wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into OE8-CHECK-IN

Browse Source
This commit is contained in:
Kaleb Himes
2025-04-14 15:24:28 -06:00
committed by GitHub
parent 2d01363e57 43e68add96
commit 6b66149edb
1711 changed files with 266926 additions and 88826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.codespellexcludelines Normal file
View File

@@ -0,0 +1,18 @@
###############################################################################
# In this file, you should add the line of the file that needs to be ignored.
# The line should be exactly as it appears in the file.
###############################################################################
0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
rsource "Kconfig.tls-generic"
/* Loop over authenticated associated data AD1..ADn */
/* no easy answer [c'est la vie]. Just division */
const uint8_t* hashIn, int hashSz)
XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
\pagenumbering{alph}
DES3_KEY_SIZE = 24, /* 3 des ede */
/* functions added to support above needed, removed TOOM and KARATSUBA */

6
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -6,8 +6,10 @@ body:
- type: markdown - type: markdown
attributes: attributes:
value: > value: >
Thanks for reporting an bug. If you would prefer a private method, Thanks for reporting a bug. If you would prefer a private method,
please email support@wolfssl.com or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input - type: input
id: contact id: contact
attributes: attributes:

4
.github/ISSUE_TEMPLATE/other.yaml vendored
View File

@@ -6,7 +6,9 @@ body:
attributes: attributes:
value: > value: >
Thanks for reporting an issue. If you would prefer a private method, Thanks for reporting an issue. If you would prefer a private method,
please email support@wolfssl.com or if this is a vulnerability report please email support@wolfssl.com
instead. This is publicly viewable and not appropriate for vulnerability
reports.
- type: input - type: input
id: version id: version
attributes: attributes:

33
.github/workflows/ada.yml vendored Normal file
View File

@@ -0,0 +1,33 @@
name: WolfSSL Ada Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install gnat
run: |
sudo apt-get update
sudo apt-get install -y gnat gprbuild
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Build wolfssl Ada
working-directory: ./wolfssl/wrapper/Ada
run: |
mkdir obj
gprbuild default.gpr
gprbuild examples.gpr

3
.github/workflows/async.yml vendored
View File

@@ -23,7 +23,8 @@ jobs:
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"', '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
] ]
name: make check name: make check
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 6 timeout-minutes: 6
steps: steps:

93
.github/workflows/bind.yml vendored Normal file
View File

@@ -0,0 +1,93 @@
name: bind9 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-bind
path: build-dir.tgz
retention-days: 5
bind_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 9.18.0, 9.18.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-bind
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout bind9
uses: actions/checkout@v4
with:
repository: isc-projects/bind9
path: bind
ref: v${{ matrix.ref }}
- name: Build and test bind9
working-directory: bind
run: |
export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig
patch -p1 < $GITHUB_WORKSPACE/osp/bind9/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-wolfssl
sed -i 's/SUBDIRS = system//g' bin/tests/Makefile # remove failing tests
make -j V=1
make -j V=1 check

108
.github/workflows/cmake.yml vendored Normal file
View File

@@ -0,0 +1,108 @@
name: WolfSSL CMake Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
# pull wolfSSL
- uses: actions/checkout@master
# install cmake
- name: Install cmake
run: |
sudo apt-get update
sudo apt-get install -y cmake
# pull wolfssl
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
# build wolfssl
- name: Build wolfssl
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
-DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
-DWOLFSSL_CERTREQ:BOOL=yes -DWOLFSSL_CHACHA:STRING=yes -DWOLFSSL_CMAC:BOOL=yes \
-DWOLFSSL_CODING:BOOL=yes -DWOLFSSL_CONFIG_H:BOOL=yes -DWOLFSSL_CRL:STRING=yes \
-DWOLFSSL_CRYPTOCB:BOOL=yes -DWOLFSSL_CRYPTOCB_NO_SW_TEST:BOOL=no \
-DWOLFSSL_CRYPT_TESTS:BOOL=yes -DWOLFSSL_CRYPT_TESTS_HELP:BOOL=no \
-DWOLFSSL_CRYPT_TESTS_LIBS:BOOL=no -DWOLFSSL_CURL:BOOL=yes -DWOLFSSL_CURVE25519:STRING=yes \
-DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \
-DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \
-DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \
-DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \
-DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \
-DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \
-DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \
-DWOLFSSL_ERROR_STRINGS:BOOL=yes -DWOLFSSL_EXAMPLES:BOOL=yes -DWOLFSSL_EXPERIMENTAL:BOOL=yes \
-DWOLFSSL_EXTENDED_MASTER:BOOL=yes -DWOLFSSL_EX_DATA:BOOL=yes -DWOLFSSL_FAST_MATH:BOOL=no \
-DWOLFSSL_FILESYSTEM:BOOL=yes -DWOLFSSL_HARDEN:BOOL=yes -DWOLFSSL_HASH_DRBG:BOOL=yes \
-DWOLFSSL_HKDF:BOOL=yes -DWOLFSSL_HPKE:BOOL=yes -DWOLFSSL_HRR_COOKIE:STRING=yes \
-DWOLFSSL_INLINE:BOOL=yes -DWOLFSSL_INSTALL:BOOL=yes -DWOLFSSL_IP_ALT_NAME:BOOL=ON \
-DWOLFSSL_KEYGEN:BOOL=yes -DWOLFSSL_KEYING_MATERIAL:BOOL=ON \
-DWOLFSSL_MD4:BOOL=ON -DWOLFSSL_MD5:BOOL=yes -DWOLFSSL_MEMORY:BOOL=yes -DWOLFSSL_NO_STUB:BOOL=no \
-DWOLFSSL_OAEP:BOOL=yes -DWOLFSSL_OCSP:BOOL=yes -DWOLFSSL_OCSPSTAPLING:BOOL=ON \
-DWOLFSSL_OCSPSTAPLING_V2:BOOL=ON -DWOLFSSL_OLD_NAMES:BOOL=yes -DWOLFSSL_OLD_TLS:BOOL=yes \
-DWOLFSSL_OPENSSLALL:BOOL=yes -DWOLFSSL_OPENSSLEXTRA:BOOL=ON -DWOLFSSL_OPTFLAGS:BOOL=yes \
-DWOLFSSL_OQS:BOOL=no -DWOLFSSL_PKCALLBACKS:BOOL=yes -DWOLFSSL_PKCS12:BOOL=yes \
-DWOLFSSL_PKCS7:BOOL=yes -DWOLFSSL_POLY1305:BOOL=yes -DWOLFSSL_POSTAUTH:BOOL=yes \
-DWOLFSSL_PWDBASED:BOOL=yes -DWOLFSSL_QUIC:BOOL=yes -DWOLFSSL_REPRODUCIBLE_BUILD:BOOL=no \
-DWOLFSSL_RNG:BOOL=yes -DWOLFSSL_RSA:BOOL=yes -DWOLFSSL_RSA_PSS:BOOL=yes \
-DWOLFSSL_SESSION_TICKET:BOOL=ON -DWOLFSSL_SHA:BOOL=yes -DWOLFSSL_SHA224:BOOL=yes \
-DWOLFSSL_SHA3:STRING=yes -DWOLFSSL_SHA384:BOOL=yes -DWOLFSSL_SHA512:BOOL=yes \
-DWOLFSSL_SHAKE128:STRING=yes -DWOLFSSL_SHAKE256:STRING=yes -DWOLFSSL_SINGLE_THREADED:BOOL=no \
-DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
-DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
-DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
-DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
-DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
-DWOLFSSL_X963KDF:BOOL=yes \
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
..
cmake --build .
ctest -j $(nproc)
cmake --install .
# clean up
cd ..
rm -rf build
# Kyber Cmake broken
# -DWOLFSSL_KYBER:BOOL=yes
# build "lean-tls" wolfssl
- name: Build wolfssl with lean-tls
working-directory: ./wolfssl
run: |
mkdir build
cd build
cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \
-DWOLFSSL_LEAN_TLS:BOOL=yes \
..
cmake --build .
cmake --install .
# clean up
cd ..
rm -rf build

30
.github/workflows/codespell.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
name: Codespell test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@v2.1
with:
check_filenames: true
check_hidden: true
# Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
# The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
exclude_file: '.codespellexcludelines'
# To skip files entirely from being processed, add it to the following list:
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'

53
.github/workflows/coverity-scan-fixes.yml vendored Normal file
View File

@@ -0,0 +1,53 @@
name: Coverity Scan master branch
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 1-5'
- cron: '0 0 * * 0'
- cron: '0 12 * * 0'
jobs:
coverity:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Configure wolfSSL with enable-all M-F
if: github.event.schedule == '0 0 * * 1-5'
run: |
./autogen.sh
./configure --enable-all
- name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
if: github.event.schedule == '0 0 * * 0'
run: |
./autogen.sh
./configure --enable-all --enable-smallstack
- name: Configure wolfSSL with bigendian Sun at 12:00
if: github.event.schedule == '0 12 * * 0'
run: |
./autogen.sh
./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
- name: Check secrets
env:
token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
token_len=${#token_var}
echo "$token_len"
email_len=${#email_var}
echo "$email_len"
- uses: vapier/coverity-scan-action@v1
with:
build_language: 'cxx'
project: "wolfSSL/wolfssl"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
command: "make"

11
.github/workflows/curl.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -38,7 +39,8 @@ jobs:
test_curl: test_curl:
name: ${{ matrix.curl_ref }} name: ${{ matrix.curl_ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 15 timeout-minutes: 15
needs: build_wolfssl needs: build_wolfssl
@@ -50,8 +52,7 @@ jobs:
- name: Install test dependencies - name: Install test dependencies
run: | run: |
sudo apt-get update sudo apt-get update
sudo apt-get install nghttp2 libpsl5 libpsl-dev sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
sudo pip install impacket
- name: Download lib - name: Download lib
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
@@ -72,4 +73,4 @@ jobs:
- name: Test curl - name: Test curl
working-directory: curl working-directory: curl
run: make -j test-ci run: make -j $(nproc) test-ci

6
.github/workflows/cyrus-sasl.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -46,7 +47,8 @@ jobs:
# List of releases to test # List of releases to test
ref: [ 2.1.28 ] ref: [ 2.1.28 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
needs: build_wolfssl needs: build_wolfssl

2
.github/workflows/disabled/haproxy.yml vendored
View File

@@ -20,6 +20,7 @@ jobs:
# List of refs to test # List of refs to test
ref: [ master ] ref: [ master ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Build wolfSSL - name: Build wolfSSL
@@ -57,4 +58,3 @@ jobs:
- name: Test HaProxy - name: Test HaProxy
working-directory: haproxy working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

2
.github/workflows/hitch.yml → .github/workflows/disabled/hitch.yml vendored
View File

@@ -15,6 +15,7 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-latest
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
@@ -47,6 +48,7 @@ jobs:
ignore-tests: >- ignore-tests: >-
test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest runs-on: ubuntu-latest
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4

2
.github/workflows/disabled/hostap.yml vendored
View File

@@ -22,6 +22,7 @@ jobs:
- build_id: hostap-build2 - build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
@@ -99,6 +100,7 @@ jobs:
build_id: hostap-build2 build_id: hostap-build2
} }
name: hwsim test name: hwsim test
if: github.repository_owner == 'wolfssl'
# For openssl 1.1 # For openssl 1.1
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.

41
.github/workflows/disabled/msys2.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: MSYS2 Build Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
msys2:
runs-on: windows-latest
defaults:
run:
shell: msys2 {0}
strategy:
fail-fast: false
matrix:
include:
- { sys: ucrt64, compiler: mingw-w64-ucrt-x86_64-gcc }
- { sys: mingw64, compiler: mingw-w64-x86_64-gcc }
- { sys: msys, compiler: gcc }
steps:
- uses: actions/checkout@v3
- uses: msys2/setup-msys2@v2
with:
msystem: ${{ matrix.sys }}
update: true
install: git ${{matrix.compiler}} autotools base-devel autoconf netcat
- name: configure wolfSSL
run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
- name: build wolfSSL
run: make check
- name: Display log
if: always()
run: cat test-suite.log

15
.github/workflows/docker-Espressif.yml vendored
View File

@@ -14,7 +14,8 @@ concurrency:
jobs: jobs:
espressif_latest: espressif_latest:
name: latest Docker container name: latest Docker container
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 12 timeout-minutes: 12
container: container:
@@ -22,22 +23,24 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples - name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4: espressif_v4_4:
name: v4.4 Docker container name: v4.4 Docker container
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container: container:
image: espressif/idf:release-v4.4 image: espressif/idf:release-v4.4
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples - name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0: espressif_v5_0:
name: v5.0 Docker container name: v5.0 Docker container
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
container: container:
image: espressif/idf:release-v5.0 image: espressif/idf:release-v5.0
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples - name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh

6
.github/workflows/docker-OpenWrt.yml vendored
View File

@@ -17,7 +17,8 @@ concurrency:
jobs: jobs:
build_library: build_library:
name: Compile libwolfssl.so name: Compile libwolfssl.so
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
container: container:
@@ -40,7 +41,8 @@ jobs:
retention-days: 5 retention-days: 5
compile_container: compile_container:
name: Compile container name: Compile container
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 2 timeout-minutes: 2
needs: build_library needs: build_library

41
.github/workflows/gencertbuf.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: Test gencertbuf script
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
gencertbuf:
name: gencertbuf
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test generate wolfssl/certs_test.h
run: ./gencertbuf.pl
- name: Test wolfSSL
run: |
./autogen.sh
./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

13
.github/workflows/grpc.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
@@ -50,7 +51,8 @@ jobs:
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 30 timeout-minutes: 30
needs: build_wolfssl needs: build_wolfssl
@@ -69,6 +71,11 @@ jobs:
with: with:
name: wolf-install-grpc name: wolf-install-grpc
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir - name: untar build-dir
run: tar -xf build-dir.tgz run: tar -xf build-dir.tgz
@@ -92,7 +99,7 @@ jobs:
git submodule update --init git submodule update --init
mkdir cmake/build mkdir cmake/build
cd cmake/build cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \ cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.1 -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../.. -DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }} make -j $(nproc) ${{ matrix.tests }}

91
.github/workflows/haproxy.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: haproxy Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-haproxy
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-haproxy
path: build-dir.tgz
retention-days: 5
test_haproxy:
name: ${{ matrix.haproxy_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
haproxy_ref: [ 'v3.1.0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install libpcre2-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-haproxy
- name: untar build-dir
run: tar -xf build-dir.tgz
# check cache for haproxy if not there then download it
- name: Check haproxy cache
uses: actions/cache@v4
id: cache-haproxy
with:
path: build-dir/haproxy-${{matrix.haproxy_ref}}
key: haproxy-${{matrix.haproxy_ref}}
- name: Download haproxy if needed
if: steps.cache-haproxy.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: haproxy/haproxy
ref: ${{matrix.haproxy_ref}}
path: build-dir/haproxy-${{matrix.haproxy_ref}}
- name: Build haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
- name: Build haproxy vtest
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: ./scripts/build-vtest.sh
- name: Test haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*

66
.github/workflows/hostap-vm.yml vendored
View File

@@ -13,7 +13,7 @@ concurrency:
# END OF COMMON SECTION # END OF COMMON SECTION
env: env:
LINUX_REF: v6.6 LINUX_REF: v6.12
jobs: jobs:
build_wolfssl: build_wolfssl:
@@ -27,7 +27,8 @@ jobs:
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192 --enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls --enable-tlsv10 --enable-oldtls
name: Build wolfSSL name: Build wolfSSL
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
@@ -62,26 +63,47 @@ jobs:
path: build-dir.tgz path: build-dir.tgz
retention-days: 5 retention-days: 5
build_uml_linux: checkout_hostap:
name: Build UML (UserMode Linux) name: Checkout hostap repo
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
steps:
- name: Checking if we have hostap in cache
uses: actions/cache@v4
id: cache
with:
path: hostap
key: hostap-repo
lookup-only: true
- name: Checkout hostap
run: git clone git://w1.fi/hostap.git hostap
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: checkout_hostap
steps: steps:
- name: Checking if we have kernel in cache - name: Checking if we have kernel in cache
uses: actions/cache@v4 uses: actions/cache@v4
id: cache id: cache
with: with:
path: linux/linux path: linux/linux
key: ${{ env.LINUX_REF }} key: hostap-linux-${{ env.LINUX_REF }}
lookup-only: true lookup-only: true
- name: Checkout hostap - name: Checking if we have hostap in cache
if: steps.cache.outputs.cache-hit != 'true' if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4 uses: actions/cache/restore@v4
with: with:
repository: julek-wolfssl/hostap-mirror
path: hostap path: hostap
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout linux - name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true' if: steps.cache.outputs.cache-hit != 'true'
@@ -89,6 +111,7 @@ jobs:
with: with:
repository: torvalds/linux repository: torvalds/linux
path: linux path: linux
ref: ${{ env.LINUX_REF }}
- name: Compile linux - name: Compile linux
if: steps.cache.outputs.cache-hit != 'true' if: steps.cache.outputs.cache-hit != 'true'
@@ -139,18 +162,18 @@ jobs:
build_id: hostap-vm-build2 build_id: hostap-vm-build2
} }
name: hwsim test name: hwsim test
# For openssl 1.1 if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 45 timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux] needs: [build_wolfssl, build_uml_linux, checkout_hostap]
steps: steps:
- name: Checking if we have kernel in cache - name: Checking if we have kernel in cache
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
id: cache id: cache
with: with:
path: linux/linux path: linux/linux
key: ${{ env.LINUX_REF }} key: hostap-linux-${{ env.LINUX_REF }}
fail-on-cache-miss: true fail-on-cache-miss: true
- name: show file structure - name: show file structure
@@ -193,15 +216,19 @@ jobs:
# hostap dependencies # hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \ libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
sudo pip3 install pycryptodome sudo pip install pycryptodome
- name: Checkout hostap - name: Checking if we have hostap in cache
uses: actions/checkout@v4 uses: actions/cache/restore@v4
with: with:
repository: julek-wolfssl/hostap-mirror
path: hostap path: hostap
ref: ${{ matrix.config.hostap_ref }} key: hostap-repo
fail-on-cache-miss: true
- name: Checkout correct ref
working-directory: hostap
run: git checkout ${{ matrix.config.hostap_ref }}
- name: Update certs - name: Update certs
working-directory: hostap/tests/hwsim/auth_serv working-directory: hostap/tests/hwsim/auth_serv
@@ -286,6 +313,7 @@ jobs:
KERNELDIR=$GITHUB_WORKSPACE/linux KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host" KVMARGS="-cpu host"
EOF EOF
git config --global --add safe.directory $GITHUB_WORKSPACE/hostap
# Run tests in increments of 200 to not stall out the parallel-vm script # Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ') TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')

52
.github/workflows/intelasm-c-fallback.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
name: Dynamic C Fallback Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL with WC_C_DYNAMIC_FALLBACK and DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
run: |
./autogen.sh
randseed=$(head -c 4 /dev/urandom | od -t u4 --address-radix=n)
randseed="${randseed#"${randseed%%[![:space:]]*}"}"
echo "fuzzing seed=${randseed}"
./configure ${{ matrix.config }} CFLAGS="-DWC_DEBUG_VECTOR_REGISTERS_FUZZING_SEED=$randseed -fsanitize=leak -g -fno-omit-frame-pointer"
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

9
.github/workflows/ipmitool.yml vendored
View File

@@ -17,7 +17,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -46,9 +47,12 @@ jobs:
matrix: matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }} name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
- name: Download lib - name: Download lib
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@@ -79,4 +83,3 @@ jobs:
run: | run: |
ldd src/ipmitool | grep wolfssl ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl ldd src/ipmievd | grep wolfssl

25
.github/workflows/jwt-cpp.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -40,12 +41,17 @@ jobs:
retention-days: 5 retention-days: 5
build_pam-ipmi: build_pam-ipmi:
if: github.repository_owner == 'wolfssl'
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
ref: [ 0.6.0 ] config:
name: ${{ matrix.ref }} - ref: 0.7.0
runs-on: ubuntu-latest runner: ubuntu-22.04
- ref: 0.6.0
runner: ubuntu-22.04
name: ${{ matrix.config.ref }}
runs-on: ${{ matrix.config.runner }}
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Install dependencies - name: Install dependencies
@@ -60,6 +66,11 @@ jobs:
with: with:
name: wolf-install-jwt-cpp name: wolf-install-jwt-cpp
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir - name: untar build-dir
run: tar -xf build-dir.tgz run: tar -xf build-dir.tgz
@@ -74,14 +85,14 @@ jobs:
with: with:
repository: Thalhammer/jwt-cpp repository: Thalhammer/jwt-cpp
path: jwt-cpp path: jwt-cpp
ref: v${{ matrix.ref }} ref: v${{ matrix.config.ref }}
- name: Build pam-ipmi - name: Build pam-ipmi
working-directory: jwt-cpp working-directory: jwt-cpp
run: | run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON . cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl ldd ./build/tests/jwt-cpp-test | grep wolfssl

8
.github/workflows/krb5.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 5 timeout-minutes: 5
steps: steps:
@@ -48,7 +49,8 @@ jobs:
# List of releases to test # List of releases to test
ref: [ 1.21.1 ] ref: [ 1.21.1 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 8 timeout-minutes: 8
needs: build_wolfssl needs: build_wolfssl
@@ -90,7 +92,7 @@ jobs:
# Using rpath because LD_LIBRARY_PATH is overwritten during testing # Using rpath because LD_LIBRARY_PATH is overwritten during testing
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib" export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \ ./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit --with-spake-openssl \
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j

91
.github/workflows/libspdm.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: libspdm Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libspdm
path: build-dir.tgz
retention-days: 5
libspdm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 3.3.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libspdm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libspdm
uses: actions/checkout@v4
with:
repository: DMTF/libspdm
path: libspdm
ref: ${{ matrix.ref }}
- name: Build and test libspdm
working-directory: libspdm
run: |
patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
git submodule update --init --recursive
# Silence cmake version warnings
find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
mkdir build
cd build
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
-DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
-DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
make -j
cd ../unit_test/sample_key
../../build/bin/test_crypt
../../build/bin/test_spdm_secured_message
../../build/bin/test_spdm_crypt

15
.github/workflows/libssh2.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -43,9 +44,10 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
# List of releases to test # List of releases to test
ref: [ 1.11.0 ] ref: [ 1.11.1 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 8 timeout-minutes: 8
needs: build_wolfssl needs: build_wolfssl
@@ -68,5 +70,8 @@ jobs:
check: true check: true
- name: Confirm libssh2 built with wolfSSL - name: Confirm libssh2 built with wolfSSL
working-directory: ./libssh2 run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
run: ldd src/.libs/libssh2.so | grep wolfssl
- name: print server logs
if: ${{ failure() }}
run: tail -n +1 libssh2/tests/*.log

15
.github/workflows/libvncserver.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -43,9 +44,10 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
ref: [ 0.9.13 ] ref: [ 0.9.13, 0.9.14 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Download lib - name: Download lib
@@ -53,6 +55,11 @@ jobs:
with: with:
name: wolf-install-libvncserver name: wolf-install-libvncserver
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir - name: untar build-dir
run: tar -xf build-dir.tgz run: tar -xf build-dir.tgz
@@ -74,7 +81,7 @@ jobs:
run: | run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON . cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1 make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl ldd build/libvncserver.so | grep wolfssl

79
.github/workflows/mbedtls.sh vendored Normal file
View File

@@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -e
set -x
# Basic TLS test
./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
# Basic DTLS test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
./mbedtls/build/programs/ssl/ssl_client2 dtls=1
kill $SERVER_PID
sleep 0.1
# DTLS 1.2 CID test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1

86
.github/workflows/mbedtls.yml vendored Normal file
View File

@@ -0,0 +1,86 @@
name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
MBED_REF: v3.6.2
jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
lookup-only: true
- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls
- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
mbedtls_test:
name: Test interop with mbedtls
runs-on: ubuntu-latest
needs: build_mbedtls
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh
- name: print server logs
if: ${{ failure() }}
run: cat /tmp/server.log

6
.github/workflows/memcached.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
steps: steps:
- name: Build wolfSSL - name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1 uses: wolfSSL/actions-build-autotools-project@v1
@@ -46,7 +47,8 @@ jobs:
include: include:
- ref: 1.6.22 - ref: 1.6.22
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Download lib - name: Download lib

15
.github/workflows/mosquitto.yml vendored
View File

@@ -16,7 +16,8 @@ jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -43,7 +44,8 @@ jobs:
matrix: matrix:
ref: [ 2.0.18 ] ref: [ 2.0.18 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
needs: build_wolfssl needs: build_wolfssl
@@ -66,8 +68,7 @@ jobs:
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
sudo apt-get update sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
sudo pip install --upgrade psutil
- name: Checkout mosquitto - name: Checkout mosquitto
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -76,6 +77,12 @@ jobs:
ref: v${{ matrix.ref }} ref: v${{ matrix.ref }}
path: mosquitto path: mosquitto
- name: Update certs
run: |
cd $GITHUB_WORKSPACE/mosquitto/test/ssl
./gen.sh
cat all-ca.crt >> server.crt
- name: Configure and build mosquitto - name: Configure and build mosquitto
run: | run: |
cd $GITHUB_WORKSPACE/mosquitto/ cd $GITHUB_WORKSPACE/mosquitto/

3
.github/workflows/multi-arch.yml vendored
View File

@@ -36,7 +36,8 @@ jobs:
CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6 CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
ARCH: armel ARCH: armel
EXTRA_OPTS: --enable-sp-asm EXTRA_OPTS: --enable-sp-asm
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
steps: steps:

22
.github/workflows/multi-compiler.yml vendored
View File

@@ -21,35 +21,35 @@ jobs:
include: include:
- CC: gcc-9 - CC: gcc-9
CXX: g++-9 CXX: g++-9
OS: ubuntu-latest OS: ubuntu-24.04
- CC: gcc-10 - CC: gcc-10
CXX: g++-10 CXX: g++-10
OS: ubuntu-latest OS: ubuntu-24.04
- CC: gcc-11 - CC: gcc-11
CXX: g++-11 CXX: g++-11
OS: ubuntu-latest OS: ubuntu-24.04
- CC: gcc-12 - CC: gcc-12
CXX: g++-12 CXX: g++-12
OS: ubuntu-latest OS: ubuntu-24.04
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
- CC: clang-11 - CC: clang-11
CXX: clang++-11 CXX: clang++-11
OS: ubuntu-20.04 OS: ubuntu-22.04
- CC: clang-12 - CC: clang-12
CXX: clang++-12 CXX: clang++-12
OS: ubuntu-20.04 OS: ubuntu-22.04
- CC: clang-13 - CC: clang-13
CXX: clang++-13 CXX: clang++-13
OS: ubuntu-latest OS: ubuntu-22.04
- CC: clang-14 - CC: clang-14
CXX: clang++-14 CXX: clang++-14
OS: ubuntu-latest OS: ubuntu-24.04
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }} runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Build - name: Build
env: env:

6
.github/workflows/net-snmp.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -46,7 +47,8 @@ jobs:
- ref: 5.9.3 - ref: 5.9.3
test_opts: -e 'agentxperl' test_opts: -e 'agentxperl'
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
needs: build_wolfssl needs: build_wolfssl

6
.github/workflows/nginx.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -105,7 +106,8 @@ jobs:
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t stream_proxy_ssl_verify.t
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 6 timeout-minutes: 6
needs: build_wolfssl needs: build_wolfssl

5
.github/workflows/no-malloc.yml vendored
View File

@@ -18,10 +18,11 @@ jobs:
matrix: matrix:
config: [ config: [
# Add new configs here # Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"', '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
] ]
name: make check name: make check
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 6 timeout-minutes: 6
steps: steps:

27
.github/workflows/nss.sh vendored Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -e
set -x
# Setup nss cert db
mkdir nssdb
./dist/Debug/bin/certutil -d nssdb -N --empty-password
./dist/Debug/bin/certutil -d nssdb -A -a -i wolfssl/certs/test/server-localhost.pem \
-t TCP -n 'wolf localhost'
# App data for nss
echo Hello from nss > /tmp/in
# TLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1
# DTLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1

89
.github/workflows/nss.yml vendored Normal file
View File

@@ -0,0 +1,89 @@
name: nss interop Tests
### TODO uncomment stuff
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
NSS_REF: NSS_3_107_RTM
jobs:
build_nss:
name: Build nss
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
steps:
- name: Checking if we have nss in cache
uses: actions/cache@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
lookup-only: true
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y gyp ninja-build
- name: Checkout nss
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: nss-dev/nss
ref: ${{ env.NSS_REF }}
path: nss
- name: Compile nss
if: steps.cache.outputs.cache-hit != 'true'
run: |
hg clone https://hg.mozilla.org/projects/nspr
cd nss
./build.sh
nss_test:
name: Test interop with nss
runs-on: ubuntu-22.04
needs: build_nss
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Checking if we have nss in cache
uses: actions/cache/restore@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtls13
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/nss.sh
- name: print server logs
if: ${{ failure() }}
run: |
cat /tmp/server.log

9
.github/workflows/ntp.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -43,9 +44,10 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
# List of releases to test # List of releases to test
ref: [ 4.2.8p15 ] ref: [ 4.2.8p15, 4.2.8p17 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
needs: build_wolfssl needs: build_wolfssl
@@ -89,4 +91,3 @@ jobs:
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j make -j
make -j check make -j check

3
.github/workflows/ocsp.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs: jobs:
ocsp_stapling: ocsp_stapling:
name: ocsp stapling name: ocsp stapling
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
- name: Checkout wolfSSL - name: Checkout wolfSSL

91
.github/workflows/openldap.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openldap
path: build-dir.tgz
retention-days: 5
openldap_check:
strategy:
fail-fast: false
matrix:
include:
# List of releases to test
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
- osp_ref: 2.6.7
git_ref: OPENLDAP_REL_ENG_2_6_7
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openldap
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout openldap
uses: actions/checkout@v4
with:
repository: openldap/openldap
path: openldap
ref: ${{ matrix.git_ref }}
- name: Build and test OpenLDAP
working-directory: openldap
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
rm aclocal.m4
autoreconf -ivf
./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
-I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
-L$GITHUB_WORKSPACE/build-dir/lib"
make -j depend
make -j
make -j check

8
.github/workflows/openssh.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -26,7 +27,7 @@ jobs:
path: wolfssl path: wolfssl
configure: >- configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192 --enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm --enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true install: true
- name: tar build-dir - name: tar build-dir
@@ -47,7 +48,8 @@ jobs:
- git_ref: 'V_9_6_P1' - git_ref: 'V_9_6_P1'
osp_ver: '9.6' osp_ver: '9.6'
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Download lib - name: Download lib

50
.github/workflows/opensslcoexist.yml vendored Normal file
View File

@@ -0,0 +1,50 @@
name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
'--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
run: |
./autogen.sh || $(exit 2)
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in config.log scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

8
.github/workflows/openvpn.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -42,9 +43,10 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
# List of refs to test # List of refs to test
ref: [ release/2.6, v2.6.0, master ] ref: [ release/2.6, master ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
needs: build_wolfssl needs: build_wolfssl

35
.github/workflows/os-check.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ ubuntu-latest, macos-latest ] os: [ ubuntu-22.04, macos-latest ]
config: [ config: [
# Add new configs here # Add new configs here
'', '',
@@ -33,8 +33,18 @@ jobs:
'--enable-dtls --enable-dtls13 --enable-earlydata '--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk --enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ', CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
'--enable-ascon --enable-experimental',
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
] ]
name: make check name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 14 timeout-minutes: 14
@@ -49,12 +59,13 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ ubuntu-latest, macos-latest ] os: [ ubuntu-22.04, macos-latest ]
user-settings: [ user-settings: [
# Add new user_settings.h here # Add new user_settings.h here
'examples/configs/user_settings_all.h', 'examples/configs/user_settings_all.h',
] ]
name: make user_setting.h name: make user_setting.h
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 14 timeout-minutes: 14
@@ -70,9 +81,10 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ ubuntu-latest, macos-latest ] os: [ ubuntu-22.04, macos-latest ]
user-settings: [ user-settings: [
# Add new user_settings.h here # Add new user_settings.h here
'examples/configs/user_settings_eccnonblock.h',
'examples/configs/user_settings_min_ecc.h', 'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h', 'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h', 'examples/configs/user_settings_wolftpm.h',
@@ -80,6 +92,7 @@ jobs:
'examples/configs/user_settings_tls12.h', 'examples/configs/user_settings_tls12.h',
] ]
name: make user_setting.h (testwolfcrypt only) name: make user_setting.h (testwolfcrypt only)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 14 timeout-minutes: 14
@@ -99,8 +112,9 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
os: [ ubuntu-latest, macos-latest ] os: [ ubuntu-22.04, macos-latest ]
name: make user_setting.h (with sed) name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 14 timeout-minutes: 14
@@ -119,7 +133,12 @@ jobs:
windows_build: windows_build:
name: Windows Build Test name: Windows Build Test
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest runs-on: windows-latest
strategy:
fail-fast: false
matrix:
arch: [ x64, Win32, ARM64 ]
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 6 timeout-minutes: 6
env: env:
@@ -130,7 +149,6 @@ jobs:
# You can convert this to a build matrix if you need coverage of multiple configuration types. # You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -145,8 +163,9 @@ jobs:
working-directory: ${{env.GITHUB_WORKSPACE}} working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level). # Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}} run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run Test - if: ${{ matrix.arch != 'ARM64' }}
name: Run Test
working-directory: ${{env.GITHUB_WORKSPACE}} working-directory: ${{env.GITHUB_WORKSPACE}}
run: Release/x64/testsuite.exe run: Release/${{matrix.arch}}/testsuite.exe

19
.github/workflows/packaging.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Package wolfSSL name: Package wolfSSL
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 10 timeout-minutes: 10
steps: steps:
@@ -37,8 +38,9 @@ jobs:
- name: Build wolfSSL .deb - name: Build wolfSSL .deb
run: make deb-docker run: make deb-docker
- name: Build wolfSSL .rpm # disabled 20240919 -- broken target.
run: make rpm-docker # - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built - name: Confirm packages built
run: | run: |
@@ -47,8 +49,9 @@ jobs:
echo Did not find exactly two deb packages!!! echo Did not find exactly two deb packages!!!
exit 1 exit 1
fi fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l) # disabled 20240919 -- broken target.
if [ "$RPM_COUNT" != "4" ]; then # RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
echo Did not find exactly four rpm packages!!! # if [ "$RPM_COUNT" != "4" ]; then
exit 1 # echo Did not find exactly four rpm packages!!!
fi # exit 1
# fi

9
.github/workflows/pam-ipmi.yml vendored
View File

@@ -16,8 +16,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -46,7 +47,8 @@ jobs:
matrix: matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }} name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
needs: build_wolfssl needs: build_wolfssl
steps: steps:
- name: Install dependencies - name: Install dependencies
@@ -54,8 +56,7 @@ jobs:
# Don't prompt for anything # Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
sudo apt-get update sudo apt-get update
sudo apt-get install libpam-dev ninja-build sudo apt-get install libpam-dev ninja-build meson
sudo pip3 install meson
- name: Download lib - name: Download lib
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4

50
.github/workflows/pq-all.yml vendored Normal file
View File

@@ -0,0 +1,50 @@
name: Quantum Resistant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
echo "========================================================================"
fi
done

6
.github/workflows/rng-tools.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -45,7 +46,8 @@ jobs:
# List of releases to test # List of releases to test
ref: [ 6.16 ] ref: [ 6.16 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
needs: build_wolfssl needs: build_wolfssl

12
.github/workflows/socat.yml vendored
View File

@@ -15,7 +15,8 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
- name: Build wolfSSL - name: Build wolfSSL
@@ -37,9 +38,8 @@ jobs:
socat_check: socat_check:
strategy: if: github.repository_owner == 'wolfssl'
fail-fast: false runs-on: ubuntu-22.04
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 30 timeout-minutes: 30
needs: build_wolfssl needs: build_wolfssl
@@ -70,7 +70,7 @@ jobs:
run: | run: |
patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
autoreconf -vfi autoreconf -vfi
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
make make
- name: Run socat tests - name: Run socat tests
@@ -78,4 +78,4 @@ jobs:
run: | run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530 SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530

94
.github/workflows/softhsm.yml vendored Normal file
View File

@@ -0,0 +1,94 @@
name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-softhsm
path: build-dir.tgz
retention-days: 5
softhsm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcppunit-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-softhsm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout SoftHSMv2
uses: actions/checkout@v4
with:
repository: opendnssec/SoftHSMv2
path: softhsm
ref: ${{ matrix.ref }}
# Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
- name: Build softhsm
working-directory: softhsm
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
autoreconf -if
./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
make -j
- name: Test softhsm
working-directory: softhsm
run: make -j check

99
.github/workflows/sssd.yml vendored Normal file
View File

@@ -0,0 +1,99 @@
name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
if: github.repository_owner == 'wolfssl'
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sssd
path: build-dir.tgz
retention-days: 5
sssd_check:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-22.04
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:
LD_LIBRARY_PATH: /usr/local/lib
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
- name: Setup env
run: |
ln -s samba-4.0/ldb.h /usr/include/ldb.h
ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sssd
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test sssd
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: SSSD/sssd
ref: ${{ matrix.ref }}
path: sssd
patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
configure: >-
--without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
--without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
check: true

6
.github/workflows/stunnel.yml vendored
View File

@@ -15,8 +15,9 @@ concurrency:
jobs: jobs:
build_wolfssl: build_wolfssl:
name: Build wolfSSL name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target # Just to keep it the same as the testing target
runs-on: ubuntu-latest runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
steps: steps:
@@ -44,7 +45,8 @@ jobs:
# List of releases to test # List of releases to test
ref: [ 5.67 ] ref: [ 5.67 ]
name: ${{ matrix.ref }} name: ${{ matrix.ref }}
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 4 timeout-minutes: 4
needs: build_wolfssl needs: build_wolfssl

84
.github/workflows/watcomc.yml vendored Normal file
View File

@@ -0,0 +1,84 @@
name: Build Watcom C
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
wolfssl_watcomc_windows:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
common:
- cmake: '-G "Watcom WMake" -DCMAKE_VERBOSE_MAKEFILE=TRUE -DWOLFSSL_ASM=no -DWOLFSSL_EXAMPLES=no -DWOLFSSL_CRYPT_TESTS=no'
platform:
- title: 'Windows OW 2.0'
system: 'Windows'
image: 'windows-latest'
owimage: '2.0'
id: 'win32ow20'
cmake: '-DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'Linux OW 2.0'
system: 'Linux'
image: 'ubuntu-latest'
owimage: '2.0'
id: 'linuxow20'
cmake: '-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_PROCESSOR=x86'
- title: 'OS/2 OW 2.0'
system: 'OS2'
image: 'windows-latest'
owimage: '2.0'
id: 'os2ow20'
cmake: '-DCMAKE_SYSTEM_NAME=OS2 -DCMAKE_SYSTEM_PROCESSOR=x86'
thread:
- id: 'multi'
cmake: ''
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=MultiThreaded'
- id: 'single'
cmake: '-DWOLFSSL_SINGLE_THREADED=yes'
owcmake: '-DCMAKE_POLICY_DEFAULT_CMP0136=NEW -DCMAKE_WATCOM_RUNTIME_LIBRARY=SingleThreaded'
library:
- id: 'dll'
cmake: ''
owcmake: 'DLL'
- id: 'static'
cmake: '-DBUILD_SHARED_LIBS=no'
owcmake: ''
exclude:
- { platform: { system: 'Linux' }, library: { id: 'dll' } }
runs-on: ${{ matrix.platform.image }}
name: ${{ matrix.platform.title }} (${{ matrix.thread.id }} ${{ matrix.library.id }})
steps:
- name: Setup Open Watcom ${{ matrix.platform.owimage }}
uses: open-watcom/setup-watcom@v0
with:
version: ${{ matrix.platform.owimage }}
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Build wolfSSL
working-directory: wolfssl
shell: bash
run: |
cmake -B build ${{matrix.common.cmake}} ${{ matrix.platform.cmake }} ${{ matrix.thread.cmake }} ${{ matrix.library.cmake }} ${{ matrix.thread.owcmake }}${{ matrix.library.owcmake }}
cmake --build build
- name: Upload build errors
if: failure()
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform.id }}-${{ matrix.thread.id }}-${{ matrix.library.id }}
path: |
build/**

58
.github/workflows/win-csharp-test.yml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: Windows CSharp Build Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Debug
BUILD_PLATFORM: x64
steps:
- name: Pull wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Create FIPS stub files (autogen)
working-directory: wolfssl
run: |
echo $null >> wolfcrypt\src\fips.c
echo $null >> wolfcrypt\src\fips_test.c
echo $null >> wolfcrypt\src\wolfcrypt_first.c
echo $null >> wolfcrypt\src\wolfcrypt_last.c
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run wolfCrypt test
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfCrypt-test.exe
- name: Run wolfSSL client/server example
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

41
.github/workflows/wolfCrypt-Wconversion.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: wolfCrypt conversion warnings
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
strategy:
matrix:
config: [
# Add new configs here
'--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
'--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
]
name: build library
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Build wolfCrypt with extra type conversion warnings
run: |
./autogen.sh || $(exit 2)
echo "running ./configure ${{ matrix.config }}"
./configure ${{ matrix.config }} || $(exit 3)
make -j 4 || $(exit 4)

10
.github/workflows/zephyr.yml vendored
View File

@@ -25,7 +25,8 @@ jobs:
zephyr-sdk: 0.16.3 zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4 - zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3 zephyr-sdk: 0.16.3
runs-on: ubuntu-latest if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run. # This should be a safe limit for the tests to run.
timeout-minutes: 25 timeout-minutes: 25
steps: steps:
@@ -45,9 +46,14 @@ jobs:
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \ libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \ libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \ net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \ python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils texinfo unzip wget ovmf xz-utils
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: Install west - name: Install west
run: sudo pip install west run: sudo pip install west

17
.gitignore vendored
View File

@@ -10,6 +10,7 @@ ctaocrypt/src/src/
*.cache *.cache
.dirstamp .dirstamp
*.user *.user
!*-VS2022.vcxproj.user
configure configure
config.* config.*
!cmake/config.in !cmake/config.in
@@ -245,6 +246,7 @@ linuxkm/libwolfssl.mod.c
linuxkm/libwolfssl.lds linuxkm/libwolfssl.lds
linuxkm/module_exports.c linuxkm/module_exports.c
linuxkm/linuxkm/get_thread_size linuxkm/linuxkm/get_thread_size
*.nds
# autotools generated # autotools generated
scripts/unit.test scripts/unit.test
@@ -416,11 +418,16 @@ user_settings_asm.h
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude: # ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug /IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release /IDE/Espressif/**/sdkconfig.release
/IDE/Espressif/**/sdkconfig-debug
/IDE/Espressif/**/sdkconfig-release
# Always include Espressif makefiles (typically only used for ESP8266) # Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile !/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk !/IDE/Espressif/**/component.mk
# Ignore all the example logs
/IDE/Espressif/ESP-IDF/examples/**/logs/*
# MPLAB # MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/ /IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files /IDE/MPLABX16/wolfssl.X/.generated_files
@@ -442,6 +449,12 @@ debian/changelog
debian/control debian/control
*.deb *.deb
# Ada/Alire files
wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO # PlatformIO
/**/.pio /**/.pio
/**/.vscode/.browse.c_cpp.db* /**/.vscode/.browse.c_cpp.db*
@@ -449,3 +462,7 @@ debian/control
/**/.vscode/launch.json /**/.vscode/launch.json
/**/.vscode/ipch /**/.vscode/ipch
/**/sdkconfig.esp32dev /**/sdkconfig.esp32dev
# Autogenerated debug trace headers
wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h

1017
.wolfssl_known_macro_extras Normal file
View File

File diff suppressed because it is too large Load Diff

244
CMakeLists.txt
View File

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.") You must delete them, or cmake will refuse to work.")
endif() endif()
project(wolfssl VERSION 5.7.2 LANGUAGES C ASM) project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined # Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "") if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
# shared library versioning # shared library versioning
# increment if interfaces have been removed or changed # increment if interfaces have been removed or changed
set(WOLFSSL_LIBRARY_VERSION_FIRST 42) set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
# increment if interfaces have been added # increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 2) set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed # increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -125,12 +125,16 @@ check_function_exists("socket" HAVE_SOCKET)
check_function_exists("strftime" HAVE_STRFTIME) check_function_exists("strftime" HAVE_STRFTIME)
check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC) check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
include(CheckSymbolExists)
check_symbol_exists(isascii "ctype.h" HAVE_ISASCII)
include(CheckTypeSize) include(CheckTypeSize)
check_type_size("__uint128_t" __UINT128_T) check_type_size("__uint128_t" __UINT128_T)
check_type_size("long long" SIZEOF_LONG_LONG) check_type_size("long long" SIZEOF_LONG_LONG)
check_type_size("long" SIZEOF_LONG) check_type_size("long" SIZEOF_LONG)
check_type_size("time_t" SIZEOF_TIME_T) check_type_size("time_t" SIZEOF_TIME_T)
check_type_size("uintptr_t" HAVE_UINTPTR_T)
# By default, HAVE___UINT128_T gets defined as TRUE, # By default, HAVE___UINT128_T gets defined as TRUE,
# but we want it as 1. # but we want it as 1.
@@ -152,9 +156,14 @@ endif()
# Thread local storage # Thread local storage
include(CheckCSourceCompiles) include(CheckCSourceCompiles)
set(TLS_KEYWORDS "__thread" "__declspec(thread)") if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS) if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
set(TLS_CODE "#include <stdlib.h> list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
endif()
else()
set(TLS_KEYWORDS "__thread" "__declspec(thread)")
foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
set(TLS_CODE "#include <stdlib.h>
static void foo(void) { static void foo(void) {
static ${TLS_KEYWORD} int bar\; static ${TLS_KEYWORD} int bar\;
exit(1)\; exit(1)\;
@@ -163,21 +172,22 @@ foreach(TLS_KEYWORD IN LISTS TLS_KEYWORDS)
int main() { int main() {
return 0\; return 0\;
}" }"
) )
check_c_source_compiles(${TLS_CODE} THREAD_LS_ON) check_c_source_compiles(${TLS_CODE} THREAD_LS_ON)
if(THREAD_LS_ON) if(THREAD_LS_ON)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS") list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_THREAD_LS")
break() break()
else() else()
# THREAD_LS_ON is cached after each call to # THREAD_LS_ON is cached after each call to
# check_c_source_compiles, and the function # check_c_source_compiles, and the function
# won't run subsequent times if the variable # won't run subsequent times if the variable
# is in the cache. To make it run again, we # is in the cache. To make it run again, we
# need to remove the variable from the cache. # need to remove the variable from the cache.
unset(THREAD_LS_ON CACHE) unset(THREAD_LS_ON CACHE)
endif() endif()
endforeach() endforeach()
endif()
# TODO: AX_PTHREAD does a lot. Need to implement the # TODO: AX_PTHREAD does a lot. Need to implement the
# rest of its logic. # rest of its logic.
@@ -197,13 +207,20 @@ find_package(Threads)
# Example for map file and custom linker script # Example for map file and custom linker script
#set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"") #set(CMAKE_EXE_LINKER_FLAGS " -Xlinker -Map=output.map -T\"${CMAKE_CURRENT_SOURCE_DIR}/linker.ld\"")
message(STATUS "C Compiler ID: ${CMAKE_C_COMPILER_ID}")
if(DEFINED WARNING_C_FLAGS) if(DEFINED WARNING_C_FLAGS)
set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}") set(CMAKE_C_FLAGS "${WARNING_C_FLAGS} ${CMAKE_C_FLAGS}")
endif()
if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wx -wcd=202")
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MIN -DWOLFSSL_HAVE_MAX -DNO_WRITEV")
elseif(WIN32) elseif(WIN32)
# Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags. # Windows cl.exe does not support the -Wextra, -Wno-unused and -Werror flags.
set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}") set(CMAKE_C_FLAGS "-Wall ${CMAKE_C_FLAGS}")
else() else()
set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}") set(CMAKE_C_FLAGS "-Wall -Wextra -Wno-unused -Werror ${CMAKE_C_FLAGS}")
endif() endif()
#################################################### ####################################################
@@ -280,9 +297,7 @@ if(NOT WOLFSSL_SINGLE_THREADED)
if(CMAKE_USE_PTHREADS_INIT) if(CMAKE_USE_PTHREADS_INIT)
list(APPEND WOLFSSL_LINK_LIBS Threads::Threads) list(APPEND WOLFSSL_LINK_LIBS Threads::Threads)
set(HAVE_PTHREAD 1) set(HAVE_PTHREAD 1)
list(APPEND WOLFSSL_DEFINITIONS list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PTHREAD")
"-DHAVE_PTHREAD"
"-D_POSIX_THREADS")
endif() endif()
else() else()
list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED") list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
@@ -419,16 +434,17 @@ if(WOLFSSL_CURL)
set(WOLFSSL_MD4 "yes") set(WOLFSSL_MD4 "yes")
set(WOLFSSL_DES3 "yes") set(WOLFSSL_DES3 "yes")
set(WOLFSSL_ALPN "yes") set(WOLFSSL_ALPN "yes")
set(WOLFSSL_WOLFSSH "yes")
set(WOLFSSL_OPENSSLEXTRA "yes") set(WOLFSSL_OPENSSLEXTRA "yes")
set(WOLFSSL_CRL "yes") set(WOLFSSL_CRL "yes")
set(WOLFSSL_OCSP "yes") set(WOLFSSL_OCSP "yes")
set(WOLFSSL_OCSPSTAPLING "yes") set(WOLFSSL_OCSPSTAPLING "yes")
set(WOLFSSL_OCSPSTAPLING_V2 "yes") set(WOLFSSL_OCSPSTAPLING_V2 "yes")
# Note: OCSP sets requisite HAVE_TLS_EXTENSIONS and HAVE_CERTIFICATE_STATUS_REQUEST(_V2)
set(WOLFSSL_SNI "yes") set(WOLFSSL_SNI "yes")
set(WOLFSSL_ALT_CERT_CHAINS "yes") set(WOLFSSL_ALT_CERT_CHAINS "yes")
set(WOLFSSL_IP_ALT_NAME "yes") set(WOLFSSL_IP_ALT_NAME "yes")
set(WOLFSSL_SESSION_TICKET "yes") set(WOLFSSL_SESSION_TICKET "yes")
set(WOLFSSL_WOLFSSH "yes")
list(APPEND WOLFSSL_DEFINITIONS list(APPEND WOLFSSL_DEFINITIONS
"-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB") "-DNO_SESSION_CACHE_REF" "-DWOLFSSL_DES_ECB")
endif() endif()
@@ -556,9 +572,9 @@ add_option(WOLFSSL_OQS
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)" "Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
"no" "yes;no") "no" "yes;no")
# Kyber # ML-KEM/Kyber
add_option(WOLFSSL_KYBER add_option(WOLFSSL_MMLKEM
"Enable the wolfSSL PQ Kyber library (default: disabled)" "Enable the wolfSSL PQ ML-KEM library (default: disabled)"
"no" "yes;no") "no" "yes;no")
# Experimental features # Experimental features
@@ -607,8 +623,8 @@ if (WOLFSSL_EXPERIMENTAL)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Automatically set related requirements for Kyber:") message(STATUS "Automatically set related requirements for Kyber:")
set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT) set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT) set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT) set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT) set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT) set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
@@ -642,6 +658,16 @@ else()
endif() endif()
endif() endif()
# LMS
add_option(WOLFSSL_LMS
"Enable the wolfSSL LMS implementation (default: disabled)"
"no" "yes;no")
# XMSS
add_option(WOLFSSL_XMSS
"Enable the wolfSSL XMSS implementation (default: disabled)"
"no" "yes;no")
# TODO: - Lean PSK # TODO: - Lean PSK
# - Lean TLS # - Lean TLS
# - Low resource # - Low resource
@@ -655,8 +681,6 @@ endif()
# - Atomic user record layer # - Atomic user record layer
# - Public key callbacks # - Public key callbacks
# - Microchip/Atmel CryptoAuthLib # - Microchip/Atmel CryptoAuthLib
# - XMSS
# - LMS
# - dual-certs # - dual-certs
# AES-CBC # AES-CBC
@@ -731,7 +755,8 @@ add_option("WOLFSSL_AESCTR"
if(WOLFSSL_OPENVPN OR if(WOLFSSL_OPENVPN OR
WOLFSSL_LIBSSH2 OR WOLFSSL_LIBSSH2 OR
WOLFSSL_AESSIV) WOLFSSL_AESSIV OR
WOLFSSL_CLU)
override_cache(WOLFSSL_AESCTR "yes") override_cache(WOLFSSL_AESCTR "yes")
endif() endif()
@@ -871,7 +896,7 @@ endif()
# - SEP # - SEP
add_option("WOLFSSL_KEYGEN" add_option("WOLFSSL_KEYGEN"
"Enable key generation (default: disabled)])" "Enable key generation (default: disabled)"
"no" "yes;no") "no" "yes;no")
add_option("WOLFSSL_CERTGEN" add_option("WOLFSSL_CERTGEN"
@@ -945,13 +970,29 @@ if(WOLFSSL_ECC)
endif() endif()
endif() endif()
# TODO: - ECC custom curves # TODO: - Compressed key
# - Compressed key
# - FP ECC, fixed point cache ECC # - FP ECC, fixed point cache ECC
# - ECC encrypt # - ECC encrypt
# - PSK # - PSK
# - Single PSK identity # - Single PSK identity
# ECC custom curves
add_option("WOLFSSL_ECCCUSTCURVES"
"Enable ECC Custom Curves (default: disabled)"
"no" "yes;no;all")
if(WOLFSSL_ECCCUSTCURVES)
if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
endif()
# CURVE25519 # CURVE25519
set(WOLFSSL_CURVE25519_SMALL "no") set(WOLFSSL_CURVE25519_SMALL "no")
add_option("WOLFSSL_CURVE25519" add_option("WOLFSSL_CURVE25519"
@@ -982,7 +1023,7 @@ add_option("WOLFSSL_ED25519"
"Enable ED25519 (default: disabled)" "Enable ED25519 (default: disabled)"
"no" "yes;no") "no" "yes;no")
if(WOLFSSL_OPENSSH) if(WOLFSSL_OPENSSH OR WOLFSSL_CLU)
override_cache(WOLFSSL_ED25519 "yes") override_cache(WOLFSSL_ED25519 "yes")
endif() endif()
@@ -1112,8 +1153,7 @@ if(NOT WOLFSSL_MEMORY)
else() else()
# turn off memory cb if leanpsk or leantls on # turn off memory cb if leanpsk or leantls on
if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS) if(WOLFSSL_LEAN_PSK OR WOLFSSL_LEAN_TLS)
# but don't turn on NO_WOLFSSL_MEMORY because using own list(APPEND WOLFSSL_DEFINITIONS "-DNO_WOLFSSL_MEMORY")
override_cache(WOLFSSL_MEMORY "no")
endif() endif()
endif() endif()
@@ -1658,6 +1698,9 @@ add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no")
set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)") set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)")
add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no") add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no")
set(WOLFSSL_CLU_HELP_STRING "Enable wolfCLU options (default: disabled)")
add_option(WOLFSSL_CLU ${WOLFSSL_CLU_HELP_STRING} "no" "yes;no")
set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)") set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)")
add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no") add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no")
@@ -2002,6 +2045,25 @@ if(WOLFSSL_TPM)
override_cache(WOLFSSL_AESCFB "yes") override_cache(WOLFSSL_AESCFB "yes")
endif() endif()
if(WOLFSSL_CLU)
override_cache(WOLFSSL_CERTGEN "yes")
override_cache(WOLFSSL_CERTREQ "yes")
override_cache(WOLFSSL_CERTEXT "yes")
override_cache(WOLFSSL_MD5 "yes")
override_cache(WOLFSSL_AESCTR "yes")
override_cache(WOLFSSL_KEYGEN "yes")
override_cache(WOLFSSL_OPENSSLALL "yes")
override_cache(WOLFSSL_ED25519 "yes")
override_cache(WOLFSSL_SHA512 "yes")
override_cache(WOLFSSL_DES3 "yes")
override_cache(WOLFSSL_PKCS7 "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES")
# Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available
list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL")
# Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled
list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3")
endif()
if(WOLFSSL_AESCFB) if(WOLFSSL_AESCFB)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB") list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB")
endif() endif()
@@ -2261,6 +2323,18 @@ if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
endif() endif()
endif() endif()
add_option("WOLFSSL_KEYLOG_EXPORT"
"Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)"
"no" "yes;no")
if(WOLFSSL_KEYLOG_EXPORT)
message(WARNING "Keylog export enabled -- Sensitive key data will be stored insecurely.")
list(APPEND WOLFSSL_DEFINITIONS
"-DSHOW_SECRETS"
"-DHAVE_SECRET_CALLBACK"
"-DWOLFSSL_SSLKEYLOGFILE"
"-DWOLFSSL_KEYLOG_EXPORT_WARNED")
endif()
file(REMOVE ${OPTION_FILE}) file(REMOVE ${OPTION_FILE})
@@ -2391,17 +2465,24 @@ target_include_directories(wolfssl
target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS}) target_link_libraries(wolfssl PUBLIC ${WOLFSSL_LINK_LIBS})
if(WIN32) if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
# For Windows link ws2_32 if(CMAKE_SYSTEM_NAME STREQUAL "Windows")
target_link_libraries(wolfssl PUBLIC ws2_32 crypt32)
endif()
elseif (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "^MSYS" OR ${CMAKE_SYSTEM_NAME} MATCHES "^MINGW")
# For Windows link required libraries
message("Building on Windows/MSYS/MINGW")
target_link_libraries(wolfssl PUBLIC target_link_libraries(wolfssl PUBLIC
$<$<PLATFORM_ID:Windows>:ws2_32 crypt32>) ws2_32 crypt32 advapi32)
elseif(APPLE) elseif(APPLE)
message("Building on Apple")
if(WOLFSSL_SYS_CA_CERTS) if(WOLFSSL_SYS_CA_CERTS)
target_link_libraries(wolfssl PUBLIC target_link_libraries(wolfssl PUBLIC
${CORE_FOUNDATION_FRAMEWORK} ${CORE_FOUNDATION_FRAMEWORK}
${SECURITY_FRAMEWORK}) ${SECURITY_FRAMEWORK})
endif() endif()
else() else()
message("Building on Linux (or other)")
if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST) if(WOLFSSL_DH AND NOT WOLFSSL_DH_CONST)
# DH requires math (m) library # DH requires math (m) library
target_link_libraries(wolfssl target_link_libraries(wolfssl
@@ -2458,7 +2539,9 @@ if(WOLFSSL_EXAMPLES)
add_executable(tls_bench add_executable(tls_bench
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c) ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)
target_link_libraries(tls_bench wolfssl) target_link_libraries(tls_bench wolfssl)
target_link_libraries(tls_bench Threads::Threads) if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(tls_bench Threads::Threads)
endif()
set_property(TARGET tls_bench set_property(TARGET tls_bench
PROPERTY RUNTIME_OUTPUT_DIRECTORY PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/benchmark) ${WOLFSSL_OUTPUT_BASE}/examples/benchmark)
@@ -2467,19 +2550,65 @@ if(WOLFSSL_EXAMPLES)
# Build unit tests # Build unit tests
add_executable(unit_test add_executable(unit_test
tests/api.c tests/api.c
tests/hash.c tests/api/test_md2.c
tests/api/test_md4.c
tests/api/test_md5.c
tests/api/test_sha.c
tests/api/test_sha256.c
tests/api/test_sha512.c
tests/api/test_sha3.c
tests/api/test_blake2.c
tests/api/test_sm3.c
tests/api/test_ripemd.c
tests/api/test_hash.c
tests/api/test_hmac.c
tests/api/test_cmac.c
tests/api/test_des3.c
tests/api/test_chacha.c
tests/api/test_poly1305.c
tests/api/test_chacha20_poly1305.c
tests/api/test_camellia.c
tests/api/test_arc4.c
tests/api/test_rc2.c
tests/api/test_aes.c
tests/api/test_ascon.c
tests/api/test_sm4.c
tests/api/test_wc_encrypt.c
tests/api/test_random.c
tests/api/test_wolfmath.c
tests/api/test_rsa.c
tests/api/test_dsa.c
tests/api/test_dh.c
tests/api/test_ecc.c
tests/api/test_sm2.c
tests/api/test_curve25519.c
tests/api/test_ed25519.c
tests/api/test_curve448.c
tests/api/test_ed448.c
tests/api/test_mlkem.c
tests/api/test_mldsa.c
tests/api/test_signature.c
tests/api/test_dtls.c
tests/api/test_ocsp.c
tests/api/test_evp.c
tests/api/test_tls_ext.c
tests/srp.c tests/srp.c
tests/suites.c tests/suites.c
tests/w64wrapper.c tests/w64wrapper.c
tests/unit.c tests/unit.c
tests/quic.c tests/quic.c
tests/utils.c
testsuite/utils.c
examples/server/server.c examples/server/server.c
examples/client/client.c) examples/client/client.c
wolfcrypt/test/test.c)
target_include_directories(unit_test PRIVATE target_include_directories(unit_test PRIVATE
${CMAKE_CURRENT_BINARY_DIR}) ${CMAKE_CURRENT_BINARY_DIR})
target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER") target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER")
target_link_libraries(unit_test wolfssl) target_link_libraries(unit_test wolfssl)
target_link_libraries(unit_test Threads::Threads) if(CMAKE_USE_PTHREADS_INIT)
target_link_libraries(unit_test Threads::Threads)
endif()
set_property(TARGET unit_test set_property(TARGET unit_test
PROPERTY RUNTIME_OUTPUT_DIRECTORY PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/tests/) ${WOLFSSL_OUTPUT_BASE}/tests/)
@@ -2729,14 +2858,17 @@ if(WOLFSSL_INSTALL)
set(includedir "\${prefix}/include") set(includedir "\${prefix}/include")
set(VERSION ${PROJECT_VERSION}) set(VERSION ${PROJECT_VERSION})
# Setting libm in Libs.private of wolfssl.pc. if(CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom")
# See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
list(FIND _wolfssl_dep_libs m _dep_libm)
if ("${_dep_libm}" GREATER -1)
set(LIBM -lm)
else() else()
set(LIBM) # Setting libm in Libs.private of wolfssl.pc.
# See "Link Libraries" in above about `m` insertion to LINK_LIBRARIES
get_target_property(_wolfssl_dep_libs wolfssl LINK_LIBRARIES)
list(FIND _wolfssl_dep_libs m _dep_libm)
if ("${_dep_libm}" GREATER -1)
set(LIBM -lm)
else()
set(LIBM)
endif()
endif() endif()
configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY) configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)

321
ChangeLog.md
View File

@@ -1,3 +1,322 @@
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
# wolfSSL Release 5.7.4 (Oct 24, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate
verification behaved differently in wolfSSL than OpenSSL, in the
X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
Previously, in cases where an application explicitly loaded an intermediate
certificate, wolfSSL was verifying only up to that intermediate certificate,
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
* Add support for (DevkitPro)libnds (PR 7990)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
* Add port for init sssd (PR 7781)
* Add port for eXosip2 (PR 7648)
* Add support for STM32G4 (PR 7997)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
Support (PR 7777)
* Add support for building wolfSSL to be used in libspdm (PR 7869)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
* Add option to disable cryptocb test software test using
--disable-cryptocb-sw-test (PR 7862)
* Add a call to certificate verify callback before checking certificate dates
(PR 7895)
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
Hashing (PR 3166)
* Expand MMCAU support for use with DES ECB (PR 7960)
* Update AES SIV to handle multiple associated data inputs (PR 7911)
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
(PR 7731)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
* Renesas RX TSIP ECDSA support (PR 7685)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
* Server-side checks OCSP even if it uses v2 multi (PR 7828)
* Add handling of absent hash params in PKCS7 bundle parsing and creation
(PR 7845)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
environments that do not have a word64 type (PR 7759)
* Update to the maxq10xx support (PR 7824)
* Add support for parsing over optional PKCS8 attributes (PR 7944)
* Add support for either side method with DTLS 1.3 (PR 8012)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
* Add left-most wildcard matching support to X509_check_host() (PR 7966)
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
* Building wolfSSL as a library with Ada and corrections to Alire manifest
(PR 7303,7940)
* Renesas RX72N support updated (PR 7849)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
(PR 8005)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
SSL object (PR 7867)
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
* Memory usage improvements in wc_PRF, sha256 (for small code when many
registers are available) and sp_int objects (PR 7901)
* Change in the configure script to work around ">>" with no command. In older
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
# wolfSSL Release 5.7.2 (July 08, 2024) # wolfSSL Release 5.7.2 (July 08, 2024)
Release 5.7.2 has been developed according to wolfSSL's development and QA Release 5.7.2 has been developed according to wolfSSL's development and QA
@@ -220,7 +539,7 @@ fixed this omission in several PRs for this release.
* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949. * [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854. * [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029. * [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.

2
Docker/Dockerfile
View File

@@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev" ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
ARG DEPS_TOOLS="ccache clang-tidy maven" ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/* && apt clean -y && rm -rf /var/lib/apt/lists/*

6
Docker/wolfCLU/Dockerfile
View File

@@ -1,5 +1,5 @@
ARG DOCKER_BASE_IMAGE=ubuntu ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu as BUILDER FROM ubuntu AS builder
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap" ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
@@ -18,8 +18,8 @@ RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/
FROM ${DOCKER_BASE_IMAGE} FROM ${DOCKER_BASE_IMAGE}
USER root USER root
COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/ COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/ COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
RUN ldconfig RUN ldconfig
ENTRYPOINT ["/usr/local/bin/wolfssl"] ENTRYPOINT ["/usr/local/bin/wolfssl"]
LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl

42
IDE/ARDUINO/Arduino_README_prepend.md
View File

@@ -4,12 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/). See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
## wolfSSL Configuration
As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## wolfSSL Examples
Additional wolfSSL examples can be found at:
- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
- https://github.com/wolfSSL/wolfssl/tree/master/examples
- https://github.com/wolfSSL/wolfssl-examples/
## Arduino Releases ## Arduino Releases
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

39
IDE/ARDUINO/README.md
View File

@@ -2,18 +2,49 @@
See the [example sketches](./sketches/README.md): See the [example sketches](./sketches/README.md):
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
Bare-bones templates:
- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
- [sketches/template](./sketches/template/README.md) multiple file example.
Functional examples:
- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script. When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
## Getting Started
See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## Boards ## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/) Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed. and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started) . from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
``` ```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
@@ -42,7 +73,7 @@ from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh` 1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`. - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h). - You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option) 2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory - Creates an Arduino Library in the local `wolfSSL` directory

24
IDE/ARDUINO/include.am
View File

@@ -2,16 +2,32 @@
# included from Top Level Makefile.am # included from Top Level Makefile.am
# All paths should be given relative to the root # All paths should be given relative to the root
# Library files:
EXTRA_DIST+= IDE/ARDUINO/README.md EXTRA_DIST+= IDE/ARDUINO/README.md
# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md
# Not to be confused with the interim PREPENDED_README.md that is created by script.
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
# Core library files
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp
EXTRA_DIST+= IDE/ARDUINO/keywords.txt EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template EXTRA_DIST+= IDE/ARDUINO/library.properties.template
# Sketch Examples
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
# wolfssl_client example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
# wolfssl_server example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
# wolfssl_version example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h # Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory.
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

71
IDE/ARDUINO/sketches/README.md
View File

@@ -1,12 +1,75 @@
# wolfSSL Arduino Examples # wolfSSL Arduino Examples
There are currently two example Arduino sketches: There are currently five example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client. NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
* `template`: Reference template wolfSSL example, including optional VisualGDB project files.
* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example.
* `wolfssl_client`: Basic TLS listening client.
* `wolfssl_server`: Basic TLS server.
* `wolfssl_version`: Bare-bones wolfSSL example.
Examples have been most recently confirmed operational on the Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1. [Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Using wolfSSL
The typical include will look something like this:
```
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* settings.h is typically included in wolfssl.h, but here as a reminder: */
#include <wolfssl/wolfcrypt/settings.h>
/* Any other wolfSSL includes follow:*
#include <wolfssl/version.h>
```
## Configuring wolfSSL
See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically:
```
C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
```
WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE.
## Troubleshooting
If compile problems are encountered, for example:
```
ctags: cannot open temporary file : File exists
exit status 1
Compilation error: exit status 1
```
Try deleting the Arduino cache directory:
```
C:\Users\%USERNAME%\AppData\Local\arduino\sketches
```
For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories.
## More Information
For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

10
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Listening Client # Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE. Open the `wolfssl_client.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as: Other IDE products are also supported, such as:

894
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@@ -1,894 +0,0 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char reply[80];
char msg[32] = "hello wolfssl!";
const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int total_input = 0;
int msgSz = 0;
int input = 0;
int ret = 0;
int err = 0;
msgSz = (int)strlen(msg);
Serial.println(F(""));
Serial.println(F("Starting Arduino loop() ..."));
if (reconnect) {
reconnect--;
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */
ret = wolfSSL_Init();
error_check(ret, false, F("calling wolfSSL_Init") );
/* create secure connection object. see setup for ctx certs. */
Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
ssl = wolfSSL_new(ctx);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
do {
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ..."));
ret = wolfSSL_connect(ssl);
Serial.print("wolfSSL_connect return result =");
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println(F("Connected!"));
Serial.print(F("SSL version is "));
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print(F("SSL cipher suite is "));
Serial.println(cipherName);
/* see test.h
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
}
delay(1000);
if ((reconnect > 0) && (REPEAT_CONNECTION)) {
Serial.println(F("Arduino loop repeating..."));
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

10
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Server # Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE. Open the `wolfssl_server.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as: Other IDE products are also supported, such as:

838
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@@ -1,838 +0,0 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* we expect our IP address from DHCP */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

2
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,3 +1,5 @@
# Arduino Basic Hello World # Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number. This example simply compiles in wolfSSL and shows the current version number.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

24
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
View File

@@ -1,24 +0,0 @@
#include <Arduino.h>
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

33
IDE/ARDUINO/wolfssl-arduino.cpp Normal file
View File

@@ -0,0 +1,33 @@
/* wolfssl-arduino.cpp
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
#include "wolfssl.h"
/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages.
* See wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s)
{
/* Reminder: Serial.print is only available in C++ */
Serial.println(F(s));
return 0;
};

101
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -20,7 +20,7 @@
# Reminder there's typically no $USER for GitHub actions, but: # Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries" # ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
# #
# The company name is "wolfSSL Inc."; Theres a space, no comma, and a period after "Inc." # The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case) # The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case) # The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case) # The Arduino library include file is "wolfssl.h" (all lower case)
@@ -70,6 +70,9 @@ if [ "$ROOT_DIR" = "" ]; then
exit 1 exit 1
fi fi
ARDUINO_ROOT="$HOME/Arduino/libraries"
# Check environment # Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name # we found a non-blank WSL environment distro name
@@ -78,8 +81,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
if echo "$current_path" | grep -Eq "^$pattern"; then if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work. # if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries" ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi fi
fi fi
echo "The Arduino library root is: $ARDUINO_ROOT" echo "The Arduino library root is: $ARDUINO_ROOT"
@@ -106,21 +107,31 @@ if [ $# -gt 0 ]; then
else else
echo "Installing to $THIS_INSTALL_DIR" echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub repository." echo "Target is a GitHub root repository."
THIS_INSTALL_IS_GITHUB="true" THIS_INSTALL_IS_GITHUB="true"
else else
echo "Target is NOT a GitHub repository." echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
fi fi
fi fi
else else
echo "Error: not a valid operation: $THIS_OPERATION" echo "Error: not a valid operation: $THIS_OPERATION"
exit 1 exit 1
fi fi
else
echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR"
fi fi
ROOT_SRC_DIR="${ROOT_DIR}/src" ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples" EXAMPLES_DIR="${ROOT_DIR}/examples"
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino"
echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR"
else
echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples"
echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples."
fi
WOLFSSL_SRC="${ROOT_SRC_DIR}/src" WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl" WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt" WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
@@ -141,8 +152,16 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2) WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h" echo "Current user: [$USER]"
exit 1 if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then
# Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner"
echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow."
WOLFSSL_VERSION="GitHub"
else
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
echo "Check autogen.sh and configure"
exit 1
fi
else else
echo "Found wolfSSL version $WOLFSSL_VERSION" echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX" echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
@@ -235,26 +254,46 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1 $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h || exit 1
$CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1
unset NO_ARDUINO_EXAMPLES
echo "Copy examples...." echo "Copy examples...."
# Copy examples # Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples mkdir -p ".${ROOT_SRC_DIR}"/examples
echo "Copy wolfssl_client example...." if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client echo "Copy template example...."
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino ".${EXAMPLES_DIR}"/template/template.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md ".${EXAMPLES_DIR}"/template/README.md || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c ".${EXAMPLES_DIR}"/template/wolfssl_helper.c || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h ".${EXAMPLES_DIR}"/template/wolfssl_helper.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp || exit 1
echo "Copy wolfssl_server example...." echo "Copy wolfssl_AES_CTR example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1 $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1 $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1
echo "Copy wolfssl_server example...." echo "Copy wolfssl_client example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1 $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1 $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_version example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
NO_ARDUINO_EXAMPLES=1
fi
else else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1 exit 1
@@ -273,6 +312,8 @@ fi
# as an Arduino-specific README.md file. # as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}" VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}" ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md
PREPEND_FILE="Arduino_README_prepend.md" PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template" PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp" sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
@@ -325,12 +366,24 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Removing workspace library directory: .$ROOT_DIR" echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR" rm -rf ".$ROOT_DIR"
else else
echo "Installing to local directory:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX" echo "Installing to local directory:"
if [ "$THIS_INSTALL_DIR" = "" ]; then
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
else
echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
mkdir -p "$THIS_INSTALL_DIR" || exit 1
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
fi
fi fi
fi fi
if [ -n "$NO_ARDUINO_EXAMPLES" ]; then
echo ""
echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate."
echo ""
fi
echo "Done!" echo "Done!"

26
IDE/ARDUINO/wolfssl.h
View File

@@ -1,6 +1,6 @@
/* wolfssl.h /* wolfssl.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -22,18 +22,28 @@
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */ /* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS #ifndef WOLFSSL_USER_SETTINGS
/* Should already be defined in settings.h for #if defined(ARDUINO) */
#define WOLFSSL_USER_SETTINGS #define WOLFSSL_USER_SETTINGS
#endif #endif
#include <Arduino.h> #include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h */ /* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must be listed before any other wolfSSL include.
*/
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s) #ifndef WOLFSSL_ARDUINO_H
{ #define WOLFSSL_ARDUINO_H
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s)); /* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */
return 0; int wolfSSL_Arduino_Serial_Print(const char* const s);
};
#endif /* WOLFSSL_ARDUINO_H */

2
IDE/AURIX/Cpu0_Main.c
View File

@@ -1,6 +1,6 @@
/* Cpu0_Main.c /* Cpu0_Main.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/AURIX/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h /* user_settings.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/AURIX/wolf_main.c
View File

@@ -1,6 +1,6 @@
/* wolf_main.c /* wolf_main.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

3
IDE/CRYPTOCELL/main.c
View File

@@ -1,6 +1,6 @@
/* main.c /* main.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -63,4 +63,3 @@ int main(void)
return 0; return 0;
} }

2
IDE/CRYPTOCELL/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h /* user_settings.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@@ -1,6 +1,6 @@
/* deos_malloc.c /* deos_malloc.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.c /* tls_wolfssl.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.h /* tls_wolfssl.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/DEOS/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h /* user_setting.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.c /* client_wolfssl.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.h /* client_wolfssl.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.c /* server_wolfssl.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.h /* server_wolfssl.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h /* user_setting.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c /* wolfsslRunTests.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/RTTHREAD/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h /* user_setting.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c /* wolfsslRunTests.c
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

39
IDE/Espressif/ESP-IDF/README.md
View File

@@ -1,11 +1,12 @@
# ESP-IDF Port # ESP-IDF Port
These Espressif examples have been created and tested with the latest stable release branch of These Espressif examples have been created and tested with the latest stable release branch of
[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). ESP-IDF v5.2, v5.3 and the master branch
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
See the latest Espressif Migration Guides.
## Examples ## Examples
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
### File: `sdkconfig.h` ### File: `sdkconfig.h`
The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig` The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html) file at [build](Espressif api-guides/build-system.html)
time, should be included before any other files. time, should be included before any other files.
### File: `user_settings.h` ### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
## Requirements ## Requirements
1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/) 1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
## wolfSSL as an Espressif component ## wolfSSL as an Espressif component
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
## Espressif Managed Components ## Espressif Managed Components
Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically: Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
``` ```
idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable" idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -144,6 +145,14 @@ This is an alternate method for installation. It is recommended to use the new `
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/` 2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name) 3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
```
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
. $WRK_IDF_PATH/export.sh
./setup.sh
```
## Setup for Windows ## Setup for Windows
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code. This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
@@ -188,8 +197,8 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
- Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715 - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
- Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777) - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
- WSL 1 Ubuntu 22.04.3 LTS - WSL 1 Ubuntu 22.04.3 LTS
- ESP-IDF: ESP-IDF v5.1 - ESP-IDF: ESP-IDF v5.2
- SoC Module : all those supported in ESP-IDF v5.1 - SoC Module : all those supported in ESP-IDF v5.2
## JTAG Debugging Notes ## JTAG Debugging Notes
@@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
reset_config srst_push_pull trst_push_pull reset_config srst_push_pull trst_push_pull
``` ```
## Windows long paths
Check "Long Paths Enabled" in Windows registry.
Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
The operation requires Administrator privileges. Command:
```powershell
powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
```

2
IDE/Espressif/ESP-IDF/README_32se.md
View File

@@ -10,7 +10,7 @@ Including the following examples:
The `user_settings.h` file enables some of the hardened settings. The `user_settings.h` file enables some of the hardened settings.
## Requirements ## Requirements
1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/ 1. ESP-IDF development framework: https://github.com/espressif/esp-idf
2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib

2
IDE/Espressif/ESP-IDF/dummy_config_h
View File

@@ -1,6 +1,6 @@
/* config.h - dummy /* config.h - dummy
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/Espressif/ESP-IDF/dummy_test_paths.h
View File

@@ -1,6 +1,6 @@
/* wolfcrypt/test/test_paths.h /* wolfcrypt/test/test_paths.h
* *
* Copyright (C) 2006-2024 wolfSSL Inc. * Copyright (C) 2006-2025 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

7
IDE/Espressif/ESP-IDF/examples/README.md
View File

@@ -78,7 +78,7 @@ wolfSSL to be installed.
If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux). and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl) The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
also installs source code locally, instead of pointing to a source repository. also installs source code locally, instead of pointing to a source repository.
## VisualGDB ## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
- esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058) - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf). See also the `ESP-FAQ Handbook`.

91
IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
View File

@@ -1,10 +1,19 @@
# wolfSSL Espressif Example Project CMakeLists.txt # wolfSSL Espressif Example Project CMakeLists.txt
# v1.0 # v1.3
# #
# The following lines of boilerplate have to be in your project's # The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly # CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16) cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code. # The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here: # Otherwise, assign an environment variable or set it here:
# #
@@ -22,34 +31,63 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32) if(WIN32)
# Windows-specific configuration here # Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows") message(STATUS "Detected Windows")
endif() endif()
if(CMAKE_HOST_UNIX) if(CMAKE_HOST_UNIX)
message("Detected UNIX") message(STATUS "Detected UNIX")
endif() endif()
if(APPLE) if(APPLE)
message("Detected APPLE") message(STATUS "Detected APPLE")
endif() endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop") if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here # Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL") message(STATUS "Detected WSL")
endif() endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32)) if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here # Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux") message(STATUS "Detected Linux")
endif() endif()
if(APPLE) if(APPLE)
# Windows-specific configuration here # Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple") message(STATUS "Detected Apple")
endif() endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME # End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components # Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl # The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl # The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" ) if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake' # These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL) # add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -64,10 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n" message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove " "If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/") "or rename the idf_component.yml file typically found in ./main/")
else() elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.") message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif() endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake) include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_template) project(wolfssl_template)
message(STATUS "end project")

Some files were not shown because too many files have changed in this diff Show More