Information about how to use WolfSSL library for Blynk

Hi, I would like to share my notices about using WolfSSL library for encrypted data transferring between your device and Blynk server:

1. How to configure WolfSSL library:

  • make sure that freeRTOS uses heap_4.c management and doesn’t override standard C malloc() on the pvPortMalloc()
  • implement custom callbacks for receive and send data via TCP, random number generator and time
  • add definitions in wolfssl\wolfcrypt\settings.h
         #define FREERTOS
         #define USE_CERT_BUFFERS_1024
         #define LARGE_STATIC_BUFFERS
         #define USE_FAST_MATH
         #define TFM_TIMING_RESISTANT
         #define WOLFSSL_SMALL_STACK
         #define WOLFSSL_STATIC_RSA
         
         #define WOLFSSL_USER_IO
         #define USER_TIME
         #define USER_TICKS
         
         
         #define NO_WOLFSSL_SERVER
         #define NO_CYASSL_SERVER
         #define NO_MAIN_DRIVER
         #define NO_ERROR_STRINGS
         #define NO_PWDBASED
         #define NO_SESSION_CACHE
         #define NO_WOLFSSL_DIR
         #define NO_FILESYSTEM
         #define NO_OLD_TLS
         #define NO_RABBIT
         #define NO_DES3
         #define NO_DSA
         #define NO_PSK
         #define NO_DH
         #define NO_HC128
         #define NO_MD4
         #define NO_MD5
         #define NO_RC4
         // Define custom function for random numbers generator and time
         #define CUSTOM_RAND_GENERATE halRandom_get_number
         #define XTIME wolfssl_get_time_callback
         #define LowResTimer wolfssl_get_time_callback
  • Make sure that strings below is edited like this:
wolfssl/wolfcrypt/src/asn.c:2996 return 0;//return DateGreaterThan(b,a);
wolfssl/wolfcrypt/src/asn.c:5047 //return ASN_NO_SIGNER_E;

2. How to initialize and use WolfSSL library:

  • Include WolfSSL headers:
#include "wolfssl/ssl.h"
#include "wolfssl/certs_test.h"
  • Define a structure to hold the WolfSSL context:
WOLFSSL_CTX* xWolfSSL_Context = NULL;
  • Define WolfSSL object:
WOLFSSL* xWolfSSL_Object;
  • Initialize WolfSSL:
             int wolfssl_init(void)
             {
                 wolfSSL_Init();
                 
                 xWolfSSL_Context = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
                 
                 // Register user receive and send callbacks for wolfssl
                 wolfSSL_SetIORecv(xWolfSSL_Context, wolfssl_TCP_send_callback);
                 wolfSSL_SetIOSend(xWolfSSL_Context, wolfssl_TCP_receive_callback);
                 
                 if(xWolfSSL_Context != NULL)
                 {
                     // Load the CA certificate
                     if(wolfSSL_CTX_load_verify_buffer(xWolfSSL_Context,
                                                         ca_cert_der_1024,
                                                         sizeof_ca_cert_der_1024,
                                                         SSL_FILETYPE_ASN1) < 0)
                     {
                         return -1;
                     }
                 }
                 return 0;
             }

3. WolfSSL using:

  • At the moment when TCP is opened we should create a WolfSSL object to associate with this connection. The context created during initialization is passed as the function parameter:
              xWolfSSL_Object = wolfSSL_new(xWolfSSL_Context);
              if(xWolfSSL_Object != NULL)
              {
                  // Associate the created WolfSSL object with the connected
                  // socket. 1 is a socket descriptor
                  wolfSSL_set_fd(xWolfSSL_Object, 1);
              }
  • WolfSSL functions for receiving and sending data:
             if(wolfSSL_write(xWolfSSL_Object, TCP_tx_buffer, TCP_tx_buffer_lenth) == TCP_tx_buffer_lenth)
             {
                 // Data sent successfully
             }
             
             if(wolfSSL_read(xWolfSSL_Object, TCP_rx_buffer, TCP_rx_buffer_lenth) > 0)
             {
                 // Data received successfully
             }
  • When wolfSSL connection no longer required:
             wolfSSL_free(xWolfSSL_Object);
             wolfSSL_CTX_free(xWolfSSL_Context);
             wolfSSL_Cleanup();
1 Like

Thanks for sharing!
Did you try running it? What hardware are you using?

Yes, I run it. Everything works fine. I used STM32F407.