• Registered: 2022-01-07
  • Posts: 7

Topic: ParseCert returns -144. on RIOT Os

I am trying to parse a csr using wolfssl in RIOT operating system.https://doc.riot-os.org/group__pkg__wolfssl.html

file = fopen(file_name, "rb");
    if (!file) {
        printf("can't open certificate\n");
        return 1;
    }

    pem_cert_size = fread(pem_cert_buf, 1,LARGE_TEMP_SZ, file);
    fclose(file);
    
    printf("Successfully read %d bytes from %s\n\n", pem_cert_size, file_name);

    if (pem_cert_size <= 0) {
        printf("pem cert read error:%d\n", (int)pem_cert_size);
        return 1;
    }
    DEBUG("\n\npem cert size:%d\n\n", pem_cert_size);

    der_cert_size = wc_CertPemToDer(pem_cert_buf, pem_cert_size, der_cert_buf, LARGE_TEMP_SZ,
                                    CERTREQ_TYPE);

    if (der_cert_size <= 0) {
        printf("cant convert pem to der:%d\n", (int)der_cert_size);
        return 1;
    }
     printf("Converted CSR Cert PEM to DER %d bytes\n", der_cert_size);

#ifdef HAVE_DECODEDCERT
    
    InitDecodedCert(&decoded_cert, der_cert_buf,der_cert_size, NULL);
    int ret = ParseCert(&decoded_cert, CERTREQ_TYPE, NO_VERIFY, NULL);

    printf("ParseCert ret:%d\n",ret);

#endif

I am following the https://github.com/wolfSSL/wolfssl-exam … csr_sign.c sample.I have enabled WOLFSSL_TEST_CERT. I was able to parse a x509 certificate and get the contents in "DecodedCert".Now I want to do the same with Certfificate signing requests.But ParseCert function throws error. Could anyone help with the problem ?  WolfSSL debugging is given below

Successfully read 428 bytes from testcsr1.pem

wolfSSL Entering wc_CertPemToDer
wolfSSL Entering PemToDer
Converted CSR Cert PEM to DER 264 bytes
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
ParseCert ret:-144

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 299

Re: ParseCert returns -144. on RIOT Os

Hi adarshr.r6

Thanks for contacting wolfSSL. Typically we would like to review the problematic CSR. If you'd rather not share on this public forum, you are welcome to submit a support request by emailing support@wolfssl.com

embhorn's Website

Share

3 Reply by adarshr.r6 (edited by adarshr.r6 2022-01-21 14:29:23)

  • Registered: 2022-01-07
  • Posts: 7

Re: ParseCert returns -144. on RIOT Os

It is a  csr I made using openssl for testing purposes...by following ths blog https://www.ssl.com/how-to/manually-gen … g-openssl/

Post's attachments

testcsr2.pem 550 b, 2 downloads since 2022-01-21 

You don't have the permssions to download the attachments of this post.

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 299

Re: ParseCert returns -144. on RIOT Os

The parser is failing on the attribute 

unstructuredName         :ovgu
openssl req -in testcsr2.pem -noout -text
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: C = DE, ST = BW, L = KER, O = OVGU, OU = COMSYS, CN = testName, emailAddress = xyz@ovgu.de
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:6b:61:17:b7:64:a7:c8:64:ef:7e:1b:df:81:d7:
                    3b:68:cf:d5:77:f3:26:6a:5a:7e:81:cd:b0:02:25:
                    b4:7f:ff:42:62:44:dd:e3:e0:40:49:89:8d:ff:d7:
                    e5:36:3b:b0:cb:d1:1b:2d:59:89:de:3e:6e:12:46:
                    2a:56:a2:37:5a
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        Attributes:
            unstructuredName         :ovgu
            challengePassword        :1234
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:d3:cf:8a:a5:95:9f:fa:cb:84:dd:bf:ed:a8:
         7b:4a:91:ba:a2:6f:ef:cf:19:41:40:c2:ab:d8:db:b3:95:c9:
         53:02:20:3b:4c:fb:75:08:12:09:93:e3:66:7a:9f:35:12:4c:
         de:ca:1d:24:f0:eb:40:8d:a0:66:28:71:9f:5e:54:1a:40

Here is some relevant information:
https://stackoverflow.com/questions/187 … cturedname

Try rebuilding the CSR without entering the unstructuredName field.

embhorn's Website

Share

5 Reply by adarshr.r6 (edited by adarshr.r6 2022-01-23 03:08:39)

  • Registered: 2022-01-07
  • Posts: 7

Re: ParseCert returns -144. on RIOT Os

I have created the csr without unstructuredName..still I get the same error. Is there any modules that needs to be enabled ?but everything works fine when i try to  parse a x509 cert.pem...so this error is just happening for csr. I have also tried to parse the csr from wolfssl examples https://github.com/wolfSSL/wolfssl-exam … 0c/certgenon github.still the same error.

I could see from wolfssl manual https://www.wolfssl.com/docs/wolfssl-manual/appendix-c/  that -144 means ASN_OBJECT_ID_E ,ASN object id error, invalid id. How can I solve this error ?

Post's attachments

testcsr4.pem 404 b, 1 downloads since 2022-01-22 

You don't have the permssions to download the attachments of this post.

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 299

Re: ParseCert returns -144. on RIOT Os

Thanks for clarifying. I was able to reproduce a similar error

Creating certificate...
Failure code was -134

...with 

./configure --enable-certgen --enable-certext --enable-certreq --enable-keygen --enable-debug

But with 

./configure --enable-all --enable-debug

  the example works correctly. I will work on updating the example instructions.

embhorn's Website

Share

  • Registered: 2022-01-07
  • Posts: 7

Re: ParseCert returns -144. on RIOT Os

Thanks for the reply and testing the certificates. I am trying to implement the program in riot os and I am using Makefile to enable modules. Could you also tell me what all modules are  enabled when "/configure --enable-all --enable-debug" using this command ?

I am adding relevant part of my makefile for your reference

USEPKG += wolfssl
USEMODULE += wolfssl
USEMODULE += wolfssl_socket
USEMODULE += wolfcrypt 
USEMODULE += wolfcrypt_ecc
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt-test

CFLAGS += -DWOLFSSL_CERT_REQ
CFLAGS += -DWOLFSSL_TEST_CERT
CFLAGS += -DDEBUG_WOLFSSL

Share