1 (edited by Zeddi 2014-02-23 06:38:52)

Topic: [SOLVED] load_buffer with NO_FILESYSTEM define needs filesystem?

I'm trying to run the unit-tests on a WIP eCos port (based on wolfSSL embedded SSL 2.7.0), but stumbled over certificate loading with the example server and NO_FILESYSTEM defined.

This define helped during API tests, as the client certificates are then loaded directly from the certs_test.h header file, e.g.:

/* ./certs/1024/client-key.der, 1024-bit */
const unsigned char client_key_der_1024[] =
{
    0x30, 0x82, 0x02, 0x5C, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 
[...]
};

I hoped that this will work the same way when I start the server itself (in my case through the SuiteTests-function in suites.c). Unfortunately, the server only loads certificates if a filesystem is available (examples/server/server.c):

#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
    if (!usePsk) {
        if (SSL_CTX_use_certificate_file(ctx, ourCert, SSL_FILETYPE_PEM)
                                         != SSL_SUCCESS)
            err_sys("can't load server cert file, check file and run from"
                    " wolfSSL home dir");
    }
#endif

Then I saw that the echoserver (examples/echoserver/echoserver.c) on the other hand has code for the NO_FILESYSTEM case:

#ifndef NO_FILESYSTEM
[...]
#elif !defined(NO_CERTS)
    if (!doPSK) {
        load_buffer(ctx, svrCert, WOLFSSL_CERT);
        load_buffer(ctx, svrKey,  WOLFSSL_KEY);
    }
#endif

What made me sad in the end, was that the function load_buffer as defined in test.h again needs a filesystem to fill the buffer with contents of the file passed:

#if defined(NO_FILESYSTEM) && !defined(NO_CERTS)
[...]
static INLINE void load_buffer(WOLFSSL_CTX* ctx, const char* fname, int type)
{
        /* test buffer load */
        long  sz = 0;
        byte  buff[10000];
        FILE* file = fopen(fname, "rb");

        if (!file)
            err_sys("can't open file for buffer load "
                    "Please run from wolfSSL home directory if not");
[...]
#endif /* NO_FILESYSTEM */

So, do I have to make my own load_buffer-function which fills ctx directly from a char array, or is there any other intended way to do this which I'm missing?

Thanks!
- Daniel

Share

Re: [SOLVED] load_buffer with NO_FILESYSTEM define needs filesystem?

Hi Daniel,

You are correct in your findings.  Our client/server examples currently assume that there will be a file system available.  We'll need to work on making those easier to use in filesystem-less environments.

You'd need to use the buffer loading functions to load your certificates and keys instead of the file loading functions, ie:

wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
etc.

Best Regards,
Chris

Re: [SOLVED] load_buffer with NO_FILESYSTEM define needs filesystem?

Hi Chris,

thanks for the confirmation.

I already did what you were suggesting and so far it's working for my use-cases. Of course it's not a very nice solution as I hard-coded the hex-values of all the certificates in DER-format into some header-files.
I will provide the code with the remainder of the eCos-port once I'm done smile.

Regards
- Daniel

Share