The RNG is required for resistance to timing attacks. If you are only doing this as research, you can disable the timing attack resistance by undefining
ECC_TIMING_RESISTANT
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
The RNG is required for resistance to timing attacks. If you are only doing this as research, you can disable the timing attack resistance by undefining
ECC_TIMING_RESISTANT
Hello kingutoran98,
We have an example that you might find useful:
https://github.com/wolfSSL/wolfssl-exam … ate_secret
Also this example is a good demonstration of using the x963 API:
https://github.com/wolfSSL/wolfssl-exam … glentest.c
What configuration settings are you building wolfSSL with?
Could you tell us about about your project?
Thanks,
Eric @ wolfSSL Support
Hi asigrijenny,
Welcome to the forums. The solution was posted here:
https://www.wolfssl.com/forums/post6393.html#p6393
Thanks,
Eric - wolfSSL Support
Hello Anika,
Yes, releases are always tagged as stable:
https://github.com/wolfSSL/wolfssl/rele … 5.4-stable
Thanks,
Eric - wolfSSL Support
Hi m_u_h
You could try simply setting the FIPS hash to an invalid value.
Hi Hodge,
Check out the project instructions from the readme:
https://github.com/wolfSSL/wolfssl/tree … om-scratch
In particular, confirm that the preprocessor macro "WOLFSSL_USER_SETTINGS" is set, per step 15
Thanks,
Eric
Hi Hodge,
Is "versal" defined? Otherwise it looks like "WOLFSSL_ARMASM" is being defined at the end:
#if !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
/* Enable ARMv8 (Aarch64) assembly speedups - SHA256 / AESGCM */
/* Note: Requires CFLAGS="-mcpu=generic+crypto -mstrict-align" */
#define WOLFSSL_ARMASM
#endif
Hi senergy,
Thanks for joining the wolfSSL Forums. Using VS Code to build wolfSSL is pretty straightforward. Since you are trying to build for the RPi, you will need to have the right tools to cross compile. VS Code makes setting the target easy. Here is a tutorial that you might find useful:
https://enes-ozturk.medium.com/cross-co … ca4976fdd1
Since you also contacted our support email, we will follow up from there.
Thanks,
Eric - wolfSSL Support
Hello Hodge,
Thanks for joining the wolfSSL Forums. In your configuration, please ensure that either WOLFSSL_ARMASM or WOLFSSL_XILINX_CRYPT is defined, but not both.
Thanks,
Eric - wolfSSL Support
Hi wangzihao,
Thanks for joining the wolfSSL Forums. How did you configure wolfSSL? Have you reviewed the ECC examples in our repository?
https://github.com/wolfSSL/wolfssl-exam … master/ecc
Thanks,
Eric - wolfSSL Support
Hello m_u_h
It is the responsibility of the application making a claim to be using FIPS validated cryptography to only use FIPS validated cryptography.
Please submit a support ticket by emailing support@wolfssl.com for further clarification.
Kind regards,
Eric, wolfSSL Support
Are you setting up the callback? Here is an example:
https://github.com/wolfSSL/wolfssl-exam … cryptocb.c
What is the return value from the call to wc_CryptoCb_RegisterDevice ?
Thanks,
Eric @ wolfSSL Support
Hello linxiong2
Thanks for joining the wolfSSL forums. The error is due to the IO callbacks being configured but not set:
Your IO Send callback is null, please set
For LWIP we support their socket interface by default if you add `WOLFSSL_LWIP` to the generated configuration file `wolfSSL.I-CUBE-wolfSSL_conf.h`.
The documentation or the Cube pack is here:
https://github.com/wolfSSL/wolfssl/tree … /STM32Cube
Thanks,
Eric - wolfSSL Support
Hi Sijo,
Thanks for joining the wolfSSL Forums. I'd recommend checking out the wolfSSL example:
https://github.com/wolfSSL/wolfssl/tree/master/tirtos
In particular, you can follow the directions in:
https://github.com/wolfSSL/wolfssl-exam … /README.md
Let us know if there are questions.
Thanks,
Eric, wolfSSL Support
Hi khalesiakram,
Could you tell us a bit about your project?
Please check out the STM32 Cube Pack which we provide:
https://github.com/wolfSSL/wolfssl/tree … /STM32Cube
Let us know if there are any questions. You can also email support@wolfssl.com with any questions.
Thanks,
Eric, wolfSSL Support
Hello alex23,
Yes, certainly larger keys would take longer to break using brute force.
I recommend trying out the benchmarking utility to help determine the most performant key size / algorithm for your application.
https://github.com/wolfSSL/wolfssl/tree … /benchmark
Thanks,
Eric @ wolfSSL Support
Hi Alvaro,
Thanks for your kind words. This sounds like a very cool project!
We have examples of setting up wolfTPM to establish a TLS connection:
https://github.com/wolfSSL/wolfTPM/tree … amples/tls
wolfMQTT would then be able to use that connection natively:
https://github.com/wolfSSL/wolfMQTT/tre … mqttclient
I'd recommend sending an email to our support channel. This will allow us to better prioritize any questions you might have.
support@wolfssl.com
Kind regards,
Eric @ wolfSSL Support
Hello Jon,
Thanks for joining the wolfSSL Forums. This is not currently supported, but we could achieve this type of separation using the crypto callbacks feature. We would like to discuss this in more detail with you. Could you please send us an email to facts@wolfssl.com ?
https://github.com/wolfSSL/wolfssl-exam … cryptocb.c
Thanks,
Eric @wolfSSL Support
Hi Maryy,
Does the broker send an alert? Could you share a pcap showing the error?
Hello Maryy
Thanks for joining the wolfSSL Forums.
I just ran the example locally and the Azure broker is responding:
eric@ubuntu:~/repos/wolfMQTT$ ./examples/azure/azureiothub
AzureIoTHub Client: QoS 1, Use TLS 1
MQTT Net Init: Success (0)
SharedAccessSignature sr=wolfMQTT.azure-devices.net%2fdevices%2fdemoDevice&sig=AJSJJtqi3z653SrfxhElRJzwxM2Mo5NFfIIF7smxxb4%3d&se=1664210350
MQTT Init: Success (0)
NetConnect: Host wolfMQTT.azure-devices.net, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for azureiothub: PreVerify 0, Error -188 (certificate verify failed)
Subject's domain name is MSFT BALT RS256 CA
Allowing cert anyways
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
Subject's domain name is *.azure-devices.net
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
Topic devices/demoDevice/messages/devicebound/#, Qos 1, Return Code 1
MQTT Publish: Topic devices/demoDevice/messages/events/, Success (0)
MQTT Waiting for message...
^CReceived SIGINT
MQTT Message Wait: Error (Network) (-8)
MQTT Socket Disconnect: Success (0)
By default, the example overrides the CA verification. You can load the correct CA using the -A option when executing the example.
eric@ubuntu:~/repos/wolfMQTT$ wget https://cacerts.digicert.com/BaltimoreCyberTrustRoot.crt.pem -O examples/azure/balt.pem
eric@ubuntu:~/repos/wolfMQTT$ ./examples/azure/azureiothub -A examples/azure/balt.pem
AzureIoTHub Client: QoS 1, Use TLS 1
MQTT Net Init: Success (0)
SharedAccessSignature sr=wolfMQTT.azure-devices.net%2fdevices%2fdemoDevice&sig=J7LQ4exmfD6ol0%2funAcYVzkj7AH8F4pRrrjFxB8aDpY%3d&se=1664212327
MQTT Init: Success (0)
NetConnect: Host wolfMQTT.azure-devices.net, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
Subject's domain name is MSFT BALT RS256 CA
MQTT TLS Verify Callback for azureiothub: PreVerify 1, Error 0 (none)
Subject's domain name is *.azure-devices.net
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
Topic devices/demoDevice/messages/devicebound/#, Qos 1, Return Code 1
MQTT Publish: Topic devices/demoDevice/messages/events/, Success (0)
MQTT Waiting for message...
^CReceived SIGINT
MQTT Message Wait: Error (Network) (-8)
MQTT Socket Disconnect: Success (0)
Hello Luiz,
Thanks for your message. It looks like this could be a feature request. Please send an email to support@wolfssl.com and we can help register this as a formal feature request.
Thanks,
Eric @ wolfSSL Support
Hi Bogdan,
Please check your email for a response from our ZenDesk portal.
Thanks,
Eric @ wolfSSL Support
Hello beaverknight,
Thanks for joining the wolfSSL Forums. I've created a crude test app from your example. Could you please add error checking and supply the example key file to get a reproducible test case for us to evaluate?
Could you tell us a bit about your project and the intended goals?
Kind regards,
Eric @ wolfSSL Support
Hi Juan,
I'd suggest sending an email to support@wolfssl.com where we can better prioritize getting you some assistance.
Here is the pcap I mentioned earlier. Can you please provide the packet capture from the failed connection?
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.020 seconds (76% PHP - 24% DB) with 5 queries