Category: wolfSSL/ wolfCrypt

Announcing STM32WBA Support in wolfSSL

We’re excited to announce that wolfSSL now officially supports the STM32WBA series of microcontrollers from STMicroelectronics! This addition broadens our commitment to providing lightweight, robust, and high-performance SSL/TLS solutions across a wide range of embedded platforms.

What is the STM32WBA Series?

The STM32WBA series is a family of ultra-low-power wireless microcontrollers designed to bring advanced Bluetooth® Low Energy (LE) connectivity to IoT and embedded devices. Built around the Arm Cortex-M33 core with TrustZone security and integrated radio, STM32WBA microcontrollers are optimized for secure, connected applications in healthcare, industrial, and smart home environments.

Why This Matters

By integrating wolfSSL with STM32WBA, developers now have:

  • Seamless TLS/SSL support for Bluetooth LE and IP-based connectivity.
  • Optimized performance with wolfSSL’s small footprint and STM32’s hardware acceleration features.
  • Ease of integration with STM32Cube ecosystem tools and examples to get started quickly.

Key Highlights:

  • Full TLS 1.3 and DTLS 1.3 support.
  • Hardware crypto acceleration using STM32WBA’s on-chip crypto engine.
  • Support for wolfCrypt’s entire crypto-suite (including Post-Quantum Cryptography).
  • Example projects for STM32CubeIDE and STM32CubeMX to simplify setup.

To explore wolfSSL on STM32WBA, check out our STM32 Cube Pack instructions and examples here.

For more information on wolfSSL and how it integrates with the STM32WBA, visit our documentation or reach out to our team at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL’s µITRON support and HSM integration

We have received many inquiries about wolfSSL’s µITRON support for years.
The fact that µITRON is used so widely by wolfSSL customers is unique to Japan, but wolfSSL supports µITRON in all wolfSSL products to meet the needs of Japanese customers.

ITRON is an RTOS specification definition, so it is available in many commercial versions, including the open source TOPPERS/ASP, eT-Kernel (eSOL), µC3 (eForce), NORTi (MISPO), and many others. There are also cases where companies have developed their own µITRON-compliant RTOS and are using it, and there are many derivative versions of µITRON that have their own functional enhancements and specification changes.

wolfSSL supports all µITRON versions, including these derivatives.
wolfBoot is available for secure boot, and wolfHSM is available for more robust systems using HSMs (hardware security modules), which have recently been gaining attention.

HSM is a technology that isolates the root of trust functions, such as signature verification and encryption processing, into a physically independent processor or isolated execution context, dramatically improving the security of encryption keys and encryption processing. While HSM’s may make it easier to achieve physical robust security, there is also the issue that the functions such as encryption algorithms provided by the HSM processor are limited. wolfHSM is a framework that makes it possible to expand the encryption algorithm functions as needed by integrating software encryption processing with the basic functions provided by such chips. It is also possible to use the latest quantum-resistant encryption algorithms developed by wolfSSL, as well as algorithms such as SM2, SM3, and SM4.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Post-Quantum Benchmark Comparison: ML-KEM wolfSSL 5.8.0 vs. OpenSSL 3.5

Recently, both OpenSSL 3.5 and wolfSSL 5.8.0 have been released. We thought we’d run some benchmarks on an x86_64 Linux PC.

Note: output has been edited for brevity and clarity.

OpenSSL

Configuration and build:

$ ./Configure
$ make all

Benchmarking Output:

47317 ML-KEM-512 KEM keygen ops in 0.99s
72114 ML-KEM-512 KEM encaps ops in 1.00s
46625 ML-KEM-512 KEM decaps ops in 1.00s
31811 ML-KEM-768 KEM keygen ops in 1.00s
55855 ML-KEM-768 KEM encaps ops in 0.99s
35390 ML-KEM-768 KEM decaps ops in 1.00s
20942 ML-KEM-1024 KEM keygen ops in 1.00s
42164 ML-KEM-1024 KEM encaps ops in 0.99s
27043 ML-KEM-1024 KEM decaps ops in 1.00s

wolfSSL

Configuration and build:

$ ./configure  --enable-mlkem=yes,cache-a --enable-dilithium \
               --enable-all-asm
$ make all

Benchmarking Output:

ML-KEM 512    128  key gen    293900 ops took 1.000 sec
ML-KEM 512    128    encap    271900 ops took 1.000 sec
ML-KEM 512    128    decap    237300 ops took 1.000 sec
ML-KEM 768    192  key gen    163900 ops took 1.000 sec
ML-KEM 768    192    encap    152500 ops took 1.000 sec
ML-KEM 768    192    decap    200700 ops took 1.000 sec
ML-KEM 1024   256  key gen    109200 ops took 1.000 sec
ML-KEM 1024   256    encap    106200 ops took 1.000 sec
ML-KEM 1024   256    decap    143600 ops took 1.001 sec

Analysis & Conclusions

It can be observed that wolfSSL is faster than OpenSSL by a wide margin at every operation and parameter set. Here at wolfSSL, we are extremely proud of our long tradition of excellence when it comes to efficiency and performance.

Now, it is worth pointing out that this is not an apples-to-apples comparison. The build configuration for wolfSSL does indicate that assembly optimizations are enabled while to date, OpenSSL does not have such optimizations. Similarly, we are enabling the “Cache A” optimization which is described as:

Stores the matrix A during key generation for use in encapsulation when performing decapsulation. The key is 8KB larger but decapsulation is significantly faster. Turn on when performing make key and decapsulation with the same object.

We would be happy to re-run these comparisons once OpenSSL has such optimizations enabled.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Hybrid Post-Quantum Key Exchange in wolfSSL 5.8.0

Release 5.8.0 of our wolfSSL library implements hybrid key exchange algorithms that combine conventional elliptic curve cryptography with post-quantum key encapsulation mechanisms (KEMs).

New Hybrid Groups: Combining elliptic curves (SECP256/384/521, X25519, X448) with ML-KEM. This provides compatibility with Chromium and other organizations that are together with wolfSSL leading the way in post-quantum migration. Some of the new hybrid groups were already done in previous releases. Here is the complete list of hybrid key exchange groups in TLS 1.3:

  • WOLFSSL_P256_ML_KEM_512
  • WOLFSSL_P384_ML_KEM_768
  • WOLFSSL_P256_ML_KEM_768
  • WOLFSSL_P521_ML_KEM_1024
  • WOLFSSL_P384_ML_KEM_1024
  • WOLFSSL_X25519_ML_KEM_512
  • WOLFSSL_X25519_ML_KEM_768
  • WOLFSSL_X448_ML_KEM_768

The new release includes comprehensive test configurations demonstrating how to use these new hybrid groups in TLS 1.3 connections. Go ahead and start thwarting the “Harvest Now, Decrypt Later” threat model that is currently in play.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL visits Radiona in Zagreb

We at wolfSSL would like to thank Goran Mahovlic and the entire Radiona team for inviting us to their headquarters in Zagreb, Croatia! We enjoyed the opportunity to present information on one of our flagship products, wolfBoot, during the recent OpenHardware Meet-up. The hospitality was outstanding and greatly appreciated!

Radiona is home to the awesome ULX3S FPGA + ESP32 board, first introduced to the general public by our friends over at the Crowd Supply Campaign and now available from Mouser Electronics.

Radiona embodies the true STEAM Spirit. So much more than the open source hardware is the community of passionate makers, students, engineers, and more. These people from all over the world participate in the Zagreb Makerspace and FER: the Faculty of Electrical Engineering and Computing at the University of Zagreb in Croatia.

A new and exciting board is also in the works from the collaboration between Radiona and Intergalaktik: the ULX4M! This is another open source FPGA board that has a CM4 connector for the many Raspberry Pi Carrier boards that accept a Compute Module.

The ULX3S is the only board (that we know of!) that is not only open source, but includes both open source FPGA and ESP32 projects, all on one board. Check out some of the many projects available.

New and exciting features will soon be added to the ULX3S, leveraging some of the features of the ESP32-S3. See the development README doc.

There’s extensive wolfSSL support for the ESP32, including not only Espressif ESP-IDF with optional Managed Components but also Arduino, PlatformIO, and more.

[gojimmypi] has several blogs on using wolfSSL with the ULX3S: Perhaps you’d like to SSH into the ESP32 on your ULX3S? That example leverages the core Espressif wolfSSH in the wolfssl-examples SSH-to-UART project.

The ULX3S could also be integrated into the Apple HomeKit ecosystem.

Interested in getting Started with wolfSSL on the ESP32? Check out our YouTube video:

See our prior blog about using the ULX3S FPGA to create your own soft-core RISC-V, the same Hazard3 core used on the Raspberry Pi Pico 2 RP2350.

Meet Us at Events:

For more information:

Post Quantum

Do you have code that can be upgraded to Post Quantum? Read our recent blog to learn more!

FIPS Certified!

When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.

Find out more:

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub

Download wolfSSL Now

Test Certificates in Production: KeyPlug’s WolfSSL Misconfiguration Leads to Infrastructure Exposure

Summary

A critical security incident exposed KeyPlug malware infrastructure due to the improper use of wolfSSL test certificates in production. The 24-hour exposure revealed sophisticated attack tools linked to the RedGolf/APT41 threat group, demonstrating how poor certificate management can compromise even advanced threat actors’ operations.

The Certificate Failure

The compromised server was identified through its WolfSSL test certificate:

Subject Common Name: www[.]wolfssl[.]com
Subject Organizational Unit: Support_1024
Issuer Organizational Unit: Consulting_1024
SHA-256: 4C1BAA3ABB774B4C649C87417ACAA4396EBA40E5028B43FADE4C685A405CC3BF

Critical Issues

  • Test Certificate Misuse
    • Production use of wolfssl.com test domain
    • Weak 1024-bit keys (indicated by “_1024” suffix)
    • Certificate sharing across multiple attack servers
  • Security Impact
    • Exposed Fortinet exploitation tools and C2 infrastructure
    • Enabled infrastructure correlation through shared certificates
    • Compromised operational security of advanced threat actors

Best Practices for WolfSSL Implementation

To avoid security lapses like the one described, it’s critical to follow best practices when deploying wolfSSL in production environments. The following guidelines focus on certificate requirements, security controls, and monitoring techniques:

Production Deployments

  • Certificate Requirements
    • Use only trusted CA-issued certificates
    • Implement minimum 2048-bit RSA keys
    • Maintain proper validation chains
  • Security Controls
    • Never use test certificates in production
    • Implement certificate pinning
    • Regular certificate rotation

Monitoring and Detection

  • Certificate Auditing
    • Regular infrastructure scans
    • Certificate inventory management
    • Automated validation checks
  • Warning Signs
    • Domains containing “wolfssl.com”
    • Organizational units with test indicators
    • Key sizes below 2048 bits
    • Invalid trust chains

Recommendations

To mitigate risk and ensure strong certificate hygiene, both WolfSSL users and security teams should take immediate action. Below are tailored recommendations for each group:

Immediate Actions

  1. For WolfSSL Users
    • Audit all certificates
    • Remove test certificates
    • Implement CA-issued certificates
    • Verify proper key lengths
  2. For Security Teams
    • Monitor for test certificate usage
    • Implement certificate validation
    • Regular infrastructure scanning
    • Maintain certificate inventory

Conclusion

Organizations must maintain strict separation between development and production certificates and implement proper certificate management policies to prevent similar exposures.

Please do not use wolfSSL test certificates in production because the corresponding private keys are published as part of the wolfSSL source code package, so by design, these certificates are insecure. The test certificate private keys are public!

Source:

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Chimera Certificate Standards Compliance

In the evolving landscape of cryptographic security, supporting multiple signature algorithms within a single certificate has become increasingly important. These certificates are known as Chimera certificates, a moniker coined by the X9.146 banking standards team. They provide enhanced security, flexibility, and agility, especially for the transition to post-quantum cryptography. As well, wolfSSL also understands the new TLS 1.3 CKS extension as defined by the X9.146 banking standard draft.

Chimera certificates are X.509 certificates that contain two public keys and signatures. These certificates are implemented through the use of three extensions:

  • Subject Alternative Public Key Info (SAPKI): Contains an alternative public key
  • Alternative Signature Algorithm: Specifies the algorithm used for the alternative signature
  • Alternative Signature Value: Contains the actual bitstring of the alternative signature

In X.509 certificates, extensions can be marked as either “critical” or “non-critical.” Critical extensions MUST be understood and processed by the certificate validator. If a validator doesn’t recognize a critical extension, it MUST reject the certificate. Non-critical extensions can be safely ignored if not understood.

Before release 5.8.0, wolfSSL’s dual algorithm certificate implementation did not properly support the parsing of these extensions if they were marked as Critical. This was because the whole purpose of these extensions was to facilitate migration by allowing unmigrated systems to ignore the alternative public key and signatures. In that context, marking these extensions as critical made no sense.

That said, these extensions are standardized in the 2019 edition of the ITU-T X.509 standard. In that document, under recognition that there might be other future applications for these extensions, marking these extensions as critical is permitted.

The addition of critical extension support for Chimera certificates extensions represents an important compliance step. Without standards, interoperability would not be possible.

As the cryptographic landscape continues to evolve, especially with the ongoing transition to post-quantum algorithms, enhancements such as Chimera certificate support will become increasingly valuable. wolfSSL continues to demonstrate its commitment to providing a robust, standards-compliant, and forward-looking cryptographic library.

If you have question about any of the above, please contact us at >a href=”mailto”facts@wolfssl.com”>facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL 5.8.0 Released

We are excited to announce that wolfSSL version 5.8.0 is now available. This release brings several important new features and improvements. Below are the key new additions:

New Features

  • Implemented various fixes to support building for Open Watcom, including OS/2 support and Open Watcom 1.9 compatibility (PR 8505, 8484).
  • Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488).
  • Added support for STM32WBA (PR 8550).
  • Added Extended Master Secret Generation Callback to the –enable-pkcallbacks build (PR 8303).
  • Implemented AES-CTS (–enable-aescts) in wolfCrypt (PR 8594).
  • Added support for libimobiledevice commit 860ffb (PR 8373).
  • Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD (PR 8307).
  • Added blinding option when using a Curve25519 private key by defining the macro WOLFSSL_CURVE25519_BLINDING (PR 8392).

ML-DSA and Post-Quantum Cryptography Enhancements

In line with NIST’s latest documentation, wolfSSL has updated its Dilithium implementation to ML-DSA (Module-Lattice Digital Signature Algorithm), which is fully supported in this release. Additionally, the release includes updates to further optimize ML-DSA and LMS (Leighton–Micali Signature) schemes, reducing memory usage and improving performance.

Linux Kernel Module (linuxkm) Updates

wolfSSL 5.8.0 expands support for the Linux Kernel Module (linuxkm), with several important enhancements to improve kernel-level cryptographic integration. This includes extended LKCAPI registration support for rfc4106(gcm(aes)), ctr(aes), ofb(aes), ecb(aes), and the legacy one-shot AES-GCM backend. Compatibility improvements have been added for newer kernels (?6.8), and calls to scatterwalk_map() and scatterwalk_unmap() have been updated for Linux 6.15. The release also registers ECDSA, ECDH, and RSA algorithms with the kernel crypto API and introduces safeguards for key handling, including forced zeroing of shared secrets. These changes make it possible to use more wolfSSL functionality in the kernel space.

For a full list of fixes and optimizations check out the ChangeLog.md bundled with wolfSSL. Download the latest release from the download page. If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL arrives to NXP’s Application Code Hub

The NXP Application Code Hub, in collaboration with wolfSSL, now provides developers with a practical foundation for building secure IoT applications using NXP’s MCUXpresso VS Code extension.

This ecosystem combines NXP’s powerful microcontrollers with wolfSSL’s security libraries, all running on the Zephyr RTOS.

Available Initial Examples:

These examples are initially designed specifically for NXP’s FRDM-MCXN947 development board, but because they are using Zephyr they can easily be adapted to any board or chip supported by Zephyr and NXP!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

The definitive guide to Kernel vs. User Space Cryptography on Windows or Linux

We’re often asked if our cryptography library can be used in kernel, typically for use cases involving network or disk I/O. Indeed it can. Performing cryptographic operations inside the kernel has performance and security advantages, and is typically transparent to user mode applications and daemons. When is kernel mode cryptography the right solution, and what sorts of advantages can you expect?

Two common high level use cases for kernel mode crypto are network packet flow (VPNs, IPsec, MACsec, TLS offload, and packet authentication like TCP-AO) and disk encryption (for example, dm-crypt/LUKS and fscrypt). Much of the processing for network packets and block device I/O can be done entirely in kernel mode, but only if the required cryptographic operations are also performed in kernel mode. Performance will degrade significantly if that processing has to pass through a user mode process, as in a user mode VPNs such as StrongSwan with default configuration, or a FUSE-based cryptographic filesystem such as EncFS.

The common thread for all performance-motivated kernel crypto use cases is that the kernel is already in the critical path. Performing critical path operations in user mode introduces context switches and forces data copying, while kernel mode crypto leverages the existing data flow, with only the negligible overhead of function calls and pointer passing. If a design calls for leveraging a hardware crypto accelerator, kernel mode is a natural fit, due to the kernel’s direct access to memory-mapped physical resources.

Kernel mode crypto also allows a fundamentally higher level of security for specialized applications. Private keys and other highly sensitive data can be kept entirely in-kernel, safe from exposure. With trusted execution environments such as ARM TrustZone, Intel SGX, and AMD SEV-SNP, this data can be kept separate even from other kernel data, effectively defeating software-borne attacks even if the endpoint has been compromised.

wolfSSL has implemented Linux kernel cryptosystem plug-and-play functionality for all supported FIPS AES modes and key sizes, including XTS, CBC, CFB, GCM, OFB, CTR, and CCM, offering full turnkey (no code) support for dm-crypt/LUKS disk encryption and other kernel-mode applications. On amd64, our kernel AES implementations fully leverage AESNI and AVX, delivering state-of-the-art performance. We also support retargeting of the WireGuard kernel module to wolfCrypt, and can also retarget kernel mode WireGuard to use wolfCrypt FIPS cryptography directly. More kernel mode cryptographic algorithms are in process and available shortly, including registration of our AVX-accelerated post quantum implementations.

The full wolfCrypt native API is available in-kernel to other kernel modules, including full support for FIPS 140-3. We have also ported our full TLS stack to the kernel, allowing special use cases with TLS1.3 and DTLS1.3 endpoints resident in kernel space. TLS 1.3 in the kernel allows for encrypted communication links directly to kernel threads for maximum security.

How do you decide when Kernel Mode cryptography or TLS is appropriate for your use case? Typically you are looking for a security advantage or a performance advantage, or both. We can help! Contact us at facts@wolfSSL.com and we can support you through benchmarking and security concerns to guide your decisions.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 8 9 10