You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by jeff
Hi r-type,
The changes merge and created a new tag v2.3.1 to address this issue. Thanks again for the report.
Cheers,
Jeff
I've put up a PR 196 to fix this and have added tests to cover this type of error.
Hi r-type,
I've reproduced the error and will put up a fix shortly. I'll also expand our testing to make sure this is covered in the future.
Thanks for the report.
Jeff
Hi Messias,
I've fixed an issue and added a test for RSAES in a PR
Attached is a program I used to test against the website you linked. The output is binary. I tested against the website by converting the output to base64 `base64 out.bin` and copy-paste into RSA Decryption. To test against openssl I ran `openssl rsautl -decrypt -inkey rsa2k.pem -in out.bin`
Note: that for OAEP with SHA1, in order to be compatible you must change the default HASH of wolfTPM by adding `CFLAGS=-DWOLFTPM2_WRAP_DIGEST=TPM_ALG_SHA1` to configure. This is not needed for RSA/ECB/PKCS1Padding. For openssl with SHA256 (wolfTPM default) you can decrypt with `openssl pkeyutl -inkey rsa2k.pem -in out.bin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -decrypt`
Hi messias,
Can you share a simple version of your code? I don't see an exact example of your use-case and will look at adding one.
Cheers,
Jeff
Hi Preeti,
I understand your goals and you are correct that we don't currently have a VS solution. wolfTPM windows support is relatively new addition. We would be interested improving support but have limited resources. If you'd like to discuss in more detail please feel free to reach out to support@wolfssl.com
There is an experimental cmake branch that can be used with MSVC, but it doesn't have support for a static library currently.
Thanks,
Jeff
Hi Kevin,
This appears to be a bit width type. It doesn't appear that the logs were included. It may be easier to assist you by sending the logs via email to
support@wolfssl.com (you can refer to this post).
Can you mention the version of wolfSSL you are using?
Are you following the instructions on the page or did you find the need to make any modifications?
Cheers,
Jeff
Hi jw,
I see that some other platforms also receive that error with that server under the handshake simulation section of the link you provided.
What version of wolfSSL are you using? Can you supply some additional information about how you have configured the client to connect to that server?
Thanks,
Jeff
Hi yass007,
That shouldn't be a limitation. Can you try with other clients? maybe even wolfSSH as the client?
Is there any errors from the server when this occurs?
In the meantime I'll test with some larger files locally.
Hi Messias,
I found a smaller example and will look a little closer for a solution. wolfTPM is including minwindef.h which defines WIN32 and results in the error.
#include <minwindef.h>
#include <curl/curl.h> The same error can be generated by compiling a file that includes curl.h under msys2 and using -DWIN32
As a work around I was able to add a line to undefine WIN32 before including curl.h although I had runtime errors then, so do not think this is the correct solution.
#undef WIN32
#include <curl/curl.h> Hi Messias,
Happy to discuss here, or if you want to share anything private feel free to email support@wolfssl.com and reference this post and we can continue there.
Can you share the version of curl and the source for curl_wolftpm_winap_test.c?
Thanks,
Jeff
Hi Messias,
I was able to reproduce the errors and have created a PR to address the initial error you reported. Thanks for the report.
I believe the new errors you are seeing may require you to rebuild and install wolfSSL if you wish to use `mingw64.exe`
Let me know if those address your build issues. Feel free to reach out to support@wolfssl.com if you have any questions or to discuss specific use-cases.
Cheers,
Jeff
Hi johnnyApplePRNG,
I was able to reproduce. I'm not too familiar with `checkinstall` so bear with me.
`make install` works
if I run `mkdir -p /usr/local/share/doc/` then checkinstall works
Adding `-docdir=/usr/local/share/doc_wolfssl` to configure also resolves the error
ok I think I found a relevant post https://stackoverflow.com/questions/497 … eckinstall. I confirmed checkinstall works with `--fstrans=no`
I hope one of those works for you. Can you let us know more about your goals/usecase?
Hi jy824212,
There are a few APIs that may be useful to you that start with `wc_ecc_export_`. See the header.
Hope that helps,
Jeff
Great! glad to hear that
Hi junioarssuncaolp,
Can you tell us more about your use-case?
I think for TPM2_CertifyCreation, the signHandle needs to be set and match the session auth. I was able to get a different error TPM_RC_SENSITIVE.
I'll try to get a working example.
Hey Remy,
Looks like I had a mistake in my code that prints the the buffer in hex. 
23c23
< printf("%02x ", pDer->buffer[i]);
---
> printf("%x", pDer->buffer[i]);Updated file attached.
comparing to openssl
$ openssl ec -in forum_ec.pem -outform der -out /dev/stdout | od -An -tx1
read EC key
writing EC key
30 77 02 01 01 04 20 1f 4e 99 c7 44 a6 8b c5 1d
8c 2b 2b 06 ff d0 b0 12 85 6b 24 59 8f 06 25 b1
33 f3 34 43 98 d7 73 a0 0a 06 08 2a 86 48 ce 3d
03 01 07 a1 44 03 42 00 04 8f cf 5f a8 17 c6 25
1b 55 df b1 7a fa 97 9e 13 03 5b 43 1e 43 e4 d9
e4 a0 52 4f c9 f1 39 e1 40 16 28 cf ba cd 37 3f
11 94 3a 7a 09 3f 93 c2 a1 f9 56 09 13 e6 da 93
dc 7c 42 8e 39 ca b6 5e 97
$ ./forum_ec
convert 0
30 77 02 01 01 04 20 1f 4e 99 c7 44 a6 8b c5 1d
8c 2b 2b 06 ff d0 b0 12 85 6b 24 59 8f 06 25 b1
33 f3 34 43 98 d7 73 a0 0a 06 08 2a 86 48 ce 3d
03 01 07 a1 44 03 42 00 04 8f cf 5f a8 17 c6 25
1b 55 df b1 7a fa 97 9e 13 03 5b 43 1e 43 e4 d9
e4 a0 52 4f c9 f1 39 e1 40 16 28 cf ba cd 37 3f
11 94 3a 7a 09 3f 93 c2 a1 f9 56 09 13 e6 da 93
dc 7c 42 8e 39 ca b6 5e 97
decode 0or better yet
diff --side-by-side --width 100 <(openssl ec -in forum_ec.pem -outform der -out /dev/stdout 2>/dev/null | od -An -tx1) <(./forum_ec)
> convert 0
30 77 02 01 01 04 20 1f 4e 99 c7 44 a6 8b c5 30 77 02 01 01 04 20 1f 4e 99 c7 44 a6 8b c5
8c 2b 2b 06 ff d0 b0 12 85 6b 24 59 8f 06 25 8c 2b 2b 06 ff d0 b0 12 85 6b 24 59 8f 06 25
33 f3 34 43 98 d7 73 a0 0a 06 08 2a 86 48 ce 33 f3 34 43 98 d7 73 a0 0a 06 08 2a 86 48 ce
03 01 07 a1 44 03 42 00 04 8f cf 5f a8 17 c6 03 01 07 a1 44 03 42 00 04 8f cf 5f a8 17 c6
1b 55 df b1 7a fa 97 9e 13 03 5b 43 1e 43 e4 1b 55 df b1 7a fa 97 9e 13 03 5b 43 1e 43 e4
e4 a0 52 4f c9 f1 39 e1 40 16 28 cf ba cd 37 e4 a0 52 4f c9 f1 39 e1 40 16 28 cf ba cd 37
11 94 3a 7a 09 3f 93 c2 a1 f9 56 09 13 e6 da 11 94 3a 7a 09 3f 93 c2 a1 f9 56 09 13 e6 da
dc 7c 42 8e 39 ca b6 5e 97 dc 7c 42 8e 39 ca b6 5e 97
> decode 0Hi Hadrien,
As you are discovering the Windows support for TPM is by default quite restricted. Windows is our most recently added platform and we are aiming to improve the documentation and examples around it.
Can you explain more about your goals for authentication? Are you interested in the state of the machine or just that it is the machine with the specific TPM present?
The specification is the best source, but sometimes other sources can be good to understand the purpose at a higher level. Here are a few links I found helpful
You may also be interested in looking at our TLS examples if you haven't yet.
If you are interested in unblocking TPM commands in Windows, proceed with caution. And read https://docs.microsoft.com/en-us/window … /using-tbs
Thanks for the feedback. We are always aiming to improve our documentation.
Remy,
I ran with your configuration on a raspberry Pi 3 B+ and saw no error.
$ gcc ../forum_ec.c -o forum_ec -I . -L src/.libs/ -lwolfssl -lm
$ ./forum_ec
convert 0
30772114201f4e99c744a68bc51d8c2b2b6ffd0b012856b24598f625b133f3344398d773a0a682a8648ce3d317a144342048fcf5fa817c6251b55dfb17afa979e1335b431e43e4d9e4a0524fc9f139e1401628cfbacd373f11943a7a93f93c2a1f956913e6da93dc7c428e39cab65e97
decode 0$ cat /proc/cpuinfo | tail -n3
Hardware : BCM2835
Revision : a020d3$ git describe --tag
v4.7.0-stable
$ ./config.status --c
'--enable-sni' '--enable-debug=yes' '--enable-static=yes' '--enable-shared=no' '--disable-examples' '--disable-filesystem' '--enable-ocspstapling' '--disable-oldtls' '--enable-ecc' '--enable-harden' '--enable-coding' '--enable-base64encode'When you run code, what is the output?
Hi Remy,
I was not able to reproduce. Can you share you configuration of wolfssl?
I've attached the program I used to build. I configured v4.7.0-stable with `./configure` (no options) and compiled `gcc -o forum_ec forum_ec.c -lwolfssl -I .` I used `wc_PemToDer`and did not get a matching DER buffer
Cheers,
Jeff
Hey @dan9er,
This still needs to be tested, but here is a branch to build https://github.com/elms/pacman-packages … dd_wolfssl
Turns out I was able to resolve those warnings by adding
-specs=3dsx.specsto LDFLAGS, but I still disabled examples and tests for the package.
Hi dan9er,
We have someon working on updating the support for PPC and testing it for wii. After touching base with them I was able to compile.
For 3DS I was able to compile with
PATH=/opt/devkitpro/devkitARM/bin/:$PATH ./configure --host=arm-none-eabi --disable-shared --disable-examples --disable-crypttests CFLAGS="-I/opt/devkitpro/libctru/include/ -march=armv6k -mtune=mpcore -mfloat-abi=hard -mtp=soft -mword-relocations -DNO_WRITEV" LDFLAGS="-L/opt/devkitpro/libctru/lib -lctru"
PATH=/opt/devkitpro/devkitARM/bin/:$PATH make -j1 V=1For PKGBUILD this would reduce to something like
./configure CFLAGS="-DNO_WRITEV" LIBS="-lctru" --host=arm-none-eabi --disable-shared --disable-examples --disable-crypttests --enable-sp-math-all
makeI have not attempted to test actually using the library. I'll put up a draft PR for https://github.com/devkitPro/pacman-packages and update you.
Compiling the examples and tests I am seeing warnings.
c:/msys64/opt/devkitpro/devkitarm/bin/../lib/gcc/arm-none-eabi/10.2.0/../../../../arm-none-eabi/bin/ld.exe: warning: cannot find entry symbol _start; defaulting to 0000000000008020Any ideas if it's possible to compile the examples and run on 3ds?
If you are able to test on hardware, can you share the results?
Hi @ddnr,
Can you share what version of Gecko you are using?
Can you also check what version of SE firmware (I think you can check in the IDE or using this API)?
Cheers,
To clarify wolfSSL does support passpharse protected keys.
In the main wolfSSL repo the server example supports this with a call to SSL_CTX_set_default_passwd_cb when configured with --enable-enckeys.
See the callback implementation here. wolfSSL_CTX_set_default_passwd_cb_userdata is also useful for supporting these keys.
Hi sapi01,
By default openSSL encrypts the key with a passphrase (which is a reasonable default) and wolfSSL doesn't have the passphrase.
To not protect the key file with a passphrase, the `-nodes` (that's no DES) can be used.
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365Interestingly telling openssl to convert the RSA format as Eric showed, doesn't protect the key when output.
Hope that helps. Cheers,
Jeff
wolfSSL - Embedded SSL Library → Posts by jeff
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.018 seconds (94% PHP - 6% DB) with 5 queries