You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hello jbquick,
Thanks for contacting wolfSSL Support. I have requested a review of this from a colleague.
Hi aashishkul,
Excellent! the library is very flexible, and your expectations are reasonable. Here is a link to our tuning guide:
https://www.wolfssl.com/docs/tuning-guide/
Additionally, here are some reference configurations that will be useful:
https://github.com/wolfSSL/wolfssl/tree … es/configs
For additional assistance with optimization, please open a support ticket by emailing support@wolfssl.com
Regarding the warning, are you working with the latest version of the library?
Hi astc
What is the server doing? If it is not sending messages, I could see where your test would break.
I modified our simple examples to do what you are trying to accomplish:
https://github.com/wolfSSL/wolfssl-exam … master/tls
diff --git a/tls/client-tls.c b/tls/client-tls.c
index d1e06be..9f13d84 100644
--- a/tls/client-tls.c
+++ b/tls/client-tls.c
@@ -133,32 +133,68 @@ int main(int argc, char** argv)
goto cleanup;
}
- /* Get a message for the server from stdin */
- printf("Message for server: ");
- memset(buff, 0, sizeof(buff));
- if (fgets(buff, sizeof(buff), stdin) == NULL) {
- fprintf(stderr, "ERROR: failed to get message for server\n");
- ret = -1;
- goto cleanup;
- }
- len = strnlen(buff, sizeof(buff));
-
- /* Send the message to the server */
- if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
- fprintf(stderr, "ERROR: failed to write entire message\n");
- fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
- goto cleanup;
+#if 1
+ while (1)
+ {
+ int err;
+ char stringtosend[1024];
+ char readBuf[1024];
+
+ printf("Send a string to the server\n"
+ "x to exit\n");
+ if (fgets(stringtosend, sizeof(stringtosend), stdin) == NULL) {
+ printf("error reading");
+ }
+ do {
+ ret = wolfSSL_write(ssl, stringtosend, sizeof(stringtosend));
+ err = wolfSSL_get_error(ssl, ret);
+ } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
+ printf("Sent (%d): %s\n", err, stringtosend);
+
+ XMEMSET(readBuf, 0, sizeof(readBuf));
+ do {
+ ret = wolfSSL_read(ssl, readBuf, sizeof(readBuf)-1);
+ err = wolfSSL_get_error(ssl, ret);
+ } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
+ printf("Read (%d): %s\n", err, readBuf);
+
+
+ //ssl->buffers.clearOutputBuffer.length = 0;
+ if (stringtosend[0] == 'x' && stringtosend[1] == '\n'){
+ break;
+ }
}
-
- /* Read the server data into our buff array */
- memset(buff, 0, sizeof(buff));
- if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
- fprintf(stderr, "ERROR: failed to read\n");
- goto cleanup;
- }
-
- /* Print to stdout any data the server sends */
- printf("Server: %s\n", buff);
+#else
+ do {
+ /* Get a message for the server from stdin */
+ printf("Message for server: ");
+ memset(buff, 0, sizeof(buff));
+ if (fgets(buff, sizeof(buff), stdin) == NULL) {
+ fprintf(stderr, "ERROR: failed to get message for server\n");
+ ret = -1;
+ goto cleanup;
+ }
+ len = strnlen(buff, sizeof(buff));
+
+ /* Send the message to the server */
+ if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
+ fprintf(stderr, "ERROR: failed to write entire message\n");
+ fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len);
+ goto cleanup;
+ }
+
+ /* Read the server data into our buff array */
+ memset(buff, 0, sizeof(buff));
+ if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
+ fprintf(stderr, "ERROR: failed to read\n");
+ goto cleanup;
+ }
+
+ /* Print to stdout any data the server sends */
+ printf("Server: %s\n", buff);
+
+ } while(1);
+#endif
/* Bidirectional shutdown */
while (wolfSSL_shutdown(ssl) == SSL_SHUTDOWN_NOT_DONE) {diff --git a/tls/server-tls.c b/tls/server-tls.c
index fa79a4d..6fc3c50 100644
--- a/tls/server-tls.c
+++ b/tls/server-tls.c
@@ -160,35 +160,35 @@ int main()
printf("Client connected successfully\n");
-
-
- /* Read the client data into our buff array */
- memset(buff, 0, sizeof(buff));
- if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
- fprintf(stderr, "ERROR: failed to read\n");
- goto exit;
- }
-
- /* Print to stdout any data the client sends */
- printf("Client: %s\n", buff);
-
- /* Check for server shutdown command */
- if (strncmp(buff, "shutdown", 8) == 0) {
- printf("Shutdown command issued!\n");
- shutdown = 1;
- }
-
-
-
- /* Write our reply into buff */
- memset(buff, 0, sizeof(buff));
- memcpy(buff, reply, strlen(reply));
- len = strnlen(buff, sizeof(buff));
-
- /* Reply back to the client */
- if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
- fprintf(stderr, "ERROR: failed to write\n");
- goto exit;
+ while(!shutdown) {
+ /* Read the client data into our buff array */
+ memset(buff, 0, sizeof(buff));
+ if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) {
+ fprintf(stderr, "ERROR: failed to read\n");
+ goto exit;
+ }
+
+ /* Print to stdout any data the client sends */
+ printf("Client: %s\n", buff);
+
+ /* Check for server shutdown command */
+ if (strncmp(buff, "shutdown", 8) == 0) {
+ printf("Shutdown command issued!\n");
+ shutdown = 1;
+ }
+
+
+
+ /* Write our reply into buff */
+ memset(buff, 0, sizeof(buff));
+ memcpy(buff, reply, strlen(reply));
+ len = strnlen(buff, sizeof(buff));
+
+ /* Reply back to the client */
+ if ((ret = wolfSSL_write(ssl, buff, len)) != len) {
+ fprintf(stderr, "ERROR: failed to write\n");
+ goto exit;
+ }
}
/* Notify the client that the connection is ending */Hello aashishkul
Welcome to the wolfSSL Forums.
You can build a non-standard environment by creating a new library project and pointing to the source and header folders.
https://www.wolfssl.com/documentation/m … nvironment
You do not need to use the autotools scripts to generate make files. You can place all the configuration defines into a file name user_settings.h and add a CFLAG define for WOLFSSL_USER_SETTINGS.
Additionally, we offer services to get wolfSSL built in your environment. Please send an email to facts@wolfssl.com to learn more about this process.
Thanks,
Eric - wolfSSL Support
Hi razvi.david
Are you working with the latest code from the repository? We did recently fix an issue that sounds similar to this.
Would you like to open a support ticket? The forum is a low priority venue for helping customers. Please send an email to support@wolfssl.com and reference this forum post.
Thanks,
Eric - wolfSSL Support
I just tested this edge case using the TLS resume example I referred to earlier. I set a BP after the first connection completed, and restarted the server to ensure the session ticket would not be recognized.
The second client connection succeeded, and it was indicated that the session could not be resumed, i.e. a new session was established.
Message for server: test
Server: I hear you fa shizzle!
Session ID not reused; Successful resume.
Message for server: test
Server: I hear you fa shizzle!Could you share the configuration settings being used? Also please enable debug logging (./configure --enable-debug and add a call to wolfSSL_Debugging_ON() in the client) and share the log showing the error.
Hello razvi.david
Welcome to the wolfSSL Forums.
Could you tell us a bit about your project using wolfSSL?
Is the server restarted in between sessions?
You can observe a successful session ticket reuse using the examples.
<wolfssl>
./configure --enable-session-ticket && make
<server>
./examples/server/server -i
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
Client message: hello wolfssl!
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL reused session
Client message: resuming wolfssl!<client connects twice>
./examples/client/client -r
Session Ticket CB: ticketSz = 142, ctx = initial session
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL curve name is SECP256R1
I hear you fa shizzle!
Session Ticket CB: ticketSz = 142, ctx = resumed session
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSL reused session
reused session id
resumeI hear you fa shizzle!Additionally, here is a TLS resume example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c
As for allowing the connection with a session ticket that is unrecognized, I believe that is supported. The server should just send a new session ticket. That would be the same if a session ticket expired.
Thanks,
That code corresponds to VERIFY_SIGN_ERROR, which indicates that the signature is invalid.
Are you using STM32 Cube IDE with the wolfSSL cube pack? What configuration are you using?
Hi astc
Welcome to the wolfSSL forums.
Are you able to run the wolfCrypt tests on your platform? It's a good idea to verify the core cryptography first to be sure there is not some underlying problem.
https://github.com/wolfSSL/wolfssl/tree … crypt/test
Thanks,
Eric - wolfSSL Support
Hello tuankiet,
Welcome to the wolfSSL Forums. The linker is complaining about system calls ("inet_pton", "__errno_location", etc)
Could this be related to order the libraries are included?
-L/home/tuankiet/Documents/tools/riscv-32imac/lib -L/home/tuankiet/Documents/tools/riscv-32imac/riscv32-unknown-elf/lib -L/home/tuankiet/Documents/tools/riscv-32imac/sysroot/lib -L/home/tuankiet/Documents/tools/riscv-32imac/sysroot/usr/lib /home/tuankiet/Documents/tools/wolfssl-build-riscv32/lib/libwolfssl.a -lmKind regards,
Eric - wolfSSL Support
Hi Nikos,
Thanks for contacting wolfSSL Forums.
We are reviewing this and will post an update.
Thanks,
Eric @ wolfSSL Support
Hi bahadirmaktav,
You can use the wolfSSL example client application to get similar functionality:
Build wolfSSL with
./configure --enable-all CFLAGS="-DSHOW_CERTS" && makeRun the client
./examples/client/client -h <hostname> -p <port>Use the -j option to override CA issues
Thanks,
Eric - wolfSSL Support
Hi kj3141
Please send an email to our support team so that this issue is properly tracked
support@wolfssl.com
Thanks,
Eric - wolfSSL Support
I was able to use the wolfMQTT example client on linux to connect to the test broker
$ ./examples/mqttclient/mqttclient -h test.mosquitto.org -t
MQTT Client: QoS 0, Use TLS 1
MQTT Net Init: Success (0)
MQTT Init: Success (0)
NetConnect: Host test.mosquitto.org, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for mqttclient: PreVerify 0, Error -188 (ASN no signer error to confirm failure)
Subject's domain name is test.mosquitto.org
Allowing cert anyways
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
Topic wolfMQTT/example/testTopic, Qos 0, Return Code 0
MQTT Publish: Topic wolfMQTT/example/testTopic, Success (0)
MQTT Waiting for message...
MQTT Message: Topic wolfMQTT/example/testTopic, Qos 0, Len 4
Payload (0 - 4) printing 4 bytes:
test
MQTT Message: Done
^CReceived SIGINT
Network Error Callback: Error (Network) (error -8)
MQTT Exiting...
MQTT Unsubscribe: Success (0)
MQTT Disconnect: Success (0)
MQTT Socket Disconnect: Success (0)Great, increasing the stack got you past the first issue. Now the broker is sending an alert after the TLS client hello is sent:
wolfSSL (1): received record layer msg
wolfSSL (1): got ALERT!
wolfSSL (1): Alert type: handshake_failure
wolfSSL (0): wolfSSL error occurred, error = 40
wolfSSL (0): wolfSSL error occurred, error = -313This could be because the broker expects some extension that the client is not sending, or there was not a mutually agreeable cipher suite or protocol version.
It might be easier to try connecting to a local broker (maybe mosquitto?) that you could more easily monitor the handshake using Wireshark.
Hi b.stefano,
Great to hear from you again. From the log, it seems that the allocation of the SSL structure is failing. This could be because of a memory failure. Could you try increasing the available stack size?
Thanks,
Eric - wolfSSL Support
Hi Keterna,
Welcome to the wolfSSL Forums! Yes, you are on the right track. You'll need to define HAVE_SECRET_CALLBACK to access the wolfSSL_set_tls13_secret_cb API.
Here is a client example that writes the shared secret to a log file, which can then be used to decrypt the packets in wrieshark:
https://github.com/wolfSSL/wolfssl-exam … nt-tls13.c
Here is the analogous server example:
https://github.com/wolfSSL/wolfssl-exam … er-tls13.c
Could you tell us a bit more about your project? Feel free to email support@wolfssl.com if you'd prefer a less public discussion.
Thanks,
Eric - wolfSSL Support
Come see us at Black Hat in Las Vegas August 9th & 10th, booth #2617!
https://www.blackhat.com/us-23/
Hello Amjal,
Sorry to hear about your trouble with the Zephyr port. The port was last tested on Zephyr 2.7 with Zephyr SDK 0.13.1.
If this is a project blocker, I suggest using our Support system by emailing support@wolfssl.com
Thanks,
Eric - wolfSSL Support
Hi sricor,
I have responded to your ticket in our Zendesk portal. Thanks for sending that in.
Hello sricor,
Welcome to the wolfSSL Forums. This sounds like a very interesting project. If the return code is MQTT_CODE_CONTINUE, then the IO driver is returning EINPROGRESS or EWOULDBLOCK, indicating that the driver buffer is not being emptied. I'd like to try to reproduce this. Could you please send an email to support@wolfssl.com mentioning this forum post?
Thanks,
Eric - wolfSSL Support
Hello hakahane
Welcome to the wolfSSL forums. Thanks for bringing this to our attention! I've fixed it in
https://github.com/wolfSSL/wolfssl/pull/6532
Please give it a test and let us know if you find other issues.
Kind regards,
Eric - wolfSSL Support
Hello solamnic
Welcome to the wolfSSL Forums. I've requested feedback from our engineers on your questions.
Thanks,
Eric - wolfSSL Support
Hi Alex,
The key parameter is not constant for the async state machine and in order to utilize the key's heap memory. So long as one hash verify operation completes before reusing the key, it can be reused.
Thanks,
Eric - wolfSSL Support
A lot of the math functions your are trying to use are gated because they are not typically used by applications. I can't really give you a "guide" to exposing these API. You should review the header files, as they are a pretty good indicator if a function is gated.
Hi wangzihao,
The --enable-fpecc option enables Fixed Point cache ECC. It is not required to use ecc_mul2add.
You do need to make the function public by adding -DWOLFSSL_PUBLIC_ECC_ADD_DBL to CFLAGS
Please keep these questions coming! We are happy to help others learn!
Thanks,
Eric
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.039 seconds (77% PHP - 23% DB) with 4 queries