Topic: Reducing wolfssl memory usage

Hello,

I am trying to reduce the memory usage of wolfssl in my application, I use PSKs with chacha poly with DTLS 1.3, the end goal is to make it run on embedded devices
I provide wolfSSL with a memory block through the wc_LoadStaticMemory function but I'm unable to provide a block with a "reasonable" size (meaning around 6 to 8kB) the least I can provide it without wolfssl complaining about a lack of memory is around 90 000 bytes
I'm building wolfSSL with CMake and I have tried using the defines specified here https://www.wolfssl.com/documentation/m … code-usage but it never changed anything
I also tried defining MAX_RECORD_SIZE to a lower value (1500) but contrary to what is stated in the documentation MAX_RECORD_SIZE is not a define, it is an enum, and as such redefining it breaks all the compilation
I think I went through most of the publicly available documentation but it did not help me, would anyone be able to help me here ?

Thanks

Share

Re: Reducing wolfssl memory usage

Hi!

Are you primarily focused on minimizing code size, or is your main goal to reduce run-time memory usage per connection? In both case, what's the maximum amount of memory you can use?

Also, is there any particular reason to use wc_LoadStaticMemory? Is it possible for your target to utilize dynamic memory allocation through a malloc-like allocator?

Best regards,
Marco

Share

Re: Reducing wolfssl memory usage

Hello,

I'm working on a library that is supposed to be usable on a great number of platforms so the maximum amount of memory I can use really depends on which platform the library will be built for, but as said before something around 6-8kB would be reasonable, thats the amount of memory I've been able to use with MbedTLS, the reason I want to use wolfSSL is because of the DTLS 1.3 availability
Also I will handle both sides of the connection so I figured out the most efficient way to reduce memory usage is to reduce the maximum record size but as said in the previous post I did not manage to find how to do it

Since my targets will mostly be embedded devices I want to avoid dynamic allocation and instead provide a static buffer during initialization

Regards,

Share

Re: Reducing wolfssl memory usage

Hi,

Thank you for your reply. Please refer to the codebase used in this Pull Request for guidance: https://github.com/wolfSSL/wolfssl/pull/6475 (which includes some compile fixes for the reported options).

I ran a quick test with the following configuration options:


./configure --disable-all --enable-tls13 --enable-dtls13 --enable-dtls --enable-psk --disable-dh --disable-ecc --disable-rsa --enable-sp-asm --disable-sha384 --disable-sha512 --disable-sha --disable-sha224 --disable-md5 CFLAGS="-DWOLFSSL_STATIC_PSK -DMAX_PSK_ID_LEN=32 -DWOLFSSL_MAX_MTU=300"

Our memory tool indicates a peak memory usage of around 8-9 KB per connection. The settings above assume the usage of PSK with PSK_KE exchange mode, using the TLS_AES_128_GCM_SHA_256 ciphersuite, and a maximum MTU of ~300 bytes. However, please note that this is a raw number that may vary depending on your application profile and hardware target. I'm confident that if you're not using public key authentication, this number can be further reduced by tailoring it to your application profile.

Using static memory (with `--enable-staticmemory`) unfortunately increases the memory usage due to the fragmentation of a more simple allocator. However, if static memory is mandatory, the impact of fragmentation can be reduced by choosing a bucket allocation size that works better for your application. Please refer to `wolfSSL_StaticBufferSz` for further details.

If you have any additional questions, please feel free to ask.
Regards,
Marco

Share