Category: Uncategorized

Recently, wolfSSL released version 3.15.5. This new release contains many new feature additions and updates, including the addition of several new ports. One of these ports is for replacing OpenSSL with wolfSSL in the Asio and Boost.Asio C++ libraries!

Asio is a cross-platform C++ library for network and low-level I/O programming that provides developers with a consistent asynchronous model using a modern C++ approach. It is used in a multitude of different projects and is included as part of the core C++ Boost libraries as Boost.Asio.

As of right now, our changes to the Asio repository are still in the process of being merged upstream. However, If you are interested in using Asio with wolfSSL in your project don’t hesitate to contact us at facts@wolfssl.com and we will send you the required source code. Then, follow the instruction in the rest of this blog post to learn how to build Asio with wolfSSL.

After cloning or downloading the latest version of wolfSSL from GitHub, execute the following commands from the wolfSSL root directory.

$ ./autogen.sh
$ ./configure --enable-asio
$ make
$ sudo make install

After cloning or downloading the latest version of Asio from GitHub, execute the following commands from the Asio root directory. Asio can be downloaded from GitHub here: https://github.com/chriskohlhoff/asio

$ ./autogen.sh
$ ./configure --with-wolfssl=/path/to/wolfSSL/installation        #(i.e. /usr/local)
$ make
$ sudo make install

To run Asio’s unit tests and ensure everything has been built correctly with wolfSSL, you can run the following command:

$ make check

The wolfSSL compatible Asio version relies on the preprocessor statement “ASIO_USE_WOLFSSL” to function correctly. You may need to define this when compiling your application or you can insert “#include <wolfssl/options.h>” before any SSL related Asio header files are declared.

For more information on building and installing Asio, view the Asio documentation.

Until wolfSSL support for Asio has been merged into the stable releases of Boost, you will have to manually replace Boost.Asio in the current Boost release with the wolfSSL compatible version. To do this, follow the instructions below.

In the root directory of the wolfSSL compatible Asio download, execute the following command to convert the standalone Asio version into the Boost.Asio version.

$ ./boostify.pl

You will now need to copy the asio directory located in asio/boostified/libs/asio/include/boost and replace the asio directory in your Boost download. The asio directory in Boost can be found in boost_1_67_0/boost

You can now build and install Boost to your system by running the following command from the Boost root directory.

$ ./bootstrap.sh
$ ./b2
$ sudo ./b2 install

The preprocessor statement that Boost.Asio relies on is “BOOST_ASIO_USE_WOLFSSL”.

That's it! You should now be able to run your own applications that use Asio or Boost.Asio with wolfSSL!

For more information or help with getting Asio and wolfSSL into your project, please contact us at facts@wolfssl.com.

Recently, wolfSSL released version 3.15.5. This new release of wolfSSL features many new updates, one of which is expanded support for PKCS#7 Cryptographic Message Syntax (CMS). This contains support for using PKCS#7 with Key-Encryption Key Recipient Info (KEKRI), Password Recipient Info (PWRI), and Other Recipient Info (ORI) types.

PKCS#7 is used to sign, encrypt, or decrypt messages under Public Key Infrastructure (PKI). It is also used for certificate dissemination, but is most commonly used for single sign-on.

This expanded PKCS#7 support improves how implementations using wolfSSL handle receiving various RecipientInfo types that were not supported, and also allows wolfSSL to more accurately determine the information and details about each recipient.

Additionally, wolfSSL also provides support for TLS 1.3, which includes many new features such as handshake speedups, removal of insecure algorithms, and improved encryption requirements.

For more information, feel free to contact support@wolfssl.com.

Resources
wolfSSL 3.15.5 release notes: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
PKCS Wikipedia article: https://en.wikipedia.org/wiki/PKCS
TLS 1.3: https://www.wolfssl.com/docs/tls13/

wolfSSL now has added support for:

• Intel QuickAssist driver v1.7 (qat1.7.l.4.3.0-00033)
• Intel QuickAssist 8970 hardware
• QuickAssist accelerated RSA Key Gen
• QuickAssist accelerated SHA 3

The new 8970 hardware has 12 additional cryptographic hardware instances. The previous 8950 cards had 6 instances and the new ones have 18. The 8970 card also adds a PCIe (Gen 3) 16x option for increased performance.

For example, using the Intel QuickAssist 8970 (PCIe 16x) hardware on an i7-2600 CPU @ 3.40GHz with 8 threads running, we achieved the following asymmetric benchmarks:

• RSA   2048 public 289,559 ops/sec
• RSA   2048 private 41,929 ops/sec
• DH    2048 key gen 65,534 ops/sec
• DH    2048 agree 89,587 ops/sec
• ECDHE  256 agree 55,745 ops/sec
• ECDSA  256 sign 59,674 ops/sec
• ECDSA  256 verify 32,804 ops/sec

More wolfSSL benchmark data can be found on the wolfSSL benchmarks page, here: https://www.wolfssl.com/docs/benchmarks/
Intel QuickAssist: https://www.intel.com/content/www/us/en/architecture-and-technology/intel-quick-assist-technology-overview.html

If you are interested in evaluating the wolfSSL Asynchronous support for Intel QuickAssist or Cavium Nitrox, please email us at facts@wolfssl.com.

Are you a user of Micrium?  If so, you will be happy to know that wolfSSL recently updated support and added TLS client and server examples to the wolfSSL embedded SSL/TLS library for Micrium!

We have also run a benchmark of our wolfCrypt/wolfSSL libraries on an NXP Kinetis K70 (Freescale TWR-K70F120M MCU) tower system board with a project built using the IAR Embedded Workbench IDE - ARM 8.32.1 (IAR ELF Linker V8.32.1.169/W32 for ARM). The details can be viewed on the wolfSSL benchmarks page.

For instructions on how to build and integrate the examples on your projects or to see the benchmark results, please see the README located in “IDE/ECLIPSE/MICRIUM”.  This support is currently located in our GitHub master branch, and will roll into the next stable release of wolfSSL as well. For any questions or help getting wolfSSL up and running on your environment, please contact us at support@wolfssl.com.  wolfSSL also now supports the most current version of TLS, TLS 1.3!  Learn more here: https://www.wolfssl.com/docs/tls13/ !

wolfSSL v3.15.5 was released last week which features many new additions to the library. One of those new additions is the reduction of the stack usage while using the “smallstack” build option.

The goal of wolfSSL’s “smallstack” build is to use at most 1kB of stack.  All other memory used is placed on the heap.

Currently, wolfSSL passes the option "--enable-smallstack" to the configure script. The small stack option can also be enabled by defining the following option: WOLFSSL_SMALL_STACK

Please contact support@wolfssl.com with any questions about building the wolfSSL embedded SSL/TLS library for your platform, or customizing the memory usage of wolfSSL.

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
2. How do I manage the build configuration of wolfSSL?
3. How much Flash/RAM does wolfSSL use?
4. How do I extract a public key from a X.509 certificate?
5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at support@wolfssl.com.

wolfSSL v3.15.5 was recently released and features many new additions to the library. One of those options is support for Lighttpd. Lighttpd is an open-source web server that is optimized for speed-critical environments while remaining standards-compliant, portable, and flexible.

The addition of support for Lighttpd is the perfect match for web servers looking to remain lightweight, fast, and portable while providing top-rate security. The wolfSSL embedded SSL/TLS library provides support for TLS 1.3, is available in a FIPS-validated version, and its size ranges from 20-100kB.

To build wolfSSL for use with Lighttpd, simply run the configure script with the option "--enable-lighty".

The most recent version of the wolfSSL library can be downloaded from our download page here: https://www.wolfssl.com/download/
More information about the new release of wolfSSL and its added features can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/

Please contact us at support@wolfssl.com for assistance or questions in compiling wolfSSL for use with Lighttpd!

wolfSSL v3.15.5 was released last week, which features many new additions to the library. One of those options is support for PCKS#11. The PKCS#11 standard defines an API to cryptographic tokens. The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.

Using wolfSSL on your application or your device will now allow you to utilize PKCS#11 for access to hardware security modules, smart cards, and other cryptographic tokens.

To build wolfSSL with PKCS#11 support, the library needs to be downloaded and then built with a specific option. The library can be downloaded from the wolfSSL download page, here: https://www.wolfssl.com/download/. The steps to build wolfSSL with PKCS#11 are detailed below:

# From within wolfSSL's root directory
./autogen.sh
./configure --enable-pkcs11
make
sudo make install

wolfSSL also has its PKCS#11 documentation located within its doxygen pages, here: https://www.wolfssl.com/doxygen/group__PKCS11.html. This PKCS#11 documentation provides information on the recently added PKCS#11 API.

More information about the new release of wolfSSL v3.15.5 can be found here: https://www.wolfssl.com/wolfssl-3-15-5-now-available/
wolfSSL v3.15.5 download: https://www.wolfssl.com/download/
Wikipedia article on PKCS#11: https://en.wikipedia.org/wiki/PKCS_11