To the benefit of our end users and customers, wolfSSL completed yet another year of successful growth in our technology advancement, our business, and our personnel. Our build out of the company is on track and we expect another banner year in 2018! Our advancement is outlined in detail below, but particular attention should be paid to some key improvements:
- TLS 1.3: As we near finalization of the new standard, wolfSSL plans to release our implementation concurrently with the IETF’s release. TLS 1.3 is a game changer in a variety of applications, from heavy load server side consumers, to the smallest devices on networks with high latency. We see particularly interesting design opportunities in automotive and satellite communications. A world of intellect and experience has been poured into TLS 1.3, and it will be widely adopted quickly.
- Japan: wolfSSL has always been popular with Japanese IoT users. In anticipation of further growth in Japan, we have added additional development staff to support the user base. We have also appointed Yoko Suga as President, wolfSSL Japan, to work with Takashi Kojo-sama and the team.
- 24×7 Support: Our users demand the best support, and they get it! In 2017, we rolled out 24×7 support. We are the only TLS and Cryptography provider to make 24×7 support available to the market.
- FIPS: We have continued to accelerate our support of the FIPS 140-2 standard by adding a number of key operating environments to our existing FIPS certificate. For added security, our users can now even benefit by running FIPS certified cryptography within a secure element like Intel’s SGX.
We are fortunate to be able to provide all of the above, and more, to our users! It is with great zeal that we develop and deliver our products, because we think it is important to the market to have a high quality, independent provider of crypto. Thank you all for your trust.
Team wolfSSL
Securing two billion connections and counting
wolfSSL Technical Progress
A total of six releases of the wolfSSL embedded TLS library were delivered in 2017, each with bug fixes, enhancements, and new feature additions. Highlights of these releases included:
- New Features
- TLS 1.3 support (Drafts 18, 20, 21, 22) including support for 0RTT
- DTLS multicast (–enable-mcast)
- SHA3 Keccak (–enable-sha3)
- AES-XTS (–enable-xts)
- AES-CFB (–enable-aescfb)
- RSA-PSS signature generation and verification
- ECC Cofactor DH (ECC-CDH)
- Intel QuickAssist asynchronous support
- NXP i.MX6 hardware encryption support (CAAM)
- Expanded OpenSSL compatibility layer
- PKCS#7 SignedData ECDSA support
- TLS Supported Point Formats extension (ec_point_formats)
- ASN Extended Key Usage Support
- ECC public key generation from private key
- PKCS#8 key creation functionality
- Performance Optimization Changes
- Intel AVX1/2 performance improvements
- AES-GCM, SHA-2, ChaCha20/Poly1305
- Improved performance with Intel RDRAND to use full 64-bit output
- Speedups for AES-GCM with AES-NI
- Improvements to asynchronous modes for Intel QuickAssist and Cavium Nitrox V
- SHA-3 size and performance optimizations
- Ed25519 performance optimizations
- Math updates with added TFM_MIPS speedup
- Single Precision math option for RSA, DH and ECC (“–enable-sp”)
- Added Curve25519 51-bit implementation, increasing performance on systems that have 128-bit types
- Normal math speed-up to not allocate on mp_int and defer until mp_grow
- Improve fp_copy performance with ALT_ECC_SIZE
- Increase performance with ECC_CACHE_CURVE option
- Substantial Code Changes
- Disabled TLS 1.0 by default
- Removed RNG ARC4 support
- OCSP and OCSP Stapling updates and improvements
- Refactored struct and hash type names to allow for OpenSSL coexistence
- Async blocking support for wolfSSL sniffer, Async fixes for GCC 7.1
- Memory Reduction Changes
- USE_SLOW_SHA256, reduce SHA-256 code size at expense of performance
- WOLFMEM_IO_SZ, allow adjusting static I/O buffer size
- Support use of static memory with PKCS7
- Reduce heap usage with fastmath when not using ALT_ECC_SIZE
- Examples and Benchmark Apps
- Static memory support added to the wolfSSL example client
- wolfCrypt benchmark option added to benchmark individual algorithms
- wolfCrypt benchmark option added to display benchmarks in powers of 10
- Added HMAC benchmark and expanded AES key size benchmarks
- Added block size argument to wolfCrypt benchmark
- Expanded SSL/TLS and crypto examples available in wolfssl-examples repo
- Added TLS by cipher suite benchmark utility
- Build Updates and New Ports
- Added simple GCC ARM Makefile example
- Added new Xilinx port for Zynq UltraScale+
- Added port for using Intel SGX with Linux
- Added NXP Hexiwear example
- Added tenAsys INtime RTOS port
- Added STM32CubeMX support
- Added Docker container support
- Updated Visual Studio for ARM builds
- Updated Visual Studio DLL projects
- Updated Texas Instruments TI-RTOS build
- Updated IAR EWARM project files
- Updated Apple Xcode projects with new benchmark project
- Updated MySQL with wolfSSL build support
- Updated Micrium uC/OS-III Port
- Updated ARMv8 port with SHA224 and AES key wrap
- Updated MQX Classic and mmCAU ports
- Updated STM32F4 and STM32F7 AES-GCM support
- Updated Arduino build script
- Updated uT-Kernel port (iTron)
- Testing
- Expanded API unit tests, including:
- MD5, SHA, SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD, HMAC, 3DES, IDEA, ChaCha20, ChaCha20-Poly1305 AEAD, Camellia, Rabbit, ARC4, AES, RSA, HC-128, ECC
- Extended test code coverage for the wolfCrypt test (test.c)
- Added wolfCrypt hash tests for empty strings and large data
- Code updates for warnings reported by Coverity Scan
- Added scripted PSK interoperability testing
- Added new fuzzers (libfuzzer, tlsfuzzer, OSS-Fuzz, AFL)
- Added automated FIPS testing (Windows and Linux)
- Added lots of horsepower and architectures to our test rig
- Expanded API unit tests, including:
- Wrappers
- Expand wolfSSL Python wrapper to now include a client side implementation
- Expand wolfSSL C# wrapper
- Open Source Project Ports
- Support for Nginx web server
- Support for HAproxy load balancer
- Updated WPA Supplicant and Host AP support
- Update stunnel port for version 5.40
- Config Changes
- “–enable-all”, enable all features
- “–enable-wolfssh”, for building wolfSSL for wolfSSH
- “–disable-oldnames”, allow for using OpenSSL along-side wolfSSL headers
- “–enable-lowresource”, memory reduced build
- “–enable-trackmemory”, new memory tracking feature
- “–enable-intelrand”, indicate use of RDRAND preference for RNG source
- Additional Product Enhancements
- wolfMQTT
- Two new releases with bug fixes and enhancements.
- wolfSSH
- Added ECDH Group Exchange with SHA-2 hashing and NIST curves P-256, P-384, and P-521
- Added ECDSA signing with SHA-2 hashing and NIST curves P-256, P-384, and P-521
- Added AES128-GCM encryption compatible with OpenSSH
- Added a Visual Studio solution
- Added client protocol support
- Added example client to talk to the example echoserver
- Miscellaneous bug fixes and enhancements
- wolfMQTT
wolfSSL Top 10 Blog Posts/Technical Announcements
- Difference between TLS 1.2 and TLS 1.3
- TLS 1.3 Reducing Latency
- wolfSSL Asynchronous Intel QuickAssist Support
- wolfSSL in Intel SGX
- Overview of Testing in wolfSSL
- How to use the 0-RTT rope to climb, without hanging yourself!
- wolfSSL Xilinx Support
- Using wolfSSL on the Atmel ATECC508A with TLS 1.3
- wolfCrypt/wolfSSL Benchmarks with iPhone 8/8 Plus/X(A11)
- Using Alternative I/0 with wolfSSL Lightweight TLS
You’ll undoubtedly notice one the themes for this year was the early adoption of TLS 1.3 because the smaller footprint, less resource use, reduction of latency, and frankly better security. The other two themes that may not be so obvious is our focus on Hardware Based Security Enclaves or Elements to provide secure key storage, and our work on Asynchronous Crypto which passes off asymmetric operations to network acceleration cards like Cavium Nitrox and Intel QuickAssist.
wolfSSL Organizational Growth
- wolfSSL represents one of the largest teams focused on a single implementation of TLS/Crypto worldwide. If you know of anyone who fits the following description, please let us know.
https://www.wolfssl.com/job-posting-embedded-systems-engineer/ - We expanded our customer base considerably, now we are securing connections for over 1000 products, have partner relationships with over 30 vendors, and are securing well over 2 Billion connections on any given day.
- wolfSSL Japan is official! We recently opened a new office in Tokyo and expanded the team to 4 local engineers.
- We got the word out, we attended over 32 trade-events (see below). You may ask yourself, why is wolfSSL visiting so many venues? The answer we are trying to save the world from using bad implementations of Crypto and TLS.
- To see a list of upcoming events, check out our upcoming events page.
wolfSSL Events and Tradeshows
The wolfSSL team participated in a total of 32 events in 2017, which was up from 20 in 2016! As part of these events we were in 22 cities, 10 US states, and 6 countries! The events we participated this last year included:
- CES (Las Vegas, NV)
- Cybertech Israel (Tel Aviv, Israel)
- FOSDEM (Brussels, Belgium)
- RSA (San Francisco, CA)
- Industry of Things World (San Diego, CA)
- Mobile World Congress (Barcelona, Spain)
- IoT Pro Expo/Cloud fair (Tokyo, Japan)
- Embedded World 2017 (Nuremberg, Germany)
- Renesas Japan (Tokyo, Japan)
- IoT DevCon (Santa Clara, CA)
- ESC – Boston (Boston, MA)
- LinuxFest (Bellingham, WA)
- Internet of Things World (Santa Clara, CA)
- Embedded Systems-IoT M2M Japan-Japan IT week (Osaka, Japan)
- ICMC (Washington, DC)
- NXP FTF Connects (San Jose, CA)
- Sensor Expo West (San Jose, CA)
- Black Hat 2017 (Las Vegas, NV)
- Microchip Masters 2017 (Phoenix, AZ)
- Fort Meade It & Cyber Day (Fort Meade, MD)
- ST Developers Conference (Santa Clara, CA)
- Mobile World Congress Americas (San Francisco, CA)
- IoT Oil and Gas (Houston, TX)
- RIOT Summit (Berlin, Germany)
- Sensors Midwest (Rosemont, IL)
- Defense Innovation Technology (Tampa, FL)
- ARM TechCon (Santa Clara, CA)
- ESC Minneapolis (Minneapolis, MN)
- Embedded Technology 2017 Yokohama (Yokohama, Japan)
- IoT Tech Expo (Santa Clara, CA)
- ESC San Jose (San Jose, CA)
- ARM Tech Symposia (Tokyo, Japan)
To see upcoming events that wolfSSL will be attending, check out our upcoming events page.
In summary, we had a great year! 2017 was successful for us on multiple fronts, and we look forward to serving our customers and community with ever more secure and functional software in 2018! As always, your feedback is welcome at facts@wolfssl.com!