51

(6 replies, posted in wolfCrypt)

The parser is failing on the attribute

unstructuredName         :ovgu
openssl req -in testcsr2.pem -noout -text
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = DE, ST = BW, L = KER, O = OVGU, OU = COMSYS, CN = testName, emailAddress = xyz@ovgu.de
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:6b:61:17:b7:64:a7:c8:64:ef:7e:1b:df:81:d7:
                    3b:68:cf:d5:77:f3:26:6a:5a:7e:81:cd:b0:02:25:
                    b4:7f:ff:42:62:44:dd:e3:e0:40:49:89:8d:ff:d7:
                    e5:36:3b:b0:cb:d1:1b:2d:59:89:de:3e:6e:12:46:
                    2a:56:a2:37:5a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            unstructuredName         :ovgu
            challengePassword        :1234
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:d3:cf:8a:a5:95:9f:fa:cb:84:dd:bf:ed:a8:
         7b:4a:91:ba:a2:6f:ef:cf:19:41:40:c2:ab:d8:db:b3:95:c9:
         53:02:20:3b:4c:fb:75:08:12:09:93:e3:66:7a:9f:35:12:4c:
         de:ca:1d:24:f0:eb:40:8d:a0:66:28:71:9f:5e:54:1a:40

Here is some relevant information:
https://stackoverflow.com/questions/187 … cturedname

Try rebuilding the CSR without entering the unstructuredName field.

52

(6 replies, posted in wolfCrypt)

Hi adarshr.r6

Thanks for contacting wolfSSL. Typically we would like to review the problematic CSR. If you'd rather not share on this public forum, you are welcome to submit a support request by emailing support@wolfssl.com

Hi Bruce,

Thanks for sending a message to support@wolfssl.com. We will assist you there.

GENERIC EXAMPLE:

./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
--target=<your target> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"

SPECIFIC EXAMPLE:

./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs"  \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"

Hello Junkhar,

To better prioritize your support request, please open a ticket by sending an email to support@wolfssl.com

Thanks,
Eric @ wolfSSL Support

Hello Rod,

Please review the section on cross compiling in the wolfSSL User Manual:
https://www.wolfssl.com/docs/wolfssl-ma … users%20on

Let us know if there are questions.

57

(2 replies, posted in wolfSSL (formerly CyaSSL))

Hi adarshr.r6

Thank you so much for reaching out to wolfSSL support, can you tell us a bit about what you are working on and the high-level overview of the project to help us better classify this inquiry? Thank you in advance!

Your application must include the wolfSSL configuration headers before any others.

https://github.com/wolfSSL/wolfssl-exam … -tls.c#L34

/* wolfSSL */
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>

Let us know if there are questions.

58

(8 replies, posted in wolfSSL (formerly CyaSSL))

Please try only creating a new SSL object, instead of a new CTX and SSL. Here is an example:
https://github.com/wolfSSL/wolfssl-exam … tls-perf.c

59

(8 replies, posted in wolfSSL (formerly CyaSSL))

Your last message did not attach a pcap file

fail 2 test2.pcapng

60

(8 replies, posted in wolfSSL (formerly CyaSSL))

Could you share the wolfSSL configuration? Also a log and pcap is very useful in determining why a connection is failing. If you'd prefer to keep this information private, please feel free to open a support ticket by emailing support @ wolfssl.com

Have you run the example stand-alone yet? It might be useful to see it working first, then try to integrate.

Hello Junkhar,

Thanks for contacting wolfSSL Support. Which Harmony webserver example project are you testing with?

Browsers often open multiple TLS connections to help speed up displaying a webpage. This can cause issues with embedded servers.   Are you seeing a single connection succeed? If you test with wget does it work?

Thanks,
Eric

Hello Davide,

You'll want to cross-compile the library. Here is an example:

GENERIC EXAMPLE:

./configure \
CC="/path/to/your/toolchain/toolchain-gcc" \
AR="/path/to/your/toolchain/toolchain-ar" \
AS="/path/to/your/toolchain/toolchain-gcc" \
RANLIB="/path/to/your/toolchain/toolchain-ranlib" \
LD="/path/to/your/toolchain/toolchain-ld" \
--host=<your host> \
<your other configure options here> \
CFLAGS="-mcpu=<your cpu definition here> \
<other cflags here>" \
LIBS="<libs>"

SPECIFIC EXAMPLE:

./configure \
CC="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
AR="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ar" \
AS="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-gcc" \
RANLIB="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ranlib" \
LD="/usr/local/gcc_arm/gcc-arm-none-eabi-7-2017-q4-major/bin/arm-none-eabi-ld" \
--host=arm-none-eabi \
--enable-aesgcm --enable-ecc \
CFLAGS="-mcpu=cortex-m4 \
-Os -specs=rdimon.specs"  \
LIBS="-Wl,--start-group -lm -lgcc -lc -lrdimon -Wl,--end-group"

Chapter 2.6 of the wolfSSL manual will be helpful, as the same rules apply to wolfMQTT.
https://www.wolfssl.com/docs/wolfssl-manual/ch2/

Hello Akhi,

The wolfSSL interface is agnostic to the underlying transport layer. As such, it does not provide a method for fetching the MAC address. TI-RTOS does provide such capability:
https://www.ti.com/tool/NDKTCPIP

Kind regards,
Eric @ wolfSSL Support

Also, here is an example of a very minimal configuration for ECC. Perhaps it will be useful:
https://github.com/wolfSSL/wolfssl/blob … _min_ecc.h

That does not sound outrageous.

Here is a guide you may find useful:
https://www.wolfssl.com/docs/wolfssl-ma … llocation/
In particular, the tuning section at the end.

Hi Alex,

Nothing stands out as odd in the configuration. There could be an issue in how the application is handling the wolfSSL context.

Have you reviewed the examples repository? In particular this one may be of interest to you:
https://github.com/wolfSSL/wolfssl-exam … blocking.c

Thanks,
Eric @ wolfSSL Support

Excellent. Right, if you had filled the buffer with data (used all 1024 bytes), then the sizeof operator would be correct.

Yes, the sizeof operator returns the actual size of the buffer, not the string. You want to use

 strlen(buffer)
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/sha256.h>
#include <wolfssl/wolfcrypt/error-crypt.h>

void main() {
    byte md5sum[MD5_DIGEST_SIZE]; 
    byte sha256sum[SHA256_DIGEST_SIZE]; 
    byte buffer[1024] = "Hello";
    Md5 md5;
    Sha256 sha256;
    
    //MD5
    wc_InitMd5(&md5);
    wc_Md5Update(&md5, buffer, strlen(buffer));
    wc_Md5Final(&md5, md5sum);
    printf("MD5 is \n");
    for(int i=0 ; i < MD5_DIGEST_SIZE ;i++)  printf("%x",md5sum[i]);
        printf(" \n");
    wc_Md5Free(&md5);


    //SHA256
    wc_InitSha256(&sha256);
    wc_Sha256Update(&sha256, buffer, strlen(buffer));
    wc_Sha256Final(&sha256, sha256sum);
    printf("SHA is \n");
    for(int i=0 ; i < SHA256_DIGEST_SIZE  ;i++) printf("%x",sha256sum[i]);
        printf(" \n");
    wc_Sha256Free(&sha256);
}

MD5 is
8b1a9953c4611296a827abf8c4784d7
SHA is
185f8db32271fe25f561a6fc938b2e26436ec304eda51807d1764826381969

Hello

I would be curious to see your application code, perhaps you are hashing the whole buffer, not just the string "Hello"

wolfSSL has a command line utility project, aptly named wolfCLU:
https://github.com/wolfSSL/wolfCLU

I used it below to demonstrate that the hashes match the values from other tools (openssl and sha256sum):

$ echo "Hello" > test.txt
$ wolfssl -hash md5 -in test.txt 
09f7e02f1290be211da707a266f153b3
$ openssl md5 test.txt 
MD5(test.txt)= 09f7e02f1290be211da707a266f153b3
$ wolfssl -hash sha256 -in test.txt 
66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18
$ sha256sum test.txt 
66a045b452102c59d840ec097d59d9467e13a3f34f6494e539ffd32c1bb35f18  test.txt

HI Kelvin,

Thanks for confirming the fix. Most customers of wolfSSL utilize the ZenDesk platform by emailing `support@wolfssl.com`. Tickets in ZenDesk are monitored and more closely tracked.

You are welcome to use whichever method suits you.

Hi Davide,

I have not heard back from my contact at Sysgo (out of office), but you might have some luck reaching out to them also
info@sysgo.com

I participated in a webinar in which the Sysgo engineer developed a demo using PikeOS and wolfSSL / wolfMQTT. Of course wolfSSL and wolfMQTT code is available as open source on Github, but the PikeOS code will need to be provided by Sysgo.
https://www.youtube.com/watch?v=e2MjDM_JjXQ

Thanks,
Eric @ wolfSSL Support

Hello Kelvin,

GitHub is also a public facing platform. If there are issues you would prefer to keep more private, you can also send a message to support@wolfssl.com, which will create a ticket in our ZenDesk issue tracker.

Kind regards,
Eric @ wolfSSL Support

Hi Davide,

I am checking around to see if we have a demo that could help guide you. I will follow up when I know more.

Thanks,
Eric @ wolfSSL Support

Hi Kelvin,

Thanks again for your excellent report on this issue. I created a fix here:
https://github.com/wolfSSL/wolfMQTT/pull/240

Please let me know if this also fixes the problem from your perspective.

Thanks,
Eric @wolfSSL Support