feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into OE8-CHECK-IN

Browse Source
This commit is contained in:
Kaleb Himes
2025-04-14 15:24:28 -06:00
committed by GitHub
parent 2d01363e57 43e68add96
commit 6b66149edb
1711 changed files with 266926 additions and 88826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.codespellexcludelines Normal file
View File

@@ -0,0 +1,18 @@
###############################################################################
# In this file, you should add the line of the file that needs to be ignored.
# The line should be exactly as it appears in the file.
###############################################################################
0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
rsource "Kconfig.tls-generic"
/* Loop over authenticated associated data AD1..ADn */
/* no easy answer [c'est la vie]. Just division */
const uint8_t* hashIn, int hashSz)
XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
\pagenumbering{alph}
DES3_KEY_SIZE = 24, /* 3 des ede */
/* functions added to support above needed, removed TOOM and KARATSUBA */

6
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -6,8 +6,10 @@ body:
- type: markdown
attributes:
value: >
Thanks for reporting an bug. If you would prefer a private method,
please email support@wolfssl.com
Thanks for reporting a bug. If you would prefer a private method,
or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input
id: contact
attributes:

4
.github/ISSUE_TEMPLATE/other.yaml vendored
View File

@@ -6,7 +6,9 @@ body:
attributes:
value: >
Thanks for reporting an issue. If you would prefer a private method,
please email support@wolfssl.com
or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input
id: version
attributes:

33
.github/workflows/ada.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: WolfSSL Ada Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install gnat
run: |
sudo apt-get update
sudo apt-get install -y gnat gprbuild
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Build wolfssl Ada
working-directory: ./wolfssl/wrapper/Ada
run: |
mkdir obj
gprbuild default.gpr
gprbuild examples.gpr

5
.github/workflows/async.yml vendored
View File

@@ -23,7 +23,8 @@ jobs:
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
]
name: make check
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
@@ -36,7 +37,7 @@ jobs:
./configure ${{ matrix.config }}
make check
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then

93
.github/workflows/bind.yml vendored Normal file
View File

@@ -0,0 +1,93 @@
name: bind9 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-bind
path: build-dir.tgz
retention-days: 5
bind_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 9.18.0, 9.18.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-bind
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout bind9
uses: actions/checkout@v4
with:
repository: isc-projects/bind9
path: bind
ref: v${{ matrix.ref }}
- name: Build and test bind9
working-directory: bind
run: |
export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-wolfssl
sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
make -j V=1
make -j V=1 check

108
.github/workflows/cmake.yml vendored Normal file
View File

@@ -0,0 +1,108 @@
name: WolfSSL CMake Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
# pull wolfSSL
- uses: actions/checkout@master
# install cmake
- name: Install cmake
run: |
sudo apt-get update
sudo apt-get install -y cmake
# pull wolfssl
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
# build wolfssl
- name: Build wolfssl
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
-DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
-DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
-DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
-DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
-DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
-DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
-DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
-DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
-DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
-DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
-DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
-DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
-DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
-DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
-DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
-DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
-DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
-DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
-DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
-DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
-DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
-DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
-DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
-DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
-DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
-DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
-DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
-DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
-DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
-DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
-DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
-DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
-DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
-DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
-DWOLFSSL_X963KDF:BOOL=yes \
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
..
cmake --build .
ctest -j $(nproc)
cmake --install .
# clean up
cd ..
rm -rf build
# Kyber Cmake broken
# -DWOLFSSL_KYBER:BOOL=yes
# build "lean-tls" wolfssl
- name: Build wolfssl with lean-tls
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_LEAN_TLS:BOOL=yes \
..
cmake --build .
cmake --install .
# clean up
cd ..
rm -rf build

30
.github/workflows/codespell.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
name: Codespell test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@v2.1
with:
check_filenames: true
check_hidden: true
# Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
# The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
exclude_file: '.codespellexcludelines'
# To skip files entirely from being processed, add it to the following list:
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'

53
.github/workflows/coverity-scan-fixes.yml vendored Normal file
View File

@@ -0,0 +1,53 @@
name: Coverity Scan master branch
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 1-5'
- cron: '0 0 * * 0'
- cron: '0 12 * * 0'
jobs:
coverity:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Configure wolfSSL with enable-all M-F
if: github.event.schedule == '0 0 * * 1-5'
run: |
./autogen.sh
./configure --enable-all
- name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
if: github.event.schedule == '0 0 * * 0'
run: |
./autogen.sh
./configure --enable-all --enable-smallstack
- name: Configure wolfSSL with bigendian Sun at 12:00
if: github.event.schedule == '0 12 * * 0'
run: |
./autogen.sh
./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
- name: Check secrets
env:
token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
token_len=${#token_var}
echo "$token_len"
email_len=${#email_var}
echo "$email_len"
- uses: vapier/coverity-scan-action@v1
with:
build_language: 'cxx'
project: "wolfSSL/wolfssl"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
command: "make"

11
.github/workflows/curl.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -38,7 +39,8 @@ jobs:
test_curl:
name: ${{ matrix.curl_ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
@@ -50,8 +52,7 @@ jobs:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install nghttp2 libpsl5 libpsl-dev
sudo pip install impacket
sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
- name: Download lib
uses: actions/download-artifact@v4
@@ -72,4 +73,4 @@ jobs:
- name: Test curl
working-directory: curl
run: make -j test-ci
run: make -j $(nproc) test-ci

6
.github/workflows/cyrus-sasl.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,7 +47,8 @@ jobs:
# List of releases to test
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

2
.github/workflows/disabled/haproxy.yml vendored
View File

@@ -20,6 +20,7 @@ jobs:
# List of refs to test
ref: [ master ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
@@ -57,4 +58,3 @@ jobs:
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

4
.github/workflows/hitch.yml → .github/workflows/disabled/hitch.yml vendored
View File

@@ -15,6 +15,7 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
@@ -47,6 +48,7 @@ jobs:
ignore-tests: >-
test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -105,4 +107,4 @@ jobs:
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
make check
make check

8
.github/workflows/disabled/hostap.yml vendored
View File

@@ -22,6 +22,7 @@ jobs:
- build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
@@ -99,6 +100,7 @@ jobs:
build_id: hostap-build2
}
name: hwsim test
if: github.repository_owner == 'wolfssl'
# For openssl 1.1
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
@@ -181,7 +183,7 @@ jobs:
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
@@ -210,7 +212,7 @@ jobs:
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
@@ -220,7 +222,7 @@ jobs:
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config

41
.github/workflows/disabled/msys2.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: MSYS2 Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
msys2:
runs-on: windows-latest
defaults:
run:
shell: msys2 {0}
strategy:
fail-fast: false
matrix:
include:
- { sys: ucrt64, compiler: mingw-w64-ucrt-x86_64-gcc }
- { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
- { sys: msys, compiler: gcc }
steps:
- uses: actions/checkout@v3
- uses: msys2/setup-msys2@v2
with:
msystem: ${{ matrix.sys }}
update: true
install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
- name: configure wolfSSL
run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
- name: build wolfSSL
run: make check
- name: Display log
if: always()
run: cat test-suite.log

15
.github/workflows/docker-Espressif.yml vendored
View File

@@ -14,7 +14,8 @@ concurrency:
jobs:
espressif_latest:
name: latest Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
container:
@@ -22,22 +23,24 @@ jobs:
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4:
name: v4.4 Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v4.4
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0:
name: v5.0 Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v5.0
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh

6
.github/workflows/docker-OpenWrt.yml vendored
View File

@@ -17,7 +17,8 @@ concurrency:
jobs:
build_library:
name: Compile libwolfssl.so
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
container:
@@ -40,7 +41,8 @@ jobs:
retention-days: 5
compile_container:
name: Compile container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 2
needs: build_library

41
.github/workflows/gencertbuf.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: Test gencertbuf script
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
gencertbuf:
name: gencertbuf
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test generate wolfssl/certs_test.h
run: ./gencertbuf.pl
- name: Test wolfSSL
run: |
./autogen.sh
./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

13
.github/workflows/grpc.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -50,7 +51,8 @@ jobs:
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
@@ -69,6 +71,11 @@ jobs:
with:
name: wolf-install-grpc
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -92,7 +99,7 @@ jobs:
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.1 -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}

91
.github/workflows/haproxy.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: haproxy Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-haproxy
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-haproxy
path: build-dir.tgz
retention-days: 5
test_haproxy:
name: ${{ matrix.haproxy_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
haproxy_ref: [ 'v3.1.0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install libpcre2-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-haproxy
- name: untar build-dir
run: tar -xf build-dir.tgz
# check cache for haproxy if not there then download it
- name: Check haproxy cache
uses: actions/cache@v4
id: cache-haproxy
with:
path: build-dir/haproxy-${{matrix.haproxy_ref}}
key: haproxy-${{matrix.haproxy_ref}}
- name: Download haproxy if needed
if: steps.cache-haproxy.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: haproxy/haproxy
ref: ${{matrix.haproxy_ref}}
path: build-dir/haproxy-${{matrix.haproxy_ref}}
- name: Build haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
- name: Build haproxy vtest
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: ./scripts/build-vtest.sh
- name: Test haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*

74
.github/workflows/hostap-vm.yml vendored
View File

@@ -13,7 +13,7 @@ concurrency:
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
LINUX_REF: v6.12
jobs:
build_wolfssl:
@@ -24,10 +24,11 @@ jobs:
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -62,33 +63,55 @@ jobs:
path: build-dir.tgz
retention-days: 5
build_uml_linux:
name: Build UML (UserMode Linux)
runs-on: ubuntu-latest
checkout_hostap:
name: Checkout hostap repo
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have hostap in cache
uses: actions/cache@v4
id: cache
with:
path: hostap
key: hostap-repo
lookup-only: true
- name: Checkout hostap
run: git clone git://w1.fi/hostap.git hostap
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: checkout_hostap
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
key: hostap-linux-${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
- name: Checking if we have hostap in cache
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
uses: actions/cache/restore@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
repository: torvalds/linux
path: linux
ref: ${{ env.LINUX_REF }}
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
@@ -139,18 +162,18 @@ jobs:
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
needs: [build_wolfssl, build_uml_linux, checkout_hostap]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
key: hostap-linux-${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
@@ -193,15 +216,19 @@ jobs:
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark
sudo pip3 install pycryptodome
libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
sudo pip install pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
- name: Checking if we have hostap in cache
uses: actions/cache/restore@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout correct ref
working-directory: hostap
run: git checkout ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
@@ -233,7 +260,7 @@ jobs:
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
@@ -243,7 +270,7 @@ jobs:
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
@@ -286,6 +313,7 @@ jobs:
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
git config --global --add safe.directory $GITHUB_WORKSPACE/hostap
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')

52
.github/workflows/intelasm-c-fallback.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
name: Dynamic C Fallback Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
run: |
./autogen.sh
randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
randseed="${randseed#"${randseed%%[![:space:]]*}"}"
echo "fuzzing seed=${randseed}"
./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

9
.github/workflows/ipmitool.yml vendored
View File

@@ -17,7 +17,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,9 +47,12 @@ jobs:
matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
- name: Download lib
uses: actions/download-artifact@v4
with:
@@ -79,4 +83,3 @@ jobs:
run: |
ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl

25
.github/workflows/jwt-cpp.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -40,12 +41,17 @@ jobs:
retention-days: 5
build_pam-ipmi:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
ref: [ 0.6.0 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
config:
- ref: 0.7.0
runner: ubuntu-22.04
- ref: 0.6.0
runner: ubuntu-22.04
name: ${{ matrix.config.ref }}
runs-on: ${{ matrix.config.runner }}
needs: build_wolfssl
steps:
- name: Install dependencies
@@ -60,6 +66,11 @@ jobs:
with:
name: wolf-install-jwt-cpp
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -74,14 +85,14 @@ jobs:
with:
repository: Thalhammer/jwt-cpp
path: jwt-cpp
ref: v${{ matrix.ref }}
ref: v${{ matrix.config.ref }}
- name: Build pam-ipmi
working-directory: jwt-cpp
run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl

8
.github/workflows/krb5.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 5
steps:
@@ -48,7 +49,8 @@ jobs:
# List of releases to test
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
@@ -90,7 +92,7 @@ jobs:
# Using rpath because LD_LIBRARY_PATH is overwritten during testing
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j

91
.github/workflows/libspdm.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: libspdm Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libspdm
path: build-dir.tgz
retention-days: 5
libspdm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 3.3.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libspdm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libspdm
uses: actions/checkout@v4
with:
repository: DMTF/libspdm
path: libspdm
ref: ${{ matrix.ref }}
- name: Build and test libspdm
working-directory: libspdm
run: |
patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
git submodule update --init --recursive
# Silence cmake version warnings
find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
mkdir build
cd build
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
-DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
-DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
make -j
cd ../unit_test/sample_key
../../build/bin/test_crypt
../../build/bin/test_spdm_secured_message
../../build/bin/test_spdm_crypt

15
.github/workflows/libssh2.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -43,9 +44,10 @@ jobs:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.11.0 ]
ref: [ 1.11.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
@@ -68,5 +70,8 @@ jobs:
check: true
- name: Confirm libssh2 built with wolfSSL
working-directory: ./libssh2
run: ldd src/.libs/libssh2.so | grep wolfssl
run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
- name: print server logs
if: ${{ failure() }}
run: tail -n +1 libssh2/tests/*.log

15
.github/workflows/libvncserver.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -43,9 +44,10 @@ jobs:
strategy:
fail-fast: false
matrix:
ref: [ 0.9.13 ]
ref: [ 0.9.13, 0.9.14 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib
@@ -53,6 +55,11 @@ jobs:
with:
name: wolf-install-libvncserver
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -74,7 +81,7 @@ jobs:
run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl

79
.github/workflows/mbedtls.sh vendored Normal file
View File

@@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -e
set -x
# Basic TLS test
./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
# Basic DTLS test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
./mbedtls/build/programs/ssl/ssl_client2 dtls=1
kill $SERVER_PID
sleep 0.1
# DTLS 1.2 CID test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1

86
.github/workflows/mbedtls.yml vendored Normal file
View File

@@ -0,0 +1,86 @@
name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
MBED_REF: v3.6.2
jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
lookup-only: true
- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls
- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
mbedtls_test:
name: Test interop with mbedtls
runs-on: ubuntu-latest
needs: build_mbedtls
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh
- name: print server logs
if: ${{ failure() }}
run: cat /tmp/server.log

6
.github/workflows/memcached.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
@@ -46,7 +47,8 @@ jobs:
include:
- ref: 1.6.22
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib

203
.github/workflows/mosquitto.yml vendored
View File

@@ -1,98 +1,105 @@
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
sudo pip install --upgrade psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Update certs
run: |
cd $GITHUB_WORKSPACE/mosquitto/test/ssl
./gen.sh
cat all-ca.crt >> server.crt
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi

5
.github/workflows/multi-arch.yml vendored
View File

@@ -36,7 +36,8 @@ jobs:
CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
ARCH: armel
EXTRA_OPTS: --enable-sp-asm
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -51,7 +52,7 @@ jobs:
CFLAGS: ${{ matrix.CFLAGS }}
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f config.log ] ; then

22
.github/workflows/multi-compiler.yml vendored
View File

@@ -21,35 +21,35 @@ jobs:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-latest
OS: ubuntu-24.04
- CC: gcc-10
CXX: g++-10
OS: ubuntu-latest
OS: ubuntu-24.04
- CC: gcc-11
CXX: g++-11
OS: ubuntu-latest
OS: ubuntu-24.04
- CC: gcc-12
CXX: g++-12
OS: ubuntu-latest
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
OS: ubuntu-24.04
- CC: clang-11
CXX: clang++-11
OS: ubuntu-20.04
OS: ubuntu-22.04
- CC: clang-12
CXX: clang++-12
OS: ubuntu-20.04
OS: ubuntu-22.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: clang-14
CXX: clang++-14
OS: ubuntu-latest
OS: ubuntu-24.04
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
- uses: actions/checkout@v4
- name: Build
env:

8
.github/workflows/net-snmp.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,7 +47,8 @@ jobs:
- ref: 5.9.3
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
@@ -58,7 +60,7 @@ jobs:
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:

10
.github/workflows/nginx.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -96,7 +97,7 @@ jobs:
stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
uwsgi_ssl.t uwsgi_ssl_verify.t
uwsgi_ssl.t uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@@ -105,7 +106,8 @@ jobs:
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
needs: build_wolfssl
@@ -221,4 +223,4 @@ jobs:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-ok }}

7
.github/workflows/no-malloc.yml vendored
View File

@@ -18,10 +18,11 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
]
name: make check
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
@@ -35,7 +36,7 @@ jobs:
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then

27
.github/workflows/nss.sh vendored Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -e
set -x
# Setup nss cert db
mkdir nssdb
./dist/Debug/bin/certutil -d nssdb -N --empty-password
./dist/Debug/bin/certutil -d nssdb -A -a -i wolfssl/certs/test/server-localhost.pem \
-t TCP -n 'wolf localhost'
# App data for nss
echo Hello from nss > /tmp/in
# TLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1
# DTLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1

89
.github/workflows/nss.yml vendored Normal file
View File

@@ -0,0 +1,89 @@
name: nss interop Tests
### TODO uncomment stuff
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
NSS_REF: NSS_3_107_RTM
jobs:
build_nss:
name: Build nss
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
steps:
- name: Checking if we have nss in cache
uses: actions/cache@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
lookup-only: true
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y gyp ninja-build
- name: Checkout nss
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: nss-dev/nss
ref: ${{ env.NSS_REF }}
path: nss
- name: Compile nss
if: steps.cache.outputs.cache-hit != 'true'
run: |
hg clone https://hg.mozilla.org/projects/nspr
cd nss
./build.sh
nss_test:
name: Test interop with nss
runs-on: ubuntu-22.04
needs: build_nss
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Checking if we have nss in cache
uses: actions/cache/restore@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtls13
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/nss.sh
- name: print server logs
if: ${{ failure() }}
run: |
cat /tmp/server.log

9
.github/workflows/ntp.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -43,9 +44,10 @@ jobs:
fail-fast: false
matrix:
# List of releases to test
ref: [ 4.2.8p15 ]
ref: [ 4.2.8p15, 4.2.8p17 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
@@ -89,4 +91,3 @@ jobs:
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j
make -j check

3
.github/workflows/ocsp.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs:
ocsp_stapling:
name: ocsp stapling
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout wolfSSL

91
.github/workflows/openldap.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openldap
path: build-dir.tgz
retention-days: 5
openldap_check:
strategy:
fail-fast: false
matrix:
include:
# List of releases to test
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
- osp_ref: 2.6.7
git_ref: OPENLDAP_REL_ENG_2_6_7
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openldap
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout openldap
uses: actions/checkout@v4
with:
repository: openldap/openldap
path: openldap
ref: ${{ matrix.git_ref }}
- name: Build and test OpenLDAP
working-directory: openldap
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
rm aclocal.m4
autoreconf -ivf
./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
-I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
-L$GITHUB_WORKSPACE/build-dir/lib"
make -j depend
make -j
make -j check

10
.github/workflows/openssh.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -26,7 +27,7 @@ jobs:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true
- name: tar build-dir
@@ -47,7 +48,8 @@ jobs:
- git_ref: 'V_9_6_P1'
osp_ver: '9.6'
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib
@@ -74,7 +76,7 @@ jobs:
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |

50
.github/workflows/opensslcoexist.yml vendored Normal file
View File

@@ -0,0 +1,50 @@
name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
run: |
./autogen.sh || $(exit 2)
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in config.log scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

8
.github/workflows/openvpn.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -42,9 +43,10 @@ jobs:
fail-fast: false
matrix:
# List of refs to test
ref: [ release/2.6, v2.6.0, master ]
ref: [ release/2.6, master ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl

43
.github/workflows/os-check.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
config: [
# Add new configs here
'',
@@ -25,16 +25,26 @@ jobs:
'--enable-all --enable-asn=original',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
'--enable-ascon --enable-experimental',
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -49,12 +59,13 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_all.h',
]
name: make user_setting.h
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -70,9 +81,10 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_eccnonblock.h',
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
@@ -80,6 +92,7 @@ jobs:
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -99,8 +112,9 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@@ -119,7 +133,12 @@ jobs:
windows_build:
name: Windows Build Test
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
arch: [ x64, Win32, ARM64 ]
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
@@ -130,7 +149,6 @@ jobs:
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
steps:
- uses: actions/checkout@v4
@@ -145,8 +163,9 @@ jobs:
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run Test
- if: ${{ matrix.arch != 'ARM64' }}
name: Run Test
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Release/x64/testsuite.exe
run: Release/${{matrix.arch}}/testsuite.exe

19
.github/workflows/packaging.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs:
build_wolfssl:
name: Package wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -37,8 +38,9 @@ jobs:
- name: Build wolfSSL .deb
run: make deb-docker
- name: Build wolfSSL .rpm
run: make rpm-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built
run: |
@@ -47,8 +49,9 @@ jobs:
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi

9
.github/workflows/pam-ipmi.yml vendored
View File

@@ -16,8 +16,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,7 +47,8 @@ jobs:
matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies
@@ -54,8 +56,7 @@ jobs:
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libpam-dev ninja-build
sudo pip3 install meson
sudo apt-get install libpam-dev ninja-build meson
- name: Download lib
uses: actions/download-artifact@v4

50
.github/workflows/pq-all.yml vendored Normal file
View File

@@ -0,0 +1,50 @@
name: Quantum Resistant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

8
.github/workflows/rng-tools.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -45,7 +46,8 @@ jobs:
# List of releases to test
ref: [ 6.16 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
@@ -64,7 +66,7 @@ jobs:
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:

12
.github/workflows/socat.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 4
steps:
- name: Build wolfSSL
@@ -37,9 +38,8 @@ jobs:
socat_check:
strategy:
fail-fast: false
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
@@ -70,7 +70,7 @@ jobs:
run: |
patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
autoreconf -vfi
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
make
- name: Run socat tests
@@ -78,4 +78,4 @@ jobs:
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530

94
.github/workflows/softhsm.yml vendored Normal file
View File

@@ -0,0 +1,94 @@
name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-softhsm
path: build-dir.tgz
retention-days: 5
softhsm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcppunit-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-softhsm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout SoftHSMv2
uses: actions/checkout@v4
with:
repository: opendnssec/SoftHSMv2
path: softhsm
ref: ${{ matrix.ref }}
# Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
- name: Build softhsm
working-directory: softhsm
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
autoreconf -if
./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
make -j
- name: Test softhsm
working-directory: softhsm
run: make -j check

99
.github/workflows/sssd.yml vendored Normal file
View File

@@ -0,0 +1,99 @@
name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
if: github.repository_owner == 'wolfssl'
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sssd
path: build-dir.tgz
retention-days: 5
sssd_check:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-22.04
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:
LD_LIBRARY_PATH: /usr/local/lib
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
- name: Setup env
run: |
ln -s samba-4.0/ldb.h /usr/include/ldb.h
ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sssd
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test sssd
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: SSSD/sssd
ref: ${{ matrix.ref }}
path: sssd
patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
configure: >-
--without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
--without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
check: true

8
.github/workflows/stunnel.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -44,7 +45,8 @@ jobs:
# List of releases to test
ref: [ 5.67 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
@@ -56,7 +58,7 @@ jobs:
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:

84
.github/workflows/watcomc.yml vendored Normal file
View File

@@ -0,0 +1,84 @@
name: Build Watcom C
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
wolfssl_watcomc_windows:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
common:
- cmake: '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
platform:
- title: 'Windows OW 2.0'
system: 'Windows'
image: 'windows-latest'
owimage: '2.0'
id: 'win32ow20'
cmake: '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'Linux OW 2.0'
system: 'Linux'
image: 'ubuntu-latest'
owimage: '2.0'
id: 'linuxow20'
cmake: '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'OS/2 OW 2.0'
system: 'OS2'
image: 'windows-latest'
owimage: '2.0'
id: 'os2ow20'
cmake: '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
thread:
- id: 'multi'
cmake: ''
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
- id: 'single'
cmake: '-DWOLFSSL_SINGLE_THREADED=yes'
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
library:
- id: 'dll'
cmake: ''
owcmake: 'DLL'
- id: 'static'
cmake: '-DBUILD_SHARED_LIBS=no'
owcmake: ''
exclude:
- { platform: { system: 'Linux' }, library: { id: 'dll' } }
runs-on: ${{ matrix.platform.image }}
name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
steps:
- name: Setup Open Watcom ${{ matrix.platform.owimage }}
uses: open-watcom/setup-watcom@v0
with:
version: ${{ matrix.platform.owimage }}
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Build wolfSSL
working-directory: wolfssl
shell: bash
run: |
cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
cmake --build build
- name: Upload build errors
if: failure()
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
path: |
build/**

58
.github/workflows/win-csharp-test.yml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: Windows CSharp Build Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Debug
BUILD_PLATFORM: x64
steps:
- name: Pull wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Create FIPS stub files (autogen)
working-directory: wolfssl
run: |
echo $null >> wolfcrypt\src\fips.c
echo $null >> wolfcrypt\src\fips_test.c
echo $null >> wolfcrypt\src\wolfcrypt_first.c
echo $null >> wolfcrypt\src\wolfcrypt_last.c
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run wolfCrypt test
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfCrypt-test.exe
- name: Run wolfSSL client/server example
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

41
.github/workflows/wolfCrypt-Wconversion.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: wolfCrypt conversion warnings
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
strategy:
matrix:
config: [
# Add new configs here
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
]
name: build library
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Build wolfCrypt with extra type conversion warnings
run: |
./autogen.sh || $(exit 2)
echo "running ./configure ${{ matrix.config }}"
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)

10
.github/workflows/zephyr.yml vendored
View File

@@ -25,7 +25,8 @@ jobs:
zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 25
steps:
@@ -45,9 +46,14 @@ jobs:
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: Install west
run: sudo pip install west

17
.gitignore vendored
View File

@@ -10,6 +10,7 @@ ctaocrypt/src/src/
*.cache
.dirstamp
*.user
!*-VS2022.vcxproj.user
configure
config.*
!cmake/config.in
@@ -245,6 +246,7 @@ linuxkm/libwolfssl.mod.c
linuxkm/libwolfssl.lds
linuxkm/module_exports.c
linuxkm/linuxkm/get_thread_size
*.nds
# autotools generated
scripts/unit.test
@@ -416,11 +418,16 @@ user_settings_asm.h
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release
/IDE/Espressif/**/sdkconfig-debug
/IDE/Espressif/**/sdkconfig-release
# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk
# Ignore all the example logs
/IDE/Espressif/ESP-IDF/examples/**/logs/*
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
@@ -442,6 +449,12 @@ debian/changelog
debian/control
*.deb
# Ada/Alire files
wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
@@ -449,3 +462,7 @@ debian/control
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev
# Autogenerated debug trace headers
wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h

1017
.wolfssl_known_macro_extras Normal file
View File

File diff suppressed because it is too large Load Diff

244
CMakeLists.txt
View File

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.")
endif()
project(wolfssl VERSION 5.7.2 LANGUAGES C ASM)
project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
# shared library versioning
# increment if interfaces have been removed or changed
set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 2)
set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -125,12 +125,16 @@ check_function_exists("socket" HAVE_SOCKET)
check_function_exists("strftime" HAVE_STRFTIME)
check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
include(CheckSymbolExists)
check_symbol_exists(isascii "ctype.h" HAVE_ISASCII)
include(CheckTypeSize)
check_type_size("__uint128_t" __UINT128_T)
check_type_size("long long" SIZEOF_LONG_LONG)
check_type_size("long" SIZEOF_LONG)
check_type_size("time_t" SIZEOF_TIME_T)
check_type_size("uintptr_t" HAVE_UINTPTR_T)
# By default, HAVE___UINT128_T gets defined as TRUE,
# but we want it as 1.
@@ -152,9 +156,14 @@ endif()
# Thread local storage
include(CheckCSourceCompiles)
set(TLS_KEYWORDS "__thread" "__declspec(thread)")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
set(TLS_CODE "#include <stdlib.h>
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
endif()
else()
set(TLS_KEYWORDS "__thread" "__declspec(thread)")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
set(TLS_CODE "#include <stdlib.h>
static void foo(void) {
static ${TLS_KEYWORD} int bar\;
exit(1)\;
@@ -163,21 +172,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
int main() {
return 0\;
}"
)
check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
)
check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
if(THREAD_LS_ON)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
break()
else()
# THREAD_LS_ON is cached after each call to
# check_c_source_compiles, and the function
# won't run subsequent times if the variable
# is in the cache. To make it run again, we
# need to remove the variable from the cache.
unset(THREAD_LS_ON CACHE)
endif()
endforeach()
if(THREAD_LS_ON)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
break()
else()
# THREAD_LS_ON is cached after each call to
# check_c_source_compiles, and the function
# won't run subsequent times if the variable
# is in the cache. To make it run again, we
# need to remove the variable from the cache.
unset(THREAD_LS_ON CACHE)
endif()
endforeach()
endif()
# TODO: AX_PTHREAD does a lot. Need to implement the
# rest of its logic.
@@ -197,13 +207,20 @@ find_package(Threads)
# Example for map file and custom linker script
#set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
if(DEFINED WARNING_C_FLAGS)
set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
endif()
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
elseif(WIN32)
# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
else()
set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
endif()
####################################################
@@ -280,9 +297,7 @@ if(NOT WOLFSSL_SINGLE_THREADED)
if(CMAKE_USE_PTHREADS_INIT)
list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
set(HAVE_PTHREAD 1)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_PTHREAD"
"-D_POSIX_THREADS")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
endif()
else()
list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
@@ -419,16 +434,17 @@ if(WOLFSSL_CURL)
set(WOLFSSL_MD4 "yes")
set(WOLFSSL_DES3 "yes")
set(WOLFSSL_ALPN "yes")
set(WOLFSSL_WOLFSSH "yes")
set(WOLFSSL_OPENSSLEXTRA "yes")
set(WOLFSSL_CRL "yes")
set(WOLFSSL_OCSP "yes")
set(WOLFSSL_OCSPSTAPLING "yes")
set(WOLFSSL_OCSPSTAPLING_V2 "yes")
# Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
set(WOLFSSL_SNI "yes")
set(WOLFSSL_ALT_CERT_CHAINS "yes")
set(WOLFSSL_IP_ALT_NAME "yes")
set(WOLFSSL_SESSION_TICKET "yes")
set(WOLFSSL_WOLFSSH "yes")
list(APPEND WOLFSSL_DEFINITIONS
"-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
endif()
@@ -556,9 +572,9 @@ add_option(WOLFSSL_OQS
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
"no" "yes;no")
# Kyber
add_option(WOLFSSL_KYBER
"Enable the wolfSSL PQ Kyber library (default: disabled)"
# ML-KEM/Kyber
add_option(WOLFSSL_MMLKEM
"Enable the wolfSSL PQ ML-KEM library (default: disabled)"
"no" "yes;no")
# Experimental features
@@ -607,8 +623,8 @@ if (WOLFSSL_EXPERIMENTAL)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Automatically set related requirements for Kyber:")
set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
@@ -642,6 +658,16 @@ else()
endif()
endif()
# LMS
add_option(WOLFSSL_LMS
"Enable the wolfSSL LMS implementation (default: disabled)"
"no" "yes;no")
# XMSS
add_option(WOLFSSL_XMSS
"Enable the wolfSSL XMSS implementation (default: disabled)"
"no" "yes;no")
# TODO: - Lean PSK
# - Lean TLS
# - Low resource
@@ -655,8 +681,6 @@ endif()
# - Atomic user record layer
# - Public key callbacks
# - Microchip/Atmel CryptoAuthLib
# - XMSS
# - LMS
# - dual-certs
# AES-CBC
@@ -731,7 +755,8 @@ add_option("WOLFSSL_AESCTR"
if(WOLFSSL_OPENVPN OR
WOLFSSL_LIBSSH2 OR
WOLFSSL_AESSIV)
WOLFSSL_AESSIV OR
WOLFSSL_CLU)
override_cache(WOLFSSL_AESCTR "yes")
endif()
@@ -871,7 +896,7 @@ endif()
# - SEP
add_option("WOLFSSL_KEYGEN"
"Enable key generation (default: disabled)])"
"Enable key generation (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_CERTGEN"
@@ -945,13 +970,29 @@ if(WOLFSSL_ECC)
endif()
endif()
# TODO: - ECC custom curves
# - Compressed key
# TODO: - Compressed key
# - FP ECC, fixed point cache ECC
# - ECC encrypt
# - PSK
# - Single PSK identity
# ECC custom curves
add_option("WOLFSSL_ECCCUSTCURVES"
"Enable ECC Custom Curves (default: disabled)"
"no" "yes;no;all")
if(WOLFSSL_ECCCUSTCURVES)
if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
endif()
# CURVE25519
set(WOLFSSL_CURVE25519_SMALL "no")
add_option("WOLFSSL_CURVE25519"
@@ -982,7 +1023,7 @@ add_option("WOLFSSL_ED25519"
"Enable ED25519 (default: disabled)"
"no" "yes;no")
if(WOLFSSL_OPENSSH)
if(WOLFSSL_OPENSSH OR WOLFSSL_CLU)
override_cache(WOLFSSL_ED25519 "yes")
endif()
@@ -1112,8 +1153,7 @@ if(NOT WOLFSSL_MEMORY)
else()
# turn off memory cb if leanpsk or leantls on
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
# but don't turn on NO_WOLFSSL_MEMORY because using own
override_cache(WOLFSSL_MEMORY "no")
list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
endif()
endif()
@@ -1658,6 +1698,9 @@ add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no")
set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)")
add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no")
set(WOLFSSL_CLU_HELP_STRING "Enable wolfCLU options (default: disabled)")
add_option(WOLFSSL_CLU ${WOLFSSL_CLU_HELP_STRING} "no" "yes;no")
set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)")
add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no")
@@ -2002,6 +2045,25 @@ if(WOLFSSL_TPM)
override_cache(WOLFSSL_AESCFB "yes")
endif()
if(WOLFSSL_CLU)
override_cache(WOLFSSL_CERTGEN "yes")
override_cache(WOLFSSL_CERTREQ "yes")
override_cache(WOLFSSL_CERTEXT "yes")
override_cache(WOLFSSL_MD5 "yes")
override_cache(WOLFSSL_AESCTR "yes")
override_cache(WOLFSSL_KEYGEN "yes")
override_cache(WOLFSSL_OPENSSLALL "yes")
override_cache(WOLFSSL_ED25519 "yes")
override_cache(WOLFSSL_SHA512 "yes")
override_cache(WOLFSSL_DES3 "yes")
override_cache(WOLFSSL_PKCS7 "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES")
# Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available
list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL")
# Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled
list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3")
endif()
if(WOLFSSL_AESCFB)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB")
endif()
@@ -2261,6 +2323,18 @@ if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
endif()
endif()
add_option("WOLFSSL_KEYLOG_EXPORT"
"Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)"
"no" "yes;no")
if(WOLFSSL_KEYLOG_EXPORT)
message(WARNING "Keylog export enabled -- Sensitive key data will be stored insecurely.")
list(APPEND WOLFSSL_DEFINITIONS
"-DSHOW_SECRETS"
"-DHAVE_SECRET_CALLBACK"
"-DWOLFSSL_SSLKEYLOGFILE"
"-DWOLFSSL_KEYLOG_EXPORT_WARNED")
endif()
file(REMOVE ${OPTION_FILE})
@@ -2391,17 +2465,24 @@ target_include_directories(wolfssl
target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
if(WIN32)
# For Windows link ws2_32
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
target_link_libraries(wolfssl PUBLIC ws2_32 crypt32)
endif()
elseif (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
# For Windows link required libraries
message("Building on Windows/MSYS/MINGW")
target_link_libraries(wolfssl PUBLIC
$<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
ws2_32 crypt32 advapi32)
elseif(APPLE)
message("Building on Apple")
if(WOLFSSL_SYS_CA_CERTS)
target_link_libraries(wolfssl PUBLIC
${CORE_FOUNDATION_FRAMEWORK}
${SECURITY_FRAMEWORK})
endif()
else()
message("Building on Linux (or other)")
if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
# DH requires math (m) library
target_link_libraries(wolfssl
@@ -2458,7 +2539,9 @@ if(WOLFSSL_EXAMPLES)
add_executable(tls_bench
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
target_link_libraries(tls_bench wolfssl)
target_link_libraries(tls_bench Threads::Threads)
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(tls_bench Threads::Threads)
endif()
set_property(TARGET tls_bench
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
@@ -2467,19 +2550,65 @@ if(WOLFSSL_EXAMPLES)
# Build unit tests
add_executable(unit_test
tests/api.c
tests/hash.c
tests/api/test_md2.c
tests/api/test_md4.c
tests/api/test_md5.c
tests/api/test_sha.c
tests/api/test_sha256.c
tests/api/test_sha512.c
tests/api/test_sha3.c
tests/api/test_blake2.c
tests/api/test_sm3.c
tests/api/test_ripemd.c
tests/api/test_hash.c
tests/api/test_hmac.c
tests/api/test_cmac.c
tests/api/test_des3.c
tests/api/test_chacha.c
tests/api/test_poly1305.c
tests/api/test_chacha20_poly1305.c
tests/api/test_camellia.c
tests/api/test_arc4.c
tests/api/test_rc2.c
tests/api/test_aes.c
tests/api/test_ascon.c
tests/api/test_sm4.c
tests/api/test_wc_encrypt.c
tests/api/test_random.c
tests/api/test_wolfmath.c
tests/api/test_rsa.c
tests/api/test_dsa.c
tests/api/test_dh.c
tests/api/test_ecc.c
tests/api/test_sm2.c
tests/api/test_curve25519.c
tests/api/test_ed25519.c
tests/api/test_curve448.c
tests/api/test_ed448.c
tests/api/test_mlkem.c
tests/api/test_mldsa.c
tests/api/test_signature.c
tests/api/test_dtls.c
tests/api/test_ocsp.c
tests/api/test_evp.c
tests/api/test_tls_ext.c
tests/srp.c
tests/suites.c
tests/w64wrapper.c
tests/unit.c
tests/quic.c
tests/utils.c
testsuite/utils.c
examples/server/server.c
examples/client/client.c)
examples/client/client.c
wolfcrypt/test/test.c)
target_include_directories(unit_test PRIVATE
${CMAKE_CURRENT_BINARY_DIR})
target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
target_link_libraries(unit_test wolfssl)
target_link_libraries(unit_test Threads::Threads)
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(unit_test Threads::Threads)
endif()
set_property(TARGET unit_test
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/tests/)
@@ -2729,14 +2858,17 @@ if(WOLFSSL_INSTALL)
set(includedir "\${prefix}/include")
set(VERSION ${PROJECT_VERSION})
# Setting libm in Libs.private of wolfssl.pc.
# See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
list(FIND _wolfssl_dep_libs m _dep_libm)
if ("${_dep_libm}" GREATER -1)
set(LIBM -lm)
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
else()
set(LIBM)
# Setting libm in Libs.private of wolfssl.pc.
# See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
list(FIND _wolfssl_dep_libs m _dep_libm)
if ("${_dep_libm}" GREATER -1)
set(LIBM -lm)
else()
set(LIBM)
endif()
endif()
configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)

351
ChangeLog.md
View File

@@ -1,3 +1,322 @@
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
# wolfSSL Release 5.7.4 (Oct 24, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate
verification behaved differently in wolfSSL than OpenSSL, in the
X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
Previously, in cases where an application explicitly loaded an intermediate
certificate, wolfSSL was verifying only up to that intermediate certificate,
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
* Add support for (DevkitPro)libnds (PR 7990)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
* Add port for init sssd (PR 7781)
* Add port for eXosip2 (PR 7648)
* Add support for STM32G4 (PR 7997)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
Support (PR 7777)
* Add support for building wolfSSL to be used in libspdm (PR 7869)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
* Add option to disable cryptocb test software test using
--disable-cryptocb-sw-test (PR 7862)
* Add a call to certificate verify callback before checking certificate dates
(PR 7895)
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
Hashing (PR 3166)
* Expand MMCAU support for use with DES ECB (PR 7960)
* Update AES SIV to handle multiple associated data inputs (PR 7911)
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
(PR 7731)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
* Renesas RX TSIP ECDSA support (PR 7685)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
* Server-side checks OCSP even if it uses v2 multi (PR 7828)
* Add handling of absent hash params in PKCS7 bundle parsing and creation
(PR 7845)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
environments that do not have a word64 type (PR 7759)
* Update to the maxq10xx support (PR 7824)
* Add support for parsing over optional PKCS8 attributes (PR 7944)
* Add support for either side method with DTLS 1.3 (PR 8012)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
* Add left-most wildcard matching support to X509_check_host() (PR 7966)
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
* Building wolfSSL as a library with Ada and corrections to Alire manifest
(PR 7303,7940)
* Renesas RX72N support updated (PR 7849)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
(PR 8005)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
SSL object (PR 7867)
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
* Memory usage improvements in wc_PRF, sha256 (for small code when many
registers are available) and sp_int objects (PR 7901)
* Change in the configure script to work around ">>" with no command. In older
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
# wolfSSL Release 5.7.2 (July 08, 2024)
Release 5.7.2 has been developed according to wolfSSL's development and QA
@@ -220,7 +539,7 @@ fixed this omission in several PRs for this release.
* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
@@ -874,9 +1193,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
## Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve `wc_SetCustomExtension` documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
@@ -884,23 +1203,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Support for setting cipher list with bytes
* wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
* Add to RSAES-OAEP key parsing for pkcs7
* Add missing DN nid to work with PrintName()
* SP int: default to 16 bit word size when NO_64BIT defined
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading of certificate
## Fixes
* Fix for async with OCSP non-blocking in `ProcessPeerCerts`
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
@@ -908,9 +1227,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@@ -1024,7 +1343,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
### SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
@@ -1204,7 +1523,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
@@ -1445,7 +1764,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
@@ -1584,7 +1903,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
- SSL_SESSION_has_ticket()
- SSL_SESSION_get_ticket_lifetime_hint()
- DIST_POINT_new
- DIST_POINT_free
- DIST_POINT_free
- DIST_POINTS_free
- CRL_DIST_POINTS_free
- sk_DIST_POINT_push
@@ -1747,7 +2066,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
### New Feature Additions
###### New Product

2
Docker/Dockerfile
View File

@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
ARG DEPS_TOOLS="ccache clang-tidy maven"
ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*

6
Docker/wolfCLU/Dockerfile
View File

@@ -1,5 +1,5 @@
ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu as BUILDER
FROM ubuntu AS builder
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
@@ -18,8 +18,8 @@ RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/
FROM ${DOCKER_BASE_IMAGE}
USER root
COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
RUN ldconfig
ENTRYPOINT ["/usr/local/bin/wolfssl"]
LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl

2
Docker/wolfCLU/README.md
View File

@@ -1,6 +1,6 @@
This is a small container that has wolfCLU installed for quick access. To build your own run the following:
```
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
```
To run the container, you can use:

42
IDE/ARDUINO/Arduino_README_prepend.md
View File

@@ -4,12 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
## wolfSSL Configuration
As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## wolfSSL Examples
Additional wolfSSL examples can be found at:
- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
- https://github.com/wolfSSL/wolfssl/tree/master/examples
- https://github.com/wolfSSL/wolfssl-examples/
## Arduino Releases
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

45
IDE/ARDUINO/README.md
View File

@@ -2,18 +2,49 @@
See the [example sketches](./sketches/README.md):
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
Bare-bones templates:
- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
- [sketches/template](./sketches/template/README.md) multiple file example.
Functional examples:
- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
## Getting Started
See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started) .
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
@@ -27,7 +58,7 @@ This option will allow wolfSSL to be installed directly using the native Arduino
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
@@ -42,7 +73,7 @@ from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
- You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory
@@ -55,8 +86,8 @@ from within the `wolfssl/IDE/ARDUINO` directory:
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`

24
IDE/ARDUINO/include.am
View File

@@ -2,16 +2,32 @@
# included from Top Level Makefile.am
# All paths should be given relative to the root
# Library files:
EXTRA_DIST+= IDE/ARDUINO/README.md
# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md
# Not to be confused with the interim PREPENDED_README.md that is created by script.
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
# Core library files
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
# Sketch Examples
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
# wolfssl_client example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
# wolfssl_server example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
# wolfssl_version example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
# Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory.
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

71
IDE/ARDUINO/sketches/README.md
View File

@@ -1,12 +1,75 @@
# wolfSSL Arduino Examples
There are currently two example Arduino sketches:
There are currently five example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
* `template`: Reference template wolfSSL example, including optional VisualGDB project files.
* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example.
* `wolfssl_client`: Basic TLS listening client.
* `wolfssl_server`: Basic TLS server.
* `wolfssl_version`: Bare-bones wolfSSL example.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Using wolfSSL
The typical include will look something like this:
```
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* settings.h is typically included in wolfssl.h, but here as a reminder: */
#include <wolfssl/wolfcrypt/settings.h>
/* Any other wolfSSL includes follow:*
#include <wolfssl/version.h>
```
## Configuring wolfSSL
See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically:
```
C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
```
WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE.
## Troubleshooting
If compile problems are encountered, for example:
```
ctags: cannot open temporary file : File exists
exit status 1
Compilation error: exit status 1
```
Try deleting the Arduino cache directory:
```
C:\Users\%USERNAME%\AppData\Local\arduino\sketches
```
For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories.
## More Information
For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

10
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Open the `wolfssl_client.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as:

894
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@@ -1,894 +0,0 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char reply[80];
char msg[32] = "hello wolfssl!";
const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int total_input = 0;
int msgSz = 0;
int input = 0;
int ret = 0;
int err = 0;
msgSz = (int)strlen(msg);
Serial.println(F(""));
Serial.println(F("Starting Arduino loop() ..."));
if (reconnect) {
reconnect--;
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */
ret = wolfSSL_Init();
error_check(ret, false, F("calling wolfSSL_Init") );
/* create secure connection object. see setup for ctx certs. */
Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
ssl = wolfSSL_new(ctx);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
do {
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ..."));
ret = wolfSSL_connect(ssl);
Serial.print("wolfSSL_connect return result =");
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println(F("Connected!"));
Serial.print(F("SSL version is "));
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print(F("SSL cipher suite is "));
Serial.println(cipherName);
/* see test.h
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
}
delay(1000);
if ((reconnect > 0) && (REPEAT_CONNECTION)) {
Serial.println(F("Arduino loop repeating..."));
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

12
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Open the `wolfssl_server.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as:
@@ -13,7 +21,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client

838
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@@ -1,838 +0,0 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* we expect our IP address from DHCP */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

2
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,3 +1,5 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

24
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
View File

@@ -1,24 +0,0 @@
#include <Arduino.h>
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

33
IDE/ARDUINO/wolfssl-arduino.cpp Normal file
View File

@@ -0,0 +1,33 @@
/* wolfssl-arduino.cpp
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
#include "wolfssl.h"
/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages.
* See wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s)
{
/* Reminder: Serial.print is only available in C++ */
Serial.println(F(s));
return 0;
};

101
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -20,7 +20,7 @@
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; Theres a space, no comma, and a period after "Inc."
# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
@@ -70,6 +70,9 @@ if [ "$ROOT_DIR" = "" ]; then
exit 1
fi
ARDUINO_ROOT="$HOME/Arduino/libraries"
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
@@ -78,8 +81,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
@@ -106,21 +107,31 @@ if [ $# -gt 0 ]; then
else
echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub repository."
echo "Target is a GitHub root repository."
THIS_INSTALL_IS_GITHUB="true"
else
echo "Target is NOT a GitHub repository."
echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
fi
fi
else
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
else
echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR"
fi
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino"
echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR"
else
echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples"
echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples."
fi
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
@@ -141,8 +152,16 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
echo "Current user: [$USER]"
if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then
# Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner"
echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow."
WOLFSSL_VERSION="GitHub"
else
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
echo "Check autogen.sh and configure"
exit 1
fi
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
@@ -235,26 +254,46 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h || exit 1
$CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1
unset NO_ARDUINO_EXAMPLES
echo "Copy examples...."
# Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
echo "Copy template example...."
mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino ".${EXAMPLES_DIR}"/template/template.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md ".${EXAMPLES_DIR}"/template/README.md || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c ".${EXAMPLES_DIR}"/template/wolfssl_helper.c || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h ".${EXAMPLES_DIR}"/template/wolfssl_helper.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_AES_CTR example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_version example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
NO_ARDUINO_EXAMPLES=1
fi
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
@@ -273,6 +312,8 @@ fi
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
@@ -325,12 +366,24 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Installing to local directory:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
echo "Installing to local directory:"
if [ "$THIS_INSTALL_DIR" = "" ]; then
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
else
echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
mkdir -p "$THIS_INSTALL_DIR" || exit 1
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
fi
fi
fi
if [ -n "$NO_ARDUINO_EXAMPLES" ]; then
echo ""
echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate."
echo ""
fi
echo "Done!"

26
IDE/ARDUINO/wolfssl.h
View File

@@ -1,6 +1,6 @@
/* wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -22,18 +22,28 @@
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
/* Should already be defined in settings.h for #if defined(ARDUINO) */
#define WOLFSSL_USER_SETTINGS
#endif
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h */
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must be listed before any other wolfSSL include.
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};
#ifndef WOLFSSL_ARDUINO_H
#define WOLFSSL_ARDUINO_H
/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s);
#endif /* WOLFSSL_ARDUINO_H */

4
IDE/AURIX/Cpu0_Main.c
View File

@@ -1,6 +1,6 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);

2
IDE/AURIX/README.md
View File

@@ -9,7 +9,7 @@ Tested Platform:
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.

2
IDE/AURIX/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/wolf_main.c
View File

@@ -1,6 +1,6 @@
/* wolf_main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

7
IDE/CRYPTOCELL/main.c
View File

@@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,8 +18,8 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
@@ -63,4 +63,3 @@ int main(void)
return 0;
}

2
IDE/CRYPTOCELL/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@@ -1,6 +1,6 @@
/* deos_malloc.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/SIFIVE/README.md
View File

@@ -1 +1 @@
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.

47
IDE/Espressif/ESP-IDF/README.md
View File

@@ -1,11 +1,12 @@
# ESP-IDF Port
These Espressif examples have been created and tested with the latest stable release branch of
[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
These Espressif examples have been created and tested with the latest stable release branch of
ESP-IDF v5.2, v5.3 and the master branch
See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
See the latest Espressif Migration Guides.
## Examples
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
### File: `sdkconfig.h`
The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
file at [build](Espressif api-guides/build-system.html)
time, should be included before any other files.
### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
## Requirements
1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
## wolfSSL as an Espressif component
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
## Espressif Managed Components
Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
```
idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -140,10 +141,18 @@ See the specific examples for additional details.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
```
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
. $WRK_IDF_PATH/export.sh
./setup.sh
```
## Setup for Windows
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
@@ -169,7 +178,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
## Configuration
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
## Configuration (Legacy IDF install)
@@ -183,13 +192,13 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
For question please email [support@wolfssl.com]
Note: This is tested with :
Note: This is tested with :
- OS: Ubuntu 20.04.3 LTS
- Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
- Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
- WSL 1 Ubuntu 22.04.3 LTS
- ESP-IDF: ESP-IDF v5.1
- SoC Module : all those supported in ESP-IDF v5.1
- ESP-IDF: ESP-IDF v5.2
- SoC Module : all those supported in ESP-IDF v5.2
## JTAG Debugging Notes
@@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
reset_config srst_push_pull trst_push_pull
```
## Windows long paths
Check "Long Paths Enabled" in Windows registry.
Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
The operation requires Administrator privileges. Command:
```powershell
powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
```

2
IDE/Espressif/ESP-IDF/README_32se.md
View File

@@ -10,7 +10,7 @@ Including the following examples:
The `user_settings.h` file enables some of the hardened settings.
## Requirements
1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
1. ESP-IDF development framework: https://github.com/espressif/esp-idf
2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib

2
IDE/Espressif/ESP-IDF/dummy_config_h
View File

@@ -1,6 +1,6 @@
/* config.h - dummy
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

Some files were not shown because too many files have changed in this diff Show More