MQTT-TLS on Photon, Am I running out of memory?


#1

Hi,

I’m trying to get the software for a enviromental sensor working on photon, the system has some sensors attached and i was planing to use MQTT for the comunications.

I found the great library https://github.com/hirotakaster/MQTT-TLS by @hirotakaster and managed to get the example working on my infraestructure using Letsencrypt certs and user/password, but when i try to implement the MQTT-TLS code with the rest of the project (sensors readings…) i can’t connect to the broker.

I’ve been digging and i could enable the debug config for the mbedtls lib, after some reserch i got the following:

When i connect from the example code, i got this:

//Before client.enableTls();
50904 //System.freeMemory()
tls enable
//Before client.connect(....);
15352 //System.freeMemory()
hand shake start
handshake done, ret = 0
tls connected
netWrite!!
MQTT connected.
//After client.connect(...)
7440 //System.freeMemory()
client connected
netWrite!!

So, now it is working, the MQTT-TLS almost eats all the free RAM but still 7k left…

Now trying to connect from the full software with the sensors readings i got:

//Before client.enableTls();
49676 //System.freeMemory()
//Before client.connect(....);
14120 //System.freeMemory()
hand shake start
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
handshake done, ret = -17040
mqtt disconnected
netWrite!!
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
/workspace/lib/MQTT-TLS/src/ssl_tls.cpp:7160: mbedtls_ssl_handshake() returned -17040 (-0x4290)
tls close
//After client.connect(...)
49564 //System.freeMemory()

After this test I try to reduce the memory footprint of the full program reducing the number of items in some running averages, still failling…

//Before client.enableTls();
50452 //System.freeMemory()
//Before client.connect(....);
14896 //System.freeMemory()
hand shake start
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
handshake done, ret = -17040
mqtt disconnected
netWrite!!
/workspace/lib/MQTT-TLS/src/ssl_cli.cpp:2133: mbedtls_rsa_pkcs1_encrypt() returned -17040 (-0x4290)
/workspace/lib/MQTT-TLS/src/ssl_tls.cpp:7160: mbedtls_ssl_handshake() returned -17040 (-0x4290)
tls close
//After client.connect(...)
50340 //System.freeMemory()

I ran out of ideas now and don’t know what to do, i’m not sure if the RAM in the photon is the problem or there are something else, i have been looking for the error codes with no success…

I’m using Photon Firmware version 0.6.3

UPDATE1: I’ve been able to run the MQTT-TLS client with the rest of my code adding this define in config.h file:

 /**< Maxium fragment length in bytes, determines the size of each of the two internal I/O buffers */
#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096

As the comment states this value define the size of two buffers, and looks like the default value is 16384 bytes (so x2 32Kb) , so reducing it to 4096 (x2 8Kb) we reduce the ram usage in 24Kb.

This looks enought for the software to work so far but i dont know if the value is correct…

References:

https://tls.mbed.org/discussions/crypto-and-ssl/memory-consumption-32-kb-memory-buffer
https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint


#2

Hi @mdps,

Thank you for your report about the “#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096” test.

As your tested, MQTT-TLS is easy to change the cipher spec/memory works to the developer’s SSL/TLS suite environment with config.h file.

The “reduce mbedtls memory and storage footprint” and MBEDTLS_SSL_MAX_CONTENT_LEN size change did not works well on my test site.

Maybe some MQTT suite works well but other don’t.
I like flexibility about the mbedTLS(config.h) developer could change the mbedTLS spec to the own environment with config.h file very easy. Because of that, now I set the default value on the config.h file.

I’m happy if you would send me a pull request or issue on the github about the your found “#define MBEDTLS_SSL_MAX_CONTENT_LEN 4096” and MQTT/TLS suite environment.

I think this info is helpful for developers.