From 9d880fe161ee7e41766c7e31cacc03888128e8aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 25 Oct 2023 13:21:40 +0200 Subject: [PATCH 1/5] Zephyr: Fix deprecation warning for rand32.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Frauenschläger --- wolfcrypt/src/random.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index b0bd2ddce..f20b50737 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3522,7 +3522,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #elif defined(WOLFSSL_ZEPHYR) + #include + + #if KERNEL_VERSION_NUMBER >= 0x30500 + #include + #else #include + #endif + #ifndef _POSIX_C_SOURCE #include #else From 4d8bbd70913db3aca506f10aa4683f31bbe921b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Wed, 25 Oct 2023 15:11:46 +0200 Subject: [PATCH 2/5] Zephyr: fix POSIX time include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sys/time.h header causes redefinition errors regarding the fd_set type and the select call inside socket_select.h. We want to include the regular time.h header anyway, as done in random.c. Signed-off-by: Tobias Frauenschläger tmp --- wolfssl/wolfcrypt/wc_port.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 3ae3e41a7..c337ae0de 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -982,7 +982,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #ifndef _POSIX_C_SOURCE #include #else - #include + #include #endif time_t z_time(time_t *timer); From 182eaa0b638f6f53e13236ecc50f51aea6787615 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Thu, 26 Oct 2023 10:58:19 +0200 Subject: [PATCH 3/5] Zephyr: add support for RTC time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For ASN date validation, the actual wall clock time is needed from an RTC. This commit adds support to read the RTC time in case it is available in the Zephyr system. If the RTC is not available or an error occurs during the readout, we fallback to the old implementation which only supports relative time since boot. Signed-off-by: Tobias Frauenschläger --- wolfcrypt/src/wc_port.c | 24 ++++++++++++++++++++++++ wolfssl/wolfcrypt/wc_port.h | 8 ++++++++ 2 files changed, 32 insertions(+) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 6547996e7..28ae8ab09 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -3164,6 +3164,30 @@ time_t z_time(time_t * timer) { struct timespec ts; + #if defined(CONFIG_RTC) && \ + (defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC)) + /* Try to obtain the actual time from an RTC */ + static const struct device *rtc = DEVICE_DT_GET(DT_NODELABEL(rtc)); + + if (device_is_ready(rtc)) { + struct rtc_time rtc_time; + struct tm *tm_time = rtc_time_to_tm(&rtc_time); + + int ret = rtc_get_time(rtc, &rtc_time); + + if (ret == 0) { + time_t epochTime = mktime(tm_time); + + if (timer != NULL) + *timer = epochTime; + + return epochTime; + } + } + #endif + + /* Fallback to uptime since boot. This works for relative times, but + * not for ASN.1 date validation */ if (clock_gettime(CLOCK_REALTIME, &ts) == 0) if (timer != NULL) *timer = ts.tv_sec; diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c337ae0de..2cd79590e 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -985,6 +985,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #include #endif + #if defined(CONFIG_RTC) + #if defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC) + #include + #else + #warning "RTC support needs picolibc or newlib (nano)" + #endif + #endif + time_t z_time(time_t *timer); #define XTIME(tl) z_time((tl)) From 081b34919c4de42a4d10a305add816894e3e83ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Mon, 30 Oct 2023 16:24:41 +0100 Subject: [PATCH 4/5] Zephyr: improve order of random seed sources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using Zephyr, we also want to use the proper wc_GenerateSeed method. However, if one of the defines is set (e.g., NO_STM32_RNG), the Zephyr option is ignored, although it would work. Hence, we have to change the order in which these settings for the source of a random seed are evaluated. Signed-off-by: Tobias Frauenschläger --- wolfcrypt/src/random.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index f20b50737..0d67d4726 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3506,20 +3506,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) * extern int myRngFunc(byte* output, word32 sz); */ -#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \ - defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \ - defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \ - defined(WOLFSSL_LPC43xx) || defined(NO_STM32_RNG) || \ - defined(MBED) || defined(WOLFSSL_EMBOS) || \ - defined(WOLFSSL_GENSEED_FORTEST) || defined(WOLFSSL_CHIBIOS) || \ - defined(WOLFSSL_CONTIKI) || defined(WOLFSSL_AZSPHERE) - - /* these platforms do not have a default random seed and - you'll need to implement your own wc_GenerateSeed or define via - CUSTOM_RAND_GENERATE_BLOCK */ - - #define USE_TEST_GENSEED - #elif defined(WOLFSSL_ZEPHYR) #include @@ -3630,6 +3616,20 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } +#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \ + defined(WOLFSSL_IAR_ARM) || defined(WOLFSSL_MDK_ARM) || \ + defined(WOLFSSL_uITRON4) || defined(WOLFSSL_uTKERNEL2) || \ + defined(WOLFSSL_LPC43xx) || defined(NO_STM32_RNG) || \ + defined(MBED) || defined(WOLFSSL_EMBOS) || \ + defined(WOLFSSL_GENSEED_FORTEST) || defined(WOLFSSL_CHIBIOS) || \ + defined(WOLFSSL_CONTIKI) || defined(WOLFSSL_AZSPHERE) + + /* these platforms do not have a default random seed and + you'll need to implement your own wc_GenerateSeed or define via + CUSTOM_RAND_GENERATE_BLOCK */ + + #define USE_TEST_GENSEED + #elif defined(NO_DEV_RANDOM) #error "you need to write an os specific wc_GenerateSeed() here" From a666c39b659b2d78b305b3cfe79e4bb4a2466ef6 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 2 Nov 2023 11:42:04 +0100 Subject: [PATCH 5/5] zephyr 3.5 github action --- .github/workflows/zephyr.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/zephyr.yml b/.github/workflows/zephyr.yml index 004bf5ff9..decdba256 100644 --- a/.github/workflows/zephyr.yml +++ b/.github/workflows/zephyr.yml @@ -7,10 +7,13 @@ jobs: run_test: name: Build and run strategy: + fail-fast: false matrix: config: - zephyr-ref: v3.4.0 zephyr-sdk: 0.16.1 + - zephyr-ref: v3.5.0 + zephyr-sdk: 0.16.3 runs-on: ubuntu-latest # This should be a safe limit for the tests to run. timeout-minutes: 15