wolfSSL - Embedded SSL Library
You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 3 of 7)
Hi Preethi,
I am not able to see your build settings, can you reattach them?
For the best speed with ECC, I would recommend using SP math with SP math assembly speedups:
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_ARM_CORTEX_M_ASM
ECC_SHAMIR is also a good define for speeding up ECC operations, I would recommend consulting the ECC section of our user_settings.h template here: https://github.com/wolfSSL/wolfssl/blob … template.h
Also make sure you are using our latest wolfSSL release, 5.7.2.
What is the size of the key you are trying to verify?
Thanks,
Kareem
Hello Leonie,
Thank you for your interest in wolfSSL and your extended testing. I would strongly recommend removing --enable-all from your configure line and replacing it with: --enable-sp --enable-sp-math --enable-sp-asm --enable-intelasm. This will enable our fastest math library, SP math, and all of our assembly speedups. OpenSSL uses assembly by default, so this will be a more equivalent comparison.
You can also optionally add CFLAGS='-DWOLFSSL_OLD_PRIME_CHECK' for a further speedup, but this does hurt security and isn't generally recommended.
As for session tickets, we do have an internal session cache which should be enabled by default.
Thanks,
Kareem
Hello Craig,
Great question. Since the forum post you linked, we have implemented a set of APIs for AES-GCM streaming which provides exactly what you're looking for.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … -encrypt.c Build instructions here: https://github.com/wolfSSL/wolfssl-exam … crypto/aes
Note that you will need to build with --enable-aesgcm-stream to enable this feature.
Thanks,
Kareem
Hello Philippe,
It looks like you are asking for a set of zero-copy callbacks, does that sound correct?
If so, we don't currently support this, we would like to add support but it would take significant time.
Please contact us at support [AT] wolfssl [DOT] com to discuss this further.
Thanks,
Kareem
Hi ppawel87,
Please try defining WOLFSSL_CERT_EXT in your user_settings.h and let me know if it helps.
If not, please attach your certs and confirm which site you are trying to connect to. If this information is sensitive, you may email us at support [AT] wolfssl [DOT] com with this information.
Thanks,
Kareem
Hi MUH,
The current wolfCrypt version is stored in the variable __version__ in wolfcrypt/_version.py, you can get it as follows:
from wolfcrypt._version import __version__
Thanks,
Kareem
Hi manya,
I just saw your updated post. Disabling asm will work around the issue, but ideally I would like to get this fixed so you can benefit from our assembly optimizations as well.
Hi manya,
Please share your build config for wolfSSL (./configure line or user_settings.h). I will have our assembly expert review this.
It would be helpful to know if you see the same issue on wolfSSL master.
Thanks,
Kareem
Hi dcanthony,
For a bare metal ARM target, rather than using ./configure I would recommend using our GCC-ARM example: https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM This includes a user_settings.h file which defines the macro WOLFSSL_USER_CURRTIME, allowing it to define a custom custom_time function which does not depend on clock_gettime. You can find this function in Source/wolf_main.c. Note that you will need to implement your own hw_get_time_sec function which returns the RTC value if you are trying to verify the dates in certificates.
What modifications did you make to Makefile.common?
Thanks,
Kareem
Hi confused_squirrel,
Thanks for your interest in wolfSSL. You are on the right track with our getter functions such as GetASN_Items and GetASN_OID, these are the functions we use to parse ASN and the functions you should call for this case. These are internal static functions, we do not have a public interface for this. You will need to find a way to call static wolfSSL functions from your application, or patch our source to make these functions non static.
We don't currently have a complete example on how to use these functions as again, they are internal functions.
Are you willing to share some information about your project? Are you working on a commercial or personal project? You are welcome to email us at support [AT] wolfssl [DOT] com if this information is confidential.
Thanks,
Kareem
Can you share your error log so I can assist further?
We don't have an example of using Visual Studio to build curl but it should work.
The definitions go in your project's user_settings.h.
Yes, check out our blog post here: https://www.wolfssl.com/using-curl-with … d-tls-1-3/
Hi Samuel,
I would recommend using our updated wolfSSH Visual Studio project and instructions from ide/winvs: https://github.com/wolfSSL/wolfssh/tree … /ide/winvs
You will want to use the DLL Debug/DLL Release build configurations, you can set your target to win32 with either config.
Thanks,
Kareem
Hi Samuel,
What version of wolfSSL are you using? If you aren't using our latest release 5.7.0, please upgrade.
HAVE_CURL is not sufficient, you will need multiple other defines as follows:
#define HAVE_TLS_EXTENSIONS
#define HAVE_SNI
#define HAVE_SUPPORTED_CURVES
#define HAVE_FFDHE_2048
#define WOLFSSL_TLS13
#define HAVE_EXTENDED_MASTER
#define NO_RC4
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_CRL
#define HAVE_CERTIFICATE_STATUS_REQUEST
#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_IP_ALT_NAME
#define HAVE_SESSION_TICKET
#define NO_SESSION_CACHE_REF
#define WOLFSSL_DES_ECB
#define WOLFSSL_TICKET_NONCE_MALLOC
#define NO_PSK
#define WOLFSSL_ENCRYPTED_KEYS
#define HAVE_DH_DEFAULT_PARAMS
#define WOLFSSL_SYS_CA_CERTS
#define HAVE_OCSP
#define OPENSSL_EXTRA
#define NO_DES3_TLS_SUITES
#define WOLFSSL_PUBLIC_MP
#define HAVE_SERVER_RENEGOTIATION_INFO
Thanks,
Kareem
Hi Simon,
It looks like you have a support contract on file with us, please contact us at support [AT] wolfssl [DOT] com so we can prioritize your support.
Thanks,
Kareem
Hi Simon,
To remove support for our AES CCM cipher suites, build wolfSSL with HAVE_AESCCM not defined. If you are using configure, you can use the argument --disable-aesccm to disable this.
Thanks,
Kareem
Hi just_david,
Glad you were able to solve your RSA issue.
-125 is MEMORY_E, which means we were unable to allocate enough memory. As you are on an embedded system, I would recommend enabling our small stack support and our small SP code, which you can do with: --enable-smallstack --enable-sp=small,nomalloc. Please let me know if you continue to run into errors with these flags.
Hi Samuel,
It looks like you are not enabling our OpenSSL compatibility layer when building curl, this implements EVP_MD_CTX and many other OpenSSL types/functions. Please share your build settings for wolfSSL and wolfSSL version. You should be building wolfSSL with --enable-curl to use it with curl.
Thanks,
Kareem
Hi David,
Our Microchip Harmony license was written by Microchip, please reach out to Microchip as they will be able to assist with your license questions.
Thanks,
Kareem
Hi Prabhu,
Our Microchip Harmony library is not licensed under GPL, it has a custom license which you can review here: https://github.com/Microchip-MPLAB-Harm … crochip.md
Please let me know if you have any further questions on this.
Thanks,
Kareem
Hi ler762,
It looks like you're cross-compiling and copying the test binary over to your target. Please ensure you are also copying the certs/ directory to your target, and that you are running the test binary from the same directory as certs/.
You will also need to modify wolfcrypt/test/test_paths.h with the path to your certs directory on your target.
Thanks,
Kareem
Copying from zendesk ticket:
When including wolfSSL headers in your application, you must include our build settings (options.h/settings.h) first as follows:
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
You need to include these headers before all other wolf/OpenSSL headers in all files which include these headers. Please give it a try and let me know if it helps.
I am not seeing any attachments, please retry attaching your debug logs or contact us at support [AT] wolfssl [DOT] com for further assistance.
Please rebuild wolfSSL with --enable-debug defined and post debug logs of the server to help confirm what is going wrong. Please also include your full wolfSSL build settings, ./configure line or user_settings.h.
Is your embedded client running wolfSSL, or something else?
Hi Saurabh,
Make sure you are running our example server from your base wolfSSL directory, and not from inside of examples/server. Your base wolfSSL directory has certs/, examples/ etc. inside of it.
Thanks,
Kareem
Posts found: 51 to 75 of 165
Generated in 0.028 seconds (86% PHP - 14% DB) with 5 queries