Topic: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

I had a project working for a couple of years with PIC32 and MPLAB8 with TCPIP Stack v5.xx. Recently, google FCM stopped accepting SSL connection from my TCP Client.
I have to move to MPLAB X and Harmony. I used an example there which uses Wolf SSL and it was working fine. But after adding all the parts of my previous project (with a lot of pain) I found out the the Harmony TCPIP Stack stops responding (no receiving or sending). I use HTTP server, UDP server, TCP Client (with Wolf SSL) and check and update of IP. I believe (and a lot of other people on Microchip forum) that MPLABX and Harmony are not fully developed/debugged applications.

Then I tried to port the example code from Harmony to MPLAB 8 and TCPIP Stack v5.xx. I changed Wolf SSL configuration file to use this stack but it doesn't work.
It fails on wolfSSL_Connect(mySSL.ssl) with the result SSL_ERROR_WANT_READ. I have searched the forum about this error but it doesn't give me any solution.
Small part of the code is below:

    if(!TCPIsConnected(mySSL.socket)){
        hubClientState = SM_HUB_DISCONNECT; 
        break;
    }
        int result = wolfSSL_connect(mySSL.ssl);
        if (result == SSL_SUCCESS){
            hubClientState = SM_HUB_SEND_MESSAGE;
            break;
        }
        else if (wolfSSL_get_error(mySSL.ssl, result) == SSL_ERROR_WANT_READ){
            break;
        }    
        else if(wolfSSL_get_error(mySSL.ssl, result) == SSL_ERROR_WANT_WRITE){
            break;
        }
        else{
            int err = wolfSSL_get_error(mySSL.ssl, result);    
            hubClientState = SM_HUB_DISCONNECT; 
        }

Any suggestions what I can do?
I am using Wolf SSL version 3.9.0 - which comes with Microchip Harmony.
Is there any working example of TCP Client with Wolf SSL for PIC32 and MPLAB 8 with TCPIP Stack v5xx?
Just remembered that I am using FreeRTOS but I haven't enabled it in the configuration file. Could it be the issue?

Share

Re: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

Hi wieslaws,

Is this code with a custom IO callback or some other function. I can say that in the case of a SSL_ERROR_WANT_READ that value should continue to try as the connect did succeed with SSL_SUCCESS but there is no data on the socket to be read.

Option 1: if you don't mind using a blocking implementation, it appears you may already have that code in a loop due to the "break;" calls I see. You could change those "break;" calls to "continue;" in the case of SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, and only call "break;" if some other error occurs.

Option 2: if you're after a non-blocking solution you could create custom IO callbacks and register them with:

     wolfSSL_SetIORecv(<wolfSSL ctx>, <your custom receive function here>);                                           
     wolfSSL_SetIOSend(<wolfSSL ctx>, <your custom send function here>);

Then make sure to set the SSL Object nonblocking with:

     wolfSSL_set_fd(<ssl object>, <socket>);                                               
     wolfSSL_set_using_nonblock(<ssl object>, <socket>);

Then you could return WOLFSSL_CBIO_ERR_WANT_READ or WOLFSSL_CBIO_ERROR_WANT_WRITE and wolfSSL could keep re-trying the read until it succeeded or some other error code was returned.


Regards,

Kaleb

Re: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

Thanks Kaleb for your quick reply.
I have tried again to see what error code I get. Below is more of the code.

    switch(hubClientState){
        case SM_HUB_HOME:
            ipChanged = FALSE;
            messageSentFlag = FALSE;
            errorMsgNo = 99;
            mySSL.socket = TCPOpen((DWORD)(PTR_BASE)&FCM_WEBSITE[0], TCP_OPEN_RAM_HOST, 443, TCP_PURPOSE_GENERIC_TCP_CLIENT);
        
            if(mySSL.socket == INVALID_SOCKET){
                errorMsgNo = 0;        
                hubClientState = SM_HUB_DISCONNECT; 
                break; 
            }        
            hubClientState++;
            Timer = TickGet();
            break;
        case SM_HUB_IS_CONNECTED:
            if(!TCPIsConnected(mySSL.socket)){
                if(TickGet()-Timer > 8*TICK_SECOND){
                    errorMsgNo = 1;        
                    hubClientState = SM_HUB_DISCONNECT; 
                }
                break;
            }
            Timer = TickGet();
            if (TCPIP_TLS_CreateConnection(&mySSL) != WOLFSSL_GLUE_TCP_OPEN){
                hubClientState = SM_HUB_DISCONNECT; 
                break;
            }
            hubClientState = SM_HUB_IS_SSL_CONNECTED;
        case SM_HUB_IS_SSL_CONNECTED:
            if(!TCPIsConnected(mySSL.socket)){
                hubClientState = SM_HUB_DISCONNECT; 
                break;
            }
            result = wolfSSL_connect(mySSL.ssl);
            if (result == SSL_SUCCESS){
                hubClientState = SM_HUB_SEND_MESSAGE;
                break;
            }
            else if (wolfSSL_get_error(mySSL.ssl, result) == SSL_ERROR_WANT_READ){
                ++count1;
                break;
            }    
            else if(wolfSSL_get_error(mySSL.ssl, result) == SSL_ERROR_WANT_WRITE){
                ++count2;
                break;
            }
            else{
                err = wolfSSL_get_error(mySSL.ssl, result);
                hubClientState = SM_HUB_DISCONNECT; 
                break;
            }
        case SM_HUB_SEND_MESSAGE:

After a number of SSL_ERROR_WANT_READ errors - count1 value varies, but is above 100, I get result value = -1.
And I get an error code err = -313 in err = wolfSSL_get_error(mySSL.ssl, result).
This error code is not listed so I don't know what it means.

Share

Re: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

I did some more testing and found out that sometimes I get TCPIsConnected(mySSL.socket) = false after 4 passes through the loop (count1 = 4).
I haven't found out why this happens yet.

Share

Re: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

Hi wieslaws,

Error code -313 is: "FATAL_ERROR                  = -313,   /* recvd alert fatal error  */".

error codes from -100 to -299 are crypto-related and listed in <wolfssl-root>/wolfssl/wolfcrypt/error-crypt.h
error codes from -300 to -500+ are TLS/SSL related and listed in <wolfssl-root>/wolfssl/error-ssl.h

An alert fatal error could mean the client was unable to negotiate a cipher, it could mean a protocol mismatch (server using TLS v1.x and client using TLS v1.y) or it could could be the client was unable to verify the peer.

Are you able to see error codes on the client side?


Regards,

Kaleb

Re: [CLOSED] Wolf SSL and PIC32MX with Microchip Stack ver 5.xx

Hii Kaleb,
I think I will give up on trying to get it working with TCPIP Stack 5, and try to fix the problem with Harmony project (at least this one is working). I can't spend time working on both and I don't seem to be getting anywhere.

Thanks for your help.

Share