wolfSSL repository for FreeRTOS classic and Amazon FreeRTOS

We have created a new repository for hosting the FreeRTOS classic and Amazon FreeRTOS support for wolfSSL located here:

There are two pull requests with support for wolfSSL including demos:

FreeRTOS Classic v10.0.1 with wolfSSL/wolfMQTT demos:

  • Added a wolfMQTT FreeRTOS TCP demo. This demo connects to the iot.eclipse.org MQTT broker with TLS on port 8883. It sends a counter publish message every second.
  • Updated wolfSSL demo:
  • Project built and tested against latest v3.14.4 release.
  • Switched to using user_settings.h (WOLFSSL_USER_SETTINGS).
  • Updated the certs (expired Jan 31, 2018).
  • Stop tracking the .filter project file.
  • Add submodule for wolfMQTT v1.0 plus FreeRTOS TCP support.
  • Replace wolfSSL sources with submodule wolfSSL v3.14.4 plus some Win VS fixes.
  • Initial FreeRTOS v10.0.1

Amazon FreeRTOS v1.2.3 port to use wolfSSL:

  • Port of the Amazon FreeRTOS v1.2.3 to use wolfSSL.
  • Added a new solution and project for demo at FreeRTOS-AWS/demos/pc/windows/visual_studio/aws_demo_wolf.sln.
  • Added wolfssl as submodule.

wolfSSL ARMv8 Support

Did you know that the wolfSSL embedded SSL/TLS library supports ARMv8 as well as the Cryptography Extensions that it provides?  wolfSSL is more than 10 times faster with AES and SHA256 operations the ARMv8 board we have been testing on (HiKey LeMaker) when using hardware acceleration versus software crypto!

wolfSSL ARMv8 on HiKey LeMaker Board


ARMv8 Benchmark Data comparing Software and Hardware Cryptography

AlgorithmSoftware CryptographyHardware Cryptography
RNG16.761 MB/s82.599 MB/s
AES-128-CBC-enc26.491 MB/s649.179 MB/s
AES-128-CBC-dec26.915 MB/s607.407 MB/s
AES-192-CBC-enc22.796 MB/s566.717 MB/s
AES-192-CBC-dec23.130 MB/s553.092 MB/s
AES-256-CBC-enc20.004 MB/s504.143 MB/s
AES-256-CBC-dec20.207 MB/s491.374 MB/s
AES-128-GCM-enc6.224 MB/s393.407 MB/s
AES-128-GCM-dec6.226 MB/s182.279 MB/s
AES-192-GCM-enc5.895 MB/s361.801 MB/s
AES-192-GCM-dec5.895 MB/s175.676 MB/s
AES-256-GCM-enc5.609 MB/s333.911 MB/s
AES-256-GCM-dec5.610 MB/s169.085 MB/s
CHACHA60.510 MB/s60.017 MB/s
CHA-POLY41.805 MB/s41.410 MB/s
MD5156.310 MB/s154.421 MB/s
POLY1305144.464 MB/s143.058 MB/s
SHA89.874 MB/s89.154 MB/s
SHA-25638.805 MB/s533.139 MB/s
HMAC-MD5156.301 MB/s154.083 MB/s
HMAC-SHA89.859 MB/s89.045 MB/s
HMAC-SHA25638.814 MB/s532.316 MB/s
RSA, 2048, public171.995 Ops/s171.355 Ops/s
RSA, 2048, private13.716 Ops/s13.686 Ops/s
DH, 2048, key generation50.831 Ops/s50.575 Ops/s
DH, 2048, agree41.826 Ops/s41.596 Ops/s

If you are interested in using wolfSSL on an ARMv8 platform and want some tips on getting started for optimal performance, contact us at facts@wolfssl.com!  wolfSSL now includes support for TLS 1.3 as well!

MQTT Secure Firmware Update Example

Our wolfMQTT project includes an example for secure firmware update. This example uses the wolfSSL embedded SSL/TLS library to hash/sign the binary image and send it over MQTT. The example has two applications. One is called fwpush, which hashes, signs and publishes the firmware image over TLS to an MQTT broker. The second is called fwclient, which subscribes to the example firmware update topic, receives the firmware image and validates the signature of it. This example is located in examples/firmware.

The latest wolfMQTT releases can be downloaded at:

Documentation for wolfMQTT can be found here:

The latest source code can be found on our GitHub repo at:

For questions please contact support at support@wolfssl.com.

wolfSSL at ICMC18

wolfSSL will be exhibiting and speaking at the 2018 International Cryptographic Module Conference in Ottawa, Ontario.  This event will be held at the Shaw Centre in Ottawa, Ontario, Canada May 8th – 11th, 2018.

We will be giving a session on May 9th, focusing on doing FIPS 140-2 validations inside a secure enclave, such as Intel SGX.  Complete details are below:

May 9th, 2018
4:15 – 4:45 EDT
Room: G13B
Speaker: Chris Conlon

Session Abstract:

Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.

wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.

If you are attending or planning on attending please stop by our table or schedule an appointment by contacting us at facts@wolfssl.com.  We will be talking about TLS 1.3, TPM 2.0, Intel SGX, wolfCrypt FIPS operating environment updates, embedded TLS, and more!

For more information about ICMC, or to purchase tickets, you may register at: https://icmconference.org/

We look forward to seeing you there!

wolfSSL FAQ page

The wolfSSL FAQ page can be useful for information or general questions that need need answers immediately. It covers some of the most common questions that the support team receives, along with the support team's responses. It's a great resource for questions about wolfSSL, embedded TLS, and for solutions to problems getting started with wolfSSL.

To view this page for yourself, please follow this link here.

Here is a sample list of 5 questions that the FAQ page covers:

  1. How do I build wolfSSL on ... (*NIX, Windows, Embedded device) ?
  2. How do I manage the build configuration of wolfSSL?
  3. How much Flash/RAM does wolfSSL use?
  4. How do I extract a public key from a X.509 certificate?
  5. Is it possible to use no dynamic memory with wolfSSL and/or wolfCrypt?

Have a  question that isn't on the FAQ? Feel free to email us at support@wolfssl.com.

Posts navigation

1 2