1

(1 replies, posted in wolfSSL)

After integrating the wolfSSL library into our embedded web server, I getting an "unknown record type in hdr" error when my server thread makes its first call to wolfSSL_read(). I don't know what this error is telling me.

There is no file system on my platform so I've had to embed the CA and server certificates in the code, but they seem to work with the echo server/echo client tutorial that I've ported onto the same platform.

I'm using the ca_cert_der_1024, server_cert_der_1024, and the server_key_der_1024 certificates that are included with the WolfSSL library. My user_settings.h file is attached.

Thanks,
Brad Thomson

David,

Thanks for your response. I tried adding the ECC_TIMING_RESISTANT and NO_64BIT parameters, but that didn't seem to make a difference. I then took sections out of the user_settings.h file that you posted. My resulting user_settings.h file is included. After enabling the RSA benchmark and letting it run, I saw that it was still crashing in fp_copy(), but not right away. In fact, it would make it into the wc_RsaPrivateDecrypt() routine before crashing in fp_copy() although fp_copy() had already run 4 or 5 times. The other strange thing is that if I run the echo server, it successfully calls wc_RsaPrivateDecrypt() without crashing.

One thing I don't understand is that even though I don't have NO_64BIT defined, I can see in the debugger that size of an "unsigned long long" is only 32 bits.

========================================================

#ifndef __USER_SETTINGS_H__
#define __USER_SETTINGS_H__
//****************************************************************************
// Copyright © GatesAir Corporation 2017 - All Rights Reserved
//****************************************************************************
// FILE:             user_settings.h
//
// DESCRIPTION:
// Customizing settings for the WolfSSL library..
//
// SOFTWARE HISTORY:
//  PTR#     Date   Initials  Description
// -----   --------  -----   -------------------------------------------------
//  N/A     28AUG17   BT     Initial design
//****************************************************************************

#define NO_FILESYSTEM
#define BIG_ENDIAN_ORDER
#define USER_TIME
#define SIZEOF_LONG_LONG    8
#define MQX_USE_IO_OLD
#define WC_NO_HARDEN /*? don't know about this one*/

#define NO_ASN_TIME
#define DEBUG_WOLFSSL
//#define USE_FAST_MATH
//#define TFM_TIMING_RESISTANT
#define NO_MAIN_DRIVER
//#define WOLFSSL_SMALL_STACK
//#define ECC_TIMING_RESISTANT
//#define NO_64BIT
//#define NO_RSA
//#define NO_DH
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef  WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT   4

#undef  SINGLE_THREADED
#define SINGLE_THREADED

#undef  WOLFSSL_SMALL_STACK
#define WOLFSSL_SMALL_STACK


/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef  USE_FAST_MATH
#define USE_FAST_MATH

#ifdef USE_FAST_MATH
    #undef  TFM_TIMING_RESISTANT
    #define TFM_TIMING_RESISTANT

    /* Optimizations (TFM_ARM, TFM_ASM or none) */
    //#define TFM_ARM
    //#define TFM_ASM
#endif

/* Math debugging (adds support for mp_dump) */
#undef  WOLFSSL_DEBUG_MATH

#if 1
    #undef  HAVE_ECC
    #define HAVE_ECC

    /* Manually define enabled curves */
    #undef  ECC_USER_CURVES
    #define ECC_USER_CURVES

    #define HAVE_ECC192
    #define HAVE_ECC224
    #undef NO_ECC256
    #define HAVE_ECC384
    #ifndef USE_NXP_LTC /* NXP LTC HW supports up to 512 */
        #define HAVE_ECC521
    #endif

    /* Fixed point cache (speeds repeated operations against same private key) */
    #undef  FP_ECC
    //#define FP_ECC
    #ifdef FP_ECC
        /* Bits / Entries */
        #undef  FP_ENTRIES
        #define FP_ENTRIES  2
        #undef  FP_LUT
        #define FP_LUT      4
    #endif

    /* Optional ECC calculation method */
    /* Note: doubles heap usage, but slightly faster */
    #undef  ECC_SHAMIR
    #ifndef USE_NXP_LTC /* Don't enable Shamir code for HW ECC */
        #define ECC_SHAMIR
    #endif

    /* Reduces heap usage, but slower */
    #undef  ECC_TIMING_RESISTANT
    #define ECC_TIMING_RESISTANT

    #ifdef USE_FAST_MATH
        /* use reduced size math buffers for ecc points */
        #undef  ALT_ECC_SIZE
        #define ALT_ECC_SIZE

        /* Enable TFM optimizations for ECC */
        #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC192
        #endif
        #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC224
        #endif
        #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC256
        #endif
        #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC384
        #endif
        #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
            #define TFM_ECC521
        #endif
    #endif
#endif

#endif

/* RSA */
#undef NO_RSA
#if 1
    #ifdef USE_FAST_MATH
        /* Maximum math bits (Max RSA key bits * 2) */
        #undef  FP_MAX_BITS
        #define FP_MAX_BITS     4096
    #endif

    /* half as much memory but twice as slow */
    #undef  RSA_LOW_MEM
    //#define RSA_LOW_MEM

    /* Enables blinding mode, to prevent timing attacks */
    #undef  WC_RSA_BLINDING
    #define WC_RSA_BLINDING

#else
    #define NO_RSA
#endif


/* AES */
#undef NO_AES
#if 1
    #undef  HAVE_AESGCM
    #define HAVE_AESGCM

    /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
    #undef  GCM_SMALL
    #define GCM_SMALL
#else
    #define NO_AES
#endif

/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
    /* 1k smaller, but 25% slower */
    //#define USE_SLOW_SHA
#else
    #define NO_SHA
#endif

/* Sha256 */
#undef NO_SHA256
#if 1
#else
    #define NO_SHA256
#endif

/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
    #define WOLFSSL_SHA512

    /* Sha384 */
    #undef  WOLFSSL_SHA384
    #if 1
        #define WOLFSSL_SHA384
    #endif

    /* over twice as small, but 50% slower */
    //#define USE_SLOW_SHA2
#endif

/* MD5 */
#undef  NO_MD5
#if 0
    #define NO_MD5
#endif

Hi,

I'm trying to evaluate the performance of the WolfSSL library on our MCF5484 Coldfire based platform with MQX 2.5. I was able to port the echo client and echo server into our application and successfully create a connection, although it did take 26 seconds for the connection to complete. When I saw how long it was taking to establish a connection, I decide to run the benchmark program on our platform. When the benchmark program goes into the bench_eccMakeKey() routine, it hangs. I debugged it all the way to a call to fp_copy() that eventually calls memcpy(). The source and destination pointers seem to be ok, and the number of bytes to copy also seems ok.

I suspected that perhaps I had exceeded my stack so I increased it to 132 kbytes, but that didn't make a difference. I've attached the settings.h and included user_settings.h file in the post.

Thanks,
Brad Thomson

#ifndef __USER_SETTINGS_H__
#define __USER_SETTINGS_H__
//****************************************************************************
// Copyright © GatesAir Corporation 2017 - All Rights Reserved
//****************************************************************************
// FILE:             user_settings.h
//
// DESCRIPTION:
// Customizing settings for the WolfSSL library..
//
// SOFTWARE HISTORY:
//  PTR#     Date   Initials  Description
// -----   --------  -----   -------------------------------------------------
//  N/A     28AUG17   BT     Initial design
//****************************************************************************

#define NO_FILESYSTEM
#define BIG_ENDIAN_ORDER
#define USER_TIME
#define SIZEOF_LONG_LONG 8
#define MQX_USE_IO_OLD
#define WC_NO_HARDEN /*? don't know about this one*/

#define NO_ASN_TIME
#define DEBUG_WOLFSSL
//#define USE_FAST_MATH
//#define TFM_TIMING_RESISTANT
#define NO_MAIN_DRIVER
#define WOLFSSL_SMALL_STACK
#endif