diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 44b8fa029f..2bb059c297 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -23,9 +23,11 @@ jobs: zephyr-sdk: 0.16.1 - zephyr-ref: v3.5.0 zephyr-sdk: 0.16.3 + - zephyr-ref: v2.7.4 + zephyr-sdk: 0.16.3 runs-on: ubuntu-latest # This should be a safe limit for the tests to run. - timeout-minutes: 15 + timeout-minutes: 25 steps: - name: Install dependencies run: | @@ -78,25 +80,38 @@ jobs: cd zephyr-sdk-${{ matrix.config.zephyr-sdk }} ./setup.sh -h -c -t x86_64-zephyr-elf + - name: Fix options for 2.7.4 + if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }} + working-directory: zephyr/modules/crypto/wolfssl + run: | + sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf) + - name: Run wolfssl test id: wolfssl-test working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv + rm -rf zephyr/twister-out + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv rm -rf zephyr/twister-out - name: Run wolfssl TLS sock test + # Results in a page fault that I can't trace + if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }} id: wolfssl-tls-sock working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv + rm -rf zephyr/twister-out + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv rm -rf zephyr/twister-out - name: Run wolfssl TLS thread test + if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }} id: wolfssl-tls-thread working-directory: zephyr run: | - ./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv + ./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv rm -rf zephyr/twister-out - name: Zip failure logs diff --git a/src/internal.c b/src/internal.c index 02e34dbc23..80305f0e71 100644 --- a/src/internal.c +++ b/src/internal.c @@ -37860,7 +37860,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif if (sess == NULL) { ret = TlsSessionCacheGetAndRdLock(id, &sess, &freeCtx->row, - ssl->options.side); + (byte)ssl->options.side); if (ret != 0) sess = NULL; } diff --git a/src/ssl_p7p12.c b/src/ssl_p7p12.c index 5c45407b0c..8cbdb54c4f 100644 --- a/src/ssl_p7p12.c +++ b/src/ssl_p7p12.c @@ -1684,7 +1684,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) } if (mem != NULL) { - localPkcs12 = wc_PKCS12_new(); + localPkcs12 = wc_PKCS12_new_ex(bio->heap); if (localPkcs12 == NULL) { WOLFSSL_MSG("Memory error"); } diff --git a/src/x509.c b/src/x509.c index 56fd9aa402..29a718730c 100644 --- a/src/x509.c +++ b/src/x509.c @@ -11678,8 +11678,9 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) "-----BEGIN X509 CRL-----")) { /* We have a crl */ WOLFSSL_MSG("Parsing crl"); - if((PemToDer((const unsigned char*) header, footerEnd - header, - CRL_TYPE, &der, NULL, NULL, NULL)) < 0) { + if((PemToDer((const unsigned char*) header, + (long)(footerEnd - header), CRL_TYPE, &der, NULL, NULL, + NULL)) < 0) { WOLFSSL_MSG("PemToDer error"); goto err; } diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 2e221a9c19..e3a2bb5d07 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -992,7 +992,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) } #ifdef WOLFSSL_DEBUG_STATIC_MEMORY else { - fprintf(stderr, "Size: %ld, Empty: %d\n", size, + fprintf(stderr, "Size: %lu, Empty: %d\n", (unsigned long) size, mem->sizeList[i]); } #endif @@ -1029,7 +1029,8 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) else { WOLFSSL_MSG("ERROR ran out of static memory"); #ifdef WOLFSSL_DEBUG_MEMORY - fprintf(stderr, "Looking for %lu bytes at %s:%d\n", size, func, line); + fprintf(stderr, "Looking for %lu bytes at %s:%d\n", (unsigned long) size, func, + line); #endif } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index e76f1b1a8e..87321697e3 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -130,15 +130,22 @@ typedef struct WC_PKCS12_ATTRIBUTE { WC_PKCS12* wc_PKCS12_new(void) +{ + return wc_PKCS12_new_ex(NULL); +} + + +WC_PKCS12* wc_PKCS12_new_ex(void* heap) { WC_PKCS12* pkcs12 = (WC_PKCS12*)XMALLOC(sizeof(WC_PKCS12), - NULL, DYNAMIC_TYPE_PKCS); + heap, DYNAMIC_TYPE_PKCS); if (pkcs12 == NULL) { WOLFSSL_MSG("Memory issue when creating WC_PKCS12 struct"); return NULL; } XMEMSET(pkcs12, 0, sizeof(WC_PKCS12)); + pkcs12->heap = heap; return pkcs12; } @@ -202,7 +209,7 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) } #endif - XFREE(pkcs12, NULL, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS); } @@ -2604,20 +2611,12 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, return NULL; } - if ((pkcs12 = wc_PKCS12_new()) == NULL) { + if ((pkcs12 = wc_PKCS12_new_ex(heap)) == NULL) { wc_FreeRng(&rng); WOLFSSL_LEAVE("wc_PKCS12_create", MEMORY_E); return NULL; } - if ((ret = wc_PKCS12_SetHeap(pkcs12, heap)) != 0) { - wc_PKCS12_free(pkcs12); - wc_FreeRng(&rng); - WOLFSSL_LEAVE("wc_PKCS12_create", ret); - (void)ret; - return NULL; - } - if (iter <= 0) { iter = WC_PKCS12_ITT_DEFAULT; } diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 272afd93cf..c6d667c029 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3731,25 +3731,33 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(WOLFSSL_ZEPHYR) - #include + #include #if KERNEL_VERSION_NUMBER >= 0x30500 #include #else - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #endif #ifndef _POSIX_C_SOURCE - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #else #include #endif - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - sys_rand_get(output, sz); - return 0; - } + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + sys_rand_get(output, sz); + return 0; + } #elif defined(WOLFSSL_TELIT_M2MB) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index a21cc2b9d2..ab37c2796b 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -3668,11 +3668,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) #elif defined(WOLFSSL_ZEPHYR) + void* wolfsslThreadHeapHint = NULL; + int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg) { #ifndef WOLFSSL_ZEPHYR_STACK_SZ - #define WOLFSSL_ZEPHYR_STACK_SZ (24*1024) + #define WOLFSSL_ZEPHYR_STACK_SZ (48*1024) #endif if (thread == NULL || cb == NULL) @@ -3686,10 +3688,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) * 0); */ thread->threadStack = (void*)XMALLOC( - Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), 0, - DYNAMIC_TYPE_TMP_BUFFER); - if (thread->threadStack == NULL) + Z_KERNEL_STACK_SIZE_ADJUST(WOLFSSL_ZEPHYR_STACK_SZ), + wolfsslThreadHeapHint, DYNAMIC_TYPE_TMP_BUFFER); + if (thread->threadStack == NULL) { + WOLFSSL_MSG("error: XMALLOC failed"); return MEMORY_E; + } /* k_thread_create does not return any error codes */ /* Casting to k_thread_entry_t should be fine since we just ignore the @@ -3716,7 +3720,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) * if (err != 0) * ret = MEMORY_E; */ - XFREE(thread.threadStack, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(thread.threadStack, wolfsslThreadHeapHint, + DYNAMIC_TYPE_TMP_BUFFER); thread.threadStack = NULL; /* No thread resources to free. Everything is stored in thread.tid */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index a0abe62dc8..3eccd85a37 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -354,6 +354,9 @@ const byte const_byte_array[] = "A+Gd\0\0\0"; #ifdef HAVE_PKCS7 #include #endif +#ifdef HAVE_PKCS12 + #include +#endif #ifdef HAVE_FIPS #include #endif @@ -584,6 +587,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); #endif /* WC_NO_RNG */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ @@ -595,7 +599,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void); -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void); #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void); #endif @@ -1672,6 +1676,16 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ PRIVATE_KEY_LOCK(); #endif +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) + if ( (ret = pkcs12_test()) != 0) + TEST_FAIL("PKCS12 test failed!\n", ret); + else + TEST_PASS("PKCS12 test passed!\n"); +#endif + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) if ( (ret = openssl_test()) != 0) TEST_FAIL("OPENSSL test failed!\n", ret); @@ -24699,7 +24713,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void) #endif #ifdef HAVE_PKCS12 -WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) { WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00 }; @@ -24726,7 +24740,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) int kLen = 24; int iterations = 1; wc_test_ret_t ret; - WOLFSSL_ENTER("pkcs12_test"); + WOLFSSL_ENTER("pkcs12_pbkdf_test"); ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, iterations, kLen, WC_SHA256, id); @@ -24831,7 +24845,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void) return ret; #endif #ifdef HAVE_PKCS12 - ret = pkcs12_test(); + ret = pkcs12_pbkdf_test(); if (ret != 0) return ret; #endif @@ -24845,6 +24859,79 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void) #endif /* NO_PWDBASED */ +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) +{ + wc_test_ret_t ret = 0; + WC_PKCS12* pkcs12 = NULL; + /* Gen vars */ + byte* pkcs12der = NULL; + int pkcs12derSz = 0; + WC_DerCertList derCaList = { + (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL + }; + char* pass = (char*)"wolfSSL test"; + /* Parsing vars */ + WC_DerCertList* derCaListOut = NULL; + byte* keyDer = NULL; + byte* certDer = NULL; + word32 keySz; + word32 certSz; + + WOLFSSL_ENTER("pkcs12_test"); + + pkcs12 = wc_PKCS12_create(pass, XSTRLEN(pass), + (char*)"friendlyName" /* not used currently */, + (byte*)server_key_der_2048, sizeof_server_key_der_2048, + (byte*)server_cert_der_2048, sizeof_server_cert_der_2048, + &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100, + 0 /* not used currently */, HEAP_HINT); + if (pkcs12 == NULL) + return MEMORY_E; + + ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz); + if (ret != LENGTH_ONLY_E) + return ret == 0 ? -1 : ret; + + pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS); + if (pkcs12der == NULL) + return MEMORY_E; + + { + /* Use tmp pointer to avoid advancing pkcs12der */ + byte* tmp = pkcs12der; + ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz); + if (ret <= 0) + return ret == 0 ? -1 : ret; + } + + wc_PKCS12_free(pkcs12); + pkcs12 = wc_PKCS12_new_ex(HEAP_HINT); + if (pkcs12 == NULL) + return MEMORY_E; + + /* convert the DER file into an internal structure */ + ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12); + if (ret != 0) + return ret; + + /* parse the internal structure into its parts */ + ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz, + &certDer, &certSz, &derCaListOut); + if (ret != 0 || keyDer == NULL || certDer == NULL || derCaListOut == NULL) + return ret == 0 ? -1 : ret; + + wc_FreeCertList(derCaListOut, HEAP_HINT); + XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + wc_PKCS12_free(pkcs12); + return ret; +} +#endif + #if defined(HAVE_HKDF) && !defined(NO_HMAC) #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ @@ -50249,7 +50336,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) return BAD_FUNC_ARG; #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Algo Type %d\n", info->algo_type); + WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type); #endif if (info->algo_type == WC_ALGO_TYPE_RNG) { @@ -50291,7 +50378,7 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) } else if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef DEBUG_WOLFSSL - printf("CryptoDevCb: Pk Type %d\n", info->pk.type); + WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type); #endif #ifndef NO_RSA diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ea828a84c3..27ddd575f2 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -206,7 +206,12 @@ #endif #elif defined(WOLFSSL_ZEPHYR) #ifndef SINGLE_THREADED - #include + #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #endif #elif defined(WOLFSSL_TELIT_M2MB) /* do nothing */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2d10864623..a578f27081 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -37,6 +37,7 @@ #include #include #include +#include /* For the types */ #include @@ -2974,7 +2975,6 @@ WOLFSSL_API int wolfSSL_connect_cert(WOLFSSL* ssl); /* PKCS12 compatibility */ -typedef struct WC_PKCS12 WC_PKCS12; WOLFSSL_API WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12); WOLFSSL_API int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12); diff --git a/wolfssl/test.h b/wolfssl/test.h index 47abb74af3..a5b2092587 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -143,9 +143,26 @@ #include #define SOCKET_T int #elif defined(WOLFSSL_ZEPHYR) + #include #include #include - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #ifdef CONFIG_POSIX_API + #include + #include + #include + #include + #endif + #else + #include + #ifdef CONFIG_POSIX_API + #include + #include + #include + #include + #endif + #endif #define SOCKET_T int #define SOL_SOCKET 1 #define WOLFSSL_USE_GETADDRINFO diff --git a/wolfssl/wolfcrypt/pkcs12.h b/wolfssl/wolfcrypt/pkcs12.h index f3023540e4..dc06c9df25 100644 --- a/wolfssl/wolfcrypt/pkcs12.h +++ b/wolfssl/wolfcrypt/pkcs12.h @@ -29,9 +29,7 @@ extern "C" { #endif -#ifndef WOLFSSL_TYPES_DEFINED /* do not redeclare from ssl.h */ - typedef struct WC_PKCS12 WC_PKCS12; -#endif +typedef struct WC_PKCS12 WC_PKCS12; typedef struct WC_DerCertList { /* dereferenced in ssl.c */ byte* buffer; @@ -47,6 +45,7 @@ enum { }; WOLFSSL_API WC_PKCS12* wc_PKCS12_new(void); +WOLFSSL_API WC_PKCS12* wc_PKCS12_new_ex(void* heap); WOLFSSL_API void wc_PKCS12_free(WC_PKCS12* pkcs12); WOLFSSL_API int wc_d2i_PKCS12(const byte* der, word32 derSz, WC_PKCS12* pkcs12); #ifndef NO_FILESYSTEM @@ -67,7 +66,7 @@ WOLFSSL_API WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, WOLFSSL_LOCAL int wc_PKCS12_SetHeap(WC_PKCS12* pkcs12, void* heap); WOLFSSL_LOCAL void* wc_PKCS12_GetHeap(WC_PKCS12* pkcs12); -WOLFSSL_LOCAL void wc_FreeCertList(WC_DerCertList* list, void* heap); +WOLFSSL_API void wc_FreeCertList(WC_DerCertList* list, void* heap); #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 01926e306e..664ab21ab8 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2082,9 +2082,16 @@ extern void uITRON4_free(void *p) ; #endif /*(WOLFSSL_APACHE_MYNEWT)*/ #ifdef WOLFSSL_ZEPHYR + #include +#if KERNEL_VERSION_NUMBER >= 0x30100 #include #include #include +#else + #include + #include + #include +#endif #include #define WOLFSSL_DH_CONST diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 89f01e2597..f8fa05c046 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1422,6 +1422,7 @@ typedef struct w64wrapper { k_thread_stack_t* threadStack; } THREAD_TYPE; #define WOLFSSL_THREAD + extern void* wolfsslThreadHeapHint; #elif defined(NETOS) typedef UINT THREAD_RETURN; typedef struct { diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index bf5ef6b30b..7577bbad8d 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -145,13 +145,20 @@ #elif defined(WOLFSSL_APACHE_MYNEWT) /* do nothing */ #elif defined(WOLFSSL_ZEPHYR) + #include #ifndef SINGLE_THREADED #ifndef CONFIG_PTHREAD_IPC #error "Need CONFIG_PTHREAD_IPC for threading" #endif + #if KERNEL_VERSION_NUMBER >= 0x30100 #include #include #include + #else + #include + #include + #include + #endif #endif #elif defined(WOLFSSL_TELIT_M2MB) @@ -999,8 +1006,13 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define USE_WOLF_TIME_T #elif defined(WOLFSSL_ZEPHYR) + #include #ifndef _POSIX_C_SOURCE - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif #else #include #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 48646a50ba..421387128c 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -129,7 +129,18 @@ #include #include #elif defined(WOLFSSL_ZEPHYR) - #include + #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #ifdef CONFIG_POSIX_API + #include + #endif + #else + #include + #ifdef CONFIG_POSIX_API + #include + #endif + #endif #elif defined(MICROCHIP_PIC32) #include #elif defined(HAVE_NETX) diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt index 0b26805576..cf64215ca1 100644 --- a/zephyr/CMakeLists.txt +++ b/zephyr/CMakeLists.txt @@ -165,6 +165,7 @@ if(CONFIG_WOLFSSL) target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS) if(CONFIG_WOLFSSL_DEBUG) target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL) + zephyr_library_compile_options(-g3 -O0) endif() else() assert(CONFIG_WOLFSSL_LIBRARY "wolfSSL was enabled, but neither BUILTIN or LIBRARY was selected.") diff --git a/zephyr/Kconfig.tls-generic b/zephyr/Kconfig.tls-generic index 9ffcf90e84..bc46a8fd47 100644 --- a/zephyr/Kconfig.tls-generic +++ b/zephyr/Kconfig.tls-generic @@ -264,9 +264,4 @@ config WOLFSSL_HAVE_ASM of asymmetric cryptography, however this might have an impact on the code size. -config WOLFSSL_USER_SETTTINGS - string "User settings file for wolfSSL" - help - User settings file that contains wolfSSL defines. - endmenu diff --git a/zephyr/samples/wolfssl_benchmark/prj.conf b/zephyr/samples/wolfssl_benchmark/prj.conf index 41ccf7f948..0179880249 100644 --- a/zephyr/samples/wolfssl_benchmark/prj.conf +++ b/zephyr/samples/wolfssl_benchmark/prj.conf @@ -23,6 +23,7 @@ CONFIG_CONSOLE=y CONFIG_LOG=y CONFIG_LOG_BACKEND_UART=y CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y #CONFIG_WOLFSSL_DEBUG=y # Entropy diff --git a/zephyr/samples/wolfssl_test/prj-no-malloc.conf b/zephyr/samples/wolfssl_test/prj-no-malloc.conf new file mode 100644 index 0000000000..42f98d431d --- /dev/null +++ b/zephyr/samples/wolfssl_test/prj-no-malloc.conf @@ -0,0 +1,30 @@ +# Configure stack and heap sizes +CONFIG_MAIN_STACK_SIZE=655360 +#CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536 + +# Pthreads +CONFIG_PTHREAD_IPC=y + +# Clock for time() +CONFIG_POSIX_CLOCK=y + +# TLS configuration +CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h" +CONFIG_WOLFSSL=y +CONFIG_WOLFSSL_BUILTIN=y + +# Logging +CONFIG_PRINTK=y +CONFIG_CBPRINTF_LIBC_SUBSTS=y +CONFIG_CBPRINTF_FP_SUPPORT=y +CONFIG_CONSOLE=y +CONFIG_LOG=y +CONFIG_LOG_BACKEND_UART=y +CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y +#CONFIG_WOLFSSL_DEBUG=y + +# Entropy +CONFIG_TEST_RANDOM_GENERATOR=y +CONFIG_ENTROPY_GENERATOR=y +CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf index 6c8a5ca437..38b1ce49b4 100644 --- a/zephyr/samples/wolfssl_test/prj.conf +++ b/zephyr/samples/wolfssl_test/prj.conf @@ -1,4 +1,3 @@ - # Configure stack and heap sizes CONFIG_MAIN_STACK_SIZE=32768 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384 @@ -21,6 +20,7 @@ CONFIG_CONSOLE=y CONFIG_LOG=y CONFIG_LOG_BACKEND_UART=y CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y #CONFIG_WOLFSSL_DEBUG=y # Entropy diff --git a/zephyr/samples/wolfssl_test/sample.yaml b/zephyr/samples/wolfssl_test/sample.yaml index a1c4f81921..50010f76ae 100644 --- a/zephyr/samples/wolfssl_test/sample.yaml +++ b/zephyr/samples/wolfssl_test/sample.yaml @@ -13,3 +13,9 @@ tests: platform_allow: qemu_x86 integration_platforms: - qemu_x86 + sample.crypto.wolfssl_test_no_malloc: + timeout: 120 + platform_allow: qemu_x86 + extra_args: CONF_FILE="prj-no-malloc.conf" + integration_platforms: + - qemu_x86 diff --git a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf new file mode 100644 index 0000000000..830b1944db --- /dev/null +++ b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf @@ -0,0 +1,57 @@ +# Kernel options +CONFIG_MAIN_STACK_SIZE=655360 +CONFIG_ENTROPY_GENERATOR=y +CONFIG_INIT_STACKS=y + +# General config +CONFIG_NEWLIB_LIBC=y + +# Pthreads +CONFIG_PTHREAD_IPC=y + +# Clock for time() +CONFIG_POSIX_CLOCK=y + +# Networking config +CONFIG_NETWORKING=y +CONFIG_NET_IPV4=y +CONFIG_NET_IPV6=n +CONFIG_NET_TCP=y +CONFIG_NET_SOCKETS=y +CONFIG_NET_SOCKETS_POSIX_NAMES=y + +CONFIG_NET_TEST=y +CONFIG_NET_LOOPBACK=y + +# Network driver config +CONFIG_TEST_RANDOM_GENERATOR=y + +# Network address config +CONFIG_NET_CONFIG_SETTINGS=y +CONFIG_NET_CONFIG_NEED_IPV4=y +CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1" +CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2" +CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2" + +CONFIG_NET_PKT_TX_COUNT=10 + +# Network debug config +#CONFIG_NET_LOG=y +#CONFIG_NET_PKT_LOG_LEVEL_DBG=y + +# Logging +CONFIG_PRINTK=y +#CONFIG_WOLFSSL_DEBUG=y +CONFIG_LOG=y +CONFIG_LOG_MODE_IMMEDIATE=y + +# TLS configuration +CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h" +CONFIG_WOLFSSL=y +CONFIG_WOLFSSL_BUILTIN=y + +CONFIG_WOLFSSL_TLS_VERSION_1_2=y +CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y +CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y +CONFIG_WOLFSSL_MAC_ALL_ENABLED=y +CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf index f8b0f292ee..549bc07ab0 100644 --- a/zephyr/samples/wolfssl_tls_sock/prj.conf +++ b/zephyr/samples/wolfssl_tls_sock/prj.conf @@ -43,14 +43,14 @@ CONFIG_NET_PKT_TX_COUNT=10 # Logging CONFIG_PRINTK=y #CONFIG_WOLFSSL_DEBUG=y -#CONFIG_LOG=y -#CONFIG_LOG_MODE_IMMEDIATE=y +CONFIG_LOG=y +CONFIG_LOG_MODE_IMMEDIATE=y # TLS configuration CONFIG_WOLFSSL=y CONFIG_WOLFSSL_BUILTIN=y -CONFIG_WOLFSSL_TLS_VERSION_1_2=y +CONFIG_WOLFSSL_TLS_VERSION_1_3=y CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y CONFIG_WOLFSSL_MAC_ALL_ENABLED=y diff --git a/zephyr/samples/wolfssl_tls_sock/sample.yaml b/zephyr/samples/wolfssl_tls_sock/sample.yaml index ea002827e6..a1b26e8794 100644 --- a/zephyr/samples/wolfssl_tls_sock/sample.yaml +++ b/zephyr/samples/wolfssl_tls_sock/sample.yaml @@ -8,9 +8,16 @@ common: regex: - "Server Return: 0" - "Client Return: 0" + - "Done" tests: sample.crypto.wolfssl_tls_sock: timeout: 60 platform_allow: qemu_x86 integration_platforms: - qemu_x86 + sample.crypto.wolfssl_tls_sock_no_malloc: + timeout: 60 + platform_allow: qemu_x86 + extra_args: CONF_FILE="prj-no-malloc.conf" + integration_platforms: + - qemu_x86 diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c index b930554435..c25277820b 100644 --- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c +++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c @@ -32,7 +32,7 @@ #endif #define BUFFER_SIZE 2048 -#define STATIC_MEM_SIZE (192*1024) +#define STATIC_MEM_SIZE (256*1024) #define MAX_SEND_SIZE 256 #ifdef WOLFSSL_STATIC_MEMORY @@ -94,7 +94,7 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) WOLFSSL* client_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ - if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(), + if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_client_method_ex(HEAP_HINT_CLIENT), HEAP_HINT_CLIENT)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; @@ -165,7 +165,7 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) WOLFSSL* server_ssl = NULL; /* Create and initialize WOLFSSL_CTX */ - if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(), + if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_3_server_method_ex(HEAP_HINT_SERVER), HEAP_HINT_SERVER)) == NULL) { printf("ERROR: failed to create WOLFSSL_CTX\n"); ret = -1; @@ -445,20 +445,8 @@ void client_thread() WOLFSSL* client_ssl = NULL; SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; -#ifdef WOLFSSL_STATIC_MEMORY - if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient, - sizeof(gMemoryClient), - WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) { - printf("unable to load static memory"); - ret = -1; - } - - if (ret == 0) -#endif - { - /* Client connection */ - ret = wolfssl_client_new(&client_ctx, &client_ssl); - } + /* Client connection */ + ret = wolfssl_client_new(&client_ctx, &client_ssl); if (ret == 0) ret = wolfssl_client_connect_tcp(client_ssl, &sockfd); @@ -507,6 +495,17 @@ int main() wolfSSL_Debugging_ON(); #endif +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient, + sizeof(gMemoryClient), + WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) { + printf("unable to load static memory"); + return -1; + } + + wolfsslThreadHeapHint = HEAP_HINT_CLIENT; +#endif + /* Start server */ if (wolfSSL_NewThread(&serverThread, server_thread, NULL) != 0) { printf("Failed to start server thread\n"); @@ -515,6 +514,9 @@ int main() k_sleep(Z_TIMEOUT_TICKS(100)); client_thread(); + /* Join is not working in qemu when the thread is still active. Wait for it + * to shut down to join it. */ + k_sleep(Z_TIMEOUT_TICKS(100)); if (wolfSSL_JoinThread(serverThread) != 0) { printf("Failed to join server thread\n"); diff --git a/zephyr/samples/wolfssl_tls_thread/prj.conf b/zephyr/samples/wolfssl_tls_thread/prj.conf index 95ebedcbb6..185a7b24c0 100644 --- a/zephyr/samples/wolfssl_tls_thread/prj.conf +++ b/zephyr/samples/wolfssl_tls_thread/prj.conf @@ -3,7 +3,7 @@ CONFIG_MAIN_STACK_SIZE=16384 CONFIG_ENTROPY_GENERATOR=y CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_INIT_STACKS=y -CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536 +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 # Pthreads CONFIG_PTHREAD_IPC=y @@ -23,7 +23,7 @@ CONFIG_DNS_RESOLVER=y CONFIG_PRINTK=y CONFIG_LOG=y CONFIG_LOG_MODE_IMMEDIATE=y -#CONFIG_WOLFSSL_DEBUG=y +CONFIG_WOLFSSL_DEBUG=y # Enable logging using RTT and UART #CONFIG_CBPRINTF_LIBC_SUBSTS=y diff --git a/zephyr/user_settings-no-malloc.h b/zephyr/user_settings-no-malloc.h new file mode 100644 index 0000000000..5a5ca131c7 --- /dev/null +++ b/zephyr/user_settings-no-malloc.h @@ -0,0 +1,170 @@ +/* user_settings-tls-generic.h + * generated from configure options + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_OPTIONS_H +#define WOLFSSL_OPTIONS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +#if 0 +#undef SINGLE_THREADED +#define SINGLE_THREADED +#endif + +#undef TFM_TIMING_RESISTANT +#define TFM_TIMING_RESISTANT + +#undef ECC_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +#undef WC_RSA_BLINDING +#define WC_RSA_BLINDING + +#undef HAVE_AESGCM +#define HAVE_AESGCM + +#undef WOLFSSL_SHA512 +#define WOLFSSL_SHA512 + +#undef WOLFSSL_SHA384 +#define WOLFSSL_SHA384 + +#undef NO_DSA +#define NO_DSA + +#undef HAVE_ECC +#define HAVE_ECC + +#undef TFM_ECC256 +#define TFM_ECC256 + +#undef WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE64_ENCODE + +#undef NO_RC4 +#define NO_RC4 + +#undef WOLFSSL_SHA224 +#define WOLFSSL_SHA224 + +#undef WOLFSSL_SHA3 +#define WOLFSSL_SHA3 + +#undef HAVE_POLY1305 +#define HAVE_POLY1305 + +#undef HAVE_ONE_TIME_AUTH +#define HAVE_ONE_TIME_AUTH + +#undef HAVE_CHACHA +#define HAVE_CHACHA + +#undef HAVE_HASHDRBG +#define HAVE_HASHDRBG + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SUPPORTED_CURVES +#define HAVE_SUPPORTED_CURVES + +#undef HAVE_EXTENDED_MASTER +#define HAVE_EXTENDED_MASTER + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef USE_FAST_MATH +#define USE_FAST_MATH + +#undef WOLFSSL_NO_ASM +#define WOLFSSL_NO_ASM + +#undef WOLFSSL_X86_BUILD +#define WOLFSSL_X86_BUILD + +#undef WC_NO_ASYNC_THREADING +#define WC_NO_ASYNC_THREADING + +#undef WOLFSSL_STATIC_MEMORY +#define WOLFSSL_STATIC_MEMORY + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#undef HAVE_HKDF +#define HAVE_HKDF + +#undef WC_RSA_PSS +#define WC_RSA_PSS + +#undef HAVE_FFDHE_2048 +#define HAVE_FFDHE_2048 + +#undef WOLFSSL_NO_MALLOC +#define WOLFSSL_NO_MALLOC +//#define WOLFSSL_DEBUG_STATIC_MEMORY +//#define WOLFSSL_DEBUG_MEMORY_PRINT +//#define WOLFSSL_DEBUG_MEMORY +//#define WOLFSSL_TRACK_MEMORY +#define LARGEST_MEM_BUCKET 65536 + +#undef WOLFSSL_DYN_CERT +#define WOLFSSL_DYN_CERT + +#undef WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_GEN + +#undef WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_REQ + +#undef HAVE_PKCS12 +#define HAVE_PKCS12 + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#if 0 +#undef WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_HAVE_SP_RSA +#undef WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_DH +#undef WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_ECC +#endif + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_OPTIONS_H */ + diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h index 8c8f2e3032..7876c0baf2 100644 --- a/zephyr/user_settings.h +++ b/zephyr/user_settings.h @@ -24,7 +24,10 @@ #ifdef CONFIG_WOLFSSL -/* If a custom user_settings file is provided use it instead */ +/* If a custom user_settings file is provided use it instead. + * CONFIG_WOLFSSL_SETTINGS_FILE is always defined. If it is not explicitly set + * in prj.conf then it is auto-defined to "". This obviously causes issues here. + * That is why we define WOLFSSL_SETTINGS_FILE in CMakeLists.txt. */ #ifdef WOLFSSL_SETTINGS_FILE #include WOLFSSL_SETTINGS_FILE #else @@ -219,7 +222,7 @@ extern "C" { #undef NO_SHA /* on by default */ //#define USE_SLOW_SHA /* 1k smaller, but 25% slower */ #else - #define NO_SHA + // #define NO_SHA /* Necessary for pkcs12 tests */ #endif /* SHA2-256 */ @@ -297,7 +300,7 @@ extern "C" { #define NO_RC4 #define NO_MD4 #define NO_MD5 -#define NO_DES3 +//#define NO_DES3 /* Necessary for pkcs12 tests */ #define WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE256