1 Reply by maximilian.schnabel

(2 replies, posted in wolfSSL)

Hey Eric,

Thanks! and also thank you for your detailed response.

embhorn wrote:

Are you building from the Zephyr folder?

The project structure looks something like this:

Project/
|---extern/
|   |---wolfssl/
|   |---wolfmqtt/
|---src/
|   |---*.c
|--- CMakeLists.txt
|--- prj.conf
|--- KConfig

I am not a 100% sure if I understand your question/ the situation correctly, but I am not starting my build there. I am using the NRF Connect extension for vs code to build my application. This software is used for the board that I am developing on.

I am adding wolfSSL as a zephyr module, which to my understanding also results in the cmake add_subdirectory() function to be called on the wolfssl main folder (https://docs.zephyrproject.org/latest/d … ild-system).

embhorn wrote:

This uses the user_settings.h file for configuration.

It seems that in this user_settings.h the WC_NO_HASHDRBG gets defined, because CONFIG_MBEDTLS_PSA_CRYPTO_C is defined in my environment, which could cause the build to run into this case (see: https://github.com/wolfSSL/wolfssl/blob … h#L68-L117):

#elif !defined(WC_NO_RNG)
    #error No RNG source defined!

For testing purposes I also tried to build the example provided here:
zephyr/samples/wolfssl_test
and here:
zephyr/samples/wolfssl_tls_sock
There the error also shows up.

Interestingly this same configuration works, if I build the test application for the nrf52840dk/nrf52840 board, but I am not quite sure how to investigate the differences in the build environment.

I am currently trying to disable mbedtls to see what effects this would have on the build.


EDIT:

So, I got it to build changing only a few lines in the user_config.h you linked. When I comment out the following lines

#ifdef CONFIG_MBEDTLS_PSA_CRYPTO_C
    #define WOLFSSL_HAVE_PSA
    #ifndef SINGLE_THREADED
        #define WOLFSSL_PSA_GLOBAL_LOCK
    #endif
    #define WC_NO_HASHDRBG /* use PSA RNG directly via wc_psa_get_random */
#endif

(https://github.com/wolfSSL/wolfssl/blob … .h#L73-L79)

The build works, but I can not judge if this is still a valid configuration. Does not defining WOLFSSL_HAVE_PSA and WC_NO_HASHDRBG have any undesirable effects?

Go to forum: wolfSSL

2 Topic by maximilian.schnabel

(2 replies, posted in wolfSSL)

Hello everyone,

I am not entirely sure if I should post this here in wolfSSL, in wolfMQTT or in the wolfCrypt forums, so I'm sorry if this is not the correct place.

I have an issue when trying to build wolfmqtt (and wolfssl) from source. I do this to be able to use TLS 1.3 in a project that uses an Actinius Icarus board (ARM® Cortex M33 processor). I'm working on windows 11 and am using VS Code.
The build fails with an error (I adjusted the paths here to be relative to the projects source folder):

In file included from extern/wolfssl/wolfssl/wolfcrypt/asn_public.h:36,
                 from extern/wolfssl/wolfssl/ssl.h:36,
                 from extern/wolfssl/wolfssl/internal.h:28,
                 from extern/wolfssl/src/ssl.c:32:
extern/wolfssl/wolfssl/wolfcrypt/random.h:117:6: error: #error No RNG source defined!

I did the following steps to set up my build in addition to my projects own configurations:

  • I cloned the repositories in ${project_folder}/extern/wolfssl and ${project_folder}/extern/wolfMQTT

  • in my ${project_folder}/CMakeLists.txt I added the following line to add the zephyr module to my project:

set(ZEPHYR_EXTRA_MODULES ${CMAKE_SOURCE_DIR}\extern\wolfssl ${CMAKE_SOURCE_DIR}\extern\wolfMQTT)

  • in my prj.conf file I added:

CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
#CONFIG_WOLFSSL_LIBRARY=y
CONFIG_APP_LINK_WITH_WOLFSSL=y
CONFIG_WOLFMQTT=y
CONFIG_WOLFMQTT_TLS=y

I tried a few things to get some Number Generators from the board's software side, but I'm not entirely sure what is expected from me on the wolfssl side.
I have seen the HAVE_HASHDRBG and CUSTOM_RAND_GENERATE_BLOCK defines in random.h. Do I have to implement a custom function to use the boards provided random functions? Is sha256 some kind of library that I otherwise have to link against? Or is this a build configuration issue?

Any help would be greatly appreciated. Thank you!

Go to forum: wolfSSL