diff --git a/IDE/NETOS/Makefile.wolfcrypt.inc b/IDE/NETOS/Makefile.wolfcrypt.inc new file mode 100644 index 000000000..6de79e874 --- /dev/null +++ b/IDE/NETOS/Makefile.wolfcrypt.inc @@ -0,0 +1,18 @@ +WOLFSSL_ROOT=wolfCrypt_v4_5_2 +APP_WOLFCRYPTOBJS = $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_first.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/aes.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/cmac.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/des3.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/dh.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/ecc.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/hmac.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/random.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/rsa.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha256.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha3.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha512.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips_test.o\ + $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_last.o + diff --git a/IDE/NETOS/README.md b/IDE/NETOS/README.md new file mode 100644 index 000000000..581f98676 --- /dev/null +++ b/IDE/NETOS/README.md @@ -0,0 +1,21 @@ +Developer notes about files in this directory: + +NOTE: These files are for use with the wolfCrypt FIPS module and are not + intended or designed for use in a generic NETOS use-case. Adjustments + to the user_settings.h will be necessary for use in non-FIPS scenarios. + +Makefile.wolfcrypt.inc: +This was developed for a specific customer for inclusion by their recursive +Makefile solution. This file is to be included by the top level Makefile and is +used to preserve the FIPS module order when linked. + +user_settings.h: +For use with cert 3389: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3389 + +user_settings.h-cert2425: +DEPRECATED (preserved for posterity) +For use with expired cert 2425: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2425 + +wolfssl_netos_custom.c: +Functions in this file may be modified without risk of effecting the FIPS +validation, these APIs' are external to the FIPS module boundary. diff --git a/IDE/NETOS/include.am b/IDE/NETOS/include.am new file mode 100644 index 000000000..1df202b65 --- /dev/null +++ b/IDE/NETOS/include.am @@ -0,0 +1,10 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/NETOS/Makefile.wolfcrypt.inc +EXTRA_DIST+= IDE/NETOS/user_settings.h +EXTRA_DIST+= IDE/NETOS/user_settings.h-cert2425 +EXTRA_DIST+= IDE/NETOS/wolfssl_netos_custom.c +EXTRA_DIST+= IDE/NETOS/README.md + diff --git a/IDE/NETOS/user_settings.h b/IDE/NETOS/user_settings.h new file mode 100644 index 000000000..eef489737 --- /dev/null +++ b/IDE/NETOS/user_settings.h @@ -0,0 +1,630 @@ +/* user_settings.h +* +* Copyright (C) 2006-2021 wolfSSL Inc. +* +* This file is part of wolfSSL. +* +* wolfSSL is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* wolfSSL is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +*/ + +/* Custom wolfSSL user settings for GCC ARM */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_GENERAL_ALIGNMENT +#define WOLFSSL_GENERAL_ALIGNMENT 4 + +#undef THREADX +#define THREADX + +#ifndef TX_TIMER_TICKS_PER_SECOND + #define TX_TIMER_TICKS_PER_SECOND 100 +#endif + +#undef NETOS +#define NETOS + +#undef BIG_ENDIAN_ORDER +#define BIG_ENDIAN_ORDER + +#undef WOLFSSL_SMALL_STACK +//#define WOLFSSL_SMALL_STACK + +#undef WOLFSSL_USER_IO +//#define WOLFSSL_USER_IO + +#undef NO_THREAD_LS +#define NO_THREAD_LS + +/* ------------------------------------------------------------------------- */ +/* Math Configuration */ +/* ------------------------------------------------------------------------- */ +#undef SIZEOF_LONG_LONG +#define SIZEOF_LONG_LONG 8 + +#undef SIZEOF_LONG +#define SIZEOF_LONG 4 + +#undef USE_FAST_MATH +#if 1 + #define USE_FAST_MATH + + #undef TFM_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT + + /* Optimizations */ + #define TFM_ARM +#endif + +/* ------------------------------------------------------------------------- */ +/* FIPS - Requires eval or license from wolfSSL */ +/* ------------------------------------------------------------------------- */ +#undef HAVE_FIPS +#if 1 + #define HAVE_FIPS + + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION 2 + + #ifdef SINGLE_THREADED + #undef NO_THREAD_LS + #define NO_THREAD_LS + #endif + + #if 1 + #undef NO_ATTRIBUTE_CONSTRUCTOR + #define NO_ATTRIBUTE_CONSTRUCTOR + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Crypto */ +/* ------------------------------------------------------------------------- */ +/* RSA */ +#undef NO_RSA +#if 1 + #ifdef USE_FAST_MATH + /* Maximum math bits (Max RSA key bits * 2) */ + #undef FP_MAX_BITS + #define FP_MAX_BITS 8192 + #endif + + /* half as much memory but twice as slow */ + #undef RSA_LOW_MEM + //#define RSA_LOW_MEM + + /* Enables blinding mode, to prevent timing attacks */ + #if 0 + #undef WC_RSA_BLINDING + #define WC_RSA_BLINDING + #else + #undef WC_NO_HARDEN + #define WC_NO_HARDEN + #endif + + /* RSA PSS Support */ + #if 1 + #define WC_RSA_PSS + #endif + + #if 1 + #define WC_RSA_NO_PADDING + #endif +#else + #define NO_RSA +#endif + +/* ECC */ +#undef HAVE_ECC +#if 1 + #define HAVE_ECC + + /* Manually define enabled curves */ + #undef ECC_USER_CURVES + //#define ECC_USER_CURVES + + #ifdef ECC_USER_CURVES + /* Manual Curve Selection */ + //#define HAVE_ECC192 + //#define HAVE_ECC224 + #undef NO_ECC256 + //#define HAVE_ECC384 + //#define HAVE_ECC521 + #endif + + /* Fixed point cache (speeds repeated operations against same private key) */ + #undef FP_ECC + //#define FP_ECC + #ifdef FP_ECC + /* Bits / Entries */ + #undef FP_ENTRIES + #define FP_ENTRIES 2 + #undef FP_LUT + #define FP_LUT 4 + #endif + + /* Optional ECC calculation method */ + /* Note: doubles heap usage, but slightly faster */ + #undef ECC_SHAMIR + #define ECC_SHAMIR + + /* Reduces heap usage, but slower */ + #undef ECC_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + + #ifdef HAVE_FIPS + #undef HAVE_ECC_CDH + #define HAVE_ECC_CDH /* Enable cofactor support */ + + #undef NO_STRICT_ECDSA_LEN + #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */ + + #undef WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */ + #endif + + /* Compressed Key Support */ + #undef HAVE_COMP_KEY + //#define HAVE_COMP_KEY + + /* Use alternate ECC size for ECC math */ + #ifdef USE_FAST_MATH + /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */ + #ifdef NO_RSA + /* Custom fastmath size if not using RSA */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (256 * 2) + #else + #undef ALT_ECC_SIZE + #define ALT_ECC_SIZE + /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */ + //#undef FP_MAX_BITS_ECC + //#define FP_MAX_BITS_ECC (256 * 2) + #endif + + /* Speedups specific to curve */ + #ifndef NO_ECC256 + #undef TFM_ECC256 + #define TFM_ECC256 + #endif + #endif +#endif + +/* DH */ +#undef NO_DH +#if 1 + /* Use table for DH instead of -lm (math) lib dependency */ + #if 1 + #define WOLFSSL_DH_CONST + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_4096 + //#define HAVE_FFDHE_6144 + //#define HAVE_FFDHE_8192 + #endif + + #ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q + #endif +#else + #define NO_DH +#endif + + +/* AES */ +#undef NO_AES +#if 1 + #undef HAVE_AES_CBC + #define HAVE_AES_CBC + + #undef HAVE_AESGCM + #define HAVE_AESGCM + + /* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */ + // #define GCM_SMALL + // #define GCM_WORD32 + #define GCM_TABLE + + #undef WOLFSSL_AES_DIRECT + #define WOLFSSL_AES_DIRECT + + #undef HAVE_AES_ECB + #define HAVE_AES_ECB + + #undef WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_COUNTER + + #undef HAVE_AESCCM + #define HAVE_AESCCM +#else + #define NO_AES +#endif + + +/* DES3 */ +#undef NO_DES3 +#if 1 + /* No change */ +#else + #define NO_DES3 +#endif + +/* ChaCha20 / Poly1305 */ +#undef HAVE_CHACHA +#undef HAVE_POLY1305 +#if 0 + #define HAVE_CHACHA + #define HAVE_POLY1305 + + /* Needed for Poly1305 */ + #undef HAVE_ONE_TIME_AUTH + #define HAVE_ONE_TIME_AUTH +#endif + +/* Ed25519 / Curve25519 */ +#undef HAVE_CURVE25519 +#undef HAVE_ED25519 +#if 0 + #define HAVE_CURVE25519 + #define HAVE_ED25519 /* ED25519 Requires SHA512 */ + + /* Optionally use small math (less flash usage, but much slower) */ + #if 1 + #define CURVED25519_SMALL + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------------------------------- */ +/* Sha */ +#undef NO_SHA +#if 1 + /* 1k smaller, but 25% slower */ + //#define USE_SLOW_SHA +#else + #define NO_SHA +#endif + +/* Sha256 */ +#undef NO_SHA256 +#if 1 + /* not unrolled - ~2k smaller and ~25% slower */ + //#define USE_SLOW_SHA256 + + /* Sha224 */ + #if 1 + #define WOLFSSL_SHA224 + #endif +#else + #define NO_SHA256 +#endif + +/* Sha512 */ +#undef WOLFSSL_SHA512 +#if 1 + #define WOLFSSL_SHA512 + + /* Sha384 */ + #undef WOLFSSL_SHA384 + #if 1 + #define WOLFSSL_SHA384 + #endif + + /* over twice as small, but 50% slower */ + //#define USE_SLOW_SHA512 +#endif + +/* Sha3 */ +#undef WOLFSSL_SHA3 +#if 1 + #define WOLFSSL_SHA3 +#endif + +/* MD5 */ +#undef NO_MD5 +#if 1 + /* No change */ +#else + #define NO_MD5 +#endif + +/* HKDF */ +#undef HAVE_HKDF +#if 1 + #define HAVE_HKDF +#endif + +/* CMAC */ +#undef WOLFSSL_CMAC +#if 1 + #define WOLFSSL_CMAC +#endif + + +/* ------------------------------------------------------------------------- */ +/* Benchmark / Test */ +/* ------------------------------------------------------------------------- */ +/* Use reduced benchmark / test sizes */ +#undef BENCH_EMBEDDED +#define BENCH_EMBEDDED + +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 + +#undef USE_CERT_BUFFERS_1024 +//#define USE_CERT_BUFFERS_1024 + +#undef USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_256 + +#undef FORCE_BUFFER_TEST +#define FORCE_BUFFER_TEST + + +/* ------------------------------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------------------------------- */ + +#undef DEBUG_WOLFSSL +#undef NO_ERROR_STRINGS +#if 0 + #define DEBUG_WOLFSSL +#else + #if 0 + #define NO_ERROR_STRINGS + #endif +#endif + + +/* ------------------------------------------------------------------------- */ +/* Memory */ +/* ------------------------------------------------------------------------- */ + +/* Override Memory API's */ +#if 0 + #undef XMALLOC_OVERRIDE + #define XMALLOC_OVERRIDE + + /* prototypes for user heap override functions */ + /* Note: Realloc only required for normal math */ + #include /* for size_t */ + extern void *myMalloc(size_t n, void* heap, int type); + extern void myFree(void *p, void* heap, int type); + extern void *myRealloc(void *p, size_t n, void* heap, int type); + + #define XMALLOC(n, h, t) myMalloc(n, h, t) + #define XFREE(p, h, t) myFree(p, h, t) + #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) +#endif + +#if 0 + /* Static memory requires fast math */ + #define WOLFSSL_STATIC_MEMORY + + /* Disable fallback malloc/free */ + #define WOLFSSL_NO_MALLOC + #if 1 + #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ + #endif +#endif + +/* Memory callbacks */ +#if 1 + #undef USE_WOLFSSL_MEMORY + #define USE_WOLFSSL_MEMORY + + /* Use this to measure / print heap usage */ + #if 0 + #undef WOLFSSL_TRACK_MEMORY + // #define WOLFSSL_TRACK_MEMORY + + #undef WOLFSSL_DEBUG_MEMORY + //#define WOLFSSL_DEBUG_MEMORY + + #undef WOLFSSL_DEBUG_MEMORY_PRINT + //#define WOLFSSL_DEBUG_MEMORY_PRINT + #endif +#else + #ifndef WOLFSSL_STATIC_MEMORY + #define NO_WOLFSSL_MEMORY + /* Otherwise we will use stdlib malloc, free and realloc */ + #endif +#endif + +/* ------------------------------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------------------------------- */ + +/* Seed Source */ +/* Seed Source */ +#if 1 + extern int my_rng_generate_seed(unsigned char* output, int sz); + #undef CUSTOM_RAND_GENERATE_SEED + #define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed +#endif + +/* NETOS */ +#if 0 + extern unsigned char get_byte_from_pool(void); + #define CUSTOM_RAND_GENERATE get_byte_from_pool + #define CUSTOM_RAND_TYPE unsigned char +#endif + +/* Choose RNG method */ +#if 1 + /* Use built-in P-RNG (SHA256 based) with HW RNG */ + /* P-RNG + HW RNG (P-RNG is ~8K) */ + //#define WOLFSSL_GENSEED_FORTEST + #undef HAVE_HASHDRBG + #define HAVE_HASHDRBG +#else + #undef WC_NO_HASHDRBG + #define WC_NO_HASHDRBG + + /* Bypass P-RNG and use only HW RNG */ + extern int my_rng_gen_block(unsigned char* output, unsigned int sz); + #undef CUSTOM_RAND_GENERATE_BLOCK + #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block +#endif + +/* ------------------------------------------------------------------------- */ +/* Enable Features */ +/* ------------------------------------------------------------------------- */ +#undef WOLFSSL_TLS13 +#if 0 + #define WOLFSSL_TLS13 +#endif + +#undef WOLFSSL_KEY_GEN +#if 1 + #define WOLFSSL_KEY_GEN +#endif + +#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN) + #define WOLFSSL_OLD_PRIME_CHECK +#endif + +#undef KEEP_PEER_CERT +//#define KEEP_PEER_CERT + +#undef HAVE_COMP_KEY +//#define HAVE_COMP_KEY + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_SUPPORTED_CURVES +#define HAVE_SUPPORTED_CURVES + +#undef WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE64_ENCODE + +/* TLS Session Cache */ +#if 0 + #define SMALL_SESSION_CACHE +#else + #define NO_SESSION_CACHE +#endif + + +/* ------------------------------------------------------------------------- */ +/* Disable Features */ +/* ------------------------------------------------------------------------- */ +#undef NO_WOLFSSL_SERVER +//#define NO_WOLFSSL_SERVER + +#undef NO_WOLFSSL_CLIENT +//#define NO_WOLFSSL_CLIENT + +#undef NO_CRYPT_TEST +//#define NO_CRYPT_TEST + +#undef NO_CRYPT_BENCHMARK +//#define NO_CRYPT_BENCHMARK + +#undef WOLFCRYPT_ONLY +//#define WOLFCRYPT_ONLY + +/* In-lining of misc.c functions */ +/* If defined, must include wolfcrypt/src/misc.c in build */ +/* Slower, but about 1k smaller */ +#undef NO_INLINE +//#define NO_INLINE + +#undef NO_FILESYSTEM +#define NO_FILESYSTEM + +#undef NO_WOLFSSL_DIR +#define NO_WOLFSSL_DIR + +#undef NO_WRITEV +#define NO_WRITEV + +#undef NO_MAIN_DRIVER +#define NO_MAIN_DRIVER + +#undef NO_DEV_RANDOM +#define NO_DEV_RANDOM + +#undef NO_DSA +#define NO_DSA + +#undef NO_RC4 +#define NO_RC4 + +#undef NO_OLD_TLS +#define NO_OLD_TLS + +#undef NO_HC128 +#define NO_HC128 + +#undef NO_RABBIT +#define NO_RABBIT + +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + +#undef NO_PWDBASED +//#define NO_PWDBASED + +#undef NO_CODING +//#define NO_CODING + +#undef NO_ASN_TIME +//#define NO_ASN_TIME + +#undef NO_CERTS +//#define NO_CERTS + +#undef NO_SIG_WRAPPER +//#define NO_SIG_WRAPPER + +/* ACVP Testing ONLY specific settings */ +#if 0 + #undef USE_NORMAL_PRINTF + #define USE_NORMAL_PRINTF + + #undef USE_UART_READ_LINE + #define USE_UART_READ_LINE + + #undef USE_SMALL_MONTE + #define USE_SMALL_MONTE + + #undef WOLFSSL_PUBLIC_MP + #define WOLFSSL_PUBLIC_MP + + #undef HAVE_FORCE_FIPS_FAILURE + #define HAVE_FORCE_FIPS_FAILURE +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/IDE/NETOS/user_settings.h-cert2425 b/IDE/NETOS/user_settings.h-cert2425 new file mode 100644 index 000000000..bc6ffa6a9 --- /dev/null +++ b/IDE/NETOS/user_settings.h-cert2425 @@ -0,0 +1,177 @@ +#ifndef _NETOS_USER_SETTINGS_H_ +#define _NETOS_USER_SETTINGS_H_ + +/* Verify this is NetOS */ +/* +#ifndef _NETOS +#error This user_settings.h header is only designed for NetOS +#endif +*/ + +/* Configurations */ +#if defined(HAVE_FIPS) +#if defined(WOLFSSL_LIB) + #define HAVE_FIPS_VERSION 2 + /* The FIPS lib */ + #define THREADX + #define BIG_ENDIAN_ORDER + #define NO_WRITEV + #define NO_WOLFSSL_DIR +#if 0 + #define DEBUG_WOLFSSL +#endif + #define NO_DEV_RANDOM + #define NETOS + #define NO_FILESYSTEM + #define FORCE_BUFFER_TEST + /* wolfSSL FIPS TESTING UPDATES : */ + #define NO_ATTRIBUTE_CONSTRUCTOR + #define NO_THREAD_LS + #define NO_WOLFSSL_STUB + #define WOLFSSL_KEY_GEN + #define HAVE_FORCE_FIPS_FAILURE + #define USE_CERT_BUFFERS_1024 /* for the op-tests */ + #define USE_CERT_BUFFERS_256 /* for the op-tests */ + + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define HAVE_AESGCM + #define WOLFSSL_SHA512 + #define WOLFSSL_SHA384 + #define NO_DSA + #define HAVE_ECC + #define TFM_ECC256 + #define ECC_SHAMIR + #define WOLFSSL_BASE64_ENCODE + #define NO_RC4 + #define NO_HC128 + #define NO_RABBIT + #define HAVE_HASHDRBG + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_EXTENDED_MASTER + #define NO_PSK + #define NO_MD4 + #define NO_PWDBASED + #define USE_FAST_MATH + #define WC_NO_ASYNC_THREADING + + #define WC_RSAKEY_TYPE_DEFINED + #define WC_RNG_TYPE_DEFINED + + #define NO_TESTSUITE_MAIN_DRIVER + #define NO_MAIN_DRIVER + + extern unsigned char get_byte_from_pool(void); + #define CUSTOM_RAND_GENERATE get_byte_from_pool + #define CUSTOM_RAND_TYPE unsigned char + + #define OPENSSL_EXTRA + #define HAVE_LIGHTY + #define WOLFSSL_AES_DIRECT + + #define WOLFSSL_MYSQL_COMPATIBLE +#else + /* The FIPS apps */ + #define HAVE_FIPS_VERSION 2 + #define THREADX + #define BIG_ENDIAN_ORDER + #define NO_WRITEV + #define NO_WOLFSSL_DIR +#if 0 + #define DEBUG_WOLFSSL +#endif + #define NO_DEV_RANDOM + #define NETOS + #define NO_FILESYSTEM + #define FORCE_BUFFER_TEST +/* wolfSSL FIPS TESTING UPDATES : */ + #define NO_ATTRIBUTE_CONSTRUCTOR + #define NO_THREAD_LS + #define NO_WOLFSSL_STUB + #define WOLFSSL_KEY_GEN + #define HAVE_FORCE_FIPS_FAILURE + #define USE_CERT_BUFFERS_2048 /* for the op-tests */ + #define USE_CERT_BUFFERS_256 /* for the op-tests */ + + #define TFM_TIMING_RESISTANT + #define ECC_TIMING_RESISTANT + #define WC_RSA_BLINDING + #define HAVE_AESGCM + #define WOLFSSL_SHA512 + #define WOLFSSL_SHA384 + #define NO_DSA + #define HAVE_ECC + #define TFM_ECC256 + #define ECC_SHAMIR + #define WOLFSSL_BASE64_ENCODE + #define NO_RC4 + #define NO_HC128 + #define NO_RABBIT + #define HAVE_HASHDRBG + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_EXTENDED_MASTER + #define NO_PSK + #define NO_MD4 + #define NO_PWDBASED + #define USE_FAST_MATH + #define WC_NO_ASYNC_THREADING + + #define WC_RSAKEY_TYPE_DEFINED + #define WC_RNG_TYPE_DEFINED + + #define NO_TESTSUITE_MAIN_DRIVER + #define NO_MAIN_DRIVER + + + + #define OPENSSL_EXTRA + #define HAVE_LIGHTY + #define WOLFSSL_AES_DIRECT + + #define WOLFSSL_MYSQL_COMPATIBLE +#endif +#else /* HAVE_FIPS */ +#if defined(WOLFSSL_LIB) + /* The NON-FIPS lib */ + #define THREADX + #define BIG_ENDIAN_ORDER +#if 0 + #define OPENSSL_EXTRA +#endif + #define WOLFSSL_RIPEMD + #define WOLFSSL_SHA512 + #define NO_PSK + #define HAVE_EXTENDED_MASTER + #define WOLFSSL_SNIFFER + #define HAVE_TLS_EXTENSIONS + #define HAVE_SECURE_RENEGOTIATION + #define NO_WRITEV + #define NO_WOLFSSL_DIR + #define DEBUG_WOLFSSL + #define NO_DEV_RANDOM + #define NETOS + #define NO_FILESYSTEM +#else + /* The NON-FIPS apps */ + #define THREADX + #define BIG_ENDIAN_ORDER +#if 0 + #define OPENSSL_EXTRA +#endif + #define NO_PSK + #define HAVE_EXTENDED_MASTER + #define WOLFSSL_SNIFFER + #define HAVE_SECURE_RENEGOTIATION + #define NO_WRITEV + #define NO_WOLFSSL_DIR + #define WOLFSSL_NO_CURRDIR + #define DEBUG_WOLFSSL + #define NETOS + #define NO_FILESYSTEM +#endif +#endif /* HAVE_FIPS */ + +#endif /* _NETOS_USER_SETTINGS_H_ */ diff --git a/IDE/NETOS/wolfssl_netos_custom.c b/IDE/NETOS/wolfssl_netos_custom.c new file mode 100644 index 000000000..2094cf6b4 --- /dev/null +++ b/IDE/NETOS/wolfssl_netos_custom.c @@ -0,0 +1,97 @@ +/* wolfssl_netos_custom.c + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include +#include +#include +#include + +int dc_log_printf(char* format, ...); + +#if BSP_SIGMA == 0 +int dc_log_printf(char* format, ...) +{ + va_list args; + + va_start(args, (format)); + + fflush(stdout); + vprintf(format, args); + fflush(stdout); + + va_end(args); + + return 0; +} +#endif + +unsigned char get_byte_from_pool(void) +{ + unsigned char out; + float density; + + /* Wait until pool has at least one byte */ + /* TODO: improve this */ + while (ent_get_byte_count() == 0) + tx_thread_sleep(1); + + /* Stop gathering entropy to avoid race conditions */ + ent_set_status(0); + + /* Pop a single byte from the pool and continue gathering entropy */ + ent_pop(&out, &density); + ent_set_status(1); + + return out; +} + +int my_rng_generate_seed(unsigned char* output, int sz) +{ + word32 i; + srand(get_byte_from_pool()); + + for (i = 0; i < sz; i++) { + output[i] = (unsigned char) rand(); + srand(get_byte_from_pool()); + } + + return 0; +} + +static void appFipsCb(int ok, int err, const char* hash) +{ + dc_log_printf("in appFipsCb Fips callback, ok = %d, err = %d\n", ok, err); + dc_log_printf("message = %s\n", wc_GetErrorString(err)); + dc_log_printf("hash = %s\n", hash); + + if (err == IN_CORE_FIPS_E) { + dc_log_printf("In core integrity hash check failure, copy above hash\n"); + dc_log_printf("into verifyCore[] in fips_test.c and rebuild\n"); + } +} + +void setAppFipsCb(void) +{ + wolfCrypt_SetCb_fips(appFipsCb); +} diff --git a/IDE/include.am b/IDE/include.am index a75942f1e..b04eb3512 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -41,6 +41,7 @@ include IDE/QNX/include.am include IDE/WINCE/include.am include IDE/iotsafe/include.am include IDE/Android/include.am +include IDE/NETOS/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif EXTRA_DIST+= IDE/OPENSTM32/README.md diff --git a/examples/client/client.c b/examples/client/client.c index 15d1e5d3b..d0fc9fc88 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -2939,9 +2939,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) #ifndef NO_CERTS if (useClientCert && !loadCertKeyIntoSSLObj){ - #ifdef NO_FILESYSTEM - if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, client_cert_der_2048, - sizeof_client_cert_der_2048) != WOLFSSL_SUCCESS) + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys("can't load client cert buffer"); #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) diff --git a/examples/server/server.c b/examples/server/server.c index 60c1ab579..0b6ae2afc 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2282,9 +2282,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) #if !defined(NO_CERTS) if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) { - #ifdef NO_FILESYSTEM - if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048, - sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS) + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert buffer"); #elif !defined(TEST_LOAD_BUFFER) if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) @@ -2575,9 +2576,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) /* Support for loading private key and cert using WOLFSSL object */ #if !defined(NO_CERTS) if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) { - #ifdef NO_FILESYSTEM - if (wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, - sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS) + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_use_certificate_chain_buffer_format(ssl, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert buffer"); #elif !defined(TEST_LOAD_BUFFER) if (SSL_use_certificate_chain_file(ssl, ourCert) diff --git a/src/ssl.c b/src/ssl.c index b2b79c3bb..8ad411ba5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29168,10 +29168,12 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i return (WOLFSSL_CIPHER*)wolfSSL_sk_value(sk, i); } +#if !defined(NETOS) WOLFSSL_API void ERR_load_SSL_strings(void) { } +#endif #ifdef HAVE_OCSP WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp) @@ -58793,7 +58795,7 @@ int wolfSSL_RAND_write_file(const char* fname) #ifndef FREERTOS_TCP /* These constant values are protocol values made by egd */ -#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) +#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(NETOS) #define WOLFSSL_EGD_NBLOCK 0x01 #include #endif diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index ab59efb2e..315bcec64 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -162,6 +162,7 @@ int testsuite_test(int argc, char** argv) simple_test(&server_args); #endif if (server_args.return_code != 0) return server_args.return_code; +#if !defined(NETOS) /* Echo input wolfSSL client server test */ #ifdef HAVE_STACK_SIZE StackSizeCheck_launch(&server_args, echoserver_test, &serverThread, @@ -194,12 +195,15 @@ int testsuite_test(int argc, char** argv) cleanup_output(); return server_args.return_code; } +#endif /* !NETOS */ show_ciphers(); +#if !defined(NETOS) ret = validate_cleanup_output(); if (ret != 0) return EXIT_FAILURE; +#endif wolfSSL_Cleanup(); FreeTcpReady(&ready); @@ -415,6 +419,16 @@ void wait_tcp_ready(func_args* args) args->signal->ready = 0; /* reset */ pthread_mutex_unlock(&args->signal->mutex); +#elif defined(NETOS) + (void)tx_mutex_get(&args->signal->mutex, TX_WAIT_FOREVER); + + /* TODO: + * if (!args->signal->ready) + * pthread_cond_wait(&args->signal->cond, &args->signal->mutex); + * args->signal->ready = 0; */ + + (void)tx_mutex_put(&args->signal->mutex); + #else (void)args; #endif @@ -443,6 +457,49 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread) printf("Failed to create new Task\n"); } Task_yield(); +#elif defined(NETOS) + /* This can be adjusted by defining in user_settings.h, will default to 65k + * in the event it is undefined */ + #ifndef TESTSUITE_THREAD_STACK_SZ + #define TESTSUITE_THREAD_STACK_SZ 65535 + #endif + int result; + static void * TestSuiteThreadStack = NULL; + + /* Assume only one additional thread is created concurrently. */ + if (TestSuiteThreadStack == NULL) + { + TestSuiteThreadStack = (void *)malloc(TESTSUITE_THREAD_STACK_SZ); + if (TestSuiteThreadStack == NULL) + { + printf ("Stack allocation failure.\n"); + return; + } + } + + memset (thread, 0, sizeof *thread); + + /* first create the idle thread: + * ARGS: + * Param1: pointer to thread + * Param2: name + * Param3 and 4: entry function and input + * Param5: pointer to thread stack + * Param6: stack size + * Param7 and 8: priority level and preempt threshold + * Param9 and 10: time slice and auto-start indicator */ + result = tx_thread_create(thread, + "WolfSSL TestSuiteThread", + (entry_functionType)fun, (ULONG)args, + TestSuiteThreadStack, + TESTSUITE_THREAD_STACK_SZ, + 2, 2, + 1, TX_AUTO_START); + if (result != TX_SUCCESS) + { + printf("Ethernet Bypass Application: failed to create idle thread!\n"); + } + #else *thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0); #endif @@ -465,6 +522,8 @@ void join_thread(THREAD_TYPE thread) } Task_yield(); } +#elif defined(NETOS) + /* TODO: */ #else int res = WaitForSingleObject((HANDLE)thread, INFINITE); assert(res == WAIT_OBJECT_0); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 5e684509b..1ee4d17eb 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -142,6 +142,9 @@ #ifdef XPRINTF #undef printf #define printf XPRINTF + #elif defined(NETOS) + #undef printf + #define printf dc_log_printf #endif #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index bc7f7c4cc..7c34ba310 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -158,9 +158,13 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"") /* don't use file system for these tests, since ./certs dir isn't loaded */ #undef NO_FILESYSTEM #define NO_FILESYSTEM -#elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF) - /* since just testing, use THREADX log printf instead */ - int dc_log_printf(char*, ...); +#elif defined(THREADX) && !defined(WOLFSSL_WICED) && \ + !defined(THREADX_NO_DC_PRINTF) + #ifndef (NETOS) + /* since just testing, use THREADX log printf instead (NETOS prototypes + * this elsewhere) */ + int dc_log_printf(char*, ...); + #endif #undef printf #define printf dc_log_printf #elif defined(ANDROID) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 41c41e9e8..fffd89214 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2754,7 +2754,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len, !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ - !defined(WOLFSSL_ZEPHYR) + !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) #include #endif /* allow writev style writing */ diff --git a/wolfssl/test.h b/wolfssl/test.h index c5160b53e..6e1c802c4 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -135,6 +135,16 @@ ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; return(ret) ; } +#elif defined(NETOS) + #include + #include + struct hostent { + char* h_name; /* official name of host */ + char** h_aliases; /* alias list */ + int h_addrtype; /* host address type */ + int h_length; /* length of address */ + char** h_addr_list; /* list of addresses from the name server */ + }; #else #include #include @@ -274,6 +284,12 @@ #define EXIT_TEST(ret) #endif #define WOLFSSL_THREAD + #elif defined(NETOS) + typedef UINT THREAD_RETURN; + typedef TX_THREAD THREAD_TYPE; + #define WOLFSSL_THREAD + #define INFINITE TX_WAIT_FOREVER + #define WAIT_OBJECT_0 TX_NO_WAIT #else typedef unsigned int THREAD_RETURN; typedef intptr_t THREAD_TYPE; @@ -369,6 +385,31 @@ /* Whitewood netRandom default config file */ #define wnrConfig "wnr-example.conf" #endif +#elif defined(NETOS) && defined(HAVE_FIPS) + /* These defines specify the file system volume and root directory used by + * the FTP server used in the only supported NETOS FIPS solution (at this + * time), these can be tailored in the event a future FIPS solution is added + * for an alternate NETOS use-case */ + #define FS_VOLUME1 "FLASH0" + #define FS_VOLUME1_DIR FS_VOLUME1 "/" + #define caCertFile FS_VOLUME1_DIR "certs/ca-cert.pem" + #define eccCertFile FS_VOLUME1_DIR "certs/server-ecc.pem" + #define eccKeyFile FS_VOLUME1_DIR "certs/ecc-key.pem" + #define svrCertFile FS_VOLUME1_DIR "certs/server-cert.pem" + #define svrKeyFile FS_VOLUME1_DIR "certs/server-key.pem" + #define cliCertFile FS_VOLUME1_DIR "certs/client-cert.pem" + #define cliKeyFile FS_VOLUME1_DIR "certs/client-key.pem" + #define ntruCertFile FS_VOLUME1_DIR "certs/ntru-cert.pem" + #define ntruKeyFile FS_VOLUME1_DIR "certs/ntru-key.raw" + #define dhParamFile FS_VOLUME1_DIR "certs/dh2048.pem" + #define cliEccKeyFile FS_VOLUME1_DIR "certs/ecc-client-key.pem" + #define cliEccCertFile FS_VOLUME1_DIR "certs/client-ecc-cert.pem" + #define caEccCertFile FS_VOLUME1_DIR "certs/ca-ecc-cert/pem" + #define crlPemDir FS_VOLUME1_DIR "certs/crl" + #ifdef HAVE_WNR + /* Whitewood netRandom default config file */ + #define wnrConfig "wnr-example.conf" + #endif #else #define caCertFile "./certs/ca-cert.pem" #define eccCertFile "./certs/server-ecc.pem" @@ -417,6 +458,9 @@ typedef struct tcp_ready { pthread_mutex_t mutex; pthread_cond_t cond; #endif +#ifdef NETOS + TX_MUTEX mutex; +#endif } tcp_ready; @@ -429,9 +473,14 @@ static WC_INLINE void InitTcpReady(tcp_ready* ready) #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) pthread_mutex_init(&ready->mutex, 0); pthread_cond_init(&ready->cond, 0); +#elif defined(NETOS) + tx_mutex_create(&ready->mutex, "wolfSSL Lock", TX_INHERIT); #endif } +#ifdef NETOS + struct hostent* gethostbyname(vonst char* name); +#endif static WC_INLINE void FreeTcpReady(tcp_ready* ready) { @@ -440,6 +489,8 @@ static WC_INLINE void FreeTcpReady(tcp_ready* ready) #elif defined(_POSIX_THREADS) && !defined(__MINGW32__) pthread_mutex_destroy(&ready->mutex); pthread_cond_destroy(&ready->cond); +#elif defined(NETOS) + tx_mutex_delete(&ready->mutex); #else (void)ready; #endif @@ -472,8 +523,11 @@ typedef struct func_args { callback_functions *callbacks; } func_args; - - +#ifdef NETOS + int dc_log_printf(char* format, ...); + #undef printf + #define printf dc_log_printf +#endif void wait_tcp_ready(func_args*); @@ -1239,6 +1293,8 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp) #elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\ defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR) /* nothing to define */ +#elif defined(NETOS) + /* TODO: signal(SIGPIPE, SIG_IGN); */ #else /* no S_NOSIGPIPE */ signal(SIGPIPE, SIG_IGN); #endif /* S_NOSIGPIPE */ @@ -1939,6 +1995,14 @@ static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, tcp_ready* ready = args->signal; ready->ready = 1; ready->port = port; +#elif defined(NETOS) + { + tcp_ready* ready = args->signal; + (void)tx_mutex_get(&ready->mutex, TX_WAIT_FOREVER); + ready->ready = 1; + ready->port = port; + (void)tx_mutex_put(&ready->mutex); + } #else (void)port; #endif @@ -1982,10 +2046,21 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd, ready->ready = 1; ready->port = port; } + #elif defined(NETOS) + /* signal ready to tcp_accept */ + if (args) + ready = args->signal; + if (ready) { + (void)tx_mutex_get(&ready->mutex, TX_WAIT_FOREVER); + ready->ready = 1; + ready->port = port; + (void)tx_mutex_put(&ready->mutex); + } #endif if (ready_file) { - #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) + #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \ + !defined(NETOS) XFILE srf = NULL; if (args) ready = args->signal; @@ -2303,12 +2378,14 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl, #else #if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS) - #include + #ifndef NETOS + #include + #endif static WC_INLINE double current_time(int reset) { struct timeval tv; - gettimeofday(&tv, 0); + gettimeofday(&tv, NULL); (void)reset; return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; @@ -2356,7 +2433,8 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response) #if !defined(NO_CERTS) #if !defined(NO_FILESYSTEM) || \ - (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) + (defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) && \ + !defined(NETOS) /* reads file size, allocates buffer, reads into buffer, returns buffer */ static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen) @@ -2758,7 +2836,8 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type) static WC_INLINE int ChangeToWolfRoot(void) { - #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) + #if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \ + !defined(NETOS) int depth, res; XFILE keyFile; for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) { @@ -2769,6 +2848,8 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type) } #ifdef USE_WINDOWS_API res = SetCurrentDirectoryA("..\\"); + #elif defined(NETOS) + return 0; #else res = chdir("../"); #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index 9e1f76f4a..28a5a7b83 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -151,6 +151,8 @@ #elif defined(EBSNET) #include "rtipapi.h" /* errno */ #include "socket.h" + #elif defined(NETOS) + #include #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)