wolfSSL · danielinux · Oct 6, 2025 · Sep 30, 2025 · Oct 2, 2025 · Oct 2, 2025
diff --git a/IDE/STM32Cube/README.md b/IDE/STM32Cube/README.md
@@ -100,6 +100,7 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
 * To enable STM32U5 support define `WOLFSSL_STM32U5`.
 * To enable STM32H5 support define `WOLFSSL_STM32H5`.
 * To enable STM32MP13 support define `WOLFSSL_STM32MP13`.
+* To enable STM32N6 support define `WOLFSSL_STM32N6`.
 
 To use the STM32 Cube HAL support make sure `WOLFSSL_STM32_CUBEMX` is defined.
 
@@ -195,7 +196,9 @@ Note: The Benchmark example uses float. To enable go to "Project Properties" ->
 
 ## STM32 Printf
 
-In main.c make the following changes:
+Generation of code for a NUCLEO board provides a BSP option for generating printf support for the virtual com port. To use this set `#define HAL_CONSOLE_UART hcom_uart`.
+
+If setting the printf support manually make the following changes in `main.c`.
 
 This section needs to go below the `UART_HandleTypeDef` line, otherwise `wolfssl/wolfcrypt/settings.h` will error.
 

diff --git a/IDE/STM32Cube/STM32_Benchmarks.md b/IDE/STM32Cube/STM32_Benchmarks.md
diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl
@@ -221,6 +221,7 @@ extern ${variable.value} ${variable.name};
     #define WOLFSSL_STM32H5
     #define STM32_HAL_V2
     #undef  NO_STM32_HASH
+    #define WOLFSSL_STM32_PKA
     #ifndef HAL_CONSOLE_UART
     #define HAL_CONSOLE_UART huart3
     #endif
@@ -299,6 +300,7 @@ extern ${variable.value} ${variable.name};
 /* ------------------------------------------------------------------------- */
 #if defined(WOLF_CONF_RTOS) && WOLF_CONF_RTOS == 2
     #define FREERTOS
+    #define WOLFSSL_NO_REALLOC
 #else
     #define SINGLE_THREADED
 #endif
@@ -789,12 +791,6 @@ extern ${variable.value} ${variable.name};
 /* Base16 / Base64 encoding */
 //#define NO_CODING
 
-/* bypass certificate date checking, due to lack of properly configured RTC source */
-#ifndef HAL_RTC_MODULE_ENABLED
-    #define NO_ASN_TIME
-#endif
-
-
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/ssl_misc.c b/src/ssl_misc.c
@@ -81,8 +81,18 @@ static int wolfssl_read_bio_file(WOLFSSL_BIO* bio, char** data)
             }
             else {
                 /* No space left for more data to be read - add a chunk. */
+            #ifdef WOLFSSL_NO_REALLOC
+                p = (char*)XMALLOC(ret + READ_BIO_FILE_CHUNK, NULL,
+                    DYNAMIC_TYPE_TMP_BUFFER);
+                if (p != NULL) {
+                    XMEMCPY(p, mem, ret);
+                    XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+                    mem = NULL;
+                }
+            #else
                 p = (char*)XREALLOC(mem, ret + READ_BIO_FILE_CHUNK, NULL,
                     DYNAMIC_TYPE_TMP_BUFFER);
+            #endif
                 if (p == NULL) {
                     sz = MEMORY_E;
                     break;

diff --git a/src/tls13.c b/src/tls13.c
@@ -1948,7 +1948,12 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
         t = k_uptime_get(); /* returns current uptime in milliseconds */
         return (word32)t;
     }
-
+#elif defined(FREERTOS)
+    word32 TimeNowInMilliseconds(void)
+    {
+        return (word32)((uint64_t)(xTaskGetTickCount() * 1000) /
+            configTICK_RATE_HZ);
+    }
 #else
     /* The time in milliseconds.
      * Used for tickets to represent difference between when first seen and when
@@ -2241,7 +2246,12 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
         t = k_uptime_get(); /* returns current uptime in milliseconds */
         return (sword64)t;
     }
-
+#elif defined(FREERTOS)
+    sword64 TimeNowInMilliseconds(void)
+    {
+        return (sword64)((uint64_t)(xTaskGetTickCount() * 1000) /
+            configTICK_RATE_HZ);
+    }
 #else
     /* The time in milliseconds.
      * Used for tickets to represent difference between when first seen and when

diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
@@ -70,6 +70,9 @@
 #elif defined(WOLFSSL_STM32N6)
 #include <stm32n6xx_hal_conf.h>
 #include <stm32n6xx_hal_pka.h>
+#elif defined(WOLFSSL_STM32H5)
+#include <stm32h5xx_hal_conf.h>
+#include <stm32h5xx_hal_pka.h>
 #else
 #error Please add the hal_pk.h include
 #endif
@@ -261,11 +264,11 @@ static int wc_Stm32_Hash_WaitDataReady(STM32_HASH_Context* stmCtx)
     (void)stmCtx;
 
     /* wait until not busy and data input buffer ready */
-    while ((HASH->SR & HASH_SR_BUSY)
-        #ifdef HASH_IMR_DCIE
-            && (HASH->SR & HASH_SR_DCIS) == 0
+    while (((HASH->SR & HASH_SR_BUSY)
+        #ifdef HASH_IMR_DINIE
+            || (HASH->SR & HASH_SR_DINIS) == 0
         #endif
-        && ++timeout < STM32_HASH_TIMEOUT) {
+        ) && ++timeout < STM32_HASH_TIMEOUT) {
     };
 
 #ifdef DEBUG_STM32_HASH
@@ -286,8 +289,8 @@ static int wc_Stm32_Hash_WaitCalcComp(STM32_HASH_Context* stmCtx)
 
     /* wait until not busy and hash digest calculation complete */
     while (((HASH->SR & HASH_SR_BUSY)
-        #ifdef HASH_IMR_DINIE
-            || (HASH->SR & HASH_SR_DINIS) == 0
+        #ifdef HASH_IMR_DCIE
+            || (HASH->SR & HASH_SR_DCIS) == 0
         #endif
         ) && ++timeout < STM32_HASH_TIMEOUT) {
     };

diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h
@@ -35,18 +35,18 @@
 #ifdef HASH_DIGEST
     /* The HASH_DIGEST register indicates SHA224/SHA256 support */
     #define STM32_HASH_SHA2
-    #if defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13)
+    #if defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S) || \
+        defined(WOLFSSL_STM32N6) || defined(WOLFSSL_STM32H5)
         #define HASH_CR_SIZE    103
         #define HASH_MAX_DIGEST 64 /* Up to SHA512 */
-    #else
-        #define HASH_CR_SIZE    54
-        #define HASH_MAX_DIGEST 32
-    #endif
-    #if defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S)
+
         #define STM32_HASH_SHA512
         #define STM32_HASH_SHA512_224
         #define STM32_HASH_SHA512_256
         #define STM32_HASH_SHA384
+    #else
+        #define HASH_CR_SIZE    54
+        #define HASH_MAX_DIGEST 32
     #endif
     #if defined(WOLFSSL_STM32MP13)
         #define STM32_HASH_SHA3
@@ -56,6 +56,20 @@
     #define HASH_MAX_DIGEST 20
 #endif
 
+#ifdef WOLFSSL_STM32MP13
+    /* From stm32_hal_legacy.h, but that MP13 header has a bug in it */
+    #define HASH_AlgoSelection_MD5       HASH_ALGOSELECTION_MD5
+    #define HASH_AlgoSelection_SHA1      HASH_ALGOSELECTION_SHA1
+    #define HASH_AlgoSelection_SHA224    HASH_ALGOSELECTION_SHA224
+    #define HASH_AlgoSelection_SHA256    HASH_ALGOSELECTION_SHA256
+#endif
+
+/* These HASH HAL's have no MD5 implementation */
+#if defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S) || \
+    defined(WOLFSSL_STM32N6) || defined(WOLFSSL_STM32H5)
+    #define STM32_NOMD5
+#endif
+
 /* Handle hash differences between CubeMX and StdPeriLib */
 #if !defined(HASH_ALGOMODE_HASH) && defined(HASH_AlgoMode_HASH)
     #define HASH_ALGOMODE_HASH HASH_AlgoMode_HASH
@@ -128,13 +142,6 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     #define __HAL_RCC_RNG_CLK_ENABLE __HAL_RCC_RNG1_CLK_ENABLE
     #define __HAL_RCC_HASH_CLK_ENABLE __HAL_RCC_HASH1_CLK_ENABLE
     #define __HAL_RCC_HASH_CLK_DISABLE __HAL_RCC_HASH1_CLK_DISABLE
-    /* From stm32_hal_legacy.h, but that header has a bug in it */
-    #define HASH_AlgoSelection_MD5       HASH_ALGOSELECTION_MD5
-    #define HASH_AlgoSelection_SHA1      HASH_ALGOSELECTION_SHA1
-    #define HASH_AlgoSelection_SHA224    HASH_ALGOSELECTION_SHA224
-    #define HASH_AlgoSelection_SHA256    HASH_ALGOSELECTION_SHA256
-
-    #define STM32_NOMD5 /* The HASH HAL has no MD5 implementation */
 #endif
 
 #ifndef NO_AES
@@ -193,7 +200,8 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
     #ifndef STM_CRYPT_HEADER_WIDTH
         /* newer crypt HAL requires auth header size as 4 bytes (word) */
         #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && \
-            !defined(WOLFSSL_STM32MP13) && !defined(WOLFSSL_STM32H7S)
+            !defined(WOLFSSL_STM32MP13) && !defined(WOLFSSL_STM32H7S) && \
+            !defined(WOLFSSL_STM32N6)
             #define STM_CRYPT_HEADER_WIDTH 1
         #else
             #define STM_CRYPT_HEADER_WIDTH 4

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -2226,6 +2226,10 @@ extern void uITRON4_free(void *p) ;
         #ifndef STM32_HAL_TIMEOUT
             #define STM32_HAL_TIMEOUT   0xFF
         #endif
+        /* bypass certificate date checking, due to lack of properly configured RTC source */
+        #ifndef HAL_RTC_MODULE_ENABLED
+            #define NO_ASN_TIME
+        #endif
 
         #if defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SP_INT_NEGATIVE)
             /* enable the negative support for abs(a) |a| */