Cleanups. Fix some multi-test issues.

Author: dgarske

.github/workflows/async-examples.yml

@@ -29,10 +29,13 @@ jobs:
           set -euo pipefail
           run_pair() {
             local mode="$1"
-            ./examples/async/async_server --"$mode" > "/tmp/async_server_${mode}.log" 2>&1 &
+            local ready="/tmp/wolfssl_async_ready_${mode}"
+            rm -f "$ready"
+            WOLFSSL_ASYNC_READYFILE="$ready" \
+              ./examples/async/async_server --"$mode" > "/tmp/async_server_${mode}.log" 2>&1 &
             local pid=$!
-            sleep 1
-            ./examples/async/async_client --"$mode" 127.0.0.1 11111 > "/tmp/async_client_${mode}.log" 2>&1
+            WOLFSSL_ASYNC_READYFILE="$ready" \
+              ./examples/async/async_client --"$mode" 127.0.0.1 11111 > "/tmp/async_client_${mode}.log" 2>&1
             local rc=$?
             kill "$pid" >/dev/null 2>&1 || true
             wait "$pid" >/dev/null 2>&1 || true

.wolfssl_known_macro_extras

@@ -622,7 +622,6 @@ WC_DILITHIUM_CACHE_PRIV_VECTORS
 WC_DILITHIUM_CACHE_PUB_VECTORS
 WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
-WC_ECC_NONBLOCK_ONLY
 WC_FLAG_DONT_USE_AESNI
 WC_FORCE_LINUXKM_FORTIFY_SOURCE
 WC_LMS_FULL_HASH
@@ -638,7 +637,6 @@ WC_RSA_NONBLOCK
 WC_RSA_NONBLOCK_TIME
 WC_RSA_NO_FERMAT_CHECK
 WC_RWLOCK_OPS_INLINE
-WC_SHA3_HARDEN
 WC_SHA384
 WC_SHA384_DIGEST_SIZE
 WC_SHA512

examples/async/Makefile

@@ -10,7 +10,9 @@ CFLAGS += -I.
 CFLAGS += -I$(WOLFSSL_TOP)
 CFLAGS += -I$(WOLFSSL_TOP)/wolfssl
 CFLAGS += -I$(WOLFSSL_TOP)/wolfssl/wolfcrypt
+CFLAGS += -Wall -Wextra -Wpedantic -Werror
 CFLAGS += -DWOLFSSL_USER_SETTINGS
+CFLAGS += -DHAVE_SYS_TIME_H
 CFLAGS += -DUSE_CERT_BUFFERS_256
 
 LDFLAGS ?=
@@ -20,17 +22,21 @@ TARGETS = async_client async_server
 
 WOLFSSL_SRC := $(wildcard $(WOLFSSL_TOP)/src/*.c)
 WOLFCRYPT_SRC := $(wildcard $(WOLFSSL_TOP)/wolfcrypt/src/*.c)
-LOCAL_SRC := async_client.c async_server.c
+LOCAL_SRC := async_client.c async_server.c async_tls.c
 
 WOLFSSL_OBJS := $(patsubst $(WOLFSSL_TOP)/%, $(OBJDIR)/%, $(WOLFSSL_SRC:.c=.o))
 WOLFCRYPT_OBJS := $(patsubst $(WOLFSSL_TOP)/%, $(OBJDIR)/%, $(WOLFCRYPT_SRC:.c=.o))
 LOCAL_OBJS := $(patsubst %.c, $(OBJDIR)/%.o, $(LOCAL_SRC))
 
-OBJS := $(LOCAL_OBJS) $(WOLFSSL_OBJS) $(WOLFCRYPT_OBJS)
+ASYNC_CLIENT_OBJS := $(OBJDIR)/async_client.o $(OBJDIR)/async_tls.o
+ASYNC_SERVER_OBJS := $(OBJDIR)/async_server.o $(OBJDIR)/async_tls.o
 
 all: $(TARGETS)
 
-$(TARGETS): %: $(OBJDIR)/%.o $(WOLFSSL_OBJS) $(WOLFCRYPT_OBJS)
+async_client: $(ASYNC_CLIENT_OBJS) $(WOLFSSL_OBJS) $(WOLFCRYPT_OBJS)
+	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+async_server: $(ASYNC_SERVER_OBJS) $(WOLFSSL_OBJS) $(WOLFCRYPT_OBJS)
 	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
 
 $(OBJDIR)/%.o: %.c user_settings.h
@@ -41,5 +47,13 @@ $(OBJDIR)/%.o: $(WOLFSSL_TOP)/%.c
 	@mkdir -p $(dir $@)
 	$(CC) $(CFLAGS) -c $< -o $@
 
+# Possibly empty files (avoids "warning: ISO C forbids an empty translation unit")
+$(OBJDIR)/wolfcrypt/src/ecc_fp.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/fips.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/fips_test.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/selftest.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/wolfcrypt_first.o: CFLAGS += -Wno-pedantic
+$(OBJDIR)/wolfcrypt/src/wolfcrypt_last.o: CFLAGS += -Wno-pedantic
+
 clean:
 	$(RM) -r $(OBJDIR) $(TARGETS)

examples/async/README.md

@@ -21,6 +21,17 @@ make -C examples/async
 ./examples/async/async_client --x25519 ecc256.badssl.com 443
 ```
 
+Optional ready-file sync (CI-friendly, avoids sleeps):
+```
+export WOLFSSL_ASYNC_READYFILE=/tmp/wolfssl_async_ready
+./examples/async/async_server --ecc
+WOLFSSL_ASYNC_READYFILE=/tmp/wolfssl_async_ready ./examples/async/async_client --ecc 127.0.0.1 11111
+```
+
+Porting the TCP/IP stack:
+Define `NET_USER_HEADER` to include your network shim and provide the
+`NET_*` macros plus `NET_IO_SEND_CB` / `NET_IO_RECV_CB`.
+
 ## Asynchronous Cryptography Design
 
 When a cryptographic call is handed off to hardware it return `WC_PENDING_E` up to caller. Then it can keep calling until the operation completes. For some platforms it is required to call `wolfSSL_AsyncPoll`. At the TLS layer a "devId" (Device ID) must be set using `wolfSSL_CTX_SetDevId` to indicate desire to offload cryptography.

examples/async/async_client.c

@@ -33,12 +33,14 @@
 #include <errno.h>
 
 /* socket */
+#ifndef NET_USER_HEADER
 #include <fcntl.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/select.h>
 #include <unistd.h>
+#endif
 
 /* wolfSSL */
 #ifdef WOLFSSL_USER_SETTINGS
@@ -55,6 +57,7 @@
 /* ------------------------------------------------------------------ */
 /* POSIX transport helpers (replace with your BSP/port layer).         */
 /* ------------------------------------------------------------------ */
+#ifndef NET_USER_HEADER
 static int posix_set_nonblocking(int fd)
 {
     int flags = fcntl(fd, F_GETFL, 0);
@@ -144,54 +147,11 @@ static int posix_net_connect(const char* host, int port)
     }
     return fd;
 }
+#endif
 
 /* ------------------------------------------------------------------ */
 /* WOLFSSL_USER_IO callbacks.                                          */
 /* ------------------------------------------------------------------ */
-static int posix_send_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx)
-{
-    (void)ssl;
-    int fd = (int)(intptr_t)ctx;
-    int ret = (int)send(fd, buf, (size_t)sz, 0);
-    if (ret >= 0) {
-        return ret;
-    }
-    if (errno == EAGAIN || errno == EWOULDBLOCK) {
-        return WOLFSSL_CBIO_ERR_WANT_WRITE;
-    }
-    return WOLFSSL_CBIO_ERR_GENERAL;
-}
-
-static int posix_recv_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx)
-{
-    (void)ssl;
-    int fd = (int)(intptr_t)ctx;
-    int ret = (int)recv(fd, buf, (size_t)sz, 0);
-    if (ret >= 0) {
-        return ret;
-    }
-    if (errno == EAGAIN || errno == EWOULDBLOCK) {
-        return WOLFSSL_CBIO_ERR_WANT_READ;
-    }
-    return WOLFSSL_CBIO_ERR_GENERAL;
-}
-
-int posix_getdevrandom(unsigned char *out, unsigned int sz);
-int posix_getdevrandom(unsigned char *out, unsigned int sz)
-{
-    ssize_t ret;
-    int fd = open("/dev/urandom", O_RDONLY);
-    if (fd < 0) {
-        return -1;
-    }
-    ret = read(fd, out, sz);
-    close(fd);
-    if (ret != (ssize_t)sz) {
-        return -1;
-    }
-    return 0;
-}
-
 static void usage(const char* prog)
 {
     printf("usage: %s [--ecc|--x25519] [host] [port]\n", prog);
@@ -260,7 +220,14 @@ int client_async_test(int argc, char** argv)
         return 0;
     }
 
-    net = posix_net_connect(host, port);
+    {
+        const char* ready = getenv(WOLFSSL_ASYNC_READYFILE_ENV);
+        if (ready != NULL) {
+            (void)async_readyfile_wait(ready,
+                WOLFSSL_ASYNC_READYFILE_TIMEOUT_MS);
+        }
+    }
+    net = NET_CONNECT(host, port);
     if (net < 0) {
         return -1;
     }
@@ -288,10 +255,11 @@ int client_async_test(int argc, char** argv)
     /* Bare-metal style: disable verification unless you load CA/peer certs. */
     wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);
 
-    wolfSSL_SetIORecv(ctx, posix_recv_cb);
-    wolfSSL_SetIOSend(ctx, posix_send_cb);
+    wolfSSL_SetIORecv(ctx, NET_IO_RECV_CB);
+    wolfSSL_SetIOSend(ctx, NET_IO_SEND_CB);
 
-    wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, host, strlen(host));
+    wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, host,
+        (word16)XSTRLEN(host));
 
     ssl = wolfSSL_new(ctx);
     if (ssl == NULL) {
@@ -300,7 +268,8 @@ int client_async_test(int argc, char** argv)
 
     wolfSSL_SetIOReadCtx(ssl, (void*)(intptr_t)net);
     wolfSSL_SetIOWriteCtx(ssl, (void*)(intptr_t)net);
-    (void)wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, host, (word16)XSTRLEN(host));
+    (void)wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, host,
+        (word16)XSTRLEN(host));
 
     for (;;) {
         ret = wolfSSL_UseKeyShare(ssl, group);
@@ -328,10 +297,10 @@ int client_async_test(int argc, char** argv)
             break;
         }
         err = wolfSSL_get_error(ssl, 0);
-        if (err == WC_PENDING_E ||
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
             err == WOLFSSL_ERROR_WANT_READ ||
             err == WOLFSSL_ERROR_WANT_WRITE) {
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
 #ifdef WOLFSSL_DEBUG_NONBLOCK
                 pending_count++;
 #endif
@@ -368,10 +337,10 @@ int client_async_test(int argc, char** argv)
             break;
         }
         err = wolfSSL_get_error(ssl, 0);
-        if (err == WC_PENDING_E ||
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
             err == WOLFSSL_ERROR_WANT_READ ||
             err == WOLFSSL_ERROR_WANT_WRITE) {
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
 #ifdef WOLFSSL_DEBUG_NONBLOCK
                 pending_count++;
 #endif
@@ -400,10 +369,10 @@ int client_async_test(int argc, char** argv)
             break;
         }
         err = wolfSSL_get_error(ssl, 0);
-        if (err == WC_PENDING_E ||
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E) ||
             err == WOLFSSL_ERROR_WANT_READ ||
             err == WOLFSSL_ERROR_WANT_WRITE) {
-            if (err == WC_PENDING_E) {
+            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
 #ifdef WOLFSSL_DEBUG_NONBLOCK
                 pending_count++;
 #endif
@@ -444,7 +413,7 @@ int client_async_test(int argc, char** argv)
 #endif
     wolfSSL_Cleanup();
     if (net >= 0) {
-        close(net);
+        NET_CLOSE(net);
     }
 
     return ret;