wolfssh
wolfssh copied to clipboard
wolfSSL
wolfssh_echoserver Example Fails to Compile Due to wc_SSH_KDF Implicit Declaration
When compiling the wolfssh_echoserver example located at wolfssh/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver, the build fails with the following error:
~/wolfssh/src/internal.c: In function 'GenerateKey':
~/wolfssh/src/internal.c:2215:15: error: implicit declaration of function 'wc_SSH_KDF'; did you mean 'wc_HKDF'? [-Wimplicit-function-declaration]
2215 | ret = wc_SSH_KDF(hashId, keyId, key, keySz,
| ^~~~~~~~~~
| wc_HKDF
t appears that wc_SSH_KDF is conditionally compiled behind a feature flag. The only workaround I found was to add the following definition in components/wolfssl/include/user_settings.h:
#define WOLFSSL_WOLFSSH
Steps to Reproduce:
Clone the repository. Navigate to wolfssh/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver. Attempt to build the example using ESP-IDF. Observe the compile error in wolfssh/src/internal.c regarding wc_SSH_KDF. Observed Behavior: The build fails because wc_SSH_KDF is implicitly declared, suggesting that the corresponding feature is not enabled by default.
Expected Behavior: The example should compile out-of-the-box without requiring manual modifications. If enabling the SSH functionality via a flag like WOLFSSL_WOLFSSH is intended, the documentation should clearly state this requirement.
Potential Workaround: Adding the following line in components/wolfssl/include/user_settings.h resolves the compilation error:
#define WOLFSSL_WOLFSSH
Request for Clarification/Action:
Could the maintainers confirm if this is the intended configuration for building the wolfssh_echoserver example? If so, would it be possible to update the documentation or the build configuration to automatically define WOLFSSL_WOLFSSH for this example? Alternatively, if there is another configuration method intended for this setup, please provide guidance on how to correctly enable the feature. Thank you for your time and consideration. I’m happy to help further if needed!
Hi @clutch2sft and thanks for your interest in wolfSSH as a Managed Component!
Sorry that you've had a difficult time. You are absolutely correct that things need to be improved. I've been working on this and have things nearly finished.
The WOLFSSL_WOLFSSH does need to be defined. See this line of my updated user_settings.h.
I've been struggling with some of the issues related to Staging Components and inter-component dependencies to test before actually publishing releases to the wolfSSL Managed Components. See related:
- https://github.com/wolfSSL/wolfssh/pull/770
- https://github.com/wolfSSL/wolfssh/pull/773
- https://github.com/espressif/idf-component-manager/issues/78
- https://github.com/espressif/idf-component-manager/issues/81
The TL;DR is that the component manager needs to be kept updated:
pip install -U idf-component-manager
With those updates, staging components now work slightly differently than before. If you'd like to take the wolfSSH Managed Component for a test drive, see my 1.4.18-preview1r echo server example . Be sure to set the IDF_COMPONENT_REGISTRY_URL value:
export IDF_COMPONENT_REGISTRY_URL=https://components-staging.espressif.com
I'm very close to finishing this up. I have a Getting Started with wolfSSL Using Visual Studio 2022 webinar that I am preparing for this morning, (Feb 19, 10AM Pacific; hope you can attend!) and this wolfSSH is the next item on my agenda.
@gojimmypi Thank you for such a detailed response. I'm glad you're on top of these things. As for now I had given up on managed component (though I am in love with the idea of a managed component) as I wasn't moving my toward my objective fast enough with that.
The staging thing is interesting I'll keep an eye on that - I'm just learning my way around this esp platform at the same time I'm learning my way around the wolfssl/ssh components. Happy to circle back and test it as time permits! With the of WOLFSSL_WOLFSSH I am able to keep my own project going forward, well that and the fix I put in the directory search stuff.
Again truly apricate the thoughtful response and your work. I'm not married to my fixes making it into production on the repo but I like to share the information incase it is helpful since so much effort is put out on your parts.
Hi @clutch2sft - As noted in the related https://github.com/wolfSSL/wolfssh/issues/782, I've updated the Managed Components for wolfSSL to v5.7.6 and for wolfSSH to 1.4.18.
The wolfssh_echoserver example works for me, tested on ESP-IDF v5.2. I was hoping you could take it for a test drive and confirm before I upgrade the wolfSSH library to the latest release.
try
$ git diff
diff --git a/src/internal.c b/src/internal.c
index 1fbae25..4ba9567 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -48,7 +48,8 @@
#include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/signature.h>
-#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
+#if defined(WOLFSSL_WOLFSSH) \
+ && (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
&& ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
|| defined(WOLFSSH_NO_NISTP256_MLKEM768_SHA256))
#include <wolfssl/wolfcrypt/kdf.h>
@@ -2330,7 +2331,8 @@ int GenerateKey(byte hashId, byte keyId,
const byte* h, word32 hSz,
const byte* sessionId, word32 sessionIdSz,
byte doKeyPad)
-#if (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
+#if defined(WOLFSSL_WOLFSSH) \
+ && (LIBWOLFSSL_VERSION_HEX >= WOLFSSL_V5_0_0) \
&& ((defined(HAVE_FIPS) && FIPS_VERSION_GE(5,2)) \
|| defined(WOLFSSH_NO_NISTP256_MLKEM768_SHA256))
/* Cannot use the SSH KDF with ML-KEM. With ML-KEM, doKeyPad must be false,
