1 Topic by just_david (edited by just_david 2024-04-19 08:28:25)

  • Registered: 2024-04-16
  • Posts: 2

Topic: Problem with wolfssl on riscv with static memory feature

Hi,
I am trying to create an encrypted connection between two riscv processors. These are basic units without support for dynamic memory allocation. The library is compiled using the following command:

./configure\
    --prefix=/home/david/wolfbare\
    --host=riscv32-unknown-elf\
    CC=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-gcc\
    AR=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-ar\
    AS=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-a\
    RANLIB=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-gcc-ranlib\
    LD=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-ld\
    CXX=/opt/riscv_gcc10.1/bin/riscv32-unknown-elf-g++\
    --disable-examples\
    --enable-static\
    --disable-dh\
    --disable-shared\
    --disable-crypttests\
    --disable-asm\
    --disable-rsa\
    --enable-tls13\
    --disable-tlsv12\
    --disable-filesystem\
     --enable-singlethreaded\
    --enable-debug\
    --enable-staticmemory\
    --enable-fastmath\
    --enable-sp=nomalloc\
    CFLAGS="-march=rv32i -mabi=ilp32 -mcmodel=medany -ffunction-sections -fdata-sections -D WOLFSSL_USER_IO -D NO_WRITEV"

I then try to initialise the library using the following functions:

    WOLFSSL_CTX* ctx = NULL; /* pass NULL to generate WOLFSSL_CTX */
    #define MAX_CONCURRENT_TLS 0
    #define MAX_CONCURRENT_IO 0
    #define GEN_MEM_SIZE 200000
    #define IO_MEM_SIZE 100000
    unsigned char GEN_MEM[GEN_MEM_SIZE];
    unsigned char IO_MEM[IO_MEM_SIZE ];
    int ret;

    if (wolfSSL_Debugging_ON() != 0) {
        uart.write("debugin FAIL.\n");
    }
    ret = wolfSSL_CTX_load_static_memory(
                    &ctx, /* set NULL to ctx */
                    wolfTLSv1_3_client_method_ex, /* use function with "_ex" */
                    GEN_MEM, GEN_MEM_SIZE, /* buffer and its size */
                    WOLFMEM_GENERAL, /* general purpose */
                    MAX_CONCURRENT_TLS); /* max concurrent objects */

    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_static_memory FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_static_memory PASS.\n");
    /* set up a I/O-purpose buffer on the second call. */
    wolfSSL_CTX_load_static_memory(
                    &ctx, /* make sure ctx is holding the object */
                    NULL, /* pass it to NULL this time */
                    IO_MEM, IO_MEM_SIZE, /* buffer and its size */
                    WOLFMEM_IO_POOL_FIXED, /* I/O purpose */
                    MAX_CONCURRENT_IO); /* max concurrent objects */

    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_static_memory FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_static_memory PASS.\n");


    /* Load CA certificates into WOLFSSL_CTX */
    ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuf, certBufSz, SSL_FILETYPE_PEM);
    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_verify_buffer FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_verify_buffer PASS.\n");

And I get this:

wolfSSL Entering wolfSSL_load_static_memory
wolfSSL Entering TLSv1_3_client_method_ex
wolfSSL Entering TLSv1_3_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
wolfSSL_CTX_load_static_memory PASS.
wolfSSL Entering wolfSSL_load_static_memory
wolfSSL_CTX_load_static_memory PASS.
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
Getting Cert Name
Getting Cert Name
wolfSSL Entering GetAlgoId
Unknown or not compiled in key OID
       Parsed new CA
       No key size check done on CA
       Freeing Parsed CA
       Freeing der CA
               OK Freeing der CA
wolfSSL Leaving AddCA, return -148
wolfSSL error occurred, error = -148
CA Parse failed, with progress in file.
Search for other certs in file
wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return -148

I do not know what to do with this?
[Edit]
I managed to solve this problem and it turned out that I had the RSA algorithm turned off during the compilation. So it is worth looking into asn.c and checking that the code that GetAlgoId returns is defined.

But I still have a question to function:

ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())

should I use it before function:

wolfSSL_CTX_load_verify_buffer()

Beacues when I will use it i will recive error -125 in AllocDer() function ? And I am testing this setup on linux between two terminals and when I try to setup echoclient without this function I am unable to connect to server sad

Share

  • Registered: 2021-07-06
  • Posts: 102

Re: Problem with wolfssl on riscv with static memory feature

Hi just_david,

Glad you were able to solve your RSA issue.

-125 is MEMORY_E, which means we were unable to allocate enough memory.  As you are on an embedded system, I would recommend enabling our small stack support and our small SP code, which you can do with: --enable-smallstack --enable-sp=small,nomalloc.  Please let me know if you continue to run into errors with these flags.

Share

  • Registered: 2024-04-16
  • Posts: 2

Re: Problem with wolfssl on riscv with static memory feature

Hi kareem,

Thank you for your answer smile

It turned out that you don't need to use this function:

ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())

at the point where we initialise Wolfssl with the WOLFSSL_STATIC_MEMORY flag. The question arose because on Linux, where I test if the configuration works, I had an error in the

wolfSSL_CTX_load_static_memory()

 
because I was initialising the client but the function I specified was wolfTLSv1_3_server_method_ex instead of wolfTLSv1_3_client_method_ex that was the reason why comunication between terminals did not work. So this made it possible to drop the 

wolfSSL_CTX_new()

function which is recommended for static memory. But I have a problem because my processor doesn't support dynamic memory allocation, so once I create the "ctx" with wolfSSL_CTX_load_static_memory and load the certificate with wolfSSL_CTX_load_verify_buffer I proceed to initialize ssl with with 

ssl = wolfSSL_new(ctx)

and I don't know if this function requires dynamic memory allocation and if I need it at all because I'm using a different physical layer than socket so I declare my read and write functions with wolfSSL_CTX_SetIORecv and wolfSSL_CTX_SetIOSend

I also checked the flags you gave me and got this error:
#error static memory does not support small stack please undefine
therefore I have abandoned this flag

now my log is:

Adding a CA
Getting Cert Name
Getting Cert Name
wolfSSL Entering GetAlgoId
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering DecodeAltNames
       Unsupported name type, skipping
wolfSSL Entering DecodeExtKeyUsage
       Parsed new CA
       Freeing Parsed CA
       Freeing der CA
               OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
wolfSSL_CTX_load_verify_buffer: PASS.
wolfSSL Entering wolfSSL_new
Setting fixed IO for SSL
Setting fixed IO for SSL
wolfSSL Entering ReinitSSL
RNG Init error
Free'ing server ssl
Freeing fixed IO buffer
Freeing fixed IO buffer
wolfSSL Leaving wolfSSL_new, return -199
wolfSSL_new error.
wolfSSL Entering wolfSSL_write
wolfSSL Entering wolfSSL_free
wolfSSL Leaving wolfSSL_free, return 0
wolfSSL Entering wolfSSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving wolfSSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup

And my code:

    WOLFSSL_CTX* ctx = NULL; /* pass NULL to generate WOLFSSL_CTX */
    #define MAX_CONCURRENT_TLS 0
    #define MAX_CONCURRENT_IO 0
    #define GEN_MEM_SIZE 200000
    #define IO_MEM_SIZE 100000
    unsigned char GEN_MEM[GEN_MEM_SIZE];
    unsigned char IO_MEM[IO_MEM_SIZE ];
    int ret;

    if (wolfSSL_Debugging_ON() != 0) {
        uart.write("debugin FAIL.\n");
    }

    ret = wolfSSL_CTX_load_static_memory(
                    &ctx, /* set NULL to ctx */
                    wolfTLSv1_3_client_method_ex, /* use function with "_ex" */
                    GEN_MEM, GEN_MEM_SIZE, /* buffer and its size */
                    WOLFMEM_GENERAL, /* general purpose */
                    MAX_CONCURRENT_TLS); /* max concurrent objects */

    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_static_memory: GEN_MEM: FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_static_memory: GEN_MEM: PASS.\n");
    /* set up a I/O-purpose buffer on the second call. */
    ret = wolfSSL_CTX_load_static_memory(
                    &ctx, /* make sure ctx is holding the object */
                    NULL, /* pass it to NULL this time */
                    IO_MEM, IO_MEM_SIZE, /* buffer and its size */
                    WOLFMEM_IO_POOL_FIXED, /* I/O purpose */
                    MAX_CONCURRENT_IO); /* max concurrent objects */

    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_static_memory: IO_MEM: FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_static_memory: IO_MEM: PASS.\n");

    ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuf, certBufSz, SSL_FILETYPE_PEM);

    if (ret != SSL_SUCCESS)
        uart.write("wolfSSL_CTX_load_verify_buffer: FAIL.\n");
    else
        uart.write("wolfSSL_CTX_load_verify_buffer: PASS.\n");


    wolfSSL_CTX_SetIOSend(ctx, myCBIOSend);
    wolfSSL_CTX_SetIORecv(ctx, myCBIORecv);


    WOLFSSL* ssl;

    if( (ssl = wolfSSL_new(ctx)) == NULL) {
        uart.write("wolfSSL_new error.\n");
    }

    wolfSSL_write(ssl, "test", 5);

    wolfSSL_free(ssl);          /* Free SSL object */
    wolfSSL_CTX_free(ctx);       /* Free SSL_CTX object */
    wolfSSL_Cleanup();           /* Free wolfSSL */

And from what I understand this is the correct way to use wolfssl to get encrypted transmission please correct me if I am wrong smile

Share