We’re thrilled to announce a new feature in wolfSSL 5.8.0: the ability to offload Extended Master Secret (EMS) generation to hardware, introduced in Pull Request #8303. Integrated into `–enable-pkcallbacks –enable-extended-master` builds, this enhancement empowers developers to leverage Trusted Execution Environments (TEEs) or custom hardware for EMS generation, boosting security and performance in TLS sessions. This […]
Read MoreMore TagCategory: wolfSSL/ wolfCrypt
Expired Test Certificate: baltimore-cybertrust-root.pem and make check Failures
On May 12th, 2025, the test certificate baltimore-cybertrust-root.pem expired. This may cause issues with the test cases run during make check with wolfSSL builds that do not use the OpenSSL compatibility layer and have a filesystem enabled. One of the unit tests attempts to load all Certificate Authorities (CAs) from the certs/external directory, which previously […]
Read MoreMore TagwolfSSL Enhances PKCS7 Streaming Support with Indefinite Length Handling
wolfSSL has extended its PKCS7 capabilities to better handle indefinite length encodings, particularly in streaming scenarios. While basic support for indefinite length verification existed, recent updates have refined the wc_PKCS7_VerifySignedData() API to process multipart and indefinite length content more efficiently in a streaming manner.(wolfSSL) Key Enhancements Streaming Verification: The wc_PKCS7_VerifySignedData() function now supports verifying PKCS7 […]
Read MoreMore TagwolfSSL 5.8.0: Easier NXP SE050 Development with Automatic Key Deletion
The NXP EdgeLock SE050 is a popular secure element providing a strong root of trust for IoT devices, known for its “Plug & Trust” simplicity. wolfSSL has consistently supported the SE050, enabling robust hardware-based security for TLS, cloud onboarding, and data protection. However, managing cryptographic keys on secure elements during development can often be a […]
Read MoreMore TagUsing secp256k1 with wolfSSL: A Step-by-Step Guide
Elliptic curve cryptography (ECC) is increasingly popular in secure communications, and secp256k1—famous for its use in Bitcoin and Blockchains—is a widely used curve. This blog post will walk you through building wolfSSL with support for secp256k1, generating an ECC certificate using that curve, and using it in a TLS connection with wolfSSL’s example client and […]
Read MoreMore TagAnnouncing mcwolf: Classic McEliece Support with wolfSSL
We are excited to announce the creation of mcwolf, a new project that brings a Classic McEliece post-quantum cryptographic algorithm implementation and integration to wolfSSL. We would like to thank Daniel J. Bernstein for the integration work that went into mcwolf. The mcwolf project is a series of scripts and patches against wolfSSL that adds […]
Read MoreMore TagAnnouncing STM32WBA Support in wolfSSL
We’re excited to announce that wolfSSL now officially supports the STM32WBA series of microcontrollers from STMicroelectronics! This addition broadens our commitment to providing lightweight, robust, and high-performance SSL/TLS solutions across a wide range of embedded platforms. What is the STM32WBA Series? The STM32WBA series is a family of ultra-low-power wireless microcontrollers designed to bring advanced […]
Read MoreMore TagwolfSSL’s µITRON support and HSM integration
We have received many inquiries about wolfSSL’s µITRON support for years. The fact that µITRON is used so widely by wolfSSL customers is unique to Japan, but wolfSSL supports µITRON in all wolfSSL products to meet the needs of Japanese customers. ITRON is an RTOS specification definition, so it is available in many commercial versions, […]
Read MoreMore TagPost-Quantum Benchmark Comparison: ML-KEM wolfSSL 5.8.0 vs. OpenSSL 3.5
Recently, both OpenSSL 3.5 and wolfSSL 5.8.0 have been released. We thought we’d run some benchmarks on an x86_64 Linux PC. Note: output has been edited for brevity and clarity. OpenSSL Configuration and build: $ ./Configure $ make all Benchmarking Output: 47317 ML-KEM-512 KEM keygen ops in 0.99s 72114 ML-KEM-512 KEM encaps ops in 1.00s […]
Read MoreMore TagHybrid Post-Quantum Key Exchange in wolfSSL 5.8.0
Release 5.8.0 of our wolfSSL library implements hybrid key exchange algorithms that combine conventional elliptic curve cryptography with post-quantum key encapsulation mechanisms (KEMs). New Hybrid Groups: Combining elliptic curves (SECP256/384/521, X25519, X448) with ML-KEM. This provides compatibility with Chromium and other organizations that are together with wolfSSL leading the way in post-quantum migration. Some of […]
Read MoreMore Tag