[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT/LIBAXTLS PATCH 1/2] Initial port of the axtls library (version 2.1.5)



Hello Felipe,

Please find the comment inline:

The patch fails to compile with following error:

build/libaxtls/origin/axtls-code/ssl/os_port.h:137:24: fatal error: netinet/in.h: No such file or directory #include <netinet/in.h>

Thanks & Regards

Sharan

On 7/13/19 7:36 AM, Felipe Huici wrote:
Note lwip is required.

Signed-off-by: Felipe Huici <felipe.huici@xxxxxxxxx>
---
  Config.uk               |   4 ++
  Makefile.uk             | 117 +++++++++++++++++++++++++++++++++++++++++++++++
  glue.c                  |  12 +++++
  include/asm/byteorder.h |  86 +++++++++++++++++++++++++++++++++++
  include/config.h        | 118 ++++++++++++++++++++++++++++++++++++++++++++++++
  5 files changed, 337 insertions(+)
  create mode 100644 Config.uk
  create mode 100644 Makefile.uk
  create mode 100644 glue.c
  create mode 100644 include/asm/byteorder.h
  create mode 100644 include/config.h

diff --git a/Config.uk b/Config.uk
new file mode 100644
index 0000000..ec8da21
--- /dev/null
+++ b/Config.uk
@@ -0,0 +1,4 @@
+menuconfig LIBAXTLS
+          bool "axTLS Embedded SSL"
+          default n
+          select LIBNOLIBC if !HAVE_LIBC
Select LIBLWIP
diff --git a/Makefile.uk b/Makefile.uk
new file mode 100644
index 0000000..cf513a0
--- /dev/null
+++ b/Makefile.uk
@@ -0,0 +1,117 @@
+#  libaxtls Makefile.uc
+#
+#  Authors: Felipe Huici <felipe.huici@xxxxxxxxx>
+#
+#
+#  Copyright (c) 2019, NEC Europe Ltd., NEC Corporation. All rights reserved.
+#
+#  Redistribution and use in source and binary forms, with or without
+#  modification, are permitted provided that the following conditions
+#  are met:
+#
+#  1. Redistributions of source code must retain the above copyright
+#     notice, this list of conditions and the following disclaimer.
+#  2. Redistributions in binary form must reproduce the above copyright
+#     notice, this list of conditions and the following disclaimer in the
+#     documentation and/or other materials provided with the distribution.
+#  3. Neither the name of the copyright holder nor the names of its
+#     contributors may be used to endorse or promote products derived from
+#     this software without specific prior written permission.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+#  POSSIBILITY OF SUCH DAMAGE.
+#
+#  THIS HEADER MAY NOT BE EXTRACTED OR MODIFIED IN ANY WAY.
+#
+
+################################################################################
+# Library registration
+################################################################################
+$(eval $(call addlib_s,libaxtls,$(CONFIG_LIBAXTLS)))
+
+################################################################################
+# Sources
+################################################################################
+LIBAXTLS_VERSION=2.1.5
+LIBAXTLS_URL=https://sourceforge.net/projects/axtls/files/2.1.5/axTLS-2.1.5.tar.gz/download
s/2.1.5/$(LIBAXTLS_VERSION)
+LIBAXTLS_PATCHDIR=$(LIBAXTLS_BASE)/patches
+$(eval $(call fetchas,libaxtls,$(LIBAXTLS_URL),$(LIBAXTLS_VERSION).tgz))
+$(eval $(call 
patch,libaxtls,$(LIBAXTLS_PATCHDIR),libaxtls-$(LIBAXTLS_VERSION)))
+
+################################################################################
+# Helpers
+################################################################################
+LIBAXTLS_SRC=$(LIBAXTLS_ORIGIN)/axtls-code
+
+################################################################################
+# Library includes
+################################################################################
+CINCLUDES-$(CONFIG_LIBAXTLS) +=   -I$(LIBAXTLS_SRC)/include \
+                                  -I$(LIBAXTLS_SRC)/crypto  \
+                                  -I$(LIBAXTLS_SRC)/ssl     \
+                                  -I$(LIBAXTLS_BASE)/include

Should the  $(LIBAXTLS_BASE)/include be a global CINCLUDE or library specific. This main functionality it provides are the config.h and byteorder.h. Shouldn't the config.h be specific to the library. Since we dont have a exportsym.uk. Do we want to add it as a CINCLUDES as the implementation is going to hidden within this library.


+
+CXXINCLUDES-$(CONFIG_LIBAXTLS) += -I$(LIBAXTLS_SRC)/include \
+                                  -I$(LIBAXTLS_SRC)/crypto  \
+                                  -I$(LIBAXTLS_SRC)/ssl     \
+                                  -I$(LIBAXTLS_BASE)/include
+
+################################################################################
+# Global flags
+################################################################################
+LIBAXTLS_CFLAGS-y += -DHAVE_CONFIG_H
+
+# Suppress some warnings to make the build process look neater
+SUPPRESS_FLAGS += -Wno-unused-parameter -Wno-unused-variable -Wno-nonnull      
 \
+-Wno-unused-but-set-variable -Wno-unused-label -Wno-char-subscripts            
 \
+-Wno-unused-function -Wno-missing-field-initializers -Wno-uninitialized        
 \
+-Wno-array-bounds -Wno-maybe-uninitialized -Wno-pointer-sign -Wno-unused-value 
 \
+-Wno-unused-macros -Wno-parentheses -Wno-implicit-function-declaration         
 \
+-Wno-missing-braces -Wno-endif-labels -Wno-unused-but-set-variable             
 \
+-Wno-implicit-function-declaration -Wno-type-limits -Wno-sign-compare
Wno-implicit-function-declaration, Wno-array-bounds, Wno-type-limits
+
+LIBAXTLS_CFLAGS-y   += $(SUPPRESS_FLAGS)
+LIBAXTLS_CXXFLAGS-y += $(SUPPRESS_FLAGS)
+
+################################################################################
+# OS dependencies code - Glue between Unikfraft and axtls
+################################################################################
+LIBAXTLS_SRCS-y += $(LIBAXTLS_BASE)/glue.c
+
+################################################################################
+# axtls code - crypto
+################################################################################
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/aes.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/bigint.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/crypto_misc.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/hmac.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/md5.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/rc4.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/rsa.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/sha1.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/sha256.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/sha384.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/crypto/sha512.c
+
+################################################################################
+# axtls code - ssl
+################################################################################
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/asn1.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/gen_cert.c

Without this symbol CONFIG_SSL_GENERATE_X509_CERT, this is a empty file? Since we undef it do we need this?

+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/loader.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/openssl.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/os_port.c
There are implementation specific to the WIN32. We probably don't need this
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/p12.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/tls1.c
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/tls1_svr.c

+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/tls1_clnt.c
This depend on CONFIG_SSL_ENABLE_CLIENT which is disabled.
+LIBAXTLS_SRCS-y += $(LIBAXTLS_SRC)/ssl/x509.c
diff --git a/glue.c b/glue.c
new file mode 100644
index 0000000..7138f9d
--- /dev/null
+++ b/glue.c
@@ -0,0 +1,12 @@
+/* According to POSIX.1-2001, POSIX.1-2008 */
+#include <sys/select.h>
+
+/* According to earlier standards */
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+int select(int nfds, fd_set *readfds, fd_set *writefds,
+          fd_set *exceptfds, struct timeval *timeout) {
+       return -1;
+}
diff --git a/include/asm/byteorder.h b/include/asm/byteorder.h

Would it be better to add this file within libcs?

new file mode 100644
index 0000000..f3747eb
--- /dev/null
+++ b/include/asm/byteorder.h
@@ -0,0 +1,86 @@
+/* Taken from musl's endian.h */
+
+#ifndef LIBAXTLS_GLUE_ENDIAN_H
+#define LIBAXTLS_GLUE_ENDIAN_H
+
+
+/* #include <features.h> */
+
+#define __LITTLE_ENDIAN 1234
+#define __BIG_ENDIAN 4321
+#define __PDP_ENDIAN 3412
+
+/* #if defined(__GNUC__) && defined(__BYTE_ORDER__) */
+#define __BYTE_ORDER __BYTE_ORDER__
+/*
+#else
+#include <bits/endian.h>
+#endif
+*/
+/* #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE) */
+
+#define BIG_ENDIAN __BIG_ENDIAN
+#define LITTLE_ENDIAN __LITTLE_ENDIAN
+#define PDP_ENDIAN __PDP_ENDIAN
+#define BYTE_ORDER __BYTE_ORDER
+
+#include <stdint.h>
+
+static __inline uint16_t __bswap16(uint16_t __x)
+{
+       return __x<<8 | __x>>8;
+}
+
+static __inline uint32_t __bswap32(uint32_t __x)
+{
+       return __x>>24 | __x>>8&0xff00 | __x<<8&0xff0000 | __x<<24;
+}
+
+static __inline uint64_t __bswap64(uint64_t __x)
+{
+       return __bswap32(__x)+0ULL<<32 | __bswap32(__x>>32);
+}
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+#define htobe16(x) __bswap16(x)
+#define be16toh(x) __bswap16(x)
+#define betoh16(x) __bswap16(x)
+#define htobe32(x) __bswap32(x)
+#define be32toh(x) __bswap32(x)
+#define betoh32(x) __bswap32(x)
+#define htobe64(x) __bswap64(x)
+#define be64toh(x) __bswap64(x)
+#define betoh64(x) __bswap64(x)
+#define htole16(x) (uint16_t)(x)
+#define le16toh(x) (uint16_t)(x)
+#define letoh16(x) (uint16_t)(x)
+#define htole32(x) (uint32_t)(x)
+#define le32toh(x) (uint32_t)(x)
+#define letoh32(x) (uint32_t)(x)
+#define htole64(x) (uint64_t)(x)
+#define le64toh(x) (uint64_t)(x)
+#define letoh64(x) (uint64_t)(x)
+#else
+#define htobe16(x) (uint16_t)(x)
+#define be16toh(x) (uint16_t)(x)
+#define betoh16(x) (uint16_t)(x)
+#define htobe32(x) (uint32_t)(x)
+#define be32toh(x) (uint32_t)(x)
+#define betoh32(x) (uint32_t)(x)
+#define htobe64(x) (uint64_t)(x)
+#define be64toh(x) (uint64_t)(x)
+#define betoh64(x) (uint64_t)(x)
+#define htole16(x) __bswap16(x)v
+#define le16toh(x) __bswap16(x)
+#define letoh16(x) __bswap16(x)
+#define htole32(x) __bswap32(x)
+#define le32toh(x) __bswap32(x)
+#define letoh32(x) __bswap32(x)
+#define htole64(x) __bswap64(x)
+#define le64toh(x) __bswap64(x)
+#define letoh64(x) __bswap64(x)
+#endif
+
+/* #endif */
+
+#endif
diff --git a/include/config.h b/include/config.h
new file mode 100644
index 0000000..acd2973
--- /dev/null
+++ b/include/config.h
@@ -0,0 +1,118 @@
+/*
+ * Automatically generated header file: don't edit
+ */
+
+#define HAVE_DOT_CONFIG 1
+#define CONFIG_PLATFORM_LINUX 1

Should we have this CONFIG_PLATFORM_LINUX?


+#undef CONFIG_PLATFORM_CYGWIN
+#undef CONFIG_PLATFORM_WIN32
+
+/*
+ * General Configuration
+ */
+#define PREFIX "/usr/local"
We don't need PREFIX?
+#undef CONFIG_DEBUG

Should we have this

#ifdef UK_DEBUG

#define CONFIG_DEBUG

#else

#undef CONFIG_DEBUG

#endif /* UK_DEBUG */

+#define CONFIG_STRIP_UNWANTED_SECTIONS 1
+#undef CONFIG_VISUAL_STUDIO_7_0
+#undef CONFIG_VISUAL_STUDIO_8_0
+#undef CONFIG_VISUAL_STUDIO_10_0
+#define CONFIG_VISUAL_STUDIO_7_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_8_0_BASE ""
+#define CONFIG_VISUAL_STUDIO_10_0_BASE ""
+#define CONFIG_EXTRA_CFLAGS_OPTIONS ""
+#define CONFIG_EXTRA_LDFLAGS_OPTIONS ""
+
+/*
+ * SSL Library
+ */
+#undef CONFIG_SSL_SERVER_ONLY
+#undef CONFIG_SSL_CERT_VERIFICATION
+#undef CONFIG_SSL_ENABLE_CLIENT
+#define CONFIG_SSL_FULL_MODE 1
+#undef CONFIG_SSL_SKELETON_MODE
+#undef CONFIG_SSL_PROT_LOW
+#define CONFIG_SSL_PROT_MEDIUM 1
+#undef CONFIG_SSL_PROT_HIGH
+#define CONFIG_SSL_USE_DEFAULT_KEY 1
+#define CONFIG_SSL_PRIVATE_KEY_LOCATION ""
+#define CONFIG_SSL_PRIVATE_KEY_PASSWORD ""
+#define CONFIG_SSL_X509_CERT_LOCATION ""
+#undef CONFIG_SSL_GENERATE_X509_CERT
+#define CONFIG_SSL_X509_COMMON_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
+#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
+#define CONFIG_SSL_HAS_PEM 1
+#define CONFIG_SSL_USE_PKCS12 1
+#define CONFIG_SSL_EXPIRY_TIME 24
+#define CONFIG_X509_MAX_CA_CERTS 150
+#define CONFIG_SSL_MAX_CERTS 3
+#undef CONFIG_SSL_CTX_MUTEXING
+#define CONFIG_USE_DEV_URANDOM 1
Do we need this configuration enabled? If so then don't we need the devfs enabled.
+#undef CONFIG_WIN32_USE_CRYPTO_LIB
+#define CONFIG_OPENSSL_COMPATIBLE 1
+#undef CONFIG_PERFORMANCE_TESTING
+#undef CONFIG_SSL_TEST
+#define CONFIG_AXTLSWRAP 1
+#undef CONFIG_AXHTTPD
+#undef CONFIG_HTTP_STATIC_BUILD
+#define CONFIG_HTTP_PORT
Where would this be used since we don't include httpd source directories?
+#define CONFIG_HTTP_HTTPS_PORT
+#define CONFIG_HTTP_SESSION_CACHE_SIZE
+#define CONFIG_HTTP_WEBROOT ""
+#define CONFIG_HTTP_TIMEOUT
+#undef CONFIG_HTTP_HAS_CGI
+#define CONFIG_HTTP_CGI_EXTENSIONS ""
+#undef CONFIG_HTTP_ENABLE_LUA
+#define CONFIG_HTTP_LUA_PREFIX ""
+#undef CONFIG_HTTP_BUILD_LUA
+#define CONFIG_HTTP_CGI_LAUNCHER ""
+#undef CONFIG_HTTP_DIRECTORIES
+#undef CONFIG_HTTP_HAS_AUTHORIZATION
+#undef CONFIG_HTTP_HAS_IPV6
+#undef CONFIG_HTTP_ENABLE_DIFFERENT_USER
+#define CONFIG_HTTP_USER ""
+#undef CONFIG_HTTP_VERBOSE
+#undef CONFIG_HTTP_IS_DAEMON
+
+/*
+ * Language Bindings
+ */
+#undef CONFIG_BINDINGS
+#undef CONFIG_CSHARP_BINDINGS
+#undef CONFIG_VBNET_BINDINGS
+#define CONFIG_DOT_NET_FRAMEWORK_BASE ""
+#undef CONFIG_JAVA_BINDINGS
+#define CONFIG_JAVA_HOME ""
+#undef CONFIG_PERL_BINDINGS
+#define CONFIG_PERL_CORE ""
+#define CONFIG_PERL_LIB ""
+#undef CONFIG_LUA_BINDINGS
+#define CONFIG_LUA_CORE ""
+
+/*
+ * Samples
+ */
+#undef CONFIG_SAMPLES
+#undef CONFIG_C_SAMPLES
+#undef CONFIG_CSHARP_SAMPLES
+#undef CONFIG_VBNET_SAMPLES
+#undef CONFIG_JAVA_SAMPLES
+#undef CONFIG_PERL_SAMPLES
+#undef CONFIG_LUA_SAMPLES
+
+/*
+ * BigInt Options
+ */
+#undef CONFIG_BIGINT_CLASSICAL
+#undef CONFIG_BIGINT_MONTGOMERY
+#define CONFIG_BIGINT_BARRETT 1
+#define CONFIG_BIGINT_CRT 1
+#undef CONFIG_BIGINT_KARATSUBA
+#define MUL_KARATSUBA_THRESH
+#define SQU_KARATSUBA_THRESH
+#define CONFIG_BIGINT_SLIDING_WINDOW 1
+#define CONFIG_BIGINT_SQUARE 1
+#undef CONFIG_BIGINT_CHECK_ON
+#define CONFIG_INTEGER_32BIT 1
+#undef CONFIG_INTEGER_16BIT
+#undef CONFIG_INTEGER_8BIT

_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.