1 Topic by sissiok

(1 replies, posted in wolfSSL)

I think the implementation of wc_FreeDhKey() function might have some problem. It just simply void the pointer. However, after calling wc_FreeDhKey, I can see the key context data is still there. And I am able to reuse the DhKey even after wc_FreeDhKey.

Go to forum: wolfSSL

2 Topic by sissiok

(1 replies, posted in wolfSSL)

Hi, I try to implement a Diffie-Hellman key exchange. If I set DH parameter p and g as dh2048.der and dh1024.der in certs fold carried by wolfSSL, it works fine. But if I set p and g to RFC3526 2048-bit MODP Group, I get error MP_EXPTMOD_E in wc_DhGenerateKeyPair() and wc_DhAgree(). Why?

Thanks.

Go to forum: wolfSSL

3 Topic by sissiok

(1 replies, posted in wolfSSL)

Hi,

Is there any way to verify a certificate with its CA certificate without set SSL? Basically, I just use TCP directly. But I need to verify a certificate later. Is there any way to verify a certificate without SSL setup?

Thanks.

Go to forum: wolfSSL

4 Reply by sissiok

(3 replies, posted in wolfSSL)

Can you please tell me how to define it in makefile?

My makefile looks like:

CC=g++
CFLAGS = -g -I -Wall -DHAVE_AESGCM -DWOLFSSL_KEY_GEN -DWOLFSSL_TEST_CERT

But "-DWOLFSSL_TEST_CERT" does not work as I got error: undefined reference to 'InitDecode'

Thanks!

Go to forum: wolfSSL

5 Topic by sissiok

(3 replies, posted in wolfSSL)

Hi, I am trying to extra the rsa public key from a certificate.  I found the following method in test.c:

DecodedCert cert;

InitDecodedCert(....);

ParseCert(....);

RsaPublicKeyDecode(....);

This method requires to define WOLFSSL_TEST_CERT. How to define and enable it?

Thanks a lot!

Go to forum: wolfSSL

6 Reply by sissiok

(8 replies, posted in wolfSSL)

I am using wolfSSL to do a prototype of a security protocol. The OS I am using is ubuntu 14.04 tls. The weird thing is that if I put everything into a single file as your test.c, there is no problem. However, if I separate the RSA_genkey function into another source file (with corresponding header file) and include the header file in the main file, then I have problem. What I am doing is like this:

myheader.hpp 
int RSA_gen(....);

mysrc.cpp
int RSA_gen(....)
{.......}

mymain.cpp
#include "myheader.hpp"
int main(...) {....}


I believe this is a standard way. So I am quite surprised when I got error with this.

Go to forum: wolfSSL

7 Reply by sissiok

(8 replies, posted in wolfSSL)

Yes, I did include <wolfssl/options.h> .

Go to forum: wolfSSL

8 Reply by sissiok

(8 replies, posted in wolfSSL)

Actually I also have similar problem while trying to parse a der file holding rsa private key with wc_RsaPrivateKeyDecode function. I import the private key from a der file into a byte der[4096]. However,  wc_RsaPrivateKeyDecode returns -140 saying there is a error parsing the private key in the buffer. When I use valgrind to check, it also points to the wc_InitRng.  Looks like wc_FreeRng dos not do the work. Any clues? Thanks a lot.

Go to forum: wolfSSL

9 Reply by sissiok

(8 replies, posted in wolfSSL)

sizeof(der) = 4096 and 4096 is really passed to RSA_genkey function. So I think the parameters passed to RSA_genkey look fine. The problem must be somewhere inside RSA_genkey.

Go to forum: wolfSSL

10 Topic by sissiok

(8 replies, posted in wolfSSL)

I am trying to generate a RSA private key and keep it in a array as well as write into a der file. However, I get segmentation fault (core dumped). When I use valgrind to check the memory, it points to wc_InitRng and wc_FreeRng functions. Please help me with this. Thanks.

The leak information is :

==16570== Invalid write of size 8
==16570==    at 0x4E40BE4: wc_InitRsaKey (in /usr/local/lib/libwolfssl.so.0.0.2)
==16570==    by 0x400EF5: RSA_genkey(char const*, unsigned char*, unsigned long) (common.cpp:34)
==16570==    by 0x400E25: main (master.cpp:22)
==16570==  Address 0xfff001458 is not stack'd, malloc'd or (recently) free'd
==16570==
==16570==
==16570== Process terminating with default action of signal 11 (SIGSEGV)
==16570==  Access not within mapped region at address 0xFFF001458
==16570==    at 0x4E40BE4: wc_InitRsaKey (in /usr/local/lib/libwolfssl.so.0.0.2)
==16570==    by 0x400EF5: RSA_genkey(char const*, unsigned char*, unsigned long) (common.cpp:34)
==16570==    by 0x400E25: main (master.cpp:22)
==16570==  If you believe this happened as a result of a stack
==16570==  overflow in your program's main thread (unlikely but
==16570==  possible), you can try to increase the size of the
==16570==  main thread stack using the --main-stacksize= flag.
==16570==  The main thread stack size used in this run was 8388608.
==16570==
==16570== HEAP SUMMARY:
==16570==     in use at exit: 0 bytes in 0 blocks
==16570==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==16570==
==16570== All heap blocks were freed -- no leaks are possible
==16570==
==16570== For counts of detected and suppressed errors, rerun with: -v
==16570== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)


#define RSA_KEY_SIZE 2048
#define EXPONENT 65537

int RSA_genkey( const char * file_der, unsigned char *der, size_t der_len){
    RsaKey priv;
    RNG rng;
    FILE*  keyFile = NULL;
    int ret = 0, der_written = 0;

    if ( ( ret = wc_InitRsaKey( &priv, NULL ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_InitRsaKey: returned %d\n", ret);
        goto exit;
    }

    if ( ( ret = wc_InitRng( &rng ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_InitRng: returned %d\n", ret);
        goto exit;
    }

    if ( ( ret = wc_MakeRsaKey( &priv, RSA_KEY_SIZE, EXPONENT, &rng ) ) != 0 )
    {
        printf(" RSA_genkey failed in wc_MakeRsaKey: returned %d\n", ret);
        goto exit;
    }

    if ( ( der_written = wc_RsaKeyToDer( &priv, (byte*)der, der_len) ) <= 0 )
    {
        printf(" RSA_genkey failed in wc_RsaKeyToDer: returned %d\n", der_written);
        wc_FreeRsaKey( &priv );
        wc_FreeRng( &rng );
        return der_written;
    }


    if ( (keyFile = fopen( file_der, "wb" ) ) == NULL )
    {
        printf(" RSA_genkey failed when opening file.\n");
        ret = -1;
        goto exit;
    }

    if ( fwrite( der, 1, der_written, keyFile) != (size_t)der_written )
    {
        printf(" RSA_genkey failed when writing into file.\n");
        fclose( keyFile );
        ret = -1;
        goto exit;
    }
    fclose( keyFile );

exit:
    wc_FreeRng( &rng );
    wc_FreeRsaKey( &priv );
    return ret;
}


int main(int , char const **)
{
    //int ret;
    unsigned char der[4096];
    memset (der, 0, sizeof(der) );
    RSA_genkey("./rsa_priv.der", der, sizeof(der) );

    return 0;
}

Go to forum: wolfSSL