You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by dgarske
Hi kbarb,
Did you happen to see the instructions for HiFive Unleashed here?
https://github.com/wolfSSL/wolfssl/tree … -UNLEASHED
https://github.com/wolfSSL/wolfssl/tree … -compiling
The errors above look like either libc or sysroot target/host mismatch issue with cross-compiling. Perhaps try using `--with-sysroot=` instead of manually putting it into "CFLAGS"-I..."?
Thanks,
David Garske, wolfSSL
Hi Scoobi_FreeBSD,
If you define single threaded it just means you will not use the same WOLFSSL_CTX or WOLFSSL object from more than one thread at a time. You could have separate instances of those for multiple threads at the same time.
For the uITRON4 build issues I will have to defer to another engineer.
Thanks,
David Garske, wolfSSL
Hi anonazh228,
I believe you need to compile in the assembly versions of the code in `aes_asm.asm`. See the example project here: https://github.com/wolfSSL/wolfssl/blob … xproj#L343
And build options:
https://github.com/wolfSSL/wolfssl/blob … ings.h#L52
Thanks,
David Garske, wolfSSL
Hi srihari,
Looks like "rl_fs.h" is for the file system and is not part of wolfSSL.
If you do not have that support in your platform then define "NO_FILESYSTEM" to disable it.
Thanks,
David Garske, wolfSSL
Hi Scoobi_FreeBSD,
You can also build with "SINGLE_THREADED" defined to disable threading / mutex support. What Renesas uiTRON headers are not found when using WOLFSSL_uITRON4?
Thanks,
David Garske, wolfSSL
Hi Scoobi_FreeBSD,
See our "More Downloads" page. https://www.wolfssl.com/download/downloadMoreForm.php
Microchip_ATECC_Demos.zip
You are correct that `WOLFSSL_ATMEL` is specific to the ASF and you are not required to set `WOLFSSL_ATMEL` to use the ATECC508A/608A code.
#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB)Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
The -155 "RSA_FUNCTION MP_EXPTMOD_E: memory/config problem" means either stack too small or FP_MAX_BITS is not set large enough. If you have FP_MAX_BITS 8192 you should be good with fast math.
Did you try the SP version of our math. It's much much faster and memory efficient.
Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
That sounds like a stack issue. The fast math option uses stack for the math variables. Setting the FP_MAX_BITS to 8192 is correct (double max key size). But you'll also need to make sure your task or linker script increases the allowed / reserved stack space. By disabling fast math it uses heap. The normal math is slower because of the extra malloc/free calls.
You might also try using our single precision small math option with these options:
#define WOLFSSL_SP
#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096 /* enable 4096-bit */
//#define WOLFSSL_SP_MATH /* only SP math - eliminates integer/tfm math code, so only standard curves/key sizes are supported */
//#define WOLFSSL_SP_ASM /* enable the assembly speedup */
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* optional cortex-m speedups */
Thanks,
David Garske, wolfSSL
Hi Scotty2541,
The most common reasons for this is:
1) The signature has the ASN.1 encoding. See WC_SIGNATURE_TYPE_RSA_W_ENC, wc_SignatureDerEncode or wc_EncodeSignature.
Can you share a snippet of the code you are using?
Thanks,
David Garske, wolfSSL
Hi rahila_shams,
The difference between DH and ECC is the asymmetric algorithm used for securely deriving a shared secret. If DH is disabled only ECDH(E) cipher suites are available.
For setting the build option I recommend using our user_settings.h and WOLFSSL_USER_SETTINGS to define NO_DH. See our first FAQ item here: https://www.wolfssl.com/docs/frequently … r_wolfSSL?
Thanks,
David Garske, wolfSSL
Hi srihari,
We have a new STM Cube pack that you can use to generate a project for your STM hardware.
See https://www.wolfssl.com/docs/stm32/ for instructions.
Thanks,
David Garske, wolfSSL
Hi sergiop,
Thanks for this report. I will setup a test case for this and validate. I would expect that sequence of openssl compatibility calls to work.
Also we have an example for setting up a TLS proxy with native wolfSSL API's. I'm emailing you that example.
Thanks,
David Garske, wolfSSL
Hi sergiop,
The word `template` is reserved with some compilers. This has already been renamed to `tpl` post v4.4.0 release here:
https://github.com/wolfSSL/wolfssl/pull/2921
I just pushed the fix for the missing `X509_add_ext` to PR:
https://github.com/wolfSSL/wolfssl/pull/3199
Thanks,
David Garske, wolfSSL
Hi torntrousers,
Looks like your Arduino doesn't have "time.h" support.
You have a couple options:
1. Disable ASN time support using "NO_ASN_TIME"
2. Override the time support. See this example:
https://github.com/wolfSSL/wolfssl/blob … ngs.h#L452
https://github.com/wolfSSL/wolfssl/blob … main.c#L32
Thanks,
David Garske, wolfSSL
Hi Markus,
It looks like you just need to add `--enable-des3 CFLAGS="-DWOLFSSL_DES_ECB"` to your ./configure call when building and installing wolfSSL.
Thanks,
David Garske, wolfSSL
Hi he1n,
Yes. See `WOLFSSL_SSLKEYLOGFILE` define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using `WOLFSSL_SSLKEYLOGFILE_OUTPUT`.
1. Build wolfSSL using:
./configure CFLAGS="-DSHOW_SECRETS -DWOLFSSL_SSLKEYLOGFILE"
2. By default it outputs to a file named "sslkeylog.log" using this Wireshark Pre-Master-Secret Format:
CLIENT_RANDOM <clientrandom> <mastersecret>
3. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.
Key logging feature was added in PR 1873 (https://github.com/wolfSSL/wolfssl/pull/1873)
Commit: https://github.com/wolfSSL/wolfssl/pull … dd532b587b
You will get a compiler warning for this feature because it should never be used in production. Here is the PR with those details:
https://github.com/wolfSSL/wolfssl/pull/2053
The #warning can be ignored as error using ./configure CFLAGS="-W#warnings".
Thanks,
David Garske, wolfSSL
Hi weaver4,
You might consider moving the --sysroot out of the LDFLAGS and using --with-sysroot=.
Thanks,
David Garske, wolfSSL
Hi weaver4,
You need to use the `--with-sysroot=` with your ./configure. Do some google searches for "undefined reference to `__fdelt_chk'" and you'll see some tips.
For example this cross-compile for a HiFive Unleashed board running Linux:
./configure --host=riscv64 \
CC="/home/davidgarske/GitHub/freedom-u-sdk/work/buildroot_initramfs/host/bin/riscv64-sifive-linux-gnu-gcc" \
--with-sysroot="/home/davidgarske/GitHub/freedom-u-sdk/work/buildroot_initramfs_sysroot/" \
--disable-shared \
--enable-sp \
CFLAGS="-mabi=lp64d -march=rv64imafdc"
makeYou can see the use of `--with-sysroot=`.
The sysroot is required because you are cross-compiling to an ARM system running Linux. If you want to cross-compile for bare-metal.
If you want to use a custom Makefile see example here:
https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM
Or you can use CMake with an experimental PR here:
https://github.com/wolfSSL/wolfssl/pull/2746
Thanks,
David Garske, wolfSSL
Hi weaver4,
Usually its because the cross-compiler requires something additional like the CPU architecture. If you look in config.log it should explain.
Here are a couple of ARM cross compiles I've used:
./configure CC=arm-linux-gnueabihf-gcc-5 --host=arm-linux-gnueabihf --enable-armasm --enable-all --enable-debug --disable-shared --enable-static CFLAGS="-mcpu=cortex-a53 -mfpu=crypto-neon-fp-armv8 -mfloat-abi=hard -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8"./configure --host=arm-none-eabi CC=gcc AR=ar RISC-V:
./configure --host=riscv64 \
CC="riscv64-sifive-linux-gnu-gcc" \
--with-sysroot="buildroot_initramfs_sysroot/" \
--disable-shared \
--enable-sp \
CFLAGS="-mabi=lp64d -march=rv64imafdc"MIPS:
./configure --host=mips64 CC="mips64-octeon-linux-gnu-gcc -mabi=64"Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
I see now that you are using the TI hardware acceleration in ti-aes.c. Have you tried running without the hardware acceleration? For that you'd just not define `WOLFSSL_TI_CRYPT`.
I will have another engineer who's worked on the TI parts review this report. It could be there is a new issue with tm4c129encpdt and `AesAlign16`.
Also I cannot see where -1014 would be generated from the ecc_test, is it possible to share the stack information for the error or enable logging with DEBUG_WOLFSSL and wolfSSL_Debugging_ON()?
Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
Make sure you don't have `NO_CRYPT_TEST` defined in your user_settings.h. This will make sure the wolfCrypt test code is available. Usually a reset like that is caused by a hard-fault or a watchdog. Is there anyway to determine cause of reset on your platform? Most have a reset reason register. Micros like ARM have a hard fault interrupt handler, which shows the PC instruction where the fault occurred.
Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
The next operation is the "processing server hello done", which uses decryption. Have you run the wolfCrypt test yet to validate your platform's individual algorithms?
Here is an example for calling wolfcrypt/test/test.c:
https://github.com/wolfSSL/wolfssl/blob … est_main.c
Have you made sure your thread has enough stack space? Depending on the build options and cipher suite you may need up to 30KB in of stack space. You can reduce the stack requirement using build options like `WOLFSSL_SMALL_STACK` and `ALT_ECC_SIZE`. Here is a useful list I put together:
https://github.com/wolfSSL/wolfssl/tree … ng-options
Thanks,
David Garske, wolfSSL
Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
Usually you'll have a user_settings.h file to put build settings, which is enabled with WOLFSSL_USER_SETTINGS. See entry 1 in our FAQ here. https://www.wolfssl.com/docs/frequently … r_wolfSSL?
Make sure you do not have NO_CODING defining, which will disable the base 64 decode support and prevent PEM support.
Thanks,
David Garske, wolfSSL
Hi akhi_gangwar,
The error -188 means a certificate could not be validated to a trusted peer. The TLS Peer is sending 4 certificates and some of these are not validating. By default wolfSSL expects all provided certificates get validated. My guess is you are loading an intermediate CA and not the root CA. You can either load the correct root CA or you can add our `WOLFSSL_ALT_CERT_CHAINS` build option. This option only requires the peer's provided certificate matches to a loaded/trusted cert.
Also you can load PEM files directly using SSL_FILETYPE_PEM.
Thanks,
David Garske, wolfSSL
Hi Carlo,
For reference that SNI documentation PR is here https://github.com/wolfSSL/wolfssl/pull/3064 and was merged in June 22, 2020.
Thanks,
David Garske, wolfSSL
wolfSSL - Embedded SSL Library → Posts by dgarske
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.030 seconds (74% PHP - 26% DB) with 4 queries