Merge pull request #6278 from julek-wolfssl/fix-zephyr

Zephyr port update

wolfcrypt/benchmark/benchmark.c

@@ -97,8 +97,11 @@
     #endif
 #endif
 
-#ifdef NO_STDIO_FILESYSTEM
+#if defined(WOLFSSL_ZEPHYR) || defined(NO_STDIO_FILESYSTEM) || !defined(XFFLUSH)
-#define fflush(...) do {} while (0)
+/* fflush in Zephyr doesn't work on stdout and stderr. Use
+ * CONFIG_LOG_MODE_IMMEDIATE compilation option instead. */
+#undef XFFLUSH
+#define XFFLUSH(...) do {} while (0)
 #endif
 
 /* Macro to disable benchmark */
@@ -359,7 +362,7 @@
             printf("%s%s L%d error %d for \"%s\"\n",          \
                     err_prefix, __FILE__, __LINE__,           \
                     errno, #__VA_ARGS__);                     \
-            fflush(stdout);                                   \
+            XFFLUSH(stdout);                                  \
             _exit(1);                                         \
         }                                                     \
     } while(0)
@@ -373,7 +376,7 @@
             printf("%s%s L%d error %d for \"%s\"\n",                 \
                    err_prefix, __FILE__, __LINE__,                   \
                    _pthread_ret, #__VA_ARGS__);                      \
-            fflush(stdout);                                          \
+            XFFLUSH(stdout);                                         \
             _exit(1);                                                \
         }                                                            \
     } while(0)
@@ -1948,7 +1951,7 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
     }
 
 #ifndef WOLFSSL_SGX
-    fflush(stdout);
+    XFFLUSH(stdout);
 #endif
 
     /* Add to thread stats */
@@ -2081,7 +2084,7 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
     }
 
 #ifndef WOLFSSL_SGX
-    fflush(stdout);
+    XFFLUSH(stdout);
 #endif
 
     /* Add to thread stats */
@@ -9125,6 +9128,9 @@ static int string_matches(const char* arg, const char* str)
         ESP_ERROR_CHECK(gptimer_enable(esp_gptimer));
         ESP_ERROR_CHECK(gptimer_start(esp_gptimer));
     #endif
+    #elif defined(MAIN_NO_ARGS)
+        int argc = 0;
+        char** argv = NULL;
 
     #endif
 

wolfcrypt/src/wc_port.c

@@ -915,13 +915,48 @@ void wc_ReadDirClose(ReadDirCtx* ctx)
 #endif /* !NO_FILESYSTEM */
 
 #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_ZEPHYR)
-XFILE z_fs_open(const char* filename, const char* perm)
+XFILE z_fs_open(const char* filename, const char* mode)
 {
     XFILE file;
+    fs_mode_t flags = 0;
+
+    if (mode == NULL)
+        return NULL;
+
+    /* Parse mode */
+    switch (*mode++) {
+        case 'r':
+            flags |= FS_O_READ;
+            break;
+        case 'w':
+            flags |= FS_O_WRITE|FS_O_CREATE;
+            break;
+        case 'a':
+            flags |= FS_O_APPEND|FS_O_CREATE;
+            break;
+        default:
+            return NULL;
+    }
+
+    /* Ignore binary flag */
+    if (*mode == 'b')
+        mode++;
+    if (*mode == '+') {
+        flags |= FS_O_READ;
+        /* Don't add write flag if already appending */
+        if (!(flags & FS_O_APPEND))
+            flags |= FS_O_RDWR;
+    }
+    /* Ignore binary flag */
+    if (*mode == 'b')
+        mode++;
+    /* Incorrect mode string */
+    if (*mode != '\0')
+        return NULL;
 
     file = (XFILE)XMALLOC(sizeof(*file), NULL, DYNAMIC_TYPE_FILE);
     if (file != NULL) {
-        if (fs_open(file, filename) != 0) {
+        if (fs_open(file, filename, flags) != 0) {
             XFREE(file, NULL, DYNAMIC_TYPE_FILE);
             file = NULL;
         }

wolfcrypt/test/test.c

@@ -43777,6 +43777,9 @@ WOLFSSL_TEST_SUBROUTINE int mutex_test(void)
 {
 #ifdef WOLFSSL_PTHREADS
     wolfSSL_Mutex m;
+#endif
+#if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \
+    !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
     int ret;
 #endif
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)

wolfssl/wolfcrypt/wc_port.h

@@ -139,7 +139,12 @@
     /* do nothing */
 #elif defined(WOLFSSL_ZEPHYR)
     #ifndef SINGLE_THREADED
+        #ifndef CONFIG_PTHREAD_IPC
+            #error "Need CONFIG_PTHREAD_IPC for threading"
+        #endif
         #include <zephyr/kernel.h>
+        #include <zephyr/posix/posix_types.h>
+        #include <zephyr/posix/pthread.h>
     #endif
 #elif defined(WOLFSSL_TELIT_M2MB)
 
@@ -513,11 +518,14 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XFILE      struct fs_file_t*
     #define STAT       struct fs_dirent
 
-    XFILE z_fs_open(const char* filename, const char* perm);
+    /* These are our wrappers for opening and closing files to
+     * make the API more POSIX like. */
+    XFILE z_fs_open(const char* filename, const char* mode);
     int z_fs_close(XFILE file);
 
     #define XFOPEN              z_fs_open
     #define XFCLOSE             z_fs_close
+    #define XFFLUSH             fs_sync
     #define XFSEEK              fs_seek
     #define XFTELL              fs_tell
     #define XFREWIND            fs_rewind
@@ -528,6 +536,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
     #define XBADFILE            NULL
     #define XFGETS(b,s,f)       -2 /* Not ported yet */
 
+    #define XSTAT               fs_stat
+    #define XS_ISREG(s)         (s == FS_DIR_ENTRY_FILE)
+    #define SEPARATOR_CHAR      ':'
+
 #elif defined(WOLFSSL_TELIT_M2MB)
     #define XFILE                    INT32
     #define XFOPEN(NAME, MODE)       m2mb_fs_open((NAME), 0, (MODE))
@@ -655,12 +667,6 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
         #define XREAD       read
         #define XCLOSE      close
 
-    #elif defined(WOLFSSL_ZEPHYR)
-        #ifndef XSTAT
-        #define XSTAT       fs_stat
-        #endif
-        #define XS_ISREG(s) (s == FS_DIR_ENTRY_FILE)
-        #define SEPARATOR_CHAR ':'
     #elif defined(WOLFSSL_TELIT_M2MB)
         #ifndef XSTAT
         #define XSTAT       m2mb_fs_stat

zephyr/samples/wolfssl_benchmark/prj.conf

@@ -3,6 +3,9 @@
 CONFIG_MAIN_STACK_SIZE=32768
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
 
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
 # Clock for time()
 CONFIG_POSIX_CLOCK=y
 

zephyr/samples/wolfssl_test/prj.conf

@@ -3,6 +3,9 @@
 CONFIG_MAIN_STACK_SIZE=32768
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384
 
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
 # Clock for time()
 CONFIG_POSIX_CLOCK=y
 

zephyr/samples/wolfssl_tls_sock/prj.conf

@@ -7,6 +7,9 @@ CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
 # General config
 CONFIG_NEWLIB_LIBC=y
 
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
 # Clock for time()
 CONFIG_POSIX_CLOCK=y
 
@@ -43,6 +46,8 @@ CONFIG_NET_PKT_TX_COUNT=10
 # Logging
 CONFIG_PRINTK=y
 #CONFIG_WOLFSSL_DEBUG=y
+#CONFIG_LOG=y
+#CONFIG_LOG_MODE_IMMEDIATE=y
 
 # TLS configuration
 CONFIG_WOLFSSL=y

zephyr/samples/wolfssl_tls_sock/src/tls_sock.c

@@ -30,8 +30,8 @@
 #endif
 
 #define BUFFER_SIZE           2048
-#define STATIC_MEM_SIZE       (96*1024)
+#define STATIC_MEM_SIZE       (192*1024)
-#define THREAD_STACK_SIZE     (12*1024)
+#define THREAD_STACK_SIZE     (24*1024)
 #define MAX_SEND_SIZE         256
 
 /* The stack to use in the server's thread. */
@@ -64,6 +64,15 @@ static const char msgHTTPIndex[] =
     "</body>\n"
     "</html>\n";
 
+/* DO NOT use this in production. You should implement a way
+ * to get the current date. */
+static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store->error == ASN_BEFORE_DATE_E)
+        return 1; /* override error */
+    else
+        return preverify;
+}
 
 /* Create a new wolfSSL client with a server CA certificate. */
 static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
@@ -81,8 +90,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
 
     if (ret == 0) {
         /* Load client certificates into WOLFSSL_CTX */
-        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+        if (wolfSSL_CTX_load_verify_buffer_ex(client_ctx, ca_cert_der_2048,
-                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
+                /* DO NOT use this in production. You should
+                 * implement a way to get the current date. */
+                WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) !=
                 WOLFSSL_SUCCESS) {
             printf("ERROR: failed to load CA certificate\n");
             ret = -1;
@@ -97,6 +109,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
         }
     }
 
+    if (ret == 0)
+        wolfSSL_set_verify(client_ssl,
+            WOLFSSL_VERIFY_PEER|WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+            verifyIgnoreDateError);
+
     if (ret == 0) {
         /* Return newly created wolfSSL context and object */
         *ctx = client_ctx;
@@ -170,6 +187,10 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
         }
     }
 
+    if (ret == 0)
+        wolfSSL_set_verify(server_ssl, WOLFSSL_VERIFY_PEER,
+            verifyIgnoreDateError);
+
     if (ret == 0) {
         /* Return newly created wolfSSL context and object */
         *ctx = server_ctx;

zephyr/samples/wolfssl_tls_thread/prj.conf

@@ -4,6 +4,9 @@ CONFIG_ENTROPY_GENERATOR=y
 CONFIG_INIT_STACKS=y
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=65536
 
+# Pthreads
+CONFIG_PTHREAD_IPC=y
+
 # Clock for time()
 CONFIG_POSIX_CLOCK=y
 
@@ -16,16 +19,18 @@ CONFIG_NET_SOCKETS=y
 CONFIG_DNS_RESOLVER=y
 
 # Logging
-# Enable logging using RTT and UART
 CONFIG_PRINTK=y
-CONFIG_CBPRINTF_LIBC_SUBSTS=y
-CONFIG_CBPRINTF_FP_SUPPORT=y
-CONFIG_CONSOLE=y
 CONFIG_LOG=y
-CONFIG_LOG_BACKEND_UART=y
+CONFIG_LOG_MODE_IMMEDIATE=y
-CONFIG_LOG_BUFFER_SIZE=15360
 #CONFIG_WOLFSSL_DEBUG=y
 
+# Enable logging using RTT and UART
+#CONFIG_CBPRINTF_LIBC_SUBSTS=y
+#CONFIG_CBPRINTF_FP_SUPPORT=y
+#CONFIG_CONSOLE=y
+#CONFIG_LOG_BACKEND_UART=y
+#CONFIG_LOG_BUFFER_SIZE=15360
+
 # TLS configuration
 CONFIG_WOLFSSL=y
 CONFIG_WOLFSSL_BUILTIN=y

zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c

@@ -43,8 +43,8 @@
 #endif
 
 #define BUFFER_SIZE           2048
-#define STATIC_MEM_SIZE       (96*1024)
+#define STATIC_MEM_SIZE       (192*1024)
-#define THREAD_STACK_SIZE     (13*1024)
+#define THREAD_STACK_SIZE     (24*1024)
 
 /* The stack to use in the server's thread. */
 K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
@@ -173,6 +173,16 @@ static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
     return sz;
 }
 
+/* DO NOT use this in production. You should implement a way
+ * to get the current date. */
+static int verifyIgnoreDateError(int preverify, WOLFSSL_X509_STORE_CTX* store)
+{
+    if (store->error == ASN_BEFORE_DATE_E)
+        return 1; /* override error */
+    else
+        return preverify;
+}
+
 /* Create a new wolfSSL client with a server CA certificate. */
 static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
 {
@@ -189,8 +199,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
 
     if (ret == 0) {
         /* Load client certificates into WOLFSSL_CTX */
-         if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_ecc_cert_der_256,
+         if (wolfSSL_CTX_load_verify_buffer_ex(client_ctx, ca_ecc_cert_der_256,
-                sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) !=
+                sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1, 0,
+                /* DO NOT use this in production. You should
+                 * implement a way to get the current date. */
+                WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) !=
                 WOLFSSL_SUCCESS) {
             printf("ERROR: failed to load CA certificate\n");
             ret = -1;
@@ -218,6 +231,11 @@ static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
         }
     }
 
+    if (ret == 0)
+        wolfSSL_set_verify(client_ssl,
+            WOLFSSL_VERIFY_PEER|WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+            verifyIgnoreDateError);
+
 #if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
     if (ret == 0) {
         XMEMSET(&client_psa_ctx, 0, sizeof(client_psa_ctx));
@@ -378,6 +396,10 @@ static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
         }
     }
 
+    if (ret == 0)
+        wolfSSL_set_verify(server_ssl, WOLFSSL_VERIFY_PEER,
+            verifyIgnoreDateError);
+
 #if defined(WOLFSSL_HAVE_PSA) && defined(HAVE_PK_CALLBACKS)
     if (ret == 0) {
         if (wolfSSL_set_psa_ctx(server_ssl, &server_psa_ctx)
@@ -543,6 +565,7 @@ void server_thread(void* arg1, void* arg2, void* arg3)
         ret = wolfssl_send(server_ssl, msgHTTPIndex);
 
     printf("Server Return: %d\n", ret);
+    printf("Server Error: %d\n", wolfSSL_get_error(server_ssl, ret));
 
 #ifdef WOLFSSL_STATIC_MEMORY
     printf("Server Memory Stats\n");
@@ -618,6 +641,8 @@ int main()
         ret = 0;
 
     printf("Client Return: %d\n", ret);
+    printf("Client Error: %d\n", wolfSSL_get_error(client_ssl, ret));
+
 
     join_thread(serverThread);