51 Reply by embhorn

(2 replies, posted in wolfSSL)

Hi bp787

Thanks for joining the wolfSSL forums. I'm glad to hear that you were able to resolve the build issues.

> However, i'm still SUPER unclear if this is the correct way to go about it or if there's a better/cleaner route

I would say use the client-tls-pkcs12 example as a base and change it to DTLS. Then you should be able to test connecting to the wolfSSL example server, using the -u option to specify DTLS.

Could you tell us more about your project using wolfSSL? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

52 Reply by embhorn

(1 replies, posted in wolfSSH)

Hello medyuuna,

Thanks for joining the wolfSSL Forums. I was able to reproduce the issue you reported. I have created a fix in the PR:
https://github.com/wolfSSL/wolfssh/pull/716

Please test it and let me know if this resolves the issue for you also.

Could you tell us a bit about your project using wolfSSH? Feel free to email us at support@wolfssl.com for a more private conversation.

Kind regards,
Eric - wolfSSL Support

Go to forum: wolfSSH

53 Reply by embhorn

(7 replies, posted in wolfSSL)

Hi parmstrong3

Thanks for joining the wolfSSL forums. I am requesting our ESP32 expert to chime in here.

Could you tell us a bit about your project? Feel free to email support@wolfssl.com if you'd prefer a less public venue.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

54 Reply by embhorn

(5 replies, posted in wolfSSL)

I really should have mentioned this before, but you should review the sniffer code:
https://github.com/wolfSSL/wolfssl/tree … sslSniffer

Specifically the code around checking for application data:
https://github.com/wolfSSL/wolfssl/blob … er.c#L6413

Go to forum: wolfSSL

55 Reply by embhorn

(6 replies, posted in wolfSSL)

Where you put the define depends on how you are building the library. If you are using the --enable-usersettings option, than add this to user_settings.h
#define RSA_MIN_SIZE 2048

Else you can add it on the configure line with:
./configure CFLAGS="-DRSA_MIN_SIZE=2048"

Yes you will need to rebuild the library.

Go to forum: wolfSSL

56 Reply by embhorn

(6 replies, posted in wolfSSL)

Yes, v3.15.7 supports ECC-P256 by default.
https://github.com/wolfSSL/wolfssl/blob … #L188-L189

Go to forum: wolfSSL

57 Reply by embhorn

(6 replies, posted in wolfSSL)

Hello bohuynh315

Welcome to the wolfSSL Forums. Can you tell us a bit about what you are working on and the high-level overview of the project to help us better classify this inquiry? Thank you in advance!

You can use the wolfSSL_get_ciphers API to get a list of the currently available ciphers. Here is an example:
https://github.com/wolfSSL/wolfssl/blob … #L267-L274

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

58 Reply by embhorn

(5 replies, posted in wolfSSL)

The wolfSSL IO layer is only requesting reads from the driver layer. So first it requests 5 bytes (the TLS header) which contains the packet size. Then we ask for the full remainder of the TLS packet, however they can return less. The read callback will continue to be called until the full TLS header has been read. Then it will ask for 5 bytes again. If you return more than asked it would be an error.

Go to forum: wolfSSL

59 Reply by embhorn

(5 replies, posted in wolfSSL)

Hi likewise,

The IO interface for wolfSSL is very flexible. You can use the IO callbacks to accomplish your goals:
https://www.wolfssl.com/documentation/m … tion-layer

As Anthony mentioned before, please feel free to direct your questions to support@wolfssl.com

Could you tell us a bit about your project using wolfSSL?

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

60 Reply by embhorn

(2 replies, posted in wolfMQTT)

Hello mabduljawad

Thanks for joining the wolfSSL forums! The wolfMQTT library will only use malloc if configured to allocate MQTTv5 properties dynamically. By default, the library is stack-only.

For wolfSSL, check out the static memory guide:
https://www.wolfssl.com/docs/static-buffer-allocation/

Could you tell us a bit about your MQTT project? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfMQTT

61 Reply by embhorn

(2 replies, posted in wolfCrypt)

Hello pathakpulkit06

Welcome to the wolfSSL Forums!

Yes, that error is usually an indication that the available stack should be increased. Could you share some more of your application code?

Here is an example that uses wc_PBKDF2 to stretch a password:
https://github.com/wolfSSL/wolfssl-exam … .c#L56-L60

Could you tell us a bit about your project goals using wolfSSL? Feel free to email support@wolfssl.com if you'd prefer a more private format.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfCrypt

62 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello east1ifep

Thanks for your question. We had to disable attachments in the forums, so I cannot review your pcap and log.

Could you please send this request to support@wolfssl.com, and we'll get a proper support ticket created to help you out.

Kind regards,
Eric - wolfSSL Support

Go to forum: wolfSSL

63 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello Jacob,

Welcome to the wolfSSL Forums.

I suspect this issue is related to a customer that has a support contract with us. Please email support@wolfssl.com to initiate a support ticket that will receive the highest priority response.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

64 Reply by embhorn

(3 replies, posted in wolfMQTT)

Hi horroraround,

Thanks for joining the wolfSSL Forums. The max props define is set to 30, and can be overridden by defining MQTT_MAX_PROPS at build time. This was a design decision that allowed us to keep the library requirements small and still allow flexibility for applications.

Alternatively, if your application can tolerate dynamic memory usage, the library can allocate property structures dynamically using malloc. Just add the configuration define WOLFMQTT_DYN_PROP to enable this feature.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfMQTT

65 Reply by embhorn

(3 replies, posted in General Inquiries)

The non-blocking ECC assembler component (sp_256_ecc_mulmod_8_nb), is a place-holder for future development. Obviously we do intend to implement this feature. If you'd like me to mark you down as interested in this feature, please send an email to support@wolfssl.com

Go to forum: General Inquiries

66 Reply by embhorn

(1 replies, posted in wolfCrypt)

Hi Siewie,

You've found one of the functions that does not support static memory allocation. You are handling it correctly. Would you like me to create a feature request to add static memory support to the `wc_ecc_curve_load` function?

Please send an email to support@wolfssl.com to begin that process.

Kind regards,
Eric - wolfSSL Support

Go to forum: wolfCrypt

67 Reply by embhorn

(3 replies, posted in General Inquiries)

Hi Siewie,

Welcome to the wolfSSL Forums. We encourage users to send an email to support@wolfssl.com in order to receive the highest priority support.

Here is a short RSA example that will give you an idea of the intended usage:
https://github.com/wolfSSL/wolfAsyncCry … sa-example

> (2) Is it correct that any hash function callback provided through "wc_CryptoCb_RegisterDevice" must be blocking?

No, the callbacks can be implemented as non-blocking, and utilize the async features.

> (3) It appears like we could improve the performance a lot by using the WOLFSSL_SP_ARM_CORTEX_M_ASM option. However, the non-blocking implementation is not available. Concretely, we are missing the definition of struct sp_256_ecc_mulmod_8_ctx and the function sp_256_ecc_mulmod_8_nb (wolfcrypt + wolfasynccrypt v5.6.6).

I'll check with the team on this question.

Thanks,
Eric - wolfSSL Support

Go to forum: General Inquiries

68 Reply by embhorn

(8 replies, posted in wolfCrypt)

Hi Anders,

Are you building wolfCrypt Pi?

Thanks,
Eric - wolfSSL Support

Go to forum: wolfCrypt

69 Reply by embhorn

(8 replies, posted in wolfCrypt)

Yes, as long as the user_settings.h file is in the include path it will be used.

Go to forum: wolfCrypt

70 Reply by embhorn

(8 replies, posted in wolfCrypt)

Add this option to the compiler CFLAGS "-DWOLFSSL_USER_SETTINGS"

Go to forum: wolfCrypt

71 Reply by embhorn

(2 replies, posted in wolfSSL)

Hi Scotty

There are a couple of ways to resolve this. You could

  • Use NTP to set the time prior to connecting to the server.

  • Disable time verification during runtime by loading certs using _ex version of load API with WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY flag

  • Use a verify callback to override the date errors during the first server connection.

  • Configure no date checks ever - define NO_ASN_TIME_CHECK

Let us know if that helps.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

72 Reply by embhorn

(8 replies, posted in wolfCrypt)

Hello groovytacocat,

Welcome to the wolfSSL forums!

There are two method for using a custom RNG source with wolfSSL:
"Custom Seed Source" using CUSTOM_RAND_GENERATE to seed the P-RNG
or
"Bypass P-RNG and use only HW RNG" using CUSTOM_RAND_GENERATE_BLOCK

By setting NO_HASHDRBG, you are disabling the P-RNG, but you have not defined CUSTOM_RAND_GENERATE_BLOCK

Please try removing the define for NO_HASHDRBG


Could you tell us a bit more about your project using wolfSSL? Feel free to email us at support@wolfssl.com if you'd prefer a more private venue.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfCrypt

73 Reply by embhorn

(4 replies, posted in wolfSSL)

Hi RJ,

You can use VSCode to build the wolfSSL library by simply opening the folder where you cloned or downloaded wolfSSL.

Or you can use the GitHub extension to "Clone GitHub Repository..."
Enter "https://github.com/wolfSSL/wolfssl.git"
Then "Clone from URL https://github.com/wolfSSL/wolfssl.git" and select a folder in which to store the code.

Next you can build using Cmake, or using the command line using these instructions:
https://github.com/wolfSSL/wolfssl/blob/master/INSTALL

After installing wolfSSL, you can link the library to your application by adding "-lwolfssl" to your compiler flags. Be sure to add the wolfSSL include files that were installed to the application.

#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>

Go to forum: wolfSSL

74 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello RJ

Thanks for joining the wolfSSL Forums. We have an excellent examples repository. You will need to create a new MPLABX project, as these are generic examples, not Harmony specific:
https://github.com/wolfSSL/wolfssl-exam … er-tls13.c

Could you tell us a bit about your project? Feel free to email support@wolfssl.com if you'd prefer to keep this information private.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL

75 Reply by embhorn

(1 replies, posted in wolfSSL)

Hello Bilal,

Thanks for joining the wolfSSL Forums. The -188 error indicates that the client should load a CA cert that can be used to verify the server's cert during the handshake. As you found, you can skip this check, or use a verify callback.

The -112 error is commonly encountered when a memory alloc fails.

Could you please tell us a bit about your project? Please feel free to send an email to support@wolfssl.com if you'd prefer a more private discussion.

Thanks,
Eric - wolfSSL Support

Go to forum: wolfSSL