Topic: wolfSSL_connect fails in RsaVerify function
Hello,
I just recently learned a bit more about SSL and TSL and have an ESP8266 uc trying to connect to a simple https://www.jsonip.com/ site (for test purposes). I have included esp-wolfssl project with wolfssl_client_demo.c from github to my project but wolfSSL_connect() fails with
error -112: RSA_FUNCTION MP_EXPTMOD_E: memory/config problem
I didn't really know how to set various user parameters and I'm unsure of their use. I copied a default set found in the github project believing it was right for the platform (based on FreeRTOS) but even that one had to be modified just to make code compile.
The current set is
#define NO_WOLFSSL_SERVER
#define SINGLE_THREADED
#define FREERTOS
#define NO_DEV_RANDOM
#define NO_SESSION_CACHE
#define USE_SLOW_SHA
#define NO_ERROR_STRINGS
#define WOLFSSL_LWIP
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define NO_INLINE
#define NO_WOLFSSL_MEMORY
#define HAVE_PK_CALLBACKS
#define WOLFSSL_KEY_GEN
#define WOLFSSL_RIPEMD
#define USE_WOLFSSL_IO
#define IGNORE_KEY_EXTENSIONS // without this it would fail with err. -383 KeyUse Digital Sig not set
#define WOLFSSL_STATIC_RSA
#define NO_DH
#define NO_MD4
#define NO_DES3
#define NO_DSA
#define NO_RC4
#define NO_RABBIT
#define HAVE_ECC
#define WC_NO_HARDEN
#define WOLFSSL_TYPES
#define NO_FILESYSTEM
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_ALLOW_TLSV10
#define WOLFSSL_SMALL_STACK
The project is also compiled with WOLFSSL_USER_SETTINGS and DEBUG_WOLFSSL defines.
A relevant piece of code (slightly modified wolfssl_client_demo.c) is
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (!ctx) {
goto failed1;
}
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
goto failed2;
}
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_port = htons(WOLFSSL_DEMO_TARGET_PORT);
memcpy(&sock_addr.sin_addr.s_addr, entry->h_addr_list[0], entry->h_length);
printf("<<<*** hostAddr %d.%d.%d.%d\n",
*((uint8 *) &sock_addr.sin_addr.s_addr),
*((uint8 *) &sock_addr.sin_addr.s_addr + 1),
*((uint8 *) &sock_addr.sin_addr.s_addr + 2),
*((uint8 *) &sock_addr.sin_addr.s_addr + 3));
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
goto failed3;
}
ssl = wolfSSL_new(ctx);
if (!ssl) {
goto failed3;
}
wolfSSL_set_fd(ssl, socket);
wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL);
ret = wolfSSL_connect(ssl);
if (ret != WOLFSSL_SUCCESS ) {
int err = wolfSSL_get_error(ssl, ret);
printf("%s %d\n", "wolfSSL_connect FAILED! ERROR: ", err);
wolfSSL_ERR_error_string(err, errorString);
printf("ERROR: %s\n",errorString);
goto failed4;
}
The debug listing is
LEVEL: 2 wolfSSL Entering WOLFSSL_CTX_new_ex
LEVEL: 2 wolfSSL Entering wolfSSL_CertManagerNew
LEVEL: 3 wolfSSL Leaving WOLFSSL_CTX_new, return 0
LEVEL: 2 wolfSSL Entering wolfSSL_CTX_set_verify
<<<*** hostAddr 45.79.77.20
LEVEL: 2 wolfSSL Entering SSL_new
LEVEL: 3 wolfSSL Leaving SSL_new, return 0
LEVEL: 2 wolfSSL Entering SSL_set_fd
LEVEL: 2 wolfSSL Entering SSL_set_read_fd
LEVEL: 3 wolfSSL Leaving SSL_set_read_fd, return 1
LEVEL: 2 wolfSSL Entering SSL_set_write_fd
LEVEL: 3 wolfSSL Leaving SSL_set_write_fd, return 1
LEVEL: 2 wolfSSL Entering wolfSSL_set_verify
LEVEL: 2 wolfSSL Entering SSL_connect()
LEVEL: 2 wolfSSL Entering SendClientHello
LEVEL: 1 growing output buffer
LEVEL: 1 Shrinking output buffer
LEVEL: 3 wolfSSL Leaving SendClientHello, return 0
LEVEL: 1 connect state: CLIENT_HELLO_SENT
LEVEL: 1 growing input buffer
LEVEL: 1 received record layer msg
LEVEL: 2 wolfSSL Entering DoHandShakeMsg()
LEVEL: 2 wolfSSL Entering DoHandShakeMsgType
LEVEL: 1 processing server hello
LEVEL: 2 wolfSSL Entering DoServerHello
LEVEL: 2 wolfSSL Entering VerifyClientSuite
LEVEL: 3 wolfSSL Leaving VerifyClientSuite, return 1
LEVEL: 3 wolfSSL Leaving DoServerHello, return 0
LEVEL: 3 wolfSSL Leaving DoHandShakeMsgType(), return 0
LEVEL: 3 wolfSSL Leaving DoHandShakeMsg(), return 0
LEVEL: 1 growing input buffer
LEVEL: 1 received record layer msg
LEVEL: 2 wolfSSL Entering DoHandShakeMsg()
LEVEL: 2 wolfSSL Entering DoHandShakeMsgType
LEVEL: 1 processing certificate
LEVEL: 2 wolfSSL Entering DoCertificate
LEVEL: 2 wolfSSL Entering ProcessPeerCerts
LEVEL: 1 Loading peer's cert chain
LEVEL: 1 Put another cert into chain
LEVEL: 1 Verifying Peer's cert
LEVEL: 2 wolfSSL Entering GetExplicitVersion
LEVEL: 2 wolfSSL Entering GetSerialNumber
LEVEL: 1 Got Cert Header
LEVEL: 2 wolfSSL Entering GetAlgoId
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 1 Got Algo ID
LEVEL: 1 Getting Cert Name
LEVEL: 1 Getting Cert Name
LEVEL: 1 Got Subject Name
LEVEL: 2 wolfSSL Entering GetAlgoId
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 1 Got Key
LEVEL: 1 Parsed Past Key
LEVEL: 2 wolfSSL Entering DecodeCertExtensions
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 2 wolfSSL Entering DecodeKeyUsage
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 2 wolfSSL Entering DecodeExtKeyUsage
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 2 wolfSSL Entering DecodeAltNames
LEVEL: 3 wolfSSL Leaving DecodeCertExtensions, return 1
LEVEL: 2 wolfSSL Entering GetAlgoId
LEVEL: 2 wolfSSL Entering GetObjectId()
LEVEL: 1 Verified Peer's cert
LEVEL: 3 wolfSSL Leaving ProcessPeerCerts, return 0
LEVEL: 3 wolfSSL Leaving DoCertificate, return 0
LEVEL: 3 wolfSSL Leaving DoHandShakeMsgType(), return 0
LEVEL: 3 wolfSSL Leaving DoHandShakeMsg(), return 0
LEVEL: 1 received record layer msg
LEVEL: 2 wolfSSL Entering DoHandShakeMsg()
LEVEL: 2 wolfSSL Entering DoHandShakeMsgType
LEVEL: 1 processing server key exchange
LEVEL: 2 wolfSSL Entering DoServerKeyExchange
LEVEL: 2 wolfSSL Entering RsaVerify
LEVEL: 1 RSA_FUNCTION MP_EXPTMOD_E: memory/config problem
LEVEL: 3 wolfSSL Leaving RsaVerify, return -112
LEVEL: 3 wolfSSL Leaving DoServerKeyExchange, return -112
LEVEL: 3 wolfSSL Leaving DoHandShakeMsgType(), return -112
LEVEL: 3 wolfSSL Leaving DoHandShakeMsg(), return -112
LEVEL: 0 wolfSSL error occurred, error = -112
LEVEL: 2 wolfSSL Entering SSL_get_error
LEVEL: 3 wolfSSL Leaving SSL_get_error, return -112
wolfSSL_connect FAILED! ERROR: -112
LEVEL: 2 wolfSSL Entering ERR_error_string
ERROR: no support for error strings built in
LEVEL: 2 wolfSSL Entering SSL_free
LEVEL: 1 CTX ref count not 0 yet, no free
LEVEL: 1 Shrinking input buffer
LEVEL: 3 wolfSSL Leaving SSL_free, return 0
LEVEL: 2 wolfSSL Entering SSL_CTX_free
LEVEL: 1 CTX ref count down to 0, doing full free
LEVEL: 2 wolfSSL Entering wolfSSL_CertManagerFree
LEVEL: 3 wolfSSL Leaving SSL_CTX_free, return 0
LEVEL: 2 wolfSSL Entering wolfSSL_Cleanup
LEVEL: 2 wolfSSL Entering wolfCrypt_Cleanup
The comment in the code associated with error -112 is
/* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */
My question is also why is it "processing certificate" when I have the WOLFSSL_VERIFY_NONE option set?
Any help would be much appreciated.
Thanks