I have run the tests and this is the output that I get:

MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
HC-128   test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
sf_fopen: "./certs/client-key.der" mode "rb"
wolfSSL Entering GetMyVersion
sf_fopen: "./certs/client-cert.der" mode "rb"
RSA      test passed!
sf_fopen: "./certs/dh2048.der" mode "rb"
DH       test passed!
sf_fopen: "./certs/dsa2048.der" mode "rb"
wolfSSL Entering GetMyVersion
DSA      test passed!
PWDBASED test passed!
Test finished with result code 0

The function wolfcrypt_test() uses about 4kB of stack on this system which initially caused the DH tests to throw an exception until I increased the allocation. It takes a significant time to execute the RSA, DH, DSA and PWDBASED tests. I presume that this is normal for a 100MHz microcontroller? I think that this proves that the underlying crypto is working on this platform.

If I try the connection without the SSL_VERIFY_NONE option I get this:

Connecting to host: smtp.gmail.com
Resolved host address: 64.233.166.108
wolfSSL Entering SSL_library_init
wolfSSL Entering wolfSSL_Init
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
RXS:
220 smtp.gmail.com ESMTP uo6sm3611775wjc.1 - gsmtp
RXE.
TXS:
EHLO PRIME
TXE.
RXS:
250-smtp.gmail.com at your service, [83.105.130.164]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
RXE.
TXS:
STARTTLS
TXE.
RXS:
220 2.0.0 Ready to start TLS
RXE.
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering DecodeCrlDist
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering DecodeCrlDist
wolfSSL Entering DecodeAuthInfo
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering DecodeAltNames
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeAuthKeyId
Certificate Policy extension not supported yet.
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetAlgoId
About to verify certificate signature
No CA signer to verify with
Failed to verify Peer's cert
        No callback override available, fatal
wolfSSL Leaving DoHandShakeMsgType(), return -188
wolfSSL Leaving DoHandShakeMsg(), return -188
wolfSSL error occured, error = -188
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -188
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -188
SSL Error "ASN no signer error to confirm failure"
**Error: SMTP_SSL_PROBLEM
wolfSSL Entering SSL_shutdown()
growing output buffer

Shrinking output buffer

wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
**Error: Error sending e-mail.

If I set SSL_VERIFY_NONE I get the " mp_exptmod error state" error code returned from wolfSSL_connect() as before.

Can any one help?

Cheers,

Adam.

When getting wolfSSL up and running on a new platform, we recommend running the wolfCrypt test app (or at least the subset of it that is applicable to what you are interested in using). This app is located at <wolfssl_root>/wolfcrypt/test/test.c.  You can define NO_MAIN_DRIVER when compiling test.c into your code, which allows you to call the individual test functions (ex: rsa_test()) from your own main/driver function.

Have you tried this yet?  It may help flush out if the underlying crypto is working correctly.

Thanks,
Chris

I'm a very new to wolfSSL and I am trying to send an e-mail with a TLS connection to a gmail server. The return from wolfSSL_connect() is "mp_exptmod error state". I have no client certificates and have set SSL_VERIFY_NONE. Below is the trace output. Does any one know if this is a network transport error or a wolfSSL library configuration error?

Thanks in advance,

Adam.

Connecting to host: smtp.gmail.com
Resolved host address: 173.194.67.108
wolfSSL Entering SSL_library_init
wolfSSL Entering wolfSSL_Init
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
RXS:
220 smtp.gmail.com ESMTP v9sm3545903wjq.41 - gsmtp
RXE.
TXS:
EHLO PRIME
TXE.
RXS:
250-smtp.gmail.com at your service, [83.105.130.164]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
RXE.
TXS:
STARTTLS
TXE.
RXS:
220 2.0.0 Ready to start TLS
RXE.
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering DecodeCrlDist
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
Chain cert not verified by option, not adding as CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering DecodeCrlDist
wolfSSL Entering DecodeAuthInfo
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
Chain cert not verified by option, not adding as CA
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering DecodeAltNames
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeAuthKeyId
Certificate Policy extension not supported yet.
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetAlgoId
Verified Peer's cert
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
No KeyExchange required
processing server hello done
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
wolfSSL error occured, error = -112
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -112
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -112
SSL Error "mp_exptmod error state"
**Error: SMTP_SSL_PROBLEM
wolfSSL Entering SSL_shutdown()
growing output buffer

Shrinking output buffer

wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
**Error: Error sending e-mail.