Topic: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hey all,

Just started to use HexFive Iot stack and hit same problem as already reported in another thread named

"Re: [SOLVED] build error in wolfssl/wolfcrypt/settings.h"

I tried following instructions given in this thread but this unfortunately did not help in my case.

Using code from here: https://github.com/hex-five/multizone-secure-iot-stack
Using toolchains and OCD from SiFive here: https://www.sifive.com/boards/

Error I get basically is this one:
../ext/wolfssl/wolfssl/wolfcrypt/settings.h:1727:10: error: #error "FFDHE parameters are too large for FP_MAX_BIT as set"
         #error "FFDHE parameters are too large for FP_MAX_BIT as set"

Tried various things including tweaking wolfSSL macros but am not able to make it compile, remains stucked in zone 2.
Attached my make process output - hope that helps, certainly a stupid thing I forgot but cannot find ...

Can you please advise?

Thanks much already
coco21

Post's attachments

HexFive_IoTStack_wolfSSL_Issue.txt 19.85 kb, 1 downloads since 2019-09-09 

You don't have the permssions to download the attachments of this post.

Share

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi coco21,

Thanks for the issue report.

The user_settings.h https://github.com/hex-five/multizone-s … ngs.h#L218 has `HAVE_FFDHE_4096` set, which would require `FP_MAX_BITS` = 4096*2 or 8192.
Options are:
1. Comment out `HAVE_FFDHE_4096` to disable 4096-bit DH support.
2. Change `FP_MAX_BITS` to 8192.

We'll make sure this gets fixed in the HexFive demo.

Thanks,
David Garske, wolfSSL

Share

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi David,

Thanks for answering so quickly.
Ok tried both options you propose but problem persists.
I indeed do the modifications here: zone2/user_settings.h#L218 as indicated by your GitHub link.

What am I missing? Did a complete make clean to be sure nothing remains in there.

Thx coco21

Share

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi coco21,

Make sure:

1. Your Makefile/build script defines the `WOLFSSL_USER_SETTINGS` macro (CFLAGS="-DWOLFSSL_USER_SETTINGS"). This will make sure the user_settings.h configuration is included and the same build configuration is used.

2. You include <wolfssl/wolfcrypt/settings.h> in your application code prior to any other wolfSSL headers.

Thanks,
David Garske, wolfSSL

Share

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi coco21,

We've started a dialog with Hex-Five here: https://github.com/hex-five/multizone-s … /issues/65
Feel free to join the discussion.

Thanks,
David Garske, wolfSSL

Share

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi coco21,

The MultiZone Secure IoT Stack is certified to work with wolfSSL 3.15.7 @272181b.

Any different versions of its dependencies may not work as expected or require some tweaking.

External dependencies include: FreeRTOS, picoTCP, wolfSSL, and MultiZone TEE. The right versions of these components are all included in the MultiZone Secure IoT Stack repository on GitHub.

Hex Five's prebuilt reference RISC-V toolchain is optional and recomendded
https://hex-five.com/wp-content/uploads … 226.tar.xz

Please follow the instructions in readme and manual and let us know if you need help with your RISC-V project.

https://github.com/hex-five/multizone-s … /README.md
https://github.com/hex-five/multizone-s … manual.pdf

Thanks!

Hex Five Tech Support

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

UPDATE on related threads "SiFive":

https://github.com/wolfSSL/wolfssl/pull/2456
Support for SiFive HiFive Unleashed board

- KH

8 (edited by Kaleb J. Himes 2019-09-17 10:23:58)

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi @coco21,

Can you tell us a bit about what it is you are working on? Is this an evaluation for an existing or upcoming project? Can you share any details about the project?

If this is for a commercial project and you do not wish to disclose details on the public forums please reach out to support@wolfssl.com for a more private channel to discuss project details!



Warm Regards,

KH

Re: Hex-five:#error "FFDHE parameters are too large for FP_MAX_BIT as set"

Hi Kaleb,

We may switch over to a more private channel - I'll let you know when this will happen.
For the moment I will play with it and understand its strenghts.

Thanks for reaching out to me so quickly.
coco21

Share