Add threaded samples using buffers and sockets

IDE/zephyr/lib/install_lib.sh

@@ -29,7 +29,7 @@ if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
 fi
 ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl
 
-echo "wolfSSL directory:"
+echo "wolfSSL directory in Zephyr:"
 echo "  $ZEPHYR_WOLFSSL_DIR"
 rm -rf $ZEPHYR_WOLFSSL_DIR
 mkdir $ZEPHYR_WOLFSSL_DIR
@@ -56,6 +56,7 @@ mkdir $ZEPHYR_WOLFSSL_DIR/include
 cp $ZEPHYR_WOLFSSL_DIR/user_settings.h $ZEPHYR_WOLFSSL_DIR/include/
 cp -rf ${WOLFSSL_SRC_DIR}/wolfssl $ZEPHYR_WOLFSSL_DIR/include/
 rm -f $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
+touch $ZEPHYR_WOLFSSL_DIR/include/wolfssl/options.h
 rm -rf $ZEPHYR_WOLFSSL_DIR/include/wolfssl/wolfcrypt/port
 
 

IDE/zephyr/lib/settings/user_settings-tls-generic.h

@@ -18,7 +18,7 @@ extern "C" {
 #undef  WOLFSSL_ZEPHYR
 #define WOLFSSL_ZEPHYR
 
-#if 1
+#if 0
 #undef  SINGLE_THREADED
 #define SINGLE_THREADED
 #endif

IDE/zephyr/lib/user_settings.h

@@ -16,7 +16,7 @@ extern "C" {
 #undef  WOLFSSL_ZEPHYR
 #define WOLFSSL_ZEPHYR
 
-#if 1
+#if 0
 #undef  SINGLE_THREADED
 #define SINGLE_THREADED
 #endif

IDE/zephyr/wolfssl_test/prj.conf

@@ -3,11 +3,17 @@ CONFIG_MAIN_STACK_SIZE=32768
 CONFIG_ENTROPY_GENERATOR=y
 CONFIG_POSIX_API=y
 CONFIG_INIT_STACKS=y
-CONFIG_FLOAT=y
-CONFIG_SSE=y
+#CONFIG_FLOAT=y
 CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
 
-#CONFIG_FILE_SYSTEM=y
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
 
 # Logging
 CONFIG_PRINTK=y

IDE/zephyr/wolfssl_tls_sock/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+

IDE/zephyr/wolfssl_tls_sock/install_sample.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_sock
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+

IDE/zephyr/wolfssl_tls_sock/prj.conf

@@ -0,0 +1,53 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# General config
+CONFIG_NEWLIB_LIBC=y
+
+# Networking config
+CONFIG_NETWORKING=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=n
+CONFIG_NET_TCP=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_POSIX_NAMES=y
+
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_DNS_RESOLVER=y
+CONFIG_DNS_SERVER_IP_ADDRESSES=y
+CONFIG_DNS_SERVER1="192.0.2.2"
+
+# Network driver config
+CONFIG_TEST_RANDOM_GENERATOR=y
+
+# Network address config
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_NET_CONFIG_NEED_IPV4=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1"
+CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2"
+CONFIG_NET_CONFIG_MY_IPV4_GW="192.0.2.2"
+
+CONFIG_NET_PKT_TX_COUNT=10
+
+# Network debug config
+#CONFIG_NET_LOG=y
+#CONFIG_NET_PKT_LOG_LEVEL_DBG=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y

IDE/zephyr/wolfssl_tls_sock/sample.yaml

@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_sock/src/tls_sock.c

@@ -0,0 +1,512 @@
+/* tls_sock.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+#define MAX_SEND_SIZE         256
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certiifcate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certiifcate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        printf("wolfSSL Error: %d\n", wolfSSL_get_error(ssl, -1));
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+int wolfssl_server_accept_tcp(WOLFSSL* ssl, SOCKET_T* fd, SOCKET_T* acceptfd)
+{
+    int ret = 0;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+    SOCKADDR_IN_T client;
+    socklen_t     client_len = sizeof(client);
+    word16        port = 443;
+    struct sockaddr_in bind_addr;
+
+    if (ret == 0) {
+        sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+        bind_addr.sin_family = AF_INET;
+        bind_addr.sin_addr.s_addr = htonl(INADDR_ANY);
+        bind_addr.sin_port = htons(port);
+        if (bind(sockfd, (struct sockaddr *)&bind_addr, sizeof(bind_addr)) != 0)
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        printf("Server Listen\n");
+        listen(sockfd, 5);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        printf("Server Accept\n");
+        clientfd = accept(sockfd, (struct sockaddr*)&client,
+                          (ACCEPT_THIRD_T)&client_len);
+        if (WOLFSSL_SOCKET_IS_INVALID(clientfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *acceptfd = clientfd;
+        tcp_set_nonblocking(&clientfd);
+    }
+
+    if (ret == 0) {
+        printf("Server has client\n");
+        if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int           ret = 0;
+    WOLFSSL_CTX*  server_ctx = NULL;
+    WOLFSSL*      server_ssl = NULL;
+    SOCKET_T      sockfd   = WOLFSSL_SOCKET_INVALID;
+    SOCKET_T      clientfd = WOLFSSL_SOCKET_INVALID;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_server_accept_tcp(server_ssl, &sockfd, &clientfd);
+
+    while (ret == 0) {
+        k_sleep(100);
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP repsonse */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+    if (clientfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(clientfd);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int wolfssl_client_connect_tcp(WOLFSSL* ssl, SOCKET_T* fd)
+{
+    int              ret = 0;
+    SOCKET_T         sockfd = WOLFSSL_SOCKET_INVALID;
+    static struct    addrinfo hints;
+    struct addrinfo* res;
+
+    XMEMSET(&hints, 0, sizeof(hints));
+    hints.ai_family = AF_INET;
+    hints.ai_socktype = SOCK_STREAM;
+    if (getaddrinfo("192.0.2.1", "443", &hints, &res) != 0)
+        ret = -1;
+
+    if (ret == 0) {
+        printf("Client socket\n");
+        sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
+        if (WOLFSSL_SOCKET_IS_INVALID(sockfd))
+            ret = -1;
+    }
+    if (ret == 0) {
+        *fd = sockfd;
+        tcp_set_nonblocking(&sockfd);
+    }
+    if (ret == 0) {
+        printf("Client Connect\n");
+        if (connect(sockfd, res->ai_addr, res->ai_addrlen) != 0)
+            ret = -1;
+    }
+
+    if (ret == 0) {
+        printf("Client Connected\n");
+        if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS)
+            ret = -1;
+    }
+
+    return ret;
+}
+
+/* Thread to do the client operations. */
+void client_thread()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    SOCKET_T     sockfd = WOLFSSL_SOCKET_INVALID;
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    if (ret == 0)
+        ret = wolfssl_client_connect_tcp(client_ssl, &sockfd);
+
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+    if (sockfd != WOLFSSL_SOCKET_INVALID)
+        CloseSocket(sockfd);
+}
+
+int main()
+{
+    int          ret = 0;
+    THREAD_TYPE  serverThread;
+
+    wolfSSL_Init();
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+    k_sleep(100);
+    client_thread();
+
+    join_thread(serverThread);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+

IDE/zephyr/wolfssl_tls_thread/CMakeLists.txt

@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.13.1)
+include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
+project(wolfssl_tls_threaded)
+
+FILE(GLOB app_sources src/*.c)
+target_sources(app PRIVATE ${app_sources})
+add_definitions(-DWOLFSSL_USER_SETTINGS)
+

IDE/zephyr/wolfssl_tls_thread/install_sample.sh

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+ZEPHYR_DIR=
+if [ $# -ne 1 ]; then
+    echo "Need location of zephyr project as a command line argument"
+    exit 1
+else
+    ZEPHYR_DIR=$1
+fi
+if [ ! -d $ZEPHR_DIR ]; then
+    echo "Zephyr project directory does not exist: $ZEPHYR_DIR"
+    exit 1
+fi
+ZEPHYR_CRYPTO_DIR=$ZEPHYR_DIR/zephyr/samples/crypto
+if [ ! -d $ZEPHYR_CRYPTO_DIR ]; then
+    echo "Zephyr crypto directory does not exist: $ZEPHYR_CRYPTO_DIR"
+    exit 1
+fi
+ZEPHYR_WOLFSSL_DIR=$ZEPHYR_CRYPTO_DIR/wolfssl_tls_thread
+
+echo "wolfSSL directory:"
+echo "  $ZEPHYR_WOLFSSL_DIR"
+rm -rf $ZEPHYR_WOLFSSL_DIR
+mkdir $ZEPHYR_WOLFSSL_DIR
+
+echo "Copy in Sample files ..."
+cp -r * $ZEPHYR_WOLFSSL_DIR/
+rm $ZEPHYR_WOLFSSL_DIR/$0
+
+echo "Done"
+

IDE/zephyr/wolfssl_tls_thread/prj.conf

@@ -0,0 +1,29 @@
+# Kernel options
+CONFIG_MAIN_STACK_SIZE=12288
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_POSIX_API=y
+CONFIG_INIT_STACKS=y
+CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=8192
+
+# Networking
+CONFIG_NETWORKING=y
+CONFIG_NET_TEST=y
+CONFIG_NET_LOOPBACK=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_DNS_RESOLVER=y
+
+# Logging
+CONFIG_PRINTK=y
+CONFIG_WOLFSSL_DEBUG=y
+
+# TLS configuration
+CONFIG_WOLFSSL=y
+CONFIG_WOLFSSL_BUILTIN=y
+
+CONFIG_WOLFSSL_TLS_VERSION_1_2=y
+CONFIG_WOLFSSL_KEY_EXCHANGE_ALL_ENABLED=y
+CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y
+CONFIG_WOLFSSL_MAC_ALL_ENABLED=y
+CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y

IDE/zephyr/wolfssl_tls_thread/sample.yaml

@@ -0,0 +1,9 @@
+common:
+  harness: crypto
+  tags: crypto
+sample:
+  description: wolfSSL TLS test application
+  name: wolfSSL TLS Test
+tests:
+  test:
+    platform_whitelist: qemu_x86

IDE/zephyr/wolfssl_tls_thread/src/tls_threaded.c

@@ -0,0 +1,504 @@
+/* tls_threaded.c
+ *
+ * Copyright (C) 2006-2019 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL. (formerly known as CyaSSL)
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <wolfssl/options.h>
+#include <wolfssl/ssl.h>
+#define USE_CERT_BUFFERS_2048
+#include <wolfssl/certs_test.h>
+#include <wolfssl/test.h>
+
+#ifdef WOLFSSL_ZEPHYR
+#define printf   printk
+#endif
+
+#define BUFFER_SIZE           2048
+#define STATIC_MEM_SIZE       (96*1024)
+#define THREAD_STACK_SIZE     (12*1024)
+
+/* The stack to use in the server's thread. */
+K_THREAD_STACK_DEFINE(server_stack, THREAD_STACK_SIZE);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER;
+    static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT;
+
+    static byte gMemoryServer[STATIC_MEM_SIZE];
+    static byte gMemoryClient[STATIC_MEM_SIZE];
+#else
+    #define HEAP_HINT_SERVER NULL
+    #define HEAP_HINT_CLIENT NULL
+#endif /* WOLFSSL_STATIC_MEMORY */
+
+/* Buffer to hold data for client to read. */
+unsigned char client_buffer[BUFFER_SIZE];
+int client_buffer_sz = 0;
+wolfSSL_Mutex client_mutex;
+
+/* Buffer to hold data for server to read. */
+unsigned char server_buffer[BUFFER_SIZE];
+int server_buffer_sz = 0;
+wolfSSL_Mutex server_mutex;
+
+/* Application data to send. */
+static const char msgHTTPGet[] = "GET /index.html HTTP/1.0\r\n\r\n";
+static const char msgHTTPIndex[] =
+    "HTTP/1.1 200 OK\n"
+    "Content-Type: text/html\n"
+    "Connection: close\n"
+    "\n"
+    "<html>\n"
+    "<head>\n"
+    "<title>Welcome to wolfSSL!</title>\n"
+    "</head>\n"
+    "<body>\n"
+    "<p>wolfSSL has successfully performed handshake!</p>\n"
+    "</body>\n"
+    "</html>\n";
+
+/* wolfSSL client wants to read data from the server. */
+static int recv_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > client_buffer_sz)
+            sz = client_buffer_sz;
+        XMEMCPY(buff, client_buffer, sz);
+        if (sz < client_buffer_sz) {
+            XMEMMOVE(client_buffer, client_buffer + sz, client_buffer_sz - sz);
+        }
+        client_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* wolfSSL client wants to write data to the server. */
+static int send_client(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - server_buffer_sz)
+            sz = BUFFER_SIZE - server_buffer_sz;
+        XMEMCPY(server_buffer + server_buffer_sz, buff, sz);
+        server_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to read data from the client. */
+static int recv_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&server_mutex);
+    if (server_buffer_sz > 0) {
+        /* Take as many bytes is available or requested from buffer. */
+        if (sz > server_buffer_sz)
+            sz = server_buffer_sz;
+        XMEMCPY(buff, server_buffer, sz);
+        if (sz < server_buffer_sz) {
+            XMEMMOVE(server_buffer, server_buffer + sz, server_buffer_sz - sz);
+        }
+        server_buffer_sz -= sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_READ;
+    wc_UnLockMutex(&server_mutex);
+
+    return sz;
+}
+
+/* wolfSSL server wants to write data to the client. */
+static int send_server(WOLFSSL* ssl, char* buff, int sz, void* ctx)
+{
+    wc_LockMutex(&client_mutex);
+    if (client_buffer_sz < BUFFER_SIZE)
+    {
+        /* Put in as many bytes requested or will fit in buffer. */
+        if (sz > BUFFER_SIZE - client_buffer_sz)
+            sz = BUFFER_SIZE - client_buffer_sz;
+        XMEMCPY(client_buffer + client_buffer_sz, buff, sz);
+        client_buffer_sz += sz;
+    }
+    else
+        sz = WOLFSSL_CBIO_ERR_WANT_WRITE;
+    wc_UnLockMutex(&client_mutex);
+
+    return sz;
+}
+
+/* Create a new wolfSSL client with a server CA certificate. */
+static int wolfssl_client_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((client_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_client_method(),
+                                                   HEAP_HINT_CLIENT)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_load_verify_buffer(client_ctx, ca_cert_der_2048,
+                sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) !=
+                WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load CA certiifcate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(client_ctx, recv_client);
+        wolfSSL_SetIOSend(client_ctx, send_client);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((client_ssl = wolfSSL_new(client_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(client_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = client_ctx;
+        *ssl = client_ssl;
+    }
+    else {
+        if (client_ssl != NULL)
+            wolfSSL_free(client_ssl);
+        if (client_ctx != NULL)
+            wolfSSL_CTX_free(client_ctx);
+    }
+
+    return ret;
+}
+
+/* Client connecting to server using TLS */
+static int wolfssl_client_connect(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_connect(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+
+/* Create a new wolfSSL server with a certificate for authentication. */
+static int wolfssl_server_new(WOLFSSL_CTX** ctx, WOLFSSL** ssl)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+    /* Create and initialize WOLFSSL_CTX */
+    if ((server_ctx = wolfSSL_CTX_new_ex(wolfTLSv1_2_server_method(),
+                                                   HEAP_HINT_SERVER)) == NULL) {
+        printf("ERROR: failed to create WOLFSSL_CTX\n");
+        ret = -1;
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_certificate_buffer(server_ctx,
+                server_cert_der_2048, sizeof_server_cert_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server certiifcate\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Load client certificates into WOLFSSL_CTX */
+        if (wolfSSL_CTX_use_PrivateKey_buffer(server_ctx,
+                server_key_der_2048, sizeof_server_key_der_2048,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
+            printf("ERROR: failed to load server key\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* Register callbacks */
+        wolfSSL_SetIORecv(server_ctx, recv_server);
+        wolfSSL_SetIOSend(server_ctx, send_server);
+    }
+
+    if (ret == 0) {
+        /* Create a WOLFSSL object */
+        if ((server_ssl = wolfSSL_new(server_ctx)) == NULL) {
+            printf("ERROR: failed to create WOLFSSL object\n");
+            ret = -1;
+        }
+    }
+
+    if (ret == 0) {
+        /* make wolfSSL object nonblocking */
+        wolfSSL_set_using_nonblock(server_ssl, 1);
+    }
+
+    if (ret == 0) {
+        /* Return newly created wolfSSL context and object */
+        *ctx = server_ctx;
+        *ssl = server_ssl;
+    }
+    else {
+        if (server_ssl != NULL)
+            wolfSSL_free(server_ssl);
+        if (server_ctx != NULL)
+            wolfSSL_CTX_free(server_ctx);
+    }
+
+    return ret;
+}
+
+/* Server accepting a client using TLS */
+static int wolfssl_server_accept(WOLFSSL* ssl)
+{
+    int ret = 0;
+
+    if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
+        if (!wolfSSL_want_read(ssl) && !wolfSSL_want_write(ssl))
+            ret = -1;
+    }
+
+    return ret;
+}
+
+
+/* Send application data. */
+static int wolfssl_send(WOLFSSL* ssl, const char* msg)
+{
+    int ret = 0;
+    int len;
+
+    printf("Sending:\n%s\n", msg);
+    len = wolfSSL_write(ssl, msg, XSTRLEN(msg));
+    if (len < 0)
+        ret = len;
+    else if (len != XSTRLEN(msg))
+        ret = -1;
+
+    return ret;
+}
+
+/* Receive application data. */
+static int wolfssl_recv(WOLFSSL* ssl)
+{
+    int ret;
+    byte reply[256];
+
+    ret = wolfSSL_read(ssl, reply, sizeof(reply)-1);
+    if (ret > 0) {
+        reply[ret] = '\0';
+        printf("Received:\n%s\n", reply);
+        ret = 1;
+    }
+    else if (wolfSSL_want_read(ssl) || wolfSSL_want_write(ssl))
+        ret = 0;
+
+    return ret;
+}
+
+
+/* Free the WOLFSSL object and context. */
+static void wolfssl_free(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
+{
+    if (ssl != NULL)
+        wolfSSL_free(ssl);
+    if (ctx != NULL)
+        wolfSSL_CTX_free(ctx);
+}
+
+
+/* Display the static memory usage. */
+static void wolfssl_memstats(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_STATIC_MEMORY
+    WOLFSSL_MEM_CONN_STATS ssl_stats;
+
+    XMEMSET(&ssl_stats, 0 , sizeof(ssl_stats));
+
+    if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1)
+        printf("static memory was not used with ssl");
+    else {
+        printf("*** This is memory state before wolfSSL_free is called\n");
+        printf("peak connection memory = %d\n", ssl_stats.peakMem);
+        printf("current memory in use  = %d\n", ssl_stats.curMem);
+        printf("peak connection allocs = %d\n", ssl_stats.peakAlloc);
+        printf("current connection allocs = %d\n",ssl_stats.curAlloc);
+        printf("total connection allocs   = %d\n",ssl_stats.totalAlloc);
+        printf("total connection frees    = %d\n\n", ssl_stats.totalFr);
+    }
+#else
+    (void)ssl;
+#endif
+}
+
+
+/* Start the server thread. */
+void start_thread(THREAD_FUNC func, func_args* args, THREAD_TYPE* thread)
+{
+    k_thread_create(thread, server_stack, K_THREAD_STACK_SIZEOF(server_stack),
+                    func, args, NULL, NULL, 5, 0, K_NO_WAIT);
+}
+
+void join_thread(THREAD_TYPE thread)
+{
+    /* Threads are handled in the kernel. */
+}
+
+
+/* Thread to do the server operations. */
+void server_thread(void* arg1, void* arg2, void* arg3)
+{
+    int ret = 0;
+    WOLFSSL_CTX* server_ctx = NULL;
+    WOLFSSL*     server_ssl = NULL;
+
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_SERVER, gMemoryServer,
+                               sizeof(gMemoryServer),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    if (ret == 0)
+        ret = wolfssl_server_new(&server_ctx, &server_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_server_accept(server_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(server_ssl))
+            break;
+    }
+
+    /* Receive HTTP request */
+    while (ret == 0) {
+        ret = wolfssl_recv(server_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+    /* Send HTTP repsonse */
+    if (ret == 0)
+        ret = wolfssl_send(server_ssl, msgHTTPIndex);
+
+    printf("Server Return: %d\n", ret);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Server Memory Stats\n");
+#endif
+    wolfssl_memstats(server_ssl);
+    wolfssl_free(server_ctx, server_ssl);
+}
+
+int main()
+{
+    int ret = 0;
+    WOLFSSL_CTX* client_ctx = NULL;
+    WOLFSSL*     client_ssl = NULL;
+    THREAD_TYPE serverThread;
+
+    wolfSSL_Init();
+
+    wc_InitMutex(&client_mutex);
+    wc_InitMutex(&server_mutex);
+
+    /* Start server */
+    start_thread(server_thread, NULL, &serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (wc_LoadStaticMemory(&HEAP_HINT_CLIENT, gMemoryClient,
+                               sizeof(gMemoryClient),
+                               WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS, 1) != 0) {
+        printf("unable to load static memory");
+        ret = -1;
+    }
+#endif
+
+    /* Client connection */
+    if (ret == 0)
+        ret = wolfssl_client_new(&client_ctx, &client_ssl);
+
+    while (ret == 0) {
+        ret = wolfssl_client_connect(client_ssl);
+        if (ret == 0 && wolfSSL_is_init_finished(client_ssl))
+            break;
+        k_sleep(10);
+    }
+
+    if (ret == 0)
+        printf("Handshake complete\n");
+
+    /* Send HTTP request */
+    if (ret == 0)
+        ret = wolfssl_send(client_ssl, msgHTTPGet);
+    /* Receive HTTP response */
+    while (ret == 0) {
+        k_sleep(10);
+        ret = wolfssl_recv(client_ssl);
+    }
+    if (ret == 1)
+        ret = 0;
+
+    printf("Client Return: %d\n", ret);
+
+    join_thread(serverThread);
+
+#ifdef WOLFSSL_STATIC_MEMORY
+    printf("Client Memory Stats\n");
+#endif
+    wolfssl_memstats(client_ssl);
+    wolfssl_free(client_ctx, client_ssl);
+
+    wolfSSL_Cleanup();
+
+    printf("Done\n");
+
+    return (ret == 0) ? 0 : 1;
+}
+

src/wolfio.c

@@ -238,6 +238,11 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
     int sd = *(int*)ctx;
     int sent;
 
+#ifdef MAX_SEND_SZ
+    if (sz > MAX_SEND_SZ)
+        sz = MAX_SEND_SZ;
+#endif
+
     sent = wolfIO_Send(sd, buf, sz, ssl->wflags);
     if (sent < 0) {
         int err = wolfSSL_LastError();

wolfcrypt/test/test.c

@@ -434,7 +434,7 @@ static void myFipsCb(int ok, int err, const char* hash)
     #elif defined(WOLFSSL_CERT_EXT)
         static byte gTestMemory[140000];
     #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE)
-        static byte gTestMemory[150000];
+        static byte gTestMemory[160000];
     #else
         static byte gTestMemory[80000];
     #endif

wolfssl/internal.h

@@ -2730,8 +2730,6 @@ struct WOLFSSL_CTX {
 #endif
 };
 
-WOLFSSL_LOCAL
-WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
 WOLFSSL_LOCAL
 int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
 WOLFSSL_LOCAL

wolfssl/ssl.h

@@ -568,6 +568,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
 
 #endif /* !NO_FILESYSTEM && !NO_CERTS */
 
+WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
 WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
 WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
 WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);

wolfssl/test.h

@@ -228,8 +228,8 @@
         typedef Task_Handle   THREAD_TYPE;
         #define WOLFSSL_THREAD
     #elif defined(WOLFSSL_ZEPHYR)
-        typedef unsigned int  THREAD_RETURN;
-        typedef k_tid_t       THREAD_TYPE;
+        typedef void            THREAD_RETURN;
+        typedef struct k_thread THREAD_TYPE;
         #define WOLFSSL_THREAD
     #else
         typedef unsigned int  THREAD_RETURN;
@@ -399,7 +399,11 @@ typedef struct func_args {
 
 void wait_tcp_ready(func_args*);
 
+#ifdef WOLFSSL_ZEPHYR
+typedef void THREAD_FUNC(void*, void*, void*);
+#else
 typedef THREAD_RETURN WOLFSSL_THREAD THREAD_FUNC(void*);
+#endif
 
 void start_thread(THREAD_FUNC, func_args*, THREAD_TYPE*);
 void join_thread(THREAD_TYPE);

wolfssl/wolfcrypt/settings.h

@@ -1397,7 +1397,6 @@ extern void uITRON4_free(void *p) ;
     void *z_realloc(void *ptr, size_t size);
     #define realloc   z_realloc
 
-    #define CONFIG_NET_BUF_USER_DATA_SIZE  10
     #define CONFIG_NET_SOCKETS_POSIX_NAMES
 #endif
 

wolfssl/wolfcrypt/wc_port.h

@@ -111,10 +111,6 @@
 #elif defined(WOLFSSL_ZEPHYR)
     #ifndef SINGLE_THREADED
         #include <kernel.h>
-
-        #define WOLFSSL_PTHREADS
-        #define HAVE_PTHREAD
-        #include <posix/pthread.h>
     #endif
 #else
     #ifndef SINGLE_THREADED

wolfssl/wolfio.h

@@ -260,8 +260,10 @@
     #define SEND_FUNCTION NU_Send
     #define RECV_FUNCTION NU_Recv
 #elif defined(WOLFSSL_ZEPHYR)
-    #define SEND_FUNCTION zsock_send
-    #define RECV_FUNCTION zsock_recv
+    #define MAX_SEND_SZ       256
+
+    #define SEND_FUNCTION send
+    #define RECV_FUNCTION recv
 #else
     #define SEND_FUNCTION send
     #define RECV_FUNCTION recv