mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 14:20:49 +02:00
zephyr: changes needed for Zephyr 4.3 default TLS support
Follow-up to #7731 ("Changes needed for default TLS support in zephyr kernel"). Zephyr 4.3's TLS socket integration uses three additional wolfSSL features that were not needed by the 3.7 integration, plus an extension to the native_sim time-source gates introduced in #7731. native_sim timer gates (src/internal.c, wolfcrypt/src/wc_port.c): Extend the !CONFIG_BOARD_NATIVE_POSIX gate in LowResTimer() and the CONFIG_BOARD_NATIVE_POSIX RTC path in z_time() to also cover CONFIG_BOARD_NATIVE_SIM. Zephyr 4.3 renamed the simulator board from native_posix to native_sim; without this, k_cpu_idle() on native_sim advances simulated time during DTLS retransmit loops and the RTC path falls through to uptime-since-boot. Behavior on native_posix is unchanged. New Kconfig options (zephyr/Kconfig, zephyr/user_settings.h): CONFIG_WOLFSSL_SESSION_EXPORT -> HAVE_EXT_CACHE Required by consumers that serialize TLS session state across connections via wolfSSL_i2d_SSL_SESSION / wolfSSL_d2i_SSL_SESSION. CONFIG_WOLFSSL_KEEP_PEER_CERT -> KEEP_PEER_CERT Retain the peer certificate after handshake so the application layer can inspect it via wolfSSL_get_peer_certificate. CONFIG_WOLFSSL_ALWAYS_VERIFY_CB -> WOLFSSL_ALWAYS_VERIFY_CB Invoke an application-set verify callback on successful chain validation in addition to validation failures. All three are default-off; customers opt in the same way they do for the existing CONFIG_WOLFSSL_DTLS / ALPN / PSK feature options. .wolfssl_known_macro_extras: register HAVE_EXT_CACHE.
This commit is contained in:
@@ -279,6 +279,7 @@ HAVE_ECC512
|
||||
HAVE_ECC_CDH_CAST
|
||||
HAVE_ECC_SM2
|
||||
HAVE_ESP_CLK
|
||||
HAVE_EXT_CACHE
|
||||
HAVE_FIPS_VERSION_PORT
|
||||
HAVE_FUZZER
|
||||
HAVE_INTEL_MULX
|
||||
|
||||
+2
-1
@@ -10602,7 +10602,8 @@ ProtocolVersion MakeDTLSv1_3(void)
|
||||
word32 LowResTimer(void)
|
||||
{
|
||||
int64_t t;
|
||||
#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX)
|
||||
#if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX) \
|
||||
&& !defined(CONFIG_BOARD_NATIVE_SIM)
|
||||
k_cpu_idle();
|
||||
#endif
|
||||
t = k_uptime_get(); /* returns current uptime in milliseconds */
|
||||
|
||||
@@ -215,7 +215,7 @@ Threading/Mutex options:
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_ZEPHYR)
|
||||
#if defined(CONFIG_BOARD_NATIVE_POSIX)
|
||||
#if defined(CONFIG_BOARD_NATIVE_POSIX) || defined(CONFIG_BOARD_NATIVE_SIM)
|
||||
#include "native_rtc.h"
|
||||
#define CONFIG_RTC
|
||||
#endif
|
||||
@@ -4088,7 +4088,7 @@ time_t z_time(time_t * timer)
|
||||
#if defined(CONFIG_RTC) && \
|
||||
(defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC))
|
||||
|
||||
#if defined(CONFIG_BOARD_NATIVE_POSIX)
|
||||
#if defined(CONFIG_BOARD_NATIVE_POSIX) || defined(CONFIG_BOARD_NATIVE_SIM)
|
||||
|
||||
/* When using native sim, get time from simulator rtc */
|
||||
uint32_t nsec = 0;
|
||||
@@ -4120,7 +4120,7 @@ time_t z_time(time_t * timer)
|
||||
return epochTime;
|
||||
}
|
||||
}
|
||||
#endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */
|
||||
#endif /* CONFIG_BOARD_NATIVE_POSIX || CONFIG_BOARD_NATIVE_SIM */
|
||||
#endif
|
||||
|
||||
/* Fallback to uptime since boot. This works for relative times, but
|
||||
|
||||
@@ -98,6 +98,21 @@ config WOLFSSL_MAX_FRAGMENT_LEN
|
||||
Sets the maximum fragment length wolfSSL will use, values 1-6 correspond to enum values
|
||||
WOLFSSL_MFL_* in ssl.h
|
||||
|
||||
config WOLFSSL_SESSION_EXPORT
|
||||
bool "wolfSSL session export support"
|
||||
help
|
||||
Enable external session cache (HAVE_EXT_CACHE)
|
||||
|
||||
config WOLFSSL_KEEP_PEER_CERT
|
||||
bool "wolfSSL keep peer certificate support"
|
||||
help
|
||||
Retain peer certificate after handshake (KEEP_PEER_CERT)
|
||||
|
||||
config WOLFSSL_ALWAYS_VERIFY_CB
|
||||
bool "wolfSSL always invoke verify callback"
|
||||
help
|
||||
Invoke verify callback on success as well as failure (WOLFSSL_ALWAYS_VERIFY_CB)
|
||||
|
||||
config WOLFCRYPT_ARMASM
|
||||
bool "wolfCrypt ARM Assembly support"
|
||||
depends on WOLFSSL_BUILTIN
|
||||
|
||||
@@ -133,6 +133,21 @@ extern "C" {
|
||||
#define NO_SESSION_CACHE /* disable session resumption */
|
||||
#endif
|
||||
|
||||
/* Session export (external session cache) */
|
||||
#if defined(CONFIG_WOLFSSL_SESSION_EXPORT)
|
||||
#define HAVE_EXT_CACHE
|
||||
#endif
|
||||
|
||||
/* Keep peer certificate after handshake */
|
||||
#if defined(CONFIG_WOLFSSL_KEEP_PEER_CERT)
|
||||
#define KEEP_PEER_CERT
|
||||
#endif
|
||||
|
||||
/* Always invoke verify callback (on success as well as failure) */
|
||||
#if defined(CONFIG_WOLFSSL_ALWAYS_VERIFY_CB)
|
||||
#define WOLFSSL_ALWAYS_VERIFY_CB
|
||||
#endif
|
||||
|
||||
/* DTLS */
|
||||
#if defined(CONFIG_WOLFSSL_DTLS)
|
||||
#define WOLFSSL_DTLS
|
||||
|
||||
Reference in New Issue
Block a user