diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 1c9e1df21..42f12b73d 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -97,8 +97,11 @@ #endif #endif -#ifdef NO_STDIO_FILESYSTEM -#define fflush(...) do {} while (0) +#if defined(WOLFSSL_ZEPHYR) || defined(NO_STDIO_FILESYSTEM) || !defined(XFFLUSH) +/* fflush in Zephyr doesn't work on stdout and stderr. Use + * CONFIG_LOG_MODE_IMMEDIATE compilation option instead. */ +#undef XFFLUSH +#define XFFLUSH(...) do {} while (0) #endif /* Macro to disable benchmark */ @@ -359,7 +362,7 @@ printf("%s%s L%d error %d for \"%s\"\n", \ err_prefix, __FILE__, __LINE__, \ errno, #__VA_ARGS__); \ - fflush(stdout); \ + XFFLUSH(stdout); \ _exit(1); \ } \ } while(0) @@ -373,7 +376,7 @@ printf("%s%s L%d error %d for \"%s\"\n", \ err_prefix, __FILE__, __LINE__, \ _pthread_ret, #__VA_ARGS__); \ - fflush(stdout); \ + XFFLUSH(stdout); \ _exit(1); \ } \ } while(0) @@ -1948,7 +1951,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID, } #ifndef WOLFSSL_SGX - fflush(stdout); + XFFLUSH(stdout); #endif /* Add to thread stats */ @@ -2081,7 +2084,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength, } #ifndef WOLFSSL_SGX - fflush(stdout); + XFFLUSH(stdout); #endif /* Add to thread stats */ @@ -9125,6 +9128,9 @@ static int string_matches(const char* arg, const char* str) ESP_ERROR_CHECK(gptimer_enable(esp_gptimer)); ESP_ERROR_CHECK(gptimer_start(esp_gptimer)); #endif + #elif defined(MAIN_NO_ARGS) + int argc = 0; + char** argv = NULL; #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 8852e639e..f8629df2d 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -915,13 +915,48 @@ void wc_ReadDirClose(ReadDirCtx* ctx) #endif /* !NO_FILESYSTEM */ #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_ZEPHYR) -XFILE z_fs_open(const char* filename, const char* perm) +XFILE z_fs_open(const char* filename, const char* mode) { XFILE file; + fs_mode_t flags = 0; + + if (mode == NULL) + return NULL; + + /* Parse mode */ + switch (*mode++) { + case 'r': + flags |= FS_O_READ; + break; + case 'w': + flags |= FS_O_WRITE|FS_O_CREATE; + break; + case 'a': + flags |= FS_O_APPEND|FS_O_CREATE; + break; + default: + return NULL; + } + + /* Ignore binary flag */ + if (*mode == 'b') + mode++; + if (*mode == '+') { + flags |= FS_O_READ; + /* Don't add write flag if already appending */ + if (!(flags & FS_O_APPEND)) + flags |= FS_O_RDWR; + } + /* Ignore binary flag */ + if (*mode == 'b') + mode++; + /* Incorrect mode string */ + if (*mode != '\0') + return NULL; file = (XFILE)XMALLOC(sizeof(*file), NULL, DYNAMIC_TYPE_FILE); if (file != NULL) { - if (fs_open(file, filename) != 0) { + if (fs_open(file, filename, flags) != 0) { XFREE(file, NULL, DYNAMIC_TYPE_FILE); file = NULL; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 0067cf5e5..734eff00f 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -43777,6 +43777,9 @@ WOLFSSL_TEST_SUBROUTINE int mutex_test(void) { #ifdef WOLFSSL_PTHREADS wolfSSL_Mutex m; +#endif +#if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \ + !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY)) int ret; #endif #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index c1731a931..83d1d8615 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -139,7 +139,12 @@ /* do nothing */ #elif defined(WOLFSSL_ZEPHYR) #ifndef SINGLE_THREADED + #ifndef CONFIG_PTHREAD_IPC + #error "Need CONFIG_PTHREAD_IPC for threading" + #endif #include + #include + #include #endif #elif defined(WOLFSSL_TELIT_M2MB) @@ -513,11 +518,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XFILE struct fs_file_t* #define STAT struct fs_dirent - XFILE z_fs_open(const char* filename, const char* perm); + /* These are our wrappers for opening and closing files to + * make the API more POSIX like. */ + XFILE z_fs_open(const char* filename, const char* mode); int z_fs_close(XFILE file); #define XFOPEN z_fs_open #define XFCLOSE z_fs_close + #define XFFLUSH fs_sync #define XFSEEK fs_seek #define XFTELL fs_tell #define XFREWIND fs_rewind @@ -528,6 +536,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XBADFILE NULL #define XFGETS(b,s,f) -2 /* Not ported yet */ + #define XSTAT fs_stat + #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE) + #define SEPARATOR_CHAR ':' + #elif defined(WOLFSSL_TELIT_M2MB) #define XFILE INT32 #define XFOPEN(NAME, MODE) m2mb_fs_open((NAME), 0, (MODE)) @@ -655,12 +667,6 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XREAD read #define XCLOSE close - #elif defined(WOLFSSL_ZEPHYR) - #ifndef XSTAT - #define XSTAT fs_stat - #endif - #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE) - #define SEPARATOR_CHAR ':' #elif defined(WOLFSSL_TELIT_M2MB) #ifndef XSTAT #define XSTAT m2mb_fs_stat diff --git a/zephyr/samples/wolfssl_benchmark/prj.conf b/zephyr/samples/wolfssl_benchmark/prj.conf index 4dd23691f..2cf271408 100644 --- a/zephyr/samples/wolfssl_benchmark/prj.conf +++ b/zephyr/samples/wolfssl_benchmark/prj.conf @@ -3,6 +3,9 @@ CONFIG_MAIN_STACK_SIZE=32768 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384 +# Pthreads +CONFIG_PTHREAD_IPC=y + # Clock for time() CONFIG_POSIX_CLOCK=y diff --git a/zephyr/samples/wolfssl_test/prj.conf b/zephyr/samples/wolfssl_test/prj.conf index 624674315..c2f997430 100644 --- a/zephyr/samples/wolfssl_test/prj.conf +++ b/zephyr/samples/wolfssl_test/prj.conf @@ -3,6 +3,9 @@ CONFIG_MAIN_STACK_SIZE=32768 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384 +# Pthreads +CONFIG_PTHREAD_IPC=y + # Clock for time() CONFIG_POSIX_CLOCK=y diff --git a/zephyr/samples/wolfssl_tls_sock/prj.conf b/zephyr/samples/wolfssl_tls_sock/prj.conf index f06afac26..9ca0cef9b 100644 --- a/zephyr/samples/wolfssl_tls_sock/prj.conf +++ b/zephyr/samples/wolfssl_tls_sock/prj.conf @@ -7,6 +7,9 @@ CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192 # General config CONFIG_NEWLIB_LIBC=y +# Pthreads +CONFIG_PTHREAD_IPC=y + # Clock for time() CONFIG_POSIX_CLOCK=y @@ -43,6 +46,8 @@ CONFIG_NET_PKT_TX_COUNT=10 # Logging CONFIG_PRINTK=y #CONFIG_WOLFSSL_DEBUG=y +#CONFIG_LOG=y +#CONFIG_LOG_MODE_IMMEDIATE=y # TLS configuration CONFIG_WOLFSSL=y diff --git a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c index 59cf271b5..489591ec8 100644 --- a/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c +++ b/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c @@ -30,8 +30,8 @@ #endif #define BUFFER_SIZE 2048 -#define STATIC_MEM_SIZE (96*1024) -#define THREAD_STACK_SIZE (12*1024) +#define STATIC_MEM_SIZE (192*1024) +#define THREAD_STACK_SIZE (24*1024) #define MAX_SEND_SIZE 256 /* The stack to use in the server's thread. */ @@ -64,6 +64,15 @@ static const char msgHTTPIndex[] = "\n" "\n"; +/* DO NOT use this in production. You should implement a way + * to get the current date. */ +static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + if (store->error == ASN_BEFORE_DATE_E) + return 1; /* override error */ + else + return preverify; +} /* Create a new wolfSSL client with a server CA certificate. */ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) @@ -81,8 +90,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) if (ret == 0) { /* Load client certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048, - sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != + if (wolfSSL_CTX_load_verify_buffer_ex(client_ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, + /* DO NOT use this in production. You should + * implement a way to get the current date. */ + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load CA certificate\n"); ret = -1; @@ -97,6 +109,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) } } + if (ret == 0) + wolfSSL_set_verify(client_ssl, + WOLFSSL_VERIFY_PEER|WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verifyIgnoreDateError); + if (ret == 0) { /* Return newly created wolfSSL context and object */ *ctx = client_ctx; @@ -170,6 +187,10 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) } } + if (ret == 0) + wolfSSL_set_verify(server_ssl, WOLFSSL_VERIFY_PEER, + verifyIgnoreDateError); + if (ret == 0) { /* Return newly created wolfSSL context and object */ *ctx = server_ctx; diff --git a/zephyr/samples/wolfssl_tls_thread/prj.conf b/zephyr/samples/wolfssl_tls_thread/prj.conf index 5cf80edf3..e675b38a5 100644 --- a/zephyr/samples/wolfssl_tls_thread/prj.conf +++ b/zephyr/samples/wolfssl_tls_thread/prj.conf @@ -4,6 +4,9 @@ CONFIG_ENTROPY_GENERATOR=y CONFIG_INIT_STACKS=y CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=65536 +# Pthreads +CONFIG_PTHREAD_IPC=y + # Clock for time() CONFIG_POSIX_CLOCK=y @@ -16,16 +19,18 @@ CONFIG_NET_SOCKETS=y CONFIG_DNS_RESOLVER=y # Logging -# Enable logging using RTT and UART CONFIG_PRINTK=y -CONFIG_CBPRINTF_LIBC_SUBSTS=y -CONFIG_CBPRINTF_FP_SUPPORT=y -CONFIG_CONSOLE=y CONFIG_LOG=y -CONFIG_LOG_BACKEND_UART=y -CONFIG_LOG_BUFFER_SIZE=15360 +CONFIG_LOG_MODE_IMMEDIATE=y #CONFIG_WOLFSSL_DEBUG=y +# Enable logging using RTT and UART +#CONFIG_CBPRINTF_LIBC_SUBSTS=y +#CONFIG_CBPRINTF_FP_SUPPORT=y +#CONFIG_CONSOLE=y +#CONFIG_LOG_BACKEND_UART=y +#CONFIG_LOG_BUFFER_SIZE=15360 + # TLS configuration CONFIG_WOLFSSL=y CONFIG_WOLFSSL_BUILTIN=y diff --git a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c index ae1488860..57990ab99 100644 --- a/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c +++ b/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c @@ -43,8 +43,8 @@ #endif #define BUFFER_SIZE 2048 -#define STATIC_MEM_SIZE (96*1024) -#define THREAD_STACK_SIZE (13*1024) +#define STATIC_MEM_SIZE (192*1024) +#define THREAD_STACK_SIZE (24*1024) /* The stack to use in the server's thread. */ K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE); @@ -173,6 +173,16 @@ static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx) return sz; } +/* DO NOT use this in production. You should implement a way + * to get the current date. */ +static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + if (store->error == ASN_BEFORE_DATE_E) + return 1; /* override error */ + else + return preverify; +} + /* Create a new wolfSSL client with a server CA certificate. */ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) { @@ -189,8 +199,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) if (ret == 0) { /* Load client certificates into WOLFSSL_CTX */ - if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_ecc_cert_der_256, - sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != + if (wolfSSL_CTX_load_verify_buffer_ex(client_ctx, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1, 0, + /* DO NOT use this in production. You should + * implement a way to get the current date. */ + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) != WOLFSSL_SUCCESS) { printf("ERROR: failed to load CA certificate\n"); ret = -1; @@ -218,6 +231,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) } } + if (ret == 0) + wolfSSL_set_verify(client_ssl, + WOLFSSL_VERIFY_PEER|WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, + verifyIgnoreDateError); + #if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS) if (ret == 0) { XMEMSET(&client_psa_ctx, 0, sizeof(client_psa_ctx)); @@ -378,6 +396,10 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl) } } + if (ret == 0) + wolfSSL_set_verify(server_ssl, WOLFSSL_VERIFY_PEER, + verifyIgnoreDateError); + #if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS) if (ret == 0) { if (wolfSSL_set_psa_ctx(server_ssl, &server_psa_ctx) @@ -543,6 +565,7 @@ void server_thread(void* arg1, void* arg2, void* arg3) ret = wolfssl_send(server_ssl, msgHTTPIndex); printf("Server Return: %d\n", ret); + printf("Server Error: %d\n", wolfSSL_get_error(server_ssl, ret)); #ifdef WOLFSSL_STATIC_MEMORY printf("Server Memory Stats\n"); @@ -618,6 +641,8 @@ int main() ret = 0; printf("Client Return: %d\n", ret); + printf("Client Error: %d\n", wolfSSL_get_error(client_ssl, ret)); + join_thread(serverThread);