You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 1 of 7)
I concur. You can use our APIs to output what algorithms are used. But the gold standard is to have a packet sniffer (wireshark for example) confirm that you are actually doing a quantum-safe connection.
Hello SunnySunday and matemagico13,
my name is Anthony and I am a member of the wolfSSL team.
I built wolfSSL with the following configure line:
./configure --enable-dtls --enable-dtls13 --enable-mlkem --enable-dtls-frag-ch
Then I ran the example server and client as shown and got the output as shown:
$ ./examples/server/server -u -v 4 --pqc ML_KEM_1024
Using Post-Quantum KEM: ML_KEM_1024
SSL version is DTLSv1.3
SSL cipher suite is TLS_AES_256_GCM_SHA384
SSL curve name is ML_KEM_1024
Client message: hello wolfssl
$ ./examples/client/client -u -v 4
SSL version is DTLSv1.3
SSL cipher suite is TLS_AES_256_GCM_SHA384
SSL curve name is ML_KEM_1024
I hear you fa shizzle!
Note that the use of ML-KEM is clearly shown. I made no modifications to the code. Please let me know if you have further questions.
Warm regards, Anthony .
Hello SunnySunday,
My name is Anthony and I am a member of the wolfSSL team. I am not surprised by your results. Have you tried running our bench-marking application? You'll notice that ML-KEM is actually much faster than ECDHE. So while the processing time is faster, your transmission might be slower because of the increase in data going over the wire. As such, they will balance out and you get the results that you are seeing.
Warm regards, Anthony
These should be sufficient:
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE256
You will need shake 128 and 256
Hi Sunnysunday,
Did you mean ML-KEM?
You can use
WOLFSSL_API int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group);
The following values for group are good:
WOLFSSL_ML_KEM_512
WOLFSSL_ML_KEM_768
WOLFSSL_ML_KEM_1024
WOLFSSL_SECP256R1MLKEM768
WOLFSSL_X25519MLKEM768
WOLFSSL_SECP384R1MLKEM1024
WOLFSSL_SECP256R1MLKEM512
WOLFSSL_SECP384R1MLKEM768
WOLFSSL_SECP521R1MLKEM1024
WOLFSSL_X25519MLKEM512
WOLFSSL_X448MLKEM768
Warm regards, Anthony
I think you might find this useful:
https://github.com/wolfSSL/wolfssl/tree/master/Docker
Let me know if you have further questions.
Can you tell us about your project and goals?
Warm regards, Anthony
if "native", then gcc would be sufficient. Just about any C89 compliant compiler would be sufficient.
Perhaps you would prefer a secure and confidential communication channel. If so, please start the conversation by sending a message to support@wolfssl.com.
Can you let us know what build tools or toolchain you have available?
If you would like to try such a project, we would be happy to entertain a contribution. Let us know if you try to do it.
Warm regards, Anthony
Bryce,
in future, please direct questions to support@wolfssl.com .
Warm regards, Anthony
Hi ,
wc_AesGcmEncrypt() is what is known as a "one-shot" API; the whole AES algorithm is run in a single API call.
The file encryption example does not use that API. It uses wc_AesGcmEncryptInit(), wc_AesGcmEncryptUpdate(), and wc_AesGcmEncryptFinal(); this is known as a streaming API which allows the data to be encrypted to be fed in as chunks. This is useful if you are getting dtata in chunks and don't have the full content in a buffer before hand.
Warm regards, Anthony
Excellent. I'm glad to see you made progress and found your own solution. May I ask you about your project? Is this out of person, professional or academic interest?
Warm regards, Anthony
Yes, that should work. That is to say that WOLFSSL_ALT_NAMES does not depend on the openssl compatibility layer. Note that you do not need to use --disable-opensslall; it is disabled by default.
Warm regards, Anthony
Hi,
To be a bit more specific, make sure you have the following macros defined:
WOLFSSL_CUSTOM_CURVES
HAVE_ECC_BRAINPOOL
Warm regards, Anthony
Hi Jakob,
My name is Anthony and I am a member of the wolfSSL team. As of yet we do not have support for assembly optimizations foir brainpool curves so yes, you are seeing expected behaviour.
That said, can you let us know a bit more about yourself and your project? What are your goals? Are you interested in seeing Brainpool assembly optimizations?
If you desire privacy, you can send this information to our confidential support address: support@wolfssl.com.
Warm regards, Anthony
Hello,
My name is Anthony and I am a member of the wolfSSL team.
The page you reference points to a place where you can download the certificate bundle.
If you get them and put them in a directory, you can then use wolfSSL_CTX_load_verify_locations() to specify that directory location and it will have those. If your system has a way to automatically update the certificates you can tell wolfSSL to check that location with the same API.
Warm regards, Anthony
DJ3434,
May I ask if your interest in wolfSSL is professional, academic or person? If you are concerned about confidentiality you can submit more information via support@wolfssl.com .
Warm regards, Anthony
HI DJ3434,
My name is Anthony and I am a member of the wolfSSL team.
This is an interesting result you are seeing. Its very odd and I've never seen such a report. Do you have a simple example application that shows this behaviour?
Warm regards, Anthony
Hi Hannson,
Thank you so much for all these details. I see on the commandl-ine you display you have -DNO_DSA and -DNO_PSK. So, that would be the cause of the redefinition. Perhaps the solution would be to remove NO_DSA and NO_PSK from your user_setting.sh.h file.
Might I ask if this is a commercial use case? If so, to preserve you privacy, I would suggest further interaction happen via our confidential technical support channel. You can send messages to support@wolfssl.com and we will support you there. Note that you can also send messages with attachments there.
Warm regards, Anthony
Hi Bryce,
my name is Anthony and I am a member of the wolfSSL team. We talk about wolfCrypt's MISRA compliance in various blog posts. For example here: https://www.wolfssl.com/wolfssl-conform … uidelines/ .
Generally speaking we'll need to understand your use case so we can specifically target what you need. The best idea would be to send a message to support@wolfssl.com so we can get started on that confidential and private conversation.
Warm regards, Anthony
Thank you so much for finding this!! I really appreciate it. We'll look into fixing this. Feels like it should be a simple fix.
Warm regards, Anthony
Hi Scott,
That happened in the following pull request: https://github.com/wolfSSL/wolfssl/pull/7923 and that made it into wolfSSL Release 5.7.4 (Oct 24, 2024). Note that the previous value was 1024 which would allow RSA-512 keys. Now that it is set to 2048 is will no longer allow RSA-512 but will allow RSA-1024. I understand if this is somewhat confusing. Sorry about that.
This affects, both keys that are generated and loaded. Note that you can override this default by defining RSA_MIN_SIZE yourself.
If you have further questions, please do send to support@wolfssl.com as I can see you are a commercial customer of wolfSSL.
Warm regards, Anthony
Hi Sheondael,
My name is Anthony and I am a member of the wolfSSL team. The wolfssl library has never supported XMSS in certificates. The reason is because the use case for certificates would be for network protocols and XMSS is a stateful hash-based signature scheme. The state makes it inappropriate for usage in network protocols.
Where it is appropriate is in code and firmware signing. As such we use it in our wolfBoot product. In that case, no certificate is required.
That said, can you let us know your use case for XMSS in certificates? Here at wolfSSL, we are always interested in how people are using our code and I would love to understand your need for XMSS in certificates. Also, can you let us know your geographical location and whether this is out of professional, personal or academic interest?
Warm regards, Anthony
Posts found: 1 to 25 of 152
Generated in 0.008 seconds (65% PHP - 35% DB) with 4 queries