* Fixed some build configuration variations.

* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.

examples/client/client.c

@@ -3662,7 +3662,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         }
     }
 
-#ifdef HAVE_CRL
+#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
     if (disableCRL == 0 && !useVerifyCb) {
     #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT)
         wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC);
@@ -4273,7 +4273,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         }
 #endif
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
         if (flatSession) {
             const byte* constFlatSession = flatSession;
             session = wolfSSL_d2i_SSL_SESSION(NULL,
@@ -4283,7 +4284,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
         wolfSSL_set_session(sslResume, session);
 
-#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE)
+#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \
+        defined(HAVE_EXT_CACHE))
         if (flatSession) {
             XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         }

examples/configs/user_settings_all.h

@@ -50,22 +50,30 @@ extern "C" {
 #define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */
 #define WOLFSSL_HAVE_CERT_SERVICE
 #define WOLFSSL_JNI
-#define WOLFSSL_SEP
+#define WOLFSSL_SEP /* certificate policy set extension */
 #define WOLFCRYPT_HAVE_SRP
 #define WOLFSSL_HAVE_WOLFSCEP
 #define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */
 #define HAVE_PKCS7
-#define WOLFSSL_MULTI_ATTRIB
-#define WOLFSSL_DER_LOAD
-#define ASN_BER_TO_DER /* BER to DER support */
 #define WOLFSSL_SIGNER_DER_CERT
+#define WOLFSSL_TRUST_PEER_CERT
+#define WOLFSSL_SYS_CA_CERTS /* Enable ability to load CA certs from OS */
+#define WOLFSSL_WOLFSSH
+#define WC_NO_ASYNC_THREADING
 //#define HAVE_THREAD_LS /* DG Commented: Thread local storage - may not be portable */
 //#define WOLFSSL_AEAD_ONLY /* automatically set if TLS v1.3 only, but can be enabled for TLS v1.2 manually */
 
 /* TLS Features */
-#define WOLFSSL_DTLS
 #define WOLFSSL_TLS13
 #define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */
+#define WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE
+
+/* DTLS */
+#define WOLFSSL_DTLS
+#define WOLFSSL_MULTICAST
+
+/* DTLS v1.3 is not yet included with enable-all */
+//#define WOLFSSL_DTLS13
 
 /* DG Disabled SSLv3 and TLSv1.0 - should avoid using */
 //#define WOLFSSL_ALLOW_SSLV3
@@ -80,9 +88,17 @@ extern "C" {
 #define HAVE_MAX_FRAGMENT
 #define HAVE_TRUNCATED_HMAC
 #define HAVE_SESSION_TICKET
+#define WOLFSSL_TICKET_HAVE_ID
+#define WOLFSSL_FORCE_CACHE_ON_TICKET
 #define HAVE_EXTENDED_MASTER
 #define HAVE_TRUSTED_CA
 #define HAVE_ENCRYPT_THEN_MAC
+#define WOLFSSL_POST_HANDSHAKE_AUTH
+#define WOLFSSL_SEND_HRR_COOKIE /* Used by DTLS v1.3 */
+#define HAVE_ANON /* anon cipher suites */
+#define HAVE_FALLBACK_SCSV /* TLS_FALLBACK_SCSV */
+#define WOLFSSL_EARLY_DATA
+#define HAVE_SERVER_RENEGOTIATION_INFO
 
 /* TLS Session Cache */
 #define SESSION_CERTS
@@ -94,6 +110,22 @@ extern "C" {
 #define WOLFSSL_CERT_GEN
 #define WOLFSSL_CERT_REQ
 #define WOLFSSL_CERT_EXT
+#define WOLFSSL_MULTI_ATTRIB
+#define HAVE_SMIME
+#define WOLFSSL_DER_LOAD
+#define ASN_BER_TO_DER /* BER to DER support */
+#define WOLFSSL_HAVE_ISSUER_NAMES /* Store pointers to issuer name components and their lengths and encodings */
+#define WOLFSSL_SUBJ_DIR_ATTR /* Enable support for SubjectDirectoryAttributes extension */
+#define WOLFSSL_SUBJ_INFO_ACC /* Enable support for SubjectInfoAccess extension */
+#define WOLFSSL_CERT_NAME_ALL /* Adds more certificate name capability at the cost of taking up more memory. Adds initials, givenname, dnQualifer for example */
+#define WOLFSSL_FPKI /* Enable support for FPKI (Federal PKI) extensions */
+#define WOLFSSL_AKID_NAME /* Enable support for full AuthorityKeyIdentifier extension. Only supports copying full AKID from an existing certificate */
+#define HAVE_CTS /* Ciphertext stealing interface */
+#define WOLFSSL_PEM_TO_DER
+#define WOLFSSL_DER_TO_PEM
+#define WOLFSSL_CUSTOM_OID
+#define HAVE_OID_ENCODING
+//#define WOLFSSL_ASN_TEMPLATE /* Not enabled yet by default */
 
 /* Certificate Revocation */
 #define HAVE_OCSP
@@ -105,11 +137,21 @@ extern "C" {
 //#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */
 
 
-/* Fast math key size 4096-bit max */
-#define USE_FAST_MATH
-#define FP_MAX_BITS 8192
+#if 1
+    /* sp_int.c */
+    #define WOLFSSL_SP_MATH_ALL
+#else
+    /* Fast math key size 4096-bit max */
+    #define USE_FAST_MATH
+#endif
 //#define HAVE___UINT128_T 1 /* DG commented: May not be portable */
 
+/* Max Sizes */
+#define RSA_MAX_SIZE 4096
+#define FP_MAX_BITS 8192
+#define SP_INT_BITS 4096
+
+
 /* Timing Resistance */
 #define TFM_TIMING_RESISTANT
 #define ECC_TIMING_RESISTANT
@@ -118,6 +160,8 @@ extern "C" {
 /* DH Key Sizes */
 #define HAVE_FFDHE_2048
 #define HAVE_FFDHE_3072
+#define WOLFSSL_DH_EXTRA /* Enable additional DH key import/export */
+#define HAVE_DH_DEFAULT_PARAMS
 
 /* ECC Features */
 #define HAVE_ECC
@@ -132,9 +176,14 @@ extern "C" {
 #define HAVE_COMP_KEY /* Compressed key support */
 #define FP_ECC /* Fixed point caching - speed repeated operations against same key */
 #define HAVE_ECC_ENCRYPT
+#define WOLFCRYPT_HAVE_ECCSI
+#define WOLFCRYPT_HAVE_SAKKE
+#define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT
 
 /* RSA */
 #define WC_RSA_PSS
+#define WOLFSSL_PSS_LONG_SALT
+#define WC_RSA_NO_PADDING
 
 /* AES */
 #define HAVE_AES_DECRYPT
@@ -142,11 +191,16 @@ extern "C" {
 #define WOLFSSL_AES_DIRECT
 #define WOLFSSL_AES_COUNTER
 #define HAVE_AESGCM
+#define GCM_TABLE_4BIT
+#define WOLFSSL_AESGCM_STREAM
 #define HAVE_AESCCM
 #define WOLFSSL_AES_OFB
 #define WOLFSSL_AES_CFB
 #define WOLFSSL_AES_XTS
 #define HAVE_AES_KEYWRAP
+#define WOLFSSL_AES_CBC_LENGTH_CHECKS
+#define WOLFSSL_USE_ALIGN
+#define WOLFSSL_AES_SIV
 
 /* Hashing */
 #define WOLFSSL_SHA224
@@ -155,29 +209,44 @@ extern "C" {
 #define WOLFSSL_SHAKE256
 #define WOLFSSL_SHA3
 #define WOLFSSL_HASH_FLAGS /* enable hash flag API's */
+#define WOLFSSL_SHAKE256
 
 /* Additional Algorithms */
 #define HAVE_HASHDRBG
 #define HAVE_CURVE25519
 #define HAVE_ED25519
+#define WOLFSSL_ED25519_STREAMING_VERIFY
 #define CURVED25519_SMALL
+#define HAVE_ED448
+#define WOLFSSL_ED448_STREAMING_VERIFY
 #define HAVE_CURVE448
 #define HAVE_POLY1305
 #define HAVE_CHACHA
+#define HAVE_XCHACHA
 #define HAVE_HKDF
 #define HAVE_X963_KDF
 #define WOLFSSL_CMAC
 #define WOLFSSL_DES_ECB
+#define HAVE_BLAKE2
+#define HAVE_BLAKE2B
+#define HAVE_BLAKE2S
+#define WOLFSSL_SIPHASH
+#define HAVE_KEYING_MATERIAL
+#define WOLFSSL_HAVE_PRF
+
 
 /* Non-Standard Algorithms (DG disabled) */
 //#define HAVE_CAMELLIA
 //#define WOLFSSL_RIPEMD
 //#define HAVE_SCRYPT
+//#define WOLFSSL_MD2
+//#define WOLFSSL_ALLOW_RC4
 
 /* Encoding */
 #define WOLFSSL_BASE16
 #define WOLFSSL_BASE64_ENCODE
 
+
 /* Openssl compatibility */
 #if 0 /* DG Disabled */
     /* Openssl compatibility API's */
@@ -192,6 +261,13 @@ extern "C" {
     #define NO_OLD_WC_NAMES
     #define NO_OLD_SSL_NAMES
     #define NO_OLD_SHA_NAMES
+    #define NO_OLD_MD5_NAME
+    #define OPENSSL_NO_EC /* macro to enable ECC in openssl */
+    #define WOLFSSL_VERBOSE_ERRORS
+    #define ERROR_QUEUE_PER_THREAD
+    #define WOLFSSL_ERROR_CODE_OPENSSL
+    #define HAVE_WOLFSSL_SSL_H 1
+    #define OPENSSL_COMPATIBLE_DEFAULTS
 
     /* Openssl compatibility application specific */
     #define WOLFSSL_LIBWEBSOCKETS
@@ -206,6 +282,9 @@ extern "C" {
     #define WOLFSSL_ASIO
     #define ASIO_USE_WOLFSSL
     #define BOOST_ASIO_USE_WOLFSSL
+    #define WOLFSSL_OPENVPN
+
+    #define NO_WOLFSSL_STUB
 #endif
 
 /* TLS static cipher support - off by default */
@@ -222,6 +301,68 @@ extern "C" {
 #endif
 
 
+/* Used to manually test disable edge cases */
+#ifdef TEST_DISABLES
+    #define NO_SESSION_CACHE
+
+    //#define NO_ECC256
+    //#define NO_ECC_KEY_EXPORT
+    //#define NO_ECC_DHE
+    //#define NO_ECC_SIGN
+    //#define NO_ECC_VERIFY
+
+    //#define NO_RSA
+    #define NO_DH
+    #define NO_DSA
+
+    #define NO_SHA
+    #define NO_SHA256
+    #ifdef NO_SHA256
+        #undef WOLFSSL_SHA224
+    #endif
+    #define NO_SHA512
+    #ifdef NO_SHA512
+        #undef WOLFSSL_SHA384
+        #undef WOLFSSL_SHA512
+        #undef HAVE_ED25519
+    #endif
+    #define NO_MD4
+    #define NO_MD5
+    //#define NO_KDF
+    //#define NO_HMAC
+
+    #define NO_RC4
+    #define NO_DES3
+    //#define NO_AES
+    #define NO_AES_CBC
+    #define WOLFSSL_NO_SHAKE128
+
+    #define NO_PSK
+    #define NO_PWDBASED
+    #define NO_OLD_TLS
+    //#define WOLFSSL_NO_TLS12
+
+    //#define NO_64BIT
+    #define WOLFSSL_SP_NO_MALLOC
+    #define NO_FILESYSTEM
+    #define NO_WRITEV
+
+    #define NO_ERROR_STRINGS
+    //#define NO_WOLFSSL_CLIENT
+    //#define NO_WOLFSSL_SERVER
+
+    #define NO_MULTIBYTE_PRINT
+    //#define NO_ASN_TIME
+    //#define NO_ASN_CRYPT
+    //#define NO_CODING
+    #define NO_SIG_WRAPPER
+    //#define NO_HASH_WRAPPER
+    //#define WC_NO_HARDEN
+
+    //#define NO_CERTS
+    //#define NO_ASN
+#endif
+
 #ifdef __cplusplus
 }
 #endif

examples/configs/user_settings_wolfboot_keytools.h

@@ -26,7 +26,7 @@
 #ifndef H_USER_SETTINGS_
 #define H_USER_SETTINGS_
 
-#include <stdint.h>
+/* #include <stdint.h> */ /* DG: Removed, not needed for testing */
 
 /* System */
 #define WOLFSSL_GENERAL_ALIGNMENT 4
@@ -35,8 +35,6 @@
 #define SIZEOF_LONG_LONG 8
 
 /* Math */
-#define WOLFSSL_SP
-#define WOLFSSL_SP_NO_3072
 #define USE_FAST_MATH
 #define FP_MAX_BITS (4096 * 2)
 #define TFM_TIMING_RESISTANT
@@ -45,10 +43,18 @@
 #define HAVE_ECC
 #define WOLFSSL_HAVE_SP_ECC
 #define ECC_TIMING_RESISTANT
+#define HAVE_ECC256
+#define HAVE_ECC384
+#define HAVE_ECC521
 
 /* ED25519 */
 #define HAVE_ED25519
-#define CURVED25519_SMALL
+/* DG: Added, since --enable-usersettings expects small version to be used */
+#define ED25519_SMALL
+
+/* ED448 */
+#define HAVE_ED448
+#define WOLFSSL_SHAKE256
 
 /* RSA */
 #define HAVE_RSA
@@ -58,14 +64,18 @@
 
 /* Hashing */
 #define WOLFSSL_SHA512 /* Required for ED25519 */
+#define WOLFSSL_SHA384
 #define WOLFSSL_SHA3
 #undef  NO_SHA256
 
 /* Chacha stream cipher */
 #define HAVE_CHACHA
 
+/* AES */
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+
 /* Disables */
-#define NO_AES
 #define NO_CMAC
 #define NO_HMAC
 #define NO_RC4
@@ -73,15 +83,16 @@
 #define NO_DH
 #define NO_DSA
 #define NO_MD4
+#define NO_RABBIT
 #define NO_MD5
 #define NO_SIG_WRAPPER
 #define NO_CERT
 #define NO_SESSION_CACHE
+#define NO_HC128
 #define NO_DES3
 #define NO_PWDBASED
 #define NO_WRITEV
 #define NO_FILESYSTEM
-//#define NO_MAIN_DRIVER
 #define NO_OLD_RNGNAME
 #define NO_WOLFSSL_DIR
 #define WOLFSSL_NO_SOCK
@@ -89,7 +100,10 @@
 #define NO_ERROR_STRINGS
 
 #define BENCH_EMBEDDED
-#define NO_CRYPT_TEST
-#define NO_CRYPT_BENCHMARK
+
+/* DG: Removed since we need it here for testing */
+/* #define NO_MAIN_DRIVER */
+/* #define NO_CRYPT_TEST */
+/* #define NO_CRYPT_BENCHMARK */
 
 #endif /* !H_USER_SETTINGS_ */

examples/server/server.c

@@ -2995,7 +2995,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #ifndef NO_HANDSHAKE_DONE_CB
         wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL);
 #endif
-#ifdef HAVE_CRL
+#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
     if (!disableCRL) {
 #ifdef HAVE_CRL_MONITOR
         crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON;
@@ -3021,8 +3021,9 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         }
 #ifndef NO_RSA
     /* All the OCSP Stapling test certs are RSA. */
-#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
-    || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
+#if !defined(NO_FILESYSTEM) && (\
+       defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
+    || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
         { /* scope start */
             const char* ca1 = "certs/ocsp/intermediate1-ca-cert.pem";
             const char* ca2 = "certs/ocsp/intermediate2-ca-cert.pem";