1 Reply by anthony

(1 replies, posted in wolfSSL)

Hi Hannson,

Thank you so much for all these details.  I see on the commandl-ine you display you have -DNO_DSA and -DNO_PSK.  So, that would be the cause of the redefinition.  Perhaps the solution would be to remove NO_DSA and NO_PSK from your user_setting.sh.h file.

Might I ask if this is a commercial use case?  If so, to preserve you privacy, I would suggest further interaction happen via our confidential technical support channel.  You can send messages to support@wolfssl.com and we will support you there.  Note that you can also send messages with attachments there.   

Warm regards, Anthony

Go to forum: wolfSSL

2 Reply by anthony

(1 replies, posted in wolfCrypt)

Hi Bryce,

my name is Anthony and I am a member of the wolfSSL team.  We talk about wolfCrypt's MISRA compliance in various blog posts.  For example here: https://www.wolfssl.com/wolfssl-conform … uidelines/ .

Generally speaking we'll need to understand your use case so we can specifically target what you need.  The best idea would be to send a message to support@wolfssl.com so we can get started on that confidential and private conversation.

Warm regards, Anthony

Go to forum: wolfCrypt

3 Reply by anthony

(4 replies, posted in wolfCrypt)

Thank you so much for finding this!! I really appreciate it.  We'll look into fixing this.  Feels like it should be a simple fix.

Warm regards, Anthony

Go to forum: wolfCrypt

4 Reply by anthony

(2 replies, posted in wolfSSL)

Hi Scott,

That happened in the following pull request: https://github.com/wolfSSL/wolfssl/pull/7923 and that made it into wolfSSL Release 5.7.4 (Oct 24, 2024).  Note that the previous value was 1024 which would allow RSA-512 keys.  Now that it is set to 2048 is will no longer allow RSA-512 but will allow RSA-1024.  I understand if this is somewhat confusing.  Sorry about that.


This affects, both keys that are generated and loaded.  Note that you can override this default by defining RSA_MIN_SIZE yourself.

If you have further questions, please do send to support@wolfssl.com as I can see you are a commercial customer of wolfSSL.

Warm regards, Anthony

Go to forum: wolfSSL

5 Reply by anthony

(1 replies, posted in wolfCrypt)

Hi Sheondael,

My name is Anthony and I am a member of the wolfSSL team.  The wolfssl library has never supported XMSS in certificates.  The reason is because the use case for certificates would be for network protocols and XMSS is a stateful hash-based signature scheme.  The state makes it inappropriate for usage in network protocols. 

Where it is appropriate is in code and firmware signing.  As such we use it in our wolfBoot product.  In that case, no certificate is required.

That said, can you let us know your use case for XMSS in certificates?  Here at wolfSSL, we are always interested in how people are using our code and I would love to understand your need for XMSS in certificates.  Also, can you let us know your geographical location and whether this is out of professional, personal or academic interest?

Warm  regards, Anthony

Go to forum: wolfCrypt

6 Reply by anthony

(1 replies, posted in wolfSSL)

Thanks for sending this to support@wolfssl.com.  We'll handle it there.

Go to forum: wolfSSL

7 Reply by anthony

(5 replies, posted in wolfSSL)

Hello,

I did the following:

cd wolfssl 
./autogen.sh 
./configure --enable-wolfclu --enable-crl
make all
sudo make install
sudo ldconfig 
cd ..
cd wolfCLU
./autogen.sh
./configure 
make all 
./wolfssl crl -in /path/to/wolfssl/certs/crl/ca-int.pem -text -noout

Here is the output from the last command: 

Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
        Last Update: Sep 27 12:10:09 2023 GMT
        Next Update: Jun 23 12:10:09 2026 GMT
        CRL extensions:
            X509v3 Authority Key Identifier: 
                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
            X509v3 CRL Number: 
                8192
No Revoked Certificates.
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4b:7f:45:20:16:f5:77:18:35:70:b5:d3:fe:d8:3f:1b:90:0e:
        f7:aa:dc:39:85:b3:df:52:a8:65:e7:b5:01:34:c3:9a:01:bf:
        59:f9:79:79:9c:b3:a8:8a:e3:eb:23:41:af:48:ad:ab:01:0a:
        e2:b7:09:47:3e:42:19:13:c2:6b:cd:4c:dd:54:5c:42:77:23:
        f7:4f:1b:a0:4b:95:b1:a8:96:ce:86:d6:63:3d:53:61:31:54:
        be:79:50:a5:13:b7:67:5d:b8:fa:60:6e:71:9f:95:c6:20:a5:
        66:a7:02:7d:1f:f4:23:cb:49:14:c6:03:96:dc:16:b5:aa:7c:
        55:87:88:57:aa:a1:a8:ac:3b:11:64:cf:87:01:be:99:ed:7c:
        8f:28:5c:94:f6:aa:ea:c1:e2:50:16:a7:79:c4:0e:0f:3a:e5:
        5e:c2:c6:80:2e:b8:13:d8:74:cd:b1:5c:ef:14:17:ae:72:d6:
        46:ea:df:b8:b0:38:bd:8d:b1:a3:2c:a3:c7:04:dc:75:22:c3:
        2f:8a:e5:a8:0d:9d:54:4c:7f:16:b6:c0:d5:20:63:81:4a:c9:
        cb:85:c9:b6:1b:05:22:ee:0c:d9:f8:98:f3:57:16:29:09:84:
        0b:fd:aa:ee:a3:ca:36:b1:86:f1:bd:b8:12:43:ef:15:77:a9:
        52:d9:5e:25

As you can see, the AKI is parsed and output properly.

Warm regards, Anthony

Go to forum: wolfSSL

8 Reply by anthony

(5 replies, posted in wolfSSL)

Thank you for noticing this.  Can I ask you if you need support for extensions?  If so, you can register a feature request by sending a message to support@wolfssl.com .

Warm regards, Anthony

Go to forum: wolfSSL

9 Reply by anthony

(5 replies, posted in wolfSSL)

Hi HAPPY. 

Can you send over an example CRL with these extensions?

Warm regards, Anthony.

Go to forum: wolfSSL

10 Reply by anthony

(3 replies, posted in wolfSSL)

The certificate has a lot of alternative name entries.  Does google make available more concise certificates with less alternative names?

Go to forum: wolfSSL

11 Reply by anthony

(3 replies, posted in wolfSSL)

Hi, my name is Anthony.   Note that -125 is  MEMORY_E which indicates you are out of memory.  Can you free up some memory for this process?

Go to forum: wolfSSL

12 Reply by anthony

(5 replies, posted in wolfTPM)

Hello Bijak Dawid,

My name is Anthony and I am a member of the wolfSSL team.  Please have a look at https://github.com/wolfSSL/wolfTPM/blob … ive_test.c for examples of how to use TPM2_EncryptDecrypt2().  You can search for that function name in there.

Let me know if this advice helps or if you need more details.

In the meantime, can you let me know a bit about yourself and your project?

- what are your goals?
- where you are located?
- is this out of personal, academic or professional interest?

Warm regards, Anthony
Warm regards, Anthony

Go to forum: wolfTPM

13 Reply by anthony

(1 replies, posted in wolfSSL)

Hi Isabella,

My name is Anthony and I am a member of the wolfSSL team.

Can you please send over the certificate?  I will need to have a look at it to help you. If you are afraid of sending it to a public forum, you can send it to support@wolfssl.com instead.  That is a private and confidential communications channel.

Can you also tell us more about yourself and your project?  What are your goals?  What are you trying to achieve?  Is this out of personal, academic or professional interest?

Warm regards, Anthony

Go to forum: wolfSSL

14 Reply by anthony

(7 replies, posted in wolfSSL)

For your immediate convenience, here is the specific code I was thinking that would interest you: 

static int test_wc_AesCtrEncryptDecrypt(void)
{
    EXPECT_DECLS;
#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
    Aes aesEnc;
    Aes aesDec;
    byte key32[] = {
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
    };
    byte vector[] = { /* Now is the time for all w/o trailing 0 */
        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
    };
    byte iv[] = "1234567890abcdef";
    byte enc[AES_BLOCK_SIZE * 2];
    byte dec[AES_BLOCK_SIZE * 2];

    /* Init stack variables. */
    XMEMSET(&aesEnc, 0, sizeof(Aes));
    XMEMSET(&aesDec, 0, sizeof(Aes));
    XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
    XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);

    ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0);
    ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0);

    ExpectIntEQ(wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv,
        AES_ENCRYPTION), 0);
    ExpectIntEQ(wc_AesCtrEncrypt(&aesEnc, enc, vector,
        sizeof(vector)/sizeof(byte)), 0);
    /* Decrypt with wc_AesCtrEncrypt() */
    ExpectIntEQ(wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv,
        AES_ENCRYPTION), 0);
    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)),
        0);
    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);

    /* Test bad args. */
    ExpectIntEQ(wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)),
        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)),
        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
    ExpectIntEQ(wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)),
        WC_NO_ERR_TRACE(BAD_FUNC_ARG));

    wc_AesFree(&aesEnc);
    wc_AesFree(&aesDec);
#endif
    return EXPECT_RESULT();
}

Go to forum: wolfSSL

15 Reply by anthony

(7 replies, posted in wolfSSL)

Hi ,

Excellent!  We here at wolfSSL would love to encourage your efforts.  Please, lets continue this conversation over on our technical support channel.  Please send a message to support@wolfssl.com.  This will get you started on the right note!

Warm regards, Anthony

Go to forum: wolfSSL

16 Reply by anthony

(7 replies, posted in wolfSSL)

You can find it online here: https://raw.githubusercontent.com/wolfS … ests/api.c

Note that it is a rather large file.  Can you let us know a bit more about yourself and your project?  If you would rather share information about yourself via a confidential channel, please send a message to support@wolfssl.com.

Warm regards, Anthony

Go to forum: wolfSSL

17 Reply by anthony

(3 replies, posted in wolfCrypt)

Hi,

Yes, please find it here: https://github.com/wolfSSL/wolfssl/blob … sl.h#L3355

For your convenience it is defined as:

WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio,
                                       WOLFSSL_X509_CRL* crl);

Since this is out of professional interest please direct further questions to support@wolfssl.com.  That is a confidential support system where you will be able to better share information about yourself, your project and your use case so that we can more easily assist you.  If possible, please use a work email address.

Warm regards, Anthony

Go to forum: wolfCrypt

18 Reply by anthony

(3 replies, posted in wolfCrypt)

Hi HAPPY,

Thanks for asking your question. We have the following API that might interest you: wolfSSL_X509_CRL_print().  Please let me know if my suggestion is helpful.

Can you please let us know about yourself and your project?  Where are you geographically located?  What your goals? Are you doing  this project out of personal, professional or academic interest?

Warm regards, Anthony

Go to forum: wolfCrypt

19 Reply by anthony

(7 replies, posted in wolfSSL)

Hi,

Another great place to look is tests/api.c.  You can look at test_wc_AesCtrEncryptDecrypt() in there to see how to use the API.  When you compile, what errors are you seeing?

We'd love to know more about you and your project.  Where are you located?  What are you goals? Please do let us know!

Warm regards, Anthony

Go to forum: wolfSSL

20 Reply by anthony

(1 replies, posted in wolfSSL)

Hello courtneyendic735,

My name is Anthony and I am a member of the wolfSSL team.

We've actually noticed the same problem earlier and are looking into a fix.  Currently, we have 2 solutions.

- Please have a look at https://github.com/wolfSSL/wolfCLU/pull/159 .  This is not a long term fix as it has side effects when doing OCSP and CRL verifications. I am currently looking into improving this PR.  Stay tuned and monitor that PR please.
- Please have a look at https://github.com/wolfSSL/wolfssl-exam … ertmanager .  This example will verify the chain as you described.

Here at wolfSSL we love it when people use our product.  Can you let us know a bit about yourself and your project?  For example:

- Where are you geographically located?
- What are your goals?
- Is this out of professional, academic or personal interest?
- Is there an institution associated with this effort?
- Any other information you care to share.

If you would like to share this information confidentially, you can send it to me via email at anthony@wolfssl.com.

Thanks and let me know if my suggestions help.

Warm regards, Anthony

Go to forum: wolfSSL

21 Reply by anthony

(3 replies, posted in wolfSSL)

Sunnysunday,

Can you please let me know a bit about what you are trying to do?  What are your goals?  Is this project out of academic, professional or personal interest?

Warm regards, Anthony

Go to forum: wolfSSL

22 Reply by anthony

(3 replies, posted in wolfSSL)

Hello Sunnysunday,
My name is Anthony and I am a member of the wolfSSL team.  Please try defining the following macros in your user_settings.h file:


WOLFSSL_TRACK_MEMORY
WOLFSSL_TRACK_MEMORY_VERBOSE

Let me know if that gives you the desired output.

Warm regards, Anthony

Go to forum: wolfSSL

23 Reply by anthony

(4 replies, posted in wolfSSL)

Hi Simone,

Can you try using the supported SSP version 1.7.0?  That is the version specified in the README.md file.
It seems this inquiry is out of professional interest. 
In order to protect your confidentiality, if you have further questions, please send them to support@wolfssl.com. 

Warm regards, Anthony

Go to forum: wolfSSL

24 Reply by anthony

(4 replies, posted in wolfSSL)

Hi Simone,

have you reached out to the Renesas support team yet?
Can you let me know what compilation errors you're seeing?

Warm regards, Anthony

Go to forum: wolfSSL

25 Reply by anthony

(3 replies, posted in wolfCrypt)

Can you try version 5.7.4 or the latest of the master branch on gitubhb?  I noticed there have been changes as line 30931 on master has the following:

        "LDR    r6, [%[a], #188]\n\t"

Warm regards, Anthony

Go to forum: wolfCrypt