1

(2 replies, posted in wolfSSL)

Oops, I appeared to have slipped some stuff in that I was debugging. The code is actually
iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "/www/public_256_ecc.pem", SSL_FILETYPE_PEM );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-cert.pem, %d\n", iReturn);

      iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "/www/private_256_ecc.pem", SSL_FILETYPE_PEM );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-key.pem, %d\n", iReturn);

(PEM not ASN1), which is the code producing this error.

2

(2 replies, posted in wolfSSL)

Currently I am using a wolfssl on a microcontroller. I got it working with RSA, but took about 15 seconds to handshake (I have no divider in my cpu). I am switching to ecc to see if it speeds things up. I generated two pem files with openssl for this and I get errors when trying to load them. My settings are:

#define FREERTOS
#define WOLFSSL_LWIP
#define NO_WOLFSSL_DIR
#define HCC_SAFEFLASH
#define NO_STDIO_FILESYSTEM
#define NO_WOLFSSL_SMALL_STACK
#define WOLFSSL_STATIC_MEMORY
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WOLFSSL_STATIC_RSA
#define WC_NO_HARDEN
#define NO_WOLFSSL_CLIENT
#define NO_RSA
#define HAVE_ECC
#define TFM_ECC256
#define NO_SHA
#define NO_OLD_TLS
#define HAVE_HKDF
#define HAVE_ECC_ENCRYPT
#define WOLFSSL_CERT_GEN
#define ECC_DECODE_EXTRA
#define HAVE_HASHDRBG
#define CUSTOM_RAND_GENERATE

My pem files look like this:
(openssl ecparam -genkey -name prime256v1 -noout -out private.pem)
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFJ+TI+kYZ0LhNdONR0xZsnBZOmQ+tP31mAT+TAnXb8+oAoGCCqGSM49
AwEHoUQDQgAERHc9yck7wB8OCWBLBPv5V223IGhwi8uxxPKgqxKL9mOhyCGTdLw6
D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END EC PRIVATE KEY-----
(openssl ec -in private.pem -pubout -out public.pem)
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERHc9yck7wB8OCWBLBPv5V223IGhw
i8uxxPKgqxKL9mOhyCGTdLw6D3eYb9D3mzeR0Qu6YM3//lgX/pubAYNmYw==
-----END PUBLIC KEY-----

The error I get is:
Couldn't find PEM header
and an error code of -162
My code to load looks like this:

   iReturn = wolfSSL_Init();
   if(iReturn != SSL_SUCCESS)
      CONSOLE_LOG("wolfSSL_Init failed, %d\n", iReturn);

   xWolfSSL_ServerContext = wolfSSL_CTX_new( wolfTLSv1_2_server_method() );
   if( xWolfSSL_ServerContext != NULL )
   {
      iReturn = wolfSSL_CTX_use_certificate_file( xWolfSSL_ServerContext, "/www/public_256_ecc.pem", SSL_FILETYPE_ASN1 );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-cert.pem, %d\n", iReturn);

      iReturn = wolfSSL_CTX_use_PrivateKey_file( xWolfSSL_ServerContext, "/www/private_256_ecc.pem", SSL_FILETYPE_ASN1 );
      if(iReturn != SSL_SUCCESS)
         CONSOLE_LOG("server-key.pem, %d\n", iReturn);
   }
   else
      CONSOLE_LOG("xWolfSSL_ServerContext is NULL\n");

Thanks for the replies guys, just wanted to update you guys to let you know that I was mistaken with the size. I had to move some things in my main app's make file, this resulted in some core libraries that are built being stuck into the file that wolfssl was being built in. So the extra bloat was not wolfssl's fault, rather it was just dependencies being moved into the same library that wolfssl was being built into!

kind regards

Hello,

I recently compiled wolfssl (version 3.15.3) and my build size is ~1.5MB. The documentation states it should be 30-100kB, typically 60kB for embedded, so I am wondering if I have done something very wrong.

I am using a microblaze processor, mb-gcc compiler, LWIP, HCC for file system, and FREERTOS.

Currently, I am using the following configs:

#define FREERTOS
#define WOLFSSL_LWIP
#define NO_WOLFSSL_DIR
#define HCC_SAFEFLASH
#define NO_STDIO_FILESYSTEM
#define CUSTOM_RAND_GENERATE     
#define NO_WOLFSSL_SMALL_STACK     
#define WOLFSSL_STATIC_MEMORY     
#define USE_FAST_MATH           
#define TFM_TIMING_RESISTANT       
#define WOLFSSL_STATIC_RSA
#define WC_NO_HARDEN