1

(6 replies, posted in wolfCrypt)

Thanks for the reply and testing the certificates. I am trying to implement the program in riot os and I am using Makefile to enable modules. Could you also tell me what all modules are  enabled when "/configure --enable-all --enable-debug" using this command ?

I am adding relevant part of my makefile for your reference

USEPKG += wolfssl
USEMODULE += wolfssl
USEMODULE += wolfssl_socket
USEMODULE += wolfcrypt 
USEMODULE += wolfcrypt_ecc
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt-test

CFLAGS += -DWOLFSSL_CERT_REQ
CFLAGS += -DWOLFSSL_TEST_CERT
CFLAGS += -DDEBUG_WOLFSSL

Hi,

were you able to resolve this issue ? (-144 error, ASN object id error, invalid id) .I have been stuck with this  issue for some days. Could you please let me know the solution,If you have managed to resolve it ?

3

(6 replies, posted in wolfCrypt)

I have created the csr without unstructuredName..still I get the same error. Is there any modules that needs to be enabled ?but everything works fine when i try to  parse a x509 cert.pem...so this error is just happening for csr. I have also tried to parse the csr from wolfssl examples https://github.com/wolfSSL/wolfssl-exam … 0c/certgenon github.still the same error.

I could see from wolfssl manual https://www.wolfssl.com/docs/wolfssl-manual/appendix-c/  that -144 means ASN_OBJECT_ID_E ,ASN object id error, invalid id. How can I solve this error ?

4

(6 replies, posted in wolfCrypt)

It is a  csr I made using openssl for testing purposes...by following ths blog https://www.ssl.com/how-to/manually-gen … g-openssl/

5

(6 replies, posted in wolfCrypt)

I am trying to parse a csr using wolfssl in RIOT operating system.https://doc.riot-os.org/group__pkg__wolfssl.html

file = fopen(file_name, "rb");
    if (!file) {
        printf("can't open certificate\n");
        return 1;
    }

    pem_cert_size = fread(pem_cert_buf, 1,LARGE_TEMP_SZ, file);
    fclose(file);
    
    printf("Successfully read %d bytes from %s\n\n", pem_cert_size, file_name);

    if (pem_cert_size <= 0) {
        printf("pem cert read error:%d\n", (int)pem_cert_size);
        return 1;
    }
    DEBUG("\n\npem cert size:%d\n\n", pem_cert_size);

    der_cert_size = wc_CertPemToDer(pem_cert_buf, pem_cert_size, der_cert_buf, LARGE_TEMP_SZ,
                                    CERTREQ_TYPE);

    if (der_cert_size <= 0) {
        printf("cant convert pem to der:%d\n", (int)der_cert_size);
        return 1;
    }
     printf("Converted CSR Cert PEM to DER %d bytes\n", der_cert_size);

#ifdef HAVE_DECODEDCERT
    
    InitDecodedCert(&decoded_cert, der_cert_buf,der_cert_size, NULL);
    int ret = ParseCert(&decoded_cert, CERTREQ_TYPE, NO_VERIFY, NULL);

    printf("ParseCert ret:%d\n",ret);

#endif    

I am following the https://github.com/wolfSSL/wolfssl-exam … csr_sign.c sample.I have enabled WOLFSSL_TEST_CERT. I was able to parse a x509 certificate and get the contents in "DecodedCert".Now I want to do the same with Certfificate signing requests.But ParseCert function throws error. Could anyone help with the problem ?  WolfSSL debugging is given below

Successfully read 428 bytes from testcsr1.pem

wolfSSL Entering wc_CertPemToDer
wolfSSL Entering PemToDer
Converted CSR Cert PEM to DER 264 bytes
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
ParseCert ret:-144

6

(2 replies, posted in wolfSSL (formerly CyaSSL))

I am trying to read an X509 certificate from file and parse the file to get version,issuer,subject,public key etc,using RIOT OS.https://github.com/RIOT-OS/RIOT . RIOT has  support for WolfSSLhttps://doc.riot-os.org/group__pkg__wolfssl.html . I have found this example https://github.com/cconlon/wolfssl-exam … lds/main.c  where a pem certificate is read and internal WOLFSSL_X509 struct is created. but when I add #include <wolfssl/options.h>,I get error  fatal error: wolfssl/options.h: No such file or directory . is there any other configuration to access options.h ? It is mentioned in RIOT documentation to add #include <wolfssl/wolfcrypt/settings.h> before any other headers.  When I remove options.h I get error, undefined reference to `wolfSSL_X509_d2i' . I have also found another fact ,suppose I change wolfSSL_X509_d2i() to DolfSSL_X509_d2i...then while compiler I get "implicit declaration of function ‘DolfSSL_X509_d2i’; did you mean ‘wolfSSL_X509_d2i’?" . So I think the system knows that the functions are there,but its  not able to access  ? 


There is also another example "wolfSSL/wolfssl-examples/blob/master/ecc/ecc-key-decode.c" ,In which certificate file is read and converted to DecodedCert structure format.I am able to get the fields in the certificate from DecodedCert, but here also  <wolfssl/options.h>, is not added but the code works fine.In the decodedCert I get different public key size though,26 bytes greater than the original one.

7

(2 replies, posted in wolfSSL (formerly CyaSSL))

have been trying to use for handling X509 certificates in RIOT.My plan is to read a certificate and parse the fields.I could see API documentation https://www.wolfssl.com/doxygen/group__CertsKeys.html . For eg I need to use wolfSSL_X509_d2i() to convert certificates ro Wolfssl structure. I have included the header file  wolfssl/wolfssl/ssl.h  .but while compiling undefined refernce error is shown. Is there any other module to be added using USEMODULE ? Could anybody help ?