You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by dgarske
Hi kannan,
The GitHub PR is here: https://github.com/wolfSSL/wolfssl-examples/pull/155
Here is the branch and directory with instructions:
https://github.com/JacobBarthelmeh/wolf … x/FreeRTOS
Let me know if you have any questions.
Thanks,
David Garske, wolfSSL
Hi Kannan,
We support the A9 and Aarch64 speedups and the Zynqmp hardware acceleration.
Here is the wolfSSL FreeRTOS Xilinx port:
https://github.com/wolfSSL/wolfssl-examples/pull/155
Here is Xilinx's performance write up on it:
https://www.xilinx.com/support/document … crypto.pdf
Thanks,
David Garske, wolfSSL
Hi bsda_dev,
Your error is: `SIDE_ERROR = -344, /* wrong client/server type */`.
Yes we support both sides. We do have a feature to create a generic WOLFSSL_CTX method and the context role (client or server) is determined on the first connect.
To enable this feature use the build option `WOLFSSL_EITHER_SIDE` and use the method `wolfSSLv23_method`.
Thanks,
David Garske, wolfSSL
Hi windyMk92,
Yes that all looks correct. Depending on your platform you may need to do a "sudo ldconfig" after the "sudo make install". Additionally some platform use "usr" and some use "usr/local", so you might need to adjust things. If you want to force wolfSSL configure to install to a different location use `./configure --prefix=/usr` (for example).
For wolfcrypt-py install using the local wolfCrypt are you using this command `sudo USE_LOCAL_WOLFSSL=/usr/local pip3 install .`?
Are you still getting the same `libwolfssl.so.24: cannot open shared object file: No such file or directory` error?
Thanks,
David Garske, wolfSSL
Hi DanielGruber,
I pushed a few FreeRTOS fixes to that MQTT multi-threading PR here: https://github.com/wolfSSL/wolfMQTT/pul … 7a4cc203eb
Let me know if you still see any issues on FreeRTOS.
Thanks,
David Garske, wolfSSL
Hi rvogel,
Your code looks correct for loading a trusted CA. I would suggest its not locking up, but instead is taking a long time. Internally its doing an asymmetric verify operation. Are you able to see with a debugger where its "locking up". Have you confirmed you have enough stack/heap available? Is this an ECC or RSA certificate? Have you tried enabling debug logging? To do so define DEBUG_WOLFSSL and call wolfSSL_Debugging_ON();. If you want to redirect to printf instead of the default sprintf(stderr define `WOLFSSL_LOG_PRINTF`.
Thanks,
David Garske, wolfSSL
Hi windyMk92,
The error you are seeing is because the wolfSSL library is missing --enable-ed25519. See the instructions for setting up the Python signing tool here:
https://github.com/wolfSSL/wolfBoot/blo … ll-python3
Interestingly we also just merged in a pure C version of the signing tool along with a visual studio project in tools/keytools. See the section here: https://github.com/wolfSSL/wolfBoot/blo … gning-tool
Thanks,
David Garske, wolfSSL
Hi DanielGruber,
The issue turned out to be thread synchronization and switching to a binary semaphore resolved things. The code has been pushed here and is under peer review:
https://github.com/wolfSSL/wolfMQTT/pull/146
Thanks,
David Garske, wolfSSL
Hi DanielGruber,
We can reproduce the issue and are working on a fix. Once it is available I will post a link here shortly.
Thanks,
David Garske, wolfSSL
Hi DanielGruber,
Thanks for the detailed report for wolfMQTT and multithreading. I will see if I can reproduce and resolve.
David Garske, wolfSSL
Hi ashetty,
Those functions are "internal" as defined by `WOLFSSL_LOCAL`, which tells the compiler not to export them via wolfssl/wolfcrypt/visilbility.h "#define WOLFSSL_LOCAL __attribute__ ((visibility("hidden")))".
Is there a reason you aren't using a public API like: `wolfSSL_get_cipher_list`, `wolfSSL_get_ciphers`, `wolfSSL_get_ciphers_iana`?
If you really want to expose the internal API's you'll need to un-define HAVE_VISIBILITY or un-define BUILDING_WOLFSSL.
Thanks,
David Garske, wolfSSL
Hi yighax2,
Check out our wolfssl-examples repo. We have a few examples that will help you with this:
https://github.com/wolfSSL/wolfssl-exam … -callbacks
https://github.com/wolfSSL/wolfssl-exam … master/tls
See the "-callback" TLS examples
These use our custom IO callbacks, which are set using:
wolfSSL_CTX_SetIORecv(ctx, my_IORecv);
wolfSSL_CTX_SetIOSend(ctx, my_IOSend);
You can also set a custom pointer context using:
wolfSSL_SetIOReadCtx(ssl, &recvCtx);
wolfSSL_SetIOWriteCtx(ssl, &sendCtx);
You can build with `WOLFSSL_USER_IO` to disable the internal "socket" handling and require use of these IO callbacks.
Thanks,
David Garske, wolfSSL
Hi isnipenow,
See the `wc_RsaPublicKeyDecode` function.
Out wolfssl-examples repository has many examples:
https://github.com/wolfSSL/wolfssl-exam … rify.c#L85
Documentation:
https://www.wolfssl.com/doxygen/group__ … 35bda1f728
Thanks,
David Garske, wolfSSL
Hi pbreed,
Thanks for the forum question. You can also use our support@wolfssl.com ZenDesk system for faster responses.
Can you describe how you are building wolfSSL? Internally we have mutex protection if threading is enabled.
If the --enable-singlethreaded option is set or SINGLE_THREADED is defined then threading is not supported.
Thanks,
David Garske, wolfSSL
Hi noahh0123,
Try setting the RNG for the RsaKey using:
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
See the following:
https://github.com/wolfSSL/wolfssl-exam … h-sign-rsa
https://www.wolfssl.com/forums/topic111 … -data.html
David Garske, wolfSSL
Hi burakkirazli,
It depends on the algorithms enabled/used and the FP_MAX_BITS you have defined. The ECC and RSA algorithms use fast math.
Typically during a TLS connection you'll have several of these on the stack. I recommend starting with 10KB of stack and then looking at your stack high watermark to determine how much to reduce.
For RSA the FP_MAX_BITS is double the maximum key size. For RSA 2048-bit requires double max bits so 4096. If you have just ECC defined than FP_MAX_BITS can be ECC max key size + 32. For both RSA and ECC you can reduce ECC stack usage by defining ALT_ECC_SIZE, which will use heap for the ECC point instead of stack.
We have some good examples for configuration the math library cases here:
https://github.com/wolfSSL/wolfssl/blob … settings.h
Thanks,
David Garske, wolfSSL
Hi burakkirazli,
Thanks for letting us know the fix was due to not having XREALLOC / realloc implemented correctly when using the normal math.
David Garske, wolfSSL
Hi burakkirazli,
Error -142 is `ASN_GETINT_E`. Happening on call to `wc_RsaPublicKeyDecode`. My best guess is you heap allocation failed when trying to parse the RSA certificate from the peer. Check your heap space and either make more available or switch to a stack based math by defining USE_FAST_MATH. It might be helpful to look at this example user_settings.h file, which describes many build options. https://github.com/wolfSSL/wolfssl/blob … settings.h
Thanks,
David Garske, wolfSSL
Hi bsda_dev,
I compared the generated wolfssl/options.h using ./configure and ./configure --enable-tls13 and the resulting build option differences are:
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define WC_RSA_PSS
#define HAVE_HKDFI am surprised that server method would work and allow TLSv1.2, since it should not allow downgrade unless you are using the wolfSSLv23_server_method. Please also share your Wireshark trace. If you want to submit directly to our support email support@wolfssl.com and reference this forum post.
Thanks,
David Garske, wolfSSL
Hi burakkirazli,
Looks like the TLS server did not like something in the client_hello and sent back an alert 40 (handshake_failure). Can you describe more about the server and what build options you are using? Perhaps you can send a Wireshark trace and print a run-time list of enabled cipher suites?
#ifndef WOLFSSL_CIPHER_LIST_MAX_SIZE
#define WOLFSSL_CIPHER_LIST_MAX_SIZE 4096
#endif
static void ShowCiphers(void)
{
char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE];
int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers));
if (ret == WOLFSSL_SUCCESS)
printf("%s\n", ciphers);
}Thanks,
David Garske, wolfSSL
Hi burakkirazli,
See "Date BEFORE check failed" message above. The -150 error (from wolfssl/wolfcrypt/error-crypt.h) "ASN_BEFORE_DATE_E = -150, /* ASN date error, current date before */".
Your RTC time is not setup properly, so the certificate date check is failing. Here are the possible solutions:
1. Setup your RTC correctly via the XTIME macros. Example here: https://github.com/wolfSSL/wolfssl/blob … ngs.h#L449
2. Override the date error in the verify callback (see this example: https://github.com/wolfSSL/wolfssl/blob … t.h#L1721)
3. Disable all certificate date checking by disabling NO_ASN_TIME. Do note that this will allow expired certificates to be used.
Thanks,
David Garske, wolfSSL
Hi burakkirazli,
If you don't have socket error codes for EWOULDBLOCK or EAGAIN then why are you using the WOLFMQTT_NONBLOCK build option?
Perhaps can explain more about your use case and socket library being used?
Thanks,
David Garske, wolfSSL
Hi burakkirazli,
Thanks for your report. I pushed a fix into PR 135 here (https://github.com/wolfSSL/wolfMQTT/pull/135). Please give it a try and let me know if this works.
Thanks,
David Garske, wolfSSL
Hi burakkirazli,
You must run the example from the wolfssl-root like:
./examples/echoserver/echoserver
Also you can find some simple TLS examples in our wolfssl-examples repo here:
https://github.com/wolfSSL/wolfssl-examples
Thanks,
David Garske, wolfSSL
Hi Cookie,
Have you seen our simple TLS examples in our wolfssl-examples repo?
https://github.com/wolfSSL/wolfssl-exam … master/tls
The -345 NO_PEER_CERT error indicates the peer did not present a certificate. See the wolfSSL_CTX_set_verify API for setting the verify options for the peer certificate.
Thanks,
David Garske, wolfSSL
Thanks,
David Garske, wolfSSL
wolfSSL - Embedded SSL Library → Posts by dgarske
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.023 seconds (72% PHP - 28% DB) with 5 queries