You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hello Jerry,
Thanks for joining the forums. For the version of FIPS Ready you are building, you'll want to change the versions to:
HAVE_FIPS_VERSION=5
HAVE_FIPS_VERSION_MINOR=3I'd invite you to send an email to support@wolfssl.com in order to better prioritize questions.
Thanks,
Eric @ wolfSSL Support
Hello eMKa94
Thanks for joining the forums. Here is a link to our porting guide:
https://www.wolfssl.com/docs/porting-guide/
You can specify the build environment using the config command:
GENERIC EXAMPLE:
./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"SPECIFIC EXAMPLE:
./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs" \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
It is possible to optimize, but we have not yet implemented the needed support on this platform. You are welcome to formally request this feature.
Also can you suggest any tips, best practices or parallelization techniques to improve decryption performance with the current wolfcrypt release (5.2.0). is there any way I can improve performance, at software level.
We have several math library optimizations that you can try. Here is an example config:
https://github.com/wolfSSL/wolfssl/blob … template.h
I recommend testing with WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL
]Currently my application is showing 25-30% cpu usage without decryption and with decryption it shows 60-70% cpu usage, is this normal?
Without HW acceleration enabled, this sounds plausible.
Hello Iycboy,
Thanks for joining the wolfSSL Forums. The public key is required for signing with ed25519:
https://datatracker.ietf.org/doc/html/r … tion-5.1.6
Construct the secret scalar s from the first half of the digest, and the corresponding public key A, as described in the previous section.
We have some excellent examples in a separate repository:
https://github.com/wolfSSL/wolfssl-exam … pk/ed25519
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
My colleague reminded me that this should be clarified!
The library does not support optimization for AES CBC… We do support optimization for all asymmetric math operations.
Hi abdulwazeed1,
We do not currently support any optimizations for ARMv7. Would you like to open a feature request? Please send an email to support@wolfssl.com
Thanks,
Eric @ wolfSSL Support
Hello Lars,
That is an interesting use case. The library actually has a new ASN parser that can be enabled using
./configure --enable-asn=templateThere are other options that can be enabled with the defines documented
in https://github.com/wolfSSL/wolfssl/blob … /src/asn.c
* WOLFSSL_ASN_TEMPLATE: Encoding and decoding using a template.
* WOLFSSL_DEBUG_ASN_TEMPLATE: Enables debugging output when using ASN.1
templates.
* WOLFSSL_ASN_TEMPLATE_TYPE_CHECK: Use ASN functions to better test compiler
type issues for testing
* CRLDP_VALIDATE_DATA: For ASN template only, validates the reason dataMostly the ASN1 handling in the library is in the context of certificate handling, but maybe you'll find this extension callback example useful:
https://github.com/wolfSSL/wolfssl-exam … callback.c
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
I reviewed this with the team, and this may have been fixed since the v5.1.1 release. Could you please test with the revision master from https://github.com/wolfSSL/wolfssl ?
A new source file was added,
/wolfssl/wolfcrypt/src/kdf.c, and it is not being built by your VS project.
The VS project files in the repository have been updated in the latest release.
This is an informative error and it indicates that the peer has closed the connection and no more data will be expected.
I would suggest opening a support ticket by emailing support@wolfssl.com
MCPU is supported by arm-linux-gcc
https://gcc.gnu.org/onlinedocs/gcc/ARM-Options.html
-mcpu=name[+extension…]
This specifies the name of the target ARM processor. GCC uses this name to derive the name of the target ARM architecture (as if specified by -march) and the ARM processor type for which to tune for performance (as if specified by -mtune). Where this option is used in conjunction with -march or -mtune, those options take precedence over the appropriate part of this option.
Hello rlev,
With wolfMQTT, you can change the broker IP during the network connect using
MqttClient_NetConnect. If the client was already connected to a different broker, you would need to first need to disconnect (
MqttClient_NetDisconnect)
Hello Olle,
In order to properly prioritize your request, please open a support ticket by emailing support@wolfssl.com
Thanks,
Eric @ wolfSSL Support
Please try adding a CPU in the CFLAGS:
GENERIC EXAMPLE:
./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"SPECIFIC EXAMPLE:
./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs" \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"Hi Galadrius,
wolfBoot does not support the Intel HEX format directly, but it can be easily converted to bin via objcopy:
e.g. on arm-cortex:
arm-none-eabi-objcopy --input-target=ihex --output-target=binary firmware_v1.hex firmware_v1.binHi Galadrius,
I've moved this discussion to the wolfBoot sub-forum, as you were referencing the wolfBoot documentation:
https://github.com/wolfSSL/wolfBoot/blo … Signing.md
I'll check with the team to see what image formats are supported by wolfBoot.
Thanks,
Eric
Hi alen.loncaric
Thanks for contacting wolfSSL. Typically this is because the settings are not getting picked up by the configuration headers. Could you please share the "./configure" command you are using?
@adarshr.r6 and @SheilaLyons
We have some excellent CSR examples here:
https://github.com/wolfSSL/wolfssl-exam … er/certgen
If you still have questions, please feel free to email support@wolfssl.com to open a ticket.
Thanks for clarifying. I was able to reproduce a similar error
Creating certificate...
Failure code was -134...with
./configure --enable-certgen --enable-certext --enable-certreq --enable-keygen --enable-debugBut with
./configure --enable-all --enable-debugthe example works correctly. I will work on updating the example instructions.
The parser is failing on the attribute
unstructuredName :ovguopenssl req -in testcsr2.pem -noout -text
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = DE, ST = BW, L = KER, O = OVGU, OU = COMSYS, CN = testName, emailAddress = xyz@ovgu.de
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:6b:61:17:b7:64:a7:c8:64:ef:7e:1b:df:81:d7:
3b:68:cf:d5:77:f3:26:6a:5a:7e:81:cd:b0:02:25:
b4:7f:ff:42:62:44:dd:e3:e0:40:49:89:8d:ff:d7:
e5:36:3b:b0:cb:d1:1b:2d:59:89:de:3e:6e:12:46:
2a:56:a2:37:5a
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
unstructuredName :ovgu
challengePassword :1234
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:d3:cf:8a:a5:95:9f:fa:cb:84:dd:bf:ed:a8:
7b:4a:91:ba:a2:6f:ef:cf:19:41:40:c2:ab:d8:db:b3:95:c9:
53:02:20:3b:4c:fb:75:08:12:09:93:e3:66:7a:9f:35:12:4c:
de:ca:1d:24:f0:eb:40:8d:a0:66:28:71:9f:5e:54:1a:40Here is some relevant information:
https://stackoverflow.com/questions/187 … cturedname
Try rebuilding the CSR without entering the unstructuredName field.
Hi adarshr.r6
Thanks for contacting wolfSSL. Typically we would like to review the problematic CSR. If you'd rather not share on this public forum, you are welcome to submit a support request by emailing support@wolfssl.com
Hi Bruce,
Thanks for sending a message to support@wolfssl.com. We will assist you there.
GENERIC EXAMPLE:
./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
--target=<your target> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"SPECIFIC EXAMPLE:
./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs" \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"Hello Junkhar,
To better prioritize your support request, please open a ticket by sending an email to support@wolfssl.com
Thanks,
Eric @ wolfSSL Support
Hello Rod,
Please review the section on cross compiling in the wolfSSL User Manual:
https://www.wolfssl.com/docs/wolfssl-ma … users%20on
Let us know if there are questions.
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.025 seconds (81% PHP - 19% DB) with 4 queries