1 Topic by kaolsen (edited by kaolsen 2018-06-27 01:27:17)

  • Registered: 2017-11-17
  • Posts: 7

Topic: wolfSSL_use_certificate_chain_buffer returns WOLFSSL_BAD_FILE

I am trying to get provisioning service from the MS Client SDK up running. https://github.com/Azure/azure-iot-sdk-c. The iothub_client is working perfectly.

I am using x509 certificarte. The  "wolfSSL_use_certificate_chain_buffer" returns WOLFSSL_BAD_FILE. The problem is in the GetMyVersion function where bold line returns ASN_PARSE_E. The value of input[idx++] is 0x0B.

WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx,
                               int* version, word32 maxIdx)
{
    word32 idx = *inOutIdx;

    if ((idx + MIN_VERSION_SZ) > maxIdx)
        return ASN_PARSE_E;

   if (input[idx++] != ASN_INTEGER)
        return ASN_PARSE_E;

    if (input[idx++] != 0x01)
        return ASN_VERSION_E;

    *version  = input[idx++];
    *inOutIdx = idx;

    return *version;
}

USING Wolfssl version 3.13.0

Here is my certificate:

-----BEGIN CERTIFICATE-----
MIICIDCCAcagAwIBAgIFCgsMDQ4wCgYIKoZIzj0EAwIwOzEZMBcGA1UEAwwQcmlvdC1zaWduZXItY29yZTELMAkGA1UEBgwCVVMxETAPBgNVBAoMCE1TUl9URVNUMB4XDTE3MDEwMTAwMDAwMFoXDTM3MDEwMTAwMDAwMFowOzEZMBcGA1UEAwwQcmlvdC1kZXZpY2UtY2VydDELMAkGA1UEBgwCVVMxETAPBgNVBAoMCE1TUl9URVNUMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXl8k/JM5Trrd+T2hCzH8J8FzdMo+nqEBctNE0wUQWesM+QbsF1PBmEHxb/FpqegLlleJW4niMxaN8z3J7T/imKOBtjCBszATBgNVHSUEDDAKBggrBgEFBQcDAjCBmwYGZ4EFBQQBBIGQMIGNAgEBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdgvxWvX6LURj6RDfdXUY30+4hz8gZ6cf25VifQhb3wPuuZTxr09nLslUYdF42qA6VsIUj1fym6mLv2K6agLvvTAtBglghkgBZQMEAgEEIGvpsYTJN8KOEi7uUSto6o4Aw90VnqToXoTLqWb0Rs1OMAoGCCqGSM49BAMCA0gAMEUCIFFcPW6545a5BNP+yn9U/c0MwemXvzddylFa0KbDtANfAiEAuqG9PPKcd3Fntf5c2icXfIFRXtSWOpZcR8iNnFwtN5g=
-----END CERTIFICATE-----

-----BEGIN EC PRIVATE KEY----- MHcCAQEEINXd3WSS7LqDEFGdpbQi0V51w01XkpMVPUYlG9V7/ldUoAoGCCqGSM49AwEHoUQDQgAEXl8k/JM5Trrd+T2hCzH8J8FzdMo+nqEBctNE0wUQWesM+QbsF1PBmEHxb/FpqegLlleJW4niMxaN8z3J7T/imA== -----END EC PRIVATE KEY-----

"Settings.h"

#define WOLFSSL_BASE64_ENCODE
#define THREADX     
#define WOLFSSL_USER_IO
#define NO_SESSION_CACHE
#define NO_WOLFSSL_SERVER
#define FP_MAX_BITS           4096   
#define USE_FAST_MATH
#define WOLFSSL_SMALL_STACK
#define TFM_TIMING_RESISTANT
#define NO_WRITEV
#define NO_ERROR_STRINGS
#define NO_WOLFSSL_DIR                   
#define NO_INLINE
#define HAVE_TIME_T_TYPE
#define HAVE_TM_TYPE
#define HAVE_VALIDATE_DATE
#define XVALIDATE_DATE(d, f, t) 1
#define POSITIVE_EXP_ONLY
#define NO_DEV_RANDOM
#define NO_DH 
#define RSA_LOW_MEM
//Provisioning Service
#define HAVE_ECC
#define HAVE_ECC_KEY_IMPORT
#define HAVE_ECC_VERIFY
#define HAVE_ECC_DHE
#define HAVE_ECC_KEY_EXPORT
#define HAVE_ECC_SIGN   

#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX     
#define WOLFSSL_ALERT_COUNT_MAX 5
#define HAVE_AES_DECRYPT
#define HAVE_AES_ENCRYPT   
#define HAVE_AES_CBC
#define WOLFSSL_STATIC_RSA
#define AES_MAX_KEY_SIZE  256 
#define NO_OLD_TLS

Share

  • Registered: 2017-11-17
  • Posts: 7

Re: wolfSSL_use_certificate_chain_buffer returns WOLFSSL_BAD_FILE

The certificate signature algorithm = sha256ECDSA and Signature hash algorithm = sha256. Do wolfssl supports that.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: wolfSSL_use_certificate_chain_buffer returns WOLFSSL_BAD_FILE

Hi kaolsen,

Thank you so much for contacting wolfSSL and for your questions. wolfSSL does support ECDSA and sha256.

Warm Regards,

Kaleb

Kaleb J. Himes's Website

Share