Welcome to the wolfSSL Forums!

2023-11-17 04:28:34

Same behavior, but i have found an ugly fix

        /* Flush */
        memset(stringtosend, 0, sizeof(stringtosend));
        if ((ret = wolfSSL_read(ssl, stringtosend, sizeof(stringtosend)-1)) == -1) {
            fprintf(stderr, "ERROR: failed to read\n");
            goto done;
        }

        /* Read the server data into our buff array */
        if(stringtosend[0] == 0x0){
            if ((ret = wolfSSL_read(ssl, stringtosend, sizeof(stringtosend)-1)) == -1) {
                fprintf(stderr, "ERROR: failed to read\n");
                goto done;
            }
        }

2023-11-16 09:23:52

I am doing an handshake between a client and a server, after the handshake the client sends a message and waits for the server to reply with the same message. The first message always goes through, but the client is never able to read the second one and the ones after, it simply reads 0.

I found that the first loop ssl->buffers.clearOutputBuffer.length is equal to zero, but the second time it's like 900, so wolfSSL_read follows a different procedure, doesn't read and sets the buffer at zero. If in debug i set ssl->buffers.clearOutputBuffer.length to zero everything works. So i would like to know how can i do it in code, or what am i doing wrong.

    while (true)
    {
        printf("Send a string to the server\n"
               "x to exit\n");
        if (fgets(stringtosend, sizeof(stringtosend), stdin) == NULL) {
            printf("error reading");
        }
        do {
            ret = wolfSSL_write(ssl, stringtosend, sizeof(stringtosend));
            err = wolfSSL_get_error(ssl, ret);
        } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
        printf("Sent (%d): %s\n", err, stringtosend);

        XMEMSET(readBuf, 0, sizeof(readBuf));
        do {
            ret = wolfSSL_read(ssl, readBuf, sizeof(readBuf)-1);
            err = wolfSSL_get_error(ssl, ret);
        } while (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE);
        printf("Read (%d): %s\n", err, readBuf);
        
        
        //ssl->buffers.clearOutputBuffer.length = 0;
        if (stringtosend[0] == 'x' && stringtosend[1] == '\n'){
            return;
        }
    }

2023-10-23 07:04:46

Thank you for your help, i solved using two brainpoolP256r1 certificates

2023-10-23 00:08:46

Increasing the heap solved the -425 error, now i have a new one, -330. Debugging i can see that fails during ecc_verify_hash(), when it compares if v == r and fails, what does this mean?

2023-10-22 08:32:25

Yes all the tests are working, i think it could be a memory error, i should try to increase the heap

2023-10-20 06:39:55

Error 313 fails on normal_ecc_mul2add

2023-10-20 03:50:45

I am doing some tests sending and receiving data using secp256r1 for CA certificate and server certificate.
These are the curves that i tested with the client:

prime256v1                    Works
brainpoolP224r1               -425
brainpoolP256r1               Sends but fails to receive -313
brainpoolP256t1               Error loading the certificate
secp224r1                     -425
brainpoolP512r1               -425
brainpoolP192r1               Error loading the certificate
wap-wsg-idm-ecid-wtls12        Error loading the certificate
c2tnb239v3                     Error loading the certificate
secp256k1                      Sends but fails to receive -313
brainpoolP320r1               -425

2023-10-19 05:58:08

I want to do an mTLS connection between a server (STM32 board) and a client (linux) via UART.
When i was using secp224r1 on both the client and the server everything was working fine.
If i'm using an hardcoded certificate in the server that i generated with openssl i get MATCH_SUITE_ERROR on the server and FATAL_ERROR on the client.
If i'm generating a new certificate in the server i get ASN_PARSE_E in the server and OUT_OF_ORDER_E on the client, but this could be my fault, related to the fact that i am sending a csr to the client to sign it with openssl.
Server and client are using the same CA certificate.

I compiled wolfSSL on linux with

./configure --enable-ecc --enable-debug --enable-ecccustcurves=all

and on the board i have defined

HAVE_ECC WOLFSSL_CUSTOM_CURVES HAVE_ECC_BRAINPOOL

and

HAVE_ALL_CURVES

. The error seems to be in the PickHashSigAlgo(), wolfSSL doesn't find an "exact match" in the CmpEccStrength() function. Signature algorithm in the certificates is ecdsa-with-SHA256.

Welcome to the wolfSSL Forums!

Search options

Posts found: 8

1 Reply by astc 2023-11-17 04:28:34

Re: TLS Handshake exchanging messages (2 replies, posted in wolfSSL)

2 Topic by astc 2023-11-16 09:23:52

Topic: TLS Handshake exchanging messages (2 replies, posted in wolfSSL)

3 Reply by astc 2023-10-23 07:04:46

Re: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

4 Reply by astc 2023-10-23 00:08:46

Re: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

5 Reply by astc 2023-10-22 08:32:25

Re: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

6 Reply by astc 2023-10-20 06:39:55

Re: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

7 Reply by astc 2023-10-20 03:50:45

Re: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

8 Topic by astc 2023-10-19 05:58:08

Topic: [SOLVED] MATCH_SUITE_ERROR using brainpoolP224r1 (7 replies, posted in wolfSSL)

Posts found: 8