1 Topic by torntrousers

(1 replies, posted in wolfSSL)

I'm looking at using WolfSSL on a Renesas RA6M3 to connect to AWS with MQTT and to connect to a private server with HTTPS using Mutual-TLS.

The Renesas website page about WolfSSL mentions "MQTT client with examples for AWS" - could you point me to a link for that code?

Also, can WollSSL work with SCE7 wrapped keys for the Mutual-TLS connection?

Thanks!

Go to forum: wolfSSL

2 Reply by torntrousers

(3 replies, posted in wolfSSL)

Keen to find a fix for this so have raise an issue on Github: https://github.com/wolfSSL/wolfssl-examples/issues/220

Go to forum: wolfSSL

3 Reply by torntrousers

(3 replies, posted in wolfSSL)

Thanks for the reply David.

I do have "NO_ASN_TIME" set already.

I gave the custom time function a try but I still get the compile error in asn.c shown in the original post.

This is whats in my user_settings.h file now:

/* Generated wolfSSL user_settings.h file for Arduino */
#ifndef ARDUINO_USER_SETTINGS_H
#define ARDUINO_USER_SETTINGS_H

/* Platform */
#define WOLFSSL_ARDUINO

/* Math library (remove this to use normal math)*/
#define USE_FAST_MATH
#define TFM_NO_ASM

/* RNG DEFAULT !!FOR TESTING ONLY!! */
/* comment out the error below to get started w/ bad entropy source
* This will need fixed before distribution but is OK to test with */
//#error "needs solved, see: https://www.wolfssl.com/docs/porting-guide/"
#define WOLFSSL_GENSEED_FORTEST

#define WOLFSSL_DER_TO_PEM

#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_REQ
#define NO_ASN_TIME
#define XGMTIME
#define XTIME fnSecondsSinceEpoch
extern unsigned long my_time(unsigned long* timer);

#endif /* ARDUINO_USER_SETTINGS_H */

Thanks for any help.

   ...ant

Go to forum: wolfSSL

4 Topic by torntrousers

(3 replies, posted in wolfSSL)

Hello. I'm trying your CSR generating example on an Arduino and the compile fails with:

:\Arduino\arduino-1.8.12\libraries\wolfSSL\asn.c: In function 'SetTime':

C:\Arduino\arduino-1.8.12\libraries\wolfSSL\asn.c:10402:29: error: dereferencing pointer to incomplete type 'struct tm'

     output[i++] = itob((date->tm_year % 10000) / 1000);

                             ^

C:\Arduino\arduino-1.8.12\libraries\wolfSSL\asn.c: In function 'SetValidity':

C:\Arduino\arduino-1.8.12\libraries\wolfSSL\asn.c:10461:15: error: storage size of 'localTime' isn't known

     struct tm localTime;

               ^

Is there some time setting somewhere I'm missing?

Thanks!

Go to forum: wolfSSL

5 Reply by torntrousers

(3 replies, posted in wolfSSL)

Thats great, I have it working, thank you so much for the quick reply.

It looks like doing wc_InitRng(&rng) calls my my_rng_seed_gen function 13 times, so with unsigned int being 32 bits I need to provide 13 x 32 which is 416 random bits. Is there any way to reduce that a bit?

Go to forum: wolfSSL

6 Topic by torntrousers

(3 replies, posted in wolfSSL)

Hello I'm using WolfSSL for TLS 1.3 support and looking at using its APIs to create ECDSA private keys based on my own unique random bits.

I've seen the example here: https://github.com/wolfSSL/wolfssl-exam … #L115-L132

so I think I should be able to use the wc_ecc_make_key_ex API with some sort of WC_RNG  which is based on my own array of bits, maybe?

Can you give me any help on how to do this?

Thanks!

Go to forum: wolfSSL

7 Reply by torntrousers

(5 replies, posted in wolfSSL)

Just as FYI the solution to this is over on Github https://github.com/wolfSSL/wolfssl/issu … -519268912

Also, I tried your above suggestions on setting - NO_RSA, ECC_USER_CURVES  and FP_MAX_BITS - to try to help the resource use on the ESP8266 and that also works. Great, I have an ESP8266 talking TLS 1.3 to a Golang server!

Thanks so much for your help.

   ...ant

Go to forum: wolfSSL

8 Reply by torntrousers

(5 replies, posted in wolfSSL)

Thanks again for the replies. I'll try those suggestions for fixing the ESP8266 memory use in a bit but for now TLS 1.3 - Ok I've just tried setting those TLS 1.3 #define's in user_settings.h and that gives some compile errors:

:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls13.c: In function 'EncryptTls13':

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls13.c:1677:63: error: 'Keys' has no member named 'aead_enc_imp_IV'

             BuildTls13Nonce(ssl, ssl->encrypt.nonce, ssl->keys.aead_enc_imp_IV,

                                                               ^

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls13.c: In function 'DecryptTls13':

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls13.c:1924:63: error: 'Keys' has no member named 'aead_dec_imp_IV'

             BuildTls13Nonce(ssl, ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV,

                                                               ^

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls.c: In function 'TLSX_PopulateSupportedGroups':

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls.c:9411:39: error: 'Options' has no member named 'minDhKeySz'

             if (8192/8 >= ssl->options.minDhKeySz &&

                                       ^

C:\Arduino\ESP8266\190705\arduino-1.8.9\libraries\wolfSSL\tls.c:9412:67: error: 'Options' has no member named 'maxDhKeySz'

                                             8192/8 <= ssl->options.maxDhKeySz) {

                                                                   ^

exit status 1
Error compiling for board NodeMCU 1.0 (ESP-12E Module).

Any ideas?

Go to forum: wolfSSL

9 Reply by torntrousers

(5 replies, posted in wolfSSL)

Thank you so much for the reply.

I've tried adding ALT_ECC_SIZE in the user_settings.h and after that the the code appears to hang inside the wolfSSL_connect(ssl) call.

I'd been trying with an ESP8266 so with your hint about it might be a memory / resource issue I tried the same code on an ESP32 which has more memory and it works ok.

Yay!

I would quite like to be able to use an ESP8266 though.

A call to ESP.getFreeHeap() just before the wolfSSL_connect call shows 21672 which I suppose isn't lots.

If you've any other tips on what I could do to try to get an ESP8266 working that would be great?

Also while you're here -  I really want to use TLS 1.3 but I can't find how to get that configured in the Arduino environment. I've raised an issue on Git about it - https://github.com/wolfSSL/wolfssl/issues/2380. Would you have any tips on that?

Best,

   ...ant

Go to forum: wolfSSL

10 Topic by torntrousers

(5 replies, posted in wolfSSL)

Hello. I'm new to WolfSSL and starting out by trying to run the wolfssl_client / wolfssl_server example sketches from IDE/ARDUINO.

I can get them to compile and run ok, when the client tries to connect to the server the server does output 'Client connected' but the client shows:

TLS Connect Error: verify problem based on signature
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS Write Error: verify problem based on signature
Connection complete.

What could I have missed to be causing that Connect Error?

Go to forum: wolfSSL