Hi raphaell,

Can you try using C_EXTRA_FLAGS instead of CFLAGS when configuring wolfSSL embedded SSL? 

A while back we switched reading additional flags in from the user from CFLAGS to C_EXTRA_FLAGS to avoid conflicts with modifications we have made to the ./configure system.

Thanks,
Chris

Hi dtiemann,

wolfSSL_KeyPemToDer() is currently only compiled into wolfSSL if our OpenSSL compatibility layer has been defined when building wolfSSL.

You can enable the compatibility layer by using the --enable-opensslextra ./configure option, or by adding OPENSSL_EXTRA to your list of preprocessor flags.

Can you give this a try and let me know if it works for you?

Thanks,
Chris

Hi,

wolfSSL's OpenSSL compatibility layer was designed to make porting into existing OpenSSL applications easier, but is far from complete.  It maps roughly the most-used 300 OpenSSL functions to the native wolfSSL API, where OpenSSL has over 4,000 in total.

It sounds like the functions you have listed are related to certificate generation.  For an example of how wolfSSL does certificate generation, see ./ctaocrypt/test/test.c, specifically the code inside of the #ifdef WOLFSSL_CERT_GEN define of rsa_test().

wolfSSL doesn't currently support this function.  For certificate generation, wolfSSL uses an RsaKey structure, which contains a RSA private key.  A private key buffer (in DER format) can be loaded into an RsaKey structure using the RsaPrivateKeyDecode() function.

In OpenSSL, this function lets the application set the X.509 certificate version to use.  wolfSSL embedded SSL only supports X.509 V3 certificate generation.  As such, this function is not needed with wolfSSL.

When doing certificate generation with wolfSSL, the serial number can be set directly by the user when filling in the "Cert" structure.

Like the previous function, certificate fields can be set directly by the user when filling in the "Cert" structure.

wolfSSL's equivalent to X509_sign() would be the SignCert() function, with usage shown in rsa_test() of test.c.

Best Regards,
Chris

Hi Lukas,

We haven't found time yet to add support for secure renegotiation, but it's still on our list.

Best Regards,
Chris

Hi Gnate,

Hopefully I'll get time to publish the guide on our website soon.  I'll email it over to you for your reference.

Regarding integrating wolfSSL with LwIP, wolfSSL currently can use LwIP out-of-the-box when WOLFSSL_LWIP is defined - as long as LwIP is using the BSD style socket API. 

If you need to use the RAW LwIP API, like you mentioned above, you'll have to write and register your own I/O callbacks with wolfSSL.  Info about I/O callbacks can be found in Section 5.1.2 of the wolfSSL Manual (http://yassl.com/yaSSL/Docs-cyassl-manu … ility.html).  If you run into any questions, feel free to reach out to us at support@wolfssl.com.

Best Regards,
Chris

Hi abak2409,

I just sent you a PM.

Best Regards,
Chris

Hi Yun,

Your understanding of RsaPrivateKeyDecode() is correct.  It is used to decode a key from a DER format into an RsaKey structure. 

SSL_FILETYPE_RAW is used with NTRU (a separate public key algorithm which CyaSSL supports).  DER format is indicated by SSL_FILETYPE_ASN1.

Best Regards,
Chris

Hi,

Currently wolfSSL embedded SSL doesn't have the ability to generate a CSR.  We have had a few inquiries recently about CSR generation though.  Are you able to share any details about the project you are working on?

Thanks,
Chris

Hi ctb,

Yes, the AesEncryptDirect() and AesDecryptDirect() functions just do a direct ECB-mode AES operation.  These are left out of the documentation because ECB (Electronic codebook) mode is not regarded as very secure.  If you take a look at the penguin image on the following Wikipedia page under the "ECB" section, you will see that it doesn't hide patterns very well:

https://en.wikipedia.org/wiki/Block_cip … _operation

Best Regards,
Chris

Hi ctb,

It looks like this has been fixed post-5.2.1.  You can view our most current version of the CTaoCrypt usage reference online, here:  http://yassl.com/yaSSL/Docs-cyassl-manu … rence.html.

A new version of the PDF Manual will be released with our upcoming 2.8.0 release.

Thanks,
Chris

Hi Steffen,

Can you check to make sure you have the same preprocessor flags set in both your CyaSSL project file as well as your ConsoleApplication2 project file?  A mismatch in these will cause the internal Sha structure sizes to differ, thus causing problems.

Thanks,
Chris

Hi,

You'll need to do a couple of things to build the existing Visual Studio wolfSSL project file with NO_RSA and HAVE_ECC:

1.  In the Visual Studio project file for wolfSSL embedded SSL, you'll need to add NO_RSA and HAVE_ECC to the Preprocessor Definitions.

2.  You'll need to remove the OPENSSL_EXTRA define already listed in the preprocessor definitions in the project settings.

3.  You'll need to add the ./ctaocrypt/src/ecc.c source file to the "Source Files" list in Visual Studio.

4.  Clean and re-build the wolfSSL project.

Best Regards,
Chris