feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' into ech-hello-retry

Browse Source
This commit is contained in:
John Bland
2025-03-10 03:37:27 -04:00
parent 36c89cc5ad ad8eb760e3
commit 8ff08740f8
1848 changed files with 421745 additions and 103342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.codespellexcludelines Normal file
View File

@ -0,0 +1,18 @@
###############################################################################
# In this file, you should add the line of the file that needs to be ignored.
# The line should be exactly as it appears in the file.
###############################################################################
0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
rsource "Kconfig.tls-generic"
/* Loop over authenticated associated data AD1..ADn */
/* no easy answer [c'est la vie]. Just division */
const uint8_t* hashIn, int hashSz)
XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
\pagenumbering{alph}
DES3_KEY_SIZE = 24, /* 3 des ede */
/* functions added to support above needed, removed TOOM and KARATSUBA */

40
.cyignore Normal file
View File

@ -0,0 +1,40 @@
# wolfSSL folders
$(SEARCH_wolfssl)/IDE
$(SEARCH_wolfssl)/examples
$(SEARCH_wolfssl)/linuxkm
$(SEARCH_wolfssl)/mcapi
$(SEARCH_wolfssl)/mplabx
$(SEARCH_wolfssl)/mqx
$(SEARCH_wolfssl)/tirtos
$(SEARCH_wolfssl)/tests
$(SEARCH_wolfssl)/testsuite
$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
$(SEARCH_wolfssl)/zephyr
# wolfSSL files
$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S

6
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@ -6,8 +6,10 @@ body:
- type: markdown
attributes:
value: >
Thanks for reporting an bug. If you would prefer a private method,
please email support@wolfssl.com
Thanks for reporting a bug. If you would prefer a private method,
or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input
id: contact
attributes:

4
.github/ISSUE_TEMPLATE/other.yaml vendored
View File

@ -6,7 +6,9 @@ body:
attributes:
value: >
Thanks for reporting an issue. If you would prefer a private method,
please email support@wolfssl.com
or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input
id: version
attributes:

18
.github/workflows/async.yml vendored
View File

@ -1,7 +1,16 @@
name: Async Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
@ -14,11 +23,12 @@ jobs:
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
]
name: make check
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL async
@ -27,7 +37,7 @@ jobs:
./configure ${{ matrix.config }}
make check
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then

93
.github/workflows/bind.yml vendored Normal file
View File

@ -0,0 +1,93 @@
name: bind9 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-bind
path: build-dir.tgz
retention-days: 5
bind_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 9.18.0, 9.18.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-bind
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout bind9
uses: actions/checkout@v4
with:
repository: isc-projects/bind9
path: bind
ref: v${{ matrix.ref }}
- name: Build and test bind9
working-directory: bind
run: |
export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-wolfssl
sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
make -j V=1
make -j V=1 check

108
.github/workflows/cmake.yml vendored Normal file
View File

@ -0,0 +1,108 @@
name: WolfSSL CMake Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
# pull wolfSSL
- uses: actions/checkout@master
# install cmake
- name: Install cmake
run: |
sudo apt-get update
sudo apt-get install -y cmake
# pull wolfssl
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
# build wolfssl
- name: Build wolfssl
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
-DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
-DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
-DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
-DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
-DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
-DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
-DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
-DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
-DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
-DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
-DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
-DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
-DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
-DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
-DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
-DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
-DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
-DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
-DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
-DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
-DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
-DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
-DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
-DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
-DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
-DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
-DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
-DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
-DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
-DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
-DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
-DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
-DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
-DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
-DWOLFSSL_X963KDF:BOOL=yes \
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
..
cmake --build .
ctest -j $(nproc)
cmake --install .
# clean up
cd ..
rm -rf build
# Kyber Cmake broken
# -DWOLFSSL_KYBER:BOOL=yes
# build "lean-tls" wolfssl
- name: Build wolfssl with lean-tls
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_LEAN_TLS:BOOL=yes \
..
cmake --build .
cmake --install .
# clean up
cd ..
rm -rf build

30
.github/workflows/codespell.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: Codespell test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@v2.1
with:
check_filenames: true
check_hidden: true
# Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
# The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
exclude_file: '.codespellexcludelines'
# To skip files entirely from being processed, add it to the following list:
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'

53
.github/workflows/coverity-scan-fixes.yml vendored Normal file
View File

@ -0,0 +1,53 @@
name: Coverity Scan master branch
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 1-5'
- cron: '0 0 * * 0'
- cron: '0 12 * * 0'
jobs:
coverity:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Configure wolfSSL with enable-all M-F
if: github.event.schedule == '0 0 * * 1-5'
run: |
./autogen.sh
./configure --enable-all
- name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
if: github.event.schedule == '0 0 * * 0'
run: |
./autogen.sh
./configure --enable-all --enable-smallstack
- name: Configure wolfSSL with bigendian Sun at 12:00
if: github.event.schedule == '0 12 * * 0'
run: |
./autogen.sh
./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
- name: Check secrets
env:
token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
token_len=${#token_var}
echo "$token_len"
email_len=${#email_var}
echo "$email_len"
- uses: vapier/coverity-scan-action@v1
with:
build_language: 'cxx'
project: "wolfSSL/wolfssl"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
command: "make"

37
.github/workflows/curl.yml vendored
View File

@ -1,12 +1,22 @@
name: curl Test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@ -17,16 +27,20 @@ jobs:
configure: --enable-curl
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-curl
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
test_curl:
name: ${{ matrix.curl_ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
@ -38,14 +52,15 @@ jobs:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install nghttp2
sudo pip install impacket
sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-curl
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1
@ -58,4 +73,4 @@ jobs:
- name: Test curl
working-directory: curl
run: make -j test-ci
run: make -j $(nproc) test-ci

105
.github/workflows/cyrus-sasl.yml vendored Normal file
View File

@ -0,0 +1,105 @@
name: cyrus-sasl Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sasl
path: build-dir.tgz
retention-days: 5
sasl_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sasl
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout sasl
uses: actions/checkout@v4
with:
repository: cyrusimap/cyrus-sasl
ref: cyrus-sasl-${{ matrix.ref }}
path: sasl
- name: Build cyrus-sasl
working-directory: sasl
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
# Need to run 'make' twice with '--disable-shared' for some reason
make -j || make -j
- name: Run testsuite
working-directory: sasl
run: |
make -j -C utils testsuite saslpasswd2
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
$GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done

60
.github/workflows/disabled/haproxy.yml vendored Normal file
View File

@ -0,0 +1,60 @@
name: HaProxy Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
haproxy_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ master ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-quic --enable-haproxy
install: true
- name: Checkout VTest
uses: actions/checkout@v4
with:
repository: vtest/VTest
path: VTest
- name: Build VTest
working-directory: VTest
# Special flags due to: https://github.com/vtest/VTest/issues/12
run: make FLAGS='-O2 -s -Wall'
- name: Checkout HaProxy
uses: actions/checkout@v4
with:
repository: haproxy/haproxy
path: haproxy
ref: ${{ matrix.ref }}
- name: Build HaProxy
working-directory: haproxy
run: >-
make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

34
.github/workflows/hitch.yml → .github/workflows/disabled/hitch.yml vendored
View File

@ -1,11 +1,21 @@
name: hitch Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
@ -18,12 +28,15 @@ jobs:
configure: --enable-hitch
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
hitch_check:
strategy:
@ -35,19 +48,22 @@ jobs:
ignore-tests: >-
test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
@ -59,7 +75,7 @@ jobs:
sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
- name: Checkout hitch
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: varnish/hitch
ref: 1.7.3
@ -91,4 +107,4 @@ jobs:
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
make check
make check

37
.github/workflows/hostap.yml → .github/workflows/disabled/hostap.yml vendored
View File

@ -1,7 +1,16 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -13,6 +22,7 @@ jobs:
- build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
@ -40,11 +50,11 @@ jobs:
install: true
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 1
retention-days: 5
# Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
hostap_test:
@ -62,7 +72,7 @@ jobs:
config: [
{
hostap_ref: hostap_2_10,
hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-build1,
@ -70,7 +80,7 @@ jobs:
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
},
@ -90,6 +100,7 @@ jobs:
build_id: hostap-build2
}
name: hwsim test
if: github.repository_owner == 'wolfssl'
# For openssl 1.1
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
@ -113,7 +124,7 @@ jobs:
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
path: wolfssl
@ -140,7 +151,7 @@ jobs:
echo "hostap_debug_flags=-d" >> $GITHUB_ENV
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
@ -170,9 +181,9 @@ jobs:
sudo rmmod mac80211_hwsim
- name: Checkout hostap
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
@ -185,7 +196,7 @@ jobs:
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
@ -201,7 +212,7 @@ jobs:
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
@ -211,7 +222,7 @@ jobs:
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
@ -275,7 +286,7 @@ jobs:
- name: Upload failure logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: hostap-logs-${{ env.our_job_run_id }}
path: hostap/tests/hwsim/logs.zip

41
.github/workflows/disabled/msys2.yml vendored Normal file
View File

@ -0,0 +1,41 @@
name: MSYS2 Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
msys2:
runs-on: windows-latest
defaults:
run:
shell: msys2 {0}
strategy:
fail-fast: false
matrix:
include:
- { sys: ucrt64, compiler: mingw-w64-ucrt-x86_64-gcc }
- { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
- { sys: msys, compiler: gcc }
steps:
- uses: actions/checkout@v3
- uses: msys2/setup-msys2@v2
with:
msystem: ${{ matrix.sys }}
update: true
install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
- name: configure wolfSSL
run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
- name: build wolfSSL
run: make check
- name: Display log
if: always()
run: cat test-suite.log

32
.github/workflows/docker-Espressif.yml vendored
View File

@ -1,34 +1,46 @@
name: Espressif examples tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
espressif_latest:
name: latest Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
container:
image: espressif/idf:latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4:
name: v4.4 Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v4.4
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0:
name: v5.0 Docker container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v5.0
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh

43
.github/workflows/docker-OpenWrt.yml vendored
View File

@ -2,13 +2,23 @@
# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
name: OpenWrt test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
name: Compile libwolfssl.so
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
container:
@ -16,34 +26,41 @@ jobs:
steps:
- name: Install required tools
run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Compile libwolfssl.so
run: ./autogen.sh && ./configure --enable-all && make
# 2024-08-05 - Something broke in the actions. They are no longer following links.
- name: tar libwolfssl.so
working-directory: src/.libs
run: tar -zcf libwolfssl.tgz libwolfssl.so*
- name: Upload libwolfssl.so
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: openwrt-libwolfssl.so
path: src/.libs/libwolfssl.so
retention-days: 1
path: src/.libs/libwolfssl.tgz
retention-days: 5
compile_container:
name: Compile container
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 2
needs: build_library
strategy:
fail-fast: false
matrix:
release: [ "22.03-SNAPSHOT", "21.02-SNAPSHOT" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- uses: actions/download-artifact@v3
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/download-artifact@v4
with:
name: openwrt-libwolfssl.so
path: Docker/OpenWrt/.
path: .
- name: untar libwolfssl.so
run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
- name: Build but dont push
uses: docker/build-push-action@v3
uses: docker/build-push-action@v5
with:
context: Docker/OpenWrt
platforms: linux/amd64

41
.github/workflows/gencertbuf.yml vendored Normal file
View File

@ -0,0 +1,41 @@
name: Test gencertbuf script
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
gencertbuf:
name: gencertbuf
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test generate wolfssl/certs_test.h
run: ./gencertbuf.pl
- name: Test wolfSSL
run: |
./autogen.sh
./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

108
.github/workflows/grpc.yml vendored Normal file
View File

@ -0,0 +1,108 @@
name: grpc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-grpc
path: build-dir.tgz
retention-days: 5
grpc_check:
strategy:
fail-fast: false
matrix:
include:
- ref: v1.60.0
tests: >-
bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
crl_ssl_transport_security_test server_ssl_test
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Confirm IPv4 and IPv6 support
run: |
ip addr list lo | grep 'inet '
ip addr list lo | grep 'inet6 '
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-grpc
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout grpc
uses: actions/checkout@v4
with:
repository: grpc/grpc
path: grpc
ref: ${{ matrix.ref }}
- name: Build grpc
working-directory: ./grpc
run: |
patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}
- name: Run grpc tests
working-directory: ./grpc
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
./tools/run_tests/start_port_server.py
for t in ${{ matrix.tests }} ; do
./cmake/build/$t
done

110
.github/workflows/haproxy.yml vendored
View File

@ -1,51 +1,91 @@
name: HaProxy Tests
name: haproxy Test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
haproxy_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ master ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-quic --enable-haproxy
configure: --enable-haproxy
install: true
- name: Checkout VTest
uses: actions/checkout@v3
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
repository: vtest/VTest
path: VTest
name: wolf-install-haproxy
path: build-dir.tgz
retention-days: 5
- name: Build VTest
working-directory: VTest
# Special flags due to: https://github.com/vtest/VTest/issues/12
run: make FLAGS='-O2 -s -Wall'
test_haproxy:
name: ${{ matrix.haproxy_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
haproxy_ref: [ 'v3.1.0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install libpcre2-dev
- name: Checkout HaProxy
uses: actions/checkout@v3
with:
repository: haproxy/haproxy
path: haproxy
ref: ${{ matrix.ref }}
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-haproxy
- name: Build HaProxy
working-directory: haproxy
run: >-
make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest
# check cache for haproxy if not there then download it
- name: Check haproxy cache
uses: actions/cache@v4
id: cache-haproxy
with:
path: build-dir/haproxy-${{matrix.haproxy_ref}}
key: haproxy-${{matrix.haproxy_ref}}
- name: Download haproxy if needed
if: steps.cache-haproxy.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: haproxy/haproxy
ref: ${{matrix.haproxy_ref}}
path: build-dir/haproxy-${{matrix.haproxy_ref}}
- name: Build haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
- name: Build haproxy vtest
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: ./scripts/build-vtest.sh
- name: Test haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*

122
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config vendored Normal file
View File

@ -0,0 +1,122 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y
CONFIG_IEEE80211BE=y

1677
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests vendored Normal file
View File

File diff suppressed because it is too large Load Diff

164
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config vendored Normal file
View File

@ -0,0 +1,164 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

51
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests vendored
View File

@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_kde
ap_wpa2_psk_supp_proto_gtk_not_encrypted
ap_wpa2_psk_supp_proto_no_igtk
ap_wpa2_psk_supp_proto_igtk_ok
ap_wpa2_psk_supp_proto_igtk_keyid_swap
ap_wpa2_psk_supp_proto_igtk_keyid_too_large
ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
ap_wpa2_psk_wep
ap_wpa2_psk_ifdown
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime
ap_wpa2_eap_aka_prime_imsi_identity
ap_wpa2_eap_aka_prime_imsi_privacy_key
ap_wpa2_eap_aka_prime_sql
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_pap
@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
ap_wpa2_eap_tls_tod
ap_wpa2_eap_tls_tod_tofu
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown
dpp_network_intro_version
dpp_network_intro_version_change
dpp_network_intro_version_missing_req
@ -459,12 +435,9 @@ dpp_qr_code_curves
dpp_qr_code_curves_brainpool
dpp_qr_code_unsupported_curve
dpp_qr_code_keygen_fail
dpp_qr_code_curve_select
dpp_qr_code_auth_broadcast
dpp_configurator_enrollee
dpp_configurator_enrollee_prime256v1
dpp_configurator_enrollee_secp384r1
dpp_configurator_enrollee_secp521r1
dpp_configurator_enrollee_brainpoolP256r1
dpp_configurator_enrollee_brainpoolP384r1
dpp_configurator_enrollee_brainpoolP512r1
@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
dpp_qr_code_curve_brainpoolP512r1
dpp_qr_code_set_key
dpp_qr_code_auth_mutual
dpp_qr_code_auth_mutual2
dpp_qr_code_auth_mutual_p_256
dpp_qr_code_auth_mutual_p_384
dpp_qr_code_auth_mutual_p_521
@ -514,13 +486,11 @@ dpp_config_no_signed_connector
dpp_config_unexpected_signed_connector_char
dpp_config_root_not_an_object
dpp_config_no_wi_fi_tech
dpp_config_unsupported_wi_fi_tech
dpp_config_no_discovery
dpp_config_no_discovery_ssid
dpp_config_too_long_discovery_ssid
dpp_config_no_cred
dpp_config_no_cred_akm
dpp_config_unsupported_cred_akm
dpp_config_error_legacy_no_pass
dpp_config_error_legacy_too_long_pass
dpp_config_error_legacy_psk_with_sae
@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
dpp_config_connector_error_too_short_timestamp
dpp_config_connector_error_invalid_timestamp
dpp_config_connector_error_invalid_timestamp_date
dpp_config_connector_error_invalid_time_zone
dpp_config_connector_error_invalid_time_zone_2
dpp_config_connector_error_expired_1
dpp_config_connector_error_expired_2
dpp_config_connector_error_expired_3
dpp_config_connector_error_expired_4
dpp_config_connector_error_expired_5
dpp_config_connector_error_expired_6
dpp_config_connector_error_no_groups
dpp_config_connector_error_empty_groups
@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
dpp_ap_config_bp256_p256
dpp_ap_config_p521_bp512
dpp_ap_config_reconfig_configurator
dpp_auto_connect_1
dpp_auto_connect_2
dpp_auto_connect_2_connect_cmd
dpp_auto_connect_2_sta_ver1
dpp_auto_connect_2_ap_ver1
dpp_auto_connect_2_ver1
dpp_auto_connect_2_conf_ver1
dpp_auto_connect_legacy
dpp_auto_connect_legacy_ssid_charset
dpp_auto_connect_legacy_sae_1
@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
dpp_auto_connect_legacy_psk_sae_2
dpp_auto_connect_legacy_psk_sae_3
dpp_auto_connect_legacy_pmf_required
dpp_qr_code_auth_responder_configurator
dpp_qr_code_auth_responder_configurator_group_id
dpp_qr_code_auth_enrollee_init_netrole
dpp_qr_code_hostapd_init
dpp_qr_code_hostapd_init_offchannel
dpp_qr_code_hostapd_init_offchannel_neg_freq
dpp_qr_code_hostapd_ignore_mismatch
dpp_test_vector_p_256
dpp_test_vector_p_256_b
dpp_test_vector_p_521
@ -603,7 +556,6 @@ dpp_pkex_no_identifier
dpp_pkex_identifier_mismatch
dpp_pkex_identifier_mismatch2
dpp_pkex_identifier_mismatch3
dpp_pkex_5ghz
dpp_pkex_test_vector
dpp_pkex_code_mismatch
dpp_pkex_code_mismatch_limit
@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
dpp_pkex_nak_curve_change
dpp_pkex_nak_curve_change2
dpp_hostapd_configurator
dpp_hostapd_configurator_enrollee_v1
dpp_hostapd_configurator_responder
dpp_hostapd_configurator_fragmentation
dpp_hostapd_enrollee_fragmentation
@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
dpp_proto_stop_at_pkex_cr_resp
dpp_proto_network_introduction
dpp_hostapd_auth_conf_timeout
dpp_hostapd_auth_resp_retries
dpp_tcp
dpp_tcp_port
dpp_tcp_mutual
@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
dpp_qr_code_config_event_initiator_no_response
dpp_qr_code_config_event_initiator_both
dpp_tcp_qr_code_config_event_initiator
dpp_qr_code_config_event_responder
dpp_discard_public_action

47
.github/workflows/hostap-files/configs/hostap_2_10/extra.patch vendored Normal file
View File

@ -0,0 +1,47 @@
From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Apr 2024 16:41:38 +0200
Subject: [PATCH] Fixes for running tests under UML
- Apply commit ID fix from more recent commit
- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
---
src/crypto/crypto_wolfssl.c | 2 +-
tests/hwsim/run-all.sh | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 00ecf61352..a57fa50697 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
int ret = -1;
WC_RNG rng;
DhKey *dh = NULL;
- word32 priv_sz, pub_sz;
+ word32 priv_sz = prime_len, pub_sz = prime_len;
if (TEST_FAIL())
return -1;
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
index ee48cd0581..75c3a58b52 100755
--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
@@ -15,7 +15,13 @@ export LOGDIR
if [ -z "$DBFILE" ]; then
DB=""
else
- DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+ DB="-S $DBFILE"
+ if [ -z "$COMMITID" ]; then
+ COMMITID="$(git rev-parse HEAD)"
+ fi
+ if [ -n "$COMMITID" ]; then
+ DB="$DB --commit $COMMITID"
+ fi
if [ -n "$BUILD" ]; then
DB="$DB -b $BUILD"
fi
--
2.34.1

14
.github/workflows/hostap-files/configs/hostap_2_10/tests vendored
View File

@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown

344
.github/workflows/hostap-vm.yml vendored Normal file
View File

@ -0,0 +1,344 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
LINUX_REF: v6.12
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-vm-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir.tgz
retention-days: 5
checkout_hostap:
name: Checkout hostap repo
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have hostap in cache
uses: actions/cache@v4
id: cache
with:
path: hostap
key: hostap-repo
lookup-only: true
- name: Checkout hostap
run: git clone git://w1.fi/hostap.git hostap
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: checkout_hostap
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: hostap-linux-${{ env.LINUX_REF }}
lookup-only: true
- name: Checking if we have hostap in cache
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/restore@v4
with:
path: hostap
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
path: linux
ref: ${{ env.LINUX_REF }}
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
run: |
cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
cd linux
yes "" | ARCH=um make -j $(nproc)
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. Tests are read from the corresponding
# configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-vm-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
},
{
hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
build_id: hostap-vm-build2
},
]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
}
name: hwsim test
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux, checkout_hostap]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: hostap-linux-${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
run: tree
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
- name: Checking if we have hostap in cache
uses: actions/cache/restore@v4
with:
path: hostap
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout correct ref
working-directory: hostap
run: git checkout ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
run: ./update.sh
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- name: Apply extra patches
working-directory: hostap
run: |
FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
if [ -f "$FILE" ]; then
patch -p1 < $FILE
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap and wpa_supplicant
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
cat <<EOF >> vm/vm-config
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
HWSIM_RES=0 # Not set when command succeeds
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$?
if [ "$HWSIM_RES" -ne "0" ]; then
# Let's re-run the failing tests. We gather the failed tests from the log file.
FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
printf 'failed tests: %s\n' "$FAILED_TESTS"
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
fi
rm -r /tmp/hwsim-test-logs
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
# The logs are quite big. It hasn't been useful so far so let's not waste
# precious gh space.
#- name: zip logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# working-directory: hostap/tests/hwsim/
# run: |
# rm /tmp/hwsim-test-logs/latest
# zip -9 -r logs.zip /tmp/hwsim-test-logs
#
#- name: Upload failure logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# uses: actions/upload-artifact@v4
# with:
# name: hostap-logs-${{ env.our_job_run_id }}
# path: hostap/tests/hwsim/logs.zip
# retention-days: 5

52
.github/workflows/intelasm-c-fallback.yml vendored Normal file
View File

@ -0,0 +1,52 @@
name: Dynamic C Fallback Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
run: |
./autogen.sh
randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
randseed="${randseed#"${randseed%%[![:space:]]*}"}"
echo "fuzzing seed=${randseed}"
./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

85
.github/workflows/ipmitool.yml vendored Normal file
View File

@ -0,0 +1,85 @@
name: ipmitool Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ipmitool
path: build-dir.tgz
retention-days: 5
build_ipmitool:
strategy:
fail-fast: false
matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ipmitool
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build ipmitool
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: ipmitool/ipmitool
ref: ${{ matrix.git_ref }}
path: ipmitool
patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
# No checks included and not running since it depends on hardware
check: false
- name: Confirm built with wolfSSL
working-directory: ipmitool
run: |
ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl

96
.github/workflows/jwt-cpp.yml vendored Normal file
View File

@ -0,0 +1,96 @@
name: jwt-cpp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-jwt-cpp
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
config:
- ref: 0.7.0
runner: ubuntu-22.04
- ref: 0.6.0
runner: ubuntu-22.04
name: ${{ matrix.config.ref }}
runs-on: ${{ matrix.config.runner }}
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libgtest-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-jwt-cpp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jwt-cpp
uses: actions/checkout@v4
with:
repository: Thalhammer/jwt-cpp
path: jwt-cpp
ref: v${{ matrix.config.ref }}
- name: Build pam-ipmi
working-directory: jwt-cpp
run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl
- name: Run jwt-cpp tests
working-directory: jwt-cpp
run: ./build/tests/jwt-cpp-test

48
.github/workflows/krb5.yml vendored
View File

@ -1,29 +1,46 @@
name: Kerberos 5 Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 5
steps:
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-krb CFLAGS='-fsanitize=address'
configure: --enable-krb CC='gcc -fsanitize=address'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
krb5_check:
strategy:
@ -32,25 +49,28 @@ jobs:
# List of releases to test
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout krb5
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: krb5/krb5
ref: krb5-${{ matrix.ref }}-final
@ -61,6 +81,10 @@ jobs:
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build krb5
working-directory: ./krb5/src
run: |
@ -68,7 +92,7 @@ jobs:
# Using rpath because LD_LIBRARY_PATH is overwritten during testing
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j

91
.github/workflows/libspdm.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: libspdm Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libspdm
path: build-dir.tgz
retention-days: 5
libspdm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 3.3.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libspdm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libspdm
uses: actions/checkout@v4
with:
repository: DMTF/libspdm
path: libspdm
ref: ${{ matrix.ref }}
- name: Build and test libspdm
working-directory: libspdm
run: |
patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
git submodule update --init --recursive
# Silence cmake version warnings
find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
mkdir build
cd build
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
-DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
-DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
make -j
cd ../unit_test/sample_key
../../build/bin/test_crypt
../../build/bin/test_spdm_secured_message
../../build/bin/test_spdm_crypt

77
.github/workflows/libssh2.yml vendored Normal file
View File

@ -0,0 +1,77 @@
name: libssh2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
check: false # config is already tested in many other PRB's
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir.tgz
retention-days: 5
libssh2_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.11.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libssh2
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: libssh2/libssh2
ref: libssh2-${{ matrix.ref }}
path: libssh2
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm libssh2 built with wolfSSL
run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
- name: print server logs
if: ${{ failure() }}
run: tail -n +1 libssh2/tests/*.log

86
.github/workflows/libvncserver.yml vendored Normal file
View File

@ -0,0 +1,86 @@
name: libvncserver Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libvncserver
path: build-dir.tgz
retention-days: 5
build_libvncserver:
strategy:
fail-fast: false
matrix:
ref: [ 0.9.13, 0.9.14 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libvncserver
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libvncserver
uses: actions/checkout@v4
with:
repository: LibVNC/libvncserver
path: libvncserver
ref: LibVNCServer-${{ matrix.ref }}
- name: Build libvncserver
working-directory: libvncserver
run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl
- name: Run libvncserver tests
working-directory: libvncserver
run: make -C build test

47
.github/workflows/main.yml vendored
View File

@ -1,47 +0,0 @@
name: CI
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
espressif:
uses: ./.github/workflows/docker-Espressif.yml
multi-compiler:
uses: ./.github/workflows/multi-compiler.yml
multi-arch:
uses: ./.github/workflows/multi-arch.yml
openwrt:
uses: ./.github/workflows/docker-OpenWrt.yml
os-check:
uses: ./.github/workflows/os-check.yml
async:
uses: ./.github/workflows/async.yml
stunnel:
uses: ./.github/workflows/stunnel.yml
openvpn:
uses: ./.github/workflows/openvpn.yml
hostap:
uses: ./.github/workflows/hostap.yml
nginx:
uses: ./.github/workflows/nginx.yml
zephyr:
uses: ./.github/workflows/zephyr.yml
hitch:
uses: ./.github/workflows/hitch.yml
curl:
uses: ./.github/workflows/curl.yml
krb5:
uses: ./.github/workflows/krb5.yml
packaging:
uses: ./.github/workflows/packaging.yml
memcached:
uses: ./.github/workflows/memcached.yml
# TODO: Currently this test fails. Enable it once it becomes passing.
# haproxy:
# uses: ./.github/workflows/haproxy.yml

79
.github/workflows/mbedtls.sh vendored Normal file
View File

@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -e
set -x
# Basic TLS test
./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
# Basic DTLS test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
./mbedtls/build/programs/ssl/ssl_client2 dtls=1
kill $SERVER_PID
sleep 0.1
# DTLS 1.2 CID test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1

86
.github/workflows/mbedtls.yml vendored Normal file
View File

@ -0,0 +1,86 @@
name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
MBED_REF: v3.6.2
jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
lookup-only: true
- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls
- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
mbedtls_test:
name: Test interop with mbedtls
runs-on: ubuntu-latest
needs: build_mbedtls
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh
- name: print server logs
if: ${{ failure() }}
run: cat /tmp/server.log

36
.github/workflows/memcached.yml vendored
View File

@ -1,13 +1,23 @@
name: memcached Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
@ -19,12 +29,15 @@ jobs:
- name: Bundle Docker entry point
run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
memcached_check:
strategy:
@ -34,17 +47,20 @@ jobs:
include:
- ref: 1.6.22
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
@ -56,7 +72,7 @@ jobs:
sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
- name: Checkout memcached
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: memcached/memcached
ref: 1.6.22

105
.github/workflows/mosquitto.yml vendored Normal file
View File

@ -0,0 +1,105 @@
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Update certs
run: |
cd $GITHUB_WORKSPACE/mosquitto/test/ssl
./gen.sh
cat all-ca.crt >> server.crt
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi

18
.github/workflows/multi-arch.yml vendored
View File

@ -1,7 +1,16 @@
name: Multiple architectures
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
@ -27,7 +36,8 @@ jobs:
CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
ARCH: armel
EXTRA_OPTS: --enable-sp-asm
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@ -35,14 +45,14 @@ jobs:
run: |
sudo apt update
sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}
CFLAGS: ${{ matrix.CFLAGS }}
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f config.log ] ; then

28
.github/workflows/multi-compiler.yml vendored
View File

@ -1,7 +1,16 @@
name: Multiple compilers and versions
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
@ -12,16 +21,16 @@ jobs:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-10
CXX: g++-10
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-11
CXX: g++-11
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-12
CXX: g++-12
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
@ -33,15 +42,18 @@ jobs:
OS: ubuntu-20.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: clang-14
CXX: clang++-14
OS: ubuntu-latest
OS: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}

84
.github/workflows/net-snmp.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: net-snmp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-net-snmp
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-net-snmp
path: build-dir.tgz
retention-days: 5
net-snmp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 5.9.3
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-net-snmp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build net-snmp
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: net-snmp/net-snmp
ref: v${{ matrix.ref }}
path: net-snmp
patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Run net-snmp tests
working-directory: net-snmp
run: |
autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
make -j test TESTOPTS="${{ matrix.test_opts }}"

46
.github/workflows/nginx.yml vendored
View File

@ -1,13 +1,23 @@
name: nginx Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@ -24,12 +34,15 @@ jobs:
configure: --enable-nginx ${{ env.wolf_debug_flags }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
nginx_check:
strategy:
@ -84,7 +97,7 @@ jobs:
stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
uwsgi_ssl.t uwsgi_ssl_verify.t
uwsgi_ssl.t uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@ -93,29 +106,32 @@ jobs:
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
- name: Checkout wolfssl-nginx
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl-nginx
path: wolfssl-nginx
- name: Checkout nginx
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: nginx/nginx
path: nginx
@ -131,7 +147,7 @@ jobs:
run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
- name: Checkout nginx-tests
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: nginx/nginx-tests
path: nginx-tests
@ -174,6 +190,10 @@ jobs:
run: |
echo "nginx_c_flags=-O0" >> $GITHUB_ENV
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build nginx with sanitizer
working-directory: nginx
run: |
@ -203,4 +223,4 @@ jobs:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-ok }}

44
.github/workflows/no-malloc.yml vendored Normal file
View File

@ -0,0 +1,44 @@
name: No Malloc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

27
.github/workflows/nss.sh vendored Normal file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -e
set -x
# Setup nss cert db
mkdir nssdb
./dist/Debug/bin/certutil -d nssdb -N --empty-password
./dist/Debug/bin/certutil -d nssdb -A -a -i wolfssl/certs/test/server-localhost.pem \
-t TCP -n 'wolf localhost'
# App data for nss
echo Hello from nss > /tmp/in
# TLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1
# DTLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1

89
.github/workflows/nss.yml vendored Normal file
View File

@ -0,0 +1,89 @@
name: nss interop Tests
### TODO uncomment stuff
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
NSS_REF: NSS_3_107_RTM
jobs:
build_nss:
name: Build nss
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
steps:
- name: Checking if we have nss in cache
uses: actions/cache@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
lookup-only: true
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y gyp ninja-build
- name: Checkout nss
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: nss-dev/nss
ref: ${{ env.NSS_REF }}
path: nss
- name: Compile nss
if: steps.cache.outputs.cache-hit != 'true'
run: |
hg clone https://hg.mozilla.org/projects/nspr
cd nss
./build.sh
nss_test:
name: Test interop with nss
runs-on: ubuntu-22.04
needs: build_nss
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Checking if we have nss in cache
uses: actions/cache/restore@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtls13
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/nss.sh
- name: print server logs
if: ${{ failure() }}
run: |
cat /tmp/server.log

93
.github/workflows/ntp.yml vendored Normal file
View File

@ -0,0 +1,93 @@
name: ntp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ntp
path: build-dir.tgz
retention-days: 5
ntp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 4.2.8p15, 4.2.8p17 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ntp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
# Avoid DoS'ing ntp site so cache the tar.gz
- name: Check if we have ntp
uses: actions/cache@v4
id: cache
with:
path: ntp-${{ matrix.ref }}.tar.gz
key: ntp-${{ matrix.ref }}.tar.gz
- name: Download ntp
if: steps.cache.outputs.cache-hit != 'true'
run: |
wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
- name: Extract ntp
run: |
tar -xf ntp-${{ matrix.ref }}.tar.gz
- name: Build and test ntp
working-directory: ntp-${{ matrix.ref }}
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
./bootstrap
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j
make -j check

38
.github/workflows/ocsp.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: OCSP Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
ocsp_stapling:
name: ocsp stapling
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
- name: Build wolfSSL
run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
- name: Start OCSP responder 1
run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
- name: Start OCSP responder 2
run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
- name: Start TLS server
run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
- name: Test Look Up
run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o

91
.github/workflows/openldap.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openldap
path: build-dir.tgz
retention-days: 5
openldap_check:
strategy:
fail-fast: false
matrix:
include:
# List of releases to test
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
- osp_ref: 2.6.7
git_ref: OPENLDAP_REL_ENG_2_6_7
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openldap
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout openldap
uses: actions/checkout@v4
with:
repository: openldap/openldap
path: openldap
ref: ${{ matrix.git_ref }}
- name: Build and test OpenLDAP
working-directory: openldap
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
rm aclocal.m4
autoreconf -ivf
./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
-I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
-L$GITHUB_WORKSPACE/build-dir/lib"
make -j depend
make -j
make -j check

84
.github/workflows/openssh.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: openssh Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir.tgz
retention-days: 5
openssh_check:
strategy:
fail-fast: false
matrix:
include:
- git_ref: 'V_9_6_P1'
osp_ver: '9.6'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test openssh
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: openssh/openssh-portable
ref: ${{ matrix.git_ref }}
path: openssh
patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |
# Run all the tests except (t-exec) as it takes too long
make file-tests interop-tests extra-tests unit

50
.github/workflows/opensslcoexist.yml vendored Normal file
View File

@ -0,0 +1,50 @@
name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
run: |
./autogen.sh || $(exit 2)
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in config.log scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

42
.github/workflows/openvpn.yml vendored
View File

@ -1,13 +1,23 @@
name: OpenVPN Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@ -18,30 +28,36 @@ jobs:
configure: --enable-openvpn
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
openvpn_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ master, release/2.6, v2.6.0 ]
ref: [ release/2.6, master ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
@ -50,10 +66,14 @@ jobs:
linux-libc-dev man2html libcmocka-dev python3-docutils \
libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- if: ${{ matrix.ref != 'master' }}
name: Build and test openvpn with fsanitize
run: |
echo 'extra_c_flags=CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
- name: Build and test openvpn
uses: wolfSSL/actions-build-autotools-project@v1

62
.github/workflows/os-check.yml vendored
View File

@ -1,14 +1,23 @@
name: Ubuntu-Macos-Windows Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
config: [
# Add new configs here
'',
@ -16,16 +25,26 @@ jobs:
'--enable-all --enable-asn=original',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
'--enable-ascon --enable-experimental',
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@ -40,12 +59,13 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_all.h',
]
name: make user_setting.h
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@ -61,14 +81,18 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_eccnonblock.h',
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
'examples/configs/user_settings_wolfssh.h',
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
@ -88,13 +112,14 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- if: ${{ matrix.os == 'macos-latest' }}
run: brew install automake libtool
- run: ./autogen.sh
@ -108,7 +133,12 @@ jobs:
windows_build:
name: Windows Build Test
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
arch: [ x64, Win32, ARM64 ]
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
@ -119,12 +149,11 @@ jobs:
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
uses: microsoft/setup-msbuild@v2
- name: Restore NuGet packages
working-directory: ${{env.GITHUB_WORKSPACE}}
@ -134,8 +163,9 @@ jobs:
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run Test
- if: ${{ matrix.arch != 'ARM64' }}
name: Run Test
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Release/x64/testsuite.exe
run: Release/${{matrix.arch}}/testsuite.exe

32
.github/workflows/packaging.yml vendored
View File

@ -1,17 +1,27 @@
name: Packaging Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Package wolfSSL
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Configure wolfSSL
run: |
@ -28,8 +38,9 @@ jobs:
- name: Build wolfSSL .deb
run: make deb-docker
- name: Build wolfSSL .rpm
run: make rpm-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built
run: |
@ -38,8 +49,9 @@ jobs:
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi

92
.github/workflows/pam-ipmi.yml vendored Normal file
View File

@ -0,0 +1,92 @@
name: pam-ipmi Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-pam-ipmi
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
strategy:
fail-fast: false
matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libpam-dev ninja-build meson
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-pam-ipmi
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout pam-ipmi
uses: actions/checkout@v4
with:
repository: openbmc/pam-ipmi
path: pam-ipmi
ref: ${{ matrix.git_ref }}
- name: Build pam-ipmi
working-directory: pam-ipmi
run: |
patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
ninja -C build
- name: Confirm built with wolfSSL
working-directory: pam-ipmi
run: |
ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl

49
.github/workflows/pq-all.yml vendored Normal file
View File

@ -0,0 +1,49 @@
name: Quantum Resistant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

116
.github/workflows/rng-tools.yml vendored Normal file
View File

@ -0,0 +1,116 @@
name: rng-tools Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-rng-tools
path: build-dir.tgz
retention-days: 5
rng-tools_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 6.16 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-rng-tools
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jitterentropy-library
uses: actions/checkout@v4
with:
repository: smuellerDD/jitterentropy-library
path: jitterentropy-library
ref: v3.5.0
- name: Build jitterentropy-library
working-directory: jitterentropy-library
run: make -j
- name: Build rng-tools
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: nhorman/rng-tools
ref: v${{ matrix.ref }}
path: rng-tools
patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Testing rng-tools
id: testing
working-directory: rng-tools
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi
- name: Print logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: rng-tools/tests
run: cat test-suite.log

81
.github/workflows/socat.yml vendored Normal file
View File

@ -0,0 +1,81 @@
name: socat Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-socat
path: build-dir.tgz
retention-days: 5
socat_check:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-socat
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build socat
working-directory: ./socat-1.8.0.0
run: |
patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
autoreconf -vfi
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
make
- name: Run socat tests
working-directory: ./socat-1.8.0.0
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530

94
.github/workflows/softhsm.yml vendored Normal file
View File

@ -0,0 +1,94 @@
name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-softhsm
path: build-dir.tgz
retention-days: 5
softhsm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcppunit-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-softhsm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout SoftHSMv2
uses: actions/checkout@v4
with:
repository: opendnssec/SoftHSMv2
path: softhsm
ref: ${{ matrix.ref }}
# Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
- name: Build softhsm
working-directory: softhsm
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
autoreconf -if
./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
make -j
- name: Test softhsm
working-directory: softhsm
run: make -j check

99
.github/workflows/sssd.yml vendored Normal file
View File

@ -0,0 +1,99 @@
name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
if: github.repository_owner == 'wolfssl'
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sssd
path: build-dir.tgz
retention-days: 5
sssd_check:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-22.04
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:
LD_LIBRARY_PATH: /usr/local/lib
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
- name: Setup env
run: |
ln -s samba-4.0/ldb.h /usr/include/ldb.h
ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sssd
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test sssd
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: SSSD/sssd
ref: ${{ matrix.ref }}
path: sssd
patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
configure: >-
--without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
--without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
check: true

36
.github/workflows/stunnel.yml vendored
View File

@ -1,13 +1,23 @@
name: stunnel Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@ -18,12 +28,15 @@ jobs:
configure: --enable-stunnel
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
retention-days: 1
path: build-dir.tgz
retention-days: 5
stunnel_check:
strategy:
@ -32,19 +45,22 @@ jobs:
# List of releases to test
ref: [ 5.67 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp

84
.github/workflows/watcomc.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: Build Watcom C
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
wolfssl_watcomc_windows:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
common:
- cmake: '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
platform:
- title: 'Windows OW 2.0'
system: 'Windows'
image: 'windows-latest'
owimage: '2.0'
id: 'win32ow20'
cmake: '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'Linux OW 2.0'
system: 'Linux'
image: 'ubuntu-latest'
owimage: '2.0'
id: 'linuxow20'
cmake: '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'OS/2 OW 2.0'
system: 'OS2'
image: 'windows-latest'
owimage: '2.0'
id: 'os2ow20'
cmake: '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
thread:
- id: 'multi'
cmake: ''
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
- id: 'single'
cmake: '-DWOLFSSL_SINGLE_THREADED=yes'
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
library:
- id: 'dll'
cmake: ''
owcmake: 'DLL'
- id: 'static'
cmake: '-DBUILD_SHARED_LIBS=no'
owcmake: ''
exclude:
- { platform: { system: 'Linux' }, library: { id: 'dll' } }
runs-on: ${{ matrix.platform.image }}
name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
steps:
- name: Setup Open Watcom ${{ matrix.platform.owimage }}
uses: open-watcom/setup-watcom@v0
with:
version: ${{ matrix.platform.owimage }}
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Build wolfSSL
working-directory: wolfssl
shell: bash
run: |
cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
cmake --build build
- name: Upload build errors
if: failure()
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
path: |
build/**

58
.github/workflows/win-csharp-test.yml vendored Normal file
View File

@ -0,0 +1,58 @@
name: Windows CSharp Build Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Debug
BUILD_PLATFORM: x64
steps:
- name: Pull wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Create FIPS stub files (autogen)
working-directory: wolfssl
run: |
echo $null >> wolfcrypt\src\fips.c
echo $null >> wolfcrypt\src\fips_test.c
echo $null >> wolfcrypt\src\wolfcrypt_first.c
echo $null >> wolfcrypt\src\wolfcrypt_last.c
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run wolfCrypt test
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfCrypt-test.exe
- name: Run wolfSSL client/server example
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

41
.github/workflows/wolfCrypt-Wconversion.yml vendored Normal file
View File

@ -0,0 +1,41 @@
name: wolfCrypt conversion warnings
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
strategy:
matrix:
config: [
# Add new configs here
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
]
name: build library
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Build wolfCrypt with extra type conversion warnings
run: |
./autogen.sh || $(exit 2)
echo "running ./configure ${{ matrix.config }}"
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)

47
.github/workflows/zephyr.yml vendored
View File

@ -1,7 +1,16 @@
name: Zephyr tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
run_test:
@ -14,9 +23,12 @@ jobs:
zephyr-sdk: 0.16.1
- zephyr-ref: v3.5.0
zephyr-sdk: 0.16.3
runs-on: ubuntu-latest
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
timeout-minutes: 25
steps:
- name: Install dependencies
run: |
@ -34,7 +46,7 @@ jobs:
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Install west
@ -64,30 +76,43 @@ jobs:
- name: Install zephyr SDK
run: |
wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64.tar.xz
wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
./setup.sh -h -c
./setup.sh -h -c -t x86_64-zephyr-elf
- name: Fix options for 2.7.4
if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
working-directory: zephyr/modules/crypto/wolfssl
run: |
sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
- name: Run wolfssl test
id: wolfssl-test
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS sock test
# Results in a page fault that I can't trace
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-sock
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS thread test
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-thread
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
rm -rf zephyr/twister-out
- name: Zip failure logs
@ -97,7 +122,7 @@ jobs:
- name: Upload failure logs
if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: zephyr-client-test-logs
path: logs.zip

73
.gitignore vendored
View File

@ -10,6 +10,7 @@ ctaocrypt/src/src/
*.cache
.dirstamp
*.user
!*-VS2022.vcxproj.user
configure
config.*
!cmake/config.in
@ -82,16 +83,19 @@ snifftest
output
mcapi/test
testsuite/testsuite
tests/unit
testsuite/testsuite.test
testsuite/*.der
testsuite/*.pem
testsuite/*.raw
testsuite/*.obj
testsuite/*.pdb
testsuite/*.idb
tests/unit
tests/unit.test
tests/bio_write_test.txt
tests/test-log-dump-to-file.txt
tests/cert_cache.tmp
test-write-dhparams.pem
testsuite/*.der
testsuite/*.pem
testsuite/*.raw
cert.der
cert.pem
certecc.der
@ -242,6 +246,7 @@ linuxkm/libwolfssl.mod.c
linuxkm/libwolfssl.lds
linuxkm/module_exports.c
linuxkm/linuxkm/get_thread_size
*.nds
# autotools generated
scripts/unit.test
@ -286,23 +291,6 @@ mqx/wolfcrypt_benchmark/.settings
mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
# User Crypto example build
wolfcrypt/user-crypto/aclocal.m4
wolfcrypt/user-crypto/config.guess
wolfcrypt/user-crypto/autom4te.cache
wolfcrypt/user-crypto/config.log
wolfcrypt/user-crypto/config.status
wolfcrypt/user-crypto/config.sub
wolfcrypt/user-crypto/depcomp
wolfcrypt/user-crypto/install-sh
wolfcrypt/user-crypto/libtool
wolfcrypt/user-crypto/ltmain.sh
wolfcrypt/user-crypto/m4
wolfcrypt/user-crypto/missing
wolfcrypt/user-crypto/Makefile.in
wolfcrypt/user-crypto/lib/libusercrypto.*
*.hzs
# wolfSSL CSharp wrapper
wrapper/CSharp/x64/
@ -339,6 +327,10 @@ wolfcrypt/src/port/intel/qat_test
# Arduino Generated Files
/IDE/ARDUINO/wolfSSL
scripts/memtest.txt
/IDE/ARDUINO/Arduino_README_prepend.md.tmp
/IDE/ARDUINO/library.properties.tmp
/IDE/ARDUINO/library.properties.tmp.backup
/IDE/ARDUINO/PREPENDED_README.md
# Doxygen generated files
doc/doxygen_warnings
@ -415,7 +407,7 @@ XXX-fips-test
# Generated user_settings_asm.h.
user_settings_asm.h
# VisualGD
# VisualGDB
**/.visualgdb
# Espressif sdk config default should be saved in sdkconfig.defaults
@ -423,6 +415,25 @@ user_settings_asm.h
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release
/IDE/Espressif/**/sdkconfig-debug
/IDE/Espressif/**/sdkconfig-release
# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk
# Ignore all the example logs
/IDE/Espressif/ESP-IDF/examples/**/logs/*
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
# auto-created CMake backups
**/CMakeLists.txt.old
@ -437,3 +448,21 @@ MagicCrypto
debian/changelog
debian/control
*.deb
# Ada/Alire files
wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
/**/.vscode/c_cpp_properties.json
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev
# Autogenerated debug trace headers
wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h

990
.wolfssl_known_macro_extras Normal file
View File

@ -0,0 +1,990 @@
AES_GCM_GMULT_NCT
AFX_RESOURCE_DLL
AFX_TARG_ENU
ALLOW_BINARY_MISMATCH_INTROSPECTION
ALLOW_V1_EXTENSIONS
ANDROID
APP_ESP_HTTP_CLIENT
APP_ESP_HTTP_CLIENT_EXAMPLE
APSTUDIO_INVOKED
ARCH_sim
ARDUINO
ARDUINO_ARCH_RP2040
ARDUINO_SAMD_NANO_33_IOT
ARDUINO_SAM_DUE
ASN_DUMP_OID
ASN_TEMPLATE_SKIP_ISCA_CHECK
ATCAPRINTF
ATCA_ENABLE_DEPRECATED
AVR
BASE64_NO_TABLE
BLAKE2B_SELFTEST
BLAKE2S_SELFTEST
BLOCKING
BSP_DEFAULT_IO_CHANNEL_DEFINED
BSP_LED_0
BSP_LED_1
BSP_SDCARD_ESDHC_CHANNEL
BSP_SDCARD_SDHC_CHANNEL
BSP_SDCARD_SPI_CHANNEL
CAAM_OUT_INVALIDATE
CERT_REL_PREFIX
CIOCASYMFEAT
CIOCGSESSINFO
CMSIS_OS2_H_
COMPONENT_WOLFSSL
CONFIG_ARCH_CHIP_STM32F746ZG
CONFIG_ARCH_CHIP_STM32H743ZI
CONFIG_ARCH_CHIP_STM32L552ZE
CONFIG_ARCH_POSIX
CONFIG_ARM
CONFIG_ARM64
CONFIG_BOARD_NATIVE_POSIX
CONFIG_COMPILER_OPTIMIZATION_DEFAULT
CONFIG_COMPILER_OPTIMIZATION_NONE
CONFIG_COMPILER_OPTIMIZATION_PERF
CONFIG_COMPILER_OPTIMIZATION_SIZE
CONFIG_CRYPTO_FIPS
CONFIG_CRYPTO_MANAGER
CONFIG_CSPRNG_ENABLED
CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP8266_XTAL_FREQ_26
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80
CONFIG_ESP_ENABLE_WOLFSSH
CONFIG_ESP_MAIN_TASK_STACK_SIZE
CONFIG_ESP_TLS_USING_WOLFSSL
CONFIG_ESP_WIFI_PASSWORD
CONFIG_ESP_WIFI_SSID
CONFIG_ESP_WOLFSSL_ENABLE_KYBER
CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
CONFIG_ESP_WOLFSSL_NO_HW_AES
CONFIG_ESP_WOLFSSL_NO_HW_HASH
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
CONFIG_FREERTOS_HZ
CONFIG_FREERTOS_UNICORE
CONFIG_IDF_TARGET
CONFIG_IDF_TARGET_ARCH_RISCV
CONFIG_IDF_TARGET_ARCH_XTENSA
CONFIG_IDF_TARGET_ESP32
CONFIG_IDF_TARGET_ESP32C2
CONFIG_IDF_TARGET_ESP32C3
CONFIG_IDF_TARGET_ESP32C6
CONFIG_IDF_TARGET_ESP32H2
CONFIG_IDF_TARGET_ESP32S2
CONFIG_IDF_TARGET_ESP32S3
CONFIG_IDF_TARGET_ESP8266
CONFIG_IDF_TARGET_ESP8684
CONFIG_MAIN_TASK_STACK_SIZE
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
CONFIG_MBEDTLS_PSA_CRYPTO_C
CONFIG_MIPS
CONFIG_MODULE_SIG
CONFIG_NET_SOCKETS_SOCKOPT_TLS
CONFIG_NEWLIB_LIBC
CONFIG_NEWLIB_NANO_FORMAT
CONFIG_PICOLIBC
CONFIG_POSIX_API
CONFIG_POSIX_THREADS
CONFIG_PREEMPT_COUNT
CONFIG_PTHREAD_IPC
CONFIG_SMP
CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
CONFIG_TIMER_TASK_STACK_DEPTH
CONFIG_TIMER_TASK_STACK_SIZE
CONFIG_TLS_STACK_WOLFSSL
CONFIG_USE_WOLFSSL_ESP_SDK_TIME
CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
CONFIG_WOLFCRYPT_ARMASM
CONFIG_WOLFCRYPT_FIPS
CONFIG_WOLFCRYPT_INTELASM
CONFIG_WOLFSSL
CONFIG_WOLFSSL_ALLOW_TLS13
CONFIG_WOLFSSL_ALPN
CONFIG_WOLFSSL_ALT_CERT_CHAINS
CONFIG_WOLFSSL_APPLE_HOMEKIT
CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
CONFIG_WOLFSSL_DTLS
CONFIG_WOLFSSL_ENABLE_KYBER
CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_NONE
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE
CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
CONFIG_WOLFSSL_HKDF
CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
CONFIG_WOLFSSL_NO_ASN_STRICT
CONFIG_WOLFSSL_PSK
CONFIG_WOLFSSL_RSA_PSS
CONFIG_WOLFSSL_TARGET_HOST
CONFIG_WOLFSSL_TARGET_PORT
CONFIG_WOLFSSL_TLS13_ENABLED
CONFIG_WOLFSSL_TLS_VERSION_1_2
CONFIG_WOLFSSL_TLS_VERSION_1_3
CONFIG_WOLFTPM
CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
CONFIG_X86
CONV_WITH_DIV
CPA_CY_API_VERSION_NUM_MAJOR
CPU_MIMXRT1176DVMAA_cm7
CPU_MK82FN256VLL15
CRLDP_VALIDATE_DATA
CRL_REPORT_LOAD_ERRORS
CRL_STATIC_REVOKED_LIST
CRYPTOCELL_KEY_SIZE
CRYP_HEADERWIDTHUNIT_BYTE
CRYP_KEYIVCONFIG_ONCE
CRYP_KEYSIZE_192B
CSM_UNSUPPORTED_ALGS
CTYPE_USER
CURVED448_SMALL
CY_USING_HAL
DCP_USE_DCACHE
DILITHIUM_MUL_11_SLOW
DILITHIUM_MUL_44_SLOW
DILITHIUM_MUL_QINV_SLOW
DILITHIUM_MUL_Q_SLOW
DILITHIUM_MUL_SLOW
DILITHIUM_USE_HINT_CT
DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
ECCSI_ORDER_MORE_BITS_THAN_PRIME
ECC_DUMP_OID
ECDHE_SIZE
ENABLE_SECURE_SOCKETS_LOGS
ESP32
ESP8266
ESP_ENABLE_WOLFSSH
ESP_IDF_VERSION_MAJOR
ESP_IDF_VERSION_MINOR
ESP_PLATFORM
ESP_TASK_MAIN_STACK
EV_TRIGGER
FP_ECC_CONTROL
FREERTOS_TCP_WINSIM
FREESCALE
FREESCALE_RNGB
FREESCALE_USE_MMCAU_CLASSIC
FSL_FEATURE_HAS_L1CACHE
FSL_FEATURE_LTC_HAS_DES
FSL_FEATURE_LTC_HAS_GCM
FSL_FEATURE_LTC_HAS_PKHA
FSL_FEATURE_LTC_HAS_SHA
FSL_FEATURE_SOC_LTC_COUNT
FSL_FEATURE_SOC_MMCAU_COUNT
FSL_FEATURE_SOC_RNG_COUNT
FSL_FEATURE_SOC_TRNG_COUNT
FUSION_RTOS
GENERATE_MACHINE_PARSEABLE_REPORT
GE_P3_TOBYTES_IMPL
GOAHEAD_WS
HAL_RTC_MODULE_ENABLED
HARDWARE_CACHE_COHERENCY
HASH_AlgoMode_HASH
HASH_BYTE_SWAP
HASH_CR_LKEY
HASH_DIGEST
HASH_DataType_8b
HASH_IMR_DCIE
HASH_IMR_DINIE
HAVE_AESGCM_DECRYPT
HAVE_BYTEREVERSE64
HAVE_CERTIFICATE_STATUS_V2
HAVE_COLDFIRE_SEC
HAVE_CRL_UPDATE_CB
HAVE_CSHARP
HAVE_CURL
HAVE_CURVE22519
HAVE_DANE
HAVE_ECC239
HAVE_ECC320
HAVE_ECC512
HAVE_ECC_CDH_CAST
HAVE_ECC_SM2
HAVE_ESP_CLK
HAVE_FACON
HAVE_FIPS_VERSION_PORT
HAVE_FUZZER
HAVE_INTEL_MULX
HAVE_INTEL_QAT_SYNC
HAVE_INTEL_SPEEDUP
HAVE_MDK_RTX
HAVE_NETX_BSD
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_POCO_LIB
HAVE_RTP_SYS
HAVE_SECURE_GETENV
HAVE_STACK_SIZE_VERBOSE_LOG
HAVE_THREADX
HAVE_TM_TYPE
HAVE_VALIDATE_DATE
HAVE_VA_COPY
HAVE_X448
HONOR_MATH_USED_LENGTH
HSM_KEY_TYPE_HMAC_224
HSM_KEY_TYPE_HMAC_256
HSM_KEY_TYPE_HMAC_384
HSM_KEY_TYPE_HMAC_512
HSM_OP_KEY_GENERATION_FLAGS_CREATE
HSM_OP_KEY_GENERATION_FLAGS_UPDATE
HSM_SVC_KEY_STORE_FLAGS_UPDATE
IDIRECT_DEV_RANDOM
IDIRECT_DEV_TIME
ID_TRNG
IGNORE_KEY_EXTENSIONS
IGNORE_NETSCAPE_CERT_TYPE
INCLUDE_uxTaskGetStackHighWaterMark
INTEGRITY
INTIMEVER
IOTSAFE_NO_GETDATA
IOTSAFE_SIG_8BIT_LENGTH
KCAPI_USE_XMALLOC
KYBER_NONDETERMINISTIC
K_SERIES
LIBWOLFSSL_VERSION_GIT_BRANCH
LIBWOLFSSL_VERSION_GIT_HASH
LIBWOLFSSL_VERSION_GIT_HASH_DATE
LIBWOLFSSL_VERSION_GIT_ORIGIN
LIBWOLFSSL_VERSION_GIT_SHORT_HASH
LIBWOLFSSL_VERSION_GIT_TAG
LINUXKM_FPU_STATES_FOLLOW_THREADS
LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
LINUX_CYCLE_COUNT
LINUX_RUSAGE_UTIME
LP64
MAX3266X_AESGCM
MAX3266X_RSA
MAXQ10XX_PRODUCTION_KEY
MAXQ_EXPORT_TLS_KEYS
MAXQ_SHA1
MAXSEG_64K
MAX_WOLFSSL_FILE_SIZE
MDK_CONF_BARE_METAL
MDK_CONF_FS
MDK_CONF_RTX_TCP_FS
MDK_CONF_TCP_FS
MDK_WOLFLIB
MICRIUM_MALLOC
MICROCHIP_MPLAB_HARMONY
MICROCHIP_MPLAB_HARMONY_3
MICRO_SESSION_CACHEx
MODULE_SOCK_TCP
MP_31BIT
MP_8BIT
MQX_USE_IO_OLD
MULTI_VALUE_STATISTICS
MUTEX_DURING_INIT
NEED_THREADX_TYPES
NETX_DUO
NET_SECURE_MODULE_EN
NOTE_TRIGGER
NO_AES_DECRYPT
NO_ARDUINO_DEFAULT
NO_ASM
NO_ASN_OLD_TYPE_NAMES
NO_CAMELLIA_CBC
NO_CERT
NO_CIPHER_SUITE_ALIASES
NO_CLIENT_CACHE
NO_CLOCK_SPEEDUP
NO_CURVE25519_KEY_EXPORT
NO_CURVE25519_KEY_IMPORT
NO_CURVE25519_SHARED_SECRET
NO_CURVE448_KEY_EXPORT
NO_CURVE448_KEY_IMPORT
NO_CURVE448_SHARED_SECRET
NO_DEV_URANDOM
NO_ECC384
NO_ECC521
NO_ECC_CACHE_CURVE
NO_ECC_CHECK_KEY
NO_ECC_KEY_IMPORT
NO_ECC_MAKE_PUB
NO_ED25519_CLIENT_AUTH
NO_ED25519_KEY_EXPORT
NO_ED25519_KEY_IMPORT
NO_ED25519_MAKE_KEY
NO_ED25519_SIGN
NO_ED25519_VERIFY
NO_ED448_CLIENT_AUTH
NO_ED448_KEY_EXPORT
NO_ED448_KEY_IMPORT
NO_ED448_SIGN
NO_ED448_VERIFY
NO_ESP_MP_MUL_EVEN_ALT_CALC
NO_FORCE_SCR_SAME_SUITE
NO_GCM_ENCRYPT_EXTRA
NO_GETENV
NO_HANDSHAKE_DONE_CB
NO_IMX6_CAAM_AES
NO_IMX6_CAAM_HASH
NO_OLD_NAMES
NO_OLD_POLY1305
NO_OLD_TIMEVAL_NAME
NO_PBKDF1
NO_PIC32MZ_CRYPT
NO_PIC32MZ_HASH
NO_PIC32MZ_RNG
NO_PKCS11_AES
NO_PKCS11_AESCBC
NO_PKCS11_AESGCM
NO_PKCS11_ECC
NO_PKCS11_ECDH
NO_PKCS11_EC_KEYGEN
NO_PKCS11_HMAC
NO_PKCS11_RNG
NO_PKCS11_RSA
NO_PKCS11_RSA_PKCS
NO_PKCS7
NO_PKCS7_COMPRESSED_DATA
NO_PKCS7_ENCRYPTED_DATA
NO_PKCS7_STREAM
NO_POLY1305_ASM
NO_PUBLIC_CCM_SET_NONCE
NO_PUBLIC_GCM_SET_IV
NO_RESUME_SUITE_CHECK
NO_RNG
NO_RNG_MUTEX
NO_SESSION_CACHE_ROW_LOCK
NO_SKID
NO_SKIP_PREVIEW
NO_STDIO_FGETS_REMAP
NO_TKERNEL_MEM_POOL
NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
NO_VERIFY_OID
NO_WC_SSIZE_TYPE
NO_WOLFSSL_ALLOC_ALIGN
NO_WOLFSSL_AUTOSAR_CRYIF
NO_WOLFSSL_AUTOSAR_CRYPTO
NO_WOLFSSL_AUTOSAR_CSM
NO_WOLFSSL_BASE64_DECODE
NO_WOLFSSL_BN_CTX
NO_WOLFSSL_MSG_EX
NO_WOLFSSL_RENESAS_FSPSM_AES
NO_WOLFSSL_RENESAS_FSPSM_HASH
NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
NO_WOLFSSL_SHA256
NO_WOLFSSL_SHA256_INTERLEAVE
NO_WOLFSSL_SHA512_INTERLEAVE
NO_WOLFSSL_SKIP_TRAILING_PAD
NO_WOLFSSL_SMALL_STACK_STATIC
NO_WOLFSSL_XILINX_TAG_MALLOC
NRF52
NRF52_SERIES
NRF_ERROR_MODULE_ALREADY_INITIALIZED
OLD_HELLO_ALLOWED
OPENSSL_EXTRA_BSD
OPENSSL_EXTRA_NO_ASN1
OPENSSL_EXTRA_NO_BN
OPENSSL_NO_PK
OS_WINDOWS
OTHERBOARD
OTHER_BOARD
PEER_INFO
PKA_ECC_SCALAR_MUL_IN_B_COEFF
PLATFORMIO
PLUTON_CRYPTO_ECC
PRINT_SESSION_STATS
PTHREAD_STACK_MIN
QAT_ENABLE_HASH
QAT_ENABLE_RNG
QAT_USE_POLLING_CHECK
RC_NO_RNG
REDIRECTION_IN3_KEYELMID
REDIRECTION_IN3_KEYID
REDIRECTION_OUT1_KEYELMID
REDIRECTION_OUT1_KEYID
REDIRECTION_OUT2_KEYELMID
REDIRECTION_OUT2_KEYID
RENESAS_T4_USE
RTC_ALARMSUBSECONDMASK_ALL
RTE_CMSIS_RTOS_RTX
RTOS_MODULE_NET_AVAIL
RTPLATFORM
SA_INTERRUPT
SCEKEY_INSTALLED
SHA256_MANY_REGISTERS
SHA3_BY_SPEC
SHOW_CERTS
SHOW_GEN
SHOW_SIZES
SHOW_SSID_AND_PASSWORD
SIM_SCGC3_RNGA_MASK
SIM_SCGC5_PORTC_MASK
SIM_SCGC5_PORTD_MASK
SIM_SCGC5_PORTE_MASK
SIM_SCGC6_RNGA_MASK
SL_SE_KEY_TYPE_ECC_P384
SL_SE_KEY_TYPE_ECC_P521
SL_SE_KEY_TYPE_ECC_X25519
SL_SE_KEY_TYPE_ECC_X448
SL_SE_PRF_HMAC_SHA1
SOFTDEVICE_PRESENT
SO_NOSIGPIPE
SO_REUSEPORT
SP_INT_NO_ASM
SP_MATH_NEED_ADD_OFF
SP_USE_DIVTI3
SQRTMOD_USE_MOD_EXP
SSL_SNIFFER_EXPORTS
SSN_BUILDING_LIBYASSL
STATIC_CHUNKS_ONLY
STM32F107xC
STM32F207xx
STM32F217xx
STM32F401xE
STM32F407xx
STM32F437xx
STM32F756xx
STM32F777xx
STM32G071xx
STM32G491xx
STM32H563xx
STM32H723xx
STM32H725xx
STM32H743xx
STM32H753xx
STM32H7S3xx
STM32L475xx
STM32L4A6xx
STM32L552xx
STM32L562xx
STM32MP135Fxx
STM32U575xx
STM32U585xx
STM32U5A9xx
STM32WB55xx
STM32WL55xx
STM32_AESGCM_PARTIAL
STM32_HW_CLOCK_AUTO
STM32_NUTTX_RNG
TASK_EXTRA_STACK_SIZE
TCP_NODELAY
TFM_ALREADY_SET
TFM_SMALL_MONT_SET
THREADED_SNIFFTEST
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX
USER_MATH_LIB
USE_ALT_MPRIME
USE_ANY_ADDR
USE_CERT_BUFFERS_25519
USE_CERT_BUFFERS_3072
USE_ECDSA_KEYSZ_HASH_ALGO
USE_FULL_ASSERT
USE_HAL_DRIVER
USE_NXP_LTC
USE_NXP_MMCAU
USE_QAE_THREAD_LS
USE_SECRET_CALLBACK
USE_STSAFE_RNG_SEED
USE_STSAFE_VERBOSE
USE_TLSV13
USE_WOLF_STRNSTR
USS_API
WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
WC_AES_BS_WORD_SIZE
WC_AES_GCM_DEC_AUTH_EARLY
WC_ASN_HASH_SHA256
WC_ASYNC_ENABLE_3DES
WC_ASYNC_ENABLE_AES
WC_ASYNC_ENABLE_ARC4
WC_ASYNC_ENABLE_DH
WC_ASYNC_ENABLE_ECC
WC_ASYNC_ENABLE_ECC_KEYGEN
WC_ASYNC_ENABLE_HMAC
WC_ASYNC_ENABLE_MD5
WC_ASYNC_ENABLE_RSA
WC_ASYNC_ENABLE_RSA_KEYGEN
WC_ASYNC_ENABLE_SHA
WC_ASYNC_ENABLE_SHA224
WC_ASYNC_ENABLE_SHA256
WC_ASYNC_ENABLE_SHA3
WC_ASYNC_ENABLE_SHA384
WC_ASYNC_ENABLE_SHA512
WC_ASYNC_NO_CRYPT
WC_ASYNC_NO_HASH
WC_DILITHIUM_CACHE_PRIV_VECTORS
WC_DILITHIUM_CACHE_PUB_VECTORS
WC_DILITHIUM_FIXED_ARRAY
WC_DISABLE_RADIX_ZERO_PAD
WC_ECC_NONBLOCK_ONLY
WC_KDF_NIST_SP_800_56C
WC_LMS_FULL_HASH
WC_NO_RNG_SIMPLE
WC_NO_STATIC_ASSERT
WC_PKCS11_FIND_WITH_ID_ONLY
WC_PROTECT_ENCRYPTED_MEM
WC_RNG_BLOCKING
WC_RSA_DIRECT
WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
WC_SSIZE_TYPE
WC_STRICT_SIG
WC_XMSS_FULL_HASH
WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
WOLFSENTRY_H
WOLFSENTRY_NO_JSON
WOLFSSL_32BIT_MILLI_TIME
WOLFSSL_AARCH64_PRIVILEGE_MODE
WOLFSSL_AESNI_BY4
WOLFSSL_AESNI_BY6
WOLFSSL_AFTER_DATE_CLOCK_SKEW
WOLFSSL_ALGO_HW_MUTEX
WOLFSSL_ALLOW_CRIT_AIA
WOLFSSL_ALLOW_CRIT_AKID
WOLFSSL_ALLOW_CRIT_SKID
WOLFSSL_ALLOW_ENCODING_CA_FALSE
WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
WOLFSSL_ALLOW_NO_CN_IN_SAN
WOLFSSL_ALLOW_NO_SUITES
WOLFSSL_ALLOW_SERVER_SC_EXT
WOLFSSL_ALLOW_TLS_SHA1
WOLFSSL_ALTERNATIVE_DOWNGRADE
WOLFSSL_ALT_NAMES_NO_REV
WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ASCON_UNROLL
WOLFSSL_ASNC_CRYPT
WOLFSSL_ASN_EXTRA
WOLFSSL_ASN_INT_LEAD_0_ANY
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_ATECC508
WOLFSSL_ATECC508A_NOIDLE
WOLFSSL_ATECC508A_NOSOFTECC
WOLFSSL_ATECC508A_TLS
WOLFSSL_ATECC_ECDH_IOENC
WOLFSSL_ATECC_NO_ECDH_ENC
WOLFSSL_ATECC_RNG
WOLFSSL_ATECC_TFLXTLS
WOLFSSL_ATECC_TNGTLS
WOLFSSL_ATMEL
WOLFSSL_ATMEL_TIME
WOLFSSL_BEFORE_DATE_CLOCK_SKEW
WOLFSSL_BIGINT_TYPES
WOLFSSL_BIO_NO_FLOW_STATS
WOLFSSL_BLAKE2B_INIT_EACH_FIELD
WOLFSSL_BLAKE2S_INIT_EACH_FIELD
WOLFSSL_BLIND_PRIVATE_KEY
WOLFSSL_BYTESWAP32_ASM
WOLFSSL_CAAM_BLACK_KEY_AESCCM
WOLFSSL_CAAM_BLACK_KEY_SM
WOLFSSL_CAAM_NO_BLACK_KEY
WOLFSSL_CALLBACKS
WOLFSSL_CHECK_DESKEY
WOLFSSL_CHECK_MEM_ZERO
WOLFSSL_CHIBIOS
WOLFSSL_CLANG_TIDY
WOLFSSL_COMMERCIAL_LICENSE
WOLFSSL_CONTIKI
WOLFSSL_CRL_ALLOW_MISSING_CDP
WOLFSSL_CURVE25519_BLINDING
WOLFSSL_CUSTOM_CONFIG
WOLFSSL_DILITHIUM_ASSIGN_KEY
WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
WOLFSSL_DILITHIUM_NO_ASN1
WOLFSSL_DILITHIUM_NO_CHECK_KEY
WOLFSSL_DILITHIUM_NO_LARGE_CODE
WOLFSSL_DILITHIUM_NO_MAKE
WOLFSSL_DILITHIUM_REVERSE_HASH_OID
WOLFSSL_DILITHIUM_SIGN_CHECK_W0
WOLFSSL_DILITHIUM_SIGN_CHECK_Y
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
WOLFSSL_DTLS_DISALLOW_FUTURE
WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
WOLFSSL_DUMP_MEMIO_STREAM
WOLFSSL_DUP_CERTPOL
WOLFSSL_ECC_BLIND_K
WOLFSSL_ECC_GEN_REJECT_SAMPLING
WOLFSSL_ECC_NO_SMALL_STACK
WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
WOLFSSL_ECDHX_SHARED_NOT_ZERO
WOLFSSL_ECDSA_MATCH_HASH
WOLFSSL_ECDSA_SET_K_ONE_LOOP
WOLFSSL_EC_POINT_CMP_JACOBIAN
WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
WOLFSSL_EMNET
WOLFSSL_ESPWROOM32
WOLFSSL_EVP_PRINT
WOLFSSL_EXPORT_INT
WOLFSSL_EXPORT_SPC_SZ
WOLFSSL_EXTRA
WOLFSSL_FORCE_OCSP_NONCE_CHECK
WOLFSSL_FRDM_K64
WOLFSSL_FRDM_K64_JENKINS
WOLFSSL_FUNC_TIME
WOLFSSL_FUNC_TIME_LOG
WOLFSSL_GEN_CERT
WOLFSSL_GETRANDOM
WOLFSSL_GNRC
WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
WOLFSSL_I2D_ECDSA_SIG_ALLOC
WOLFSSL_IAR_ARM_TIME
WOLFSSL_IGNORE_BAD_CERT_PATH
WOLFSSL_IMX6
WOLFSSL_IMX6_CAAM
WOLFSSL_IMX6_CAAM_BLOB
WOLFSSL_IMX6_CAAM_RNG
WOLFSSL_IMXRT_DCP
WOLFSSL_ISOTP
WOLFSSL_KEIL
WOLFSSL_KEIL_NET
WOLFSSL_KYBER_INVNTT_UNROLL
WOLFSSL_KYBER_NO_LARGE_CODE
WOLFSSL_KYBER_NO_MALLOC
WOLFSSL_KYBER_NTT_UNROLL
WOLFSSL_LIB
WOLFSSL_LMS_CACHE_BITS
WOLFSSL_LMS_FULL_HASH
WOLFSSL_LMS_LARGE_CACHES
WOLFSSL_LMS_MAX_HEIGHT
WOLFSSL_LMS_MAX_LEVELS
WOLFSSL_LMS_NO_SIG_CACHE
WOLFSSL_LMS_ROOT_LEVELS
WOLFSSL_LPC43xx
WOLFSSL_MAKE_SYSTEM_NAME_LINUX
WOLFSSL_MAKE_SYSTEM_NAME_WSL
WOLFSSL_MDK5
WOLFSSL_MEM_FAIL_COUNT
WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
WOLFSSL_MONT_RED_CT
WOLFSSL_MP_COND_COPY
WOLFSSL_MP_INVMOD_CONSTANT_TIME
WOLFSSL_MULTICIRCULATE_ALTNAMELIST
WOLFSSL_NONBLOCK_OCSP
WOLFSSL_NOSHA3_384
WOLFSSL_NOT_WINDOWS_API
WOLFSSL_NO_BIO_ADDR_IN
WOLFSSL_NO_CLIENT
WOLFSSL_NO_CLIENT_CERT_ERROR
WOLFSSL_NO_COPY_CERT
WOLFSSL_NO_COPY_KEY
WOLFSSL_NO_CRL_DATE_CHECK
WOLFSSL_NO_CRL_NEXT_DATE
WOLFSSL_NO_DECODE_EXTRA
WOLFSSL_NO_DER_TO_PEM
WOLFSSL_NO_DH186
WOLFSSL_NO_DTLS_SIZE_CHECK
WOLFSSL_NO_ETM_ALERT
WOLFSSL_NO_FENCE
WOLFSSL_NO_FSEEK
WOLFSSL_NO_INIT_CTX_KEY
WOLFSSL_NO_ISSUERHASH_TDPEER
WOLFSSL_NO_KCAPI_AES_CBC
WOLFSSL_NO_KCAPI_HMAC_SHA1
WOLFSSL_NO_KCAPI_HMAC_SHA224
WOLFSSL_NO_KCAPI_HMAC_SHA256
WOLFSSL_NO_KCAPI_HMAC_SHA384
WOLFSSL_NO_KCAPI_HMAC_SHA512
WOLFSSL_NO_KCAPI_SHA224
WOLFSSL_NO_OCSP_DATE_CHECK
WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
WOLFSSL_NO_OCSP_OPTIONAL_CERTS
WOLFSSL_NO_PUBLIC_FFDHE
WOLFSSL_NO_RSA_KEY_CHECK
WOLFSSL_NO_SERVER_GROUPS_EXT
WOLFSSL_NO_SESSION_STATS
WOLFSSL_NO_SIGALG
WOLFSSL_NO_SOCKADDR_UN
WOLFSSL_NO_SPHINCS
WOLFSSL_NO_STRICT_CIPHER_SUITE
WOLFSSL_NO_TICKET_EXPIRE
WOLFSSL_NO_TRUSTED_CERTS_VERIFY
WOLFSSL_NO_XOR_OPS
WOLFSSL_NRF51_AES
WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
WOLFSSL_OLD_SET_CURVES_LIST
WOLFSSL_OLD_TIMINGPADVERIFY
WOLFSSL_OLD_UNSUPPORTED_EXTENSION
WOLFSSL_OPTIONS_IGNORE_SYS
WOLFSSL_PASSTHRU_ERR
WOLFSSL_PB
WOLFSSL_PEER_ADDRESS_CHANGES
WOLFSSL_PKCS11_RW_TOKENS
WOLFSSL_PRCONNECT_PRO
WOLFSSL_PREFIX
WOLFSSL_PSA_NO_AES
WOLFSSL_PSA_NO_HASH
WOLFSSL_PSA_NO_PKCB
WOLFSSL_PSA_NO_PKCBS
WOLFSSL_PSA_NO_RNG
WOLFSSL_PSK_IDENTITY_ALERT
WOLFSSL_PSK_ID_PROTECTION
WOLFSSL_PSK_MULTI_ID_PER_CS
WOLFSSL_PSK_TLS13_CB
WOLFSSL_PSOC6_CRYPTO
WOLFSSL_PYTHON
WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY
WOLFSSL_RENESAS_RA6M3
WOLFSSL_RENESAS_RA6M3G
WOLFSSL_RENESAS_RSIP
WOLFSSL_RENESAS_RZN2L
WOLFSSL_RENESAS_TLS
WOLFSSL_RENESAS_TSIP_IAREWRX
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
WOLFSSL_RSA_DECRYPT_TO_0_LEN
WOLFSSL_RW_THREADED
WOLFSSL_SAKKE_SMALL
WOLFSSL_SAKKE_SMALL_MODEXP
WOLFSSL_SE050_AUTO_ERASE
WOLFSSL_SE050_CRYPT
WOLFSSL_SE050_HASH
WOLFSSL_SE050_INIT
WOLFSSL_SE050_NO_RSA
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
WOLFSSL_SETTINGS_FILE
WOLFSSL_SH224
WOLFSSL_SHA256_ALT_CH_MAJ
WOLFSSL_SHUTDOWNONCE
WOLFSSL_SILABS_TRNG
WOLFSSL_SM4_EBC
WOLFSSL_SNIFFER_NO_RECOVERY
WOLFSSL_SP_ARM32_UDIV
WOLFSSL_SP_DH
WOLFSSL_SP_FAST_NCT_EXPTMOD
WOLFSSL_SP_INT_SQR_VOLATILE
WOLFSSL_STACK_CHECK
WOLFSSL_STM32F427_RNG
WOLFSSL_STM32_RNG_NOLIB
WOLFSSL_STRONGEST_HASH_SIG
WOLFSSL_STSAFE_TAKES_SLOT
WOLFSSL_TELIT_M2MB
WOLFSSL_THREADED_CRYPT
WOLFSSL_TICKET_DECRYPT_NO_CREATE
WOLFSSL_TICKET_ENC_AES128_GCM
WOLFSSL_TICKET_ENC_AES256_CBC
WOLFSSL_TICKET_ENC_AES256_GCM
WOLFSSL_TICKET_ENC_CBC_HMAC
WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
WOLFSSL_TICKET_ENC_HMAC_SHA384
WOLFSSL_TICKET_ENC_HMAC_SHA512
WOLFSSL_TI_CURRTIME
WOLFSSL_TLS13_DRAFT
WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
WOLFSSL_TLS13_SHA512
WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
WOLFSSL_TRACK_MEMORY_FULL
WOLFSSL_TRAP_MALLOC_SZ
WOLFSSL_UNALIGNED_64BIT_ACCESS
WOLFSSL_USER_FILESYSTEM
WOLFSSL_USER_LOG
WOLFSSL_USER_MUTEX
WOLFSSL_USER_THREADING
WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
WOLFSSL_USE_FLASHMEM
WOLFSSL_USE_OPTIONS_H
WOLFSSL_USE_POPEN_HOST
WOLFSSL_VALIDATE_DH_KEYGEN
WOLFSSL_WC_XMSS_NO_SHA256
WOLFSSL_WC_XMSS_NO_SHAKE256
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
WOLFSSL_X509_STORE_CERTS
WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK
WOLFSSL_XFREE_NO_NULLNESS_CHECK
WOLFSSL_XILINX_CRYPTO_OLD
WOLFSSL_XILINX_PATCH
WOLFSSL_XIL_MSG_NO_SLEEP
WOLFSSL_XMSS_LARGE_SECRET_KEY
WOLFSSL_ZEPHYR
WOLF_ALLOW_BUILTIN
WOLF_CRYPTO_CB_CMD
WOLF_CRYPTO_CB_FIND
WOLF_CRYPTO_CB_ONLY_ECC
WOLF_CRYPTO_CB_ONLY_RSA
WOLF_CRYPTO_DEV
WOLF_NO_TRAILING_ENUM_COMMAS
XGETPASSWD
XMSS_CALL_PRF_KEYGEN
XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
XSECURE_CACHE_DISABLE
_ABI64
_ABIO64
_ARCH_PPC64
_COMPILER_VERSION
_INTPTR_T_DECLARED
_LP64
_MSC_VER
_MSVC_LANG
_M_ARM64
_M_X64
_NETOS
_POSIX_C_SOURCE
_SDCC_VERSION_PATCHLEVEL
_SH3
_SILICON_LABS_SECURITY_FEATURE
_SOCKLEN_T
_SYS_DEVCON_LOCAL_H
_TIME_HELPER_H
_UINTPTR_T_DECLARED
_WIN32
_WIN32_WCE
_WIN64
_XOPEN_SOURCE_EXTENDED
__32MZ2048ECH144__
__32MZ2048ECM144__
__32MZ2048EFM144__
__ANDROID__
__APPLE__
__ARCH_STRCASECMP_NO_REDIRECT
__ARCH_STRCMP_NO_REDIRECT
__ARCH_STRNCASECMP_NO_REDIRECT
__ARCH_STRNCAT_NO_REDIRECT
__ARCH_STRNCMP_NO_REDIRECT
__ARCH_STRNCPY_NO_REDIRECT
__ARCH_STRSTR_NO_REDIRECT
__ARM_ARCH_7M__
__ARM_FEATURE_CRYPTO
__ASSEMBLER__
__ATOMIC_RELAXED
__AVR__
__BCPLUSPLUS__
__BIG_ENDIAN__
__BORLANDC__
__CCRX__
__COMPILER_VER__
__CYGWIN__
__DATE__
__DCACHE_PRESENT
__DCC__
__DECC_VER
__ELF__
__EMSCRIPTEN__
__FPU_PRESENT
__FreeBSD__
__GLIBC__
__GNUC_MINOR__
__GNUC__
__HP_cc
__IAR_SYSTEMS_ICC__
__ICCARM__
__ILP32__
__INCLUDE_NUTTX_CONFIG_H
__INTEGRITY
__INTEL_COMPILER
__KEIL__
__KEY_DATA_H__
__LINUX__
__LP64
__LP64__
__MACH__
__MICROBLAZE__
__MINGW32__
__MINGW64_VERSION_MAJOR
__MINGW64__
__MWERKS__
__NT__
__OS2__
__OpenBSD__
__PIE__
__POWERPC__
__PPC__
__PPU
__QNXNTO__
__QNX__
__ROPI__
__SAM3A4C__
__SAM3A8C__
__SAM3A8H__
__SAM3X4C__
__SAM3X4E__
__SAM3X8C__
__SAM3X8E__
__SANITIZE_ADDRESS__
__SDCC_VERSION_MAJOR
__SDCC_VERSION_MINOR
__SDCC_VERSION_PATCH
__SIZEOF_INT128__
__SIZEOF_LONG_LONG__
__STDC_VERSION__
__STDC__
__STM32__
__STRICT_ANSI__
__SUNPRO_C
__SUNPRO_CC
__SVR4
__TI_COMPILER_VERSION__
__TURBOC__
__UNIX__
__USE_GNU
__USE_MISC
__USE_XOPEN2K
__WATCOMC__
__WATCOM_INT64__
__XC32
__XTENSA__
__aarch64__
__alpha__
__arch64__
__arm__
__clang__
__clang_major__
__cplusplus
__ghc__
__ghs__
__hpux__
__i386
__i386__
__ia64__
__linux__
__llvm__
__mips
__mips64
__must_check
__ppc64__
__ppc__
__riscv
__riscv_xlen
__s390x__
__sparc
__sparc64__
__sun
__svr4__
__thumb__
__ti__
__x86_64__
byte
configTICK_RATE_HZ
fallthrough
noinline
ssize_t
sun
versal
wc_Tls13_HKDF_Expand_Label

583
CMakeLists.txt
View File

@ -1,6 +1,6 @@
# CMakeList.txt
# CMakeLists.txt
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL. (formerly known as CyaSSL)
#
@ -21,6 +21,12 @@
cmake_minimum_required(VERSION 3.16)
if(${CMAKE_VERSION} VERSION_LESS "3.22")
message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.")
else()
cmake_policy(SET CMP0128 NEW)
endif()
if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
message(FATAL_ERROR "In-source builds are not allowed.\
Run cmake from a separate directory from where CMakeLists.txt lives.\
@ -28,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.")
endif()
project(wolfssl VERSION 5.6.6 LANGUAGES C ASM)
project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "")
@ -42,16 +48,19 @@ else()
endif()
# shared library versioning
# increment if interfaces have been added, removed or changed
set(LIBTOOL_CURRENT 42)
# increment if source code has changed set to zero if current is incremented
set(LIBTOOL_REVISION 0)
# increment if interfaces have been added set to zero if interfaces have been
# removed or changed
set(LIBTOOL_AGE 0)
# increment if interfaces have been removed or changed
set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
math(EXPR LIBTOOL_SO_VERSION "${LIBTOOL_CURRENT} - ${LIBTOOL_AGE}")
set(LIBTOOL_FULL_VERSION ${LIBTOOL_SO_VERSION}.${LIBTOOL_AGE}.${LIBTOOL_REVISION})
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
# WOLFSSL_LIBRARY_VERSION_SECOND is incremented
set(WOLFSSL_LIBRARY_VERSION_THIRD 0)
set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD})
set(WOLFSSL_DEFINITIONS)
set(WOLFSSL_LINK_LIBS)
@ -122,6 +131,7 @@ check_type_size("__uint128_t" __UINT128_T)
check_type_size("long long" SIZEOF_LONG_LONG)
check_type_size("long" SIZEOF_LONG)
check_type_size("time_t" SIZEOF_TIME_T)
check_type_size("uintptr_t" HAVE_UINTPTR_T)
# By default, HAVE___UINT128_T gets defined as TRUE,
# but we want it as 1.
@ -130,16 +140,27 @@ if(HAVE___UINT128_T)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE___UINT128_T")
endif()
include(TestBigEndian)
test_big_endian(WORDS_BIGENDIAN)
if(CMAKE_VERSION VERSION_LESS "3.20")
# TestBigEndian was deprecated in 3.20
include(TestBigEndian)
test_big_endian(IS_BIG_ENDIAN)
set(CMAKE_C_BYTE_ORDER "LITTLE_ENDIAN")
if(IS_BIG_ENDIAN)
set(CMAKE_C_BYTE_ORDER "BIG_ENDIAN")
endif()
endif()
# Thread local storage
include(CheckCSourceCompiles)
set(TLS_KEYWORDS "__thread" "__declspec(thread)")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
set(TLS_CODE "#include <stdlib.h>
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
endif()
else()
set(TLS_KEYWORDS "__thread" "__declspec(thread)")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
set(TLS_CODE "#include <stdlib.h>
static void foo(void) {
static ${TLS_KEYWORD} int bar\;
exit(1)\;
@ -148,21 +169,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
int main() {
return 0\;
}"
)
check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
)
check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
if(THREAD_LS_ON)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
break()
else()
# THREAD_LS_ON is cached after each call to
# check_c_source_compiles, and the function
# won't run subsequent times if the variable
# is in the cache. To make it run again, we
# need to remove the variable from the cache.
unset(THREAD_LS_ON CACHE)
endif()
endforeach()
if(THREAD_LS_ON)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
break()
else()
# THREAD_LS_ON is cached after each call to
# check_c_source_compiles, and the function
# won't run subsequent times if the variable
# is in the cache. To make it run again, we
# need to remove the variable from the cache.
unset(THREAD_LS_ON CACHE)
endif()
endforeach()
endif()
# TODO: AX_PTHREAD does a lot. Need to implement the
# rest of its logic.
@ -182,13 +204,20 @@ find_package(Threads)
# Example for map file and custom linker script
#set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
if(DEFINED WARNING_C_FLAGS)
set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
endif()
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
elseif(WIN32)
# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
else()
set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
endif()
####################################################
@ -215,6 +244,8 @@ if(WOLFSSL_REPRODUCIBLE_BUILD)
set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -D <TARGET>")
endif()
add_option("WOLFSSL_INSTALL" "Create install target for WolfSSL project" "yes" "yes;no")
# Support for forcing 32-bit mode
# TODO: detect platform from other options
add_option("WOLFSSL_32BIT"
@ -263,10 +294,10 @@ if(NOT WOLFSSL_SINGLE_THREADED)
if(CMAKE_USE_PTHREADS_INIT)
list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
set(HAVE_PTHREAD 1)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_PTHREAD"
"-D_POSIX_THREADS")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
endif()
else()
list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
endif()
# DTLS-SRTP
@ -400,16 +431,17 @@ if(WOLFSSL_CURL)
set(WOLFSSL_MD4 "yes")
set(WOLFSSL_DES3 "yes")
set(WOLFSSL_ALPN "yes")
set(WOLFSSL_WOLFSSH "yes")
set(WOLFSSL_OPENSSLEXTRA "yes")
set(WOLFSSL_CRL "yes")
set(WOLFSSL_OCSP "yes")
set(WOLFSSL_OCSPSTAPLING "yes")
set(WOLFSSL_OCSPSTAPLING_V2 "yes")
# Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
set(WOLFSSL_SNI "yes")
set(WOLFSSL_ALT_CERT_CHAINS "yes")
set(WOLFSSL_IP_ALT_NAME "yes")
set(WOLFSSL_SESSION_TICKET "yes")
set(WOLFSSL_WOLFSSH "yes")
list(APPEND WOLFSSL_DEFINITIONS
"-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
endif()
@ -420,7 +452,7 @@ add_option(WOLFSSL_ALPN
"no" "yes;no")
if(WOLFSSL_ALPN)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ALPN" "-DHAVE_TLS_EXTENSIONS")
endif()
# altcertchains
@ -519,6 +551,15 @@ if (WOLFSSL_OPENSSLALL)
"-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL")
endif()
add_option(WOLFSSL_NO_STUB
"Removes OpenSSL compatibility stub functions (default: disabled)"
"no" "yes;no")
if (WOLFSSL_NO_STUB)
list(APPEND WOLFSSL_DEFINITIONS
"-DNO_WOLFSSL_STUB")
endif()
# TODO: - IPv6 test apps
set(WOLFSSL_SLOW_MATH "yes")
@ -528,19 +569,102 @@ add_option(WOLFSSL_OQS
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
"no" "yes;no")
if (WOLFSSL_OQS)
find_package(OQS)
# Kyber
add_option(WOLFSSL_KYBER
"Enable the wolfSSL PQ Kyber library (default: disabled)"
"no" "yes;no")
if (OQS_FOUND)
list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
set(HAVE_LIBOQS 1)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_TLS_EXTENSIONS"
"-DHAVE_LIBOQS")
# Experimental features
add_option(WOLFSSL_EXPERIMENTAL
"Enable experimental features (default: disabled)"
"no" "yes;no")
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
if (WOLFSSL_EXPERIMENTAL)
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
# We've enabled the experimental environment, but let's
# check if any experimental features are also enabled:
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
# Checking for experimental feature: OQS
message(STATUS "Looking for WOLFSSL_OQS")
if (WOLFSSL_OQS)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Looking for WOLFSSL_OQS - found")
message(STATUS "Checking OQS")
find_package(OQS)
if (OQS_FOUND)
message(STATUS "Checking OQS - found")
list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
set_wolfssl_definitions("HAVE_LIBOQS" RESUlT)
set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESUlT)
set_wolfssl_definitions("OPENSSL_EXTRA" RESUlT)
else()
message(STATUS "Checking OQS - not found")
message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ")
endif()
else()
message(STATUS "Looking for WOLFSSL_OQS - not found")
endif()
# Checking for experimental feature: Kyber
message(STATUS "Looking for WOLFSSL_KYBER")
if (WOLFSSL_KYBER)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Automatically set related requirements for Kyber:")
set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
message(STATUS "Looking for WOLFSSL_KYBER - found")
else()
message(STATUS "Looking for WOLFSSL_KYBER - not found")
endif()
# Other experimental feature detection can be added here...
# Were any experimental features found? Display a message.
if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE)
message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.")
else()
message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
endif()
# Sanity checks
if(WOLFSSL_OQS AND WOLFSSL_KYBER)
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
endif()
else()
# Experimental mode not enabled, but were any experimental features enabled? Error out if so:
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
if (WOLFSSL_OQS)
message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
if(WOLFSSL_KYBER)
message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
endif()
# LMS
add_option(WOLFSSL_LMS
"Enable the wolfSSL LMS implementation (default: disabled)"
"no" "yes;no")
# XMSS
add_option(WOLFSSL_XMSS
"Enable the wolfSSL XMSS implementation (default: disabled)"
"no" "yes;no")
# TODO: - Lean PSK
# - Lean TLS
# - Low resource
@ -554,6 +678,7 @@ endif()
# - Atomic user record layer
# - Public key callbacks
# - Microchip/Atmel CryptoAuthLib
# - dual-certs
# AES-CBC
add_option("WOLFSSL_AESCBC"
@ -574,7 +699,7 @@ if(WOLFSSL_LEAN_PSK OR (WOLFSSL_LEAN_TLS AND NOT WOLFSSL_TLS13))
override_cache(WOLFSSL_AESGCM "no")
endif()
if(WOLFSSL_AESGCM AND NOT WORDS_BIGENDIAN)
if(WOLFSSL_AESGCM AND CMAKE_C_BYTE_ORDER STREQUAL "LITTLE_ENDIAN")
override_cache(WOLFSSL_AESGCM "4bit")
endif()
@ -841,13 +966,29 @@ if(WOLFSSL_ECC)
endif()
endif()
# TODO: - ECC custom curves
# - Compressed key
# TODO: - Compressed key
# - FP ECC, fixed point cache ECC
# - ECC encrypt
# - PSK
# - Single PSK identity
# ECC custom curves
add_option("WOLFSSL_ECCCUSTCURVES"
"Enable ECC Custom Curves (default: disabled)"
"no" "yes;no;all")
if(WOLFSSL_ECCCUSTCURVES)
if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
endif()
# CURVE25519
set(WOLFSSL_CURVE25519_SMALL "no")
add_option("WOLFSSL_CURVE25519"
@ -1008,8 +1149,7 @@ if(NOT WOLFSSL_MEMORY)
else()
# turn off memory cb if leanpsk or leantls on
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
# but don't turn on NO_WOLFSSL_MEMORY because using own
override_cache(WOLFSSL_MEMORY "no")
list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
endif()
endif()
@ -1205,6 +1345,14 @@ if(WOLFSSL_OPENSSH OR
override_cache(WOLFSSL_DES3 "yes")
endif()
# DES3 TLS Suites
set(WOLFSSL_DES3_TLS_SUITES_STRING "Enable DES3 TLS cipher suites (default: disabled)")
add_option("WOLFSSL_DES3_TLS_SUITES" ${WOLFSSL_DES3_TLS_SUITES_STRING} "no" "yes;no")
if(NOT WOLFSSL_DES3_TLS_SUITES)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3_TLS_SUITES")
endif()
# ARC4
set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
@ -1432,6 +1580,15 @@ add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no")
set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")
add_option(WOLFSSL_EX_DATA
"Enable app data (default: disabled)"
"no" "yes;no")
if (WOLFSSL_EX_DATA)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_EX_DATA")
endif()
# Supported elliptic curves extensions
add_option("WOLFSSL_SUPPORTED_CURVES"
"Enable Supported Elliptic Curves (default: enabled)"
@ -1662,17 +1819,14 @@ if(WOLFSSL_FAST_MATH)
list(APPEND WOLFSSL_DEFINITIONS "-DUSE_FAST_MATH")
set(WOLFSSL_SLOWMATH "no")
endif()
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
# Have settings.h set FP_MAX_BITS higher if user didn't set directly
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
endif()
endif()
# TODO: - Fast huge math
# Set processor-specific build macros
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|AMD64")
set(WOLFSSL_X86_64_BUILD ON)
add_option("WOLFSSL_X86_64_BUILD_ASM" "Build ASM files" "yes" "yes;no")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_X86_64_BUILD")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "aarch64|arm64")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AARCH64_BUILD")
@ -1753,13 +1907,19 @@ else()
list(APPEND WOLFSSL_DEFINITIONS "-DWC_NO_ASYNC_THREADING")
endif()
# TODO: - cryptodev
# - Session export
# TODO: - Session export
add_option("WOLFSSL_CRYPTOCB"
"Enable crypto callbacks (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_CRYPTOCB_NO_SW_TEST"
"Disable crypto callback SW testing (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_PKCALLBACKS"
"Enable public key callbacks (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_OLD_NAMES"
"Keep backwards compat with old names (default: enabled)"
@ -1960,6 +2120,15 @@ if(WOLFSSL_CRYPTOCB)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
endif()
if(WOLFSSL_CRYPTOCB_NO_SW_TEST)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_TEST_NO_CRYPTOCB_SW_TEST")
endif()
# Public Key Callbacks
if(WOLFSSL_PKCALLBACKS)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
endif()
if(WOLFSSL_OCSPSTAPLING)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_CERTIFICATE_STATUS_REQUEST" "-DHAVE_TLS_EXTENSIONS")
override_cache(WOLFSSL_OCSP "yes")
@ -2075,7 +2244,7 @@ endif()
# Suppress some warnings about separate compilation, inlining
add_definitions("-DWOLFSSL_IGNORE_FILE_WARN")
# Generate user options header
message("Generating user options header...")
message(STATUS "Generating user options header...")
if (${CMAKE_DISABLE_SOURCE_CHANGES})
set(WOLFSSL_BUILD_OUT_OF_TREE_DEFAULT "${CMAKE_DISABLE_SOURCE_CHANGES}")
else()
@ -2091,34 +2260,46 @@ else()
endif()
set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h")
# sccache
add_option("ENABLE_SCCACHE"
"Enable sccache (default: disabled)"
"no" "yes;no")
if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
find_program(SCCACHE sccache REQUIRED)
if(SCCACHE)
message(STATUS "Enable sccache")
if(CMAKE_C_COMPILER_LAUNCHER)
set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}")
else()
set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}")
endif()
if(CMAKE_CXX_COMPILER_LAUNCHER)
set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}")
else()
set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}")
endif()
if (MSVC)
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
elseif(CMAKE_BUILD_TYPE STREQUAL "Release")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
endif()
endif()
set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON)
endif()
endif()
file(REMOVE ${OPTION_FILE})
file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n")
file(APPEND ${OPTION_FILE} " * generated from configure options\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " * Copyright (C) 2006-2023 wolfSSL Inc.\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " * This file is part of wolfSSL. (formerly known as CyaSSL)\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " */\n\n")
file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_H\n")
file(APPEND ${OPTION_FILE} "#define WOLFSSL_OPTIONS_H\n\n\n")
file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n")
file(APPEND ${OPTION_FILE} "extern \"C\" {\n")
file(APPEND ${OPTION_FILE} "#endif\n\n")
add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}")
# CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C
# compiler. We need to replace those spaces with semicolons in order to treat it
# as a CMake list.
string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}")
add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}")
file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n")
file(APPEND ${OPTION_FILE} "}\n")
file(APPEND ${OPTION_FILE} "#endif\n\n\n")
file(APPEND ${OPTION_FILE} "#endif /* WOLFSSL_OPTIONS_H */\n\n")
####################################################
# Library Target
####################################################
@ -2196,9 +2377,23 @@ if(WOLFSSL_ARIA)
message(STATUS "ARIA Check: WOLFSSL_LINK_LIBS = ${WOLFSSL_LINK_LIBS}")
endif()
foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF})
if (NOT "${CMAKE_MATCH_4}" STREQUAL "")
set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})
# message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})")
else()
set(${CMAKE_MATCH_2} 1)
# message("set(${CMAKE_MATCH_2} 1)")
endif()
endforeach()
# If new build options are added please update the cmake/options.h.in
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/options.h.in ${OPTION_FILE})
set_target_properties(wolfssl
PROPERTIES
SOVERSION ${LIBTOOL_SO_VERSION}
SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
VERSION ${LIBTOOL_FULL_VERSION}
)
@ -2232,17 +2427,24 @@ target_include_directories(wolfssl
target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
if(WIN32)
# For Windows link ws2_32
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
target_link_libraries(wolfssl PUBLIC ws2_32 crypt32)
endif()
elseif (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
# For Windows link required libraries
message("Building on Windows/MSYS/MINGW")
target_link_libraries(wolfssl PUBLIC
$<$<PLATFORM_ID:Windows>:ws2_32 crypt32>)
ws2_32 crypt32 advapi32)
elseif(APPLE)
message("Building on Apple")
if(WOLFSSL_SYS_CA_CERTS)
target_link_libraries(wolfssl PUBLIC
${CORE_FOUNDATION_FRAMEWORK}
${SECURITY_FRAMEWORK})
endif()
else()
message("Building on Linux (or other)")
if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
# DH requires math (m) library
target_link_libraries(wolfssl
@ -2294,12 +2496,14 @@ if(WOLFSSL_EXAMPLES)
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
if(NOT WIN32)
if(NOT WIN32 AND NOT WOLFSSL_SINGLE_THREADED)
# Build TLS benchmark example
add_executable(tls_bench
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
target_link_libraries(tls_bench wolfssl)
target_link_libraries(tls_bench Threads::Threads)
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(tls_bench Threads::Threads)
endif()
set_property(TARGET tls_bench
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
@ -2308,19 +2512,49 @@ if(WOLFSSL_EXAMPLES)
# Build unit tests
add_executable(unit_test
tests/api.c
tests/api/test_md5.c
tests/api/test_sha.c
tests/api/test_sha256.c
tests/api/test_sha512.c
tests/api/test_sha3.c
tests/api/test_blake2.c
tests/api/test_sm3.c
tests/api/test_ripemd.c
tests/api/test_hash.c
tests/api/test_hmac.c
tests/api/test_cmac.c
tests/api/test_des3.c
tests/api/test_chacha.c
tests/api/test_poly1305.c
tests/api/test_chacha20_poly1305.c
tests/api/test_camellia.c
tests/api/test_arc4.c
tests/api/test_rc2.c
tests/api/test_aes.c
tests/api/test_ascon.c
tests/api/test_sm4.c
tests/api/test_wc_encrypt.c
tests/api/test_mlkem.c
tests/api/test_dtls.c
tests/api/test_ocsp.c
tests/api/test_evp.c
tests/hash.c
tests/srp.c
tests/suites.c
tests/w64wrapper.c
tests/unit.c
tests/quic.c
tests/utils.c
testsuite/utils.c
examples/server/server.c
examples/client/client.c)
target_include_directories(unit_test PRIVATE
${CMAKE_CURRENT_BINARY_DIR})
target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
target_link_libraries(unit_test wolfssl)
target_link_libraries(unit_test Threads::Threads)
if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(unit_test Threads::Threads)
endif()
set_property(TARGET unit_test
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/tests/)
@ -2516,82 +2750,99 @@ list(JOIN HEADER_EXCLUDE "|" EXCLUDED_HEADERS_REGEX)
string(PREPEND EXCLUDED_HEADERS_REGEX "(")
string(APPEND EXCLUDED_HEADERS_REGEX ")")
set(INSTALLED_EXAMPLES
${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
if(WOLFSSL_INSTALL)
# Install the library
install(TARGETS wolfssl
EXPORT wolfssl-targets
LIBRARY DESTINATION lib
ARCHIVE DESTINATION lib
RUNTIME DESTINATION bin
)
# Install the headers
install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
FILES_MATCHING PATTERN "*.h"
REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
FILES_MATCHING PATTERN "*.h"
REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
set(INSTALLED_EXAMPLES
${CMAKE_CURRENT_SOURCE_DIR}/examples/echoserver/echoserver.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client-dtls.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-client.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/sctp/sctp-server-dtls.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/echoclient/echoclient.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c
${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c)
# Install the examples
install(FILES ${INSTALLED_EXAMPLES}
DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
# Install README.txt and taoCert.txt
install(FILES
${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
DESTINATION ${CMAKE_INSTALL_DOCDIR})
# Install the export set
install(EXPORT wolfssl-targets
DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
FILE wolfssl-targets.cmake
NAMESPACE wolfssl::)
# TODO: Distro build + rules for what to include in the distro.
# See various include.am files.
# Install the library
install(TARGETS wolfssl
EXPORT wolfssl-targets
LIBRARY DESTINATION lib
ARCHIVE DESTINATION lib
RUNTIME DESTINATION bin
)
# Install the headers
install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
FILES_MATCHING PATTERN "*.h"
REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/wolfssl
FILES_MATCHING PATTERN "*.h"
REGEX ${EXCLUDED_HEADERS_REGEX} EXCLUDE)
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix "\${prefix}")
set(libdir "\${exec_prefix}/lib")
set(includedir "\${prefix}/include")
set(VERSION ${PROJECT_VERSION})
# Install the examples
install(FILES ${INSTALLED_EXAMPLES}
DESTINATION ${CMAKE_INSTALL_DOCDIR}/example)
# Install README.txt and taoCert.txt
install(FILES
${CMAKE_CURRENT_SOURCE_DIR}/doc/README.txt
${CMAKE_CURRENT_SOURCE_DIR}/certs/taoCert.txt
DESTINATION ${CMAKE_INSTALL_DOCDIR})
# Install the export set
install(EXPORT wolfssl-targets
DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
FILE wolfssl-targets.cmake
NAMESPACE wolfssl::)
configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
# TODO: Distro build + rules for what to include in the distro.
# See various include.am files.
include(CMakePackageConfigHelpers)
configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
"${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
NO_SET_AND_CHECK_MACRO
NO_CHECK_REQUIRED_COMPONENTS_MACRO
)
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix "\${prefix}")
set(libdir "\${exec_prefix}/lib")
set(includedir "\${prefix}/include")
set(VERSION ${PROJECT_VERSION})
export(EXPORT wolfssl-targets
FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
NAMESPACE wolfssl::
)
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
else()
# Setting libm in Libs.private of wolfssl.pc.
# See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
list(FIND _wolfssl_dep_libs m _dep_libm)
if ("${_dep_libm}" GREATER -1)
set(LIBM -lm)
else()
set(LIBM)
endif()
endif()
write_basic_package_version_file(
"${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
COMPATIBILITY AnyNewerVersion
)
configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
install(FILES
${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
)
include(CMakePackageConfigHelpers)
configure_package_config_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/Config.cmake.in
"${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake"
INSTALL_DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl"
NO_SET_AND_CHECK_MACRO
NO_CHECK_REQUIRED_COMPONENTS_MACRO
)
export(EXPORT wolfssl-targets
FILE "${CMAKE_CURRENT_BINARY_DIR}/wolfssl-targets.cmake"
NAMESPACE wolfssl::
)
write_basic_package_version_file(
"${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake"
VERSION "${wolfssl_VERSION_MAJOR}.${wolfssl_VERSION_MINOR}"
COMPATIBILITY AnyNewerVersion
)
install(FILES
${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config.cmake
${CMAKE_CURRENT_BINARY_DIR}/wolfssl-config-version.cmake
DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/wolfssl
)
endif()

553
ChangeLog.md
View File

@ -1,3 +1,524 @@
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
# wolfSSL Release 5.7.4 (Oct 24, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate
verification behaved differently in wolfSSL than OpenSSL, in the
X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
Previously, in cases where an application explicitly loaded an intermediate
certificate, wolfSSL was verifying only up to that intermediate certificate,
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
* Add support for (DevkitPro)libnds (PR 7990)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
* Add port for init sssd (PR 7781)
* Add port for eXosip2 (PR 7648)
* Add support for STM32G4 (PR 7997)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
Support (PR 7777)
* Add support for building wolfSSL to be used in libspdm (PR 7869)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
* Add option to disable cryptocb test software test using
--disable-cryptocb-sw-test (PR 7862)
* Add a call to certificate verify callback before checking certificate dates
(PR 7895)
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
Hashing (PR 3166)
* Expand MMCAU support for use with DES ECB (PR 7960)
* Update AES SIV to handle multiple associated data inputs (PR 7911)
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
(PR 7731)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
* Renesas RX TSIP ECDSA support (PR 7685)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
* Server-side checks OCSP even if it uses v2 multi (PR 7828)
* Add handling of absent hash params in PKCS7 bundle parsing and creation
(PR 7845)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
environments that do not have a word64 type (PR 7759)
* Update to the maxq10xx support (PR 7824)
* Add support for parsing over optional PKCS8 attributes (PR 7944)
* Add support for either side method with DTLS 1.3 (PR 8012)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
* Add left-most wildcard matching support to X509_check_host() (PR 7966)
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
* Building wolfSSL as a library with Ada and corrections to Alire manifest
(PR 7303,7940)
* Renesas RX72N support updated (PR 7849)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
(PR 8005)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
SSL object (PR 7867)
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
* Memory usage improvements in wc_PRF, sha256 (for small code when many
registers are available) and sp_int objects (PR 7901)
* Change in the configure script to work around ">>" with no command. In older
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
# wolfSSL Release 5.7.2 (July 08, 2024)
Release 5.7.2 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
## Vulnerabilities
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
Fixed https://github.com/wolfSSL/wolfssl/pull/7020
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
## New Feature Additions
* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
* Added CUDA support for AES encryption (PR 7436)
* Added support for gRPC (PR 7445)
* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
* Added crypto callback for SHA-3 (PR 7670)
* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
* C# wrapper SNI support added (PR 7610)
* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
## Enhancements and Optimizations
* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
* Improvements for Renesas RZ support (PR 7474)
* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
* Changed subject name comparison to match different upper and lower cases (PR 7420)
* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
* Update to static memory build for more generic memory pools used (PR 7418)
* Improved performance of Kyber C implementation (PR 7654)
* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
* Cortex-M inline assembly labels with unique number appended (PR 7649)
* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
* Added stubs required for latest nginx (1.25.5) (PR 7449)
* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
* Added PQ files for Windows (PR 7419)
* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
* Added additional minimum TLS extension size sanity checks (PR 7602)
* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
* XCODE support for v5.2.3 of the FIPS module (PR 7140)
* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
## Fixes
* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
* Fixed OCSP response message build for DTLS (PR 7671)
* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
* Added sanity check on record header with QUIC use (PR 7638)
* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
# wolfSSL Release 5.7.0 (Mar 20, 2024)
Release 5.7.0 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
NOTE: In future releases, --enable-des3 (which is disabled by default) will be insufficient in itself to enable DES3 in TLS cipher suites. A new option, --enable-des3-tls-suites, will need to be supplied in addition. This option should only be used in backward compatibility scenarios, as it is inherently insecure.
NOTE: This release switches the default ASN.1 parser to the new ASN template code. If the original ASN.1 code is preferred define `WOLFSSL_ASN_ORIGINAL` to use it. See PR #7199.
## Vulnerabilities
* [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7099
* [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)."
Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7167
* [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia).
Fixed in this GitHub pull request https://github.com/wolfSSL/wolfssl/pull/7212
## New Feature Additions
* Added --enable-experimental configure flag to gate out features that are currently experimental. Now liboqs, kyber, lms, xmss, and dual-alg-certs require the --enable-experimental flag.
### POST QUANTUM SUPPORT ADDITIONS
* Experimental framework for using wolfSSLs XMSS implementation (PR 7161)
* Experimental framework for using wolfSSLs LMS implementation (PR 7283)
* Experimental wolfSSL Kyber implementation and assembly optimizations, enabled with --enable-experimental --enable-kyber (PR 7318)
* Experimental support for post quantum dual key/signature certificates. A few known issues and sanitizer checks are in progress with this feature. Enabled with the configure flags --enable-experimental --enable-dual-alg-certs (PR 7112)
* CryptoCb support for PQC algorithms (PR 7110)
### OTHER FEATURE ADDITIONS
* The Linux kernel module now supports registration of AES-GCM, AES-XTS, AES-CBC, and AES-CFB with the kernel cryptosystem through the new --enable-linuxkm-lkcapi-register option, enabling automatic use of wolfCrypt implementations by the dm-crypt/luks and ESP subsystems. In particular, wolfCrypt AES-XTS with enable-aesni is faster than the native kernel implementation.
* CryptoCb hook to one-shot CMAC functions (PR 7059)
* BER content streaming support for PKCS7_VerifySignedData and sign/encrypt operations (PR 6961 & 7184)
* IoT-Safe SHA-384 and SHA-512 support (PR 7176)
* I/O callbacks for content and output with PKCS7 bundle sign/encrypt to reduce peak memory usage (PR 7272)
* Microchip PIC24 support and example project (PR 7151)
* AutoSAR shim layer for RNG, SHA256, and AES (PR 7296)
* wolfSSL_CertManagerUnloadIntermediateCerts API to clear intermediate certs added to certificate store (PR 7245)
* Implement SSL_get_peer_signature_nid and SSL_get_peer_signature_type_nid (PR 7236)
## Enhancements and Optimizations
* Remove obsolete user-crypto functionality and Intel IPP support (PR 7097)
* Support for RSA-PSS signatures with CRL use (PR 7119)
* Enhancement for AES-GCM use with Xilsecure on Microblaze (PR 7051)
* Support for crypto cb only build with ECC and NXP CAAM (PR 7269)
* Improve liboqs integration adding locking and init/cleanup functions (PR 7026)
* Prevent memory access before clientSession->serverRow and clientSession->serverIdx are sanitized (PR 7096)
* Enhancements to reproducible build (PR 7267)
* Update Arduino example TLS Client/Server and improve support for ESP32 (PR 7304 & 7177)
* XC32 compiler version 4.x compatibility (PR 7128)
* Porting for build on PlayStation 3 and 4 (PR 7072)
* Improvements for Espressif use; SHA HW/SW selection and use on ESP32-C2/ESP8684, wolfSSL_NewThread() type, component cmake fix, and update TLS client example for ESP8266 (PR 7081, 7173, 7077, 7148, 7240)
* Allow crypto callbacks with SHA-1 HW (PR 7087)
* Update OpenSSH port to version 9.6p1(PR 7203)
* ARM Thumb2 enhancements, AES-GCM support for GCM_SMALL, alignment fix on key, fix for ASM clobber list (PR 7291,7301,7221)
* Expand heap hint support for static memory build with more x509 functions (PR 7136)
* Improving ARMv8 ChaCha20 ASM (alignment) (PR 7182)
* Unknown extension callback wolfSSL_CertManagerSetUnknownExtCallback added to CertManager (PR 7194)
* Implement wc_rng_new_ex for use with devIDs with crypto callback (PR 7271)
* Allow reading 0-RTT data after writing 0.5-RTT data (PR 7102)
* Send alert on bad PSK binder error (PR 7235)
* Enhancements to CMake build files for use with cross compiling (PR 7188)
## Fixes
* Fix for checking result of MAC verify when no AAD is used with AES-GCM and Xilinx Xilsecure (PR 7051)
* Fix for Aria sign use (PR 7082)
* Fix for invalid `dh_ffdhe_test` test case using Intel QuickAssist (PR 7085)
* Fixes for TI AES and SHA on TM4C with HW acceleration and add full AES GCM and CCM support with TLS (PR 7018)
* Fixes for STM32 PKA use with ECC (PR 7098)
* Fixes for TLS 1.3 with crypto callbacks to offload KDF / HMAC operation (PR 7070)
* Fix include path for FSP 3.5 on Renesas RA6M4 (PR 7101)
* Siphash x64 asm fix for use with older compilers (PR 7299)
* Fix for SGX build with SP (PR 7308)
* Fix to Make it mandatory that the cookie is sent back in new ClientHello when seen in a HelloRetryRequest with (PR 7190)
* Fix for wrap around behavior with BIO pairs (PR 7169)
* OCSP fixes for parsing of response correctly when there was a revocation reason and returning correct error value with date checks (PR 7241 & 7255)
* Fix build with `NO_STDIO_FILESYSTEM` and improve checks for `XGETENV` (PR 7150)
* Fix for DTLS sequence number and cookie when downgrading DTLS version (PR 7214)
* Fix for write_dup use with chacha-poly cipher suites (PR 7206)
* Fix for multiple handshake messages in one record failing with OUT_OF_ORDER_E when downgrading from TLS 1.3 to TLS 1.2 (PR 7141)
* Fix for AES ECB build with Thumb and alignment (PR 7094)
* Fix for negotiate handshake until the end in wolfSSL_read/wolfSSL_write if hitting an edge case with want read/write (PR 7237)
# wolfSSL Release 5.6.6 (Dec 19, 2023)
Release 5.6.6 has been developed according to wolfSSL's development and QA
@ -18,7 +539,7 @@ fixed this omission in several PRs for this release.
* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
@ -672,9 +1193,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
## Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve `wc_SetCustomExtension` documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
@ -682,23 +1203,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Support for setting cipher list with bytes
* wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
* Add to RSAES-OAEP key parsing for pkcs7
* Add missing DN nid to work with PrintName()
* SP int: default to 16 bit word size when NO_64BIT defined
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading of certificate
## Fixes
* Fix for async with OCSP non-blocking in `ProcessPeerCerts`
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
@ -706,9 +1227,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@ -822,7 +1343,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
### SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
@ -1002,7 +1523,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
@ -1243,7 +1764,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
@ -1382,7 +1903,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
- SSL_SESSION_has_ticket()
- SSL_SESSION_get_ticket_lifetime_hint()
- DIST_POINT_new
- DIST_POINT_free
- DIST_POINT_free
- DIST_POINTS_free
- CRL_DIST_POINTS_free
- sk_DIST_POINT_push
@ -1545,7 +2066,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
### New Feature Additions
###### New Product

13
Docker/Dockerfile
View File

@ -3,11 +3,14 @@ FROM $DOCKER_BASE_IMAGE
USER root
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump"
ARG DEPS_TOOLS="ccache"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
@ -37,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
# Install udp/tcp-proxy
RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
# Install libbacktrace
RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump

2
Docker/Dockerfile.cross-compiler
View File

@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE
USER root
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu"
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
RUN DEBIAN_FRONTEND=noninteractive apt update \
&& apt install -y ${DEPS_TESTING} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*

33
Docker/buildAndPush.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W
docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
((NUM_FAILURES++))
fi
echo "Building wolfssl/wolfCLU:${CUR_DATE}"
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
if [ $? -ne 0 ]; then
DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
if [ $? -eq 0 ]; then
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfclu failed. Continuing"
((NUM_FAILURES++))
fi

2
Docker/run.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
echo "Running with \"${*}\"..."

10
Docker/wolfCLU/Dockerfile
View File

@ -1,9 +1,9 @@
ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu as BUILDER
FROM ubuntu AS builder
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap"
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
&& apt install -y ${DEPS_WOLFSSL} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
ARG NUM_CPU=16
@ -18,8 +18,8 @@ RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/
FROM ${DOCKER_BASE_IMAGE}
USER root
COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
RUN ldconfig
ENTRYPOINT ["/usr/local/bin/wolfssl"]
LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl

2
Docker/wolfCLU/README.md
View File

@ -1,6 +1,6 @@
This is a small container that has wolfCLU installed for quick access. To build your own run the following:
```
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
```
To run the container, you can use:

29
Docker/yocto/Dockerfile Normal file
View File

@ -0,0 +1,29 @@
FROM ubuntu
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US.UTF-8
# Add in non-root user
ENV UID_OF_DOCKERUSER 1000
RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
USER dockerUser
RUN cd /opt && git clone git://git.yoctoproject.org/poky
WORKDIR /opt/poky
ARG YOCTO_VERSION=kirkstone
RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
# This arg is to be able to force a rebuild starting from this line
ARG DUMMY=date
RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
/bin/bash -c "source oe-init-build-env" && \
echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"

27
Docker/yocto/buildAndPush.sh Executable file
View File

@ -0,0 +1,27 @@
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker/yocto
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
DOCKER_BUILD_OPTIONS="$1"
if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
for ver in kirkstone langdale scarthgap; do
echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
else
echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
((NUM_FAILURES++))
fi
done
echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

49
IDE/ARDUINO/Arduino_README_prepend.md Normal file
View File

@ -0,0 +1,49 @@
# Arduino wolfSSL Library
This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
## wolfSSL Configuration
As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## wolfSSL Examples
Additional wolfSSL examples can be found at:
- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
- https://github.com/wolfSSL/wolfssl/tree/master/examples
- https://github.com/wolfSSL/wolfssl-examples/
## Arduino Releases
This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

205
IDE/ARDUINO/README.md
View File

@ -1,30 +1,109 @@
### wolfSSL with Arduino
# wolfSSL with Arduino
##### Reformatting wolfSSL as a compatible Arduino Library
This is a shell script that will re-organize the wolfSSL library to be
compatible with Arduino projects that use Arduino IDE 1.5.0 or newer.
The Arduino IDE requires a library's source files to be in the library's root
directory with a header file in the name of the library. This script moves all
src/ files to the `IDE/ARDUINO/wolfSSL/src` directory and creates a stub header
file called `wolfssl.h` inside that directory.
See the [example sketches](./sketches/README.md):
Step 1: To configure wolfSSL with Arduino, enter the following from within the
wolfssl/IDE/ARDUINO directory:
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
`./wolfssl-arduino.sh`
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
Step 2: Copy the directory wolfSSL that was just created to:
`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
## Getting Started
Step 3: Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
```
## Using wolfSSL from the Arduino IDE
The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
This option will allow wolfSSL to be installed directly using the native Arduino tools.
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
The Arduino IDE requires a library's source files to be in the library's root directory with a
header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
directory and creates a stub header file called `wolfssl.h` inside that directory.
### Step 1:
To configure wolfSSL with Arduino, enter ONE of the following 4 commands
from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory
- Moves that directory to the Arduino library directory:
- `$HOME/Arduino/libraries` for most bash environments
- `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- The wolfSSL library is now available from the Arduino IDE.
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`
### Step 2:
Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
Add any other custom settings, for a good start see the examples in wolfssl root
"/examples/configs/user_settings_*.h"
Add any other custom settings. For a good start see the examples in wolfssl root
"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
Step 4: If you experience any issues with custom user_settings.h see the wolfssl
### Step 3:
If you experience any issues with custom `user_settings.h` see the wolfssl
porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
Step 5: If you still have any issues contact support@wolfssl.com for more help.
If you have any issues contact support@wolfssl.com for help.
# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
1. In the Arduino IDE:
The wolfSSL library should automatically be detected when found in the `libraries`
directory.
- In `Sketch -> Include Library` choose wolfSSL for new sketches.
##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
@ -33,6 +112,90 @@ Step 5: If you still have any issues contact support@wolfssl.com for more help.
`IDE/ARDUNIO/wolfSSL` folder.
- In `Sketch -> Include Library` choose wolfSSL.
2. Open an example Arduino sketch for wolfSSL:
- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
- wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
##### wolfSSL Examples
Open an example Arduino sketch for wolfSSL:
- wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
- wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
#### Script Examples
Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
```bash
# Change to the wolfSSL Arduino IDE directory
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
# remove current Arduino wolfSSL library
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
# Install wolfSSL as an Arduino library
./wolfssl-arduino.sh INSTALL
```
Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
```
Publish wolfSSL from WSL to default Windows local library.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL
```
Test the TLS server by running a local command-line client.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./examples/client/client -h 192.168.1.43 -p 11111 -v 3
```
Build wolfSSL to include wolfSSH support to an alternate development directory.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
make
make install
```
Build wolfSSH with wolfSSL not installed to default directory.
```bash
cd /mnt/c/workspace/wolfssh-$USER
./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
make
./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
```
Test the current wolfSSL.
```bash
cd /mnt/c/workspace/wolfssl-arduino
git status
./autogen.sh
./configure --enable-all
make clean
make && make test
```
Build and run `testwolfcrypt`.
```bash
./autogen.sh
./configure --enable-all
make clean && make && ./wolfcrypt/test/testwolfcrypt
```

9
IDE/ARDUINO/include.am
View File

@ -3,6 +3,15 @@
# All paths should be given relative to the root
EXTRA_DIST+= IDE/ARDUINO/README.md
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

21
IDE/ARDUINO/keywords.txt Normal file
View File

@ -0,0 +1,21 @@
# Syntax Coloring Map For wolfSSL
# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
#
# Be sure to use tabs, not spaces. This might help:
# tr ' ' '\t' < keywords1.txt > keywords.txt
#=============================================
# Datatypes (KEYWORD1)
#=============================================
#=============================================
# Methods and Functions (KEYWORD2)
#=============================================
wolfSSL_SetIORecv KEYWORD1
#=============================================
# Instances (KEYWORD2)
#=============================================
ctx KEYWORD2

9
IDE/ARDUINO/library.properties.template Normal file
View File

@ -0,0 +1,9 @@
name=wolfssl
version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
author=wolfSSL Inc.
maintainer=wolfSSL inc <support@wolfssl.com>
sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
category=Communication
url=https://www.wolfssl.com/
architectures=*

34
IDE/ARDUINO/sketches/README.md Normal file
View File

@ -0,0 +1,34 @@
# wolfSSL Arduino Examples
There are currently two example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Using wolfSSL
The typical include will look something like this:
```
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `configh.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
#include <wolfssl/version.h>
```
For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

22
IDE/ARDUINO/sketches/wolfssl_client/README.md Normal file
View File

@ -0,0 +1,22 @@
# Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```

971
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

File diff suppressed because it is too large Load Diff

134
IDE/ARDUINO/sketches/wolfssl_server/README.md Normal file
View File

@ -0,0 +1,134 @@
# Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client
See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
connect with the `client` executable:
```
./examples/client/client -h 192.168.1.38 -p 11111 -v 3
```
## wolfSSL Error -308 wolfSSL_connect error state on socket
When using a wired Ethernet connection, and this error is encountered, simply
press the reset button or power cycle the Arduino before making a connection.
Here's one possible script to test the server from a command-line client:
```bash
#!/usr/bin/env bash
echo "client log " > client_log.txt
counter=1
THIS_ERR=0
while [ $THIS_ERR -eq 0 ]; do
./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
THIS_ERR=$?
if [ $? -ne 0 ]; then
echo "Failed!"
exit 1
fi
echo "Iteration $counter"
echo "Iteration $counter" >> client_log.txt
((counter++))
done
```
Output expected from the `client` command:
```
$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
Alternate cert chain used
issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
altname = example.com
altname = 127.0.0.1
serial number:01
SSL version is TLSv1.2
SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
SSL curve name is SECP256R1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
DMa5hrjJBMNRN9JP
-----END CERTIFICATE-----
Session timeout set to 500 seconds
Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
SSL-Session:
Protocol : TLSv1.2
Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
Session-ID-ctx:
Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
TLS session ticket: NONE
Start Time: 1705533296
Timeout : 500 (sec)
Extended master secret: no
I hear you fa shizzle!
```
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
```text
c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
collect2.exe: error: ld returned 1 exit status
exit status 1
Compilation error: exit status 1
```
Try cleaning the Arduino cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```
Remove all other boards from other serial ports, leaving one the one being programmed.

920
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@ -1,6 +1,6 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -19,161 +19,829 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
#include <wolfssl.h>
#include <wolfssl/ssl.h>
#include <Ethernet.h>
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
#define USE_CERT_BUFFERS_256
#include <wolfssl/certs_test.h>
2) Espressif ESP32 WiFi
#ifdef NO_WOLFSSL_SERVER
#error Please undefine NO_WOLFSSL_SERVER for this example
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
const int port = 11111; /* port to listen on */
#define BROADCAST_ADDRESS "255.255.255.255"
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
EthernetServer server(port);
EthernetClient client;
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
void setup() {
int err;
WOLFSSL_METHOD* method;
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
Serial.begin(9600);
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
method = wolfTLSv1_2_server_method();
if (method == NULL) {
Serial.println("unable to get method");
return;
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println("unable to get ctx");
return;
}
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* initialize wolfSSL using callback functions */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
/* setup the private key and certificate */
err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256,
sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
if (err != WOLFSSL_SUCCESS) {
Serial.println("error setting key");
return;
}
err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256,
sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
if (err != WOLFSSL_SUCCESS) {
Serial.println("error setting certificate");
return;
}
/* we expect our IP address from DHCP */
/* Start the server */
server.begin();
return;
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
int sent = 0;
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
sent = client.write((byte*)msg, sz);
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
return sent;
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
void loop() {
int err = 0;
int input = 0;
char errBuf[80];
char reply[80];
int replySz = 0;
const char* cipherName;
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
/* Listen for incoming client requests. */
client = server.available();
if (!client) {
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
}
} /* Arduino setup */
if (client.connected()) {
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
Serial.println("Client connected");
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
return;
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
err = wolfSSL_accept(ssl);
if (err != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
Serial.print("SSL version is ");
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
/* wait for data */
while (!client.available()) {}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
} else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
} else {
Serial.println();
}
}
/* echo data */
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
}
client.stop();
Serial.println("Connection complete");
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

3
IDE/ARDUINO/sketches/wolfssl_version/README.md Normal file
View File

@ -0,0 +1,3 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.

55
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino Normal file
View File

@ -0,0 +1,55 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

374
IDE/ARDUINO/wolfssl-arduino.sh
View File

@ -2,19 +2,134 @@
# this script will reformat the wolfSSL source code to be compatible with
# an Arduino project
# run as bash ./wolfssl-arduino.sh
# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
#
# ./wolfssl-arduino.sh
# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
# If successfully built, and the INSTALL option is used, tis directory
# is then moved to the target.
#
# ./wolfssl-arduino.sh INSTALL
# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
#
# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
#
# To ensure a pristine build, the directory must not exist.
#
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
ROOT_DIR="/wolfssl"
# The Arduino Version will initially have a suffix appended during fine tuning stage.
WOLFSSL_VERSION_ARUINO_SUFFIX=""
# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
# Do not set to empty string, as copy will fail with this: CP_CMD=""
# CP_CMD="cp -v "
CP_CMD="cp "
# Specify the executable shell checker you want to use:
MY_SHELLCHECK="shellcheck"
# There are special circumstances to publish to GitHub repository.
# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
#
# Unlike a local Arduino library that requires a clean directory,
# we'll allow extra files, overwrites, etc.
#
# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
THIS_INSTALL_IS_GITHUB="false"
# Check if the executable is available in the PATH
if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
# Run your command here
shellcheck "$0" || exit 1
else
echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
fi
if ! [ "$CP_CMD" = "cp " ]; then
if [ "$CP_CMD" = "cp -v" ]; then
echo "Copy verbose mode"
else
echo "ERROR: Copy mode not supported: $CP_CMD"
exit 1
fi
fi
if [ "$ROOT_DIR" = "" ]; then
echo "ERROR: ROOT_DIR cannot be blank"
exit 1
fi
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
current_path="$(pwd)"
pattern="/mnt/?"
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
if [ $# -gt 0 ]; then
THIS_OPERATION="$1"
if [ "$THIS_OPERATION" = "INSTALL" ]; then
THIS_INSTALL_DIR=$2
if [ "$THIS_INSTALL_DIR" = "/" ]; then
echo "ERROR: THIS_INSTALL_DIR cannot be /"
exit 1
fi
echo "Install is active."
if [ "$THIS_INSTALL_DIR" = "" ]; then
if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
echo "A new directory needs to be created to ensure there are no stray files"
echo "Please delete or move the directory and try again."
exit 1
fi
else
echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub root repository."
THIS_INSTALL_IS_GITHUB="true"
else
echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
fi
fi
else
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
fi
ROOT_DIR="/wolfSSL"
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
WOLFSSL_VERSION="5.6.4"
# TOP indicates the file directory comes from the top level of the wolfssl repo
# TOP indicates the file directory for top level of the wolfssl repository.
TOP_DIR="../.."
WOLFSSL_SRC_TOP="${TOP_DIR}/src"
WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
@ -24,122 +139,205 @@ WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
# TODO: Parse version number
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
fi
echo ""
THIS_DIR=${PWD##*/}
DIR=${PWD##*/}
if [ "$DIR" = "ARDUINO" ]; then
if [ ! -d ".${ROOT_DIR}" ]; then
mkdir .${ROOT_DIR}
if [ "$THIS_DIR" = "ARDUINO" ]; then
# mkdir ./wolfssl
if [ -d ".${ROOT_DIR}" ]; then
echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
exit 1
else
echo "Step 01: mkdir .${ROOT_DIR}"
mkdir ."${ROOT_DIR}"
fi
# mkdir ./wolfssl/src
if [ ! -d ".${ROOT_SRC_DIR}" ]; then
mkdir .${ROOT_SRC_DIR}
echo "Step 02: mkdir .${ROOT_SRC_DIR}"
mkdir ."${ROOT_SRC_DIR}"
fi
# mkdir ./wolfssl/src/wolfssl
if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
mkdir .${WOLFSSL_HEADERS}
echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
mkdir ."${WOLFSSL_HEADERS}"
fi
cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}
# cp ../../wolfssl/*.h ./wolfssl/src/wolfssl
echo "Step 04: cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}"
$CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
mkdir .${WOLFCRYPT_HEADERS}
# mkdir ./wolfssl/src/wolfssl/wolfcrypt
echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}/port"
mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
fi
cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}
# cp ../../wolfssl/wolfcrypt/*.h ./wolfssl/src/wolfssl/wolfcrypt
echo "Step 06: cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}"
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h ."${WOLFCRYPT_HEADERS}" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h ."${WOLFCRYPT_HEADERS}/port/atmel" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif" || exit 1
# Add in source files to wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
mkdir .${WOLFCRYPT_ROOT}
# mkdir ./wolfssl/src/wolfcrypt
echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
mkdir ."${WOLFCRYPT_ROOT}"
fi
# mkdir ./wolfssl/src/wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
mkdir .${WOLFCRYPT_SRC}
echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"/port
mkdir ."${WOLFCRYPT_SRC}"/port/atmel
mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
fi
cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}
# cp ../../wolfcrypt/src/*.c ./wolfssl/src/wolfcrypt/src
echo "Step 09: cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}"
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c ."${WOLFCRYPT_SRC}" || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c ."${WOLFCRYPT_SRC}"/port/atmel || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
# Add in source files to top level src folders
if [ ! -d ".${WOLFSSL_SRC}" ]; then
mkdir .${WOLFSSL_SRC}
# mkdir ./wolfssl/src/src
echo "Step 10: mkdir .${WOLFSSL_SRC}"
mkdir ."${WOLFSSL_SRC}"
fi
cp ${WOLFSSL_SRC_TOP}/*.c .${WOLFSSL_SRC}
$CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}" || exit 1
# put bio and evp as includes
cp .${WOLFSSL_SRC}/bio.c .${WOLFSSL_HEADERS}
cp .${WOLFCRYPT_SRC}/evp.c .${WOLFSSL_HEADERS}
$CP_CMD ."${WOLFSSL_SRC}"/bio.c ."${WOLFSSL_HEADERS}" || exit 1
$CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}" || exit 1
# make a copy of evp.c and bio.c for ssl.c to include inline
cp .${WOLFSSL_HEADERS}/evp.c .${WOLFCRYPT_SRC}/evp.c
cp .${WOLFSSL_HEADERS}/bio.c .${WOLFCRYPT_SRC}/bio.c
$CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c || exit 1
$CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c || exit 1
# copy openssl compatibility headers to their appropriate location
if [ ! -d ".${OPENSSL_DIR}" ]; then
mkdir .${OPENSSL_DIR}
mkdir ."${OPENSSL_DIR}"
fi
cp ${OPENSSL_DIR_TOP}/* .${OPENSSL_DIR}
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
cat > .${ROOT_SRC_DIR}/wolfssl.h <<EOF
/* Generated wolfSSL header file for Arduino */
#include <user_settings.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
EOF
echo "Copy examples...."
# Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
# Creates user_settings file if one does not exist
if [ ! -f ".${ROOT_SRC_DIR}/user_settings.h" ]; then
cat > .${ROOT_SRC_DIR}/user_settings.h <<EOF
/* Generated wolfSSL user_settings.h file for Arduino */
#ifndef ARDUINO_USER_SETTINGS_H
#define ARDUINO_USER_SETTINGS_H
/* Platform */
#define WOLFSSL_ARDUINO
/* Math library (remove this to use normal math)*/
#define USE_FAST_MATH
#define TFM_NO_ASM
#define NO_ASN_TIME
/* When using Intel Galileo Uncomment the line below */
/* #define INTEL_GALILEO */
/* RNG DEFAULT !!FOR TESTING ONLY!! */
/* comment out the error below to get started w/ bad entropy source
* This will need fixed before distribution but is OK to test with */
#error "needs solved, see: https://www.wolfssl.com/docs/porting-guide/"
#define WOLFSSL_GENSEED_FORTEST
#endif /* ARDUINO_USER_SETTINGS_H */
EOF
fi
cp .${WOLFCRYPT_HEADERS}/settings.h .${WOLFCRYPT_HEADERS}/settings.h.bak
cat > .${WOLFCRYPT_HEADERS}/settings.h <<EOF
/*wolfSSL Generated ARDUINO settings */
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif /* WOLFSSL_USER_SETTINGS */
/*wolfSSL Generated ARDUINO settings: END */
EOF
cat .${WOLFCRYPT_HEADERS}/settings.h.bak >> .${WOLFCRYPT_HEADERS}/settings.h
#Creating library.properties file based off of:
#https://arduino.github.io/arduino-cli/0.35/library-specification/#libraryproperties-file-format
cat > .${ROOT_DIR}/library.properties <<EOF
name=wolfSSL
version=${WOLFSSL_VERSION}
author=wolfSSL inc
maintainer=wolfSSL inc <support@wolfssl.com>
sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
category=Communication
url=https://www.wolfssl.com/
architectures=*
EOF
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
fi
# At this point, the library is complete, but we need some additional files.
#
# optional diagnostics:
# echo ".${ROOT_DIR}"
# echo "${TOP_DIR}"
# echo "cp ${TOP_DIR}/README.md .${ROOT_DIR}/"
# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
# file as PREPENDED_README.md, then copy that to the publish directory
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
sed -i.backup s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
# cat library.properties.tmp
# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
echo "Step 11: Final root file copy"
$CP_CMD PREPENDED_README.md ."${ROOT_DIR}"/README.md || exit 1
$CP_CMD library.properties.tmp ."${ROOT_DIR}"/library.properties || exit 1
$CP_CMD "${TOP_DIR}"/"LICENSING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"README" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"COPYING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"ChangeLog.md" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".gitignore" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "keywords.txt" ."${ROOT_DIR}"/ || exit 1
echo "Step 12: Workspace to publish:"
echo ""
head -n 3 PREPENDED_README.md
echo ""
ls ./wolfssl -al
echo ""
# Optionally install to a separate directory.
# Note we should have exited above if a problem was encountered,
# as we'll never want to install a bad library.
if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
# Show the user_settings.h revision string:
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Installing to local directory:"
if [ "$THIS_INSTALL_DIR" = "" ]; then
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
else
echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
mkdir -p "$THIS_INSTALL_DIR" || exit 1
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
fi
fi
fi
echo "Done!"

47
IDE/ARDUINO/wolfssl.h Normal file
View File

@ -0,0 +1,47 @@
/* wolfssl.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must be listed before any other wolfSSL include.
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};

4
IDE/AURIX/Cpu0_Main.c
View File

@ -1,6 +1,6 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);

2
IDE/AURIX/README.md
View File

@ -9,7 +9,7 @@ Tested Platform:
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.

2
IDE/AURIX/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/wolf_main.c
View File

@ -1,6 +1,6 @@
/* wolf_main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

7
IDE/CRYPTOCELL/main.c
View File

@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -18,8 +18,8 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
@ -63,4 +63,3 @@ int main(void)
return 0;
}

3
IDE/CRYPTOCELL/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -401,6 +401,7 @@ extern "C" {
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
/* Note2: XFREE(NULL) must be properly handled */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@ -1,6 +1,6 @@
/* deos_malloc.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

4
IDE/ECLIPSE/DEOS/deos_wolfssl/.project
View File

@ -240,9 +240,9 @@
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c</locationURI>
</link>
<link>
<name>wolfcrypt/src/fe_x25519_128.i</name>
<name>wolfcrypt/src/fe_x25519_128.h</name>
<type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.i</locationURI>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.h</locationURI>
</link>
<link>
<name>wolfcrypt/src/fp_mont_small.i</name>

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@ -1,6 +1,6 @@
/* tls_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

Some files were not shown because too many files have changed in this diff Show More