1 (edited by hstr 2016-05-03 01:14:57)

Topic: [SOLVED] Porting wolfSSL to ERIKA Enterprise

Hi,

currently I am trying to port wolfSSL to a setup consisting of ERIKA Enterprise (OSEK RTOS) and a LwIP stack.
The following settings are selected:

#define WOLFSSL_LWIP

#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8

#define NO_WRITEV

#define NO_FILESYSTEM

#define SINGLE_THREADED

#define CHAR_BIT 8

#define TFM_NO_ASM

#define USER_TIME
//Defined in asn.c

#define USE_FAST_MATH
//No realloc usage

#define XMALLOC_USER
//Definition with lwip malloc:
#define XMALLOC(s, h, type)  mem_malloc(s)
#define XFREE(p, h, type)    mem_free(p)

#define NO_DEV_RANDOM

The compilation and also the initialization work fine:

if(wolfSSL_Init() != SSL_SUCCESS)
    {
        TerminateTask();
    }
    WOLFSSL_CTX* ctx;

    if ( (ctx = wolfSSL_CTX_new(wolfTLSv1_server_method())) == NULL)
    {
        TerminateTask();
    }

    if (wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        TerminateTask();
    }

    if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        TerminateTask();
    }

    lSocket = lwip_socket(AF_INET, SOCK_STREAM, 0);
    if (lSocket < 0) return;

    memset((char *)&sLocalAddr, 0, sizeof(sLocalAddr));
    sLocalAddr.sin_family = AF_INET;
    sLocalAddr.sin_len = sizeof(sLocalAddr);
    sLocalAddr.sin_addr.s_addr = inet_addr(SENDER_IP_ADDR);
    sLocalAddr.sin_port = htons(SENDER_PORT_NUM);

    if (lwip_bind(lSocket, (struct sockaddr *)&sLocalAddr, sizeof(sLocalAddr)) < 0) {
            lwip_close(lSocket);
            TerminateTask();
    }

    if ( lwip_listen(lSocket, 5) != 0 ){
            lwip_close(lSocket);
            TerminateTask();
    }

But when a client now connects to the TCP socket (openssl with "s_client -connect ip:port") there is an error at "wolfSSL_write", here is the code for the connection:

clientfd = lwip_accept(lSocket, (struct sockaddr*)&client_addr, (socklen_t)&addrlen);
        if (clientfd>0)
        {
            WOLFSSL* ssl;

            if ( (ssl = wolfSSL_new(ctx)) == NULL)
            {
                TerminateTask();
            }

            wolfSSL_set_fd(ssl, clientfd);

            char data_buffer[80];
            strcpy(data_buffer,"Hello World\n");
            wolfSSL_write(ssl, data_buffer, sizeof("Hello World"));

            error = wolfSSL_get_error(ssl, 0);

            wolfSSL_free(ssl);
            lwip_close(clientfd);
        }

    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();
    lwip_close(lSocket);

    TerminateTask();

Openssl returns the following error code: 10054.
Debuging "wolfSSL_write" results in the following trace:
wolfSSL_write -> SendData -> wolfSSL_negotiate -> wolfSSL_accept: ACCEPT_BEGIN and then ACCEPT_FINISHED_DONE which returns a SSL_FATAL_ERROR
One thing that I just observed with Wireshark is that there is a "Client Hello" sent to the server.
Openssl Log:
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write:errno=10054

Hopefully someone can help me with that problem, thank you.

Share

Re: [SOLVED] Porting wolfSSL to ERIKA Enterprise

Hi,

Do you know what error is returned from wolfSSL_get_error() in your above code?  This will let us know the specific error code from wolfSSL.  A Wireshark trace (.pcap) may also be helpful to debug.

Thanks!
Chris

Re: [SOLVED] Porting wolfSSL to ERIKA Enterprise

Hi Chris,

thanks for the reply, meanwhile I managed to find the problem that caused the error.
Somehow wolfSSL_get_error only returned 0 for me, which was not possible so I decided to
debug the ssl object and saw that the error value was at -501.
That meant that the cipher suites did not match, after adding some additional suites it finally worked.

Share

Re: [SOLVED] Porting wolfSSL to ERIKA Enterprise

Thanks for letting me know you got this resolved.  Let us know if anything else comes up.

Thanks,
Chris