Hi Kaleb,
we upgraded WolfSSL from 3.6.8 to 3.11.0 few weeks ago.
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by huba
Pages 1
Hi Kaleb,
we upgraded WolfSSL from 3.6.8 to 3.11.0 few weeks ago.
Hi Kaleb,
in attachement is part of script which generates ecc certificates [encrypted].
This script generates CA pk/cert, client private key, client signing request and sign signing request with CA.
1) Extract the archive to /tmp folder and run ./ecc.sh.
2) Fill password for CA, except FQN parameter you can enter default values (have to be unique), ..., and agree sign.
3) In /tmp folder you can find certificates in DER format.
The main problem is when decoding a certificate during TLS handshake.
Received certificate:
https://lapo.it/asn1js/#308203C93082036 … A9D5721F92
you can see parameter called keyUsage, but when it's decoded by wolfCrypt in function CheckBitString is a premise that the lowest bit of value have to be 1. I don't know why. The certificate is ok but wolfCrypt can't parse it.
input = 03 02 05 80
static int CheckBitString(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx, int zeroBits, byte* unusedBits)
{
...
if (b >= 0x08)
return ASN_PARSE_E;
if (b != 0) { // b = 5
if ((byte)(input[idx + length - 1] << (8 - b)) != 0)
return ASN_PARSE_E;
if (((input[idx + length - 1] >> b) & 0x01) != 0x01) /// PROBLEM!!!!!! input[idx + length - 1] = 0x80, (0x80 >> 5 & 1) == 0!!
return ASN_PARSE_E;
}
...
return 0;
}
I have generated ECC key pair signed by CA with openssl tool in DER format.
I tried load public key to ecc_key structure but wc_EccPublicKeyDecode() returns ASN_OBJECT_ID_E.
Here is part of code:
// cert_der_ptr = 3082029C 30820243 A003020102 ...
int idx;
ecc_key pubk;
wc_ecc_init( &pubk );
idx = 0;
ret = wc_EccPublicKeyDecode( cert_der_ptr, &idx, &pubk, cert_der_size );
// here: ret == ASN_OBJECT_ID_E
// wc_EccPublicKeyDecode() expects two sequences and ObjectId but ObjectId is not on that possition:
// { GetSequence, GetSequence, SkipObjectId -> GetASNObjectId { b = 0xA0, b != ASN_OBJECT_ID -> return ASN_OBJECT_ID; } }
Here you can find decoded ASN.1 DER certificate:
https://lapo.it/asn1js/#3082029C3082024 … 90D63DBED7
Is it bug, unsupported DER format or something other wrong?
Pages 1
wolfSSL - Embedded SSL Library → Posts by huba
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.019 seconds (96% PHP - 4% DB) with 5 queries