wolfCrypt FIPS Module

The CMVP has issued FIPS 140-2 Certificate #2425 for the wolfCrypt Module developed by wolfSSL Inc.

The wolfSSL embedded SSL/TLS library (formerly CyaSSL) and wolfCrypt embedded crypto engine fully support running on NXP platforms including Kinetis, Coldfire, and i.MX6.

In addition to the portability and memory advantages to using wolfSSL on NXP platforms, wolfSSL supports the mmCAU hardware cryptography module on Kinetis devices, and CAU/SEC on Coldfire platforms.  Offloading the cryptography operations into these hardware modules provide both footprint size reduction as well as substantial performance increases.

NXP Kinetis mmCAU Crypto Support

Supported cryptographic algorithms accelerated in hardware through the NXP mmCAU include AES, DES, 3DES, MD5, SHA-1, and SHA-256.  For details regarding the mmCAU module, please refer to the NXP CAU and mmCAU software library web page.


The following benchmarks were gathered using the wolfCrypt benchmark application (located in <wolfssl_root>/wolfcrypt/benchmark/benchmark.c) running on a Freescale Kinetis K60-TWR platform.

NXP K60 TWR (100 MHz)

As the above benchmarks show, the hardware-based algorithms taking advantage of the mmCAU demonstrate significantly faster speeds than that of their software counterparts.

Building wolfSSL with NXP Support

wolfSSL ships with several built-in defines for enabling support for MQX/RTCS/MFS, mmCAU/CAU/SEC, and the hardware random number generators on Kinetis platforms.  To compile wolfSSL for your Kinetis or MQX-based project, add defines from the below list to <wolfssl_root>/wolfssl/wolfcrypt/settings.h, or to your list of preprocessor defines in your IDE (CodeWarrior, KDS, etc.).

FREESCALE_MQX - Enables support for Freescale MQX/RTCS/MFS

FREESCALE_MMCAU - Enables and turns on support for mmCAU hardware cryptography

HAVE_COLDFIRE_SEC - Enables and turns on support for Coldfire SEC hardware cryptography

FREESCALE_K70_RNGA - Enable when K70 RNGA hardware random number generator is available

FREESCALE_K53_RNGB - Enable when K53 RNGB hardware random number generator is available

Please contact wolfSSL with any questions about using the wolfSSL lightweight SSL library with NXP platforms or development environments.

About NXP

NXP® Semiconductors N.V. (NASDAQ: NXPI) enables secure connections and infrastructure for a smarter world, advancing solutions that make lives easier, better and safer. As the world leader in secure connectivity solutions for embedded applications, NXP is driving innovation in the secure connected vehicle, end-to-end security & privacy and smart connected solutions markets. Built on more than 60 years of combined experience and expertise, the company has 45,000 employees in more than 35 countries.


wolfSSL Product Page

NXP Semiconductors


wolfSSL NXP Support

Copyright 2017 wolfSSL Inc.  All rights reserved.


Please feel free to contact us with any questions you might have.

wolfSSL 3.11.0

Release 3.11.0 includes vulnerability fixes, support for Intel QuickAssist, Nginx, HAproxy, INtime RTOS, NXP Hexiwear, ECC-CDH, memory improvements, and more.

embedded ssl

Questions? +1 (425) 245-8247