You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by dgarske
Hi Hstr,
You'll also need to define HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES. Also you won't need to define "BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" as that is done automatically in internal.h when ECC, AES-GCM and SHA256 are enabled.
I see what you mean about the ecc-key and ecc-cert not being in the certs_test.h file. I'll see about getting that updated. Thanks for bringing that to our attention.
Thanks,
David Garske
Hey Avenuti,
Updating to lastest wolfSSL will resolve this. There were numerous fixes with ECC math back on May 4th that resolve the ecc_is_point check for ECC 521. If you have ALT_ECC_SIZE defined you'll want to make sure FP_MAX_BITS_ECC is set high enough (like 1088). If you update to the latest you can not define FP_MAX_BITS_ECC and let the tfm.h header handle it.
David
Hey Jrandombob,
Its possible the compiler/libc you are using requires an aligned pointer, but that is not typical. A memcpy function is super simple and can sometimes be optimized for 32-bit CPU's to copy int by int, vs. byte by byte.
Which compiler and libc are you using? What are your hard fault registers values telling you? https://community.arm.com/thread/5414
If this memory you are writing to comes from an alloc have you verified its a valid, usable address? Is it just memcpy or is it affecting other libc functions?
David
Hey Comomind,
The smallest wolfCrypt only ECC and SHA256/SHA512 can get is about 15K flash and 1K ram. That's because of the math required for ECC.
Typically the library is configured two ways:
1. Using automake and ./configure
2. Defining WOLFSSL_USER_SETTINGS and adding your own user_settings.h file.
A good example for a reference user_settings.h is here:
https://github.com/wolfSSL/wolfssl/blob … settings.h
Things you'll need to change from that example are:
1. Add "WOLFCRYPT_ONLY" to disable the TLS/SSL code. (or use ./configure --enable-cryptonly).
2. Remove HAVE_ECC192, HAVE_ECC224, HAVE_ECC384 and HAVE_ECC521 (so you are left with only the 256-bit curves).
3. Remove TFM_ECC192, TFM_ECC224, TFM_ECC384 and TFM_ECC521
4. Turn off RSA change line 101 to #if 0 (./configure --disable-rsa)
5. Turn off AES change line 117 to #if 0 (./configure --disable-aes)
6. Turn off ChaCha/Poly (./configure --disable-chacha --disable-poly1305)
7. Turn off hashing for Sah1. (./configure --disable-sha)
8. Turn off MD5 (./configure --disable-md5)
9. To adjust size vs. performance play with ECC_SHAMIR, ECC_TIMING_RESISTANT and TFM_TIMING_RESISTANT.
10. If you are only doing an ECC verify you can define the following to disable portions of the ECC code: "NO_ECC_SIGN", "NO_ECC_DHE" and "NO_ECC_KEY_EXPORT".
David
Hello Avenuti,
Thanks for the detailed question.
It looks like you are not using the latest v3.9.8 wolfSSL release. There have been a few fixes/changes in that area of ECC vector testing. I've seen this error and believe you can workaround it without an update by defining ECC_SHAMIR. I do recommend you update if you can.
For your NXP LPC1837 micro I would recommend the following settings:
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define TFM_ARM (or TFM_ASM if that one fails)
#define HAVE_ECC
#define ECC_USER_CURVES
#define HAVE_ECC521
#define ECC_SHAMIR
#define ECC_TIMING_RESISTANT
#define ALT_ECC_SIZE
#define TFM_ECC521
For additional details on these and a good example of a user_settings.h configuration file see here:
https://github.com/wolfSSL/wolfssl/blob … settings.h
Thanks and let me know if that resolves your failure.
David Garske
wolfSSL - Embedded SSL Library → Posts by dgarske
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.022 seconds (72% PHP - 28% DB) with 4 queries