Category: wolfSSL/ wolfCrypt

wolfSSL Support for STM32G4

wolfSSL now has support for STM32G4 microcontrollers. With new features that enable better performance and flexibility for cryptographic operations on STM32G4 hardware. Below is a summary of the key changes and updates that were made in PR #7997:

Key Changes and Features

  1. User Settings Synchronization:
    The `user_settings_stm32.h` configuration file has been synchronized with the STM32Cube IDE’s `default_conf.ftl`. This ensures that the configurations are up to date and consistent with the STM32G4 environment.
  2. New Configuration Options:
    WOLF_CONF_IO: This option allows the user to select the network stack to use.
    Options include:

    • 1 = User IO (custom)
    • 2 = LWIP (POSIX)
    • 3 = LWIP (native )

    WOLF_CONF_RESUMPTION: This option controls session caching and session ticket functionality.

    • 0 = No session cache
    • 1 = Session cache / Session tickets

    WOLF_CONF_TPM: Enables TPM support, which adds Crypto Callbacks, Public MP, and AES CFB support.
    WOLF_CONF_PK: TLS Key Callbacks fir better key management in cryptographic operations.
    WOLF_CONF_AESGCM: Support for AES GCM encryption modes with:

    • 1 = GCM_SMALL
    • 2 = GCM_TABLE_4BIT

Testing

The code was compiled in STM32CubeIDE for STM32G491x, but no hardware was available for testing at the time. Tests have been run with essential hardware features, including:

  • – RTC
  • – RNG
  • – LPUART1
  • – ARM ASM

Conclusion

wolfSSL now supports STM32G4 microcontrollers, which has custom IO, session caching, TPM support, and AES GCM support. If you have any further questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

wolfSSL Supports TSIP v1.21

wolfSSL 5.7.4 adds support for Renesas TSIP v1.21 on RX72N and RX65N platform. The RX72N and RX65N are the flagship models of RX series, using a 32-bit, 240 MHz on RX72N, and 120 MHz on RX65N. Using the TSIP driver, wolfSSL can offload supported cryptographic and TLS operations on the underlying Renesas hardware for increased performance. TSIP v1.21 is the latest version released in 2024. By updating the driver, it offers better performance and stability than previous versions.

Check out wolfSSL Renesas TSIP support here.

Example applications for Renesas RX series MCUs with Renesas IDE e2studio project files are provided in the wolfSSL package, included in the /IDE/Renesas/e2studio/RXxx folders. Detailed instruction manuals written both in English and Japanese will help you get started with wolfSSL on these platforms quickly.

If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

New Year New Release: Introducing wolfSSL 5.7.6

Welcome 2025 with boundless possibilities and stronger security! We are excited to introduce wolfSSL 5.7.6, the latest update in open-source cybersecurity! Designed with the cleanest code, this release is packed with exciting enhancements:

  • Expanded Hardware Support: wolfSSL hardware support now includes RP2350 and STM32MP135F, with enhanced capabilities for RP2040 and Renesas TSIP.
  • Enhanced APIs: APIs introduced for simplified Curve25519 key decoding, stateless DTLS CID on the server side, and CRL callbacks.
  • Post-Quantum Cryptography Advances: Updated Post-Quantum ML-DSA features include parsing security levels from the DER encoding and expanded build options.

Dive into the ChangeLog for complete details on what wolfSSL 5.7.6 has to offer and start your year with a solution that works seamlessly right out of the box!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Improved OCSP Support in wolfSSL

wolfSSL has recently made important improvements to its Online Certificate Status Protocol (OCSP) support. A recent fix in pull request #7779 addresses an issue where the OCSP request was incorrectly freed when saved in ssl->ctx->certOcspRequest. This update ensures that the OCSP request is properly retained, enhancing the stability and reliability of certificate status checking.

In addition to OCSP, we also fully support Certificate Revocation Lists (CRL). However, OCSP is the preferred method for real-time certificate status validation. OCSP provides a more efficient and timely approach to checking certificate revocation status and remains a key feature of our SSL/TLS library.

These updates reflect wolfSSL’s ongoing commitment to providing secure, efficient SSL/TLS solutions with robust certificate validation features. To learn more about wolfSSL’s OCSP support, visit our OCSP page.

If you have questions or need assistance, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

Boost DES and 3DES ECB Performance with NXP’s MMCAU in wolfSSL

Starting in wolfSSL 5.7.4, it is now supported to use NXP’s MMCAU hardware accelerator to handle DES and 3DES ECB Crypto Operations. This addition to the MMCAU hardware port can be seen in PR #7960.

The MMCAU can be used to speed up other cryptography algorithms in wolfSSL like:

  • AES – 128/192/256
  • MD5
  • SHA – 1
  • SHA – 256

To see more about our support with NXP hardware check out our NXP hardware page or if you want to evaluate wolfSSL 5.7.4 you can download that here!

Have questions about using NXP’s hardware with wolfSSL? If so, send us an email at facts@wolfssl.com or call us at +1 425 245 8247.

Download wolfSSL Now

Enhancing Realm Database Security with wolfSSL

Are you looking to add FIPS 140-3 certified cryptography to your Realm database? wolfSSL has you covered!

We’ve successfully integrated wolfSSL into Realm, providing you with robust TLS and cryptographic functionality. A version tested on Linux is available, and we can also help you enable support for platforms like Android and iOS upon request.

Getting Started with Realm and wolfSSL

To start using wolfSSL with Realm, follow these steps:

Configure wolfSSL:

./configure --enable-static --enable-opensslall --enable-enckeys --enable-certgen --enable-context-extra-user-data
sudo make install

Optionally, specify the installation directory with --prefix=/path/to/install.

Download and patch Realm Core:

git clone https://github.com/realm/realm-core.git
cd realm-core
git checkout a5e87a39
git submodule update --init --recursive

Applying the Patch to support wolfSSL:

git apply ../realm-v13.26.0.patch

You can obtain the patch from wolfSSL/osp/realm directory

Build Realm Core with wolfSSL:

mkdir build
cmake -B build -DREALM_ENABLE_ENCRYPTION=1 -DREALM_USE_WOLFSSL=1 -DREALM_WOLFSSL_ROOT_DIR=/usr/local/lib
cmake --build build
./build/test/realm-tests

If you’d like to secure your Realm app with wolfSSL or need support for other platforms, reach out to us at facts@wolfSSL.com or call us at +1 425 245 8247.

Stay secure with wolfSSL and Realm!

Download wolfSSL Now

Getting Started with wolfSSL using Visual Studio 2022

It’s never been easier to get started with wolfSSL on Microsoft Windows using Visual Studio 2022!

New VS2022-specific project and solutions files have been created for both the wolfssl/wolfcrypt core library, as well as the test and benchmark examples. These files are available immediately on GitHub and are included in the recent release.

For long term customers and backward-compatibility, we’ve had older versions of Visual Studio that generally would update to whatever latest version might be installed. See our blog post here.

Now with the new VS 2022 files, no more manual adjustments are needed. The project files work immediately out of the box. Just open the project file and click the run button.

Let’s say you’ve just cloned the latest version of wolfSSL from GitHub in your C:\workspace directory:

git clone https://github.com/wolfSSL/wolfssl

The test and benchmark examples also include a vcxproj.user file that aids in pointing the working directory of the project to the root-level wolfSSL to easily find the compiled binary.

To get started with the examples, simply navigate to the wolfCrypt benchmark directory:

C:\workspace\wolfssl\wolfcrypt\benchmark

and open either the benchmark-VS2022.vcxproj project or benchmark-VS2022.sln solution files in Visual Studio 2022.

If you happen to be one of the Windows developers that also uses WSL, you may occasionally see an oddity in Visual Studio’s equivalent of git status as compared to the result from the WSL prompt. The issue is the way Windows might handle file permissions that differ between Windows and Linux when the same file system is shared (e.g. C:\workspace vs /mnt/c/workspace), causing Visual Studio to detect modified files even though there’s no apparent text change. One way to fix this is with this git command:

git config core.fileMode false

Visual Studio may need to be re-launched if it was already already running when the command was entered in a WSL prompt.

When using wolfSSL on Windows, it is a common practice to use a user_settings.h file. There’s an example in the wolfssl/IDE/WIN directory:

https://github.com/wolfSSL/wolfssl/blob/master/IDE/WIN/user_settings.h

The wolfCrypt Benchmark and wolfCrypt Test applications can also be used as reference examples.

Note the beginning of the benchmark.c file. It uses a common pattern of including the wolfssl library:

#ifdef HAVE_CONFIG_H
    #include 
#endif

#ifndef WOLFSSL_USER_SETTINGS
    #include 
#endif
#include  /* also picks up user_settings.h */

It is important to define the c-compiler preprocessor definition: WOLFSSL_USER_SETTINGS

The #include <wolfssl/wolfcrypt/settings.h> should be listed before any other wolfSSL headers are included. The user_settings.h is included in the settings.h file. The user_settings.h should never be explicitly included in any other source code header.

Beyond the Benchmark and Test Examples

Do you have a project and you’d like to add the wolfssl library? Right-click on the solution file and select “Add – Existing Project…”:

Navigate to the root directory of your wolfSSL source code and add the wolfssl-VS2022.vcxproj file to your solution.

Be sure to also add a reference to each project that will use the wolfssl library. Right click on “references” and add check the “wolfssl” project:

Depending on the directory structure and relative location of the project, the path to the wolfssl source code headers will likely need to be added to the Additional Include Directories. The typical example will be at least for the root directory:

C:/workspace/wolfssl

And oftentimes the user_settings.h as well, shown here in the example IDE/Win directory:

C:/workspace/wolfssl/IDE/Win

The example property page would look like this:

That’s it! Simply build and run the project.

Reorganization Coming Soon

Visual Studio project and solution files will soon be moved to the .\IDE\VS2010.\IDE\VS2022 directories.

The FIPS-related builds currently interspersed in other directories will soon be consolidated and moved to a new .\IDE-FIPS directory. See PR #8126.

For more information:

Post Quantum

Do you have code that can be upgraded to Post Quantum? See our recent blog.

FIPS Certified!

When you are ready to move on to the next step, wolfSSL will be there for you! Need to have your project NIST Certified? Recently we announced that wolfSSL is the First in the World to offer FIPS 140–3 Automated Submission with our NIST Certificate #4718.

For more details, see our blog What is FIPS (long version).

Find out more:

If you have any feedback, questions, or require support, please don’t hesitate to reach out to us via facts@wolfSSL.com, call us at +1 425 245 8247, or open an issue on GitHub.

Download wolfSSL Now

Versal Support

Did you know that wolfSSL has been ported to and tested on Xilinx Versal hardware? There is support also in wolfSSL to make use of the Xilinx hardened crypto, enhancing both security and performance. Xilinx hardened crypto has accelerated crypto operations (SHA3-384 / AES-GCM / RSA / ECDSA) available on Ultrascale+ devices and is available for use with the latest and greatest Versal boards. wolfSSL makes these calls using the API from Xilinx’s XilSecure library (https://github.com/Xilinx/embeddedsw/tree/master/lib/sw_services/xilsecure) and with the addition of Versal there was minor changes to the existing calls to make use of the new features available (ECC / RNG / AES-GCM with AAD). When benchmarking we saw well over a Gigabyte per second with AES-GCM operations in our demo and improvements in performance of RSA, ECDSA, and SHA3-384 over software only implementations.

A previous white paper going into the setup and use of wolfSSL on older Ultrascale+ devices with Xilinx hardened crypto can be found here (https://docs.xilinx.com/v/u/en-US/wp512-accel-crypto). The support for Versal along with a README can be found in the wolfSSL bundle located in IDE/XilinxSDK/.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Changes In wolfSSL for ARM Thumb-2 Builds

With wolfSSL release 5.7.4 we added the macro WOLFSSL_ARMASM_THUMB2. This macro can be defined to enable Thumb-2 ARM instruction optimizations and replaces the previous attempted autodetect on the macros __arm__ and __thumb__. Giving users complete control over which ARM assembly optimizations are compiled and used.

When building for Thumb-2 the source files beginning with thumb2-* should additionally be compiled in. If WOLFSSL_ARMASM_THUMB2 is not used then the armv8-32-* files will be used. These files are located in wolfcrypt/src/port/arm/.

The benefit of now having WOLFSSL_ARMASM_THUMB2 is that users can place all files in wolfcrypt/src/port/arm/ to be compiled and use the macro gate for selecting if the Thumb-2 section is optionally compiled or ARM32 implementation is. The armv8-32- code is very similar to the thumb2- code, but Thumb-2 is smaller in size.

For assistance with ARM optimization builds contact us at support@wolfSSL.com.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Switching to wolfCrypt’s Implementations of Post-Quantum Algorithms

Have you been trying out post-quantum algorithms in wolfSSL’s products? As you probably know, here at wolfSSL we have a step-wise approach to post-quantum algorithm integration:

  1. Define an API in wolfCrypt.
  2. Do an integration with an existing reference implementation (ie.: liboqs, PQM4, hash-sigs liblms, xmss-reference).
  3. Use these APIs in higher level libraries and products (ie.: wolfssl, wolfssh, wolfmqtt, wolfboot) to implement features.
  4. Invest the time and effort to write and optimize our own production grade implementation of the algorithm.

For LMS, XMSS, ML-KEM and ML-DSA the time has finally come to switch to using wolfSSL’s implementations of these algorithms. It’s very simple to do so. If you are using any of the following configure-time flags simply remove them from your configure command-line:

--with-liblms
--with-libxmms
--with-liboqs

Then ensure you are enabling the relevant algorithm that you are interested in. Relevant flags are:

--enable-xmss
--enable-lms
--enable-dilithium
--enable-kyber

Once this is done, you will be using our professionally optimized and tested implementations of post-quantum algorithms.

If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.

Download wolfSSL Now

Posts navigation

1 2 3 4 5 6 7 8 9 10