mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check-in non-FIPS specific porting changes for OE22 

Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
This commit is contained in:
kaleb-himes 2021-08-23 16:29:30 -06:00
parent 229f0d5fd1
commit 5859779ddf
16 changed files with 1129 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
IDE/NETOS/Makefile.wolfcrypt.inc Normal file
View File

@ -0,0 +1,18 @@
WOLFSSL_ROOT=wolfCrypt_v4_5_2
APP_WOLFCRYPTOBJS = $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_first.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/aes.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/cmac.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/des3.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/dh.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/ecc.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/hmac.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/random.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/rsa.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha256.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha3.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha512.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/fips_test.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_last.o

21
IDE/NETOS/README.md Normal file
View File

@ -0,0 +1,21 @@
Developer notes about files in this directory:
NOTE: These files are for use with the wolfCrypt FIPS module and are not
intended or designed for use in a generic NETOS use-case. Adjustments
to the user_settings.h will be necessary for use in non-FIPS scenarios.
Makefile.wolfcrypt.inc:
This was developed for a specific customer for inclusion by their recursive
Makefile solution. This file is to be included by the top level Makefile and is
used to preserve the FIPS module order when linked.
user_settings.h:
For use with cert 3389: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3389
user_settings.h-cert2425:
DEPRECATED (preserved for posterity)
For use with expired cert 2425: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2425
wolfssl_netos_custom.c:
Functions in this file may be modified without risk of effecting the FIPS
validation, these APIs' are external to the FIPS module boundary.

10
IDE/NETOS/include.am Normal file
View File

@ -0,0 +1,10 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/NETOS/Makefile.wolfcrypt.inc
EXTRA_DIST+= IDE/NETOS/user_settings.h
EXTRA_DIST+= IDE/NETOS/user_settings.h-cert2425
EXTRA_DIST+= IDE/NETOS/wolfssl_netos_custom.c
EXTRA_DIST+= IDE/NETOS/README.md

630
IDE/NETOS/user_settings.h Normal file
View File

@ -0,0 +1,630 @@
/* user_settings.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Custom wolfSSL user settings for GCC ARM */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
#undef THREADX
#define THREADX
#ifndef TX_TIMER_TICKS_PER_SECOND
#define TX_TIMER_TICKS_PER_SECOND 100
#endif
#undef NETOS
#define NETOS
#undef BIG_ENDIAN_ORDER
#define BIG_ENDIAN_ORDER
#undef WOLFSSL_SMALL_STACK
//#define WOLFSSL_SMALL_STACK
#undef WOLFSSL_USER_IO
//#define WOLFSSL_USER_IO
#undef NO_THREAD_LS
#define NO_THREAD_LS
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef SIZEOF_LONG_LONG
#define SIZEOF_LONG_LONG 8
#undef SIZEOF_LONG
#define SIZEOF_LONG 4
#undef USE_FAST_MATH
#if 1
#define USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
/* Optimizations */
#define TFM_ARM
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 1
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 2
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#endif
#if 1
#undef NO_ATTRIBUTE_CONSTRUCTOR
#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#if 0
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 1
#define WC_RSA_PSS
#endif
#if 1
#define WC_RSA_NO_PADDING
#endif
#else
#define NO_RSA
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#undef ECC_USER_CURVES
//#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH /* Enable cofactor support */
#undef NO_STRICT_ECDSA_LEN
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
#endif
/* Compressed Key Support */
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 * 2)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overriden */
//#undef FP_MAX_BITS_ECC
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#undef TFM_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* DH */
#undef NO_DH
#if 1
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#else
#define NO_DH
#endif
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
// #define GCM_SMALL
// #define GCM_WORD32
#define GCM_TABLE
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#define HAVE_AESCCM
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 1
/* No change */
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 0
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVED25519_SMALL
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 1
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 1
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 1
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 1
/* No change */
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#undef BENCH_EMBEDDED
#define BENCH_EMBEDDED
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#undef USE_CERT_BUFFERS_1024
//#define USE_CERT_BUFFERS_1024
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#undef FORCE_BUFFER_TEST
#define FORCE_BUFFER_TEST
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
/* Override Memory API's */
#if 0
#undef XMALLOC_OVERRIDE
#define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);
extern void *myRealloc(void *p, size_t n, void* heap, int type);
#define XMALLOC(n, h, t) myMalloc(n, h, t)
#define XFREE(p, h, t) myFree(p, h, t)
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
#endif
#if 0
/* Static memory requires fast math */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* Memory callbacks */
#if 1
#undef USE_WOLFSSL_MEMORY
#define USE_WOLFSSL_MEMORY
/* Use this to measure / print heap usage */
#if 0
#undef WOLFSSL_TRACK_MEMORY
// #define WOLFSSL_TRACK_MEMORY
#undef WOLFSSL_DEBUG_MEMORY
//#define WOLFSSL_DEBUG_MEMORY
#undef WOLFSSL_DEBUG_MEMORY_PRINT
//#define WOLFSSL_DEBUG_MEMORY_PRINT
#endif
#else
#ifndef WOLFSSL_STATIC_MEMORY
#define NO_WOLFSSL_MEMORY
/* Otherwise we will use stdlib malloc, free and realloc */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
/* Seed Source */
/* Seed Source */
#if 1
extern int my_rng_generate_seed(unsigned char* output, int sz);
#undef CUSTOM_RAND_GENERATE_SEED
#define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed
#endif
/* NETOS */
#if 0
extern unsigned char get_byte_from_pool(void);
#define CUSTOM_RAND_GENERATE get_byte_from_pool
#define CUSTOM_RAND_TYPE unsigned char
#endif
/* Choose RNG method */
#if 1
/* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */
//#define WOLFSSL_GENSEED_FORTEST
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#else
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */
extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_TLS13
#if 0
#define WOLFSSL_TLS13
#endif
#undef WOLFSSL_KEY_GEN
#if 1
#define WOLFSSL_KEY_GEN
#endif
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
#define WOLFSSL_OLD_PRIME_CHECK
#endif
#undef KEEP_PEER_CERT
//#define KEEP_PEER_CERT
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#undef NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_SERVER
#undef NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_CLIENT
#undef NO_CRYPT_TEST
//#define NO_CRYPT_TEST
#undef NO_CRYPT_BENCHMARK
//#define NO_CRYPT_BENCHMARK
#undef WOLFCRYPT_ONLY
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
#undef NO_INLINE
//#define NO_INLINE
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
#undef NO_WRITEV
#define NO_WRITEV
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef NO_DEV_RANDOM
#define NO_DEV_RANDOM
#undef NO_DSA
#define NO_DSA
#undef NO_RC4
#define NO_RC4
#undef NO_OLD_TLS
#define NO_OLD_TLS
#undef NO_HC128
#define NO_HC128
#undef NO_RABBIT
#define NO_RABBIT
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
//#define NO_PWDBASED
#undef NO_CODING
//#define NO_CODING
#undef NO_ASN_TIME
//#define NO_ASN_TIME
#undef NO_CERTS
//#define NO_CERTS
#undef NO_SIG_WRAPPER
//#define NO_SIG_WRAPPER
/* ACVP Testing ONLY specific settings */
#if 0
#undef USE_NORMAL_PRINTF
#define USE_NORMAL_PRINTF
#undef USE_UART_READ_LINE
#define USE_UART_READ_LINE
#undef USE_SMALL_MONTE
#define USE_SMALL_MONTE
#undef WOLFSSL_PUBLIC_MP
#define WOLFSSL_PUBLIC_MP
#undef HAVE_FORCE_FIPS_FAILURE
#define HAVE_FORCE_FIPS_FAILURE
#endif
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

177
IDE/NETOS/user_settings.h-cert2425 Normal file
View File

@ -0,0 +1,177 @@
#ifndef _NETOS_USER_SETTINGS_H_
#define _NETOS_USER_SETTINGS_H_
/* Verify this is NetOS */
/*
#ifndef _NETOS
#error This user_settings.h header is only designed for NetOS
#endif
*/
/* Configurations */
#if defined(HAVE_FIPS)
#if defined(WOLFSSL_LIB)
#define HAVE_FIPS_VERSION 2
/* The FIPS lib */
#define THREADX
#define BIG_ENDIAN_ORDER
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#if 0
#define DEBUG_WOLFSSL
#endif
#define NO_DEV_RANDOM
#define NETOS
#define NO_FILESYSTEM
#define FORCE_BUFFER_TEST
/* wolfSSL FIPS TESTING UPDATES : */
#define NO_ATTRIBUTE_CONSTRUCTOR
#define NO_THREAD_LS
#define NO_WOLFSSL_STUB
#define WOLFSSL_KEY_GEN
#define HAVE_FORCE_FIPS_FAILURE
#define USE_CERT_BUFFERS_1024 /* for the op-tests */
#define USE_CERT_BUFFERS_256 /* for the op-tests */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define HAVE_AESGCM
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define NO_DSA
#define HAVE_ECC
#define TFM_ECC256
#define ECC_SHAMIR
#define WOLFSSL_BASE64_ENCODE
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define HAVE_HASHDRBG
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define NO_PSK
#define NO_MD4
#define NO_PWDBASED
#define USE_FAST_MATH
#define WC_NO_ASYNC_THREADING
#define WC_RSAKEY_TYPE_DEFINED
#define WC_RNG_TYPE_DEFINED
#define NO_TESTSUITE_MAIN_DRIVER
#define NO_MAIN_DRIVER
extern unsigned char get_byte_from_pool(void);
#define CUSTOM_RAND_GENERATE get_byte_from_pool
#define CUSTOM_RAND_TYPE unsigned char
#define OPENSSL_EXTRA
#define HAVE_LIGHTY
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_MYSQL_COMPATIBLE
#else
/* The FIPS apps */
#define HAVE_FIPS_VERSION 2
#define THREADX
#define BIG_ENDIAN_ORDER
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#if 0
#define DEBUG_WOLFSSL
#endif
#define NO_DEV_RANDOM
#define NETOS
#define NO_FILESYSTEM
#define FORCE_BUFFER_TEST
/* wolfSSL FIPS TESTING UPDATES : */
#define NO_ATTRIBUTE_CONSTRUCTOR
#define NO_THREAD_LS
#define NO_WOLFSSL_STUB
#define WOLFSSL_KEY_GEN
#define HAVE_FORCE_FIPS_FAILURE
#define USE_CERT_BUFFERS_2048 /* for the op-tests */
#define USE_CERT_BUFFERS_256 /* for the op-tests */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define HAVE_AESGCM
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define NO_DSA
#define HAVE_ECC
#define TFM_ECC256
#define ECC_SHAMIR
#define WOLFSSL_BASE64_ENCODE
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define HAVE_HASHDRBG
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define NO_PSK
#define NO_MD4
#define NO_PWDBASED
#define USE_FAST_MATH
#define WC_NO_ASYNC_THREADING
#define WC_RSAKEY_TYPE_DEFINED
#define WC_RNG_TYPE_DEFINED
#define NO_TESTSUITE_MAIN_DRIVER
#define NO_MAIN_DRIVER
#define OPENSSL_EXTRA
#define HAVE_LIGHTY
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_MYSQL_COMPATIBLE
#endif
#else /* HAVE_FIPS */
#if defined(WOLFSSL_LIB)
/* The NON-FIPS lib */
#define THREADX
#define BIG_ENDIAN_ORDER
#if 0
#define OPENSSL_EXTRA
#endif
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define DEBUG_WOLFSSL
#define NO_DEV_RANDOM
#define NETOS
#define NO_FILESYSTEM
#else
/* The NON-FIPS apps */
#define THREADX
#define BIG_ENDIAN_ORDER
#if 0
#define OPENSSL_EXTRA
#endif
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#define HAVE_SECURE_RENEGOTIATION
#define NO_WRITEV
#define NO_WOLFSSL_DIR
#define WOLFSSL_NO_CURRDIR
#define DEBUG_WOLFSSL
#define NETOS
#define NO_FILESYSTEM
#endif
#endif /* HAVE_FIPS */
#endif /* _NETOS_USER_SETTINGS_H_ */

97
IDE/NETOS/wolfssl_netos_custom.c Normal file
View File

@ -0,0 +1,97 @@
/* wolfssl_netos_custom.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <stdio.h>
#include <stdarg.h>
#include <tx_api.h>
#include <entropy.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/fips_test.h>
int dc_log_printf(char* format, ...);
#if BSP_SIGMA == 0
int dc_log_printf(char* format, ...)
{
va_list args;
va_start(args, (format));
fflush(stdout);
vprintf(format, args);
fflush(stdout);
va_end(args);
return 0;
}
#endif
unsigned char get_byte_from_pool(void)
{
unsigned char out;
float density;
/* Wait until pool has at least one byte */
/* TODO: improve this */
while (ent_get_byte_count() == 0)
tx_thread_sleep(1);
/* Stop gathering entropy to avoid race conditions */
ent_set_status(0);
/* Pop a single byte from the pool and continue gathering entropy */
ent_pop(&out, &density);
ent_set_status(1);
return out;
}
int my_rng_generate_seed(unsigned char* output, int sz)
{
word32 i;
srand(get_byte_from_pool());
for (i = 0; i < sz; i++) {
output[i] = (unsigned char) rand();
srand(get_byte_from_pool());
}
return 0;
}
static void appFipsCb(int ok, int err, const char* hash)
{
dc_log_printf("in appFipsCb Fips callback, ok = %d, err = %d\n", ok, err);
dc_log_printf("message = %s\n", wc_GetErrorString(err));
dc_log_printf("hash = %s\n", hash);
if (err == IN_CORE_FIPS_E) {
dc_log_printf("In core integrity hash check failure, copy above hash\n");
dc_log_printf("into verifyCore[] in fips_test.c and rebuild\n");
}
}
void setAppFipsCb(void)
{
wolfCrypt_SetCb_fips(appFipsCb);
}

1
IDE/include.am
View File

@ -41,6 +41,7 @@ include IDE/QNX/include.am
include IDE/WINCE/include.am
include IDE/iotsafe/include.am
include IDE/Android/include.am
include IDE/NETOS/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
EXTRA_DIST+= IDE/OPENSTM32/README.md

7
examples/client/client.c
View File

@ -2939,9 +2939,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifndef NO_CERTS
if (useClientCert && !loadCertKeyIntoSSLObj){
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, client_cert_der_2048,
sizeof_client_cert_der_2048) != WOLFSSL_SUCCESS)
#if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
client_cert_der_2048, sizeof_client_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
err_sys("can't load client cert buffer");
#elif !defined(TEST_LOAD_BUFFER)
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)

14
examples/server/server.c
View File

@ -2282,9 +2282,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#if !defined(NO_CERTS)
if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) {
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_use_certificate_chain_buffer(ctx, server_cert_der_2048,
sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
#if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
server_cert_der_2048, sizeof_server_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load server cert buffer");
#elif !defined(TEST_LOAD_BUFFER)
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
@ -2575,9 +2576,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
/* Support for loading private key and cert using WOLFSSL object */
#if !defined(NO_CERTS)
if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) {
#ifdef NO_FILESYSTEM
if (wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
sizeof_server_cert_der_2048) != WOLFSSL_SUCCESS)
#if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048)
if (wolfSSL_use_certificate_chain_buffer_format(ssl,
server_cert_der_2048, sizeof_server_cert_der_2048,
WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
err_sys_ex(catastrophic, "can't load server cert buffer");
#elif !defined(TEST_LOAD_BUFFER)
if (SSL_use_certificate_chain_file(ssl, ourCert)

4
src/ssl.c
View File

@ -29005,10 +29005,12 @@ WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(WOLFSSL_STACK* sk, int i
return (WOLFSSL_CIPHER*)wolfSSL_sk_value(sk, i);
}
#if !defined(NETOS)
WOLFSSL_API void ERR_load_SSL_strings(void)
{
}
#endif
#ifdef HAVE_OCSP
WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
@ -58725,7 +58727,7 @@ int wolfSSL_RAND_write_file(const char* fname)
#ifndef FREERTOS_TCP
/* These constant values are protocol values made by egd */
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API)
#if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(NETOS)
#define WOLFSSL_EGD_NBLOCK 0x01
#include <sys/un.h>
#endif

59
testsuite/testsuite.c
View File

@ -162,6 +162,7 @@ int testsuite_test(int argc, char** argv)
simple_test(&server_args);
#endif
if (server_args.return_code != 0) return server_args.return_code;
#if !defined(NETOS)
/* Echo input wolfSSL client server test */
#ifdef HAVE_STACK_SIZE
StackSizeCheck_launch(&server_args, echoserver_test, &serverThread,
@ -194,12 +195,15 @@ int testsuite_test(int argc, char** argv)
cleanup_output();
return server_args.return_code;
}
#endif /* !NETOS */
show_ciphers();
#if !defined(NETOS)
ret = validate_cleanup_output();
if (ret != 0)
return EXIT_FAILURE;
#endif
wolfSSL_Cleanup();
FreeTcpReady(&ready);
@ -415,6 +419,16 @@ void wait_tcp_ready(func_args* args)
args->signal->ready = 0; /* reset */
pthread_mutex_unlock(&args->signal->mutex);
#elif defined(NETOS)
(void)tx_mutex_get(&args->signal->mutex, TX_WAIT_FOREVER);
/* TODO:
* if (!args->signal->ready)
* pthread_cond_wait(&args->signal->cond, &args->signal->mutex);
* args->signal->ready = 0; */
(void)tx_mutex_put(&args->signal->mutex);
#else
(void)args;
#endif
@ -443,6 +457,49 @@ void start_thread(THREAD_FUNC fun, func_args* args, THREAD_TYPE* thread)
printf("Failed to create new Task\n");
}
Task_yield();
#elif defined(NETOS)
/* This can be adjusted by defining in user_settings.h, will default to 65k
* in the event it is undefined */
#ifndef TESTSUITE_THREAD_STACK_SZ
#define TESTSUITE_THREAD_STACK_SZ 65535
#endif
int result;
static void * TestSuiteThreadStack = NULL;
/* Assume only one additional thread is created concurrently. */
if (TestSuiteThreadStack == NULL)
{
TestSuiteThreadStack = (void *)malloc(TESTSUITE_THREAD_STACK_SZ);
if (TestSuiteThreadStack == NULL)
{
printf ("Stack allocation failure.\n");
return;
}
}
memset (thread, 0, sizeof *thread);
/* first create the idle thread:
* ARGS:
* Param1: pointer to thread
* Param2: name
* Param3 and 4: entry function and input
* Param5: pointer to thread stack
* Param6: stack size
* Param7 and 8: priority level and preempt threshold
* Param9 and 10: time slice and auto-start indicator */
result = tx_thread_create(thread,
"WolfSSL TestSuiteThread",
(entry_functionType)fun, (ULONG)args,
TestSuiteThreadStack,
TESTSUITE_THREAD_STACK_SZ,
2, 2,
1, TX_AUTO_START);
if (result != TX_SUCCESS)
{
printf("Ethernet Bypass Application: failed to create idle thread!\n");
}
#else
*thread = (THREAD_TYPE)_beginthreadex(0, 0, fun, args, 0, 0);
#endif
@ -465,6 +522,8 @@ void join_thread(THREAD_TYPE thread)
}
Task_yield();
}
#elif defined(NETOS)
/* TODO: */
#else
int res = WaitForSingleObject((HANDLE)thread, INFINITE);
assert(res == WAIT_OBJECT_0);

3
wolfcrypt/benchmark/benchmark.c
View File

@ -142,6 +142,9 @@
#ifdef XPRINTF
#undef printf
#define printf XPRINTF
#elif defined(NETOS)
#undef printf
#define printf dc_log_printf
#endif
#endif

10
wolfcrypt/test/test.c
View File

@ -158,9 +158,13 @@ _Pragma("GCC diagnostic ignored \"-Wunused-function\"")
/* don't use file system for these tests, since ./certs dir isn't loaded */
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF)
/* since just testing, use THREADX log printf instead */
int dc_log_printf(char*, ...);
#elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
!defined(THREADX_NO_DC_PRINTF)
#ifndef (NETOS)
/* since just testing, use THREADX log printf instead (NETOS prototypes
* this elsewhere) */
int dc_log_printf(char*, ...);
#endif
#undef printf
#define printf dc_log_printf
#elif defined(ANDROID)

2
wolfssl/ssl.h
View File

@ -2760,7 +2760,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
!defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \
!defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \
!defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \
!defined(WOLFSSL_ZEPHYR)
!defined(WOLFSSL_ZEPHYR) && !defined(NETOS)
#include <sys/uio.h>
#endif
/* allow writev style writing */

95
wolfssl/test.h
View File

@ -135,6 +135,16 @@
ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ;
return(ret) ;
}
#elif defined(NETOS)
#include <string.h>
#include <sys/types.h>
struct hostent {
char* h_name; /* official name of host */
char** h_aliases; /* alias list */
int h_addrtype; /* host address type */
int h_length; /* length of address */
char** h_addr_list; /* list of addresses from the name server */
};
#else
#include <string.h>
#include <sys/types.h>
@ -274,6 +284,12 @@
#define EXIT_TEST(ret)
#endif
#define WOLFSSL_THREAD
#elif defined(NETOS)
typedef UINT THREAD_RETURN;
typedef TX_THREAD THREAD_TYPE;
#define WOLFSSL_THREAD
#define INFINITE TX_WAIT_FOREVER
#define WAIT_OBJECT_0 TX_NO_WAIT
#else
typedef unsigned int THREAD_RETURN;
typedef intptr_t THREAD_TYPE;
@ -369,6 +385,31 @@
/* Whitewood netRandom default config file */
#define wnrConfig "wnr-example.conf"
#endif
#elif defined(NETOS) && defined(HAVE_FIPS)
/* These defines specify the file system volume and root directory used by
* the FTP server used in the only supported NETOS FIPS solution (at this
* time), these can be tailored in the event a future FIPS solution is added
* for an alternate NETOS use-case */
#define FS_VOLUME1 "FLASH0"
#define FS_VOLUME1_DIR FS_VOLUME1 "/"
#define caCertFile FS_VOLUME1_DIR "certs/ca-cert.pem"
#define eccCertFile FS_VOLUME1_DIR "certs/server-ecc.pem"
#define eccKeyFile FS_VOLUME1_DIR "certs/ecc-key.pem"
#define svrCertFile FS_VOLUME1_DIR "certs/server-cert.pem"
#define svrKeyFile FS_VOLUME1_DIR "certs/server-key.pem"
#define cliCertFile FS_VOLUME1_DIR "certs/client-cert.pem"
#define cliKeyFile FS_VOLUME1_DIR "certs/client-key.pem"
#define ntruCertFile FS_VOLUME1_DIR "certs/ntru-cert.pem"
#define ntruKeyFile FS_VOLUME1_DIR "certs/ntru-key.raw"
#define dhParamFile FS_VOLUME1_DIR "certs/dh2048.pem"
#define cliEccKeyFile FS_VOLUME1_DIR "certs/ecc-client-key.pem"
#define cliEccCertFile FS_VOLUME1_DIR "certs/client-ecc-cert.pem"
#define caEccCertFile FS_VOLUME1_DIR "certs/ca-ecc-cert/pem"
#define crlPemDir FS_VOLUME1_DIR "certs/crl"
#ifdef HAVE_WNR
/* Whitewood netRandom default config file */
#define wnrConfig "wnr-example.conf"
#endif
#else
#define caCertFile "./certs/ca-cert.pem"
#define eccCertFile "./certs/server-ecc.pem"
@ -417,6 +458,9 @@ typedef struct tcp_ready {
pthread_mutex_t mutex;
pthread_cond_t cond;
#endif
#ifdef NETOS
TX_MUTEX mutex;
#endif
} tcp_ready;
@ -429,9 +473,14 @@ static WC_INLINE void InitTcpReady(tcp_ready* ready)
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_init(&ready->mutex, 0);
pthread_cond_init(&ready->cond, 0);
#elif defined(NETOS)
tx_mutex_create(&ready->mutex, "wolfSSL Lock", TX_INHERIT);
#endif
}
#ifdef NETOS
struct hostent* gethostbyname(vonst char* name);
#endif
static WC_INLINE void FreeTcpReady(tcp_ready* ready)
{
@ -440,6 +489,8 @@ static WC_INLINE void FreeTcpReady(tcp_ready* ready)
#elif defined(_POSIX_THREADS) && !defined(__MINGW32__)
pthread_mutex_destroy(&ready->mutex);
pthread_cond_destroy(&ready->cond);
#elif defined(NETOS)
tx_mutex_delete(&ready->mutex);
#else
(void)ready;
#endif
@ -472,8 +523,11 @@ typedef struct func_args {
callback_functions *callbacks;
} func_args;
#ifdef NETOS
int dc_log_printf(char* format, ...);
#undef printf
#define printf dc_log_printf
#endif
void wait_tcp_ready(func_args*);
@ -1239,6 +1293,8 @@ static WC_INLINE void tcp_socket(SOCKET_T* sockfd, int udp, int sctp)
#elif defined(WOLFSSL_MDK_ARM) || defined (WOLFSSL_TIRTOS) ||\
defined(WOLFSSL_KEIL_TCP_NET) || defined(WOLFSSL_ZEPHYR)
/* nothing to define */
#elif defined(NETOS)
/* TODO: signal(SIGPIPE, SIG_IGN); */
#else /* no S_NOSIGPIPE */
signal(SIGPIPE, SIG_IGN);
#endif /* S_NOSIGPIPE */
@ -1939,6 +1995,14 @@ static WC_INLINE void udp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
tcp_ready* ready = args->signal;
ready->ready = 1;
ready->port = port;
#elif defined(NETOS)
{
tcp_ready* ready = args->signal;
(void)tx_mutex_get(&ready->mutex, TX_WAIT_FOREVER);
ready->ready = 1;
ready->port = port;
(void)tx_mutex_put(&ready->mutex);
}
#else
(void)port;
#endif
@ -1982,10 +2046,21 @@ static WC_INLINE void tcp_accept(SOCKET_T* sockfd, SOCKET_T* clientfd,
ready->ready = 1;
ready->port = port;
}
#elif defined(NETOS)
/* signal ready to tcp_accept */
if (args)
ready = args->signal;
if (ready) {
(void)tx_mutex_get(&ready->mutex, TX_WAIT_FOREVER);
ready->ready = 1;
ready->port = port;
(void)tx_mutex_put(&ready->mutex);
}
#endif
if (ready_file) {
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \
!defined(NETOS)
XFILE srf = NULL;
if (args)
ready = args->signal;
@ -2303,12 +2378,14 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl,
#else
#if !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_KEIL_TCP_NET) && !defined(WOLFSSL_CHIBIOS)
#include <sys/time.h>
#ifndef NETOS
#include <sys/time.h>
#endif
static WC_INLINE double current_time(int reset)
{
struct timeval tv;
gettimeofday(&tv, 0);
gettimeofday(&tv, NULL);
(void)reset;
return (double)tv.tv_sec + (double)tv.tv_usec / 1000000;
@ -2356,7 +2433,8 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
#if !defined(NO_CERTS)
#if !defined(NO_FILESYSTEM) || \
(defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST))
(defined(NO_FILESYSTEM) && defined(FORCE_BUFFER_TEST)) && \
!defined(NETOS)
/* reads file size, allocates buffer, reads into buffer, returns buffer */
static WC_INLINE int load_file(const char* fname, byte** buf, size_t* bufLen)
@ -2758,7 +2836,8 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
static WC_INLINE int ChangeToWolfRoot(void)
{
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST)
#if !defined(NO_FILESYSTEM) || defined(FORCE_BUFFER_TEST) && \
!defined(NETOS)
int depth, res;
XFILE keyFile;
for(depth = 0; depth <= MAX_WOLF_ROOT_DEPTH; depth++) {
@ -2769,6 +2848,8 @@ static WC_INLINE void CaCb(unsigned char* der, int sz, int type)
}
#ifdef USE_WINDOWS_API
res = SetCurrentDirectoryA("..\\");
#elif defined(NETOS)
return 0;
#else
res = chdir("../");
#endif

2
wolfssl/wolfio.h
View File

@ -151,6 +151,8 @@
#elif defined(EBSNET)
#include "rtipapi.h" /* errno */
#include "socket.h"
#elif defined(NETOS)
#include <sockapi.h>
#elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \
&& !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \
&& !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS)