Hi All,
I am using TI RTOS ( tirtos_tivac_2_16_01_14 ) and wolfssl for MQTT (AWS MQTT library). Basically, we are using ethernet and for ethernet, we are using wolfssl as socket layer.
I am getting one issue which is-

When I am trying to connect to AWS, before connection, there is a function that is used for address resolution-

    status = HTTPCli_initSockAddr((struct sockaddr *)&tlsDataParams->aws_addr, tlsParams->pDestinationURL, 0);

This function is provided by TI RTOS but inside this, there are wolfssl APIs for further usage.
This issue does not happen always. When the device starts, this line of code executes and the device gets resets automatically and then again this function executes and the second time, it works all fine.
So basically, sometimes it fails, and sometimes it works while executing this function. I don't know what can be this issue is.
Anyone any idea?

I am posting wolfssl logs when it fails-

connecting to aws ...wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering GetMyVersion

Thanks
AkhiG

Hi David,
I tried to check the dates for all the certificates by watching the variables inside function-
int ValidateDate(const byte* date, byte format, int dateType)  // inside asn.c file
{
// line no 3066 for the //
// I check for all the certificates whether I have put them into code or the mqtt server is sending during handshake
// for dateType == AFTER

on line no 3066 inside this function....-  DateGreaterThan(localTime, &certTime)

I am printing the local time and certTime. Local time is fixed as it the device time which I had set, which is 18/03/2021
And, certs time-
for HTTPS-
1- 03/04/2031 // for cert https server is sending
2- 22/11/2021 // cert which I had into my device
Since my current time is less than these, HTTPS is working fine.

Now come to the mqtt, timings are-
1- 29/05/2034 // root ca I had into my device
2- 31/11/2049 // cert I had into my device
Now from 3 to 9, server is sending all these certficates-
3- 28/05/2034
4- 28/05/2034
5- 31/11/2037
6- 31/11/2037
7- 19/09/2025
8- 19/09/2025
9- 03/03/2021 // this is the only certificate whose date is less than the current date ( 18/03/2021) and hence this is causing issue with MQTT only.

Is this the correct way? Or there can be simpler way to do this. Because I did this by checking the value of variables inside that function I pointed out.

Let me know if I am right because if this is the situation, I have to work accordingly.

Thanks





}

Hi David,
I am not sure if the certificates can be shared. But I can you scenario-
I have 3 MQTT certificates in my device-
1. Root CA whose expiry date is December 2034
2. Client cert whose expiry date is - January 01, 2050,
3. Client private key whose expiry date is - January 01, 2050 (same as above)

Now during the handshake, what aws is sending I don't know. Also, I don't know if I can check the expiry date of the 4 certs provided by aws. I can check only for the certs present on my device.

Is there a way to check dates for each certificate involved during handshake?

Thanks

anyone any idea?

Hi All,
I am using TI RTOS and tm4c129encpdt with CCS.
I am using wolfssl for the TLS for MQTT and HTTPS

My MQTT is based on AWS IoT. There I am using the certificate/key pair whose date is -

For MQTT certificate used in device (created from AWS IoT)

Create date
September 12, 2020, 01:04:42 (UTC+0530)
Effective date
September 12, 2020, 01:02:42 (UTC+0530)
Expiration date
January 01, 2050, 05:29:59 (UTC+0530)

FOR HTTPS certificate used in device

Expiration date is 20Dec. 2021

When I am setting the date as 1600422026 (18sep, 2020),
the MQTT works fine and HTTPS works fine too.

But when I set the date to 1631946773 (18Sept, 2021),
HTTPS works fine but MQTT fails and gives error ASN_AFTER_DATE_E (-151).

Why is it so? For MQTT and HTTPS, I have the date which is lying between activation date and expiration date. But if I am setting the date to some larger, mqtt getting failed and https is working. Why is it so?

These are my logs for MQTT only (as https is working fine).

Connecting...
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering GetMyVersion
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Failed to verify Peer's cert
    No callback override available, fatal
wolfSSL Leaving DoHandShakeMsgType(), return -151
wolfSSL Leaving DoHandShakeMsg(), return -151
wolfSSL error occured, error = -151
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Leaving wolfSSL_send(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -151
ERROR: iot_tls_write L#226 send failed (error = 0)

Thanks

Hi Garske,
Can you tell me what is the approximate memory is consumed while handshaking if I USE_FAST_MATH is enabled and FP_MAX_BITS  is set to 8192? Because at the time I checked, I had a lot of memory both heap and stack.
Also, I did not know about SP version of maths in wolfssl. How to use it? Is it already given into wolfssl or I need to integrate it separately?

Thanks

Hi Garske,
I don't think this is stack issue. Because when I got the error, I checked my peak stack and it was approx 25KB(peak stack usage)  from 42KB of stack size for this task. I checked this when I had USE_FAST_MATH enabled and FP_MAX_BITS  is set to 4096.

Thanks,
Akhilesh

Hi All,
I am using TI RTOS and wolfssl for tm4c129encpdt microcontroller.
I am using wolfssl while doing HTTPS and FTPS. So far, I have been using the 2048 key size. Everything was working fine.
Then, for FTPS, I had cert and key of key size 4096 bits and I started getting the errors while handshaking.
This the log -

    
wolfSSL Entering wolfSSL_recv()
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
Handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
RSA_FUNCTION MP_EXPTMOD_E: memory/config problem
Rsa SSL verify error
Confirm signature failed
Failed to verify Peer's cert
    No callback override available, fatal
wolfSSL Leaving DoHandShakeMsgType(), return -155
wolfSSL Leaving DoHandShakeMsg(), return -155
wolfSSL error occured, error = -155
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving wolfSSL_read_internal(), return -1
wolfSSL Leaving wolfSSL_recv(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -155

My settings are like this -

#ifdef WOLFSSL_TIRTOS
    #define SIZEOF_LONG_LONG 8
    #define NO_WRITEV
    #define NO_WOLFSSL_DIR
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define NO_DEV_RANDOM
    #define NO_FILESYSTEM
    #define USE_CERT_BUFFERS_2048
    #define NO_ERROR_STRINGS
    #define USER_TIME
    #define HAVE_ECC

    #ifdef __IAR_SYSTEMS_ICC__
        #pragma diag_suppress=Pa089
    #elif !defined(__GNUC__)
        /* Suppress the sslpro warning */
        #pragma diag_suppress=11
    #endif

    #include <ti/sysbios/hal/Seconds.h>
#endif

For 2048 key size, everything is working and when I use 4096 key size, I started getting errors.
For experiment purposes, I commented on the USE_FAST_MATH and it worked fine in that case.

What is this issue? And, how to resolve it without commenting on the USE-FAST_MATH because commenting this is increasing the stack usage of my task and I don't want that.

I tried to increase the FP_MAX_BITS from 4096 to 8192 but then my 2048 bit certificate has also stopped working

Thanks

Hi Kaleb and David,
I resolved this issue. I put it on hold and tried after a few days.
Actually, the issue was because of external fragmentation. Even though I was having enough heap, the size of 5kb approx was not free, which was asking during the handshaking.
I had t increase the heap by approx 20kb and now it's working all fine. Though I will test a few more things in this, but, for now, it is working all fine.

Thanks for your support and follow up.

Hi Kaleb,
This si the setting I am using by default in settings.h

#ifdef WOLFSSL_TIRTOS
    #define SIZEOF_LONG_LONG 8
    #define NO_WRITEV
    #define NO_WOLFSSL_DIR
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define NO_DEV_RANDOM
    #define NO_FILESYSTEM
    #define USE_CERT_BUFFERS_2048
    #define NO_ERROR_STRINGS
    #define USER_TIME
    #define HAVE_ECC

    #ifdef __IAR_SYSTEMS_ICC__
        #pragma diag_suppress=Pa089
    #elif !defined(__GNUC__)
        /* Suppress the sslpro warning */
        #pragma diag_suppress=11
    #endif

    #include <ti/sysbios/hal/Seconds.h>
#endif

I made user_setings.h and put the
#define WOLFSSL_TI_CRYPT
//#define DEBUG_WOLFSSL.

setting wise I think settings.h is already included in every step as https is working. I tried to comment USE_FAST_MATH also. Still no improvement, https is working and mqtt resets.
How much stack and heap on an average it needed? I have 32KB of stack for this task and 90KB of heap for the system. Out of 30KB of stack, peak of stack before handshake was 13KB which means we have still 17KB of stack left just before the handshaking in mqtt. For heap, I have 47KB of left before handshake.

Hi Kaleb,
Already the same certificate and key I am using and it's working on cc3100, not using wolfssl there.
I have 3 buffers-
1. root ca
2. certificate client
3. client private key

Which key pair you are talking about? buffer 2 and 3?
I'll try though this and will let you know.

Thanks

Hi Kaleb and David,
I am now able to pass all the tests but still getting the reset. I included the WOLFSSL_TI_CRYPT in the user_settings.h.
I freed up memory also. Same logs are there in wolfssl.
MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
HC-128   test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
PWDBASED test passed!
ECC      test passed!

Thanks
Akhi

Hi Kaleb and David,,
It's not memory related issue. I tested on some test project where I have 83% usage and there also I am getting reset and https is working fine as usual.

Thanks
Akhi

Hi Kaleb and David,
WOLFSSL_TI_CRYPT  is not defined in my settings. Also, I am using wolfssl_tm4c_hw.aem4f file.
In https, everything is working fine. In mqtt, this issue arises.
There is one difference between both-

In https, I am using the only root ca, hence doing only server verification.

In mqtt, I am using client private key, client certificate and root ca also, hence server as well as client verification.

I never faced the reset in the HTTPS handshake.

Is this something related to it? Because, in https, I don't get any reset.

Can it be a memory issue? Though I can't see anything printing on console. My memory consumption of ram is about 98% after compiling the project which included 90KB of the heap and enough stack for all tasks.
I am creating tls for https, then using it, then deleting it every time for now to avoid any memory issue. Then I am using mqtt.


Thanks,

Akhi

Hi David,

wolfcrypt_test(&args) -> aes_test() -> wc_AesCbcEncrypt -> AesAlign16 -> ROM_AESDataProcess

AES is not working. It goes into some hard loop when it calls ROM_AESDataProcess.
This is the logs after I commented the AES

Running wolfcrypt tests...

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
HC-128   test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
RANDOM   test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
PWDBASED test passed!
ECC      test failed!
 error = -1014

Do you have any idea why it is not working??

Thanks

Hi David,
while trying this, I am getting linking error even though I have included everything.
unresolved symbol wolfcrypt_test, first referenced in ./modules/httpTask/httpsProcessor.obj
I included this path #include <wolfcrypt/test/test.h> and tried to extern too, still, I am getting this error while building.

Also, I increased the stack size and got nothing. The reset is still there.

Thanks
Akhilesh Gangwar

Hi David,
I found the correct root ca. It is the starfield class 2 root ca. This certificate is working fine cc3100 wifi chip. With cc3100, I am using SL apis which is provided by TI for TLS.
Now with wolfssl, I am getting reset while handshaking. My device resets every time. I don't know why. Wolfssl is used with ethernet here.
I am pasting the logs-

wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering GetMyVersion
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Verified Peer's cert
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server key exchange
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate request
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType

381396:Starting Main // device resets

Let me know.
Thanks

Hi David,
Can you let me know how to add the `WOLFSSL_ALT_CERT_CHAINS' build option? I am using ti rtos. Can it be done in runtime or by setting some flag in settings.h or somewhere else?
I tried with SSL_FILETYPE_PEM but some error I was facing. I'll try again. Thanks smile

Thanks

Hi All,
I am trying to connect to the MQTT server (AWS). I am using ti rtos with tm4c129encpdt microcontroller.
While connecting to server, I am using the root ca, certificate, and private key. I put these using buffer apis which is given below in the code.
When I am trying to connect, I am getting the error -188. Can anyone help me in this?
My code is -

// structure

typedef struct TLSDataParams {

    WOLFSSL *ssl_aws;
    WOLFSSL_CTX* ctx_aws ;

    int sockfd_aws;
    struct sockaddr_in g_addr_aws ;
    Error_Block eb;
} TLSDataParams;

///actual code

    Error_init(&tlsDataParams->eb);
    wolfSSL_Init();
    tlsDataParams->ctx_aws = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    if (tlsDataParams->ctx_aws == 0){
      //  logg("****Error****: WolfSSL_CTX error", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }
    uint8_t *der = NULL;
    uint32_t len, ret1;
    ret1 = CertConv_pem2der(tlsParams->pRootCALocation, root_ca_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_load_verify_buffer(tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
       // logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    *der = NULL; len =0;
    ret1 = CertConv_pem2der(tlsParams->pDeviceCertLocation, client_cert_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_use_certificate_buffer (tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
     //   logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    *der = NULL; len =0;
    ret1 = CertConv_pem2der(tlsParams->pDevicePrivateKeyLocation, client_private_key_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_use_PrivateKey_buffer (tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
     //   logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    tlsDataParams->ssl_aws = wolfSSL_new(tlsDataParams->ctx_aws);
    if (tlsDataParams->ssl_aws == NULL){
 //       logg("tcpHandler: wolfSSL_new error.\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    tlsDataParams->sockfd_aws= socket(AF_INET, SOCK_STREAM, 0);
    if (tlsDataParams->sockfd_aws < 0){
      //  logInt("***Error***: ftp socket creation failed val is %d", "", sockfd);
        return -1;
    }

     memset((char *) &tlsDataParams->g_addr_aws, 0, sizeof(tlsDataParams->g_addr_aws));
     tlsDataParams->g_addr_aws.sin_family = AF_INET;
     tlsDataParams->g_addr_aws.sin_port = htons(tlsParams->DestinationPort);

     strcat(tlsParams->pDestinationURL, ":");  strcat(tlsParams->pDestinationURL, portStr);
     strcpy(url,tlsParams->pDestinationURL);

     if (HTTPCli_initSockAddr((struct sockaddr *) &tlsDataParams->g_addr_aws,  tlsParams->pDestinationURL, 0) < 0){
       //  logg("ftp: ***ERROR*** - address not resolved.", "");
         tlsDataParams->sockfd_aws = 0;
         return -1;
     }

     ret = connect(tlsDataParams->sockfd_aws, (struct sockaddr *)&tlsDataParams->g_addr_aws, sizeof(tlsDataParams->g_addr_aws));
     if(ret < 0){
         wolfSSL_free(tlsDataParams->ssl_aws);
         close(tlsDataParams->sockfd_aws);
         exitApp(tlsDataParams->ctx_aws);
         return -1;
     }
     wolfSSL_set_fd(tlsDataParams->ssl_aws, tlsDataParams->sockfd_aws);

     ret = wolfSSL_connect(tlsDataParams->ssl_aws); // this return failure
     if(ret < 0){
         char buffer[80];
        error =  wolfSSL_get_error(tlsDataParams->ssl_aws , 0); // this returns -188
         return -1;
     }
     else if(ret == SSL_SUCCESS){
         tlsDataParams->sockfd_aws = wolfSSL_get_fd(tlsDataParams->ssl_aws);

     }

EDIT: I am able to enable logs in wolfssl. I am attaching the log file. I am finding it difficult to understand.
Thanks

Akhilesh

Hi Kaleb,
I tried but still getting the same error.

HI,
I resolved this issue by including the whole path C:\ti\TivaWare_C_Series-2.1.4.178\third_party\windows\fltk-1.1.10\zlib\zlib.h instead of just #include "zlib.h". But I dont think this is a good solution. But after this I can build my wolfssl.
But-
When I use the function wc_Compress(), I am getting the linking issue in my project even after I included these 3 headers-
#include <wolfssl/wolfcrypt/compress.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/settings.h>
Error is Description    Resource    Path    Location    Type
unresolved symbol wc_Compress, first referenced in ./modules/utils/test.obj   

Can anyone help me? Where to define HAVE_LIBZ????

Hi All,
I have to use the compression from the wolfssl. I have gone through the documents which suggest using the with_libz option.

I am getting this error while compiling wolfssl-

"C:/wolfssl/tirtos/../wolfssl/internal.h", line 151: fatal error: cannot open source file "zlib.h"
1 catastrophic error detected in the compilation of "C:/wolfssl/tirtos/../src/internal.c".
Compilation terminated.

>> Compilation failure
gmake[1]: *** [package/lib/lib/wolfssl/src/internal.oem4f] Error 1
xdctools_3_32_00_06_core\gmake.exe: *** [packages/ti/net/wolfssl,.libraries] Error 2
gmake: *** [all] Error 2

The things I did-
1. I have defined the #define HAVE_LIBZ in settings.h
2. In the configure file (wolfssl\configure), I have given with_libz = C:\ti\TivaWare_C_Series-2.1.4.178\third_party\windows\fltk-1.1.10\zlib\zlib.h    where other things are given like enable_fastmath, enable_fasthugemath, enable_examples etc.
    I have zlib.h at the location provided above.
Can anyone help me to resolve this issue?

Thank you

Hi Kaleb, I saw the example. It has created the local variable inside the main function of ssl and ctx. I need to declare it as a global variable as I have to use send and receive command many times at different places.
One more thing I was trying to use memcpy for ssl_cmd and ssl. I tried to allocate memory first to ssl_cmd using
         WOLFSSL * ssl_cmd;
         ssl_cmd= (WOLFSSL *)malloc(sizeof( WOLFSSL));
        // error here I am getting incomplete type is not allowed during compilation.
I tried to user this too
       ssl_cmd= (struct WOLFSSL *)malloc(sizeof(struct WOLFSSL));
but the error is same.

       // memcpy((void *)ssl_cmd, (void *)ssl, sizeof(ssl_cmd));
Why is this so? I was planning to copy content like this and freeing the pointer ssl then to use ssl_cmd

Let me know your thoughts on these two.

I put a flag to create the tls only once and use it again and again. But, the next time I try to connect, it fails because the pointer value has already changed.

I tried so many things but nothing worked. I dont know what to do now.