[riot-notifications] [RIOT-OS/RIOT] wolfSSL pkg addition with examples (#10308)

Daniele Lacamera notifications at github.com
Mon Jul 22 12:36:26 CEST 2019


I understand how difficult it can be to find time to review these PR, so no worries!
Thanks for your time, I'll try to address the issues here.

> It's very much appreciated that you separated and integrated everything as individual modules.
> Looking at the history of all the related PRs clearly shows a huge improvement.

Kudos to @cladmi for the patience guiding me through this part.

> The PR comes with quite a lot of different examples/tests:
> under examples we have:
> dtls-wolfssl, wolfssl-client, wolfssl-server

WolfSSL support can integrate with either GNRC (via wolfssl + gnrc_sock_udp/tcp) or POSIX socket calls (via wolfssl_socket + posix_socket modules).

`dtls-wolfssl` is an example using GNRC sockets. wolfssl-[client|server] are
the older demos, that depend on POSIX-compliant sockets.

I agree we could remove these examples if they are not needed/less interesting,
but on the other hand they are the only example that use wolfssl_socket module (with
posix_socket).

I've checked the problem with compiling these tests, it's due to a missing
include, I'll push a fix.

> under tests we have:
> wolfcrypt-ed25519-verify, wolfssl_crypto_benchmark, wolfssl_crypto_test

These are wolfcrypt-only test/benchmark units, that have also been used to
evaluate performance of single in other contexts (see @bergzand's work on
secure boot).

On some platforms, I expect that there might not be enough resources (code
size/heap/stack) to run full SSL (e.g. DTLS), while single wolfcrypt
algorithms (that can now be selected as separate modules) might be the right fit
for specific purposes on constrained targets. For this reason I think it might be useful
to keep some of the 'tests'.

> When trying to build examples/wolfssl-client or examples/wolfssl-server I get the following compilation error:

I'll push a fix for this.

> So for now I didn't consider these applications for further testing and as of now focused on running examples/dtls-wolfssl on variuos platforms.

> Here is a first overview of what I found working on which platform:
[...]


> The failed ones under dtlss didn't actually print an error on the server side but made the client fail to connect.
> For the ones marked with '?' I couldn't exactly tell which side was inducing the problems, I will investigate further.
> Details on how the nodes failed for the ones that have a number:

> RANDOM   test passed!
> ecc_test_curve_size 32 failed!: -125

Error -125 is 'out of memory error'. The target could not provide the memory
required to perform the ecc_test.

> connecting to server...
> Error allocating ssl session

Sounds like a memory problem again, wolfSSL_new is failing to create the session
object (malloc failed?).

> Do you have any hints on what I could try to further investigate?
> Could this be related to stacksize being to small or maybe timeouts that are too tight for rather slow platforms?

Stack (or more likely heap) might be a problem initializing large objects (TLS session) on some platforms. Wolfcrypt-only tests have more chances to run on those.

Perhaps I should add targets to add targets to BOARD_INSUFFICIENT_MEMORY depending
on the module selection. Feel free to suggest a solution.

> Some low priority comments regarding the shell commands of dtls-wolfssl:

I took notes about these, I will fix the dtls example behavior.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/10308#issuecomment-513738027
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190722/b339dd9f/attachment.htm>


More information about the notifications mailing list