1 (edited by PedroA 2012-01-03 01:21:45)

Topic: Nintendo Wii

CyaSSL embedded SSL claims to have Wii support through DevKitPro. Am I supposed to be able to compile it out of the configure script? can somebody give me a hand there? It seems examples do not compile (which is something I understand but taking them off the makefile seems to mess everything and I did not manage to compile the library)

I also tried to compile the source files with my project and it compiles fine but I don't get further than a crash when calling ssl = CyaSSL_new(ctx);

Can I have a look at the code you compiled with devkitpro? if it is still around.

Thank you smile

Edit: I do not have any problem to compile the source files with the project instead of using cyassl as a static/shared library, but which defines should I turn on to have the code work on the Wii? Your Wii code would also help a lot tongue

Share

Re: Nintendo Wii

Hi Pedro,

DevkitPro support was added with CyaSSL rc2-1.0.0.  You can take a look at the CyaSSL README file (included in the CyaSSL download) for build instructions and more detailed information.  This will explain how to build and link with CyaSSL.  Please let me know if you run into problems.

Regards,
Chris

3 (edited by PedroA 2012-01-03 13:06:55)

Re: Nintendo Wii

Hello Chris,

I read the README file and ran setting LDFLAGS to what is recommended there as follows:

./configure --disable-shared CC=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" CPPFLAGS="-DNO_WRITEV -DOPENSSL_EXTRA" LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"

LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"

The build fails when trying to compile the client example (which is expected but somehow messy to fix and I wanted to know if there was a more straightforward way of doing this).

As I stated the program (when compiling the source files with the whole project) crashes (it compiles without warnings) when I call ssl = CyaSSL_new(ctx), which I think is something that happens somewhere in InitSSL() (possibly because of an incorrect use of the CyaSSL_CTX_load_verify_buffer();? I'm not sure if the string I'm passing is appropriated nor if the arguments I'm using are the correct ones )

I'm basically doing this:

const char cert[]= "-----BEGIN CERTIFICATE-----\r\nMIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ\r\nBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh[...]\r\n-----END CERTIFICATE-----";
    tmp->ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); //ctx is a member of a c++ class, this code is at the function that initializes the class
    CyaSSL_CTX_load_verify_buffer(tmp->ctx, (const unsigned char *)cert, strlen(cert), SSL_FILETYPE_PEM);

    //on the member function which does the actual request
    CYASSL* ssl;
    ssl = CyaSSL_new(this->ctx); //crashes at this point

//I defined these:
#define NO_WRITEV
#define SINGLE_THREADED
#define DEVKITPRO
#define OPENSSL_EXTRA
#define SIZEOF_LONG_LONG 8
#define BIG_ENDIAN_ORDER
#define NO_FILESYSTEM
#define NO_CYASSL_SERVER

#ifndef GEKKO
    #define GEKKO
#endif

Any clues? I'm hoping this is an obvious answer and somebody here can save me plenty of time smile

Thank you!

PS: I'm trying to do HTTPS requests, that's all I need.

Share

Re: Nintendo Wii

Hi Pedro,

The build fails when trying to compile the client example (which is expected but somehow messy to fix and I wanted to know if there was a more straightforward way of doing this).

You can build only the CyaSSL library (no examples, testsuite, etc.) by running:

make src/libcyassl.la

Regarding CyaSSL_CTX_load_verify_buffer, can you check the return value?  This function will return SSL_SUCCESS upon success and a variety of other values upon failure (See the CyaSSL API Reference for return values, http://yassl.com/yaSSL/Docs-cyassl-manu … rence.html).  This will tell you if your certificate buffer is being loaded.  It does look like you are providing the correct parameters to the function. 

What kind of message are you seeing when CyaSSL crashes?  Are you able to identify what part of InitSSL() is failing?

Regards,
Chris

Re: Nintendo Wii

chrisc wrote:

You can build only the CyaSSL library (no examples, testsuite, etc.) by running:

make src/libcyassl.la

Exactly what I wanted.

CyaSSL_CTX_load_verify_buffer() returns SSL_BAD_FILE. CyaSSL_Init() does not return SSL_SUCCESS* either which is something I find worse.
*The CyaSSL API reference states CyaSSL_Init() returns SSL_SUCCESS (1) on success which, looking at the code, is wrong. It returns 0 when no error is found. CyaSSL_Init does return 0 on my Wii.
This is exactly what I do:

export ac_cv_func_realloc_0_nonnull=yes
export ac_cv_func_malloc_0_nonnull=yes
//otherwise the compiler throws an error with undefinded reference to rpl_malloc and rpl_realloc when compiling the project, devkitpro's malloc and realloc are standard anyway

./configure --disable-shared CC=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-gcc --host=ppc --without-zlib --enable-singleThreaded --prefix=/opt/devkitpro/portlibs/ppc RANLIB=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-ranlib CFLAGS="-DDEVKITPRO -DGEKKO -DNO_WRITEV -DOPENSSL_EXTRA" LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
//README + http://code.google.com/p/wmb-asm/source/browse/trunk/libyellhttp/cyasslcompile?r=614

make src/libcyassl.la

I copy the library/headers to the corresponding devkitpro folder and compile my project adding -lcyassl to the makefile (and the CFLAGS="-DDEVKITPRO -DGEKKO -DNO_WRITEV -DOPENSSL_EXTRA" because at least DNO_WRITEV is needed so I added all of them just in case).

I'm trying to load a single CA root certificate from a buffer, the code is as I showed earlier:

const char cert[]= "-----BEGIN CERTIFICATE-----\r\nMIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ\r\nBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh\r\nc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy\r\nMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp\r\nemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X\r\nDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw\r\nFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg\r\nUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo\r\nYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5\r\nMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB\r\nAQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4\r\npO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0\r\n13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID\r\nAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk\r\nU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i\r\nF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY\r\noJ2daZH9\r\n-----END CERTIFICATE-----";
// http://www.verisign.com/repository/roots/root-certificates/PCA-3G2.pem
CyaSSL_CTX_load_verify_buffer(tmp->ctx, (const unsigned char *)cert, strlen(cert), SSL_FILETYPE_PEM);

It does not work on my computer either so it's not about it running on the Wii. I don't know what could be wrong. Any ideas?

I'm going to try to identify the exact point of the crash.

Thank you,
Pedro

Share

Re: Nintendo Wii

Hi Pedro,

CyaSSL_CTX_load_verify_buffer() returns SSL_BAD_FILE.

I believe this is due to the way you have entered your certificate string.  Try only separating lines with a newline (\n), and add a newline character after the closing "-----END CERTIFICATE-----" as well.  So, your corrected cert string would be:

const char cert[]= "-----BEGIN CERTIFICATE-----\nMIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ\nBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh\nc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy\nMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp\nemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X\nDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw\nFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg\nUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo\nYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5\nMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB\nAQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4\npO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0\n13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID\nAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk\nU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i\nF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY\noJ2daZH9\n-----END CERTIFICATE-----\n";

One thing to keep in mind is that you can turn on CyaSSL debugging by configuring CyaSSL with the "--enable-debug" option.  This will give you a much more verbose output of what is happening with CyaSSL.  After building CyaSSL with this enabled, you can turn on debug messages in your application by calling:

CyaSSL_Debugging_ON();

After you get your certificate to load (PCA-3G2.pem), you will probably run into another problem where CyaSSL doesn't think it is actually a CA certificate.  This is due to it lacking the CA:TRUE basic constraint.  If you would still like to use this certificate, you can download our current GitHub source package (https://github.com/cyassl/cyassl) which will allow this certificate to be imported as a CA cert.

*The CyaSSL API reference states CyaSSL_Init() returns SSL_SUCCESS (1) on success which, looking at the code, is wrong. It returns 0 when no error is found.

Thanks for the heads up on this.  We'll make sure to get this cleared up.

Let me know if this helps.  By the way, what kind of project are you working on for the Wii?

Best Regards,
Chris

Re: Nintendo Wii

Hi chrisc,

I added windows styled new-lines because that's how they were in the .pem file. I thought it was a standard and did not try changing to \n.

You were correct about the CA:TRUE basic constraint. GitHub's one is working fine on my computer now and I will test it on the Wii later tonight (I don't think this has anything to do with the crash but I hope it does).

It's a homebrew Twitter client. I don't want to release it without HTTPS support because oAuth credentials would be exposed and I read Twitter will be forcing HTTPS soon anyway.

Thanks a lot,
Pedro

Share