still have problem getting wolfssl with libwebsockets working ... lws cannot find wolfSSL_X509_VERIFY_PARAM_set1_host during configuration and I have no idea why. Wolfssl is compiled this way:

cmake .. -DCMAKE_C_FLAGS_INIT="-DOPENSSL_EXTRA -DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_ALL -DHAVE_ALPN" -DNDK=${NDK_PATH} -DCMAKE_TOOLCHAIN_FILE=${PWD}/../../../../../../CMakeModules/cross-${s}-android.cmake -DWOLFSSL_CERTGEN=yes -DWOLFSSL_CERTREQ=yes -DWOLFSSL_CERTEXT=yes -DWOLFSSL_PKCS7=yes -DWOLFSSL_CRYPTOCB=yes -DWOLFSSL_AESCFB=yes -DWOLFSSL_KEYGEN=yes -DBUILD_SHARED_LIBS=0

But

~/android-ndk-r21e/toolchains/llvm/prebuilt/linux-x86_64/x86_64-linux-android/bin/readelf -s build/wolfSSL/build_x86_64/libwolfssl.a | grep wolfSSL_X509_VERIFY_PARAM_set1_host

shows no export of wolfSSL_X509_VERIFY_PARAM_set1_host
But according to sources it is the only define required. Generated options.h has #define OPENSSL_EXTRA. What I'm missing?

The problem was in toolchain file. It had CMAKE_C_FLAGS set to some value and CMAKE_C_FLAGS_INIT didn't work. After changing  CMAKE_C_FLAGS to

string(APPEND CMAKE_C_FLAGS_INIT " -DARM64=1 ...")

all works fine.

Hi embhorn,
thanks for reply. It works with CMakeLists.txt modification, but now I tried it with -DCMAKE_C_FLAGS_INIT and this fails. Libwebsockets build fails with

error: implicit declaration of function 'wolfSSL_get_ex_new_index' is invalid in C99

and this function is defined only if HAVE_EX_DATA is defined. I also didn't find any occurrence of CMAKE_C_FLAGS_INIT in CMakeLists (latest sources).

Hi,
we  are building all third party libs with cmake in our build environment I'm going to switch wolfSSL build to cmake. Currently there is no support for --enable-libwebsockets in CMakeLists.txt. I had a look on configure.ac and it seems that adding

-DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC

would be enough. Should I put this into WOLFSSL_DEFINITIONS? Something like this:

add_option("WOLFSSL_LIBWEBSOCKETS"
"Enables libwebsockets support (default: disabled)"
    "no" "yes;no")
if(WOLFSSL_LIBWEBSOCKETS )
    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LIBWEBSOCKETS" "-DHAVE_EX_DATA" "-DOPENSSL_NO_EC")
endif()
#define HAVE_PKCS8

is not needed. I fixed it with commenting out #define NO_PWDBASED

Hi Kareem,
could you please point me to the missing option? I have an error with unresolved "_ToTraditionalEnc" referenced from      wolfSSL_d2i_PKCS8PrivateKey_bio in libwolfssl.a(ssl.o).
I created options.h like this

#include <IDE/XCODE/user_settings.h>
#include <wolfssl/wolfcrypt/settings.h>

And put following defines at the top of user_settings.h

#define WOLFSSL_LIBWEBSOCKETS
#define HAVE_EX_DATA
#define OPENSSL_NO_EC
#define OPENSSL_ALL
#define WOLFSSL_EITHER_SIDE
#define WC_RSA_NO_PADDING
#define WC_RSA_PSS
#define WOLFSSL_PSS_LONG_SALT
#define OPENSSL_EXTRA
#define HAVE_ALPN
#define HAVE_PKCS8

I put HAVE_ALPN to fix unresolved _wolfSSL_get0_alpn_selected.
To fix unresolved ToTraditionalEnc I put HAVE_PKCS8, but it didn't help. May be it gets overridden somewhere else...

Thanks,
Roman

Second one (only single attachment per post is allowed)

Hi David,
could you please point me to the proper pinout? I found one for TPM module on asus site, but it differs from pinout I have in asus b550m-a mainboard manual.

Thanks,
Roman

Hi David,
I also thought last week about too long wires and ordered GPIO Breakout HAT to avoid long wires to breadboard. Unfortunately I still have no reply on MISO. With spidev_test I tried 2 MHz and even 200 kHz, but it didn't help.

pi@raspberrypi:~/spi_test/new $ ./spidev_test -D /dev/spidev0.0 -v -s2000000 -p "\x80\xd4\x00\x00\x00"
spi mode: 0x4
bits per word: 8
max speed: 2000000 Hz (2000 kHz)
TX | 80 D4 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|
RX | 00 00 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|
pi@raspberrypi:~/spi_test/new $ ./spidev_test -D /dev/spidev0.0 -v -s200000 -p "\x80\xd4\x00\x00\x00"
spi mode: 0x4
bits per word: 8
max speed: 200000 Hz (200 kHz)
TX | 80 D4 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|
RX | 00 00 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|

10

(4 replies, posted in wolfTPM)

Hi Jeff,
thanks for the fix!
Roman

11

(4 replies, posted in wolfTPM)

Hi,
I have build script to build wolfSSL+wolfTPM+libwebsockets and it works with 2.2.0, but fails if use 2.3.0 tag.

git clone https://github.com/wolfSSL/wolfTPM
cd wolfTPM
git checkout tags/v2.3.0
./autogen.sh
./configure --prefix=${PWD}/inst --enable-debug=io --enable-devtpm --with-wolfcrypt=../wolfSSL/inst
make install

Error looks like

/usr/bin/install: will not overwrite just-created '/home/ro/3dParty/build_scripts/build/wolfTPM/inst/share/doc/wolftpm/example/read.c' with 'examples/nvram/read.c'
 /usr/bin/mkdir -p '/home/ro/3dParty/build_scripts/build/wolfTPM/inst/include/wolftpm'
make[2]: *** [Makefile:2025: install-dist_exampleDATA] Error 1

On oscilloscope I don't see any signal on MISO line, only on MOSI. Sending init command via spidev_test shows no answer as well:

pi@raspberrypi:~/spi_test/new $ ./spidev_test -D /dev/spidev0.0 -v -s43000000 -p "\x80\xd4\x00\x00\x00"
spi mode: 0x4
bits per word: 8
max speed: 43000000 Hz (43000 kHz)
TX | 80 D4 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|
RX | 00 00 00 00 00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ __  |.....|

I tested this TPM on ASUS board and BIOS could detect it, so it should be OK. Some connection should be a problem. I tried to set almost all undocumented pins high, but it didn't help. In attachment I push photo of setup with connections as you described.

Hi David,
I just tried 2.3.0, but unfortunately I had no success with. Output is the same as I posted above. I also tested SPI and it seems to work with loopback:

pi@raspberrypi:~/spi_test/new $ ./spidev_test -D /dev/spidev0.0 -v -s43000000
spi mode: 0x4
bits per word: 8
max speed: 43000000 Hz (43000 kHz)
TX | FF FF FF FF FF FF 40 00 00 00 00 95 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF F0 0D  |......@.........................|
RX | FF FF FF FF FF FF 40 00 00 00 00 95 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF F0 0D  |......@.........................|

I also got a 100MHz oscilloscope (but the wrong one, with 2 channels) and trying to see MOSI/MISO pulses, but I'm still dummy in osci setup, If I find something, I'll post it.
Thanks,
Roman

Hi Kareem,
thanks, I'll give it a try.
I built it this way (with lws), but could not test yet if it really works:

./configure --host=arm-apple-darwin --disable-shared --prefix=${PWD}/inst --enable-opensslextra --enable-libwebsockets --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptocb --enable-aescfb --enable-alpn
make CC="$(xcrun --sdk iphoneos -f clang) -isysroot $(xcrun --sdk iphoneos --show-sdk-path) -arch arm64 -miphoneos-version-min=12.5"
make install

Hi,
I'm trying to build wolfSSL and libwebsockets for iOS. For that I extended IDE/XCODE/user_settings.h with

#define OPENSSL_EXTRA
#define WOLFSSL_LIBWEBSOCKETS

and adjusted build script

WORKSPACE=$(eval "pwd")
PROJ=wolfssl.xcodeproj
CONFIG=Release
SCHEME=wolfssl_ios
CONF_BUILD_DIR=${WORKSPACE}/simulator
xcodebuild clean build -project ${PROJ} -configuration ${CONFIG} \
           -scheme ${SCHEME} -destination generic/platform=iOS \
           BITCODE_GENERATION_MODE=bitcode \
           CONFIGURATION_BUILD_DIR=${CONF_BUILD_DIR}

Build was successful and I have IDE/XCODE/simulator/libwolfssl_ios.a
But this way wolfssl/options.h is not generated and cannot be found by libwebsockets. Is it the same as user_settings.h?
Or should I better use autotools? I compiled wolfSSL for Mac with these switches:

CFLAGS='-target x86_64-apple-macos10.12'
./configure --build=arm64-apple-darwin20.3.0 --target=x86_64-apple-darwin20.3.0 --host=x86_64-apple-darwin20.3.0 --prefix=${PWD}/inst --enable-opensslextra --enable-libwebsockets 

But I doubt just changing x86_64 to armv7 will give me iOS library ...

Hi David,
thank you for your response. I connected RST with VCC to put it high. Or should I put pull-up resistor instead? I also put 10k resistor between VCC and CS0. But still no answer from device. I attached image with connections. May be I have to try with another Raspi ...

Hi,
I'm trying to talk to Asus E15028 with Nuvoton NPCT750 via Raspberry Pi, butalways get no data back (only zeros). Have somebody experience with this board? I found pinout here
WolfSSL is compiled with

--enable-wolftpm --enable-opensslextra --enable-libwebsockets --enable-certgen --enable-certreq --enable-certext --enable-pkcs7 --enable-cryptocb --enable-aescfb


and wolfTPM with

--enable-debug=io --with-wolfcrypt=../wolfSSL/inst --enable-nuvoton


I also see that wolfTPM can open /dev/spidev0.0 and sets 43MHz. I tried to connect WP and HOLD to Vcc and to GND (from more detailed pinout that I found in docs for compatible motherboard, is in attachment).
Output I always have:

pi@raspberrypi:~/build/wolfTPM/examples/native $ ./native_test 
TPM2 Demo using Native API's
TPM2_IoCb: Ret 257, Sz 5
    80 d4 00 00 00                                  | .....
    00 00 00 00 00                                  | .....
TPM2_Init failed 0x101: TPM_RC_FAILURE: Commands not being accepted because of a TPM failure