We not only remained far ahead of our competitors in 2019, but we also proceeded to extend our lead with massive success and growth. We grew our business dramatically, primarily based on our technological superiority and ongoing investments in testing and quality. We delivered TLS 1.3 ahead of the market, MISRA-C cryptography for the automotive market, FIPS for our government consumers and DO-178 for avionics. We also remain the best-tested product on the market, as witnessed by our additional fuzz testing resources from both internal and external sources. We have also been through a number of additional code audits from our large consumers. Finally, we engaged some of the best code auditors and testers in the world to review our code. Lots of testing and lots of eyeballs have come together to produce the best-tested TLS and cryptography code on the market today. Thank you for your interest in wolfSSL! We are off to a great start in 2020 and will strive to live up to your expectations again in the rest of 2020!
Reminder: If your TLS and cryptography provider does not do fuzz testing, you are exposed.
wolfSSL Technical Progress
A total of 4 releases of the wolfSSL embedded TLS library were delivered in 2019, each with bug fixes, enhancements, and new feature additions. Highlights of these releases included:
1. New Hardware and OS Ports
- Renesas RX65N
- SiFive HiFive E31 RISC-V core family
- SiFive HiFive Unleashed board
- Telit IoT AppZone SDK
- Deos Safety Critical RTOS
- Zephyr Project
- Espressif ESP32-WROOM
- Espressif ESP-IDF
- Cypress WICED Studio
- ARM MDK CMSIS RTOS v2
- Sysgo PikeOS and ELinOS
2. New Software Ports!
- Apache web server (–enable-apache-httpd, WOLFSSL_APACHE_HTTPD)
- OpenVSwitch
- Google WebRTC
- Over 198 new OpenSSL compatibility API added
- Qt (–enable-qt, –enable-qt-test, WOLFSSL_QT)
- OpenVPN
3. Updates to Existing Ports
- Arduino (updated/refactored default settings, improved sketch examples)
- Xilinx (updates to Xilinx FreeRTOS build)
- Nginx (updated 1.15.0 patch, added 1.16.1 and 1.17.5 support)
4. Operating System Updates
- Micrium uC/OS-III (port update, adjustments for static and inline macros)
- Windows (fixes for custom ECC curves, directory functions)
- NetBSD (default build and mutex usage)
- SafeRTOS (fixes for build issues)
- VxWorks (port updates)
- Yocto Linux (ease of use improvements, updates, build instructions)
5. Compiler and IDE Updates
- IAR-EWARM (Cortex-M changes, compiler warning fixes)
- Renesas CS+ (improve user settings support, updated examples)
- XCode (Project file update, iPhone simulator on i386 build fixes)
- Visual Studio (fixes for build warnings, wrapper for snprintf)
- Cygwin (fixes for visibility tags)
6. TLS 1.3 Updates
- Better Interop
- Interop fixes and better version negotiation
- Better Portability
- Portability improvements (simplify time requirement, XTIME_MS)
- Better Testing
- Additional fuzz testing!
- Automated testing of select Embedded Targets
- Better customer testing (known use-cases and configurations)
- More Cipher Suites
- Addition of NULL cipher suites (TLS_SHA256_SHA256, TLS_SHA384_SHA384)
7. New Hardware Crypto Support
- ARM CryptoCell-310 on nRF52840
- Renesas TSIP on RX65N
- PKCS#11 support for HMAC, AES-CBC, and RNG
- Intel QuickAssist v1.7 driver support
- Intel QuickAssist RSA key generation and SHA-3 support
- STM32WB PKA ECC signature verification
8. Improvements to Existing Hardware Crypto Support
- STM32 (improved AES-GCM performance)
- STSAFE (wolfSSL crypto callback support, better error code handling)
- TI (updates to existing hardware crypto)
- NXP mmCAU performance improvements (35-78%!)
- Crypto callbacks (added 3DES support, improved features)
- Fixes to Microchip ATECC508/608A, AES-NI, AVX2, ARMv8, devcrypto/afalg, ST CubeMX
9. New and Updated Algorithms
- Addition of Ed25519ctx and Ed25519ph (sign/verify – RFC 8032)
- Addition of Blake2s (32-bit Blake2 support)
- CMS / PKCS#7 Improvements
10. Algorithm Performance Optimization
- ARM Architecture
- ChaCha20 using SIMD NEON extension
- Poly1305 using SIMD NEON extension
- Curve25519/Ed25519
- SHA-384/512 using SIMD NEON extension
11. New and Updated Build Options
- “–enable-ecccustcurves=all” – Enable all curve types
- “–enable-16bit” – Enable 16-bit compiler support
- “–enable-rsavfy” – RSA verify only build
- “–enable-rsapub” – RSA public only build
- “–enable-armasm” – Updated for ease of use with autotools
- “–enable-fallback-scsv” – Fallback SCSV, server-side
- “–enable-titancache” – New session cache size, can hold over 2 million sessions
12. TLS Extension Support Additions and Updates
- Added TLS Trusted CA extension
- Added Encrypt-then-MAC for TLS 1.2 and below
- Ability to disable Signature Algorithms extensions
- Parsing efficiency improvements to SNI extension
- Additional error checking when parsing ALPN
13. Single Precision Math Updates
- Cortex-M support
- Support for prime checking
- Specialized implementation of mod exp when base is 2
- Support for 4096-bit RSA and DH operations
14. FIPS 140-2 Validation News!
- Support for wolfCrypt FIPS v4.0.0 certificate #3389
- New “FIPS Ready” initiative
- Addition of wolfRand build option to configure.ac
- FIPS 140-2 OE additions
- HP Imaging & Printing Linux 4.9 running on HP PN 3PZ95-60002 with ARM Cortex-A72 with and without PAA**
- Includes ARMv8/NEON assembly optimizations w/PPA**
- Linux 4.4 (Ubuntu 16.04 LTS) running on Intel Ultrabook 2 in 1 with an Intel® Core™ i5-5300U CPU @2.30GHz x 4 with and without PAA**
- Includes Intel AESNI and RDSEED support w/ PAA**
- OpenRTOS v10.1.1 running on STMicroelectronics STM32L4R9I-DISCO (Discovery Kit) with a STMicroelectronics STM32L4Rx (no PAA**)
- Windows 10 Enterprise running on Radar FCL Package Utility with Intel® Core™ i7-7820 @2.9GHz x 4 with and without PAA**
- Includes Intel AESNI and RDSEED support w/ PAA**
- Windows 10 running on Intel Ultrabook 2 in 1 with an Intel® Core™ i5-5300U CPU @2.30GHz x 4 with and without PAA**
- Includes Intel AESNI and RDSEED support w/ PAA**
- HP Imaging & Printing Linux 4.9 running on HP PN 3PZ95-60002 with ARM Cortex-A72 with and without PAA**
** (Processor Algorithm Accelerator)
15. Testing
- Fixes for Coverity, scan-build, and cppcheck reports
- Enhancements to test cases for increased code coverage
- More Pull Request and Nightly tests
- ABI compliance testing for a subset of APIs’
16. Examples
- New Coldfire MCF5441X NetBurner example
- New Visual Studio solution for Microsoft Azure Sphere Devices
- New NXP Kinetis Design Studio (KDS) example project
17. Additional Product Enhancements
- wolfMQTT (2 releases)
- Multithreaded support (–enable-mt)
- Port Updates
- Visual Studio
- NXP MQX / RTCS
- Microchip Harmony
- Examples
- New multithread example
- Azure authentication update
- Default broker for example
- New simple client example
- New non-blocking example
- wolfSSH (3 releases)
- Client-side public key authentication support
- Callback function to the check public key sent
- SFTP client and server support for Windows CE, Micrium 3, MQX 4.2
- Port updates for Nucleus and Windows
- Window size optimizations
- Better automated and fuzz testing!
- Updates to non blocking support
- More examples: Renesas CS+, SFTP
- Support for AES-CTR connections added
- Improved interoperability and reliability
- TCP port forwarding
- Global request message support
- Client side pseudo terminal support
- wolfTPM (3 releases)
- Support for Microchip ATTPM20
- Support for Barebox
- Support for multiple concurrent process
- Improvements for chip detection, compatibility and startup performance
- Better testing with new API unit test framework
- Support for NV with authentication
- New wrappers and examples for HMAC/AES, ECDHE and PCR
- Added examples for TLS client/server
- Stack use reductions
- Expanded benchmark support
- Crypto callback flags for FIPS mode and Symmetric options
- Support for ST33 TPM2_SetMode command (low-power savings)
- wolfBoot (3 releases)
- Compile options for Cortex-M0
- Support for RV32 RISC-V architecture
- STM32F76x/77x hardware-assisted dual-bank support
- New HAL support
- Atmel SAMR21
- TI CC26X2
- NXP/Freescale Kinetis SDK
- RV32 FE310 (SiFive HiFive-1)
- STM32L0
- STM32G0
- STM32F7
- STM32H7
- STM32WB55
- Support for ECC-256 DSA
- Support for external flash for Update/Swap
- Anti-rollback protection
- New Python tools for key generation and signing
- Ability to move flash-writing functions to RAM
- Ability for bootloader to update itself
- TPM2.0 support
- Integration with wolfTPM
- Extended STM32 SPI driver to support dual TPM/FLASH communication
- Tested on STM32 with Infineon 9670
- RSA 2048 bit digital signature verification
- cURL
- New option for commercial support
- wolfSSL-py (2 releases)
- Python3 fixes
- Native feature detection
- wolfCrypt-py (1 release)
- Added Ed25519 cipher
- Added methods for ECC key handling
- New methods for raw sign/verify on Ed25519
- RSA new methods: make_key() encode_key()
- Native feature detection based on wolfSSL build
wolfSSL Top 10 Blog Posts/Technical Announcements
- wolfCrypt as an engine for OpenSSL:
- Differences between TLS 1.2 and TLS 1.3:
- wolfSSL Integration with cURL:
- wolfSSL FIPS-Ready:
- wolfCrypt FIPS New Certification TLS 1.3 FIPS Support
- TLS 1.3 Performance Analysis(series)
- https://www.wolfssl.com/tls-1-3-performance-analysis-client-server-authentication/
- https://www.wolfssl.com/tls-1-3-performance-analysis-throughput/
- https://www.wolfssl.com/tls-1-3-performance-analysis-client-server-authentication/
- https://www.wolfssl.com/tls-1-3-performance-analysis-server-pre-generation/
- https://www.wolfssl.com/tls-1-3-performance-analysis-pre-shared-key-psk/
- https://www.wolfssl.com/tls-1-3-performance-part-2-full-handshake-2/
- https://www.wolfssl.com/tls-1-3-performance-analysis-resumption/
- wolfSSL Support for DO-178 DAL A:
- Remote firmware updates for embedded systems with wolfBoot
- OpenSSL Compatibility Layer Expansion
- Need a Secure Bootloader Misra-C?
2019 Webinars
- The Advantages of Using TLS 1.3
- wolfSSL: TLS 1.3, OpenSSL Comparison
- Introduction to Secure Boot
- Migrating from OpenSSL to wolfSSL
- Security in Avionics
wolfSSL Organizational Growth
- wolfSSL represents one of the largest teams focused on a single implementation of TLS/Crypto worldwide. If you know of anyone who fits the following description, please let us know.
- wolfSSL job postings URL (https://uw.joinhandshake.com/jobs/2905385?ref=preview-header-click)
- We have expanded our customer base considerably, are now securing connections for over 1000 products, have partner relationships with over 30 vendors, and are securing well over 2 Billion connections on any given day, worldwide.
- wolfSSL increased its presence in Europe with 2 new members to the team in 2019.
- We got the word out! wolfSSL attended over 62 trade-events (see below). You may ask yourself, why is wolfSSL visiting so many venues? The answer: we are trying to save the world from using bad implementations of Crypto and TLS.
wolfSSL Events and Tradeshows
The wolfSSL team participated in a total of 62 events in 2019, which was up from 50 in 2018 (and 30 in 2017)! As part of these events we were in 44 cities, 18 US states, and 10 countries! The events we participated this last year included:
- CES (Las Vegas, NV)
- Smart Factory Expo (Tokyo, Japan)
- Japan IT Week West (Osaka, Japan)
- Embedded Tech India Expo (New Delhi, India)
- FOSDEM (Brussels, Belgium)
- DistribuTECH (New Orleans, LA)
- ET Nagoya (Nagoya, Japan)
- Embedded World 2019 (Nuremberg, Germany)
- RSA (San Francisco, CA)
- Medtec Japan 2019 (Tokyo, Japan)
- MtoM Embedded Systems (Paris, France)
- Black Hat Asia 2019 (Marina Bay Sands, Singapore)
- cURL UP (Prague, Czech Republic)
- NXP Tech Days Chicago (Chicago IL)
- SIdO (Lyon, France)
- Japan IT Week Spring (Tokyo, Japan)
- NXP Tech Days MInneapolis (Minneapolis, MN)
- IoT Tech Expo Global (London, England)
- LinuxFest (Bellingham, WA)
- Satellite 2019 (Washington, DC)
- NXP Tech Days Seattle (Bellevue, WA)
- ICMC (Vancouver, BC)
- Internet of Things World (Santa Clara, CA)
- ESC Boston (Boston, MA)
- Wireless IoT (Tokyo, Japan)
- RTCA (Crystal City, VA)
- TU Automotive (Zurich, Switzerland)
- Risc-V Summit (Zurich, Germany)
- NXP Connects (Santa Clara, CA)
- Embedded Tech West (Osaka, Japan)
- IoT TechExpo Europe (Amsterdam, Netherland)
- Sensors Expo West (San Jose, CA)
- IoT Security Forum (Tokyo, Japan)
- Microchip Master 2019 (Phoenix, AZ)
- Black Hat 2019 (Las Vegas, Nevada)
- NXP Tech Days (Irvine, CA)
- Billington International Cyber Security Summit (Washington, DC)
- RIOT Summit (Helsinki, Finland)
- NXP Tech Days Boston (Boston, MA)
- IoT World Asia 2019 (Singapore)
- ST Dev Con (Santa Clara, CA)
- FACE Consortium (Dayton, OH)
- Federal Identity Forum (Tampa, FL)
- ST Tech Tour (Vancouver, BC)
- ArmTech Con (San Jose, CA)
- NXP Tech Days Detroit (Detroit, MI)
- Japan IT Week Autumn (Chiba Makuhari Messe, Japan
- ST Tech Tour (Minneapolis, MN)
- Xilinx XSWG (Longmont, CO)
- Embedded Conference Scandinavia (Stokholm, Sweden)
- ETSI/IQC Quantum Safe Cryptography Workshop (Seattle, WA)
- ST Tech Tour (Boston, MA)
- NXP Tech Days Toronto (Toronto, Canada)
- Xilinx XWSG (Herndon, VA)
- IoT Tech Expo North America (Stanta Clara, CA)
- Embedded Technology/IoT Technology East (Pacifico Yokohama, Japan)
- Open Source Conference (Tokyo, Japan)
- Embedded Software Engineering Kongress (Sindelfingen, Germany)
- Xilinx XWSG (Munich, Germany)
- ARM Tech Symposium (Tokyo, Japan)
- RSC-V Summit (San Jose, CA)
- Tron Show (Tokyo, Japan)
In summary, we had a great year! 2019 was successful on multiple fronts, and we look forward to serving our customers and community with ever more secure and functional software in 2020.
If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.