Topic: wolfssl_new(ctx) return an SSL object null

Hi,
I'm implementing a WolfSSL server using static allocation. The problem is that the wolfSSL_new(ctx) function returns a null ssl. This is the scketch:

#include <WiFi.h>
#include <WiFiClient.h>

#include <wolfssl.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/memory.h>

#define USE_CERT_BUFFERS_256
#include "certificates/certs_test.h"

const int port = 11111; /* port to listen on */

WiFiServer server(port);
WiFiClient client;

WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;


#define MAX 10000

int ret;
unsigned char memory[MAX];

int memorySz = MAX;

unsigned char IO[MAX];

int IOSz = MAX;
int flag = WOLFMEM_IO_POOL | WOLFMEM_TRACK_STATS;

WOLFSSL_MEM_STATS mem_stats;

const char* ssid     = "*****";
const char* password = "*****";

int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
  int sent = 0;
  sent = client.write((byte*)msg, sz);
  return sent;
}

int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
  int ret = 0;

  while (client.available() > 0 && ret < sz) {
    reply[ret++] = client.read();
  }

  return ret;
}

void setup(){
  Serial.begin(115200);
  WiFi.begin(ssid, password);

  Serial.println("Server started");
   while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }
  Serial.print("AP IP address: ");
  Serial.println(WiFi.localIP());
 
  int err;
  WOLFSSL_METHOD* method;

  method = wolfTLSv1_2_server_method();
  if (method == NULL) {
    Serial.println("unable to get method");
    return;
  }

  ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex, memory, memorySz, 0, MAX_CONCURRENT_HANDSHAKES);
  if(ret != SSL_SUCCESS){
    Serial.println("UN CAZZO");
    return;
  }
  Serial.println("TUTT APPOST");

  // carica in memoria per l'uso con IO
  ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag, MAX_CONCURRENT_IO);
  if (ret != SSL_SUCCESS) {
    Serial.println("UN CAZZO - IO");
    return;
  }
  Serial.println("TUTT APPOST - IO");

  ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats);
  if(ret == 1) Serial.println("STATIC");
  if(ret == 0) Serial.println("NO STATIC");

  /* initialize wolfSSL using callback functions */

  wolfSSL_SetIOSend(ctx, EthernetSend);
  wolfSSL_SetIORecv(ctx, EthernetReceive);

  /* setup the private key and certificate */
  err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256,
    sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
   
  if (err != WOLFSSL_SUCCESS) {
    Serial.println("error setting key");
    return;
  }
  ret = wolfSSL_CTX_use_certificate_file(ctx, "certificates/server-certificate.pem", SSL_FILETYPE_PEM);
  if (err != WOLFSSL_SUCCESS) {
    Serial.println("error setting certificate");
    Serial.println(err);
    return;
  }
  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); /* SSL_VERIFY_PEER (fa anche authentication client), SSL_VERIFY_NONE solo authentication server */
  /* Start the server */
  server.begin();
 
  return;
}

void loop() {
  int err = 0;
  int input = 0;
  char errBuf[80];
  char reply[80];
  int replySz = 0;
  const char* cipherName;

  /* Listen for incoming client requests. */
  while(!client){
    client = server.available();
  }
 

  if (client.connected()) {

    Serial.println("Client connected");

    ssl = wolfSSL_new(ctx);//ritorna un bad function argument, numero errore -173

    if ( ssl == NULL )
    {
     Serial.println("sono dentro l'if");
    int error = wolfSSL_get_error(ssl, 0);
     Serial.println(error);
    char errStr[80];
    wolfSSL_ERR_error_string(err, errStr);
    Serial.println("ERROR SSL");
    Serial.println(errStr);
    }
    Serial.println("dopo l'if");


    err = wolfSSL_accept(ssl);
    Serial.println("Sono qui1");
    if (err != WOLFSSL_SUCCESS) {
      Serial.println("Sono qui3");
      err = wolfSSL_get_error(ssl, 0);
      wolfSSL_ERR_error_string(err, errBuf);
      Serial.print("TLS Accept Error: ");
      Serial.println(errBuf);
      return;
    }


    Serial.print("SSL version is ");
    Serial.println(wolfSSL_get_version(ssl));
   
    cipherName = wolfSSL_get_cipher(ssl);
    Serial.print("SSL cipher suite is ");
    Serial.println(cipherName);

    Serial.print("Server Read: ");

    while (!client.available()) {} //wait data
   
    while (wolfSSL_pending(ssl)) {//read data
      input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
      if (input < 0) {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string(err, errBuf);
        Serial.print("TLS Read Error: ");
        Serial.println(errBuf);
        break;
      } else if (input > 0) {
        replySz = input;
        reply[input] = '\0';
        Serial.print(reply);
      } else {
        Serial.println();
      }
    }

    /* echo data */
   if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
      err = wolfSSL_get_error(ssl, 0);
      wolfSSL_ERR_error_string(err, errBuf);
      Serial.print("TLS Write Error: ");
      Serial.println(errBuf);
    }
   
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
  }

  client.stop();
  Serial.println("Connection complete");
}




This is my user_settings.h

#ifndef __USER_SETTINGS_H__
#define __USER_SETTINGS_H__

/* Platform */
#define  WOLFSSL_ESPWROOM32

/* Math library (remove this to use normal math)*/
#define USE_FAST_MATH
#define TFM_NO_ASM

/* RNG DEFAULT !!FOR TESTING ONLY!! */
/* comment out the error below to get started w/ bad entropy source
* This will need fixed before distribution but is OK to test with */
/* #error "needs solved, see: https://www.wolfssl.com/docs/porting-guide/" */
// #define WOLFSSL_GENSEED_FORTEST

/* The remaining added by me: */

#define NO_ASN_TIME
#define SINGLE_THREADED

#define XTIME fnSecondsSinceEpoch
#define XGMTIME
#define ALT_ECC_SIZE

#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_ECC
#define HAVE_HKDF
#define WC_RSA_PSS
#define NO_DH

#define WOLFSSL_STATIC_MEMORY
#define MAX_CONCURRENT_IO 25
#define MAX_CONCURRENT_HANDSHAKES 25
#define WOLFMEM_IO_POOL 1
#define WOLFMEM_TRACK_STATS 1

#define HAVE_AESGCM

#endif /* __USER_SETTINGS_H__ */

Share

Re: wolfssl_new(ctx) return an SSL object null

Hi albmont999,

Looks like you are using static memory, are you confident you need this feature for your platform?
If so, check out our static memory guide here for more information on how to set this up correctly: https://docs.google.com/document/d/1nST … k7gp4/edit

Thanks,
Kareem

Share

Re: wolfssl_new(ctx) return an SSL object null

kareem_wolfssl wrote:

Hi albmont999,

Looks like you are using static memory, are you confident you need this feature for your platform?
If so, check out our static memory guide here for more information on how to set this up correctly: https://docs.google.com/document/d/1nST … k7gp4/edit

Thanks,
Kareem

Yes, because with dynamic allocation my esp has a canary problem, so I have a stack overflow and I'm trying to implement the static buffer. I already saw the doc that you linked to me.

Share

Re: wolfssl_new(ctx) return an SSL object null

Hi albmont99,

If you only need to debug a memory issue, I recommend using our memory debug features instead.
To activate this, build with the following flags: USE_WOLFSSL_MEMORY WOLFSSL_TRACK_MEMORY WOLFSSL_DEBUG_MEMORY WOLFSSL_DEBUG_MEMORY_PRINT  You can find more information about this feature in wolfcrypt/src/memory.c.

Thanks,
Kareem

Share