Hi eli.hughes,

Thanks for sharing these findings. I also hope other folks on the Cortex M will see this. The SP WOLFSSL_SP_ARM_CORTEX_M_ASM option is quite impressive for RSA/DH/ECC math speedups because it uses hand written assembly.

I will suggest to marketing we make this into a blog post.

Thanks,
David Garske, wolfSSL

Hi srihari,

Make sure you have the wolfssl root directory in your include path...

Thanks,
David Garske, wolfSSL

Hi srihari,

See section 3 of the user manual:
https://www.wolfssl.com/docs/wolfssl-manual/ch3/

3.6 ECHOCLIENT EXAMPLE
3.3 CLIENT EXAMPLE

These are calling the examples/echoclient and example/client here:
https://github.com/wolfSSL/wolfssl/tree/master/examples

The echo sends data and expects the same data back from echo server.

The simple client sends a Hello and expects a I hear you. It can also use the "-g" option to send a sample HTTP GET.

Thanks,
David Garske, wolfSSL

229

(3 replies, posted in wolfSSL)

Hi j3ll3,

The -188 error indicates the certificate could not be tied back to a trusted CA. Perhaps a missing intermediate? Is it possible to share the wireshark and the certificates used? If you'd like to send them directly you can use support@wolfssl.com.

Thanks,
David Garske, wolfSSL

Hi kbarb,

Did you happen to see the instructions for HiFive Unleashed here?
https://github.com/wolfSSL/wolfssl/tree … -UNLEASHED
https://github.com/wolfSSL/wolfssl/tree … -compiling

The errors above look like either libc or sysroot target/host mismatch issue with cross-compiling.  Perhaps try using `--with-sysroot=` instead of manually putting it into "CFLAGS"-I..."?

Thanks,
David Garske, wolfSSL

Hi Scoobi_FreeBSD,

If you define single threaded it just means you will not use the same WOLFSSL_CTX or WOLFSSL object from more than one thread at a time. You could have separate instances of those for multiple threads at the same time.

For the uITRON4 build issues I will have to defer to another engineer.

Thanks,
David Garske, wolfSSL

232

(1 replies, posted in wolfSSL)

Hi anonazh228,

I believe you need to compile in the assembly versions of the code in `aes_asm.asm`. See the example project here: https://github.com/wolfSSL/wolfssl/blob … xproj#L343

And build options:
https://github.com/wolfSSL/wolfssl/blob … ings.h#L52

Thanks,
David Garske, wolfSSL

Hi srihari,

Looks like "rl_fs.h" is for the file system and is not part of wolfSSL.

If you do not have that support in your platform then define "NO_FILESYSTEM" to disable it.

Thanks,
David Garske, wolfSSL

Hi Scoobi_FreeBSD,

You can also build with "SINGLE_THREADED" defined to disable threading / mutex support. What Renesas uiTRON headers are not found when using WOLFSSL_uITRON4?

Thanks,
David Garske, wolfSSL

Hi Scoobi_FreeBSD,

See our "More Downloads" page. https://www.wolfssl.com/download/downloadMoreForm.php
Microchip_ATECC_Demos.zip

You are correct that `WOLFSSL_ATMEL` is specific to the ASF and you are not required to set `WOLFSSL_ATMEL` to use the ATECC508A/608A code.

#if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \
    defined(WOLFSSL_ATECC608A) || defined(WOLFSSL_ATECC_PKCB)

Thanks,
David Garske, wolfSSL

Hi akhi_gangwar,

The -155 "RSA_FUNCTION MP_EXPTMOD_E: memory/config problem" means either stack too small or FP_MAX_BITS is not set large enough. If you have FP_MAX_BITS 8192 you should be good with fast math.

Did you try the SP version of our math. It's much much faster and memory efficient.

Thanks,
David Garske, wolfSSL

Hi akhi_gangwar,

That sounds like a stack issue. The fast math option uses stack for the math variables. Setting the FP_MAX_BITS to 8192 is correct (double max key size). But you'll also need to make sure your task or linker script increases the allowed / reserved stack space. By disabling fast math it uses heap. The normal math is slower because of the extra malloc/free calls.

You might also try using our single precision small math option with these options:

#define WOLFSSL_SP
#define WOLFSSL_SP_SMALL      /* use smaller version of code */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096       /* enable 4096-bit */
//#define WOLFSSL_SP_MATH     /* only SP math - eliminates integer/tfm math code, so only standard curves/key sizes are supported */
//#define WOLFSSL_SP_ASM      /* enable the assembly speedup */
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM /* optional cortex-m speedups */

Thanks,
David Garske, wolfSSL

Hi Scotty2541,

The most common reasons for this is:

1) The signature has the ASN.1 encoding. See WC_SIGNATURE_TYPE_RSA_W_ENC, wc_SignatureDerEncode or wc_EncodeSignature.

Can you share a snippet of the code you are using?

Thanks,
David Garske, wolfSSL

239

(3 replies, posted in wolfSSL)

Hi rahila_shams,

The difference between DH and ECC is the asymmetric algorithm used for securely deriving a shared secret. If DH is disabled only ECDH(E) cipher suites are available.

For setting the build option I recommend using our user_settings.h and WOLFSSL_USER_SETTINGS to define NO_DH. See our first FAQ item here: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

240

(1 replies, posted in wolfMQTT)

Hi srihari,

We have a new STM Cube pack that you can use to generate a project for your STM hardware.

See https://www.wolfssl.com/docs/stm32/ for instructions.

Thanks,
David Garske, wolfSSL

241

(2 replies, posted in wolfSSL)

Hi sergiop,

Thanks for this report. I will setup a test case for this and validate. I would expect that sequence of openssl compatibility calls to work.

Also we have an example for setting up a TLS proxy with native wolfSSL API's. I'm emailing you that example.

Thanks,
David Garske, wolfSSL

242

(2 replies, posted in wolfSSL)

Hi sergiop,

The word `template` is reserved with some compilers. This has already been renamed to `tpl` post v4.4.0 release here:
https://github.com/wolfSSL/wolfssl/pull/2921

I just pushed the fix for the missing `X509_add_ext` to PR:
https://github.com/wolfSSL/wolfssl/pull/3199

Thanks,
David Garske, wolfSSL

Hi torntrousers,

Looks like your Arduino doesn't have "time.h" support.

You have a couple options:

1. Disable ASN time support using "NO_ASN_TIME"

2. Override the time support. See this example:
https://github.com/wolfSSL/wolfssl/blob … ngs.h#L452
https://github.com/wolfSSL/wolfssl/blob … main.c#L32

Thanks,
David Garske, wolfSSL

244

(2 replies, posted in wolfSSL)

Hi Markus,

It looks like you just need to add `--enable-des3 CFLAGS="-DWOLFSSL_DES_ECB"` to your ./configure call when building and installing wolfSSL.

Thanks,
David Garske, wolfSSL

245

(4 replies, posted in wolfSSL)

Hi he1n,

Yes. See `WOLFSSL_SSLKEYLOGFILE` define to output master secret used by Wireshark logging to file. Defaults to sslkeylog.log, but can be overridden using `WOLFSSL_SSLKEYLOGFILE_OUTPUT`.

1. Build wolfSSL using:
./configure CFLAGS="-DSHOW_SECRETS -DWOLFSSL_SSLKEYLOGFILE"

2. By default it outputs to a file named "sslkeylog.log" using this Wireshark Pre-Master-Secret Format:
CLIENT_RANDOM <clientrandom> <mastersecret>

3. You can tell Wireshark where to find the key file via Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename.

Key logging feature was added in PR 1873 (https://github.com/wolfSSL/wolfssl/pull/1873)
Commit: https://github.com/wolfSSL/wolfssl/pull … dd532b587b

You will get a compiler warning for this feature because it should never be used in production. Here is the PR with those details:
https://github.com/wolfSSL/wolfssl/pull/2053

The #warning can be ignored as error using ./configure CFLAGS="-W#warnings".

Thanks,
David Garske, wolfSSL

Hi weaver4,

You might consider moving the --sysroot out of the LDFLAGS and using --with-sysroot=.

Thanks,
David Garske, wolfSSL

247

(2 replies, posted in wolfSSL)

Hi weaver4,

You need to use the `--with-sysroot=` with your ./configure. Do some google searches for "undefined reference to `__fdelt_chk'" and you'll see some tips.

For example this cross-compile for a HiFive Unleashed board running Linux:

./configure --host=riscv64 \
    CC="/home/davidgarske/GitHub/freedom-u-sdk/work/buildroot_initramfs/host/bin/riscv64-sifive-linux-gnu-gcc" \
    --with-sysroot="/home/davidgarske/GitHub/freedom-u-sdk/work/buildroot_initramfs_sysroot/" \
    --disable-shared \
    --enable-sp \
    CFLAGS="-mabi=lp64d -march=rv64imafdc"
make

You can see the use of `--with-sysroot=`.

The sysroot is required because you are cross-compiling to an ARM system running Linux. If you want to cross-compile for bare-metal.

If you want to use a custom Makefile see example here:
https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM

Or you can use CMake with an experimental PR here:
https://github.com/wolfSSL/wolfssl/pull/2746

Thanks,
David Garske, wolfSSL

Hi weaver4,

Usually its because the cross-compiler requires something additional like the CPU architecture. If you look in config.log it should explain.

Here are a couple of ARM cross compiles I've used:

./configure CC=arm-linux-gnueabihf-gcc-5 --host=arm-linux-gnueabihf --enable-armasm --enable-all --enable-debug --disable-shared --enable-static  CFLAGS="-mcpu=cortex-a53 -mfpu=crypto-neon-fp-armv8 -mfloat-abi=hard -DSIZEOF_LONG=4 -DSIZEOF_LONG_LONG=8"
./configure --host=arm-none-eabi CC=gcc AR=ar 

RISC-V:

./configure --host=riscv64 \
    CC="riscv64-sifive-linux-gnu-gcc" \
    --with-sysroot="buildroot_initramfs_sysroot/" \
    --disable-shared \
    --enable-sp \
    CFLAGS="-mabi=lp64d -march=rv64imafdc"

MIPS:

./configure --host=mips64 CC="mips64-octeon-linux-gnu-gcc -mabi=64"

Thanks,
David Garske, wolfSSL

Hi akhi_gangwar,

I see now that you are using the TI hardware acceleration in ti-aes.c. Have you tried running without the hardware acceleration? For that you'd just not define `WOLFSSL_TI_CRYPT`.

I will have another engineer who's worked on the TI parts review this report. It could be there is a new issue with tm4c129encpdt  and `AesAlign16`.

Also I cannot see where -1014 would be generated from the ecc_test, is it possible to share the stack information for the error or enable logging with DEBUG_WOLFSSL and wolfSSL_Debugging_ON()?

Thanks,
David Garske, wolfSSL

Hi akhi_gangwar,

Make sure you don't have `NO_CRYPT_TEST` defined in your user_settings.h. This will make sure the wolfCrypt test code is available. Usually a reset like that is caused by a hard-fault or a watchdog. Is there anyway to determine cause of reset on your platform? Most have a reset reason register. Micros like ARM have a hard fault interrupt handler, which shows the PC instruction where the fault occurred.

Thanks,
David Garske, wolfSSL