From 8be2d7690a964ed6a1cb0cbf1d42903a8d4fe7e9 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 23 Oct 2020 00:17:40 -0500 Subject: [PATCH 01/12] add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime. --- configure.ac | 7 +++++-- src/include.am | 6 +----- wolfcrypt/src/debug.c | 17 +++++++++++++++++ wolfssl/wolfcrypt/settings.h | 3 +++ 4 files changed, 26 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 08308a93d..5ef4d13e0 100644 --- a/configure.ac +++ b/configure.ac @@ -5783,10 +5783,8 @@ AM_CONDITIONAL([BUILD_PKCS7],[test "x$ENABLED_PKCS7" = "xyes" || test "x$ENABLED AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"]) AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"]) AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"]) -AM_CONDITIONAL([BUILD_DEBUG],[test "$ax_enable_debug" = "yes" || test "$ENABLED_STACKSIZE" = "yes"]) AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"]) - CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -5836,6 +5834,11 @@ echo "extern \"C\" {" >> $OPTION_FILE echo "#endif" >> $OPTION_FILE echo "" >> $OPTION_FILE +echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" >> $OPTION_FILE +echo >> $OPTION_FILE +echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\"" >> $OPTION_FILE +echo >> $OPTION_FILE + for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS; do defonly=`echo $option | sed 's/^-D//'` if test "$defonly" != "$option" diff --git a/src/include.am b/src/include.am index 577a81e82..fc35cedf4 100644 --- a/src/include.am +++ b/src/include.am @@ -315,12 +315,8 @@ endif !BUILD_FIPS_RAND src_libwolfssl_la_SOURCES += \ wolfcrypt/src/logging.c \ wolfcrypt/src/wc_port.c \ - wolfcrypt/src/error.c - -if BUILD_DEBUG -src_libwolfssl_la_SOURCES += \ + wolfcrypt/src/error.c \ wolfcrypt/src/debug.c -endif if !BUILD_FIPS_RAND src_libwolfssl_la_SOURCES += \ diff --git a/wolfcrypt/src/debug.c b/wolfcrypt/src/debug.c index cf51fc639..30cca8669 100644 --- a/wolfcrypt/src/debug.c +++ b/wolfcrypt/src/debug.c @@ -27,6 +27,23 @@ #include #include #include +#include + +WOLFSSL_API const char *libwolfssl_configure_args(void) { +#ifdef LIBWOLFSSL_CONFIGURE_ARGS + return " " LIBWOLFSSL_CONFIGURE_ARGS " "; +#else + return NULL; +#endif +} + +WOLFSSL_API const char *libwolfssl_global_cflags(void) { +#ifdef LIBWOLFSSL_GLOBAL_CFLAGS + return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; +#else + return NULL; +#endif +} #ifdef HAVE_STACK_SIZE_VERBOSE WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack = NULL; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index fc9e3d783..0001c11fb 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -221,6 +221,9 @@ #include +WOLFSSL_API const char *libwolfssl_configure_args(void); +WOLFSSL_API const char *libwolfssl_global_cflags(void); + #ifdef WOLFSSL_USER_SETTINGS #include "user_settings.h" #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) From b918e1fd4ca8e4f66ce37889c72682088b51303f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 23 Oct 2020 00:31:13 -0500 Subject: [PATCH 02/12] examples/: add -@ and -# flags to client and server, printing libwolfssl_configure_args() and libwolfssl_global_cflags() respectively. --- examples/client/client.c | 17 ++++++++++++++++- examples/server/server.c | 17 ++++++++++++++++- wolfcrypt/src/debug.c | 2 ++ 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 88795ac0d..acbbe732f 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1655,7 +1655,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "ab:c:defgh:i;jk:l:mnop:q:rstuv:wxyz" "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" - "01:23:458")) != -1) { + "01:23:458" + "@#")) != -1) { switch (ch) { case '?' : if(myoptarg!=NULL) { @@ -2122,6 +2123,20 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #endif break; + case '@' : + { + const char *conf_args = libwolfssl_configure_args(); + printf("%s\n", conf_args ? conf_args : "configure args not compiled in"); + XEXIT_T(EXIT_SUCCESS); + } + + case '#' : + { + const char *cflags = libwolfssl_global_cflags(); + printf("%s\n", cflags ? cflags : "CFLAGS not compiled in"); + XEXIT_T(EXIT_SUCCESS); + } + default: Usage(); XEXIT_T(MY_EX_USAGE); diff --git a/examples/server/server.c b/examples/server/server.c index 09eb86025..26162927b 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1152,7 +1152,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) while ((ch = mygetopt(argc, argv, "?:" "abc:defgijk:l:mnop:q:rstuv:wxy" "A:B:C:D:E:FGH:IJKL:MNO:PQR:S:TUVYZ:" - "01:23:4:58")) != -1) { + "01:23:4:58" + "@#")) != -1) { switch (ch) { case '?' : if(myoptarg!=NULL) { @@ -1552,6 +1553,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #endif break; + case '@' : + { + const char *conf_args = libwolfssl_configure_args(); + printf("%s\n", conf_args ? conf_args : "configure args not compiled in"); + XEXIT_T(EXIT_SUCCESS); + } + + case '#' : + { + const char *cflags = libwolfssl_global_cflags(); + printf("%s\n", cflags ? cflags : "CFLAGS not compiled in"); + XEXIT_T(EXIT_SUCCESS); + } + default: Usage(); XEXIT_T(MY_EX_USAGE); diff --git a/wolfcrypt/src/debug.c b/wolfcrypt/src/debug.c index 30cca8669..d8e113198 100644 --- a/wolfcrypt/src/debug.c +++ b/wolfcrypt/src/debug.c @@ -31,6 +31,7 @@ WOLFSSL_API const char *libwolfssl_configure_args(void) { #ifdef LIBWOLFSSL_CONFIGURE_ARGS + /* the spaces on either side are to make matching simple and efficient. */ return " " LIBWOLFSSL_CONFIGURE_ARGS " "; #else return NULL; @@ -39,6 +40,7 @@ WOLFSSL_API const char *libwolfssl_configure_args(void) { WOLFSSL_API const char *libwolfssl_global_cflags(void) { #ifdef LIBWOLFSSL_GLOBAL_CFLAGS + /* the spaces on either side are to make matching simple and efficient. */ return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; #else return NULL; From 7a5cbaa9bc92a7287744c90464bee229cce4783f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 23 Oct 2020 00:32:52 -0500 Subject: [PATCH 03/12] fix scripts/ocsp-stapling*.test to accommodate IPv6 examples/ client/server build. --- scripts/ocsp-stapling.test | 30 ++++++++++++++++++++---------- scripts/ocsp-stapling2.test | 14 +++++++++++--- 2 files changed, 31 insertions(+), 13 deletions(-) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 7ef60ea8f..c6d334a12 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -16,6 +16,13 @@ if [ $? -eq 0 ]; then exit 0 fi +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + LOCALHOST='::1' + V4V6=-6 +else + LOCALHOST='127.0.0.1' + V4V6=-4 +fi PARENTDIR="$PWD" @@ -71,7 +78,7 @@ remove_single_rF(){ #create a configure file for cert generation with the port 0 solution create_new_cnf() { - printf '%s\n' "Random Port Selected: $RPORTSELECTED" + printf '%s\n' "Random Port Selected: $1" printf '%s\n' "#" > $test_cnf printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf @@ -183,7 +190,7 @@ get_first_free_port() { if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z 127.0.0.1 "$ret"; then + if ! nc -z $V4V6 $LOCALHOST "$ret"; then break fi ret=$((ret+1)) @@ -201,7 +208,7 @@ port3=$(get_first_free_port $((port2 + 1))) # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ printf '%s\n' "ready file: $ready_file" -./examples/server/server -b -p $port1 -o -R $ready_file & +./examples/server/server -p $port1 -o -R $ready_file & wolf_pid=$! wait_for_readyFile $ready_file $wolf_pid $port1 if [ ! -f $ready_file ]; then @@ -209,7 +216,7 @@ if [ ! -f $ready_file ]; then exit 1 else # should fail if ocspstapling is also enabled - echo "hi" | openssl s_client -status -connect 127.0.0.1:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + echo "hi" | openssl s_client -status -connect [${LOCALHOST}]:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem if [ $? -eq 0 ]; then printf '%s\n' "Succeeded when should have failed" remove_single_rF $ready_file @@ -225,7 +232,7 @@ fi # create a port to use with openssl ocsp responder -./examples/server/server -b -p $port2 -R $ready_file & +./examples/server/server -p $port2 -R $ready_file & wolf_pid2=$! wait_for_readyFile $ready_file $wolf_pid2 $port2 if [ ! -f $ready_file ]; then @@ -247,10 +254,13 @@ server=login.live.com #ca=certs/external/baltimore-cybertrust-root.pem ca=certs/external/ca_collection.pem -./examples/client/client -C -h $server -p 443 -A $ca -g -W 1 -RESULT=$? -[ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 - +if [[ "$V4V6" == "-4" ]]; then + ./examples/client/client -C -h $server -p 443 -A $ca -g -W 1 + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 +else + echo "Skipping OCSP test on $server (IPv6 test client)" +fi # Test with example server @@ -341,7 +351,7 @@ generate_port() { # Start OpenSSL server that has no OCSP responses to return generate_port -openssl s_server -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & +openssl s_server $V4V6 -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & openssl_pid=$! sleep 0.1 diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index f51e03fe4..4c964c21d 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -24,6 +24,14 @@ if [ $? -eq 0 ]; then exit 0 fi +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='-6 ::1' +else + LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' +fi + PARENTDIR="$PWD" # create a unique workspace directory ending in PID for the script instance ($$) @@ -87,7 +95,7 @@ remove_single_rF(){ #create a configure file for cert generation with the port 0 solution create_new_cnf() { - printf '%s\n' "Random Port Selected: $RPORTSELECTED" + printf '%s\n' "Random Ports Selected: $1 $2 $3 $4" printf '%s\n' "#" > $test_cnf printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf @@ -209,7 +217,7 @@ get_first_free_port() { if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z 127.0.0.1 "$ret"; then + if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then break fi ret=$((ret+1)) @@ -396,7 +404,7 @@ remove_single_rF $ready_file5 -p $port5 -H loadSSL & server_pid5=$! wait_for_readyFile $ready_file5 $server_pid5 $port5 -echo "test connection" | openssl s_client -status -connect 127.0.0.1:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem +echo "test connection" | openssl s_client -status -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 wait $server_pid5 From f37c25f9c0ce41e503eb09ba2949652fb32005db Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 23 Oct 2020 00:33:48 -0500 Subject: [PATCH 04/12] wc_XChaCha20Poly1305_crypt_oneshot(): use ForceZero, not XMEMSET(), to safely clear the AEAD state before return. --- wolfcrypt/src/chacha20_poly1305.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c index 20827e041..5d55b9208 100644 --- a/wolfcrypt/src/chacha20_poly1305.c +++ b/wolfcrypt/src/chacha20_poly1305.c @@ -435,7 +435,8 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot( out: - XMEMSET(aead, 0, sizeof *aead); + ForceZero(aead, sizeof *aead); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif From 1ba0883f4c607984d29649253d7a65d93bee9b0f Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 23 Oct 2020 15:27:10 -0500 Subject: [PATCH 05/12] introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). --- CMakeLists.txt | 2 +- configure.ac | 18 ++++++++++++++ examples/client/client.c | 31 +++++++++++++++++++++--- examples/server/server.c | 35 +++++++++++++++++++++++---- linuxkm/Kbuild | 4 +-- src/include.am | 8 ++++-- wolfcrypt/src/{debug.c => wc_debug.c} | 10 +++++--- wolfssl/wolfcrypt/settings.h | 7 +++--- 8 files changed, 95 insertions(+), 20 deletions(-) rename wolfcrypt/src/{debug.c => wc_debug.c} (94%) diff --git a/CMakeLists.txt b/CMakeLists.txt index ac41b964c..0e64d0274 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -110,7 +110,7 @@ add_library(wolfssl wolfcrypt/src/cryptocb.c wolfcrypt/src/curve25519.c wolfcrypt/src/curve448.c - wolfcrypt/src/debug.c + wolfcrypt/src/wc_debug.c wolfcrypt/src/des3.c wolfcrypt/src/dh.c wolfcrypt/src/dsa.c diff --git a/configure.ac b/configure.ac index 5ef4d13e0..5d59f4ca8 100644 --- a/configure.ac +++ b/configure.ac @@ -5785,6 +5785,18 @@ AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"]) AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"]) AM_CONDITIONAL([BUILD_RC2],[test "x$ENABLED_RC2" = "xyes"]) +if test "$ax_enable_debug" = "yes" || + test "$ENABLED_STACKSIZE" = "yes" || + (test "$ENABLED_LEANTLS" = "no" && + test "$ENABLED_LEANPSK" = "no" && + test "$ENABLED_LOWRESOURCE" = "no") +then + WC_INTROSPECTION=yes +else + WC_INTROSPECTION=no +fi +AM_CONDITIONAL([BUILD_WC_DEBUG],[test "$WC_INTROSPECTION" = "yes"]) + CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) AC_SUBST([AM_CFLAGS]) @@ -5839,6 +5851,12 @@ echo >> $OPTION_FILE echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\"" >> $OPTION_FILE echo >> $OPTION_FILE +if test "$WC_INTROSPECTION" = "yes" +then + echo "#define HAVE_WC_INTROSPECTION" >> $OPTION_FILE + echo >> $OPTION_FILE +fi + for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS; do defonly=`echo $option | sed 's/^-D//'` if test "$defonly" != "$option" diff --git a/examples/client/client.c b/examples/client/client.c index acbbe732f..2265afbec 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -24,6 +24,9 @@ #include #endif +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif #include #include @@ -2125,16 +2128,36 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) case '@' : { +#ifdef HAVE_WC_INTROSPECTION const char *conf_args = libwolfssl_configure_args(); - printf("%s\n", conf_args ? conf_args : "configure args not compiled in"); - XEXIT_T(EXIT_SUCCESS); + if (conf_args) { + puts(conf_args); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("configure args not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif } case '#' : { +#ifdef HAVE_WC_INTROSPECTION const char *cflags = libwolfssl_global_cflags(); - printf("%s\n", cflags ? cflags : "CFLAGS not compiled in"); - XEXIT_T(EXIT_SUCCESS); + if (cflags) { + puts(cflags); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("CFLAGS not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif } default: diff --git a/examples/server/server.c b/examples/server/server.c index 26162927b..686a210ab 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -23,9 +23,14 @@ #ifdef HAVE_CONFIG_H #include #endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + #include /* name change portability layer */ -#include #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ #endif @@ -1555,16 +1560,36 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case '@' : { +#ifdef HAVE_WC_INTROSPECTION const char *conf_args = libwolfssl_configure_args(); - printf("%s\n", conf_args ? conf_args : "configure args not compiled in"); - XEXIT_T(EXIT_SUCCESS); + if (conf_args) { + puts(conf_args); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("configure args not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif } case '#' : { +#ifdef HAVE_WC_INTROSPECTION const char *cflags = libwolfssl_global_cflags(); - printf("%s\n", cflags ? cflags : "CFLAGS not compiled in"); - XEXIT_T(EXIT_SUCCESS); + if (cflags) { + puts(cflags); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("CFLAGS not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif } default: diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index 5909a1e2a..b5faf6976 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -76,12 +76,12 @@ $(obj)/wolfcrypt/src/aes_asm.o: OBJECT_FILES_NON_STANDARD := y $(obj)/wolfcrypt/src/aes_gcm_asm.o: OBJECT_FILES_NON_STANDARD := y # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. -# exclude symbols that don't match wc_* or wolf*. +# exclude symbols that don't match wc_*, wolf*, or libwolf*. $(src)/linuxkm/module_exports.c: $(src)/linuxkm/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) @cp $< $@ @readelf --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \ awk '/^ *[0-9]+: / { \ - if ($$8 !~ /^(wc_|wolf)/){next;} \ + if ($$8 !~ /^(wc_|wolf|libwolf)/){next;} \ if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { \ print "EXPORT_SYMBOL_NS(" $$8 ", WOLFSSL);"; \ } \ diff --git a/src/include.am b/src/include.am index fc35cedf4..f97f56aad 100644 --- a/src/include.am +++ b/src/include.am @@ -315,8 +315,12 @@ endif !BUILD_FIPS_RAND src_libwolfssl_la_SOURCES += \ wolfcrypt/src/logging.c \ wolfcrypt/src/wc_port.c \ - wolfcrypt/src/error.c \ - wolfcrypt/src/debug.c + wolfcrypt/src/error.c + +if BUILD_WC_DEBUG +src_libwolfssl_la_SOURCES += \ + wolfcrypt/src/wc_debug.c +endif if !BUILD_FIPS_RAND src_libwolfssl_la_SOURCES += \ diff --git a/wolfcrypt/src/debug.c b/wolfcrypt/src/wc_debug.c similarity index 94% rename from wolfcrypt/src/debug.c rename to wolfcrypt/src/wc_debug.c index d8e113198..a36ac5164 100644 --- a/wolfcrypt/src/debug.c +++ b/wolfcrypt/src/wc_debug.c @@ -1,4 +1,4 @@ -/* debug.c +/* wc_debug.c * * Copyright (C) 2006-2020 wolfSSL Inc. * @@ -24,10 +24,12 @@ #include #endif +#include #include #include #include -#include + +#ifdef HAVE_WC_INTROSPECTION WOLFSSL_API const char *libwolfssl_configure_args(void) { #ifdef LIBWOLFSSL_CONFIGURE_ARGS @@ -47,10 +49,12 @@ WOLFSSL_API const char *libwolfssl_global_cflags(void) { #endif } +#endif /* HAVE_WC_INTROSPECTION */ + #ifdef HAVE_STACK_SIZE_VERBOSE WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack = NULL; WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize = 0; WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM = 0; WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr = 0; WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0; -#endif +#endif /* HAVE_STACK_SIZE_VERBOSE */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 0001c11fb..4bf7aa4ec 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -221,9 +221,6 @@ #include -WOLFSSL_API const char *libwolfssl_configure_args(void); -WOLFSSL_API const char *libwolfssl_global_cflags(void); - #ifdef WOLFSSL_USER_SETTINGS #include "user_settings.h" #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) @@ -231,6 +228,10 @@ WOLFSSL_API const char *libwolfssl_global_cflags(void); #include "wolfSSL.wolfSSL_conf.h" #endif +#ifdef HAVE_WC_INTROSPECTION +WOLFSSL_API const char *libwolfssl_configure_args(void); +WOLFSSL_API const char *libwolfssl_global_cflags(void); +#endif /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS From 94d4ea3a575afefdb80389e47f0d6e0aa74f2d37 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 26 Oct 2020 17:16:02 -0500 Subject: [PATCH 06/12] examples/client/client.c:client_usage_msg[][]: add correct sensing and reporting of WOLFSSL_SP_4096. --- examples/client/client.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index 2265afbec..41997881d 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -955,7 +955,9 @@ static const char* client_usage_msg[][66] = { #ifdef NO_RSA "RSA not supported\n", /* 2 */ #elif defined(WOLFSSL_SP_MATH) /* case of SP math only */ -#ifndef WOLFSSL_SP_NO_3072 +#ifdef WOLFSSL_SP_4096 + "4096\n", /* 2 */ +#elif !defined(WOLFSSL_SP_NO_3072) "3072\n", /* 2 */ #elif !defined(WOLFSSL_SP_NO_2048) "2048\n", /* 2 */ From 94a3f86dcd52e45b7c67c0f2613455025d23ebd0 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 26 Oct 2020 17:21:20 -0500 Subject: [PATCH 07/12] scripts/ocsp-stapling*.test: check if IPv6 is supported by the installed openssl and nc executables, and if not, don't attempt to wrestle the version. with no IPv6 support, and an --enable-ipv6 wolfssl build, skip the test entirely. also, restore a couple -b (bind-all-interfaces) flags to examples/server/server recipes in case that's useful. --- scripts/ocsp-stapling.test | 20 +++++++++++++++++--- scripts/ocsp-stapling2.test | 10 ++++++++++ 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index c6d334a12..28a75d41c 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -16,12 +16,26 @@ if [ $? -eq 0 ]; then exit 0 fi +if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 0 + fi LOCALHOST='::1' V4V6=-6 else LOCALHOST='127.0.0.1' - V4V6=-4 + if [[ "$IPV6_SUPPORTED" == "yes" ]]; then + V4V6=-4 + else + V4V6= + fi fi PARENTDIR="$PWD" @@ -208,7 +222,7 @@ port3=$(get_first_free_port $((port2 + 1))) # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ printf '%s\n' "ready file: $ready_file" -./examples/server/server -p $port1 -o -R $ready_file & +./examples/server/server -b -p $port1 -o -R $ready_file & wolf_pid=$! wait_for_readyFile $ready_file $wolf_pid $port1 if [ ! -f $ready_file ]; then @@ -232,7 +246,7 @@ fi # create a port to use with openssl ocsp responder -./examples/server/server -p $port2 -R $ready_file & +./examples/server/server -b -p $port2 -R $ready_file & wolf_pid2=$! wait_for_readyFile $ready_file $wolf_pid2 $port2 if [ ! -f $ready_file ]; then diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 4c964c21d..55c0c716a 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -24,7 +24,17 @@ if [ $? -eq 0 ]; then exit 0 fi +if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 0 + fi LOCALHOST='[::1]' LOCALHOST_FOR_NC='-6 ::1' else From 0568ec304f4f1f06aad299e178a4ad28cc827365 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Mon, 26 Oct 2020 18:24:18 -0500 Subject: [PATCH 08/12] pass -4 flag to openssl and nc only when IPV6_SUPPORTED. --- scripts/ocsp-stapling.test | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 28a75d41c..97ba28a92 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -27,15 +27,19 @@ if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' exit 0 fi - LOCALHOST='::1' - V4V6=-6 + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='::1' + V4V6=6 + V4V6_FLAG=-6 else LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' if [[ "$IPV6_SUPPORTED" == "yes" ]]; then - V4V6=-4 + V4V6_FLAG=-4 else - V4V6= + V4V6_FLAG= fi + V4V6=4 fi PARENTDIR="$PWD" @@ -204,7 +208,7 @@ get_first_free_port() { if [[ "$ret" -ge 65536 ]]; then ret=1024 fi - if ! nc -z $V4V6 $LOCALHOST "$ret"; then + if ! nc -z $V4V6_FLAG $LOCALHOST_FOR_NC "$ret"; then break fi ret=$((ret+1)) @@ -230,7 +234,7 @@ if [ ! -f $ready_file ]; then exit 1 else # should fail if ocspstapling is also enabled - echo "hi" | openssl s_client -status -connect [${LOCALHOST}]:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem if [ $? -eq 0 ]; then printf '%s\n' "Succeeded when should have failed" remove_single_rF $ready_file @@ -268,7 +272,7 @@ server=login.live.com #ca=certs/external/baltimore-cybertrust-root.pem ca=certs/external/ca_collection.pem -if [[ "$V4V6" == "-4" ]]; then +if [[ "$V4V6" == "4" ]]; then ./examples/client/client -C -h $server -p 443 -A $ca -g -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 @@ -365,7 +369,7 @@ generate_port() { # Start OpenSSL server that has no OCSP responses to return generate_port -openssl s_server $V4V6 -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & +openssl s_server $V4V6_FLAG -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & openssl_pid=$! sleep 0.1 From a5d96721ac7c42c670b11e15db9fd035b7261c5d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 27 Oct 2020 12:39:49 -0500 Subject: [PATCH 09/12] wolfcrypt/src: remove wc_debug.c and move its contents to logging.c. --- CMakeLists.txt | 1 - configure.ac | 1 - src/include.am | 5 ---- wolfcrypt/src/logging.c | 36 ++++++++++++++++++++++++ wolfcrypt/src/wc_debug.c | 60 ---------------------------------------- 5 files changed, 36 insertions(+), 67 deletions(-) delete mode 100644 wolfcrypt/src/wc_debug.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 0e64d0274..690ed9f5c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -110,7 +110,6 @@ add_library(wolfssl wolfcrypt/src/cryptocb.c wolfcrypt/src/curve25519.c wolfcrypt/src/curve448.c - wolfcrypt/src/wc_debug.c wolfcrypt/src/des3.c wolfcrypt/src/dh.c wolfcrypt/src/dsa.c diff --git a/configure.ac b/configure.ac index 5d59f4ca8..6a2742de2 100644 --- a/configure.ac +++ b/configure.ac @@ -5795,7 +5795,6 @@ then else WC_INTROSPECTION=no fi -AM_CONDITIONAL([BUILD_WC_DEBUG],[test "$WC_INTROSPECTION" = "yes"]) CREATE_HEX_VERSION AC_SUBST([AM_CPPFLAGS]) diff --git a/src/include.am b/src/include.am index f97f56aad..bb4fc1625 100644 --- a/src/include.am +++ b/src/include.am @@ -317,11 +317,6 @@ src_libwolfssl_la_SOURCES += \ wolfcrypt/src/wc_port.c \ wolfcrypt/src/error.c -if BUILD_WC_DEBUG -src_libwolfssl_la_SOURCES += \ - wolfcrypt/src/wc_debug.c -endif - if !BUILD_FIPS_RAND src_libwolfssl_la_SOURCES += \ wolfcrypt/src/wc_encrypt.c \ diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index bf2ae5085..2702d4db2 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -24,6 +24,10 @@ #include #endif +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif + #include #include @@ -111,6 +115,38 @@ static WC_INLINE double current_time(int reset) } #endif /* WOLFSSL_FUNC_TIME */ +#ifdef HAVE_WC_INTROSPECTION + +const char *libwolfssl_configure_args(void) { +#ifdef LIBWOLFSSL_CONFIGURE_ARGS + /* the spaces on either side are to make matching simple and efficient. */ + return " " LIBWOLFSSL_CONFIGURE_ARGS " "; +#else + return NULL; +#endif +} + +WOLFSSL_API const char *libwolfssl_global_cflags(void) { +#ifdef LIBWOLFSSL_GLOBAL_CFLAGS + /* the spaces on either side are to make matching simple and efficient. */ + return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; +#else + return NULL; +#endif +} + +#endif /* HAVE_WC_INTROSPECTION */ + +#ifdef HAVE_STACK_SIZE_VERBOSE + +THREAD_LS_T unsigned char *StackSizeCheck_myStack = NULL; +THREAD_LS_T size_t StackSizeCheck_stackSize = 0; +THREAD_LS_T size_t StackSizeCheck_stackSizeHWM = 0; +THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr = 0; +THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0; + +#endif /* HAVE_STACK_SIZE_VERBOSE */ + #ifdef DEBUG_WOLFSSL /* Set these to default values initially. */ diff --git a/wolfcrypt/src/wc_debug.c b/wolfcrypt/src/wc_debug.c deleted file mode 100644 index a36ac5164..000000000 --- a/wolfcrypt/src/wc_debug.c +++ /dev/null @@ -1,60 +0,0 @@ -/* wc_debug.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include -#include - -#ifdef HAVE_WC_INTROSPECTION - -WOLFSSL_API const char *libwolfssl_configure_args(void) { -#ifdef LIBWOLFSSL_CONFIGURE_ARGS - /* the spaces on either side are to make matching simple and efficient. */ - return " " LIBWOLFSSL_CONFIGURE_ARGS " "; -#else - return NULL; -#endif -} - -WOLFSSL_API const char *libwolfssl_global_cflags(void) { -#ifdef LIBWOLFSSL_GLOBAL_CFLAGS - /* the spaces on either side are to make matching simple and efficient. */ - return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; -#else - return NULL; -#endif -} - -#endif /* HAVE_WC_INTROSPECTION */ - -#ifdef HAVE_STACK_SIZE_VERBOSE -WOLFSSL_API THREAD_LS_T unsigned char *StackSizeCheck_myStack = NULL; -WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSize = 0; -WOLFSSL_API THREAD_LS_T size_t StackSizeCheck_stackSizeHWM = 0; -WOLFSSL_API THREAD_LS_T size_t *StackSizeCheck_stackSizeHWM_ptr = 0; -WOLFSSL_API THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0; -#endif /* HAVE_STACK_SIZE_VERBOSE */ From 139b0431cb1dd638bbf5efba107be0bc2b9d09fa Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 27 Oct 2020 14:23:55 -0500 Subject: [PATCH 10/12] ocsp-stapling*.test: prefix waited servers with "timeout 60" to avoid deadlock failure modes; grep output from "openssl s_client" in "test interop fail case" for expected error message ("self signed certificate in certificate chain"). --- scripts/ocsp-stapling.test | 8 ++++---- scripts/ocsp-stapling2.test | 2 +- scripts/openssl.test | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 97ba28a92..0d93dda92 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -226,7 +226,7 @@ port3=$(get_first_free_port $((port2 + 1))) # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ printf '%s\n' "ready file: $ready_file" -./examples/server/server -b -p $port1 -o -R $ready_file & +timeout 60 ./examples/server/server -b -p $port1 -o -R $ready_file & wolf_pid=$! wait_for_readyFile $ready_file $wolf_pid $port1 if [ ! -f $ready_file ]; then @@ -234,9 +234,9 @@ if [ ! -f $ready_file ]; then exit 1 else # should fail if ocspstapling is also enabled - echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem - if [ $? -eq 0 ]; then - printf '%s\n' "Succeeded when should have failed" + echo "hi" | openssl s_client -status $V4V6_FLAG -connect ${LOCALHOST}:$port1 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1 | tee /dev/stderr | fgrep -q 'self signed certificate in certificate chain' + if [ $? -neq 0 ]; then + printf '%s\n' "Expected verification error from s_client is missing." remove_single_rF $ready_file exit 1 fi diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 55c0c716a..c8787ec7d 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -425,7 +425,7 @@ fi printf '%s\n\n' "Test successful" printf '%s\n\n' "------------- TEST CASE 8 SHOULD REVOKE ----------------------" remove_single_rF $ready_file5 -./examples/server/server -c certs/ocsp/server4-cert.pem \ +timeout 60 ./examples/server/server -c certs/ocsp/server4-cert.pem \ -k certs/ocsp/server4-key.pem -R $ready_file5 \ -p $port5 -H loadSSL & server_pid5=$! diff --git a/scripts/openssl.test b/scripts/openssl.test index ed5cd2d85..059d9f551 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -204,7 +204,7 @@ start_wolfssl_server() { echo "# $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL" $WOLFSSL_SERVER -p $server_port $wolfssl_cert $wolfssl_key $wolfssl_caCert -g -v d -x -i $psk $crl -l ALL & server_pid=$! - # wait to see if s_server successfully starts before continuing + # wait to see if server successfully starts before continuing sleep 0.1 check_process_running From fda84576b0bdda6d40708804c92ae48822d8a9fa Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 27 Oct 2020 18:38:29 -0500 Subject: [PATCH 11/12] name the new introspection routines wolfSSL_configure_args() and wolfSSL_global_cflags() for consistency, and move the prototypes to logging.h. --- examples/client/client.c | 4 ++-- examples/server/server.c | 4 ++-- linuxkm/Kbuild | 4 ++-- wolfcrypt/src/logging.c | 4 ++-- wolfssl/wolfcrypt/logging.h | 4 ++++ wolfssl/wolfcrypt/settings.h | 5 ----- 6 files changed, 12 insertions(+), 13 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 41997881d..75e9d7e21 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2131,7 +2131,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) case '@' : { #ifdef HAVE_WC_INTROSPECTION - const char *conf_args = libwolfssl_configure_args(); + const char *conf_args = wolfSSL_configure_args(); if (conf_args) { puts(conf_args); XEXIT_T(EXIT_SUCCESS); @@ -2148,7 +2148,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) case '#' : { #ifdef HAVE_WC_INTROSPECTION - const char *cflags = libwolfssl_global_cflags(); + const char *cflags = wolfSSL_global_cflags(); if (cflags) { puts(cflags); XEXIT_T(EXIT_SUCCESS); diff --git a/examples/server/server.c b/examples/server/server.c index 686a210ab..0bd6efd2c 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1561,7 +1561,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case '@' : { #ifdef HAVE_WC_INTROSPECTION - const char *conf_args = libwolfssl_configure_args(); + const char *conf_args = wolfSSL_configure_args(); if (conf_args) { puts(conf_args); XEXIT_T(EXIT_SUCCESS); @@ -1578,7 +1578,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case '#' : { #ifdef HAVE_WC_INTROSPECTION - const char *cflags = libwolfssl_global_cflags(); + const char *cflags = wolfSSL_global_cflags(); if (cflags) { puts(cflags); XEXIT_T(EXIT_SUCCESS); diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index b5faf6976..5909a1e2a 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -76,12 +76,12 @@ $(obj)/wolfcrypt/src/aes_asm.o: OBJECT_FILES_NON_STANDARD := y $(obj)/wolfcrypt/src/aes_gcm_asm.o: OBJECT_FILES_NON_STANDARD := y # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. -# exclude symbols that don't match wc_*, wolf*, or libwolf*. +# exclude symbols that don't match wc_* or wolf*. $(src)/linuxkm/module_exports.c: $(src)/linuxkm/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) @cp $< $@ @readelf --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \ awk '/^ *[0-9]+: / { \ - if ($$8 !~ /^(wc_|wolf|libwolf)/){next;} \ + if ($$8 !~ /^(wc_|wolf)/){next;} \ if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { \ print "EXPORT_SYMBOL_NS(" $$8 ", WOLFSSL);"; \ } \ diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 2702d4db2..d61601151 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -117,7 +117,7 @@ static WC_INLINE double current_time(int reset) #ifdef HAVE_WC_INTROSPECTION -const char *libwolfssl_configure_args(void) { +const char *wolfSSL_configure_args(void) { #ifdef LIBWOLFSSL_CONFIGURE_ARGS /* the spaces on either side are to make matching simple and efficient. */ return " " LIBWOLFSSL_CONFIGURE_ARGS " "; @@ -126,7 +126,7 @@ const char *libwolfssl_configure_args(void) { #endif } -WOLFSSL_API const char *libwolfssl_global_cflags(void) { +const char *wolfSSL_global_cflags(void) { #ifdef LIBWOLFSSL_GLOBAL_CFLAGS /* the spaces on either side are to make matching simple and efficient. */ return " " LIBWOLFSSL_GLOBAL_CFLAGS " "; diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h index 3dcd7de29..a6438cc2f 100644 --- a/wolfssl/wolfcrypt/logging.h +++ b/wolfssl/wolfcrypt/logging.h @@ -100,6 +100,10 @@ WOLFSSL_API int wolfSSL_Debugging_ON(void); /* turn logging off */ WOLFSSL_API void wolfSSL_Debugging_OFF(void); +#ifdef HAVE_WC_INTROSPECTION + WOLFSSL_API const char *wolfSSL_configure_args(void); + WOLFSSL_API const char *wolfSSL_global_cflags(void); +#endif #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) WOLFSSL_LOCAL int wc_LoggingInit(void); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 4bf7aa4ec..4a2e3f9ee 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -228,11 +228,6 @@ #include "wolfSSL.wolfSSL_conf.h" #endif -#ifdef HAVE_WC_INTROSPECTION -WOLFSSL_API const char *libwolfssl_configure_args(void); -WOLFSSL_API const char *libwolfssl_global_cflags(void); -#endif - /* make sure old RNG name is used with CTaoCrypt FIPS */ #ifdef HAVE_FIPS #if !defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2) From 7d177e78d7a8600c0137a10d1b85d7220931360e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 28 Oct 2020 17:17:06 -0500 Subject: [PATCH 12/12] don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c). --- configure.ac | 20 ++++++-------------- wolfcrypt/src/logging.c | 4 ---- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/configure.ac b/configure.ac index 6a2742de2..383b4f8be 100644 --- a/configure.ac +++ b/configure.ac @@ -5791,9 +5791,7 @@ if test "$ax_enable_debug" = "yes" || test "$ENABLED_LEANPSK" = "no" && test "$ENABLED_LOWRESOURCE" = "no") then - WC_INTROSPECTION=yes -else - WC_INTROSPECTION=no + AM_CFLAGS="$AM_CFLAGS -DHAVE_WC_INTROSPECTION" fi CREATE_HEX_VERSION @@ -5845,17 +5843,6 @@ echo "extern \"C\" {" >> $OPTION_FILE echo "#endif" >> $OPTION_FILE echo "" >> $OPTION_FILE -echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" >> $OPTION_FILE -echo >> $OPTION_FILE -echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\"" >> $OPTION_FILE -echo >> $OPTION_FILE - -if test "$WC_INTROSPECTION" = "yes" -then - echo "#define HAVE_WC_INTROSPECTION" >> $OPTION_FILE - echo >> $OPTION_FILE -fi - for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS; do defonly=`echo $option | sed 's/^-D//'` if test "$defonly" != "$option" @@ -6111,6 +6098,11 @@ echo " * Crypto callbacks: $ENABLED_CRYPTOCB" echo "" echo "---" +echo >> config.h +echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" >> config.h +echo >> config.h +echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\"" >> config.h + ################################################################################ # Show warnings at bottom so they are noticed ################################################################################ diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index d61601151..738cc5419 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -24,10 +24,6 @@ #include #endif -#ifndef WOLFSSL_USER_SETTINGS - #include -#endif - #include #include