1

(2 replies, posted in wolfSSH)

Thank you, John.  I am building this for Nucleus.  It is version 1.4.5.  After diffing the original code with our changes, it looks like we have changed this file significantly in porting and have probably triggered the warning. I'll let you know if there is still a problem after I investigate further.  Thanks!

Thanks for the research, Eric, but this is not quite the same issue.  I'm not getting undefined reference to `__HAL_RCC_AES_CLK_ENABLE' - I have that routine present in the build.  The problem is that I have to manually enable the crypto clock within the WolfSSL routines.

For example:

    static int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock)
    {
        int ret = 0;
    #ifdef WOLFSSL_STM32_CUBEMX
        CRYP_HandleTypeDef hcryp;
        #if defined(NUCLEUS) && defined(WOLFSSL_STM32L4)
            /* Enable CRYP clock */
            __HAL_RCC_AES_CLK_ENABLE();
        #endif

3

(2 replies, posted in wolfSSH)

wolfssh_server.c:115:12: warning: 'ssh_worker' defined but not used [-Wunused-function]
115 static int ssh_worker(thread_ctx_t* threadCtx) {
^~~~~~~~~~

I can find no use of this routine in the code.  Can you please comment as to whether this routine can be removed from the file?

I added __HAL_RCC_AES_CLK_ENABLE in numerous routines in aes.c to enable the hardware clock; wc_AesEncrypt, wc_AesDecrypt, wc_AesCbcEncrypt, wc_AesCbcDecrypt, wc_AesCtrEncryptBlock.  Is this missing functionality in WolfSSL or is there some other way to enable this in WolfSSL without having to add these code blocks?

I also had to add an include file in des3.c to avoid compiler errors.  Can you please comment if this is an oversight in the WolfSSL code?

#ifdef STM32_CRYPTO
    #include <wolfssl/wolfcrypt/port/st/stm32.h>
#endif

Thank you!

Thanks so much!  I'm not sure what your process is for PR approval - do you have any idea when this would be accepted into the mainline?  We have a CF Friday...

Thanks so much, Eric!  What about the ECC requirement?

I see a number of build errors with this configuration.  Can you please tell me if these are all hard requirements for build/functionality of WolfSSH?

Thank you David.  We are on 4.6.0.  I will update.

Should I be able to disable all three of these and successfully build the library?  Following is the error:

error: 'SignatureCtx' {aka 'struct SignatureCtx'} has no member named 'verify'
7484 |                             sigCtx->key.dsa, &sigCtx->verify);
      |                                                     ^~
error: 'SignatureCtx' {aka 'struct SignatureCtx'} has no member named 'verify'
7589 |                     if (sigCtx->verify == 1) {

10

(11 replies, posted in wolfSSL)

Thank you!

11

(11 replies, posted in wolfSSL)

Hello Kaleb,

No, these are not being set at the same time.  These are just configuration options that we have identified within WolfSSL that should be exposed to the user.  I am just checking with you to see which ones are no longer valid within WolfSSL since I do not see these in the latest version of documentation.

12

(11 replies, posted in wolfSSL)

Thank you, Kaleb.

I am porting WolfSSL to the Nucleus OS, so listing out the configuration options is a little tricky - also because I think I have some out of date configuration options in my port.  I am porting version 4.0.0 from a previous version.

I found a lot of macros in the code that are not documented in the latest WolfSSL manual as configurable, but Nucleus has allowed these to be configurable in the past.  Could you possibly verify whether these macros should be configurable by the user in the 4.0.0 version of code, please?  The problem may be that we have some legacy macros enabled that should not be toggled.

WC_NO_HARDEN
HAVE_RABBIT - not present in header files, but present in ssl.c
HAVE_HC128
WOLFSSL_SHA224
HAVE_ECC_ENCRYPT
WOLFSSL_MD2
HAVE_ONE_TIME_AUTH
HAVE_BLAKE2
HAVE_PKCS7
HAVE_HKDF
WOLFSSL_STATIC_DH
WOLFSSL_STATIC_RSA
HAVE_AES_KEYWRAP
HAVE_X963_KDF
WOLFSSL_AES_DIRECT
WOLFSSL_STM32L4
WOLFSSL_STM32_CUBEMX
WOLFSSL_AES_COUNTER
WOLFSSL_ALLOW_SSLV3 - not present in header files, but present in internal.c
WOLFSSL_MAX_STRENGTH
WC_NO_RNG
WOLFSSL_WPAS - not present in header files, but present in ssl.c
FORTRESS
WOLFSSL_LEANPSK
WOLFSSL_LEANTLS
BIG_SESSION_CACHE - not present in header files, but present in ssl.c
HUGE_SESSION_CACHE - not present in header files, but present in ssl.c
PERSIST_SESSION_CACHE - not present in header files, but present in ssl.c
PERSIST_CERT_CACHE - not present in header files, but present in ssl.c
HAVE_WRITE_DUP
WOLFSSL_SNIFFER
HAVE_NULL_CIPHER
SESSION_CERTS
WOLFSSL_CERT_EXT
WOLFSSL_SEP
ECC_SHAMIR
WOLFSSL_CUSTOM_CURVES
HAVE_COMP_KEY
HAVE_STACK_SIZE
NO_WOLFSSL_MEMORY
NO_RSA
NO_ASN
NO_CODING - not present in header files, but present in coding.c
WOLFSSL_BASE64_ENCODE
HAVE_IDEA
WOLFSSL_CMAC
HAVE_WEBSERVER
HAVE_FIPS
HAVE_CERTIFICATE_STATUS_REQUEST_V2
HAVE_CRL_MONITOR
HAVE_WNR
HAVE_MAX_FRAGMENT
HAVE_TRUNCATED_HMAC
HAVE_SUPPORTED_CURVES
HAVE_EXTENDED_MASTER
HAVE_TLS_EXTENSIONS
WOLFCRYPT_HAVE_SRP
WOLFSSL_TEST_CERT
HAVE_IO_POOL
WOLFSSL_HAVE_CERT_SERVICE
WOLFSSL_JNI
HAVE_LIGHTY
HAVE_STUNNEL
HAVE_SCRYPT
HAVE_CAVIUM_V
HAVE_FAST_RSA
HAVE_MCAPI - not present in header files, but present in compress.c
WC_NO_ASYNC_THREADING
HAVE_SECURE_RENEGOTIATION
WOLFSSL_SGX
WOLFSSL_ASYNC_CRYPT
HAVE_RENEGOTIATION_INDICATION - not present in header files, but present in internal.c
HAVE_SNI
NO_OLD_TLS
NO_SHA
NO_CERTS
NO_BIG_INT
OLD_HELLO_ALLOWED - not present in header files, but present in several files
WC_RSA_BLINDING
NO_ASN_TIME

13

(11 replies, posted in wolfSSL)

Thank you, Kaleb.  When I build with WOLFCRYPT_ONLY defined and NO_HMAC defined, I still get build errors in pkcs12.c.  From your comment above, it seems that this should build successfully.  Is there another macro that needs to be toggled?

14

(11 replies, posted in wolfSSL)

Hello Kaleb,

Thank you for your response.  I am referring to documentation at this link.  https://www.wolfssl.com/documentation/w … Manual.pdf

Is this the proper document that I should be using?

Thanks,
Tammy

15

(11 replies, posted in wolfSSL)

When I define NO_HMAC, I get build errors in several files.  I do not see a reference in the documentation to needing to set other macros with NO_HMAC - are other macros required to be disabled, too, or is this a build problem?  Thank you.