My question is: How can I configure wolfSSL to use my platform’s hardware TRNG instead of the default RNG implementation?

Any guidance or examples would be greatly appreciated.

Thank you!

Thank you.

    ret = wolfSSL_read(Pt_ssl, A_prcl_msd_m1_m1s_data_link_rx_buffer, sizeof(A_prcl_msd_m1_m1s_data_link_rx_buffer)-1);
    err = wolfSSL_get_error(Pt_ssl, ret);

Our receive callback is like this and works fine

wolfSSL_CTX_SetIORecv(Pt_ctx, PRCL_MSD_M1_M1S_DLINK_uartIORx);

/*!
* \brief   WolfSSL receive callback
* \dotfile PRCL_MSD_M1_M1S_DLINK_uartIORx.dot
* \ingroup MSD_M1_M1S_PROTOCOL_DATA_LINK
*/
static int PRCL_MSD_M1_M1S_DLINK_uartIORx(WOLFSSL *ssl, char *buf, const int sz, void *ctx)
{
    bool b_message_received;
    static int8_t * p_data_received_buf;
    static int32_t total_amount_data_rcv = 0;
    int32_t bytes_available_fifo = 0;
    int32_t bytes_to_read;
    int32_t bytes_read;

    b_message_received = MDL_USARTS_Check_end_reception(USART_MSD_COMMS);

    if (b_message_received == TRUE)
    {
        total_amount_data_rcv = MDL_USARTS_Get_DMA_amount_of_rx_data(USART_MSD_COMMS);
        MDL_USARTS_Reset_DMA_amount_of_rx_data(USART_MSD_COMMS);

        MDL_USARTS_Start_receive(USART_MSD_COMMS);

        p_data_received_buf = (int8_t*)MDL_USARTS_Get_receive_buffer(USART_MSD_COMMS);
        MDL_CIRC_FIFO_Fifo_push_buf(&T_wolfSSL_rx_fifo, (uint8_t *)p_data_received_buf, total_amount_data_rcv);
    }

    bytes_available_fifo = MDL_CIRC_FIFO_Fifo_used_size(&T_wolfSSL_rx_fifo);

    if (bytes_available_fifo > 0)
    {
        DEBUG_PRINTF("FIFO used: %d, DMA received: %d\r\n", bytes_available_fifo, total_amount_data_rcv);
        bytes_to_read = (bytes_available_fifo < sz) ? bytes_available_fifo : sz;
        bytes_read        = MDL_CIRC_FIFO_Fifo_pop_buf(&T_wolfSSL_rx_fifo, (uint8_t *)buf, bytes_to_read);
        return bytes_read;
    }
    else
    {
        return WOLFSSL_CBIO_ERR_WANT_READ;
    }

}

Does anyone has any suggestion?
Many Thanks,
Edoardo

I'm trying to use wolfSSL with AF_ALG on an ARM32 platform (Microchip SAMA5D2, Cortex-A5) to get hardware-accelerated AES-GCM for TLS. The goal is to offload bulk encryption to hardware while keeping certificate verification in software.

When I enable `--enable-afalg`, all certificate verification fails with error -155 (`ASN_SIG_CONFIRM_E`)

What we have:
- wolfSSL 5.8.4 (also tested 5.7.2)
- libcurl 8.18.0
- Linux with musl libc (Buildroot)
- hardware: Atmel AES via AF_ALG (`atmel-gcm-aes` driver)

Platform details:
- Microchip SAMA5D2 (ARM Cortex-A5)
- Linux 6.x, musl libc, Buildroot

Configure (minimal reproduction):

./configure --enable-curl --enable-afalg

What happens

$ curl https://www.google.com
SSL_connect failed with error -155: ASN sig error, confirm failure

This affects every HTTPS site

Hardware AES is working if we skip the certificate verification

$ grep -i aes /proc/interrupts
157:          3  atmel-aic5   9 Level     atmel-aes

$ curl -k https://www.google.com   # skip verification
(succeeds, returns HTTP 200)

$ grep -i aes /proc/interrupts
157:         57  atmel-aic5   9 Level     atmel-aes

The AES interrupt count jumped from 3 to 57 during that connection. So AF_ALG AES-GCM is working for data encryption. It's only the certificate verification that breaks.

What I've tried (all fail with -155):
- Minimal config: just `--enable-curl --enable-afalg`
- wolfSSL 5.7.2 and 5.8.4
- SP math (default on ARM) vs TFM (`--enable-fastmath`)
- With and without `WOLFSSL_AFALG_HASH`
- libcurl 8.15.0 and 8.18.0

What works:
- `--enable-all` without `--enable-afalg` - certificates verify fine
- `--enable-curl` without `--enable-afalg` - certificates verify fine
- Basically anything WITHOUT `--enable-afalg`

Questions:
1. Has anyone successfully used `--enable-afalg` on ARM32 with certificate verification?
2. Is there a known issue with AF_ALG + curl on ARM?
3. Any suggestions for debugging this further?

I am keen to get hardware AES working since as we are pushing the boundaries of the CPU for our application.

Thanks for any help.

I am using TM4C129X MCU + FreeRTOS TCP+ Wolfssll 5.8.4

i am facing -125 error for this api
wolfSSL_CTX_load_verify_buffer(ctx, (const unsigned char*)ca_cert_pem, strlen(ca_cert_pem), WOLFSSL_FILETYPE_PEM);

Her is my user-settings.h file
/*
* user_settings.h
*
*  Created on: 11-Feb-2026
*      Author: chira
*/
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#ifdef __cplusplus
extern "C" {
#endif

/* ===================================================== */
/* Platform */
/* ===================================================== */
#define FREERTOS_TCP
#define SINGLE_THREADED
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_USER_IO

/* Required for TI CGT */
#define NO_INLINE

/* ===================================================== */
/* TLS Configuration */
/* ===================================================== */

#define WOLFSSL_TLS12
#define WOLFSSL_NO_TLS13

#define NO_OLD_TLS
#define NO_SESSION_CACHE
#define NO_WOLFSSL_SERVER   /* Client only */
#define HAVE_SNI

/* ===================================================== */
/* Disable Unused Crypto */
/* ===================================================== */

//#define NO_RSA
#define NO_DH
#define NO_DSA
#define NO_DES3
#define NO_RC4
#define NO_MD4
#define NO_PSK
#define NO_FILESYSTEM
#define NO_WRITEV

/* ===================================================== */
/* ECC (Only curve secp256r1) */
/* ===================================================== */

#define HAVE_ECC
#define ECC_USER_CURVES
#undef NO_ECC256

#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT

/* ===================================================== */
/* AES */
/* ===================================================== */

#define HAVE_AES_CBC
#define HAVE_AESGCM
#define GCM_SMALL

/* ===================================================== */
/* Hash */
/* ===================================================== */

//#define NO_SHA
/* Keep SHA enabled */
#define NO_MD5
#define WOLFSSL_SHA256

/* ===================================================== */
/* Math */
/* ===================================================== */

#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define FP_MAX_BITS 4096

/* ===================================================== */
/* Memory */
/* ===================================================== */

//#define NO_WOLFSSL_MEMORY   /* use malloc/free */
// #define WOLFSSL_STATIC_MEMORY
// #define WOLFSSL_NO_MALLOC

/* ===================================================== */
/* RNG */
/* ===================================================== */

#define HAVE_HASHDRBG

//extern unsigned int my_rng_seed_gen(void);
//#define CUSTOM_RAND_GENERATE my_rng_seed_gen

/* ===================================================== */
/* Misc */
/* ===================================================== */

#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES

#define HAVE_CERTS
#define WOLFSSL_BASE64_ENCODE
#define WOLFSSL_ASN
#define HAVE_X509

#define WOLFSSL_USER_CURRTIME
#define XTIME time

#ifdef __cplusplus
}
#endif

#endif /* THIRD_PARTY_USER_SETTINGS_H_ */

please guide me where i am getting wrong and also i am attaching my code

Regards
Chiranth Murthy

Description
I am using DTLS 1.3 with TLS_SHA384_SHA384 (integrity only, NULL cipher)
In this case when the BuildTls13Nonce gets executed, the seq_offset calculated as follows:

int seq_offset = AEAD_NONCE_SZ - SEQ_SZ;

According to my understanding, the seq_offset is variable and should depend on the size of the HMAC Nonce.
In wolfssl this is called HMAC_NONCE_SZ

Explanation:

According to Section 5.3 ("Per-Record Nonce") of RFC 8446 (https://www.rfc-editor.org/rfc/rfc8446#section-5.3):

"The resulting quantity (of length iv_length) is used as the
per-record nonce."

This means that the nonce has to be the same length as the IV.

According to Section 6 ("Key Schedule when Using Integrity-Only Cipher Suites") of RFC 9150 (https://www.rfc-editor.org/rfc/rfc9150.html#section-6), the IV length of TLS_SHA384_SHA384 is 48.

Therefore, these two combined mean that the nonce length in case of TLS_SHA384_SHA384 shall be 48.

See also:  https://github.com/wolfSSL/wolfssl/issues/9757

#ifdef WOLFSSL_TLS13
i (ssl.options.tls1_3) {
return wolfSSL_connect_TLSv13(ssl);
}
#endif

the macro causes the if statement to be called but it fails and wolfSSL_connect_TLSv13(ssL) is not called presumably leading to a version error on the server side. My question is where is ssl.options.tls1_3 set to 1? If it is not explicitly set and just inherits the ctx.options field then where is that happening? I have "--enabled-tls13" as well as set ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())) == NULL.
I do want to add when I set both server and client to tls 1.2 methods the connection works.
Below is my options.h configuration.

ifdef WOLFSSL_NO_OPTIONS_H
/* options.h inhibited by configuration */
#elif !defined(WOLFSSL_OPTIONS_H)
#define WOLFSSL_OPTIONS_H

#ifdef __cplusplus
extern "C" {
#endif

#undef  WOLFSSL_HAVE_ATOMIC_H
#define WOLFSSL_HAVE_ATOMIC_H

#undef  WOLFSSL_HAVE_ASSERT_H
#define WOLFSSL_HAVE_ASSERT_H

#undef  HAVE_C___ATOMIC
#define HAVE_C___ATOMIC 1

#undef  HAVE_THREAD_LS
#define HAVE_THREAD_LS

#undef  DEBUG_WOLFSSL
#define DEBUG_WOLFSSL

#undef  WOLFSSL_DEBUG_CODEPOINTS
#define WOLFSSL_DEBUG_CODEPOINTS

#undef  WOLFSSL_DEBUG_TRACE_ERROR_CODES
#define WOLFSSL_DEBUG_TRACE_ERROR_CODES

#undef  NO_DO178
#define NO_DO178

#undef  WOLFSSL_X86_64_BUILD
#define WOLFSSL_X86_64_BUILD

#undef  WOLFSSL_ASN_TEMPLATE
#define WOLFSSL_ASN_TEMPLATE

#undef  ERROR_QUEUE_PER_THREAD
#define ERROR_QUEUE_PER_THREAD

#undef  TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT

#undef  ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT

#undef  WC_RSA_BLINDING
#define WC_RSA_BLINDING

#undef  WOLFSSL_ARMASM_NO_HW_CRYPTO
#define WOLFSSL_ARMASM_NO_HW_CRYPTO

#undef  WOLFSSL_USE_ALIGN
#define WOLFSSL_USE_ALIGN

#undef  WOLFSSL_SHA224
#define WOLFSSL_SHA224

#undef  WOLFSSL_SHA512
#define WOLFSSL_SHA512

#undef  WOLFSSL_SHA384
#define WOLFSSL_SHA384

#undef  HAVE_HKDF
#define HAVE_HKDF

#undef  HAVE_ECC
#define HAVE_ECC

#undef  ECC_SHAMIR
#define ECC_SHAMIR

#undef  ECC_MIN_KEY_SZ
#define ECC_MIN_KEY_SZ 224

#undef  HAVE_ECC_BRAINPOOL
#define HAVE_ECC_BRAINPOOL

#undef  HAVE_ECC_ENCRYPT
#define HAVE_ECC_ENCRYPT

#undef  NO_OLD_TLS
#define NO_OLD_TLS

#undef  WC_RSA_PSS
#define WC_RSA_PSS

#undef  WOLFSSL_PSS_LONG_SALT
#define WOLFSSL_PSS_LONG_SALT

#undef  WOLFSSL_ASN_PRINT
#define WOLFSSL_ASN_PRINT

#undef  WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE

#undef  WOLFSSL_CUSTOM_CURVES
#define WOLFSSL_CUSTOM_CURVES

#undef  HAVE_ECC_SECPR2
#define HAVE_ECC_SECPR2

#undef  HAVE_ECC_SECPR3
#define HAVE_ECC_SECPR3

#undef  HAVE_ECC_BRAINPOOL
#define HAVE_ECC_BRAINPOOL

#undef  HAVE_ECC_KOBLITZ
#define HAVE_ECC_KOBLITZ

#undef  HAVE_ECC_CDH
#define HAVE_ECC_CDH

#undef  WOLFSSL_SHA3
#define WOLFSSL_SHA3

#undef  WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE128

#undef  WOLFSSL_NO_SHAKE256
#define WOLFSSL_NO_SHAKE256

#undef  HAVE_POLY1305
#define HAVE_POLY1305

#undef  HAVE_CHACHA
#define HAVE_CHACHA

#undef  HAVE_HASHDRBG
#define HAVE_HASHDRBG

#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS

#undef  HAVE_SNI
#define HAVE_SNI

#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS

#undef  HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES

#undef  HAVE_FFDHE_2048
#define HAVE_FFDHE_2048

#undef  HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES

#undef  WOLFSSL_TLS13
#define WOLFSSL_TLS13

#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS

#undef  HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER

#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS

#undef  HAVE_SNI
#define HAVE_SNI

#undef  HAVE_MAX_FRAGMENT
#define HAVE_MAX_FRAGMENT

#undef  HAVE_TRUNCATED_HMAC
#define HAVE_TRUNCATED_HMAC

#undef  HAVE_ALPN
#define HAVE_ALPN

#undef  HAVE_TRUSTED_CA
#define HAVE_TRUSTED_CA

#undef  HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES

#undef  NO_RC4
#define NO_RC4

#undef  HAVE_ENCRYPT_THEN_MAC
#define HAVE_ENCRYPT_THEN_MAC

#undef  NO_PSK
#define NO_PSK

#undef  NO_MD4
#define NO_MD4

#undef  WOLFSSL_ENCRYPTED_KEYS
#define WOLFSSL_ENCRYPTED_KEYS

#undef  HAVE_PKCS11
#define HAVE_PKCS11

#undef  HAVE_WOLF_BIGINT
#define HAVE_WOLF_BIGINT

#undef  WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_MATH_ALL

#undef  WOLFSSL_SP_X86_64
#define WOLFSSL_SP_X86_64

#undef  WOLF_CRYPTO_CB
#define WOLF_CRYPTO_CB

#undef  WC_NO_ASYNC_THREADING
#define WC_NO_ASYNC_THREADING

#undef  HAVE_DH_DEFAULT_PARAMS
#define HAVE_DH_DEFAULT_PARAMS

#undef  HAVE_CURVE25519
#define HAVE_CURVE25519

#undef  HAVE_ED25519
#define HAVE_ED25519

#undef  WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_SYS_CA_CERTS

#undef  OPENSSL_EXTRA
#define OPENSSL_EXTRA

#undef  NO_DES3
#define NO_DES3

#undef  NO_DES3_TLS_SUITES
#define NO_DES3_TLS_SUITES

#undef  GCM_TABLE_4BIT
#define GCM_TABLE_4BIT

#undef  HAVE_AESGCM
#define HAVE_AESGCM

#undef  WOLFSSL_AESGCM_STREAM
#define WOLFSSL_AESGCM_STREAM

#undef  HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS

#undef  HAVE_SERVER_RENEGOTIATION_INFO
#define HAVE_SERVER_RENEGOTIATION_INFO

#undef  HAVE___UINT128_T
#define HAVE___UINT128_T 1

#undef  HAVE_GETPID
#define HAVE_GETPID 1

#undef  HAVE_WC_INTROSPECTION
#define HAVE_WC_INTROSPECTION

#ifdef __cplusplus
}
#endif

#endif /* WOLFSSL_OPTIONS_H */

The wolfssl_AES_CTR example included in the library compiles with no issues for Teensy Micromod, but not for Teensy 4.1 ?

This would compiile for both Teensy models on the earlier wolfssl 5.7.6 library last year, so this is somewhat puzzling. See attached the compilation output.

What could be causing this?

TIA

I am struggling to set up the correct defines to activate this algorithms for TLS:

#define WOLFSSL_HAVE_KYBER
//#define HAVE_DILITHIUM
//#define WOLFSSL_DILITHIUM_SMALL
#define HAVE_DILITHIUM_LEVEL5
//#define WOLFSSL_PQC_ONLY
#define NO_ECC
//#define WOLFSSL_MLKEM
//#define WOLFSSL_MLKEM_KYBER
#define WOLFSSL_WC_DILITHIUM
#define WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHA3
#define WOLFSSL_WC_MLKEM
//#define HAVE_LIBOQS
//#define WOLFSSL_EXPERIMENTAL_SETTINGS

.

I get quite many errors, because something is missing.

ie:
        extension_type=supported_groups(10), length=12
          secp521r1 (P-521) (25)
          secp384r1 (P-384) (24)
          secp256r1 (P-256) (23)
          secp224r1 (P-224) (21)

How are these enabled?
Is there a document indicating what compile options are required for each cipher?

I found the ECH functions in `src/ssl.c` from the examples, in particular `server-ech-local.c`, but the API does not seem to be currently documented (or I didn't find the documentation). My understanding is that I can have sslh generate ECH configs with `wolfSSL_CTX_GenerateEchConfig()` then export it to the DNS server using `wolfSSL_CTX_GetEchConfigs()` (and base64 encoding), or alternatively set up with a configuration coming from outside using `wolfSSL_CTX_SetEchConfigsBase64()`. I think I have this part working.

Now the part I am missing is how to retrieve an unencrypted ClientHelloInner, or extract the encrypted SNI from the ClientHelloOuter. Really I would expect something equivalent to `wolfSSL_SNI_GetFromBuffer()`, fed with the ECH private key, or a WOLFSSL_CTX that only has EchConfigs attached, but no server certificates. Does this function exist somewhere, or how would I go about creating it? (from functions in hpke.c?)

Thanks in advance,
Y.

./configure --host=x86_64-lynxos --enable-wolfssh --enable-keygen --enable-intelasm --disable-examples --disable-crypttests --enable-aesni --enable-static --enable-usersettings

This passes, but when I call make, I get the following error:
wolfcrypt/src/sm3_asm.S:26:2: error: #error "See https://github.com/wolfSSL/wolfsm for implementation of this file"
   26 | #error "See https://github.com/wolfSSL/wolfsm for implementation of this file"

This error is thrown if WOLFSSL_SM3 is defined. This is strange, since I am not defining it in my user_settings.h nor am I enabling it, and the help page suggests sm3 is disabled by default.

So anyway, I then took out --enable-usersettings and allowed configure to generate the options.h for me. I then ran make and it compiled successfully. So I figured it's something wrong in my user_settings.h

I then copy/pasted all the #defines from the generated options.h to my user_settings.h, and then re-ran configure with --enable-usersettings. I ran make, and same errorsue, even though I am using all the same variables from the generated options.h.

Any ideas why this might be happening? I'm trying to use my own user_settings.h since I need to disable some features for Lynx specifically, eg, Lynx does not have stdatomic.h.

I have issues with achieving a Handshake, while the stm32n6570-dk acting as a Client and a Debian System as the corresponding Server.

After the TLS Handshake and initializing WolfSSL plus providing him the Root Certificate, it gives me errors at wolfssl_connect:

It returns -1.

wolfSSL_ERR_get_error says something like "unknown error".

wolfSSL_get_error just returns 32.

I am actually quite stuck at this point.