wolfSSL ARMv8 Support

Did you know that the wolfSSL embedded SSL/TLS library supports ARMv8 as well as the Cryptography Extensions that it provides?  wolfSSL is more than 10 times faster with AES and SHA256 operations the ARMv8 board we have been testing on (HiKey LeMaker) when using hardware acceleration versus software crypto!

wolfSSL ARMv8 on HiKey LeMaker Board


ARMv8 Benchmark Data comparing Software and Hardware Cryptography

AlgorithmSoftware CryptographyHardware Cryptography
RNG16.761 MB/s82.599 MB/s
AES-128-CBC-enc26.491 MB/s649.179 MB/s
AES-128-CBC-dec26.915 MB/s607.407 MB/s
AES-192-CBC-enc22.796 MB/s566.717 MB/s
AES-192-CBC-dec23.130 MB/s553.092 MB/s
AES-256-CBC-enc20.004 MB/s504.143 MB/s
AES-256-CBC-dec20.207 MB/s491.374 MB/s
AES-128-GCM-enc6.224 MB/s393.407 MB/s
AES-128-GCM-dec6.226 MB/s182.279 MB/s
AES-192-GCM-enc5.895 MB/s361.801 MB/s
AES-192-GCM-dec5.895 MB/s175.676 MB/s
AES-256-GCM-enc5.609 MB/s333.911 MB/s
AES-256-GCM-dec5.610 MB/s169.085 MB/s
CHACHA60.510 MB/s60.017 MB/s
CHA-POLY41.805 MB/s41.410 MB/s
MD5156.310 MB/s154.421 MB/s
POLY1305144.464 MB/s143.058 MB/s
SHA89.874 MB/s89.154 MB/s
SHA-25638.805 MB/s533.139 MB/s
HMAC-MD5156.301 MB/s154.083 MB/s
HMAC-SHA89.859 MB/s89.045 MB/s
HMAC-SHA25638.814 MB/s532.316 MB/s
RSA, 2048, public171.995 Ops/s171.355 Ops/s
RSA, 2048, private13.716 Ops/s13.686 Ops/s
DH, 2048, key generation50.831 Ops/s50.575 Ops/s
DH, 2048, agree41.826 Ops/s41.596 Ops/s

If you are interested in using wolfSSL on an ARMv8 platform and want some tips on getting started for optimal performance, contact us at facts@wolfssl.com!

wolfSSL Version 4.7.0 Is Available!

Version 4.7.0 of wolfSSL has general fixes and optimizations, a few excellent feature additions, and some vulnerability fixes. Some of the new features added are support for S/MIME bundles which are commonly used with email traffic, an --enable-reproducable-build flag to help out with inspecting the wolfSSL library created, expansion to the OpenSSL compatibility layer, and additional session ticket API’s that help modularly control which TLS protocol version can use session tickets.

A few of the improvements and optimizations in the release are to linux kernel module support, DTLS resending of a flight after timeouts, the CMake build with a user settings file and out of directory builds of wolfSSL.

This release fixes 3 vulnerabilities, one of them being a TLS 1.3 client side issue that is rated as high. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for the report on this TLS 1.3 issue.

A full list of items in the release can be seen in the ChangeLog.md bundled with wolfSSL or on our main webpage. For further reading about vulnerabilities see our webpage or contact us at facts@wolfssl.com for general wolfSSL information.

FIPS certificate #2425 is being added to NIST sunset list: wolfSSL customers can achieve effortless transition to FIPS cert #3389

FIPS 140-2 requires the use of validated cryptography in the security systems implemented by federal agencies to protect sensitive information. The wolfCrypt Module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency.

The National Institute of Standards and Technology (NIST) is sending FIPS cert #2425 into sunset June 2021. For customers who will be impacted, the wolfCrypt Cryptographic Module maintains its #3389 certificate and can be used in conjunction with the wolfSSL embedded SSL/TLS library for full TLS 1.3 client and server support. Upgrade your FIPS cert with wolfSSL to stay afloat and benefit from: 

  • Algorithm support for TLS 1.3!
  • New algorithms such as AES (CBC, GCM, CTR, ECB), CVL, Hash DRBG, DSA, DHE, ECDSA (key generation, sign, verify), HMAC, RSA (key generation, sign, verify), SHA-3, SHA-2, SHA-1, and Triple-DES
  • Hardware encryption support for NXP’s Cryptographic Assistance and Assurance Module (CAAM), NXP Memory-Mapped Cryptographic Acceleration Unit (mmCAU), Intel’s AES-NI, and more
  • Support for secure elements and TPM’s
  • Interoperability with wolfBoot, wolfSSH, and wolfTPM
  • Integration support for third party libraries such as strongswan, nginx, python and more

Contact us to upgrade to FIPS cert #3389 at fips@wolfssl.com

Additional Resources 

Learn more about wolfSSL support for FIPS cert #3389: https://www.wolfssl.com/wolfcrypt-fips-certificate-3389-3/ 

For a list of supported Operating Environments for wolfCrypt FIPS, check our FIPS page: https://www.wolfssl.com/license/fips/ 

Our FIPS Story

wolfSSL is currently the leader in embedded FIPS certificates. We have a long history in FIPS starting with wolfCrypt FIPS 140-2 Level 1 Certificate #2425 as well as wolfCrypt v4 FIPS 140-2 Level 1 Certificate #3389. wolfSSL partners with FIPS experts KeyPair to bring you FIPS consulting services, and high assurance along each step of your FIPS certification process. Additionally, wolfSSL will be the first implementation of FIPS 140-3.

wolfSSL also provides support for a wolfCrypt FIPS Ready version of the library! wolfCrypt FIPS Ready is our FIPS enabled cryptography layer code included in the wolfSSL source tree that you can enable and build. You do not get a FIPS certificate, you are not FIPS approved, but you will be FIPS Ready. FIPS Ready means that you have included the FIPS code into your build and that you are operating according to the FIPS enforced best practices of default entry point, and power on self test.

wolfCrypt FIPS Ready can be downloaded from the wolfSSL download page located here: https://www.wolfssl.com/download/. More information on getting set up with wolfCrypt FIPS Ready can be found in our FIPS Ready User guide here: https://www.wolfssl.com/docs/fips-ready-user-guide/


Please join us for our upcoming FIPS 140-3 Webinar!

Please join us for our upcoming Webinar: FIPS 140-3!

wolfSSL is thrilled to be the first in FIPS 140-3 certification and we want to share it with you! Join the wolfSSL team, Kaleb Himes and John Safranek, Senior Engineers & FIPS authorities, as we cover all things FIPS 140-3. There will be a live Q&A so bring all your FIPS-related questions. We will cover the current transition to FIPS 140-3, its importance for cybersecurity, as well as how wolfSSL is implementing it in our products.

When: February 24, 2021 at 9:00 AM PT
Topic: Webinar- FIPS 140-3
Register in advance for the webinar:
After registering, you will receive a confirmation email containing information about joining the webinar.

Bring any questions you may have, and we look forward to seeing you there!

After registering, you will receive a confirmation email containing information about joining the webinar.
Bring any questions you may have, and we look forward to seeing you there!

Additional Resources

Please contact us at facts@wolfssl.com with any questions about the webinar. For technical support, please contact support@wolfssl.com or view our FAQ page.

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL.

wolfSSL CMSIS Pack

As a proud partner with ARM, wolfSSL is available as a CMSIS pack! wolfSSL was one of the first libraries available as a MDK5 software pack, which has evolved into CMSIS.

The wolfSSL ARM MDK5 pack supports CMSIS-RTOS by default, providing both the library and example applications. The user can choose to use a different OS as well.

Contact us at facts@wolfssl.com for more information about using the wolfSSL CMSIS pack today.

TPM 2.0 Library comparison, build size and memory usage

A question we get asked frequently is what are the build size and memory usage of the wolfTPM portable library. Here we will compare wolfTPM with the other popular TPM2.0 stacks, “ibmtss2” created at IBM and “tpm2-tss” originally created by Intel.

This comparison is interesting, because wolfTPM was built from scratch to be optimized for embedded devices and resource-constrained environments. This gives our TPM2.0 library a small footprint while still providing the features our users want and need.

At the time of writing, the current versions of TPM2.0 libraries is as follows:
wolfTPM is at major version 2.0.0
ibmtss2 is at version 1.5.0
tss2-tpm is at version 3.0.3

The test environment is x86_64 machine, running Ubuntu 20.04.1 LTS, with gcc compiler at version 9.3.0 (from the official Ubuntu 9.3.0-17ubuntu1~20.04 package).

Here are the memory footprint results reported by the GNU Size tool:

Code (text)Memory (data)bssTotal (Dec)filename
26586491861201861202879905ibmtss keygen
2730620176736338882941244Tpm2-tss keygen
119980104024121044wolfTPM keygen


  1. wolfTPM needs the least amount of RAM, in orders of magnitude.
  2. wolfTPM also has the smallest build size
  3. wolfTPM does not use heap
  4. wolfTPM has no external dependencies

For completeness, below are the configurations used for each TPM2.0 stack:

– tpm2-tss stack (originally created by Intel) was built using

./configure –enable-shared=no –enable-nodl –disable-fapi -disable-tcti-mssim -disable-tcti-swtpm

In details:

  • Disable shared library build (enables static library build)
  • Disable dynamic library loading
  • Disable support of feature api
  • Disable support for Microsoft TPM Simulator
  • Disable support for IBM TPM Simulator

tpm2-tss test application: https://github.com/tomoveu/tpm2-tss/tree/size-9

– Ibmtss stack was built using

./configure –disable-tpm-1.2 –disable-rmtpm –disable-shared

In details:

  • Disable support for obsolete TPM 1.2
  • Disable support for resource manager
  • Disable shared libraries (enables static library build)

ibmtss test application: https://github.com/tomoveu/ibmtss/tree/ibm-size-3

– wolfTPM was built using

./configure –enable-devtpm –enable-wolfcrypt –disable-shared

In details:

  • Enable /dev/tpmX interface for Linux
  • Enable wolfCrypt support for parameter encryption
  • Disable shared libraries (enables static library build)

wolfTPM test application: https://github.com/tomoveu/wolfTPM/tree/size-6

If you have any further questions about wolfTPM code sizes, please contact us at facts@wolfssl.com. For a full list of wolfTPM features, please visit the wolfTPM Product Page.

IoT SAFE for Mobile Industry

Hi friends! wolfSSL is looking at participating in the GSMA mobile standard ecosystem for IoT SAFE. We bring robust security; what would this mean for your IoT projects?

IoT SAFE is an IoT SIM applet for secure end-to-end communication, developed by the mobile industry with the goal of standardizing and streamlining IoT device security. Learn more about IoT SAFE.

If you have any commentary or feedback please reach out to our team at facts@wolfssl.com!

Please join us for our upcoming ISRG Partner Webinar!

wolfSSL’s Daniel Stenberg will be joined by Josh Aas and Sean McArthur for this ISRG Partner Webinar. They will cover what the project is about, how it will improve curl and Hyper, how it was done, lessons to be learned, and what to expect in the future.
When: Feb 11, 2021 10:00 AM Pacific Time (US and Canada)
Topic: ISRG Partner Webinar: Let’s Encrypt- “curl, Hyper and Rust”
Register in advance for this webinar:

After registering, you will receive a confirmation email containing information about joining the webinar.
Bring any questions you may have, and we look forward to seeing you there!

wolfBoot v1.7.1 has been released!

wolfBoot v1.7.1 is now available for download from the wolfSSL download page. This version includes some important fixes, improved support for hardware platforms and a few new features.

Our IoT-friendly bootloader is now capable of running in secure mode on Cortex-M33 microcontrollers, using TrustZone-M. Measured boot is now available through the integration with wolfTPM.

For more information or for any questions regarding wolfBoot, contact us at facts@wolfssl.com. Don’t forget to check our GitHub Repository for documentation and to stay up to date with our latest developments. And while you are there, please give us a star!

Posts navigation

1 2 3