Hello,

I wonder how many bytes of stack is needed to enable fast math?

Thanks.

Hi Dgarske,

I found the actual reason of why my setup failed.

One of my configuration uses realloc. I did not implemented realloc and existing setup was using standart realloc. I implemented it and it works.

Thanks.

I changed my configuration to these:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM
#define NO_WRITEV
#define WC_NO_HARDEN

#define HAVE_HASHDRBG
#define HAVE_HKDF
#define HAVE_AESCCM
#define HAVE_AESGCM
#define HAVE_CHACHA
#define HAVE_POLY1305
#define HAVE_ONE_TIME_AUTH
#define HAVE_CAMELLIA
#define HAVE_SRP
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_TLS12
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_HKDF
#define WC_RSA_PSS
#define NO_OLD_TLS
#define HAVE_SHA512
#define WOLFSSL_SHA512

#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define NO_ASN_TIME

#define DEBUG_WOLFSSL


wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Already have this CA, not adding again
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_connect()
wolfSSL Entering SendClientHello
Adding signature algorithms extension
growing output buffer

Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
TASK.cpp: TLS Send Callback

DEBUG-asyncio 134 bytes transmit

Shrinking output buffer

wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
wolfSSL error occurred, error = -323
DEBUG-asyncio 2337 bytes received
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_connect()
TASK.cpp: TLS data read 5 bytes.
growing input buffer

TASK.cpp: TLS data read 84 bytes.
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering DoServerHello
Point Formats extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoServerHello, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
TASK.cpp: TLS data read 5 bytes.
growing input buffer

TASK.cpp: TLS data read 1929 bytes.
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
wolfSSL Entering DoCertificate
wolfSSL Entering ProcessPeerCerts
Loading peer's cert chain
        Put another cert into chain
        Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
ASN Key decode error RSA
wolfSSL Leaving ConfirmSignature, return -142
Confirm signature failed
Failed to verify CA from chain
growing output buffer

TASK.cpp: TLS Send Callback
DEBUG-asyncio 7 bytes transmit
Shrinking output buffer

Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
ASN Key decode error RSA
wolfSSL Leaving ConfirmSignature, return -142
Confirm signature failed
Failed to verify Peer's cert
        No callback override available, fatal
wolfSSL Leaving ProcessPeerCerts, return -142
wolfSSL Leaving DoCertificate, return -142
wolfSSL Leaving DoHandShakeMsgType(), return -142
wolfSSL Leaving DoHandShakeMsg(), return -142
wolfSSL error occurred, error = -142
wolfSSL error occurred, error = -142
wolfSSL Entering SSL_connect()
ProcessReply retry in error state, not allowed
wolfSSL error occurred, error = -142

Hi David,

Chipher suite:

DHE-RSA-AES128-SHA:
DHE-RSA-AES256-SHA:
DHE-PSK-AES128-CBC-SHA256:
DHE-RSA-AES128-SHA256:
DHE-RSA-AES256-SHA256:
EDH-RSA-DES-CBC3-SHA


My configuration:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM
#define NO_WRITEV
#define WC_NO_HARDEN

//#define HAVE_ECC
#define HAVE_DH
#define HAVE_ED25519
#define HAVE_SHA512
#define WOLFSSL_SHA512
#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define NO_ASN_TIME


I attached what is transmitted to the server as binary output. Unfortunately, i can not use wireshark at this platform.

I am trying to connect to a remote server. My trying is successful with bsd sockets on my linux machines, but not in my cortex-M.

The init code is like:

wolfSSL_Debugging_ON();

/*Init library.*/
wolfSSL_Init();

/*Init context.*/
auto& tls = m_ctx.client.tls;
tls.ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());

/*Init verification buffer.*/
auto success = wolfSSL_CTX_load_verify_buffer(tls.ctx, (unsigned char*)cert_get(), cert_get_len(), SSL_FILETYPE_PEM);
ASSERT(success == WOLFSSL_SUCCESS);

/* Setup the async IO callbacks */
wolfSSL_CTX_SetIORecv(tls.ctx, tls_receive);
wolfSSL_CTX_SetIOSend(tls.ctx, tls_send);


/*Create TLS handle.*/
tls.ssl = wolfSSL_new(tls.ctx);
ASSERT(tls.ssl != nullptr);

The loop code like:

auto rc = wolfSSL_connect(me->_ctx.client.tls.ssl);

Debug output:

Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK

DEBUG: asyncio 72 bytes transmit

Shrinking output buffer
wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_connect()

DEBUG: asyncio 7 bytes received

wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_connect()
mqtt_manager.cpp: TLS data read 5 bytes.
mqtt_manager.cpp: TLS data read 2 bytes.
received record layer msg
got ALERT!
Got alert
wolfSSL error occurred, error = 40
wolfSSL error occurred, error = -313
wolfSSL Entering SSL_connect()
ProcessReply retry in error state, not allowed
wolfSSL error occurred, error = -313

IO under wolfssl is running in an async manner.

All solutions work for me.

Thanks.

I am trying to validate a cert file from a buffer. I validated that cert file is true in my Linux machine. But when i try to validate it Cortex-M MCU, it stucks.

Configuration:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM

#define WC_NO_HARDEN
#define NO_WRITEV
#define HAVE_DH
#define HAVE_ED25519
#define HAVE_SHA512
#define NO_SHA
#define NO_OLD_TLS
#define WOLFSSL_SHA512
#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_GMTIME




wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Date BEFORE check failed
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return -150
wolfSSL error occurred, error = -150
CA Parse failed, with progress in file.
Search for other certs in file

8

(3 replies, posted in wolfMQTT)

Dear David,

Thanks for your quick response. There are no definitions for EWOULDBLOCK and EAGAIN in the errno.h file for the armclang 6.2 compiler.

Personally, I strongly recommend to change the EWOULDBLOCK and EAGAIN usages in the mqtt_socket file. Most of the time this definitions do not make any problem as long as the person does not use the armclang compiler.

Thanks.

9

(3 replies, posted in wolfMQTT)

Hi,

I am trying to understand design of the wolfmqtt library.

When i define WOLFMQTT_NONBLOCK, the library includes the <sys/errno.h>.

#ifdef WOLFMQTT_NONBLOCK
    #include <sys/errno.h>
#endif

I am running on an arm clang compiler + KEIL environment. This compiler has the errno.h definition in the cpplibx/errno.h, not in the sys directory as gcc does.

Thanks.

10

(3 replies, posted in wolfSSL)

Hi dgarkse,

As i understand, the tutorial i was trying to run is out of date. I could not make it run.

But, I am working with the examples you adviced to me, thanks. It does same thing.

Best Regards.

11

(3 replies, posted in wolfSSL)

Hello everyone.

This is my second post, I removed the previous one.

What i am trying to do is to run minimal example. I want to understand basic API structure and library design of wolfssl, so i tried to run this minimal example:

https://www.wolfssl.com/docs/wolfssl-manual/ch11/

I attached the error with an SS.