MQTT-TLS on Photon, Am I running out of memory?


#1

Hi,

I’m trying to get the software for a enviromental sensor working on photon, the system has some sensors attached and i was planing to use MQTT for the comunications.

I found the great library https://github.com/hirotakaster/MQTT-TLS by @hirotakaster and managed to get the example working on my infraestructure using Letsencrypt certs and user/password, but when i try to implement the MQTT-TLS code with the rest of the project (sensors readings…) i can’t connect to the broker.

I’ve been digging and i could enable the debug config for the mbedtls lib, after some reserch i got the following:

When i connect from the example code, i got this:

//Before client.enableTls();
50904 //System.freeMemory()
tls enable
//Before client.connect(....);
15352 //System.freeMemory()
hand shake start
handshake done, ret = 0
tls connected
netWrite!!
MQTT connected.
//After client.connect(...)
7440 //System.freeMemory()
client connected
netWrite!!

So, now it is working, the MQTT-TLS almost eats all the free RAM but still 7k left…

Now trying to connect from the full software with the sensors readings i got:

//Before client.enableTls();
49676 //System.freeMemory()
//Before client.connect(....);
14120 //System.freeMemory()
hand shake start
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
handshake done, ret = -17040
mqtt disconnected
netWrite!!
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
/workspace/lib/MQTT-TLS/src/ssl_tls.cpp:7160: mbedtls_ssl_handshake() returned -17040 (-0x4290)
tls close
//After client.connect(...)
49564 //System.freeMemory()

After this test I try to reduce the memory footprint of the full program reducing the number of items in some running averages, still failling…

//Before client.enableTls();
50452 //System.freeMemory()
//Before client.connect(....);
14896 //System.freeMemory()
hand shake start
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
handshake done, ret = -17040
mqtt disconnected
netWrite!!
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
/workspace/lib/MQTT-TLS/src/ssl_tls.cpp:7160: mbedtls_ssl_handshake() returned -17040 (-0x4290)
tls close
//After client.connect(...)
50340 //System.freeMemory()

I ran out of ideas now and don’t know what to do, i’m not sure if the RAM in the photon is the problem or there are something else, i have been looking for the error codes with no success…

I’m using Photon Firmware version 0.6.3

UPDATE1: I’ve been able to run the MQTT-TLS client with the rest of my code adding this define in config.h file:

 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096

As the comment states this value define the size of two buffers, and looks like the default value is 16384 bytes (so x2 32Kb) , so reducing it to 4096 (x2 8Kb) we reduce the ram usage in 24Kb.

This looks enought for the software to work so far but i dont know if the value is correct…

References:

https://tls.mbed.org/discussions/crypto-and-ssl/memory-consumption-32-kb-memory-buffer
https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint


#2

Hi @mdps,

Thank you for your report about the “#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096” test.

As your tested, MQTT-TLS is easy to change the cipher spec/memory works to the developer’s SSL/TLS suite environment with config.h file.

The “reduce mbedtls memory and storage footprint” and MBEDTLS_SSL_MAX_CONTENT_LEN size change did not works well on my test site.

Maybe some MQTT suite works well but other don’t.
I like flexibility about the mbedTLS(config.h) developer could change the mbedTLS spec to the own environment with config.h file very easy. Because of that, now I set the default value on the config.h file.

I’m happy if you would send me a pull request or issue on the github about the your found “#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096” and MQTT/TLS suite environment.

I think this info is helpful for developers.


#3

Hi @hirotakaster,

I sended and issue to github trying to explain the situation, i hope this can help someone.

This library is great! thanks for your hard work!

Best regards.


#4

Hi @mdps,

Now I update to 0.2.11 version to publish.
This version could work on firmware 0.6.x/0.7.x/0.8.x my two Photon with “MAX_CONTEN_LEN 8192”.

Thank you.


#5

@hirotakaster great news! I’m going to give it a try! thanks.


#6

@mdps Then I check with public/private key with AWS IoT MQTT-TLS working well. thank you.


#7

@hirotakaster have you tested this with Google IoT Core as well? I’m working through the integration at the moment and am running into either the memory issue or having a communication failure in the connection/encryption…

I started by trying to do the AWS IoT Integration using the example code, but this also fails to connect fo me. Wondering what that debug toggle was in config.h? I’ve uncommented all of the DEBUG defines and still not seeing anything but ‘tls enable’, so I’m not sure if it’s a key or the url or what’s leading to the connection issue. How do I get some insight into where the failure is occuring?


#8

@ian.c
check this post,