• Registered: 2018-12-13
  • Posts: 11

Topic: WolfSSL Test Vector Memory Usage

I am currently porting WolfMQTT and WolfSSL to an embedded platform  using the Azure IOT hub example.   I started getting everything working with the Windows based examples and am now getting the build working in embedded platform (NRF52840 - Cortex M4).  (Everything work OK in the Windows version with a Cell Modem!)

I have wolfSSL building with the embedded tools and I am running the test routines.    I am at the point where I can pass all the tests for my current settings (see below for settings).    I noticed that I have to set aside lot quite a bit of heap and stack for the tests to pass.  (90k of heap and 64k of stack).     The stack/heap settings can be trimmed down a bit but there was some (slow) trial an error to just get the tests to pass.

Question 1:

Is it a good assumption that wolfSSL will need this amount of heap and stack at runtime?     (MQTT with TLS to Azure).      It is quite a bit of memory (I have 256k on my platform).     My guess is that most memory usage is just for the mechanics of the tests.

I am considering moving to another CPU to get some external SDRAM to be safe but want to get a true feel for the resource usage. 

Question 2:

The tests take about 10 minutes (64MHz cortex M4).   Most of that is in the ECC test.  Is this to be expected?

My settings:

#ifdef WOLFSSL_NRF5x
 
        #define WOLFSSL_NRF51
        #define WOLFSSL_USER_IO
 
        #define DEBUG_WOLFSSL
        #define SIZEOF_LONG 4
        #define SIZEOF_LONG_LONG 8
 
        #define NO_ASN_TIME
        #define NO_DEV_RANDOM
        #define NO_FILESYSTEM
        #define NO_MAIN_DRIVER
        #define NO_WRITEV
        #define NO_FILESYSTEM
        #define NO_SESSION_CACHE
        #define NO_PSK
       
        #define HAVE_ECC
        #define HAVE_TLS_EXTENSIONS
        #define HAVE_SECURE_RENEGOTIATION
        #define HAVE_AESGCM
        #define HAVE_SUPPORTED_CURVES
        #define HAVE_TLS_EXTENSIONS
        #define HAVE_EXTENDED_MASTER

        #define USE_FAST_MATH
        #define USE_WOLFSSL_MEMORY
        
        #define TFM_TIMING_RESISTANT
        #define SINGLE_THREADED
        
        #define WOLFSSL_SHA384
        #define WOLFSSL_SHA512
        #define WOLFSSL_RIPEMD
        #define WOLFSSL_SHA512
        #define WOLFSSL_USER_IO
        #define WOLFSSL_BASE64_ENCODE

        #define ECC_SHAMIR
        #define ECC_TIMING_RESISTANT

        #define SINGLE_THREADED
        
        #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_4096)
            #define USE_CERT_BUFFERS_2048
        #endif

        #define BENCH_EMBEDDED
    
      
#endif

Share

2 Reply by Kaleb J. Himes (edited by Kaleb J. Himes 2019-01-07 16:14:36)

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: WolfSSL Test Vector Memory Usage

Hi eli.hughes,

Thank you for contacting wolfSSL via the forums. With your same settings I had the following results for heap/stack:

stack used = 62784
peak Heap Bytes = 71296

By adding the following one setting I got the heap down to just under 18k and the stack down to 45k:


#define ALT_ECC_SIZE

stack used = 45392
peak Heap Bytes = 17944

Next test I ran was to use the single precision math library for performance improvements since you noted the long run times and this not only reduced the speed of the tests by about a factor of 4.3 but also further drops the resource usage where heap is now just of 9k (stack usage remained the same at 45k):

#define ALT_ECC_SIZE
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_RSA

stack used = 45392
peak Heap Bytes = 9272

Finally I am aware that ECC Shamir uses more heap but is also faster so you can disable that setting to further reduce heap usage to about 8.7k (stack usage again is unaffected but likely the stack is mostly, like you noted, due to the FOURK_BUFs being set aside on the stack throughout the tests:

#define ALT_ECC_SIZE
#define WOLFSSL_SP
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_RSA
#undef ECC_SHAMIR

stack used = 45392
peak Heap Bytes = 8792

With this last test a client/server use the following during a connection using the cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

SERVER RESOURCES:

stack used = 22048
peak Heap Bytes = 22244

CLIENT RESOURCES:

stack used = 20624
peak Heap Bytes = 20563

In this test the client and server were both doing authentication (mutual auth) so they were both sending cert chains and verifying eachother. If not doing mutual auth you could expect lower resource use for the connections.

Warm Regards,

K

Kaleb J. Himes's Website

Share

  • Registered: 2018-12-13
  • Posts: 11

Re: WolfSSL Test Vector Memory Usage

Thank you for the detailed analysis as well as the additional compile options to reduce size.     I am unsure of why ciphers are used when opening SSL connections to these cloud services (AWS, azure) as I am not familiar with details of SSL/TLS.     This data helps so I can play it safe and make sure to allocate plenty of memory to the heap.   I do plan on playing with the static memory options once I get the end to end system functional. It just looks like I trade heap for the stack but I am glad the library has all these options to play with.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: WolfSSL Test Vector Memory Usage

eli.hughes,

Not a problem, it's our pleasure to help out! Let us know if anything else comes up. Also as a side note if you ever have a question that needs answered quickly feel free to contact us at support@wolfssl.com email for best turn-around times!

- K

Kaleb J. Himes's Website

Share