WolfSSL / wolfMQTT is using a large size of stack about wolfmqtt HOT 5 CLOSED

Hi 59985,

I am happy to hear things are working for you! Your build options look good, but here are a few things you can try:

1. The USE_FAST_MATH option uses stack for the math variables. You have defined them to support 4096 bit RSA keys (with FP_MAX_BITS 8192). You might try disabling USE_FAST_MATH, which instead enables our normal math that uses Heap. You will also need to comment out TFM_TIMING_RESISTANT.

2. Try defining the RSA_LOW_MEM option. It uses half as much memory but twice as slow.

3. You might find this example user_settings.h useful, since it documents some of the memory optimization options. To use a user_settings.h you just need to define the preprocessor macro WOLFSSL_USER_SETTINGS and put the user_settings.h somewhere in your include path.
   https://github.com/wolfSSL/wolfssl/blob/master/IDE/GCC-ARM/Header/user_settings.h

4. Do you know if your Renesas micro-controller supports any hardware crypto like AES or SHA?

Thanks,
David Garske, wolfSSL

from wolfmqtt.

Hi David,

Thank you for your support. I tried to disable USE_FAST_MATH, but with no luck. Comment out TFM_TIMING_RESISTANT and adding RSA_LOW_MEM helped, but the use of stack is still high.

So I am still looking for a solution.

Thanks
Kasper

from wolfmqtt.

Hi 59985,

When you say "I tried to disable USE_FAST_MATH, but with no luck", does that mean it did not reduce stack use or it did not build/run correctly? If its the later then please include the build errors so we can recommend a solution.

For our reference can you tell us how much stack memory is being used, which TLS cipher suite and confirm you are using RSA 4096-bit operations? Its more common to be using RSA 2048-bit, which would have your FP_MAX_BITS set to 4096 (max * 2).

Thanks,
David Garske, wolfSSL

from wolfmqtt.

Hi David,

When tried to disable USE_FAST_MATH it build and run correctly. It's seems like I never get response from the server. In ssl.c the program is hanging here:

    case FINISHED_DONE :
        /* get response */
        while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
            **if ( (ssl->error = ProcessReply(ssl)) < 0) {**
                WOLFSSL_ERROR(ssl->error);
                return WOLFSSL_FATAL_ERROR;
            }

        ssl->options.connectState = SECOND_REPLY_DONE;
        WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
        FALL_THROUGH;

Used stack memory is ~13000
TLS cipher suite: TLS v1.2
#define FP_MAX_BITS 8192 // It won't work with 4096

Just for info: I am working with MS Azure and trying to connect to the Iot Hub

from wolfmqtt.

Hi 59985,

I wanted to check in and see if you were able to get your TLS working. I suspect with RSA and 4096-bit keys you probably were still experiencing stack or heap issues. If you'd like to send use a detailed report with logging enabled (define DEBUG_WOLFSSL and call wolfSSL_Debugging_ON()) to [email protected] we are happy to help you through it.

Thanks,
David Garske, wolfSSL

from wolfmqtt.