1

(1 replies, posted in wolfCrypt)

Hello vico,

The RA4M2 uses SCE hardware acceleration, which we do support.  To activate this support, define WOLFSSL_RENESAS_SCEPROTECT in your user_settings.h.
For a template, check out our RA6M4 e2studio project, which also uses SCE: https://github.com/wolfSSL/wolfssl/tree … udio/RA6M4

May I ask if this is for a commercial or personal project?

Thanks,
Kareem

2

(9 replies, posted in wolfSSL (formerly CyaSSL))

You can disable wolfSSL's certificate validity check using wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
This significantly hurts security, and we strongly recommend against it.  Instead, you should register your CA certificates by calling wolfSSL_CTX_load_verify_locations(ctx, NULL, "/path/to/CAcerts/"); before connecting.

Thanks,
Kareem

Hi msjeon,

Try running /bin/bash ./configure ...  If that fails, your bash is likely too old (our minimum requirement is 3.x), so you will need to upgrade.  Alternatively, you can use our Makefile + user_settings.h instead of ./configure.  See our template in IDE/GCC-ARM (you can remove all of the ARM specific parts).

On Solaris, you will want to build wolfSSL as a static library using --enable-static --disable-shared, and ensure you are using gmake to build.  You may also need to disable our builtin make clean at the end of ./configure using --disable-makeclean.

Thanks,
Kareem

I am happy to help, Farhan.

Check out our docs on wolfSSL + Renesas here: https://www.wolfssl.com/docs/renesas/
The link I provided has some example projects for e2studio. We also have some for CS+: https://github.com/wolfSSL/wolfssl/tree … B/Projects

Please continue to use our ticket system via support [at] wolfssl [dot] com for further support.

Thanks,
Kareem

Hello Farhan,

We do have various Renesas example projects, but we don't currently have one for the RA6M5.  You can see our example projects here: https://github.com/wolfSSL/wolfssl/tree … s/e2studio
Can you work off of the RA6M4 project?  I don't see anything too platform-specific in our user_settings.h, so you should be able to use it as a reference.

Thanks,
Kareem

Hello ballen,

We do not support this feature currently, but by writing your own custom HAL functions, you can add support for it.  For more on wolfBoot HAL, see: https://github.com/wolfSSL/wolfBoot/blo … ocs/HAL.md
Our STM32F7 HAL is a good example, in particular see the array flash_sector.  You could use this code as a rough template and make these sectors non-contiguous:  https://github.com/wolfSSL/wolfBoot/blo … /stm32f7.c
I also wanted to note we do support external flash partitions, we just don't currently support splitting a partition without code changes.  For more on wolfBoot partitions, see: https://github.com/wolfSSL/wolfBoot/blo … titions.md

May I ask what platform you are using wolfBoot on?

Thanks,
Kareem

Hi altech,

First, if you are not on the latest wolfSSL version (5.2.0), please try upgrading and let me know if it helps.
If not, can you share your user_settings.h?

UNKNOWN_RECORD_TYPE means we did not recognize the type in the record header, most likely you are not enabling support for the TLS version Firefox is trying to use, which is most likely TLS 1.3.
To enable TLS 1.3 support, make sure you have the following defined:

#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_HKDF

Thanks,
Kareem
wolfSSL Support

8

(3 replies, posted in wolfCrypt)

Hi abdulwazeed1,

It sounds like you are running into a threading issue, since it works after repeated tries.  Are you confident you are not sharing any context between threads?  Each thread needs its own Aes, WOLFSSL, etc objects.
If you still run into issues, please reach out to support [AT] wolfssl [DOT] com so we can prioritize this issue.

Thanks,
Kareem

9

(3 replies, posted in wolfCrypt)

Hi abdulwazeed1,

What version of wolfSSL are you using?  If you are not using the latest stable (5.2.0), please upgrade and let me know if it helps.
Are wc_AesCbcEncrypt and/or wc_AesCbcDecrypt returning an error code for the invalid packets?  If so, what error code are you seeing?
If neither of the above help, please enable debug logging by building with DEBUG_WOLFSSL or --enable-debug, and running wolfSSL_Debugging_ON().  Then attach your debug logs here.  Please also share your build settings.
Lastly, please clarify whether you are using a multi-threaded application on either side.  Note that for multi-threading we require separate Aes objects for each thread.

Thanks,
Kareem

Hi rkumar,

Please upgrade to the latest wolfSSL, 5.2.0 and let me know if you still have any issues.

Thanks,
Kareem

Hi Junkhar,

I realized you're using 4.7.0, which is outdated.  Please upgrade to the latest wolfSSL version (currently 5.1.0) and let me know if you still see any issues.

Thanks,
Kareem

Hi Junkhar,

Can you attach your pcap wireshark file, rather than a png?  If there is any sensitive information, feel free to email it to us at support [AT] wolfssl [DOT] com.

One common issue on your platform is the encrypt-then-mac/extended master secret extensions being disabled by default.  It's worth trying again with them enabled, add this to your user_settings.h, then rebuild and let me know if it helps:

#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC

Thanks,
Kareem

Hi werchter,

You should build with WOLFSSL_PUBLIC_MP defined and use mp_read_unsigned_bin, which will be built as a public API.
Check out our example here: https://github.com/wolfSSL/wolfssl-exam … ecc_sign.c

Thanks,
Kareem

14

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

You will want to use SP math rather than Fast math to increase your speed.  Replace USE_FAST_MATH with the following:
WOLFSSL_SP_MATH_ALL
WOLFSSL_SP_ASM
Let me know if you still have speed issues.

Thanks,
Kareem

15

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

If your platform doesn't support hardware acceleration for AES, I would recommend trying Chacha/Poly.  Yes, you should remove your fast math define.
You are correct that ARMASM won't work with ARMv5, but you should still be able to use SP math assembly which I would definitely recommend.

Thanks,
Kareem

16

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

Glad to hear you were able to resolve your issue.  What platform/architecture are you on?  Which cipher suite are you using?
In general, I'd recommend using SP math over fast math, and SP math assembly if your platform supports it.
Check out our user settings template here for more info on our SP math and other settings: https://github.com/wolfSSL/wolfssl/blob … template.h
I would also enable ARM assembly with WOLFSSL_ARMASM, assuming you're on ARM.
You will want to disable small AES-GCM if possible as it will have a significant speed impact (GCM_SMALL).

Thanks,
Kareem

17

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

What platform and OS are you using?  How much stack/heap are you giving to wolfSSL?
What kind of webpage are you serving with wolfSSL?  Is it something that would spawn multiple connections?
Does closing your Chrome tab and opening a new one resolve the issue, or does it require a full browser restart?

If this information is too sensitive to share in a public forum, feel free to contact us at support@wolfssl.com

Thanks,
Kareem

18

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

3.15.3 is extremely outdated and unsupported.  Please update to 5.0 and let me know if it fixes the issue for you.

19

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex,

A couple of questions:
1) Does a hard refresh (usually Ctrl+F5) show the same issue in your browser?
2) What version of wolfSSL are you using?  Do you still see the issue with the latest wolfSSL, 5.0?

Thanks,
Kareem

20

(4 replies, posted in wolfSSL (formerly CyaSSL))

Hi r-type,

You should continue to use our XCODE IDE project.  To get around the options.h issue, create an options.h file which includes your settings.h file, and make sure your IDE is set to have the preprocessor define WOLFSSL_USER_SETTINGS.  Alternatively, include user_settings.h followed by settings.h in your options.h file.

Thanks,
Kareem

21

(11 replies, posted in wolfSSL (formerly CyaSSL))

We recently released 5.0 which fixes various bugs in 4.8.1, please try updating and let me know if you still see any issues.

Hi rahul.c,

Check out our certificate generation with altnames example here: https://github.com/wolfSSL/wolfssl-exam … altnames.c
The IP address used is on line 196 (127.0.0.1 in the example): https://github.com/wolfSSL/wolfssl-exam … mes.c#L196
You can find more info on it here: https://github.com/wolfSSL/wolfssl-exam … er/certgen

Thanks,
Kareem

23

(11 replies, posted in wolfSSL (formerly CyaSSL))

Hello rahmanikivi724,

Your platform does have a hardware RNG, you can see the details here: https://www.st.com/en/microcontrollers- … 446re.html
So you should undefine NO_STM32_RNG so we use our STM32 hardware RNG support, which will include a wc_GenerateSeed implementation.  You should also undefine WOLFSSL_GENSEED_FORTEST.

Thanks,
Kareem

24

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex2021,

"Client attempting to connect with different version" means the client and server's TLS versions are not matching.  What TLS version is your client using?
If for example your client is using TLS 1.0, you will need to define WOLFSSL_ALLOW_TLSV10.  If your client is using TLS 1.2, it may help to undefine WOLFSSL_TLS13.

Thanks,
Kareem

25

(11 replies, posted in wolfSSL (formerly CyaSSL))

You should have stm32f4xx_hal.h, it needs to be generated by STM32CubeIde.  You may be running into a path issue, make sure your include paths include stm32f4xx_hal.h.
You need to add your platform to the user_settings.h template, see our documentation: https://github.com/wolfSSL/wolfssl/tree … /STM32Cube and user_settings.h template under "#warning Please define a hardware platform!".  You should define NO_STM32_HASH/CRYPTO if applicable for your platform.  You do not need WOLFSSL_STM32F427_RNG defined.
Also see our video here: https://www.youtube.com/watch?v=pUd2HEfBp3w
For debugging, you need to build with DEBUG_WOLFSSL and you need to call wolfSSL_Debugging_ON() before any other code.