1

(6 replies, posted in wolfSSL)

Hello

I am currently testing this for personal use. I will test some features that are not available in mbedtls

1. wolfSSL source code

  /* Only use alignment in wolfSSL/wolfCrypt if WOLFSSL_USE_ALIGN is set */
    #ifdef WOLFSSL_USE_ALIGN
        /* For IAR ARM the maximum variable alignment on stack is 8-bytes.
         * Variables declared outside stack (like static globals) can have
         * higher alignment. */
        #if defined(__ICCARM__)
            #define WOLFSSL_ALIGN(x) XALIGNED(8)
        #else
            #define WOLFSSL_ALIGN(x) XALIGNED(x)
        #endif
    #else
        #define WOLFSSL_ALIGN(x) /* null expansion */
    #endif

    #ifndef ALIGN8
        #define ALIGN8   WOLFSSL_ALIGN(8)
    #endif
    #ifndef ALIGN16
        #define ALIGN16  WOLFSSL_ALIGN(16)
    #endif
    #ifndef ALIGN32
        #define ALIGN32  WOLFSSL_ALIGN(32)
    #endif
    #ifndef ALIGN64
        #define ALIGN64  WOLFSSL_ALIGN(64)
    #endif
    #ifndef ALIGN128
        #define ALIGN128 WOLFSSL_ALIGN(128)
    #endif
    #ifndef ALIGN256
        #define ALIGN256 WOLFSSL_ALIGN(256)
    #endif

    #if !defined(PEDANTIC_EXTENSION)
        #if defined(__GNUC__)
            #define PEDANTIC_EXTENSION __extension__
        #else
            #define PEDANTIC_EXTENSION
        #endif
    #endif /* !PEDANTIC_EXTENSION */

2. ARMCC warning info

wolfcrypt\src\kdf.c(87): warning:  #1041-D: alignment for an auto object may not be larger than 8

3. How should I solve this warning? I can think of two ways:

a. Add recognition of ARMCC macro definition, and when it is recognized as an ARMCC compiler, perform the same behavior as the IAR ARM compiler, that is, 8-byte alignment.
b. Write a custom #define ALIGN8 macro for each byte alignment function
What should I do to deal with it reasonably and without any problems?

3

(6 replies, posted in wolfSSL)

I think I messed up the code yesterday. I restarted my computer today and rewrote the experiment. It works. Sorry to disturb your time.

4

(6 replies, posted in wolfSSL)

I wrote the server and client by myself. I tested it with my own certificate chain and verified the server and client handshake. My server has a 4-layer certificate chain, including the root certificate, intermediate certificate 1, intermediate certificate 2, and leaf certificate. I checked the log and it reported: Don't have RSA. Has anyone encountered this problem? I will attach the logs of my server and client.

server log:
info, level:(2) wolfSSL Entering wolfSSL_Init
info, level:(2) wolfSSL Entering wolfCrypt_Init
info, level:(2) wolfSSL Entering TLSv1_2_server_method_ex
info, level:(2) wolfSSL Entering wolfSSL_CTX_new_ex
info, level:(2) wolfSSL Entering wolfSSL_CertManagerNew
info, level:(1) heap param is null
info, level:(1) DYNAMIC_TYPE_CERT_MANAGER Allocating = 184 bytes
info, level:(3) wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
info, new ctx success!
info, level:(2) wolfSSL Entering wolfSSL_CTX_use_certificate_chain_buffer_format
info, level:(2) wolfSSL Entering PemToDer
info, level:(1) Processing Cert Chain
info, level:(2) wolfSSL Entering PemToDer
info, level:(1)    Consumed another Cert in Chain
info, level:(2) wolfSSL Entering PemToDer
info, level:(1)    Consumed another Cert in Chain
info, level:(1) Finished Processing Cert Chain
info, level:(1) Checking cert signature type
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(1) ECDSA/ED25519/ED448 cert signature
info, load cer buffer success!
info, level:(2) wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
info, level:(2) wolfSSL Entering PemToDer
info, level:(3) wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
info, level:(2) wolfSSL Entering check_cert_key
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(131)
info, level:(2) wolfSSL Entering DecodeAltNames
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(0)
verify:(0)
cert->extAuthKeyIdSet:(1)
cert->ca:((null))
int,type:0
info, level:(1) Checking ECC key pair
info, level:(2) wolfSSL Entering wolfSSL_CTX_set_cipher_list
info, load key buffer success!
info, tcp server init sucess! wait tcp connect!
info, level:(2) wolfSSL Entering wolfSSL_new
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(1) RNG_HEALTH_TEST_CHECK_SIZE = 128
info, level:(1) sizeof(seedB_data)         = 128
info, level:(1) opened /dev/urandom.
info, level:(1) rnd read...
info, level:(2) wolfSSL Entering SetSSL_CTX
info, level:(2) wolfSSL Entering wolfSSL_NewSession
info, level:(1) InitSSL done. return 0 (success)
info, level:(1) wolfSSL_new InitSSL success
info, level:(3) wolfSSL Leaving wolfSSL_new InitSSL =, return 0
info, level:(2) wolfSSL Entering wolfSSL_accept
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(99)
rbuf ret:(99)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing client hello
info, level:(2) wolfSSL Entering DoClientHello
info, level:(1) Matched No Compression
info, level:(1) Adding signature algorithms extension
info, level:(1) Signature Algorithms extension received
info, level:(1) Point Formats extension received
info, level:(1) Supported Groups extension received
info, level:(2) wolfSSL Entering MatchSuite
info, level:(2) wolfSSL Entering VerifyServerSuite
info, level:(1) Requires RSA
info, level:(1) Don't have RSA
info, level:(1) Could not verify suite validity, continue
info, level:(2) wolfSSL Entering VerifyServerSuite
info, level:(1) Requires ECC
info, level:(1) Verified suite validity
info, level:(3) wolfSSL Leaving DoClientHello, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) accept state ACCEPT_FIRST_REPLY_DONE
info, level:(2) wolfSSL Entering SendServerHello
info, level:(1) growing output buffer
info, level:(2) wolfSSL Entering wolfSSL_get_options
info, level:(1) Point Formats extension to write
my_callbackiosend sz:(87)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerHello, return 0
info, level:(1) accept state SERVER_HELLO_SENT
info, level:(2) wolfSSL Entering SendCertificate
info, level:(1) growing output buffer
my_callbackiosend sz:(1768)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendCertificate, return 0
info, level:(1) accept state CERT_SENT
info, level:(2) wolfSSL Entering SendCertificateStatus
info, level:(3) wolfSSL Leaving SendCertificateStatus, return 0
info, level:(1) accept state CERT_STATUS_SENT
info, level:(2) wolfSSL Entering SendServerKeyExchange
info, level:(1) Using ephemeral ECDH
info, level:(2) wolfSSL Entering EccMakeKey
info, level:(3) wolfSSL Leaving EccMakeKey, return 0
info, level:(1) Trying ECC private key, RSA didn't work
info, level:(1) Using ECC private key
info, level:(2) wolfSSL Entering EccSign
info, level:(3) wolfSSL Leaving EccSign, return 0
info, level:(2) wolfSSL Entering SendHandshakeMsg
info, level:(1) growing output buffer
my_callbackiosend sz:(153)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerKeyExchange, return 0
info, level:(1) accept state KEY_EXCHANGE_SENT
info, level:(1) accept state CERT_REQ_SENT
info, level:(2) wolfSSL Entering SendServerHelloDone
info, level:(1) growing output buffer
my_callbackiosend sz:(9)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerHelloDone, return 0
info, level:(1) accept state SERVER_HELLO_DONE
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)

client log:
info, level:(2) wolfSSL Entering wolfSSL_Init
info, level:(2) wolfSSL Entering wolfCrypt_Init
info, level:(2) wolfSSL Entering TLSv1_2_client_method_ex
info, level:(2) wolfSSL Entering wolfSSL_CTX_new_ex
info, level:(2) wolfSSL Entering wolfSSL_CertManagerNew
info, level:(1) heap param is null
info, level:(1) DYNAMIC_TYPE_CERT_MANAGER Allocating = 184 bytes
info, level:(3) wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
info, level:(2) wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
info, level:(1) Processing CA PEM file
info, level:(2) wolfSSL Entering PemToDer
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(151)
info, level:(2) wolfSSL Entering DecodeExtKeyUsage
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(146)
info, level:(2) wolfSSL Entering DecodeCertPolicy
info, level:(3) wolfSSL Leaving DecodeCertPolicy, return 0
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(1)
type:(6)
verify:(1)
cert->extAuthKeyIdSet:(1)
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1)    Processed a CA
info, level:(1) Processed at least one valid CA. Other stuff OK
info, level:(3) wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
info, create tcp client success!
info, connect success! socketfd:(3)
info, connect baidu.com success!
info, level:(2) wolfSSL Entering wolfSSL_new
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(1) RNG_HEALTH_TEST_CHECK_SIZE = 128
info, level:(1) sizeof(seedB_data)         = 128
info, level:(1) opened /dev/urandom.
info, level:(1) rnd read...
info, level:(2) wolfSSL Entering SetSSL_CTX
info, level:(2) wolfSSL Entering wolfSSL_NewSession
info, level:(1) InitSSL done. return 0 (success)
info, level:(1) wolfSSL_new InitSSL success
info, level:(3) wolfSSL Leaving wolfSSL_new InitSSL =, return 0
info, level:(1) TLS 1.2 or lower
info, level:(2) wolfSSL Entering wolfSSL_connect
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(2) wolfSSL Entering SendClientHello
info, level:(1) Adding signature algorithms extension
info, level:(1) growing output buffer
info, level:(1) Signature Algorithms extension to write
info, level:(1) Point Formats extension to write
info, level:(1) Supported Groups extension to write
my_callbackiosend sz:(104)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendClientHello, return 0
info, level:(1) connect state: CLIENT_HELLO_SENT
info, level:(1) Server state up to needed state.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(82)
rbuf ret:(82)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing server hello
info, level:(2) wolfSSL Entering DoServerHello
info, level:(1) Point Formats extension received
info, level:(2) wolfSSL Entering wolfSSL_get_options
info, level:(2) wolfSSL Entering VerifyClientSuite
info, level:(3) wolfSSL Leaving DoServerHello, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) ProcessReply done.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(1763)
rbuf ret:(1763)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing certificate
info, level:(2) wolfSSL Entering DoCertificate
info, level:(2) wolfSSL Entering ProcessPeerCerts
info, level:(1) Loading peer's cert chain
info, level:(1)         Put another cert into chain
info, level:(1)         Put another cert into chain
info, level:(1)         Put another cert into chain
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(38)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(8)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:38
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Adding CA from chain
info, level:(1) Modifying SSL_CTX CM not SSL specific CM
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(6)
verify:(0)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(8)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(38)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(1)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:38
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Adding CA from chain
info, level:(1) Modifying SSL_CTX CM not SSL specific CM
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(6)
verify:(0)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(1)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1) Verifying Peer's cert
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(131)
info, level:(2) wolfSSL Entering DecodeAltNames
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(0)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(4)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:0
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Verified Peer's cert
info, level:(3) wolfSSL Leaving ProcessPeerCerts, return 0
info, level:(3) wolfSSL Leaving DoCertificate, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) ProcessReply done.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(148)
rbuf ret:(148)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing server key exchange
info, level:(2) wolfSSL Entering DoServerKeyExchange
info, level:(2) wolfSSL Entering EccVerify
info, level:(3) wolfSSL Leaving EccVerify, return -330
info, level:(3) wolfSSL Leaving DoServerKeyExchange, return -330
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return -330
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return -330
info, level:(0) wolfSSL error occurred, error = -330
info, level:(0) wolfSSL error occurred, error = -330
info, ret:(-1)
info, ssl connect falied!
info, level:(2) wolfSSL Entering wolfSSL_write
info, level:(1) handshake not complete, trying to finish
info, level:(2) wolfSSL Entering wolfSSL_negotiate
info, level:(1) TLS 1.2 or lower
info, level:(2) wolfSSL Entering wolfSSL_connect
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(1) Server state up to needed state.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(1) ProcessReply retry in error state, not allowed
info, level:(0) wolfSSL error occurred, error = -330
info, level:(3) wolfSSL Leaving wolfSSL_negotiate, return -1
info, level:(3) wolfSSL Leaving wolfSSL_write, return -1
info.http send ret:(-1)
info, level:(2) wolfSSL Entering wolfSSL_read
info, level:(2) wolfSSL Entering wolfSSL_read_internal
info, level:(2) wolfSSL Entering ReceiveData
info, level:(1) User calling wolfSSL_read in error state, not allowed
info, level:(3) wolfSSL Leaving wolfSSL_read_internal, return -330
rbuf ret:(-1) rbuf:()