You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 5 of 7)
Hi karikjame2021,
In addition to the above, you will need to register a FIPS hash callback in your application. See below for how to register this. Note that our test suite already has its own FIPS hash callback.
#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(myFipsCb);
#endif
#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>
static void myFipsCb(int ok, int err, const char* hash)
{
printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
printf("message = %s\n", wc_GetErrorString(err));
printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
printf("In core integrity hash check failure, copy above hash\n");
printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif
May I ask where you are located, and if this is for a commercial project? Feel free to reach out to us at support [AT] wolfssl [DOT] com if this is sensitive information.
Thanks,
Kareem
Hi karikjame2021,
This is most likely caused by an outdated FIPS hash, you will need to update your FIPS hash and rebuild. The easiest way to do this is to run the script "fips-hash.sh" in the root of your wolfSSL directory.
You will need to register our FIPS seed callback in your application with the following code:
#ifdef WC_RNG_SEED_CB
wc_SetSeed_Cb(wc_GenerateSeed);
#endif
Thanks,
Kareem
Please confirm which build options you are using and that you're on our latest release (5.5.0) or master.
Try adding the options from this configure line and let me know if it helps: ./configure --enable-certgen --enable-asn=template CFLAGS="-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING"
Hello,
Your ECC key is using a Koblitz curve which we do not enable support for by default.
Please add --enable-ecccustcurves=all to your configure line, rebuild wolfSSL and let me know if you still see any issues.
Thanks,
Kareem
Hello Messias,
You will need to use our custom OID support to mark extensions as critical/non-critical.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … ns-example
https://github.com/wolfSSL/wolfssl-exam … stom_ext.c
The second parameter of wc_SetCustomExtension specifies whether the extension is marked as critical or not.
Thanks,
Kareem
Hi Jun Li,
We do have different behavior than OpenSSL by default with cert chains, to use OpenSSL's behavior you can build wolfSSL with WOLFSSL_ALT_CERT_CHAINS. Let me know if you still have any issues with alt cert chains defined.
Thanks,
Kareem
Happy to help.
What error code is wolfSSL_PEM_read_PrivateKey returning? Can you provide the private key you are trying to load, and the code you are using? Feel free to email us at support [AT] wolfssl [DOT] com if this is sensitive info.
Thanks,
Kareem
Happy to help.
For wolfSSL_EC_KEY_dup, you'll need OpenSSL all enabled as well, so you'll need to add --enable-opensslall to your ./configure line.
wolfSSL_EC_POINT_is_on_curve requires USE_ECC_B_PARAM. Add CFLAGS='-DUSE_ECC_B_PARAM' to your configure line.
We don't currently support EC_GROUP_get0_generator or PEM_write_PrivateKey. You will need to replace these functions, or send a request to support AT wolfssl DOT com if you'd like to see these added to our compatibility layer.
I also wanted to note we provide wolfEngine, for full OpenSSL compatibility: https://github.com/wolfSSL/wolfEngine But we do recommend using our OpenSSL compatibility layer when possible.
Hi Chris,
We do not support doing this at runtime. Are you able to remove the undesired certificates from your chain before passing it to wolfSSL?
Thanks,
Kareem
Hello,
Which version of wolfSSL are you using? If you aren't using our latest release (5.4.0), try upgrading and let me know if it helps.
How are you building wolfSSL? Can you share your build settings (user_settings.h or ./configure line)?
Your includes look correct, make sure you have <wolfssl/options.h> included before all other wolfssl headers in all files using these headers.
Thanks,
Kareem
Hello vico,
The RA4M2 uses SCE hardware acceleration, which we do support. To activate this support, define WOLFSSL_RENESAS_SCEPROTECT in your user_settings.h.
For a template, check out our RA6M4 e2studio project, which also uses SCE: https://github.com/wolfSSL/wolfssl/tree … udio/RA6M4
May I ask if this is for a commercial or personal project?
Thanks,
Kareem
You can disable wolfSSL's certificate validity check using wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
This significantly hurts security, and we strongly recommend against it. Instead, you should register your CA certificates by calling wolfSSL_CTX_load_verify_locations(ctx, NULL, "/path/to/CAcerts/"); before connecting.
Thanks,
Kareem
Hi msjeon,
Try running /bin/bash ./configure ... If that fails, your bash is likely too old (our minimum requirement is 3.x), so you will need to upgrade. Alternatively, you can use our Makefile + user_settings.h instead of ./configure. See our template in IDE/GCC-ARM (you can remove all of the ARM specific parts).
On Solaris, you will want to build wolfSSL as a static library using --enable-static --disable-shared, and ensure you are using gmake to build. You may also need to disable our builtin make clean at the end of ./configure using --disable-makeclean.
Thanks,
Kareem
I am happy to help, Farhan.
Check out our docs on wolfSSL + Renesas here: https://www.wolfssl.com/docs/renesas/
The link I provided has some example projects for e2studio. We also have some for CS+: https://github.com/wolfSSL/wolfssl/tree … B/Projects
Please continue to use our ticket system via support [at] wolfssl [dot] com for further support.
Thanks,
Kareem
Hello Farhan,
We do have various Renesas example projects, but we don't currently have one for the RA6M5. You can see our example projects here: https://github.com/wolfSSL/wolfssl/tree … s/e2studio
Can you work off of the RA6M4 project? I don't see anything too platform-specific in our user_settings.h, so you should be able to use it as a reference.
Thanks,
Kareem
Hello ballen,
We do not support this feature currently, but by writing your own custom HAL functions, you can add support for it. For more on wolfBoot HAL, see: https://github.com/wolfSSL/wolfBoot/blo … ocs/HAL.md
Our STM32F7 HAL is a good example, in particular see the array flash_sector. You could use this code as a rough template and make these sectors non-contiguous: https://github.com/wolfSSL/wolfBoot/blo … /stm32f7.c
I also wanted to note we do support external flash partitions, we just don't currently support splitting a partition without code changes. For more on wolfBoot partitions, see: https://github.com/wolfSSL/wolfBoot/blo … titions.md
May I ask what platform you are using wolfBoot on?
Thanks,
Kareem
Hi altech,
First, if you are not on the latest wolfSSL version (5.2.0), please try upgrading and let me know if it helps.
If not, can you share your user_settings.h?
UNKNOWN_RECORD_TYPE means we did not recognize the type in the record header, most likely you are not enabling support for the TLS version Firefox is trying to use, which is most likely TLS 1.3.
To enable TLS 1.3 support, make sure you have the following defined:
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_HKDF
Thanks,
Kareem
wolfSSL Support
Hi abdulwazeed1,
It sounds like you are running into a threading issue, since it works after repeated tries. Are you confident you are not sharing any context between threads? Each thread needs its own Aes, WOLFSSL, etc objects.
If you still run into issues, please reach out to support [AT] wolfssl [DOT] com so we can prioritize this issue.
Thanks,
Kareem
Hi abdulwazeed1,
What version of wolfSSL are you using? If you are not using the latest stable (5.2.0), please upgrade and let me know if it helps.
Are wc_AesCbcEncrypt and/or wc_AesCbcDecrypt returning an error code for the invalid packets? If so, what error code are you seeing?
If neither of the above help, please enable debug logging by building with DEBUG_WOLFSSL or --enable-debug, and running wolfSSL_Debugging_ON(). Then attach your debug logs here. Please also share your build settings.
Lastly, please clarify whether you are using a multi-threaded application on either side. Note that for multi-threading we require separate Aes objects for each thread.
Thanks,
Kareem
Hi rkumar,
Please upgrade to the latest wolfSSL, 5.2.0 and let me know if you still have any issues.
Thanks,
Kareem
Hi Junkhar,
I realized you're using 4.7.0, which is outdated. Please upgrade to the latest wolfSSL version (currently 5.1.0) and let me know if you still see any issues.
Thanks,
Kareem
Hi Junkhar,
Can you attach your pcap wireshark file, rather than a png? If there is any sensitive information, feel free to email it to us at support [AT] wolfssl [DOT] com.
One common issue on your platform is the encrypt-then-mac/extended master secret extensions being disabled by default. It's worth trying again with them enabled, add this to your user_settings.h, then rebuild and let me know if it helps:
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
Thanks,
Kareem
Hi werchter,
You should build with WOLFSSL_PUBLIC_MP defined and use mp_read_unsigned_bin, which will be built as a public API.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … ecc_sign.c
Thanks,
Kareem
Hi Alex,
You will want to use SP math rather than Fast math to increase your speed. Replace USE_FAST_MATH with the following:
WOLFSSL_SP_MATH_ALL
WOLFSSL_SP_ASM
Let me know if you still have speed issues.
Thanks,
Kareem
Hi Alex,
If your platform doesn't support hardware acceleration for AES, I would recommend trying Chacha/Poly. Yes, you should remove your fast math define.
You are correct that ARMASM won't work with ARMv5, but you should still be able to use SP math assembly which I would definitely recommend.
Thanks,
Kareem
Posts found: 101 to 125 of 151
Generated in 0.028 seconds (91% PHP - 9% DB) with 5 queries