From 60dc30326c655233fddd510a3fc217638ef75124 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Tue, 11 Mar 2025 15:50:31 +0000 Subject: [PATCH 1/8] Add WOLFSSL_CLU option to CMakeLists.txt Co-Authored-By: eric@wolfssl.com --- CMakeLists.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index eca4a0219..8e980c9a9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1694,6 +1694,9 @@ add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no") set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)") add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no") +set(WOLFSSL_CLU_HELP_STRING "Enable wolfCLU options (default: disabled)") +add_option(WOLFSSL_CLU ${WOLFSSL_CLU_HELP_STRING} "no" "yes;no") + set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)") add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no") @@ -2038,6 +2041,21 @@ if(WOLFSSL_TPM) override_cache(WOLFSSL_AESCFB "yes") endif() +if(WOLFSSL_CLU) + override_cache(WOLFSSL_CERTGEN "yes") + override_cache(WOLFSSL_CERTREQ "yes") + override_cache(WOLFSSL_CERTEXT "yes") + override_cache(WOLFSSL_MD5 "yes") + override_cache(WOLFSSL_AESCTR "yes") + override_cache(WOLFSSL_KEYGEN "yes") + override_cache(WOLFSSL_OPENSSLALL "yes") + override_cache(WOLFSSL_ED25519 "yes") + override_cache(WOLFSSL_SHA512 "yes") + override_cache(WOLFSSL_DES3 "yes") + override_cache(WOLFSSL_PKCS7 "yes") + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES") +endif() + if(WOLFSSL_AESCFB) list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB") endif() From 7c84200ddad0a0a287a7bd3a7cc339d6eaccc39a Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:05:26 +0000 Subject: [PATCH 2/8] Add WOLFSSL_CLU option to cmake.yml workflow Co-Authored-By: eric@wolfssl.com --- .github/workflows/cmake.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 155373d68..c97ab6cb3 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -75,7 +75,7 @@ jobs: -DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \ -DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \ -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \ - -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \ + -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \ -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \ -DWOLFSSL_X963KDF:BOOL=yes \ -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \ From dbc2017cc7e47c51e1099616332cb60c0f0636a8 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 20:03:00 +0000 Subject: [PATCH 3/8] Fix OPENSSL_ALL definition for WOLFSSL_CLU option Co-Authored-By: eric@wolfssl.com --- CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8e980c9a9..55fe1a031 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2054,6 +2054,8 @@ if(WOLFSSL_CLU) override_cache(WOLFSSL_DES3 "yes") override_cache(WOLFSSL_PKCS7 "yes") list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES") + # Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available + list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL") endif() if(WOLFSSL_AESCFB) From e9fadcc86e3d86cb701d083de5d5fb5cf86a6b92 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Fri, 14 Mar 2025 21:12:09 +0000 Subject: [PATCH 4/8] Fix NO_DES3 definition when WOLFSSL_CLU is enabled Co-Authored-By: eric@wolfssl.com --- CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 55fe1a031..23a5c21c2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2056,6 +2056,8 @@ if(WOLFSSL_CLU) list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES") # Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL") + # Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled + list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3") endif() if(WOLFSSL_AESCFB) From e44ccda9314e410019669fa09e033dd3f9f8f69c Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Fri, 14 Mar 2025 16:40:31 -0500 Subject: [PATCH 5/8] Fix ED25519 definition when WOLFSSL_CLU is enabled --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 23a5c21c2..21370b0f6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1019,7 +1019,7 @@ add_option("WOLFSSL_ED25519" "Enable ED25519 (default: disabled)" "no" "yes;no") -if(WOLFSSL_OPENSSH) +if(WOLFSSL_OPENSSH OR WOLFSSL_CLU) override_cache(WOLFSSL_ED25519 "yes") endif() From 098358c217fb849304a3926ba844ee8162d9898c Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Mon, 17 Mar 2025 13:34:15 -0500 Subject: [PATCH 6/8] Add WOLFSSL_AESCTR to WOLFSSL_CLU cmake option --- CMakeLists.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 21370b0f6..aa290174a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -752,7 +752,8 @@ add_option("WOLFSSL_AESCTR" if(WOLFSSL_OPENVPN OR WOLFSSL_LIBSSH2 OR - WOLFSSL_AESSIV) + WOLFSSL_AESSIV OR + WOLFSSL_CLU) override_cache(WOLFSSL_AESCTR "yes") endif() From 16eb8d9ec97aea5340a618c24cb1f0be85b6c9db Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:25:15 +0000 Subject: [PATCH 7/8] Enable WOLFSSL_OPENSSLEXTRA and OPENSSL_EXTRA for WOLFSSL_CLU option Co-Authored-By: eric@wolfssl.com --- CMakeLists.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index aa290174a..55d36001c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2050,6 +2050,7 @@ if(WOLFSSL_CLU) override_cache(WOLFSSL_AESCTR "yes") override_cache(WOLFSSL_KEYGEN "yes") override_cache(WOLFSSL_OPENSSLALL "yes") + override_cache(WOLFSSL_OPENSSLEXTRA "yes") override_cache(WOLFSSL_ED25519 "yes") override_cache(WOLFSSL_SHA512 "yes") override_cache(WOLFSSL_DES3 "yes") @@ -2057,6 +2058,8 @@ if(WOLFSSL_CLU) list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES") # Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL") + # Add OPENSSL_EXTRA definition to enable OpenSSL compatibility layer + list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_EXTRA") # Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3") endif() From cf813c81b8aaebf8982a9c8673ef2baa819dd826 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 20:30:26 +0000 Subject: [PATCH 8/8] Revert "Enable WOLFSSL_OPENSSLEXTRA and OPENSSL_EXTRA for WOLFSSL_CLU option" This reverts commit 16eb8d9ec97aea5340a618c24cb1f0be85b6c9db. --- CMakeLists.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 55d36001c..aa290174a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2050,7 +2050,6 @@ if(WOLFSSL_CLU) override_cache(WOLFSSL_AESCTR "yes") override_cache(WOLFSSL_KEYGEN "yes") override_cache(WOLFSSL_OPENSSLALL "yes") - override_cache(WOLFSSL_OPENSSLEXTRA "yes") override_cache(WOLFSSL_ED25519 "yes") override_cache(WOLFSSL_SHA512 "yes") override_cache(WOLFSSL_DES3 "yes") @@ -2058,8 +2057,6 @@ if(WOLFSSL_CLU) list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES") # Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL") - # Add OPENSSL_EXTRA definition to enable OpenSSL compatibility layer - list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_EXTRA") # Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3") endif()