lwip-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] PolarSSL and mbedTLS

From: Noam Weissman
Subject: Re: [lwip-users] PolarSSL and mbedTLS
Date: Fri, 3 Mar 2017 15:50:50 +0000

Hi Jan,


Thanks for a super reply. I will check it first thing next week. You are correct

in regards to the errors. The error I have pointed out is actually the errno inside

lwip_recvfrom function.


The lwip_recvfrom returns (-1) and .... ssl_read in net_socket returns with the error

you pointed out.


I will check all the points you mentioned.


Thanks again, have a great weekend,

Noam.



From: lwip-users <lwip-users-bounces+address@hidden> on behalf of Jan Menzel <address@hidden>
Sent: Friday, March 3, 2017 5:29 PM
To: address@hidden
Subject: Re: [lwip-users] PolarSSL and mbedTLS
 
Hi Noam! Hi Simon!
        I'm using mbedtls v2.2.1 and lwip 2.0.0RC2 without problems. I can't
remember that I've ever seen the EWOULDBLOCK error. In the interface
code between mbedtls and lwip I found a few references to EWOULDBLOCK.
There are also a few fcntl() calls to enable/disable blocking. Maybe
thats where Noams problem is coming from.
        In my lwipopts.h I've enabled LWIP_SO_RCVTIMEO, LWIP_SO_SNDTIMEO and
LWIP_SO_LINGER but that might be to send out data on the same socket
while no data has been received. I'm not sure it that was also needed to
set the socket non-blocking. I also defined "ERRNO" at the same place
and noted that this was required for mbedtls net.c (the interface to
lwip) to handle non-blocking sockets.
        Noam, I'd suggest that you check if mbedtls_net_set_nonblock()/block()
(all in mbedtls's net.c) is used and if net_would_block() works
correctly. I had to undefine "errno" and make it a global variable of
type int to get it working. My mbedtls_net_recv() returns
MBEDTLS_ERR_SSL_WANT_READ if read() < 0 and net_would_block() != 0. This
probably overwrites lwips EWOULDBLOCK error.
        Finally, I had lots of issues with the stack mbedtls is used in. Ok, my
LPC1768 has almost no memory, but IIRC I had to modify ctr_drbg.c
heavily to safe ~2k. This probably does not affect you as the F4xx has
IIRC a build-in hardware random number generator.

        Jan

On 02.03.2017 13:11, Noam Weissman wrote:
> Hi Simon,
>
> I was able to catch the error inside function lwip_recvfrom, to remind you this is read from
> PolarSSL
>
> It returns from here:
>    LWIP_DEBUGF(SOCKETS_DEBUG, ("lwip_recvfrom(%d): returning EWOULDBLOCK\n", s));
>
> The read buffer is large and it does have a problem, length is 14829 ?
>
> Any ideas ??
>
> BR,
> Noam.
>
> -----Original Message-----
> From: lwip-users [mailto:lwip-users-bounces+address@hidden] On Behalf Of address@hidden
> Sent: Wednesday, March 01, 2017 9:27 PM
> To: Mailing list for lwIP users
> Subject: Re: [lwip-users] PolarSSL and mbedTLS
>
> I did have mbedTLS running against our httpd (no sockets) but the resource usage was rather high.
> I'd imagine the problem could be lwIP's memory configurations here, too.
>
> Simon
>
>
> Jan Menzel wrote:
>> Hi Noam!
>>       I've designed a system with almost the same setup which works well
>> since a few years incl. firmware updates of a ~200kb.
>>       Did you checked the memory consumption of the ip stack and the ssl
>> max content length setting? The default max content length setting is
>> IIRC 16kb, which means that data is hashed and encrypted in chunks of
>> up to 16kb and can only be verified and decrypted once the entire
>> chunk has been received. The firmware update on my system only works
>> if the max content length is reduced. With the default setting I faced
>> memory issues on LPC1768 (which has just a fraction of your F4xx).
>>       I also had to fiddle around a little bit with errno in the interface
>> between mbedtls and lwip. One last advice: carefully check your stack
>> usage. mbedtls uses lots of function pointers which Keils static call
>> graph analysis can not see and does not warn about.
>>
>>       Jan
>>
>> On 01.03.2017 14:01, Noam Weissman wrote:
>>> Hi,
>>>
>>>  
>>>
>>> I have a client, single task using the socket API using and also
>>> PolarSSL for SSL support.
>>>
>>>  
>>>
>>> The client is WebSocket client and all seems to work ok.
>>>
>>>  
>>>
>>> When I try to send small messages from the server to my client all is
>>> working ok but when I try to push a large
>>>
>>> message 6K and up my ssl_read function fails with a read error?.
>>>
>>>  
>>>
>>> The ssl_read is actually calling lwip_read internally.
>>>
>>>  
>>>
>>> For some reason the SSL code is trying to read a large buffer 8-16K
>>> bytes and the read function fails.
>>>
>>>  
>>>
>>> Normally when we read from a socket more than is available the return
>>> value should be the number
>>>
>>> of bytes actually read and not an error ?.
>>>
>>>  
>>>
>>> The processor is STM32F427 using CCM for heap and Keil IDE
>>>
>>>  
>>>
>>> My main project uses Lwip 1.41, FreeRTOS 8.0.1 and PolarSSL 1.0.0
>>>
>>>  
>>>
>>> I have created two almost identical projects to the one I use. The
>>> first
>>> uses:
>>>
>>> Lwip 2.01, FreeRTOS 9.0
>>>
>>>  
>>>
>>> The second project is the same as the one with Lwip 2.01 but instead
>>> of PolaSSL I switched to mbedTLS 2.4.0
>>>
>>>  
>>>
>>> In none secure mode everything works as expected and have no problems
>>> getting a large message (600K)
>>>
>>> In secured mode I get a read fail on the first packet ??
>>>
>>>  
>>>
>>> Anyone has an idea what I am doing wrong or what setting are not correct ??
>>>
>>>  
>>>
>>> A second question for Simon or anyone that can assist. I tried to set
>>> LWIP_DEBUG to 1 and my total used RAM (compiler) dropped
>>>
>>> about 30K ?? Why is that ?... I understood that debug should take
>>> more RAM not Less ?
>>>
>>>  
>>>
>>> Thanks,
>>>
>>> Noam.
>>>
>>>  
>>>
>>> cid:image001.jpg@01D26A92.68494F10
>>>
>>>     
>>>
>>> Noam Weissman
>>>
>>> Software Engineer
>>>
>>> SILORA R&D
>>>
>>> p:
>>>
>>>     
>>>
>>> +972-4-9554915 m: +972-52-5786135
>>>
>>> w:
>>>
>>>     
>>>
>>> www.silrd.com <http://www.silrd.com/>  e: address@hidden
>>> <mailto:address@hidden>
>>>
>>> cid:image002.png@01D26A92.68494F10
>>> <https://www.facebook.com/SiloraRD/
>>> cid:image003.png@01D26A92.68494F10
>>> <https://twitter.com/SiloraRD>  cid:image004.png@01D26A92.68494F10
>>> <https://www.linkedin.com/company/silora-r&d>
>>>
>>>  
>>>
>>>  
>>>
>>>
>>>
>>> _______________________________________________
>>> lwip-users mailing list
>>> address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/lwip-users
>>>
>> _______________________________________________
>> lwip-users mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/lwip-users
>>
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>

_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]