You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 13 of 17)
Hi ePaul,
We've pushed an example for using large data with PKCS 7 sign/verify here:
https://github.com/wolfSSL/wolfTPM/pull/32
Thanks,
David Garske, wolfSSL
Hi ePaul,
We recently enhanced PKCS7 to support signing a large file using a computed hash and known total size. The wolfSSL pull request is here: https://github.com/wolfSSL/wolfssl/pull/1780
This works by computing the hash and providing it to the new wc_PKCS7_EncodeSignedData_ex API. It returns a header and footer that surrounds the original data.
I will post a wolfTPM example for using this shortly.
Thanks,
David Garske, wolfSSL
Hi Paul,
The CSR should not contain a serial number. The serial number is assigned by the CA when it gets signed.
I will however take a look at your example and see if there is an issue that needs fixed around CSR gen with serial number provided.
Thanks,
David Garske, wolfSSL
Hi ePaul,
You can do whichever is easier for you.
To clone the branch use:
Thanks,
David Garske, wolfSSL
Hi ePaul,
Thanks for the bug report. I was able to reproduce your issue and identiy the cause. I've pushed a wolfSSL fix for this issue here (https://github.com/wolfSSL/wolfssl/pull/1805). It was a new issue that happened after we added some additional fields to support BusinessUnit.
I'm located in PDT (UTC -7).
Thanks,
David Garske, wolfSSL
Hi Ehsan,
The RSA key generation is a very intensive operation. Even on a top end Intel i7 part is takes almost 1 second. Generating an RSA 2048-bit key requires two 256 byte prime numbers. It requires a large amount of RNG data. I suspect it appears to hang, but its still running.
Example:
./configure --enable-keygen && make
./wolfcrypt/benchmark/benchmark -rsa-kg
wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
RSA 1024 key gen 8 ops took 1.058 sec, avg 132.305 ms, 7.558 ops/sec
RSA 2048 key gen 3 ops took 2.862 sec, avg 954.070 ms, 1.048 ops/sec
Thanks,
David Garske, wolfSSL
Hi ePaul,
To build you'll need to use:
./configure --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptodev --enable-opensslextra=x509small CFLAGS="-DTIME_T_NOT_LONG -DWOLFSSL_MULTI_ATTRIB"
make
sudo make install
sudo ldconfig
Thanks,
David Garske, wolfSSL
Hi ePaul,
To resolve the build error in our api.c unit test you can build with the `./configure CFLAGS="-DTIME_T_NOT_LONG"` option. This uses a 32-bit time type.
For the wolfTPM question on creating a Certificate Signing Request you can find the complete example here:
https://github.com/wolfSSL/wolfTPM/blob … /csr/csr.c
Let us know if you have any other issues or questions.
Thanks,
David Garske, wolfSSL
Hi AdoraKalb,
That sounds like an issue with not providing enough stack space to the FreeRTOS thread on the xTaskCreate. Try increasing the stack size for that task and let us know if that helps.
Thanks,
David Garske, wolfSSL
Hi kjjy,
The actual function name is `wc_EccKeyToDer`.
https://github.com/wolfSSL/wolfssl/blob … lic.h#L402
The old Cyassl used `EccKeyToDer` and is deprecated here:
https://github.com/wolfSSL/wolfssl/blob … blic.h#L71
To use this you must have ECC enabled:
`./configure --enable-ecc` or `#define HAVE_ECC`.
Thanks,
David Garske, wolfSSL
Hi kjjy7,
If you are using ./configure you do not need to use user_settings.h. The ./configure outputs a build configuration file to wolfssl/options.h. You can use this file as a template for user_settings.h if you are building the sources directly (without ./configure).
If you are building sources directly then you can define WOLFSSL_USER_SETTINGS and add a user_settings.h file to your include path. There is an excellent template for this here: https://github.com/wolfSSL/wolfssl/blob … settings.h
Thanks,
David Garske, wolfSSL
Hi kjjy7,
Try using the function `wolfSSL_get_state`. We also have an API `wolfSSL_state_string_long` which gets a string version of the current state.
We also have an internal TLS client state is in `ssl->options.clientState`. The possible values are here: https://github.com/wolfSSL/wolfssl/blob … al.h#L1428
Let us know if that is helpful or not.
Thanks,
David Garske, wolfSSL
Hi lupusn00b,
The user_settings.h file is only used when `WOLFSSL_USER_SETTINGS` is defined and is usually used when building the wolfSSL/wolfCrypt sources directly. You asked about only having HMAC+SHA256. It looks like yours is disabling HMAC and SHA256. You should not have the NO_HMAC and NO_SHA256 defined. Also there are a bunch of other defines you'll want for disabling other algorithms.
Here is a good tip: When you run ./configure with your desired options it generates a file in `wolfssl/options.h`. You can use this file as a template for your user_settings.h.
Thanks,
David Garske, wolfSSL
Hi Te,
Fix posted here: https://github.com/wolfSSL/wolfssl/pull/1689
Thanks.
David Garske, wolfSSL
Hi Giovanni,
Have you tried adding `-mlongcalls` to your CFLAGS and CXXFLAGS?
See forum post here:
https://www.esp32.com/viewtopic.php?t=1612
Thanks,
David Garske, wolfSSL
Hi Gil,
Yes you can disable DH if you are using ECC or a static cipher suite.
Thanks,
David Garske, wolfSSL
Hi leroyk2,
We have a fix pushed for this here:
https://github.com/wolfSSL/wolfssl/pull/1505
Specifically this line:
https://github.com/wolfSSL/wolfssl/pull … d4937R8575
You may find some of the other improvements in that PR useful as well for the STM32 with CubeMX.
Thanks,
David Garske, wolfSSL
Hi Ed,
Thanks for the report of these issues. I've fixed the script for directory check. The double equal works on some platforms, but you are right the single equal is the best practice. Fix pushed here: https://github.com/wolfSSL/wolfMQTT/com … o?expand=1
Is the `~/ARDUINO`a standard location on all platforms? The example we built uses the `#include <wolfMQTT.h>` include. Where did you see the `wolfmqtt.h` case expected?
Thanks,
David Garske, wolfSSL
Hi Marco,
The return code from the verify callback allows an error to do overridden. By default the verify callback is only issued in the error case, unless you have `WOLFSSL_ALWAYS_VERIFY_CB` defined. You can use the `store->error` variable to determine the error reason (if one exists). A non-zero return code such a 1 or `WOLFSSL_SUCCESS` allows an error to be overridden. A return value of 0 means continue processing the error in the default way (fail).
For everyones reference the verify callback is set using: `wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify);`
Here are some example implementations we use for internal testing of the verify callback:
https://github.com/wolfSSL/wolfssl/blob … st.h#L1361
https://github.com/wolfSSL/wolfssl/blob … st.h#L1404
Thanks,
David Garske, wolfSSL
Hi PeterL,
Thanks so much for the excellent bug report!
I've issued a fix for this here:
https://github.com/wolfSSL/wolfMQTT/pull/52
We should be doing a wolfMQTT release by the end of the month. This change will be included.
We are always curious how customers are using wolfMQTT and wolfSSL, so it would be great to hear from you by email at info@wolfssl.com.
Please feel free to ask additional questions anytime. You can also get support using support@wolfssl.com.
Thanks,
David Garske, wolfSSL
Hi olle,
We are looking into the DTLS 1.0 report. We see the CLIENT_HELLO retried even though the SERVER_HELLO is received. We believe this causes the DTLS sever to drop the connection since the second CLIENT_HELLO does not include the same packet information as the first request (its missing TLS extensions). We believe this may be a bug with our DTLS 1.0 code and we hope to have a fix available shortly. Thanks for your details report and we will provide you a followup soon.
Thanks,
David Garske, wolfSSL
Hi olle,
The alert 40 is `handshake_failure`. That might indicate a PSK key error. What are you using for the server side? We'd like to setup a local test against the same DTLS server.
Have you seen our example PSK callback functions here?
https://github.com/wolfSSL/wolfssl/blob … st.h#L1082
Thanks,
David Garske, wolfSSL
Hi jebrando,
To resolve this error you have two options:
1. Enable the hardening options `./configure --enable-harden`
2. Disable the hardening support using `./configure CFLAGS="-DWC_NO_HARDEN`
Thanks,
David Garske, wolfSSL
Hi zoomto.jitendra,
The net_pres_enc_glue.c is a generated file from the Harmony tool. Under the networking section you will find a net presentation checkbox.
The wolfmqtt_client example demonstrates your basic MQTT client features such as connect, subscribe and publish. The `wolfmqtt_firmware` project demonstrates using MQTT for a firmware update example.
Thanks,
David Garske, wolfSSL
Hi Telina,
AES CBC mode requires the input to be block aligned. Generally the caller will need to add some type of padding to make sure its 16 byte aligned. It would be okay to just pad with zeros. Some people will pad with the pad count value.
AES CTR mode has a feature where the leftover bytes remain in the `Aes` object and are used on the next call.
You do bring up a good point about the wc_AesCbcEncrypt not checking for block size, however the wc_AesCbcDecrypt does. I'll bring this up with the team this week and let you know the reason for this or get a fix for it.
Thanks,
David Garske, wolfSSL
Posts found: 301 to 325 of 412
Generated in 0.026 seconds (81% PHP - 19% DB) with 5 queries