Curve25519 Blinding Support Added in wolfSSL 5.8.0

As of wolfSSL version 5.8.0, support for Curve25519 blinding has been introduced. Although originally listed as a feature addition in the changelog, it is more accurately characterized as a mitigation for a potential side-channel vulnerability affecting specific builds. This feature offers optional hardening against power or electromagnetic (EM) analysis during Curve25519 private key operations. While such attacks are generally difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

When Blinding Is Applicable

Blinding is only relevant for builds that use the C implementation of Curve25519 in wolfSSL. It is not available or necessary in the following cases:

  • Assembly-optimized implementations (–enable-armasm / WOLFSSL_ARMASM, –enable-intelasm / USE_INTEL_SPEEDUP)
  • The small footprint Curve25519 build (–enable-curve25519=small / CURVE25519_SMALL)

To enable blinding in the C implementation, define the macro WOLFSSL_CURVE25519_BLINDING. For example:

bash
CopyEdit
./configure --enable-curve25519 CPPFLAGS=-DWOLFSSL_CURVE25519_BLINDING

Affected APIs

Blinding hardens operations where the private key is used with scalar multiplication, such as:

  • wc_curve25519_export_public_ex – when deriving the public key from a private key
  • wc_curve25519_make_key – during key pair generation
  • wc_curve25519_generic
  • wc_curve25519_shared_secret_ex

If you are using the C implementation on hardware where physical side-channel exposure is a concern, it’s recommended to enable blinding and regenerate private keys used in these operations. Curve25519 blinding will be enabled by default for the C implementation in future wolfSSL releases.

Acknowledgments

Thanks to Arnaud Varillon, Laurent Sauvage, and Allan Delautre from Telecom Paris for reporting this.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Adds Support for Open Watcom Compiler

Introduction

The wolfSSL embedded SSL/TLS library has recently expanded its compatibility by adding support for the Open Watcom C/C++ compiler. This enhancement enables developers to build wolfSSL using Open Watcom across multiple platforms including Windows, Linux, and OS/2. This blog post explores the new Open Watcom support, its features, and how to leverage it in your projects.

What is Open Watcom?

Open Watcom is an open-source compiler suite derived from the commercial Watcom C/C++ compiler. It’s particularly valued for its:

  • Cross-platform capabilities (Windows, OS/2, DOS, Linux)
  • Efficient code generation
  • Strong support for legacy systems
  • Continued development by the open-source community

The compiler is especially important for maintaining and developing software for OS/2 and other legacy systems that still have active user communities.

New Features in wolfSSL for Open Watcom

The recent pull requests #8505 and #8484 have implemented several features to ensure wolfSSL works seamlessly with Open Watcom:

  1. Multi-Platform Support:
    • Windows builds
    • Linux builds
    • OS/2 builds (particularly significant as OS/2 support is rare in modern libraries)
  2. Build Configuration Options:
    • Single-threaded and multi-threaded builds
    • Static library and DLL (Dynamic Link Library) options
    • Compatibility with Open Watcom 1.9 and newer versions (2.0+)
  3. OS/2-Specific Enhancements:
    • Socket handling for OS/2 networking
    • Thread management for OS/2’s unique threading model
    • Proper mutex implementation for OS/2
  4. Technical Improvements:
    • Renamed OFFSETOF macro to WC_OFFSETOF to avoid conflicts with OS/2 headers
    • Added proper time handling functions for Open Watcom
    • Implemented conditional compilation for platform-specific code
    • Fixed socket and I/O handling for cross-platform compatibility

Use Cases and Benefits

The addition of Open Watcom support opens up several possibilities:

  1. Legacy System Integration: Integrate modern TLS security into legacy systems running OS/2 or older Windows versions.
  2. Cross-Platform Development: Develop secure applications that can be compiled for multiple platforms using a single compiler.
  3. Educational Environments: Universities and educational institutions that use Open Watcom for teaching can now incorporate wolfSSL in their security curriculum.
  4. Embedded Systems: Some embedded systems with specific requirements may benefit from Open Watcom’s efficient code generation.

Summary

The addition of Open Watcom support to wolfSSL shows our versatility by supporting this compiler across Windows, Linux, and especially OS/2 platforms. This feature enables developers working with legacy systems, educational environments, and specific embedded platforms to leverage wolfSSL’s robust security features.

The implementation includes comprehensive support for different threading models and library types, ensuring that developers have flexibility in how they integrate wolfSSL into their projects. Whether you’re maintaining legacy applications, teaching security concepts, or developing cross-platform solutions, the Open Watcom support in wolfSSL provides a valuable tool in your development arsenal.

As the security landscape continues to evolve, this enhancement ensures that even systems using older or specialized compilers can maintain modern security standards through wolfSSL’s TLS implementation.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

New Feature Spotlight: Offloading Extended Master Secret Generation to Hardware in wolfSSL

We’re thrilled to announce a new feature in wolfSSL 5.8.0: the ability to offload Extended Master Secret (EMS) generation to hardware, introduced in Pull Request #8303. Integrated into `–enable-pkcallbacks –enable-extended-master` builds, this enhancement empowers developers to leverage Trusted Execution Environments (TEEs) or custom hardware for EMS generation, boosting security and performance in TLS sessions. This makes wolfSSL an even more robust solution for embedded systems, IoT, and high-security applications.

What is Extended Master Secret Offloading?

The Extended Master Secret (EMS), defined in RFC 7627, strengthens TLS session security by tying the master secret to the full handshake transcript, mitigating man-in-the-middle attacks. The new feature in wolfSSL allows developers to offload EMS generation to hardware, such as a Trusted Execution Environment (e.g., ARM TrustZone, Intel SGX) or specialized cryptographic hardware. By using a custom callback function, you can delegate EMS computation to secure hardware, ensuring sensitive operations occur in a protected environment.

If you want to know more about using callbacks in wolfSSL or have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Expired Test Certificate: baltimore-cybertrust-root.pem and make check Failures

On May 12th, 2025, the test certificate baltimore-cybertrust-root.pem expired. This may cause issues with the test cases run during make check with wolfSSL builds that do not use the OpenSSL compatibility layer and have a filesystem enabled.

One of the unit tests attempts to load all Certificate Authorities (CAs) from the certs/external directory, which previously included this now-expired certificate. When this test is run with a wolfSSL configuration that will fail if any bad CAs are found among all CAs loaded, it will fail due to the certificate’s expiration.

This issue has been resolved in the wolfSSL master branch by the following pull request: https://github.com/wolfSSL/wolfssl/pull/8769

If you’re currently encountering failures during make check, we recommend removing the expired certificate from your local test environment by applying the changes from GitHub pull request 8769.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL Enhances PKCS7 Streaming Support with Indefinite Length Handling

wolfSSL has extended its PKCS7 capabilities to better handle indefinite length encodings, particularly in streaming scenarios. While basic support for indefinite length verification existed, recent updates have refined the wc_PKCS7_VerifySignedData() API to process multipart and indefinite length content more efficiently in a streaming manner.(wolfSSL)

Key Enhancements

  • Streaming Verification: The wc_PKCS7_VerifySignedData() function now supports verifying PKCS7 data with indefinite lengths without requiring the entire content to be buffered in memory.
  • Improved Decoding: Enhancements in decoding functions allow for better handling of BER-encoded PKCS7 structures with indefinite lengths.

Example Usage

The wolfssl-examples repository provides practical demonstrations of these enhancements. For instance, the pkcs7-stream-verify example illustrates how to verify PKCS7 signed data in a streaming context:

PKCS7 pkcs7;
byte buffer[BUFFER_SIZE];
int ret;

// Initialize PKCS7 structure
wc_PKCS7_Init(&pkcs7, NULL, INVALID_DEVID);

// Set up certificate and key
pkcs7.cert = cert;
pkcs7.certSz = certSz;
pkcs7.privateKey = key;
pkcs7.privateKeySz = keySz;

// Begin streaming verification
ret = wc_PKCS7_VerifySignedData(&pkcs7, buffer, bufferSz);
if (ret != 0) {
    // Handle error
}

// Continue processing as needed

This approach allows applications to process and verify large or streaming PKCS7 data efficiently, without the need to load the entire content into memory.

Benefits

  • Efficiency: Reduces memory usage by processing data in chunks.
  • Flexibility: Supports a wider range of PKCS7 encoding scenarios, including those using indefinite lengths.
  • Standards Compliance: Aligns with BER encoding standards for PKCS7 structures.(GitHub)

These enhancements make wolfSSL more adaptable for applications requiring secure, real-time data processing.

If you have questiona about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

wolfSSL 5.8.0: Easier NXP SE050 Development with Automatic Key Deletion

The NXP EdgeLock SE050 is a popular secure element providing a strong root of trust for IoT devices, known for its “Plug & Trust” simplicity. wolfSSL has consistently supported the SE050, enabling robust hardware-based security for TLS, cloud onboarding, and data protection. However, managing cryptographic keys on secure elements during development can often be a cumbersome task.
With the release of wolfSSL 5.8.0, we’re excited to introduce enhancements that significantly streamline the developer experience with the NXP SE050, most notably a new feature for automatic key deletion.

Simplifying Key Management with Automatic Key Deletion

During development and testing, developers frequently create and discard numerous cryptographic keys. On the SE050, these keys occupy persistent storage slots. Without careful manual cleanup, the keystore can quickly fill up, leading to errors and slowing down progress.
The Solution: WOLFSSL_SE050_AUTO_ERASE
A key improvement in wolfSSL 5.8.0. is the introduction of the WOLFSSL_SE050_AUTO_ERASE preprocessor define. When wolfSSL is compiled with this option, any key generated on or loaded into the SE050 via wolfSSL will be automatically erased from the secure element when the corresponding wolfCrypt key object in your application is freed (e.g., via wc_ecc_free()).
Benefits for Developers:

  • Faster Iteration: Experiment freely without worrying about manual SE050 key cleanup.
  • Simplified Testing: Automated tests that generate keys on the SE050 become more robust, as the risk of a full keystore is minimized.
  • Reduced Clutter: Keeps the SE050 keystore clean from temporary development keys.
  • Focus on Application Logic: Spend more time on your core application and less on SE050 housekeeping during development.

This feature is a significant quality-of-life improvement, making the powerful SE050 even more accessible, especially during rapid prototyping and testing phases.

Complementary SE050 Refinements

Alongside this key management enhancement, wolfSSL 5.8.0 also includes other refinements to our SE050 implementation. While the automatic key deletion is a highlight for developer workflow, these additional contributions are vital for the overall stability and performance of wolfSSL’s SE050 support, ensuring a polished and reliable experience.

Why These Enhancements Matter

These improvements in wolfSSL 5.8.0 underscore our commitment to providing security solutions that are not only robust but also developer-friendly. By reducing friction in the development process, we empower you to build secure applications more efficiently.

Getting Started

  1. Download wolfSSL 5.8.0: Get the latest release from our download page.
  2. Enable Automatic Key Deletion: Compile wolfSSL with the WOLFSSL_SE050_AUTO_ERASE define. For example, using autoconf: ./configure –with-se050 CFLAGS=”-DWOLFSSL_SE050_AUTO_ERASE” This is an opt-in feature, ideal for development and testing builds.
  3. Consult Documentation: For full details on SE050 integration, refer to the README_SE050.md in the wolfSSL source (wolfcrypt/src/port/nxp/) and our examples in the wolfssl-examples repository.

Conclusion

The SE050 enhancements in wolfSSL 5.8.0, especially the automatic key deletion feature, make integrating hardware security with NXP’s SE050 smoother and more efficient. wolfSSL continues to provide cutting-edge security that is easy for developers to use.

We’re excited for you to try these new features and experience a more streamlined SE050 development workflow!
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Using secp256k1 with wolfSSL: A Step-by-Step Guide

Elliptic curve cryptography (ECC) is increasingly popular in secure communications, and secp256k1—famous for its use in Bitcoin and Blockchains—is a widely used curve. This blog post will walk you through building wolfSSL with support for secp256k1, generating an ECC certificate using that curve, and using it in a TLS connection with wolfSSL’s example client and server.


Step 1: Build wolfSSL with secp256k1 Support

Start by cloning the wolfSSL repository and building it with custom curve and certificate generation support:

# Download wolfssl from https://www.wolfssl.com/download/
cd wolfssl
./configure --enable-ecccustcurves=all --enable-keygen --enable-certgen --enable-certreq --enable-certext
make
sudo make install

Step 2: Generate a secp256k1 Certificate

Next, use the certgen example from wolfSSL’s examples repository.

git clone https://github.com/wolfssl/wolfssl-examples
cd wolfssl-examples/certgen

Modify the example for secp256k1

In certgen_example.c, modify the key generation line to explicitly use secp256k1:

- ret = wc_ecc_make_key(&rng, 32, &newKey);
+ ret = wc_ecc_make_key_ex(&rng, 32, &newKey, ECC_SECP256K1);

Add Key Output in PEM Format

To write the private key to a file, add the following block after certificate generation (be sure to add in proper error checks):

derBufSz = wc_EccKeyToDer(&newKey, derBuf, LARGE_TEMP_SZ);
pemBufSz = wc_DerToPem(derBuf, derBufSz, pemBuf, LARGE_TEMP_SZ, ECC_PRIVATEKEY_TYPE);
if (pemBufSz < 0) goto exit;

file = fopen("newCert.key", "wb");
if (!file) goto exit;
ret = (int)fwrite(pemBuf, 1, pemBufSz, file);
fclose(file);

Build and Run

make
./certgen_example

You should now have newCert.pem and newCert.key files using a secp256k1 key.


Step 3: Configure Client/Server for secp256k1

Go back to the wolfssl directory and modify the client example to explicitly support the secp256k1 curve:

+++ b/examples/client/client.c
@@ -3707,6 +3707,9 @@
     #endif
+
+    wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256K1);
+
 #if defined(HAVE_SUPPORTED_CURVES)

Run the Server and Client

Use the generated cert/key with the server, and run the client with a trusted CA cert:

./examples/server/server -d -c newCert.pem -k newCert.key

./examples/client/client -A ./certs/ca-ecc-cert.pem

If everything is set up correctly, you'll see output like:

SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256K1
I hear you fa shizzle!

You’ve just built wolfSSL with support for custom ECC curves, generated a certificate using secp256k1, and successfully used it in a TLS session. This setup is great for anyone integrating Bitcoin-style cryptography into embedded or resource-constrained systems using wolfSSL.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Announcing mcwolf: Classic McEliece Support with wolfSSL

We are excited to announce the creation of mcwolf, a new project that brings a Classic McEliece post-quantum cryptographic algorithm implementation and integration to wolfSSL. We would like to thank Daniel J. Bernstein for the integration work that went into mcwolf.

The mcwolf project is a series of scripts and patches against wolfSSL that adds support for Classic McEliece, a code-based post-quantum cryptographic algorithm that is deployed in various applications (see https://mceliece.org) and is under consideration for standardization by ISO. The project uses the official vec implementation of Classic McEliece, providing a portable solution that can be optimized for various platforms. This implementation vectorizes across 64-bit integers.

The project’s page can be found here.

Why Classic McEliece?

Post-quantum cryptographic algorithms like Classic McEliece are designed to resist attacks from both classical and quantum computers, ensuring long-term security for sensitive data.

Classic McEliece is particularly known for its:

  • Strong security foundations based on the well-studied McEliece cryptosystem with a long pedigree dating back to 1978
  • Relatively small ciphertext sizes compared to other post-quantum KEMs

Technical Details

The mcwolf project has several notable characteristics:

  • Uses the official vec implementation of Classic McEliece, which is portable across platforms
  • Includes comprehensive testing, with the same code being extensively tested in SUPERCOP and libmceliece

The implementation supports various parameter sets for Classic McEliece, including:

  • mceliece348864
  • mceliece348864pc
  • mceliece460896
  • mceliece460896pc
  • mceliece6688128
  • mceliece6688128pc
  • mceliece6960119
  • mceliece6960119pc
  • mceliece8192128
  • mceliece8192128pc

How to Build mcwolf

Building mcwolf is straightforward. Go to https://cr.yp.to/2025/20250426-mcwolf/notes.html and download the build script. Mark it as executable and run the script on your linux machine. You need curl, python3, git, autoconf, libtool and generic gcc build tools already installed.

The mcwolf implementation includes tests that are integrated into the existing testing framework. Here is some expected output:

 ...
 MCELIECE348864 test passed!
 MCELIECE460896 test passed!
 MCELIECE6688128 test passed!
 MCELIECE6960119 test passed!
 MCELIECE8192128 test passed!
 ...
------------------------------------------------------------------------------
  wolfSSL version 5.8.0
 ------------------------------------------------------------------------------
 Math: ??????Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c
 wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
 mceliece 348864  key gen   	100 ops took 4.492 sec, avg 44.922 ms, 22.261 ops/sec
 mceliece 348864	encap 	18100 ops took 1.005 sec, avg 0.056 ms, 18007.073 ops/sec
 mceliece 348864	decap  	6500 ops took 1.005 sec, avg 0.155 ms, 6466.727 ops/sec
 mceliece 460896  key gen   	100 ops took 14.307 sec, avg 143.068 ms, 6.990 ops/sec
 mceliece 460896	encap  	9800 ops took 1.005 sec, avg 0.103 ms, 9751.777 ops/sec
 mceliece 460896	decap  	2200 ops took 1.009 sec, avg 0.459 ms, 2180.508 ops/sec
 mceliece 6688128  key gen   	100 ops took 30.491 sec, avg 304.906 ms, 3.280 ops/sec
 mceliece 6688128	encap  	5900 ops took 1.007 sec, avg 0.171 ms, 5856.450 ops/sec
 mceliece 6688128	decap  	2000 ops took 1.001 sec, avg 0.500 ms, 1998.431 ops/sec
 mceliece 6960119  key gen   	100 ops took 27.325 sec, avg 273.249 ms, 3.660 ops/sec
 mceliece 6960119	encap  	6300 ops took 1.008 sec, avg 0.160 ms, 6248.913 ops/sec
 mceliece 6960119	decap  	2100 ops took 1.022 sec, avg 0.487 ms, 2055.315 ops/sec
 mceliece 8192128  key gen   	100 ops took 35.826 sec, avg 358.255 ms, 2.791 ops/sec
 mceliece 8192128	encap  	5500 ops took 1.001 sec, avg 0.182 ms, 5495.955 ops/sec
 mceliece 8192128	decap  	2100 ops took 1.044 sec, avg 0.497 ms, 2010.617 ops/sec

Conclusion

The mcwolf implementation brings another post-quantum cryptographic KEM to wolfSSL, helping to future-proof security-critical applications against the threat of quantum computing. We encourage the wider community to try out the mcwolf project!

From the wolfSSL team, we give our heart-felt thanks to Daniel J. Bernstein! Thank you Daniel!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Announcing STM32WBA Support in wolfSSL

We’re excited to announce that wolfSSL now officially supports the STM32WBA series of microcontrollers from STMicroelectronics! This addition broadens our commitment to providing lightweight, robust, and high-performance SSL/TLS solutions across a wide range of embedded platforms.

What is the STM32WBA Series?

The STM32WBA series is a family of ultra-low-power wireless microcontrollers designed to bring advanced Bluetooth® Low Energy (LE) connectivity to IoT and embedded devices. Built around the Arm Cortex-M33 core with TrustZone security and integrated radio, STM32WBA microcontrollers are optimized for secure, connected applications in healthcare, industrial, and smart home environments.

Why This Matters

By integrating wolfSSL with STM32WBA, developers now have:

  • Seamless TLS/SSL support for Bluetooth LE and IP-based connectivity.
  • Optimized performance with wolfSSL’s small footprint and STM32’s hardware acceleration features.
  • Ease of integration with STM32Cube ecosystem tools and examples to get started quickly.

Key Highlights:

  • Full TLS 1.3 and DTLS 1.3 support.
  • Hardware crypto acceleration using STM32WBA’s on-chip crypto engine.
  • Support for wolfCrypt’s entire crypto-suite (including Post-Quantum Cryptography).
  • Example projects for STM32CubeIDE and STM32CubeMX to simplify setup.

To explore wolfSSL on STM32WBA, check out our STM32 Cube Pack instructions and examples here.

For more information on wolfSSL and how it integrates with the STM32WBA, visit our documentation or reach out to our team at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL’s µITRON support and HSM integration

We have received many inquiries about wolfSSL’s µITRON support for years.
The fact that µITRON is used so widely by wolfSSL customers is unique to Japan, but wolfSSL supports µITRON in all wolfSSL products to meet the needs of Japanese customers.

ITRON is an RTOS specification definition, so it is available in many commercial versions, including the open source TOPPERS/ASP, eT-Kernel (eSOL), µC3 (eForce), NORTi (MISPO), and many others. There are also cases where companies have developed their own µITRON-compliant RTOS and are using it, and there are many derivative versions of µITRON that have their own functional enhancements and specification changes.

wolfSSL supports all µITRON versions, including these derivatives.
wolfBoot is available for secure boot, and wolfHSM is available for more robust systems using HSMs (hardware security modules), which have recently been gaining attention.

HSM is a technology that isolates the root of trust functions, such as signature verification and encryption processing, into a physically independent processor or isolated execution context, dramatically improving the security of encryption keys and encryption processing. While HSM’s may make it easier to achieve physical robust security, there is also the issue that the functions such as encryption algorithms provided by the HSM processor are limited. wolfHSM is a framework that makes it possible to expand the encryption algorithm functions as needed by integrating software encryption processing with the basic functions provided by such chips. It is also possible to use the latest quantum-resistant encryption algorithms developed by wolfSSL, as well as algorithms such as SM2, SM3, and SM4.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 8 9 10