1 Reply by X-log

(7 replies, posted in wolfSSL)

It seems increasing FP_MAX_BITS fixed the problem.

Thanks for the help.

Go to forum: wolfSSL

2 Reply by X-log

(7 replies, posted in wolfSSL)

No, I am generating my own keys&certs in x86 eviroment.

My cm3 enviroment does not have filesystem, so I cant run keygen & certgen tests (and curently I don't have enough free time to try to port them to it).

Current status:
server-CM3-bigint, certs(4096b)-x86-bigint, client-x86-bigint - everything ok
server-CM3-fastmath, certs(4096b)-x86-bigint, client-x86-bigint - fails
server-CM3-bigint, certs(4096b)-x86-bigint, client-x86-fastmath - everything ok
server-CM3-fastmath, certs(4096b)-x86-bigint, client-x86-fastmath - fails

wolfSSL embedded SSL fails to verify clients cert signature then running on cortex M3 with fastmath.

I could also try to generate keys & certs using fastmath, but I'm guessing it will also fail.

Go to forum: wolfSSL

3 Reply by X-log

(7 replies, posted in wolfSSL)

All tests pass.

Test using bigendian wrote:

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
PWDBASED test passed!

Test using fastmath wrote:

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
PWDBASED test passed!

debug then using fastmath wrote:

CyaSSL Entering CYASSL_CTX_new
CyaSSL Entering CyaSSL_Init
CyaSSL Entering CyaSSL_CertManagerNew
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering CyaSSL_CTX_use_certificate_buffer
Checking cert signature type
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
Not ECDSA cert signature
CyaSSL Entering CyaSSL_CTX_use_PrivateKey_buffer
CyaSSL Entering GetMyVersion
CyaSSL Entering CyaSSL_CTX_load_verify_buffer
Processing CA PEM file
Adding a CA
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering DecodeCertExtensions
CyaSSL Entering DecodeBasicCaConstraint
CyaSSL Entering GetAlgoId
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
CyaSSL Leaving AddCA, return 0
   Processed a CA
CyaSSL Entering CyaSSL_CTX_set_verify
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0

CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering SSL_accept()
growing input buffer

growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing client hello
CyaSSL Entering MatchSuite
CyaSSL Entering VerifySuite
Requires RSA
Verified suite validity
CyaSSL Leaving DoHandShakeMsgType(), return 0
CyaSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state HELLO_VERIFY_SENT
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
accept state KEY_EXCHANGE_SENT
growing output buffer

Shrinking output buffer

accept state CERT_REQ_SENT
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_DONE
growing input buffer

received record layer msg
CyaSSL Entering DoHandShakeMsg()
CyaSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
Veriying Peer's cert
CyaSSL Entering GetExplicitVersion
CyaSSL Entering GetMyVersion
CyaSSL Entering GetAlgoId
Getting Cert Name
Getting Cert Name
CyaSSL Entering GetAlgoId
CyaSSL Entering GetAlgoId
About to verify certificate signature
Rsa SSL verify error
Confirm signature failed
Failed to verify Peer's cert
No callback override available, fatal
CyaSSL Leaving DoHandShakeMsgType(), return -155
CyaSSL Leaving DoHandShakeMsg(), return -155
CyaSSL error occured, error = -155
CyaSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

CyaSSL Leaving SSL_free, return 0
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0

Go to forum: wolfSSL

4 Topic by X-log

(7 replies, posted in wolfSSL)

I'm running wolfssl 2.5.0 on cortex m3 (lpc1788) mcu. If I swith to fastmath, wolfssl fails to verify RSA certificates  (keys & certificates were generated on x86 wolfssl instance using default big integer lib). Is this behaviour normal (wolfssl_fastmath  is incompatible with wolfssl_big_integer) and I need to make new keys using fast math?

Go to forum: wolfSSL

5 Topic by X-log

(1 replies, posted in wolfSSL)

version: 2.0.0rc2

ProcessChainBuffer (ssl.c:919) is  only defined then filesystem is used (#ifndef NO_FILESYSTEM region), although this function is used by  CyaSSL_CTX_load_verify_buffer (ssl.c:2238) resulting in linking error;

Go to forum: wolfSSL