From 82d531562c55e4d5d50b3f810f37e4ba917b3bb8 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 31 Aug 2019 15:18:21 +0900 Subject: [PATCH 1/4] Fixed build warnings due to esp-idf update Fixed server application TLS communicatio failure --- .../examples/wolfssl_benchmark/main/helper.c | 2 ++ .../examples/wolfssl_client/CMakeLists.txt | 5 ++++ .../ESP-IDF/examples/wolfssl_client/Makefile | 3 +- .../examples/wolfssl_client/main/client-tls.c | 5 ++-- .../main/include/wifi_connect.h | 5 ++++ .../wolfssl_client/main/wifi_connect.c | 22 +++++++++++++-- .../examples/wolfssl_server/CMakeLists.txt | 4 +++ .../ESP-IDF/examples/wolfssl_server/Makefile | 3 ++ .../main/include/wifi_connect.h | 7 ++++- .../examples/wolfssl_server/main/server-tls.c | 3 +- .../wolfssl_server/main/wifi_connect.c | 22 +++++++++++++-- src/internal.c | 28 ++++++++++++++++++- wolfcrypt/test/test.c | 2 ++ wolfssl/ssl.h | 2 ++ 14 files changed, 101 insertions(+), 12 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c index 8778b5454..bb5582c56 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c @@ -163,6 +163,8 @@ void app_main(void) return; } atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); + #else + (void) TAG; #endif #endif wolf_benchmark_task(); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt index bf716c65b..7312c0dba 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt @@ -2,5 +2,10 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.5) +# (Not part of the boilerplate) +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +# disable the following line if there isn't the directory +set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) + include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_client) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile index ac04b5fe5..f3854ff18 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile @@ -6,6 +6,7 @@ PROJECT_NAME := wolfssl_client CFLAGS += -DWOLFSSL_USER_SETTINGS +# if there isn't the directory, please disable the line below. +EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common include $(IDF_PATH)/make/project.mk - diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 000684e0e..cde4c6ec2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -131,6 +131,7 @@ void tls_smp_client_task() size_t len; struct hostent *hp; struct ip4_addr *ip4_addr; + const char sndMsg[] = "GET /index.html HTTP/1.0\r\n\r\n"; /* declare wolfSSL objects */ WOLFSSL_CTX *ctx; @@ -257,8 +258,8 @@ void tls_smp_client_task() if(sendGet){ printf("SSL connect ok, sending GET...\n"); - len = 28; - strncpy(buff, "GET /index.html HTTP/1.0\r\n\r\n", 28); + len = XSTRLEN(sndMsg); + strncpy(buff, sndMsg, len); buff[len] = '\0'; } else { sprintf(buff, "message from esp32 tls client\n"); diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h index ede9e7a9b..430529103 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h @@ -21,9 +21,14 @@ #ifndef _TLS_WIFI_H_ #define _TLS_WIFI_H_ +#include "esp_idf_version.h" #include "esp_log.h" #include "esp_wifi.h" +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "esp_event.h" +#else #include "esp_event_loop.h" +#endif #define DEFAULT_PORT 11111 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index ad7a4ee93..e1aa83d7f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -27,6 +27,9 @@ #include "lwip/netdb.h" #include "lwip/apps/sntp.h" #include "nvs_flash.h" +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "protocol_examples_common.h" +#endif const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -48,12 +51,13 @@ static void set_time() time_t now; struct tm timeinfo; char strftime_buf[64]; - - utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */ + /* please update the time if seeing unknown failure. */ + /* this could cause TLS communication failure due to time expiration */ + utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */ utctime.tv_usec = 0; tz.tz_minuteswest = 0; tz.tz_dsttime = 0; - + settimeofday(&utctime, &tz); time(&now); @@ -62,9 +66,11 @@ static void set_time() strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); +#if ESP_IDF_VERSION_MAJOR < 4 /* wait until wifi connect */ xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY); +#endif /* now we start client tasks. */ tls_smp_client_init(); } @@ -120,6 +126,15 @@ void app_main(void) tcpip_adapter_init(); /* */ +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 + (void) wifi_event_handler; + ESP_ERROR_CHECK(esp_event_loop_create_default()); + /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. + * Read "Establishing Wi-Fi or Ethernet Connection" section in + * examples/protocols/README.md for more information about this function. + */ + ESP_ERROR_CHECK(example_connect()); +#else wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); @@ -141,6 +156,7 @@ void app_main(void) ESP_LOGI(TAG, "wifi_init_sta finished."); ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); +#endif ESP_LOGI(TAG, "Set dummy time..."); set_time(); } diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt index 12c649649..0d591ea0d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt @@ -2,6 +2,10 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.5) +# (Not part of the boilerplate) +# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. +# disable the following line if there isn't the directory +set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) include($ENV{IDF_PATH}/tools/cmake/project.cmake) project(wolfssl_server) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile index 5fa6a42bd..e3bb4037f 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile @@ -7,5 +7,8 @@ PROJECT_NAME := tls_server CFLAGS += -DWOLFSSL_USER_SETTINGS +# if there isn't the directory, please disable the line below. +EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common + include $(IDF_PATH)/make/project.mk diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h index 18a76126d..5718ad34d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h @@ -1,4 +1,4 @@ -/* wifi_connect.h +/* wifi_connect.h * * Copyright (C) 2006-2019 wolfSSL Inc. * @@ -21,9 +21,14 @@ #ifndef _TLS_WIFI_H_ #define _TLS_WIFI_H_ +#include "esp_idf_version.h" #include "esp_log.h" #include "esp_wifi.h" +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "esp_event.h" +#else #include "esp_event_loop.h" +#endif #define DEFAULT_PORT 11111 diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index f8d018096..06730b16a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -133,6 +133,7 @@ void tls_smp_server_task() size_t len; int shutdown = 0; int ret; + const char msg[] = "I hear you fa shizzle!"; /* declare wolfSSL objects */ WOLFSSL_CTX* ctx; @@ -245,7 +246,7 @@ void tls_smp_server_task() } /* Write our reply into buff */ memset(buff, 0, sizeof(buff)); - memcpy(buff, "I hear ya fa shizzle!", sizeof(buff)); + memcpy(buff, msg, sizeof(msg)); len = strnlen(buff, sizeof(buff)); /* Reply back to the client */ if (wolfSSL_write(ssl, buff, len) != len) { diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 87034401d..f4829ce02 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -27,6 +27,9 @@ #include "lwip/netdb.h" #include "lwip/apps/sntp.h" #include "nvs_flash.h" +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 +#include "protocol_examples_common.h" +#endif const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -45,8 +48,9 @@ static void set_time() time_t now; struct tm timeinfo; char strftime_buf[64]; - - utctime.tv_sec = 1542008020; /* dummy time: Mon Nov 12 07:33:40 2018 */ + /* please update the time if seeing unknown failure. */ + /* this could cause TLS communication failure due to time expiration */ + utctime.tv_sec = 1567125910; /* dummy time: Fri Aug 30 09:45:00 2019 */ utctime.tv_usec = 0; tz.tz_minuteswest = 0; tz.tz_dsttime = 0; @@ -59,9 +63,11 @@ static void set_time() strftime(strftime_buf, sizeof(strftime_buf), "%c", &timeinfo); ESP_LOGI(TAG, "The current date/time is: %s", strftime_buf); +#if ESP_IDF_VERSION_MAJOR < 4 /* wait until wifi connect */ xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT, false, true, portMAX_DELAY); +#endif /* now we start client tasks. */ tls_smp_server_init(); } @@ -117,6 +123,15 @@ void app_main(void) tcpip_adapter_init(); /* */ +#if ESP_IDF_VERSION_MAJOR >= 4 && ESP_IDF_VERSION_MINOR >= 1 + (void) wifi_event_handler; + ESP_ERROR_CHECK(esp_event_loop_create_default()); + /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. + * Read "Establishing Wi-Fi or Ethernet Connection" section in + * examples/protocols/README.md for more information about this function. + */ + ESP_ERROR_CHECK(example_connect()); +#else wifi_event_group = xEventGroupCreate(); ESP_ERROR_CHECK(esp_event_loop_init(wifi_event_handler, NULL)); wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT(); @@ -138,6 +153,7 @@ void app_main(void) ESP_LOGI(TAG, "wifi_init_sta finished."); ESP_LOGI(TAG, "connect to ap SSID:%s password:%s", TLS_SMP_WIFI_SSID, TLS_SMP_WIFI_PASS); - ESP_LOGI(TAG, "Set Dummy time..."); +#endif + ESP_LOGI(TAG, "Set dummy time..."); set_time(); } diff --git a/src/internal.c b/src/internal.c index e96755cf9..9c62b3672 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4655,6 +4655,32 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, #ifdef HAVE_PK_CALLBACKS +int wolfSSL_CTX_IsPrivatePkSetForKeyType(WOLFSSL_CTX* ctx, byte keyType) +{ + int pkcbset = 0; + (void)ctx; +#if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_RSA) + if (0 + #ifdef HAVE_ECC + || (ctx->EccSignCb != NULL && keyType == ecc_dsa_sa_algo) + #endif + #ifdef HAVE_ED25519 + || (ctx->Ed25519SignCb != NULL && keyType == ed25519_sa_algo) + #endif + #ifndef NO_RSA + || (ctx->RsaSignCb != NULL && keyType == rsa_sa_algo) + || (ctx->RsaDecCb != NULL && keyType == rsa_kea) + #ifdef WC_RSA_PSS + || (ctx->RsaPssSignCb != NULL && keyType == rsa_pss_sa_algo) + #endif + #endif + ) { + pkcbset = 1; + } +#endif + return pkcbset; +} + int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) { int pkcbset = 0; @@ -18046,7 +18072,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) #ifdef HAVE_PK_CALLBACKS /* allow no private key if using PK callbacks and CB is set */ - if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { + if (wolfSSL_CTX_IsPrivatePkSetForKeyType(ssl->ctx, ssl->buffers.keyType)) { *length = GetPrivateKeySigSize(ssl); return 0; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6911040a9..b797388ff 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18408,6 +18408,8 @@ int ecc_test(void) printf("ecc_test_make_pub failed!: %d\n", ret); goto done; } +#else + (void) ecc_test_make_pub;/* for compiler warning */ #endif #ifdef WOLFSSL_CERT_GEN ret = ecc_test_cert_gen(&rng); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 3d43a5ab7..28da4290e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3254,6 +3254,8 @@ WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x5 #ifdef HAVE_PK_CALLBACKS WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); +WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSetForKeyType(WOLFSSL_CTX* ctx, + byte keyType); #endif #ifdef HAVE_ENCRYPT_THEN_MAC From 348be7fb0049b543e3a81f039b1d3bacc12e4426 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sun, 1 Sep 2019 08:10:39 +0900 Subject: [PATCH 2/4] Fix jankis test, known customer config. complaining unused var --- src/internal.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/internal.c b/src/internal.c index 9c62b3672..5f2e69b20 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4659,6 +4659,7 @@ int wolfSSL_CTX_IsPrivatePkSetForKeyType(WOLFSSL_CTX* ctx, byte keyType) { int pkcbset = 0; (void)ctx; + (void)keyType; #if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_RSA) if (0 #ifdef HAVE_ECC From 7433b20d432d3bad98f6f12085d68ba3b9285ee0 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Wed, 4 Sep 2019 07:40:38 +0900 Subject: [PATCH 3/4] renamed wolfSSL_CTX_IsPrivatePkSetForkeyType to wolfSSL_IsPrivatePkSet --- src/internal.c | 21 ++++++++++++--------- wolfssl/ssl.h | 3 +-- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/internal.c b/src/internal.c index 5f2e69b20..b0b3073ee 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4655,24 +4655,27 @@ int DhAgree(WOLFSSL* ssl, DhKey* dhKey, #ifdef HAVE_PK_CALLBACKS -int wolfSSL_CTX_IsPrivatePkSetForKeyType(WOLFSSL_CTX* ctx, byte keyType) +int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl) { int pkcbset = 0; - (void)ctx; - (void)keyType; + (void)ssl; + #if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_RSA) if (0 #ifdef HAVE_ECC - || (ctx->EccSignCb != NULL && keyType == ecc_dsa_sa_algo) + || (ssl->ctx->EccSignCb != NULL && + ssl->buffers.keyType == ecc_dsa_sa_algo) #endif #ifdef HAVE_ED25519 - || (ctx->Ed25519SignCb != NULL && keyType == ed25519_sa_algo) + || (ssl->ctx->Ed25519SignCb != NULL && + ssl->buffers.keyType == ed25519_sa_algo) #endif #ifndef NO_RSA - || (ctx->RsaSignCb != NULL && keyType == rsa_sa_algo) - || (ctx->RsaDecCb != NULL && keyType == rsa_kea) + || (ssl->ctx->RsaSignCb != NULL && ssl->buffers.keyType == rsa_sa_algo) + || (ssl->ctx->RsaDecCb != NULL && ssl->buffers.keyType == rsa_kea) #ifdef WC_RSA_PSS - || (ctx->RsaPssSignCb != NULL && keyType == rsa_pss_sa_algo) + || (ssl->ctx->RsaPssSignCb != NULL && + ssl->buffers.keyType == rsa_pss_sa_algo) #endif #endif ) { @@ -18073,7 +18076,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length) #ifdef HAVE_PK_CALLBACKS /* allow no private key if using PK callbacks and CB is set */ - if (wolfSSL_CTX_IsPrivatePkSetForKeyType(ssl->ctx, ssl->buffers.keyType)) { + if (wolfSSL_IsPrivatePkSet(ssl)) { *length = GetPrivateKeySigSize(ssl); return 0; } diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 28da4290e..d38acba96 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3253,9 +3253,8 @@ WOLFSSL_API unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x5 #endif /* OPENSSL_EXTRA */ #ifdef HAVE_PK_CALLBACKS +WOLFSSL_API int wolfSSL_IsPrivatePkSet(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx); -WOLFSSL_API int wolfSSL_CTX_IsPrivatePkSetForKeyType(WOLFSSL_CTX* ctx, - byte keyType); #endif #ifdef HAVE_ENCRYPT_THEN_MAC From 87d0c70695429d4c3b7c50c3126929bc0964d2b5 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Mon, 9 Sep 2019 08:20:42 +0900 Subject: [PATCH 4/4] erase compiler complaint, not used var --- IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c index bb5582c56..e58c5caa7 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/helper.c @@ -150,6 +150,7 @@ int construct_argv() /* entry point */ void app_main(void) { + (void) TAG; #ifndef NO_CRYPT_BENCHMARK /* when using atecc608a on esp32-wroom-32se */ @@ -163,8 +164,6 @@ void app_main(void) return; } atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free); - #else - (void) TAG; #endif #endif wolf_benchmark_task();