201

(7 replies, posted in wolfSSL)

Hi alen.loncaric

Thanks for contacting wolfSSL. Typically this is because the settings are not getting picked up by the configuration headers. Could you please share the "./configure" command you are using?

@adarshr.r6 and @SheilaLyons

We have some excellent CSR examples here:
https://github.com/wolfSSL/wolfssl-exam … er/certgen

If you still have questions, please feel free to email support@wolfssl.com to open a ticket.

203

(6 replies, posted in wolfCrypt)

Thanks for clarifying. I was able to reproduce a similar error

Creating certificate...
Failure code was -134

...with

./configure --enable-certgen --enable-certext --enable-certreq --enable-keygen --enable-debug

But with

./configure --enable-all --enable-debug

  the example works correctly. I will work on updating the example instructions.

204

(6 replies, posted in wolfCrypt)

The parser is failing on the attribute

unstructuredName         :ovgu
openssl req -in testcsr2.pem -noout -text
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = DE, ST = BW, L = KER, O = OVGU, OU = COMSYS, CN = testName, emailAddress = xyz@ovgu.de
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:6b:61:17:b7:64:a7:c8:64:ef:7e:1b:df:81:d7:
                    3b:68:cf:d5:77:f3:26:6a:5a:7e:81:cd:b0:02:25:
                    b4:7f:ff:42:62:44:dd:e3:e0:40:49:89:8d:ff:d7:
                    e5:36:3b:b0:cb:d1:1b:2d:59:89:de:3e:6e:12:46:
                    2a:56:a2:37:5a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            unstructuredName         :ovgu
            challengePassword        :1234
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:d3:cf:8a:a5:95:9f:fa:cb:84:dd:bf:ed:a8:
         7b:4a:91:ba:a2:6f:ef:cf:19:41:40:c2:ab:d8:db:b3:95:c9:
         53:02:20:3b:4c:fb:75:08:12:09:93:e3:66:7a:9f:35:12:4c:
         de:ca:1d:24:f0:eb:40:8d:a0:66:28:71:9f:5e:54:1a:40

Here is some relevant information:
https://stackoverflow.com/questions/187 … cturedname

Try rebuilding the CSR without entering the unstructuredName field.

205

(6 replies, posted in wolfCrypt)

Hi adarshr.r6

Thanks for contacting wolfSSL. Typically we would like to review the problematic CSR. If you'd rather not share on this public forum, you are welcome to submit a support request by emailing support@wolfssl.com

206

(1 replies, posted in wolfSSL)

Hi Bruce,

Thanks for sending a message to support@wolfssl.com. We will assist you there.

GENERIC EXAMPLE:

./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
--target=<your target> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"

SPECIFIC EXAMPLE:

./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs"  \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"

208

(11 replies, posted in wolfSSL)

Hello Junkhar,

To better prioritize your support request, please open a ticket by sending an email to support@wolfssl.com

Thanks,
Eric @ wolfSSL Support

Hello Rod,

Please review the section on cross compiling in the wolfSSL User Manual:
https://www.wolfssl.com/docs/wolfssl-ma … users%20on

Let us know if there are questions.

210

(2 replies, posted in wolfSSL)

Hi adarshr.r6

Thank you so much for reaching out to wolfSSL support, can you tell us a bit about what you are working on and the high-level overview of the project to help us better classify this inquiry? Thank you in advance!

Your application must include the wolfSSL configuration headers before any others.

https://github.com/wolfSSL/wolfssl-exam … -tls.c#L34

/* wolfSSL */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>

Let us know if there are questions.

211

(8 replies, posted in wolfSSL)

Please try only creating a new SSL object, instead of a new CTX and SSL. Here is an example:
https://github.com/wolfSSL/wolfssl-exam … tls-perf.c

212

(8 replies, posted in wolfSSL)

Your last message did not attach a pcap file

fail 2 test2.pcapng

213

(8 replies, posted in wolfSSL)

Could you share the wolfSSL configuration? Also a log and pcap is very useful in determining why a connection is failing. If you'd prefer to keep this information private, please feel free to open a support ticket by emailing support @ wolfssl.com

214

(11 replies, posted in wolfSSL)

Have you run the example stand-alone yet? It might be useful to see it working first, then try to integrate.

215

(11 replies, posted in wolfSSL)

Hello Junkhar,

Thanks for contacting wolfSSL Support. Which Harmony webserver example project are you testing with?

Browsers often open multiple TLS connections to help speed up displaying a webpage. This can cause issues with embedded servers.   Are you seeing a single connection succeed? If you test with wget does it work?

Thanks,
Eric

Hello Davide,

You'll want to cross-compile the library. Here is an example:

GENERIC EXAMPLE:

./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"

SPECIFIC EXAMPLE:

./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs"  \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"

Chapter 2.6 of the wolfSSL manual will be helpful, as the same rules apply to wolfMQTT.
https://www.wolfssl.com/docs/wolfssl-manual/ch2/

217

(1 replies, posted in wolfSSL)

Hello Akhi,

The wolfSSL interface is agnostic to the underlying transport layer. As such, it does not provide a method for fetching the MAC address. TI-RTOS does provide such capability:
https://www.ti.com/tool/NDKTCPIP

Kind regards,
Eric @ wolfSSL Support

Also, here is an example of a very minimal configuration for ECC. Perhaps it will be useful:
https://github.com/wolfSSL/wolfssl/blob … _min_ecc.h

That does not sound outrageous.

Here is a guide you may find useful:
https://www.wolfssl.com/docs/wolfssl-ma … llocation/
In particular, the tuning section at the end.

220

(16 replies, posted in wolfSSL)

Hi Alex,

Nothing stands out as odd in the configuration. There could be an issue in how the application is handling the wolfSSL context.

Have you reviewed the examples repository? In particular this one may be of interest to you:
https://github.com/wolfSSL/wolfssl-exam … blocking.c

Thanks,
Eric @ wolfSSL Support

Excellent. Right, if you had filled the buffer with data (used all 1024 bytes), then the sizeof operator would be correct.

Yes, the sizeof operator returns the actual size of the buffer, not the string. You want to use

 strlen(buffer)
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/error-crypt.h>

void main() {
    byte md5sum[MD5_DIGEST_SIZE]; 
    byte sha256sum[SHA256_DIGEST_SIZE]; 
    byte buffer[1024] = "Hello";
    Md5 md5;
    Sha256 sha256;
    
    //MD5
    wc_InitMd5(&md5);
    wc_Md5Update(&md5, buffer, strlen(buffer));
    wc_Md5Final(&md5, md5sum);
    printf("MD5 is \n");
    for(int i=0 ; i < MD5_DIGEST_SIZE ;i++)  printf("%x",md5sum[i]);
        printf(" \n");
    wc_Md5Free(&md5);


    //SHA256
    wc_InitSha256(&sha256);
    wc_Sha256Update(&sha256, buffer, strlen(buffer));
    wc_Sha256Final(&sha256, sha256sum);
    printf("SHA is \n");
    for(int i=0 ; i < SHA256_DIGEST_SIZE  ;i++) printf("%x",sha256sum[i]);
        printf(" \n");
    wc_Sha256Free(&sha256);
}

MD5 is
8b1a9953c4611296a827abf8c4784d7
SHA is
185f8db32271fe25f561a6fc938b2e26436ec304eda51807d1764826381969

Hello

I would be curious to see your application code, perhaps you are hashing the whole buffer, not just the string "Hello"

wolfSSL has a command line utility project, aptly named wolfCLU:
https://github.com/wolfSSL/wolfCLU

I used it below to demonstrate that the hashes match the values from other tools (openssl and sha256sum):

$ echo "Hello" > test.txt
$ wolfssl -hash md5 -in test.txt 
09f7e02f1290be211da707a266f153b3
$ openssl md5 test.txt 
MD5(test.txt)= 09f7e02f1290be211da707a266f153b3
$ wolfssl -hash sha256 -in test.txt 
66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18
$ sha256sum test.txt 
66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18  test.txt

HI Kelvin,

Thanks for confirming the fix. Most customers of wolfSSL utilize the ZenDesk platform by emailing `support@wolfssl.com`. Tickets in ZenDesk are monitored and more closely tracked.

You are welcome to use whichever method suits you.

Hi Davide,

I have not heard back from my contact at Sysgo (out of office), but you might have some luck reaching out to them also
info@sysgo.com

I participated in a webinar in which the Sysgo engineer developed a demo using PikeOS and wolfSSL / wolfMQTT. Of course wolfSSL and wolfMQTT code is available as open source on Github, but the PikeOS code will need to be provided by Sysgo.
https://www.youtube.com/watch?v=e2MjDM_JjXQ

Thanks,
Eric @ wolfSSL Support