1

(2 replies, posted in wolfSSL)

I am importing only three functions: InitRng, RsaPublicKeyDecode and RsaPublicEncrypt.

It seems RsaPublicKeyDecode is the one bringing in the GetCA and GetCAByname and is in asn.c
I think i have no option than to link with the whole wolfSSL embedded SSL library.

Since i am not using ssl/tls stuffs, do i still need to call  SSL_library_init(or its wolfSSL equivalent) and wolfSSL_Cleanup ?

//----EDIT

i have also noticed that there is RsaPrivateDecrypt but there is no RsaPrivateEncrypt likewise there is RsaPublicEncrypt but there is no RsaPublicDecrypt. So how do I encrypt data with private key since there is no RsaPrivateEncrypt and how do I decrypt data with public key since their is no RsaPublicDecrypt?

2

(2 replies, posted in wolfSSL)

Can the wolfCrypt library be used alone?

I've being using wolfSSL for my embedded SSL and embedded TLS needs for getting to two years now and it is more than perfect.  But now I need to use only RSA from the library for a project and I felt I could use only wolfCrypt alone instead of the whole wolfSSL since i don't need ssl or tls; just rsa but I am running into some difficulties. I am building with vs2008.

Just for a test, I create an empty console application and include the rsa.h without even calling any function from wolfCrypt but it gives me lots of errors.  I may post them here if needed.

EDIT ----///

seems the version i was using is a little hold, so there were few bugs. I've just downloaded the latest version. I am not using certificate but it seems it is auto linking with certificate functions.

1>asn.obj : error LNK2001: unresolved external symbol _GetCA
1>asn.obj : error LNK2001: unresolved external symbol _GetCAByName


I defined NO_CERTS and NO_SKID hoping that will get raid of GetCAByName but it fails

3

(1 replies, posted in wolfSSL)

How may i deal with SSL_MODE_AUTO_RETRY when wolfSSL embedded SSL doesn't have SSL_set_mode

Thanks

4

(1 replies, posted in wolfSSL)

I need wolfSSL for only client embedded SSL support and needs only two cipher suites which I know the target servers always support
I have tried as much as i could to reduce the footprint  but what i'm getting is 101KB.

I have used the following switchs

NO_MD4,NO_RABBIT,NO_SESSION_CACHE,NO_WOLFSSL_SERVER,NO_ERROR_STRINGS,NO_PSK,NO_PWDBASED,NO_HC128,NO_DSA,OPENSSL_EXTRA,NO_64BIT,NO_SHA-384

These are the only imports i made
   
    SSL_CTX_new
    TLSv1_1_client_method
    SSL_CTX_set_verify
    SSL_CTX_set_cipher_list
    SSL_new(ctx);
    SSL_set_fd(ssl, isocket) ;
    SSL_connect
    SSL_get_peer_certificate
    X509_NAME_oneline
    X509_get_issuer_name
    OPENSSL_free
    OPENSSL_free
    X509_free
    SSL_free
    SSL_write
    SSL_read
    SSL_library_init

I am compiling with visual studio (6 or 2008)
The fact is, i have only 50KB to spare due to the nature of the program I am writting.
Reading from the site, i could get footprint as little as 30KB, so what is wrong with my compilation?

5

(4 replies, posted in wolfSSL)

chrisc wrote:

Hi Frank,

What's your overall gaol that you are trying to accomplish in your application regarding RSA keys?  There may be an easier way to accomplish it using the wolfSSL API.

I'm porting my code from openssl to wolfSSL due to the bloated size of openssl static library.
The application is heavily dependent on multiple ciphers.

In this case i will first use  wolfSSL_KeyPemToDer() to convert the key to der format, then use RsaPublicKeyDecode() to convert it into a rsa key.

If wolfSSL is compiled with key generation (--enable-keygen or define WOLFSSL_KEY_GEN), wolfSSL provides the RsaKeyToDer() function which will convert an internal RsaKey to a DER-encoded buffer.  Is this similar to what you are looking for?

Great, that is exactly what i need.

There is a new issue that i discovered today.
wolfSSL_RSA_public_encrypt() is actually not implemented. The implementation simply void the parameters and return a failure code.
I could use RsaPublicEncrypt() but I have no means of using RSA_PKCS1_OAEP_PADDING padding.

Do you have any suggest on this for me?

Thank you alot for your time.

The compatibility layer of the ssl portion is almost a 100% job done. really excellent.
But when it comes to the area of crypto, there is really a lot of work to be done.

6

(4 replies, posted in wolfSSL)

What should be the format of the key supplied to RsaPublicKeyDecode()? PEM or DER ?
I think it should be PEM but according to section 10.5.1 of http://yassl.com/yaSSL/Docs-cyassl-manu … rence.html , it seems it should be .der since it includes a comment refering to "RsaPublicKey.der". Does that means a PEM key has to be first base64 decoded?

DECODING PUBLIC KEY
--------------
I am also of the impression that RsaPublicKeyDecode() in wolfSSL embedded SSL can be be a replacement for PEM_read_bio_RSAPublicKey() or d2i_RSAPublicKey() in openssl without any issues since wolfSSL provides openssl compatibility layer for only private key rsa private key operations

ENCODING PUBLIC KEY
-----------------------------
I couldn't find any function in wolfSSL for encoding public keys.
Is there any wolfSSL alternative for openssl i2d_RSAPublicKey()

7

(1 replies, posted in wolfSSL)

I'm porting my code from openssl to wolfssl.
In my code I use AES in counter mode to encrypt data which arrives in parts and send it to the receiver.
In my code I use EVP_EncryptInit() to set the key and any time the data arrive, I encrypt it
with EVP_EncryptUpdate().
I never call EVP_EncryptFinal() since it will affect the context.
In wolfssl there is no compatibility for EVP_EncryptInit() but there is EVP_CipherInit(), so I intend to use EVP_CipherInit().
My difficulty comes down to EVP_EncryptUpdate().
Is their anyway I can achieve my objective since there is no alternative for EVP_EncryptUpdate()?

EDIT:
Further search through the source reveals that  CyaSSL_EVP_Cipher [EVP_Cipher] is available
which i can use by passing CyaSSL_EVP_aes_128_ctr to select 128 counter mode.
I have realized that in counter mode, CyaSSL_EVP_Cipher only call AesCtrEncrypt()
This brings me back to the initial issue of context.
AesCtrEncrypt() does not accept context structure, hence will not update the context.

Thank you