51

(12 replies, posted in wolfSSL)

Could you create a test case using the wolfSSL examples?

<wolfssl>./examples/server/server
<wolfssl>./examples/client/client

The keygen component is present in source, but there is not a separate utility (yet)
https://github.com/wolfSSL/wolfssh/blob … c/keygen.c

It looks like the listenAddress option is not fully supported yet.

Hello forza,

Thanks for joining the wolfSSL Forums. wolfSSH-sshd is intended to be full replacement for the OpenSSH server. Here is a getting started video:
https://www.youtube.com/watch?v=xJOyoalxA0U

There doesn't seem to be any official documentation on the wolfsshd itself

This is relatively new feature of the project, so documentation is still forthcoming.

I'll check with the team about the key-gen tool.

Could you tell us a bit about your project using wolfSSH? Feel free to email us at support@wolfssl.com for a more private discussion.

Kind regards,
Eric - wolfSSL Support

54

(12 replies, posted in wolfSSL)

Thanks for sharing the log inline....

From the log, the peer sent a "decrypt error" alert:

received record layer msg
got ALERT!
Alert type: decrypt_error
wolfSSL error occurred, error = 51 line:20389 file:src/internal.c
wolfSSL error occurred, error = 313 line:12991 file:src/ssl.c

So the peer was not able to decode the message and quit the handshake.

Can you provide more info about the server?

55

(12 replies, posted in wolfSSL)

Hello invoker,

Thanks for joining the wolfSSL Forums. Unfortunately we needed to disable file attachments in these forums, so I am unable to see your log.

You are welcome to create a support ticket by emailing support@wolfssl.com

Are you connecting to one of the wolfSSL example servers?

Kind regards,
Eric - wolfSSL Support

Hi bp787

Thanks for joining the wolfSSL forums. I'm glad to hear that you were able to resolve the build issues.

> However, i'm still SUPER unclear if this is the correct way to go about it or if there's a better/cleaner route

I would say use the client-tls-pkcs12 example as a base and change it to DTLS. Then you should be able to test connecting to the wolfSSL example server, using the -u option to specify DTLS.

Could you tell us more about your project using wolfSSL? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

Hello medyuuna,

Thanks for joining the wolfSSL Forums. I was able to reproduce the issue you reported. I have created a fix in the PR:
https://github.com/wolfSSL/wolfssh/pull/716

Please test it and let me know if this resolves the issue for you also.

Could you tell us a bit about your project using wolfSSH? Feel free to email us at support@wolfssl.com for a more private conversation.

Kind regards,
Eric - wolfSSL Support

Hi parmstrong3

Thanks for joining the wolfSSL forums. I am requesting our ESP32 expert to chime in here.

Could you tell us a bit about your project? Feel free to email support@wolfssl.com if you'd prefer a less public venue.

Thanks,
Eric - wolfSSL Support

I really should have mentioned this before, but you should review the sniffer code:
https://github.com/wolfSSL/wolfssl/tree … sslSniffer

Specifically the code around checking for application data:
https://github.com/wolfSSL/wolfssl/blob … er.c#L6413

Where you put the define depends on how you are building the library. If you are using the --enable-usersettings option, than add this to user_settings.h
#define RSA_MIN_SIZE 2048

Else you can add it on the configure line with:
./configure CFLAGS="-DRSA_MIN_SIZE=2048"

Yes you will need to rebuild the library.

Yes, v3.15.7 supports ECC-P256 by default.
https://github.com/wolfSSL/wolfssl/blob … #L188-L189

Hello bohuynh315

Welcome to the wolfSSL Forums. Can you tell us a bit about what you are working on and the high-level overview of the project to help us better classify this inquiry? Thank you in advance!

You can use the wolfSSL_get_ciphers API to get a list of the currently available ciphers. Here is an example:
https://github.com/wolfSSL/wolfssl/blob … #L267-L274

Thanks,
Eric - wolfSSL Support

The wolfSSL IO layer is only requesting reads from the driver layer. So first it requests 5 bytes (the TLS header) which contains the packet size. Then we ask for the full remainder of the TLS packet, however they can return less. The read callback will continue to be called until the full TLS header has been read. Then it will ask for 5 bytes again. If you return more than asked it would be an error.

Hi likewise,

The IO interface for wolfSSL is very flexible. You can use the IO callbacks to accomplish your goals:
https://www.wolfssl.com/documentation/m … tion-layer

As Anthony mentioned before, please feel free to direct your questions to support@wolfssl.com

Could you tell us a bit about your project using wolfSSL?

Thanks,
Eric - wolfSSL Support

65

(2 replies, posted in wolfMQTT)

Hello mabduljawad

Thanks for joining the wolfSSL forums! The wolfMQTT library will only use malloc if configured to allocate MQTTv5 properties dynamically. By default, the library is stack-only.

For wolfSSL, check out the static memory guide:
https://www.wolfssl.com/docs/static-buffer-allocation/

Could you tell us a bit about your MQTT project? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

66

(2 replies, posted in wolfCrypt)

Hello pathakpulkit06

Welcome to the wolfSSL Forums!

Yes, that error is usually an indication that the available stack should be increased. Could you share some more of your application code?

Here is an example that uses wc_PBKDF2 to stretch a password:
https://github.com/wolfSSL/wolfssl-exam … .c#L56-L60

Could you tell us a bit about your project goals using wolfSSL? Feel free to email support@wolfssl.com if you'd prefer a more private format.

Thanks,
Eric - wolfSSL Support

Hello east1ifep

Thanks for your question. We had to disable attachments in the forums, so I cannot review your pcap and log.

Could you please send this request to support@wolfssl.com, and we'll get a proper support ticket created to help you out.

Kind regards,
Eric - wolfSSL Support

Hello Jacob,

Welcome to the wolfSSL Forums.

I suspect this issue is related to a customer that has a support contract with us. Please email support@wolfssl.com to initiate a support ticket that will receive the highest priority response.

Thanks,
Eric - wolfSSL Support

69

(3 replies, posted in wolfMQTT)

Hi horroraround,

Thanks for joining the wolfSSL Forums. The max props define is set to 30, and can be overridden by defining MQTT_MAX_PROPS at build time. This was a design decision that allowed us to keep the library requirements small and still allow flexibility for applications.

Alternatively, if your application can tolerate dynamic memory usage, the library can allocate property structures dynamically using malloc. Just add the configuration define WOLFMQTT_DYN_PROP to enable this feature.

Thanks,
Eric - wolfSSL Support

The non-blocking ECC assembler component (sp_256_ecc_mulmod_8_nb), is a place-holder for future development. Obviously we do intend to implement this feature. If you'd like me to mark you down as interested in this feature, please send an email to support@wolfssl.com

Hi Siewie,

You've found one of the functions that does not support static memory allocation. You are handling it correctly. Would you like me to create a feature request to add static memory support to the `wc_ecc_curve_load` function?

Please send an email to support@wolfssl.com to begin that process.

Kind regards,
Eric - wolfSSL Support

Hi Siewie,

Welcome to the wolfSSL Forums. We encourage users to send an email to support@wolfssl.com in order to receive the highest priority support.

Here is a short RSA example that will give you an idea of the intended usage:
https://github.com/wolfSSL/wolfAsyncCry … sa-example

> (2) Is it correct that any hash function callback provided through "wc_CryptoCb_RegisterDevice" must be blocking?

No, the callbacks can be implemented as non-blocking, and utilize the async features.

> (3) It appears like we could improve the performance a lot by using the WOLFSSL_SP_ARM_CORTEX_M_ASM option. However, the non-blocking implementation is not available. Concretely, we are missing the definition of struct sp_256_ecc_mulmod_8_ctx and the function sp_256_ecc_mulmod_8_nb (wolfcrypt + wolfasynccrypt v5.6.6).

I'll check with the team on this question.

Thanks,
Eric - wolfSSL Support

Hi Anders,

Are you building wolfCrypt Pi?

Thanks,
Eric - wolfSSL Support

74

(8 replies, posted in wolfCrypt)

Yes, as long as the user_settings.h file is in the include path it will be used.

75

(8 replies, posted in wolfCrypt)

Add this option to the compiler CFLAGS "-DWOLFSSL_USER_SETTINGS"