library for this purpose. Utilizing the best-tested, high-performance wolfSSL TLS support in Azure Sphere can save device memory space and programming effort, freeing developers to build new, cutting-edge IoT solutions.

Microsoft Azure Sphere and wolfSSL have been long-time partners, striving for the very best in security. The Azure Sphere OS has long used wolfSSL for TLS connections to Microsoft Azure services. Azure Sphere also uses wolfSSL’s versatile technology to enable secure interactions from developer apps to customer-owned services.

Partnerships with embedded security leaders like wolfSSL play an important role in Azure Sphere’s mission to empower every organization to connect, create, and deploy highly secured IoT devices. The unique Azure Sphere approach to security is based on years of vulnerability research, the findings of which Microsoft published in the seminal paper “Seven Properties of Highly Secure Devices.” These seven properties are the minimum requirement for any connected device to be considered highly secured. Azure Sphere implements all seven properties, providing a robust foundation for IoT devices. This level of consideration is not lost on an engineering team like wolfSSL’s, known for producing the best-tested crypto on the market and consistently supporting the latest developments in TLS protocol, like TLS 1.3.

Azure Sphere can be used with any customer cloud service, not just Microsoft’s own Azure. By providing a highly secured ecosystem, Microsoft and wolfSSL make security features more accessible and easier to use and can extend unmatched security to new frontiers in IoT where security has historically been sparse.

For information on how to use these wolfSSL APIs on Azure Sphere, please reference the Azure Sphere documentation on wolfSSL. We will be publishing a sample to go along with this, available at a later date. Check back here—we will update this post with the link to the sample once it is available.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

We are exited to announce wolfSSL‘s support for the Renesas RX72N Envision Kit with TSIP v1.09. The RX72N MCU is the flagship model of RX series, using a 32-bit RX72N 240 MHz microcontroller. The board just entered the market this spring and wolfSSL can now support secure connections on it via TLS!

If you have an interest in using wolfSSL with this MCU or the RX72N Envision Kit, we encourage you to give it a try with one of our sample applications.

wolfSSL provides TLS source code, sample programs, and project files that make your evaluation quick and easy. Our wolfCrypt benchmark sample application shows the performance of cryptography operations accelerated by the H/W accelerator (TSIP) and allows for an easy comparison to software cryptography performance.

Sample Applications Provided

1. Cryptography test
2. Cryptography benchmark
3. TLS Client
4. TLS Sever
5. Linux server application which can communicate with #3

Board and Environment Support

Board: Renesas RX72N Envision Kit (R5F572NNHxFB)
IDE: Renesas e2Studio v7.8.0
Compiler: CCRX Tool Chain V.3.02.00
TSIP: V.1.09

Benchmarks

Here are the benchmark results gathered during testing, comparing algorithm performance with and without TSIP.

Resources

wolfSSL package including this RX72N Envision Kit support, is available from the wolfssl repository on GitHub:

https://github.com/wolfSSL/wolfssl/archive/master.zip

Unzip the package then refer to “wolfssl-master/IDE/Renesas/e2studio/RX72NEnvisionKit/README” for more details.

The README describes how to build and execute the sample programs.

Support

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

wolfSSL is implementing MIKEY-SAKKE!

MIKEY-SAKKE is a standard created by the UK government’s National Cyber Security Center (NCSC). MIKEY-SAKKE is a standard designed to enable secure, cross-platform multimedia communications. It is highly scalable, requiring no prior setup between users or distribution of user certificates. It is designed to be centrally-managed, giving a domain manager full control of the security of the system. But even so, it maintains high-availability, as calling does not require interaction with centralized architecture.

wolfSSL is a lightweight TLS/SSL library that is targeted for embedded devices and systems. It has support for the TLS 1.3 protocol, which is a secure protocol for transporting data between devices and across the Internet. In addition, wolfSSL uses the wolfCrypt encryption library to handle its data encryption.

Secure communications are needed across all governments. As a result governments create policies encouraging the development of security solutions. MIKEY-SAKKE is the answer to the security requirements from the UK government to specify secure, open and patent free cryptographic methods in order to empower private industry to provide UK government interoperable secure communication solutions. As a result many private and commercial organizations perceive a sizable advantage being MIKEY-SAKKE compliant.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Are you a user of Deos? If so, you will be happy to know that wolfSSL supports the Deos Safety Critical RTOS for FAA Certifiable Avionics Applications and has added TLS client/server examples to the wolfSSL embedded SSL/TLS library for Deos!

Deos is an embedded RTOS used for safety-critical avionics applications on commercial and military aircraft. Certified to DO-178C DAL A, the time and space partitioned RTOS features deterministic real-time response and employs patented “slack scheduling” to deliver higher CPU utilization. DO-178C DAL A refers to a specification that is required for software to be used in aerospace software systems.

The Deos port in wolfSSL is activated by using the “WOLFSSL_DEOS” macro. For instructions on how to build and run the examples on your projects, please see the “/IDE/ECLIPSE/DEOS/README” file.

wolfSSL provides support for the latest and greatest version of the TLS protocol, TLS 1.3! Using the wolfSSL port with your device running Deos will allow your device to connect to the Internet in one of the most secure ways possible.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Resources:

• The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
• wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
• wolfSSL support for TLS 1.3: https://www.wolfssl.com/docs/tls13/
• Deos RTOS homepage: https://www.ddci.com/category/deos/

Two weeks ago, Apple announced a transition from Intel-based Macs to their very own ‘world-class custom silicon’ chip. This marks a new era for Apple, as they further establish a common architecture throughout their product ecosystem, making it easy for developers to write, update and optimize applications.

Underlying this recent development is Apple’s Universal App Quick Start Program that includes the ‘limited use of a Developer Transition Kit (DTK), a Mac development system based on Apple’s A12Z Bionic System on a Chip (SoC)’ among other services like forums support, beta version of macOS Big Sur and Xcode 12.

So why is this important? 

wolfSSL is a direct partner with ARM, the architecture A12Z Bionic is based upon, and we fully support all the crypto extensions that are built into the new chip. We aim to have the first FIPS certificate for A12Z and will be pushing out benchmarks on the A12Z soon, so stay tuned!

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Additional Resources:
The most recent version of wolfSSL can be downloaded from our download page, here: https://www.wolfssl.com/download/
wolfSSL GitHub repository: https://github.com/wolfssl/wolfssl.git
Check out the latest addition of the wolfSSL ARM mbed-os Port of the wolfSSL embedded SSL/TLS library!

wolfSSL is looking to hire a C# programmer to work on our TLS interface and wolfCrypt interface for C#.

If interest wolfSSL product and company details can be found online at www.wolfssl.com.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

All of the wolfSSL team prides themselves on offering the Best Tested SSL/TLS library on the market. wolfSSL is able to do so by conducting regular, diligent, and well-planned testing to maintain a robust and secure library. wolfSSL knows that it is impossible to test every single possible path through the software, but opts to practice an approach that is focused on lowering risk of failure. wolfSSL implements an extensive internal testing plan that not only uses automated testing but makes sure to test well-known use cases. A key process in wolfSSLs’ internal testing plan is Fuzz Testing.

What is Fuzz Testing?

Fuzz testing, also known as fuzzing, is an automated software testing technique that is conducted to reveal coding errors and security loopholes in softwares, networks, or operating systems. A fuzz test is a technique that is widely used to discover defects which otherwise would not be identified by merely using traditional functional testing methods. Fuzzing is a Black Box testing technique that bombards a library with invalid, unexpected, or random data (known as fuzz to the system) in an attempt to expose inputs that cause the system to crash, fail in unexpected ways, or leak memory. This allows wolfSSL to catch bugs that could turn into potential vulnerabilities before they are able to make it into a release!

Fuzzing at wolfSSL

wolfSSL firmly believes that if a TLS and cryptography provider does not do fuzz testing, they are extremely exposed. wolfSSL runs 7 fuzz testers internally, every night to insure the most secure library on the market. wolfSSL tests using several different software fuzzers, including an in-memory fuzzer, a network fuzzer, OSS-fuzz, libfuzzer, tlsfuzzer, and AFL.

As a testament to wolfSSLs’ commitment to security, highly respected external testers are utilized when possible, for example: Guido Vranken in Holland and Robert Horr of T-Systems in Germany (check out this post by Guido Vranken on Fuzzing for wolfSSL).

As stated in the wolfSSL 2019 Annual Report, wolfSSL is the best – tested cryptography on market, due to consistent implementation of additional fuzz testing resources from both internal and external sources.

For further details regarding the internal wolfSSL process of testing to ensure code quality and security, please reference this blog page.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

If there is a desire for wolfSSL to include other SSL/TLS or crypto implementations in wolfSSL interop testing, please let the wolfSSL team know! Likewise, if users would like to include wolfSSL in their own test framework, wolfSSL would be happy to discuss!

As a Cybersecurity company we have to make sure all of our products are state of the art. In accordance, wolfSSL is conducting Stages of Involvement (SOI) audit on our wolfCrypt product.

Last year wolfSSL added support for complete RTCA DO-178C level A certification. wolfSSL offers DO-178 wolfCrypt as a commercial off -the-shelf (COTS) solution for connected avionics applications. The primary goal of this was to provide the proper cryptographic underpinnings for secure boot and secure firmware update in commercial and military avionics. Avionics developers now have a flexible, compact, economical, high-performance COTS solution for quickly delivering FIPS 140-2 validated crypto algorithms can be used in DO-178 mode for combined FIPS 140-2/DO-178 consumption.

Any aviation system development requires Stages of Involvement (SOI) audits to review the overall software project and ensure that it complies with the objectives of DO-178. Originally, DO-178 based development did not require SOI’s, however a problem arose because of divergence between different development organizations and what the certification authorities wanted. As a result, SOI’s have become an informal de facto standard applied to most projects.

To assess compliance, there are four Stages of Involvement. The four stages are:

1. Planning Review
2. Design review
3. Validation and Verification review
4. Final Review

We have fully completed SOI #1 through #4.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Are you interested in having the best tested cryptography ported to libest? wolfSSL has many ports to various devices and projects. We are constantly working on and expanding our collection of ports and will soon be working on porting wolfSSL/wolfCrypt into libest.

The libest project is a library that implements RFC 7030 (Enrollment over Secure Transport). EST is used to provision certificates from a CA or RA. EST is a replacement for SCEP, providing several security enhancements and support for ECC certificates. Libest is written in C and currently is set up to use OpenSSL 1.0.1.  This port will allow libest to use wolfSSL in place of OpenSSL.

If you are interested in using wolfSSL with libest, or are looking to use wolfSSL with a different open source project, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.