From 534fe6ab3940e069b55e09aac80dab68c8e557b9 Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Wed, 26 Dec 2018 15:20:19 -0800 Subject: [PATCH] Updated with PR review comments --- IDE/ECLIPSE/DEOS/README.md | 21 +++++++------- IDE/ECLIPSE/DEOS/deos_malloc.c | 5 ++-- IDE/ECLIPSE/DEOS/tls_wolfssl.c | 50 +++++++++++++++----------------- IDE/ECLIPSE/DEOS/user_settings.h | 17 ++++++----- wolfssl/wolfcrypt/settings.h | 12 ++++---- 5 files changed, 52 insertions(+), 53 deletions(-) diff --git a/IDE/ECLIPSE/DEOS/README.md b/IDE/ECLIPSE/DEOS/README.md index 66d273a7a..d586c38d5 100644 --- a/IDE/ECLIPSE/DEOS/README.md +++ b/IDE/ECLIPSE/DEOS/README.md @@ -10,12 +10,12 @@ You can start with your OpenArbor IDE-based example project for Deos with the ne wolfSSL supports a compile-time user configurable options in the `IDE/ECLIPSE/DEOS/user_settings.h` file. -The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can define any of these macro options to run a test. +The `tls_wolfssl.c` example application provides a simple function to run the selected examples at compile time through the following four #defines in user_settings.h. You can undefine any of these macro options to run a test. ``` - 1. #define WOLFSSL_WOLFCRYPT_TEST - 2. #define WOLFSSL_BENCHMARK_TEST - 3. #define WOLFSSL_CLIENT_TEST - 4. #define WOLFSSL_SERVER_TEST + 1. #undef NO_CRYPT_TEST + 2. #undef NO_CRYPT_BENCHMARK + 3. #undef NO_WOLFSSL_CLIENT + 4. #undef NO_WOLFSSL_SERVER ``` Steps for building and running wolfSSL with the Deos kernel examples included in the DDS release are as follows: #### Setting up a Deos project with wolfSSL @@ -56,7 +56,7 @@ wolfsslPort mutexQuota = "5" > - pagesNeeded = "1000" + pagesNeeded = "500" > @@ -102,7 +102,7 @@ Depending on your configuration, wolfSSL uses upto four mutexes. 1. Build your project, then load and run your image on a target platform. Review the test results on the console output. -### `WOLFSSL_WOLFCRYPT_TEST` wolfcrypt_test() +### `wolfcrypt_test()` wolfcrypt_test() prints a message on the target console similar to the following output: ``` error test passed! @@ -112,8 +112,7 @@ asn test passed! ``` This example doesn't show the whole output. -The complete ouputs are not displayed here. -### `WOLFSSL_BENCHMARK_TEST` benchmark_test() +### `benchmark_test()` benchmark_test() prints a message on the target console similar to the following output. ``` @@ -128,11 +127,11 @@ AES-128-CBC-dec 225 KB tooks 1.005 seconds, 223.922 KB/s ``` This example doesn't show the whole output. -### `WOLFSSL_CLIENT_TEST` wolfssl_client_test() +### `wolfssl_client_test()` You can modify the `TCP_SERVER_IP_ADDR` and `TCP_SERVER_PORT` macros in the `tls_wolfssl.c` file to configure the host address and port. You will also need to define the server certificate. The example client uses the GET request to get a web resource from the server at https://google.com. -### `WOLFSSL_SERVER_TEST` wolfssl_server_test() +### `wolfssl_server_test()` You can modify the `TLS_SERVER_PORT` in the `tls_wolfssl.c` file to configure the port number to listen on a local-host. Once you start the TLS server and `Listening for client connection` displays on the serial console, the server is ready to accept client connections. diff --git a/IDE/ECLIPSE/DEOS/deos_malloc.c b/IDE/ECLIPSE/DEOS/deos_malloc.c index 09b61ad56..cd95b85c5 100644 --- a/IDE/ECLIPSE/DEOS/deos_malloc.c +++ b/IDE/ECLIPSE/DEOS/deos_malloc.c @@ -18,13 +18,14 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include #include #define HEAP_SIZE_MAX (1*1024*1024) static size_t allocatedMemory = 0; -size_t getMemAllocatedSize_does(size_t* size){ +size_t getMemAllocatedSize_deos(size_t* size){ if (size) *size = allocatedMemory; @@ -85,7 +86,7 @@ void *malloc_deos(size_t size) { } retAddr = freeAddr; - memset(retAddr, 0, size); + XMEMSET(retAddr, 0, size); freeAddr += size; allocatedMemory += size; diff --git a/IDE/ECLIPSE/DEOS/tls_wolfssl.c b/IDE/ECLIPSE/DEOS/tls_wolfssl.c index add15e66e..608b9f606 100644 --- a/IDE/ECLIPSE/DEOS/tls_wolfssl.c +++ b/IDE/ECLIPSE/DEOS/tls_wolfssl.c @@ -19,6 +19,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#include #include #include #include @@ -59,7 +60,7 @@ int setupTransport(clientConnectionHandleType* connectionHandle, return ret; } -#if defined(WOLFSSL_CLIENT_TEST) +#if !defined(NO_WOLFSSL_CLIENT ) /* 172.217.3.174 is the IP address of https://www.google.com */ #define TCP_SERVER_IP_ADDR "172.217.3.174" @@ -179,11 +180,9 @@ void wolfssl_client_test(uintData_t statusPtr) { wolfSSL_Init(); - #ifdef WOLFSSL_TLS13 - ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); - #else - ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); - #endif + /* chooses the highest possible TLS version */ + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SET UP NETWORK SOCKET */ if (ctx == 0) { @@ -192,7 +191,7 @@ void wolfssl_client_test(uintData_t statusPtr) { return; } - WOLFSSL_MSG("wolfSSL_CTX_new done\n"); + WOLFSSL_MSG("wolfSSL_CTX_new done"); wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); @@ -242,7 +241,7 @@ void wolfssl_client_test(uintData_t statusPtr) { } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ)); printf("wolfSSL_connect() ok... sending GET\n"); - strncpy(tx_buf, TX_MSG, TX_MSG_SIZE); + XSTRNCPY(tx_buf, TX_MSG, TX_MSG_SIZE); if (wolfSSL_write(ssl, tx_buf, TX_MSG_SIZE) != TX_MSG_SIZE) { error = wolfSSL_get_error(ssl, 0); printf("ERROR: wolfSSL_write() failed, err = %d\n", error); @@ -277,10 +276,9 @@ void wolfssl_client_test(uintData_t statusPtr) { return; } -#endif /* WOLFSSL_CLIENT_TEST */ +#endif /* NO_WOLFSSL_CLIENT */ - -#if defined(WOLFSSL_SERVER_TEST) +#if !defined(NO_WOLFSSL_SERVER) #define TLS_SERVER_PORT 11111 #define TX_BUF_SIZE 64 @@ -426,13 +424,9 @@ void wolfssl_server_test(uintData_t statusPtr) wolfSSL_Init(); - #if defined(WOLFSSL_TLS13) - ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); - printf("Using TLSv1_3\n"); - #else - ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); - printf("Using TLSv1_2\n"); - #endif + /* chooses the highest possible TLS version */ + + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); if (ctx == 0) { printf("ERROR: wolfSSL_CTX_new failed\n"); @@ -481,6 +475,10 @@ void wolfssl_server_test(uintData_t statusPtr) printf("Got client connection! Starting TLS negotiation\n"); + #ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); + #endif + /* set up wolfSSL session */ ssl = wolfSSL_new(ctx); if (ssl == NULL) { @@ -520,9 +518,7 @@ void wolfssl_server_test(uintData_t statusPtr) } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ)); printf("wolfSSL_accept() ok...\n"); - #ifdef DEBUG_WOLFSSL - wolfSSL_Debugging_ON(); - #endif + /* read client data */ error = 0; @@ -548,7 +544,7 @@ void wolfssl_server_test(uintData_t statusPtr) /* write response to client */ XMEMSET(tx_buf, 0u, TX_BUF_SIZE); tx_buf_sz = 22; - strncpy(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz); + XSTRNCPY(tx_buf, "I hear ya fa shizzle!\n", tx_buf_sz); if (wolfSSL_write(ssl, tx_buf, tx_buf_sz) != tx_buf_sz) { error = wolfSSL_get_error(ssl, 0); printf("ERROR: wolfSSL_write() failed, err = %d\n", error); @@ -570,7 +566,7 @@ void wolfssl_server_test(uintData_t statusPtr) return; } -#endif /* WOLFSSL_SERVER_TEST */ +#endif /* NO_WOLFSSL_SERVER */ int wolfsslRunTests (void) { @@ -578,20 +574,20 @@ int wolfsslRunTests (void) threadStatus ts; int ret; - #if defined(WOLFSSL_WOLFCRYPT_TEST) + #if !defined(NO_CRYPT_TEST) wolfcrypt_test(NULL); #endif - #if defined(WOLFSSL_BENCHMARK_TEST) + #if !defined(NO_CRYPT_BENCHMARK) benchmark_test(NULL); #endif - #if defined(WOLFSSL_CLIENT_TEST) + #if !defined(NO_WOLFSSL_CLIENT) ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test, 0, &TCPhandle ); if (ts != threadSuccess) { printf("Unable to create TCP client thread, %i ", (DWORD)ts); } #endif - #if defined(WOLFSSL_SERVER_TEST) + #if !defined(NO_WOLFSSL_SERVER) ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test, 0, &TCPhandle ); if (ts != threadSuccess) { diff --git a/IDE/ECLIPSE/DEOS/user_settings.h b/IDE/ECLIPSE/DEOS/user_settings.h index b1e1e971f..a19ecd7ce 100644 --- a/IDE/ECLIPSE/DEOS/user_settings.h +++ b/IDE/ECLIPSE/DEOS/user_settings.h @@ -28,16 +28,19 @@ #define WOLFSSL_DEOS -/* You can select none or all of the following tests */ -#define WOLFSSL_WOLFCRYPT_TEST -#define WOLFSSL_BENCHMARK_TEST -#define WOLFSSL_CLIENT_TEST -#define WOLFSSL_SERVER_TEST +/* You can select none or all of the following tests +using #define instead of #undef. +By default, all four tests run*/ + +#undef NO_CRYPT_TEST +#undef NO_CRYPT_BENCHMARK +#undef NO_WOLFSSL_CLIENT +#undef NO_WOLFSSL_SERVER /* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC) You can get the current time from https://www.unixtimestamp.com/ */ -#define CURRENT_UNIX_TIMESTAMP 1544162764 +#define CURRENT_UNIX_TIMESTAMP 1545864916 #define NO_FILESYSTEM #define SIZEOF_LONG_LONG 8 @@ -65,12 +68,10 @@ You can get the current time from https://www.unixtimestamp.com/ /* TLS 1.3 */ #if 0 #define WOLFSSL_TLS13 - #define HAVE_TLS_EXTENSIONS #define WC_RSA_PSS #define HAVE_HKDF #define HAVE_FFDHE_2048 #define HAVE_AEAD - #define HAVE_SUPPORTED_CURVES #endif #if 0 diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index d58866add..67d3697fe 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1168,13 +1168,19 @@ extern void uITRON4_free(void *p) ; /* disable fall-back case, malloc, realloc and free are unavailable */ #define WOLFSSL_NO_MALLOC + /* file sytem has not been ported since it is a seperate product. */ + #define NO_FILESYSTEM + #ifdef NO_FILESYSTEM + #define NO_WOLFSSL_DIR + #define NO_WRITEV + #endif + #define USE_FAST_MATH #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT #define WC_RSA_BLINDING - #define HAVE_HASHDRBG #define HAVE_ECC #define ALT_ECC_SIZE @@ -1184,14 +1190,10 @@ extern void uITRON4_free(void *p) ; #define TFM_ECC384 #define TFM_ECC521 - #define NO_RC4 #define HAVE_TLS_EXTENSIONS #define HAVE_SUPPORTED_CURVES #define HAVE_EXTENDED_MASTER - #define NO_WOLFSSL_DIR - #define NO_WRITEV - #if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) #define BIG_ENDIAN_ORDER #else