[Ovmsdev] Time for release 3.2.016?

Stephen Casner casner at acm.org
Mon Feb 22 05:08:29 HKT 2021


> I finally found some time to test the mongoose-wolfssl branch.


> The first isn't related to the Mongoose wolfSSL change, just stumbled upon it
> because I did some "before" tests. So this currently applies to the
> wolfSSH/SSL update in "master" as well:
> Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task:
> D (158332) ssh: SSH command request: stat
> OVMS# mo me
> Free 8-bit 72088/268932, 32-bit 6672/11028, SPIRAM 3988500/4194252
> OVMS NetMan           0    964      0     84         +0    +88 +0     +0
> The same leak is in the wolfSSL version.

I recall something like this from when I first implemented SSH.  This
may be the socket structure that LWIP creates.  It keeps a pool of 10
of them, if I remember right, and doesn't reuse them until all 10 have
been created.

> Second is, the Mongoose/wolfSSL version doesn't validate CA certs the mbedTLS
> version has no issues with:
> I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1
> E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed:
> Invalid SSL CA cert
> E (340670) ovms-server-v2: Status: Error: Connection failed

When I implemented the SSH features I trimmed down the set of
algorithms in wolfcrypt to those that were useful for our application.
The only one that I found I needed to bring back was PSK as detected
because of an undefined symbol in the link.  It's possible that now
some more need to be brought back.  I'm sure there's more to learn by
diagnosis that I might need to do by compiling in some more logging.

What would I need to do to repeat this test?

> Third, and probably the most disappointing one: the Mongoose/wolfSSL version
> uses more memory, not less. After booting, the module has ~3.5K less of 8 bit
> RAM available than with the mbedTLS version.
> mbedTLS:
> OVMS# mo me
> Free 8-bit 73196/268928, 32-bit 6672/11028, SPIRAM 3988540/4194252
> wolfSSL:
> OVMS# mo me
> Free 8-bit 69676/266084, 32-bit 6672/11028, SPIRAM 3988540/4194252
> Is it possible there still are other components using mbedTLS?

I saw in the configuration that libsodium uses mbedTLS.  As I
mentioned, I did not do anything at this point to trim the mbedTLS

                                                        -- Steve

More information about the OvmsDev mailing list