[Ovmsdev] mongoose-wolfssl

Michael Balzer dexter at expeedo.de
Sat Mar 20 17:35:55 HKT 2021


Am 16.03.21 um 21:34 schrieb Stephen Casner:
> I haven't gotten any traction on my request for people to test the
> updated mongoose-wolfssl branch, so I thought it might help to rebase
> to the current master.

Sorry, been busy. Git didn't pull the updated branch now without a 
conflict, so I simply reset my local branch to your latest version.

> I now have an updated mongoose-wolfssl branch ready to be tested.  The
> reason for the 90-second lockup mentioned in the previous post is a
> whole lot of math for a prime-number validation that's part of the
> Diffie-Hellman step.  It was actually 87 seconds for Mark's server and
> 28 seconds for Michael's due to differences in certificates.  That
> prime-number validation is required for FIPS compliance, which WolfSSL
> supports, but we don't need it.  I spent quite a while digging into
> this to find where the process was getting stuck.  Finally I got help
> from WolfSSL support suggesting a configuration option that avoids
> this extra check.
> So now I have an implementation using mongoose with wolfssl that
> connects successfully to both servers with a 3-4 second delay.  (I
> don't recall what the delay was for the MBEDTLS-based implementation.)
> I think the memory usage looks OK.  I still have not taken any steps
> to reduce any resources used by the MBEDTLS code as accessed for other
> purposes.

My first impression is, everything looks good. Moreover, TLS connections 
are established much faster than before.

The ssh login is done in 3 seconds now (down from ~5 seconds before).

A server V2 login took 3.8 seconds on average before, now takes 1.54 
seconds on average.

The speed improvement on HTTP.request() is even more impressive. Test 

   var i = 0, t0, t1;
   function doTest(){
     t0 = performance.now();
     print("start request " + (++i));
       url: "https://dexters-web.de/f/test.json",
       done: function() {
         t1 = performance.now();
         print(this.response.statusText + " length=" + 
this.response.body.length + " time=" + (t1-t0).toFixed(0) + "ms");
         if (i < 5) doTest();

The file "test.json" is just 13 bytes, so this essentially tests the 
connection establishment.


master (mbedtls)
I (109665) script: [eval:10:] OK length=13 time=5097ms
I (115135) script: [eval:10:] OK length=13 time=5464ms
I (121745) script: [eval:10:] OK length=13 time=6608ms
I (126455) script: [eval:10:] OK length=13 time=4704ms
I (130815) script: [eval:10:] OK length=13 time=4357ms

I (1782504) script: [eval:10:] OK length=13 time=1597ms
I (1784124) script: [eval:10:] OK length=13 time=1611ms
I (1785734) script: [eval:10:] OK length=13 time=1604ms
I (1787374) script: [eval:10:] OK length=13 time=1639ms
I (1789004) script: [eval:10:] OK length=13 time=1624ms

These speed improvements are consistent through multiple runs with two 
different modules.

I haven't found any issues yet. Memory usage is perfectly OK.

Awesome work, Steve!

I suggest taking this into edge as soon as possible.


Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20210320/47f71486/attachment.sig>

More information about the OvmsDev mailing list