Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:v5.2.1
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
..
compare: Cyclic0007:WCv4.0-RC3
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

24 Commits
v5.2.1 ... WCv4.0-RC3

Author SHA1 Message Date
John Safranek
7e2a7aa5b8 Test Fixes 
1. Modify RSA-PSS to be able to sign and verify SHA-384 and SHA-512 hashes with 1024-bit RSA keys.
 2018-03-29 17:04:59 -07:00
John Safranek
7e55d687e5 FIPS Revalidation/Test Fixes 
1. Added APIs to perform RSA-PSS verify and padding operation in the same call.
2. Change to RsaPSS sign and verify to pick the proper salt length if the key is 1024-bits and the hash is SHA-512.
 2018-03-28 13:58:25 -07:00
John Safranek
dca2424aae FIPS Revalidation/Test Fixes 
1. For FIPSv2 builds, changed the FP_MAX_BITS to 6144.
2. Fixed bug in HMAC-SHA-3 where the digest size was being used instead of the block size for processing the key.
 2018-03-26 17:30:07 -07:00
John Safranek
ab9f1875b8 FIPS Revalidation 
1. Add a copy of the DSA parameter generation function to DH for use without DSA.
 2018-03-23 15:30:57 -07:00
John Safranek
ce1e987650 FIPS Revalidation 
1. Bug fixes to AES-GCM. Separated out the internal and external IV set functions.
 2018-03-22 15:50:54 -07:00
John Safranek
b760430423 FIPS Revalidation 
1. Updated the configure.ac to add in the RSA direct function to FIPS builds
 2018-03-22 15:50:54 -07:00
John Safranek
6108540c7c FIPS Revalidation 
1. Add new APIs for AES-GCM so it can manage the IV per SP 800-38D.
2. Add new APIs for AES-CCM so it can manage the IV, similar to the behavior in AES-GCM.
3. Add new APIs for GMAC that use the new AES-GCM APIs.
 2018-03-22 15:50:54 -07:00
John Safranek
b92b8222ed Test Fixes 
1. Added error code for ECDHE FIPS KAT failure.
 2018-03-22 15:50:54 -07:00
John Safranek
369c2debde Test Fixes 
1. Removed redundant forward declaration of RsaKey from hmac.h.
2. Updated gitignore with the first and last files.
3. Updated autogen with touching the first and last files.
 2018-03-22 15:50:54 -07:00
John Safranek
9d4de6908c Test Fixes 
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
 2018-03-22 15:50:54 -07:00
John Safranek
84e36f012a FIPS Revalidation 
1. AES-GCM encrypt IV length allowed to be 8-bits.
 2018-03-22 15:50:54 -07:00
John Safranek
cc02098760 FIPS Revalidation 
1. Update the const data and code segment tags for the Windown builds.
 2018-03-22 15:50:54 -07:00
John Safranek
e3ea7e1efc FIPS Revalidation 
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
 2018-03-22 15:50:54 -07:00
John Safranek
a74e419446 FIPS Revalidation 
1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
 2018-03-22 15:50:54 -07:00
John Safranek
85b3c9652a FIPS Revalidation 
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
 2018-03-22 15:50:54 -07:00
John Safranek
5c452f26d7 AES-GCM 
1. Updated the wolfCrypt GMAC test to leave out the test case with the 15-byte tag when building for FIPS.
2. Replace tabs with spaces.
 2018-03-22 15:50:54 -07:00
John Safranek
94835b2c1b FIPS Revalidation 
1. Updated CMAC to allow tag length from 4 to 16 bytes, inclusive.
 2018-03-22 15:50:54 -07:00
John Safranek
675480adf9 FIPS Revalidation 
1. Enable SHA-224 by default if building for FIPSv2.
 2018-03-22 15:50:54 -07:00
John Safranek
2683fb29df FIPS Revalidation 
1. Added new AES-GCM Encrypt API for FIPS where the IV is generated internally.
2. Fix the AES-NI guard flags so it can be used when FIPS enabled.
 2018-03-22 15:50:54 -07:00
John Safranek
80e589c7d9 FIPS Revalidation 
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
 2018-03-22 15:50:54 -07:00
John Safranek
8576dc4a6c FIPS Update 
1. Moved the rest of the FIPS algorithms to FIPSv2.
2. Updated the fips-check and autogen scripts.
3. Updated the automake include for the crypto files.
4. Updated the example server to use the wolfSSL API and wolfSSL-based OpenSSL compatibility layer.
5. Added error code for the SHA-3 KAT.
6. Updated an test case in the API test for AES-GCM encrypt that is now considered a success case, but the FIPS mode was still treating as a failure.
 2018-03-22 15:50:54 -07:00
John Safranek
c56c2ea8e4 FIPS Update 
1. Move SHA-224 and SHA-256 into FIPSv2.
2. Move HMAC into FIPSv2.
3. Move Hash_DRBG into FIPSv2.
 2018-03-22 15:50:54 -07:00
John Safranek
5cc93bdda4 FIPS Update 
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
 2018-03-22 15:50:54 -07:00
John Safranek
786c1ef956 AES-CCM FIPS 
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
 2018-03-22 15:50:53 -07:00
2907 changed files with 277144 additions and 2231517 deletions
Expand all files Collapse all files

18
.codespellexcludelines
View File

@@ -1,18 +0,0 @@
###############################################################################
# In this file, you should add the line of the file that needs to be ignored.
# The line should be exactly as it appears in the file.
###############################################################################
0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */
0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */
0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */
ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n\
static const byte plaintext[] = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Cras lacus odio, pretium vel sagittis ac, facilisis quis diam. Vivamus condimentum velit sed dolor consequat interdum. Etiam eleifend ornare felis, eleifend egestas odio vulputate eu. Sed nec orci nunc. Etiam quis mi augue. Donec ullamcorper suscipit lorem, vel luctus augue cursus fermentum. Etiam a porta arcu, in convallis sem. Integer efficitur elementum diam, vel scelerisque felis posuere placerat. Donec vestibulum sit amet leo sit amet tincidunt. Etiam et vehicula turpis. Phasellus quis finibus sapien. Sed et tristique turpis. Nullam vitae sagittis tortor, et aliquet lorem. Cras a leo scelerisque, convallis lacus ut, fermentum urna. Mauris quis urna diam. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Nam aliquam vehicula orci id pulvinar. Proin mollis, libero sollicitudin tempor ultrices, massa augue tincidunt turpis, sit amet aliquam neque nibh nec dui. Fusce finibus massa quis rutrum suscipit cras amet";
rsource "Kconfig.tls-generic"
/* Loop over authenticated associated data AD1..ADn */
/* no easy answer [c'est la vie]. Just division */
const uint8_t* hashIn, int hashSz)
XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz);
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
\pagenumbering{alph}
DES3_KEY_SIZE = 24, /* 3 des ede */
/* functions added to support above needed, removed TOOM and KARATSUBA */

4
LPCExpresso.cproject → .cproject
View File

@@ -66,7 +66,7 @@
</toolChain>
</folderInfo>
<sourceEntries>
<entry excluding="src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
<entry excluding="src/bio.c|wolfcrypt/src/evp.c|wolfcrypt/src/misc.c|IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_chip_18xx|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries>
</configuration>
</storageModule>
@@ -152,7 +152,7 @@
</toolChain>
</folderInfo>
<sourceEntries>
<entry excluding="IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
<entry excluding="IDE/LPCXPRESSO/wolf_example|tirtos|testsuite|tests|swig|support|sslSniffer|scripts|rpm|mqx|mplabx|mcapi|m4|IDE/WORKBENCH|IDE/WIN|IDE/ROWLEY-CROSSWORKS-ARM|IDE/MYSQL|IDE/MDK-ARM|IDE/MDK5-ARM|IDE/LPCXPRESSO/wolf_demo|IDE/LPCXPRESSO/lpc_board_nxp_lpcxpresso_1837|IDE/iOS|IDE/IAR-EWARM|examples|Debug|certs|build-aux|Backup|autom4te.cache|wolfcrypt/src/aes_asm.s|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto" flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name=""/>
</sourceEntries>
</configuration>
</storageModule>

40
.cyignore
View File

@@ -1,40 +0,0 @@
# wolfSSL folders
$(SEARCH_wolfssl)/IDE
$(SEARCH_wolfssl)/examples
$(SEARCH_wolfssl)/linuxkm
$(SEARCH_wolfssl)/mcapi
$(SEARCH_wolfssl)/mplabx
$(SEARCH_wolfssl)/mqx
$(SEARCH_wolfssl)/tirtos
$(SEARCH_wolfssl)/tests
$(SEARCH_wolfssl)/testsuite
$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
$(SEARCH_wolfssl)/zephyr
# wolfSSL files
$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S

10
.editorconfig
View File

@@ -1,10 +0,0 @@
# http://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 4
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

58
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -1,58 +0,0 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: ["bug", "triage"]
body:
- type: markdown
attributes:
value: >
Thanks for reporting an bug. If you would prefer a private method,
please email support@wolfssl.com
- type: input
id: contact
attributes:
label: Contact Details
description: How can we get in touch with you if we need more info?
placeholder: ex. email@example.com
validations:
required: false
- type: input
id: version
attributes:
label: Version
description: What version were you using?
validations:
required: true
- type: textarea
id: details
attributes:
label: Description
description: |
Describe the issue in detail
Please include:
* Specific `./configure` options or `user_settings.h`
* Target and build environment
placeholder: |
Blinded by the light!
Code runs too fast. It's gone plaid!
...
validations:
required: true
- type: textarea
id: reproduce
attributes:
label: Reproduction steps
description: If possible please give instructions on how to reproduce.
placeholder: |
1. `./configure --enable-42`
2. `make question`
3.
...
validations:
required: false
- type: textarea
id: logs
attributes:
label: Relevant log output
description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
render: shell

28
.github/ISSUE_TEMPLATE/other.yaml vendored
View File

@@ -1,28 +0,0 @@
name: General Issue
description: Request support with an issue
labels: ["triage"]
body:
- type: markdown
attributes:
value: >
Thanks for reporting an issue. If you would prefer a private method,
please email support@wolfssl.com
- type: input
id: version
attributes:
label: Version
description: What version were you using?
validations:
required: true
- type: textarea
id: details
attributes:
label: Description
description: |
Describe the issue in detail.
Please include specific configuration options or user_settings.h
placeholder: |
`./configure --enable-world-domination` fails
...
validations:
required: true

16
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,16 +0,0 @@
# Description
Please describe the scope of the fix or feature addition.
Fixes zd#
# Testing
How did you test?
# Checklist
- [ ] added tests
- [ ] updated/added doxygen
- [ ] updated appropriate READMEs
- [ ] Updated manual and documentation

12
.github/SECURITY.md vendored
View File

@@ -1,12 +0,0 @@
# Security Policy
## Reporting a Vulnerability
If you discover a vulnerability, please report it to support@wolfssl.com
1. Include a detailed description
2. Include method to reproduce and/or method of discovery
3. We will evaluate the report promptly and respond to you with findings.
4. We will credit you with the report if you would like.
**Please keep the vulnerability private** until a fix has been released.

45
.github/workflows/async.yml vendored
View File

@@ -1,45 +0,0 @@
name: Async Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-asynccrypt --enable-all --enable-dtls13',
'--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2',
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL async
run: |
./async-check.sh install
./configure ${{ matrix.config }}
make check
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

30
.github/workflows/codespell.yml vendored
View File

@@ -1,30 +0,0 @@
name: Codespell test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@v2.1
with:
check_filenames: true
check_hidden: true
# Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive)
ignore_words_list: adin,aNULL,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te
# The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
exclude_file: '.codespellexcludelines'
# To skip files entirely from being processed, add it to the following list:
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg'

53
.github/workflows/coverity-scan-fixes.yml vendored
View File

@@ -1,53 +0,0 @@
name: Coverity Scan master branch
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 1-5'
- cron: '0 0 * * 0'
- cron: '0 12 * * 0'
jobs:
coverity:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Configure wolfSSL with enable-all M-F
if: github.event.schedule == '0 0 * * 1-5'
run: |
./autogen.sh
./configure --enable-all
- name: Configure wolfSSL with enable-all enable-smallstack Sun at 00:00
if: github.event.schedule == '0 0 * * 0'
run: |
./autogen.sh
./configure --enable-all --enable-smallstack
- name: Configure wolfSSL with bigendian Sun at 12:00
if: github.event.schedule == '0 12 * * 0'
run: |
./autogen.sh
./configure --enable-all CFLAGS="-DBIG_ENDIAN_ORDER"
- name: Check secrets
env:
token_var: ${{ secrets.COVERITY_SCAN_TOKEN }}
email_var: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
token_len=${#token_var}
echo "$token_len"
email_len=${#email_var}
echo "$email_len"
- uses: vapier/coverity-scan-action@v1
with:
build_language: 'cxx'
project: "wolfSSL/wolfssl"
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
command: "make"

76
.github/workflows/curl.yml vendored
View File

@@ -1,76 +0,0 @@
name: curl Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-curl
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-curl
path: build-dir.tgz
retention-days: 5
test_curl:
name: ${{ matrix.curl_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
curl_ref: [ 'master', 'curl-8_4_0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-curl
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: curl/curl
path: curl
ref: ${{ matrix.curl_ref }}
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Test curl
working-directory: curl
run: make -j $(nproc) test-ci

105
.github/workflows/cyrus-sasl.yml vendored
View File

@@ -1,105 +0,0 @@
name: cyrus-sasl Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sasl
path: build-dir.tgz
retention-days: 5
sasl_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sasl
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout sasl
uses: actions/checkout@v4
with:
repository: cyrusimap/cyrus-sasl
ref: cyrus-sasl-${{ matrix.ref }}
path: sasl
- name: Build cyrus-sasl
working-directory: sasl
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
# Need to run 'make' twice with '--disable-shared' for some reason
make -j || make -j
- name: Run testsuite
working-directory: sasl
run: |
make -j -C utils testsuite saslpasswd2
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
$GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done

60
.github/workflows/disabled/haproxy.yml vendored
View File

@@ -1,60 +0,0 @@
name: HaProxy Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
haproxy_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ master ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-quic --enable-haproxy
install: true
- name: Checkout VTest
uses: actions/checkout@v4
with:
repository: vtest/VTest
path: VTest
- name: Build VTest
working-directory: VTest
# Special flags due to: https://github.com/vtest/VTest/issues/12
run: make FLAGS='-O2 -s -Wall'
- name: Checkout HaProxy
uses: actions/checkout@v4
with:
repository: haproxy/haproxy
path: haproxy
ref: ${{ matrix.ref }}
- name: Build HaProxy
working-directory: haproxy
run: >-
make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

294
.github/workflows/disabled/hostap.yml vendored
View File

@@ -1,294 +0,0 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 5
# Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. hostap_cherry_pick is used to apply the
# commit that updates the certificates used for testing. Tests are read
# from the corresponding configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
},
]
# parallelize the tests to be able to run all tests within 10 minutes
# Update the <total server> in the ./run-tests.py step when changing.
server: [1, 2, 3, 4, 5]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
}
name: hwsim test
if: github.repository_owner == 'wolfssl'
# For openssl 1.1
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
needs: build_wolfssl
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
bridge-utils
sudo pip3 install pycryptodome
- name: Enable mac80211
run: |
sudo modprobe mac80211
lsmod | grep mac80211
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=-d" >> $GITHUB_ENV
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: Setup d-bus
working-directory: wolfssl/.github/workflows/hostap-files
run: |
sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
sudo service dbus reload
# This is super hack-ish :P
# If you are trying to reproduce this on a more generic system, you can
# just run `sudo apt install linux-modules-extra-$(uname -r)` and
# this should have the module in the package. No need to compile it.
- name: Compile and install mac80211_hwsim
working-directory: wolfssl/.github/workflows/hostap-files
run: |
# The tag will be the first two numbers of from uname -r
LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
# Download the correct version of the driver
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
make
sudo make install
sudo modprobe mac80211_hwsim
lsmod | grep mac80211_hwsim
sudo rmmod mac80211_hwsim
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
fetch-depth: 0
- if: ${{ matrix.config.hostap_cherry_pick }}
name: Cherry pick certificate update
working-directory: hostap
run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
# Run tests in increments of 50 to cut down on the uploaded log size.
while mapfile -t -n 50 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
# Retry up to three times
for i in {1..3}; do
HWSIM_RES=0 # Not set when command succeeds
# Logs can grow quickly especially in debug mode
sudo rm -rf logs
sudo ./start.sh
sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
sudo ./stop.sh
if [ "$HWSIM_RES" -eq "0" ]; then
break
fi
done
echo "test ran $i times"
if [ "$HWSIM_RES" -ne "0" ]; then
exit $HWSIM_RES
fi
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
- name: Change failure log permissions
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: hostap/tests/hwsim/
run: |
sudo chown -R $USER:$USER logs
zip -9 -r logs.zip logs/current
- name: Upload failure logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: hostap-logs-${{ env.our_job_run_id }}
path: hostap/tests/hwsim/logs.zip
retention-days: 5

46
.github/workflows/docker-Espressif.yml vendored
View File

@@ -1,46 +0,0 @@
name: Espressif examples tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
espressif_latest:
name: latest Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 12
container:
image: espressif/idf:latest
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4:
name: v4.4 Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
container:
image: espressif/idf:release-v4.4
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0:
name: v5.0 Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
container:
image: espressif/idf:release-v5.0
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: cd /opt/esp/idf && . ./export.sh && cd $GITHUB_WORKSPACE; IDE/Espressif/ESP-IDF/compileAllExamples.sh

71
.github/workflows/docker-OpenWrt.yml vendored
View File

@@ -1,71 +0,0 @@
# This workflow tests out new libraries with existing OpenWrt builds to check
# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
name: OpenWrt test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
name: Compile libwolfssl.so
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
container:
image: alpine:latest
steps:
- name: Install required tools
run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
- uses: actions/checkout@v4
- name: Compile libwolfssl.so
run: ./autogen.sh && ./configure --enable-all && make
# 2024-08-05 - Something broke in the actions. They are no longer following links.
- name: tar libwolfssl.so
working-directory: src/.libs
run: tar -zcf libwolfssl.tgz libwolfssl.so*
- name: Upload libwolfssl.so
uses: actions/upload-artifact@v4
with:
name: openwrt-libwolfssl.so
path: src/.libs/libwolfssl.tgz
retention-days: 5
compile_container:
name: Compile container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 2
needs: build_library
strategy:
fail-fast: false
matrix:
release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/download-artifact@v4
with:
name: openwrt-libwolfssl.so
path: .
- name: untar libwolfssl.so
run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
- name: Build but dont push
uses: docker/build-push-action@v5
with:
context: Docker/OpenWrt
platforms: linux/amd64
push: false
tags: openwrt-test:latest
build-args: DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-${{ matrix.release }}
cache-from: type=gha
cache-to: type=gha,mode=max

108
.github/workflows/grpc.yml vendored
View File

@@ -1,108 +0,0 @@
name: grpc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-grpc
path: build-dir.tgz
retention-days: 5
grpc_check:
strategy:
fail-fast: false
matrix:
include:
- ref: v1.60.0
tests: >-
bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
crl_ssl_transport_security_test server_ssl_test
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Confirm IPv4 and IPv6 support
run: |
ip addr list lo | grep 'inet '
ip addr list lo | grep 'inet6 '
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-grpc
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout grpc
uses: actions/checkout@v4
with:
repository: grpc/grpc
path: grpc
ref: ${{ matrix.ref }}
- name: Build grpc
working-directory: ./grpc
run: |
patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}
- name: Run grpc tests
working-directory: ./grpc
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
./tools/run_tests/start_port_server.py
for t in ${{ matrix.tests }} ; do
./cmake/build/$t
done

110
.github/workflows/hitch.yml vendored
View File

@@ -1,110 +0,0 @@
name: hitch Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-hitch
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-hitch
path: build-dir.tgz
retention-days: 5
hitch_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 1.7.3
ignore-tests: >-
test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-hitch
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
- name: Checkout hitch
uses: actions/checkout@v4
with:
repository: varnish/hitch
ref: 1.7.3
path: hitch
# Do this before configuring so that it only detects the updated list of
# tests
- if: ${{ matrix.ignore-tests }}
name: Remove tests that we want to ignore
working-directory: ./hitch/src/tests
run: |
rm ${{ matrix.ignore-tests }}
- name: Configure and build hitch
run: |
cd $GITHUB_WORKSPACE/hitch/
patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch
autoreconf -ivf
SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir
make -j$(nproc)
- name: Confirm hitch built with wolfSSL
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
ldd src/hitch | grep wolfssl
- name: Run hitch tests, skipping ignored tests
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
make check

11
.github/workflows/hostap-files/Makefile vendored
View File

@@ -1,11 +0,0 @@
obj-m := mac80211_hwsim.o
KDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
default:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
depmod -A
clean:
$(MAKE) -C $(KDIR) M=$(PWD) clean

2
.github/workflows/hostap-files/README vendored
View File

@@ -1,2 +0,0 @@
Makefile and directory used in .github/workflows/hostap.yml to
compile the mac80211_hwsim kernel module.

122
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config vendored
View File

@@ -1,122 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y
CONFIG_IEEE80211BE=y

1677
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests vendored
View File

File diff suppressed because it is too large Load Diff

164
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config vendored
View File

@@ -1,164 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

120
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/hostapd.config vendored
View File

@@ -1,120 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y

656
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests vendored
View File

@@ -1,656 +0,0 @@
sae_pk
sae_pk_group_negotiation
sae_pk_sec_3
sae_pk_sec_5
sae_pk_group_20
sae_pk_group_21
sae_pk_group_20_sae_group_19
sae_pk_group_20_sae_group_21
sae_pk_group_19_sae_group_20
sae_pk_password_without_pk
sae_pk_only
sae_pk_modes
sae_pk_not_on_ap
sae_pk_mixed
sae_pk_mixed_immediate_confirm
sae_pk_missing_ie
sae_pk_unexpected_status
sae_pk_invalid_signature
sae_pk_invalid_fingerprint
sae_pk_and_psk
sae_pk_and_psk_invalid_password
sae_pk_invalid_pw
sae
sae_password_ecc
sae_pmksa_caching
sae_pmksa_caching_pmkid
sae_pmksa_caching_disabled
sae_groups
sae_group_nego
sae_group_nego_no_match
sae_anti_clogging
sae_forced_anti_clogging
sae_mixed
sae_and_psk
sae_and_psk2
sae_wpa3_roam
sae_mixed_mfp
sae_mfp
sae_missing_password
sae_key_lifetime_in_memory
sae_oom_wpas
sae_proto_ecc
sae_proto_ffc
sae_proto_commit_delayed
sae_proto_commit_replay
sae_proto_confirm_replay
sae_proto_hostapd
sae_proto_hostapd_ecc
sae_proto_hostapd_ffc
sae_proto_hostapd_status_126
sae_proto_hostapd_status_127
sae_reflection_attack_ecc
sae_reflection_attack_ecc_internal
sae_commit_override
sae_commit_override2
sae_commit_invalid_scalar_element_ap
sae_commit_invalid_element_ap
sae_commit_invalid_scalar_element_sta
sae_commit_invalid_element_sta
sae_anti_clogging_proto
sae_no_random
sae_invalid_anti_clogging_token_req
sae_password
sae_password_short
sae_password_long
sae_connect_cmd
sae_password_id
sae_password_id_ecc
sae_password_id_ffc
sae_password_id_only
sae_password_id_pwe_looping
sae_password_id_pwe_check_ap
sae_password_id_pwe_check_sta
sae_forced_anti_clogging_pw_id
sae_reauth
sae_sync
sae_confirm_immediate
sae_confirm_immediate2
sae_pwe_group_19
sae_pwe_group_20
sae_pwe_group_21
sae_pwe_group_28
sae_pwe_group_29
sae_pwe_group_30
sae_pwe_group_1
sae_pwe_group_2
sae_pwe_group_22
sae_pwe_h2e_only_ap
sae_pwe_h2e_only_ap_sta_forcing_loop
sae_pwe_loop_only_ap
sae_h2e_rejected_groups
sae_h2e_rejected_groups_unexpected
sae_h2e_password_id
sae_pwe_in_psk_ap
sae_auth_restart
sae_rsne_mismatch
sae_h2e_rsnxe_mismatch
sae_h2e_rsnxe_mismatch_retries
sae_h2e_rsnxe_mismatch_assoc
sae_h2e_rsnxe_mismatch_ap
sae_h2e_rsnxe_mismatch_ap2
sae_h2e_rsnxe_mismatch_ap3
sae_forced_anti_clogging_h2e
sae_forced_anti_clogging_h2e_loop
sae_okc
sae_okc_sta_only
sae_okc_pmk_lifetime
sae_pmk_lifetime
sae_and_psk_multiple_passwords
sae_pmf_roam
sae_ocv_pmk
sae_ocv_pmk_failure
sae_reject
eap_tls_pkcs8_pkcs5_v2_des3
eap_tls_pkcs8_pkcs5_v15
eap_tls_session_resumption
eap_tls_session_resumption_expiration
eap_tls_session_resumption_radius
eap_tls_sha512
eap_tls_sha384
eap_tls_ext_cert_check
eap_tls_errors
ap_wpa2_delayed_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission2
ap_wpa2_delayed_group_m1_retransmission
ap_wpa2_delayed_group_m1_retransmission_igtk
ap_wpa2_delayed_m1_m3_zero_tk
ap_wpa2_plaintext_m1_m3
ap_wpa2_plaintext_m1_m3_pmf
ap_wpa2_plaintext_m3
ap_wpa2_plaintext_group_m1
ap_wpa2_plaintext_group_m1_pmf
ap_wpa2_test_command_failures
ap_wpa2_gtk_initial_rsc_tkip
ap_wpa2_gtk_initial_rsc_ccmp
ap_wpa2_gtk_initial_rsc_ccmp_256
ap_wpa2_gtk_initial_rsc_gcmp
ap_wpa2_gtk_initial_rsc_gcmp_256
ap_wpa2_igtk_initial_rsc_aes_128_cmac
ap_wpa2_igtk_initial_rsc_bip_gmac_128
ap_wpa2_igtk_initial_rsc_bip_gmac_256
ap_wpa2_igtk_initial_rsc_bip_cmac_256
ap_wpa2_psk
ap_wpa2_psk_file
ap_wpa2_psk_file_keyid
ap_wpa2_psk_mem
ap_wpa2_ptk_rekey
ap_wpa2_ptk_rekey_blocked_ap
ap_wpa2_ptk_rekey_blocked_sta
ap_wpa2_ptk_rekey_anonce
ap_wpa2_ptk_rekey_ap
ap_wpa2_sha256_ptk_rekey
ap_wpa2_sha256_ptk_rekey_ap
ap_wpa2_psk_file_errors
ap_wpa2_psk_wildcard_ssid
ap_wpa2_gtk_rekey
ap_wpa2_gtk_rekey_request
ap_wpa2_gtk_rekey_failure
ap_wpa2_gtk_rekey_fail_1_sta
ap_wpa2_gmk_rekey
ap_wpa2_strict_rekey
ap_wpa2_psk_ext
ap_wpa2_psk_unexpected
ap_wpa2_psk_ext_retry_msg_3
ap_wpa2_psk_ext_retry_msg_3b
ap_wpa2_psk_ext_retry_msg_3c
ap_wpa2_psk_ext_retry_msg_3d
ap_wpa2_psk_ext_retry_msg_3e
ap_wpa2_psk_ext_delayed_ptk_rekey
ap_wpa2_psk_ext_eapol
ap_wpa2_psk_ext_eapol_retry1
ap_wpa2_psk_ext_eapol_retry1b
ap_wpa2_psk_ext_eapol_retry1c
ap_wpa2_psk_ext_eapol_retry1d
ap_wpa2_psk_ext_eapol_type_diff
ap_wpa2_psk_ext_eapol_key_info
ap_wpa2_psk_supp_proto
ap_wpa2_psk_supp_proto_no_ie
ap_wpa2_psk_supp_proto_ie_mismatch
ap_wpa2_psk_supp_proto_ok
ap_wpa2_psk_supp_proto_no_gtk
ap_wpa2_psk_supp_proto_anonce_change
ap_wpa2_psk_supp_proto_unexpected_group_msg
ap_wpa2_psk_supp_proto_msg_1_invalid_kde
ap_wpa2_psk_supp_proto_wrong_pairwise_key_len
ap_wpa2_psk_supp_proto_wrong_group_key_len
ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround
ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3
ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_kde
ap_wpa2_psk_supp_proto_gtk_not_encrypted
ap_wpa2_psk_wep
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
ap_wpa2_psk_no_random
ap_wpa2_psk_assoc_rsn
ap_wpa2_psk_ft_workaround
ap_wpa2_psk_assoc_rsn_pmkid
ap_wpa2_eapol_retry_limit
ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
ap_wpa2_psk_rsnxe_mismatch_ap
ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
ap_wpa2_eap_sim
ap_wpa2_eap_sim_imsi_identity
ap_wpa2_eap_sim_imsi_privacy_key
ap_wpa2_eap_sim_imsi_privacy_attr
ap_wpa2_eap_sim_sql
ap_wpa2_eap_sim_config
ap_wpa2_eap_sim_id_0
ap_wpa2_eap_sim_id_1
ap_wpa2_eap_sim_id_2
ap_wpa2_eap_sim_id_3
ap_wpa2_eap_sim_ext
ap_wpa2_eap_sim_ext_replace_sim
ap_wpa2_eap_sim_ext_replace_sim2
ap_wpa2_eap_sim_ext_replace_sim3
ap_wpa2_eap_sim_ext_auth_fail
ap_wpa2_eap_sim_change_bssid
ap_wpa2_eap_sim_no_change_set
ap_wpa2_eap_sim_ext_anonymous
ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
ap_wpa2_eap_sim_oom
ap_wpa2_eap_aka
ap_wpa2_eap_aka_imsi_identity
ap_wpa2_eap_aka_imsi_privacy_key
ap_wpa2_eap_aka_imsi_privacy_attr
ap_wpa2_eap_aka_imsi_privacy_key_expired
ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime_imsi_identity
ap_wpa2_eap_aka_prime_imsi_privacy_key
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_pap
ap_wpa2_eap_ttls_pap_subject_match
ap_wpa2_eap_ttls_pap_check_cert_subject
ap_wpa2_eap_ttls_pap_incorrect_password
ap_wpa2_eap_ttls_chap
ap_wpa2_eap_ttls_chap_altsubject_match
ap_wpa2_eap_ttls_chap_incorrect_password
ap_wpa2_eap_ttls_mschap
ap_wpa2_eap_ttls_mschap_incorrect_password
ap_wpa2_eap_ttls_mschapv2
ap_wpa2_eap_ttls_invalid_phase2
ap_wpa2_eap_ttls_mschapv2_suffix_match
ap_wpa2_eap_ttls_mschapv2_domain_match
ap_wpa2_eap_ttls_mschapv2_incorrect_password
ap_wpa2_eap_ttls_mschapv2_utf8
ap_wpa2_eap_ttls_eap_gtc
ap_wpa2_eap_ttls_eap_gtc_incorrect_password
ap_wpa2_eap_ttls_eap_gtc_no_password
ap_wpa2_eap_ttls_eap_gtc_server_oom
ap_wpa2_eap_ttls_eap_gtc_oom
ap_wpa2_eap_ttls_eap_md5
ap_wpa2_eap_ttls_eap_md5_incorrect_password
ap_wpa2_eap_ttls_eap_md5_no_password
ap_wpa2_eap_ttls_eap_md5_server_oom
ap_wpa2_eap_ttls_eap_mschapv2
ap_wpa2_eap_ttls_eap_mschapv2_no_password
ap_wpa2_eap_ttls_eap_mschapv2_server_oom
ap_wpa2_eap_ttls_eap_sim
ap_wpa2_eap_ttls_eap_sim_ext
ap_wpa2_eap_ttls_eap_vendor
ap_wpa2_eap_peap_eap_sim
ap_wpa2_eap_peap_eap_sim_ext
ap_wpa2_eap_fast_eap_sim_ext
ap_wpa2_eap_ttls_eap_aka
ap_wpa2_eap_peap_eap_aka
ap_wpa2_eap_peap_eap_mschapv2
ap_wpa2_eap_peap_eap_mschapv2_domain
ap_wpa2_eap_peap_eap_mschapv2_incorrect_password
ap_wpa2_eap_peap_crypto_binding
ap_wpa2_eap_peap_crypto_binding_server_oom
ap_wpa2_eap_peap_params
ap_wpa2_eap_peap_eap_gtc
ap_wpa2_eap_peap_eap_tls
ap_wpa2_eap_peap_eap_vendor
ap_wpa2_eap_tls
ap_wpa2_eap_tls_blob
ap_wpa2_eap_tls_blob_pem
ap_wpa2_eap_tls_blob_missing
ap_wpa2_eap_tls_with_tls_len
ap_wpa2_eap_tls_pkcs12
ap_wpa2_eap_tls_pkcs12_blob
ap_wpa2_eap_tls_pkcs12_blob_pem
ap_wpa2_eap_tls_diff_ca_trust
ap_wpa2_eap_tls_diff_ca_trust2
ap_wpa2_eap_tls_diff_ca_trust3
ap_wpa2_eap_tls_neg_suffix_match
ap_wpa2_eap_tls_neg_domain_match
ap_wpa2_eap_tls_neg_subject_match
ap_wpa2_eap_tls_neg_altsubject_match
ap_wpa2_eap_unauth_tls
ap_wpa2_eap_ttls_server_cert_hash
ap_wpa2_eap_ttls_server_cert_hash_invalid
ap_wpa2_eap_pwd
ap_wpa2_eap_pwd_nthash
ap_wpa2_eap_pwd_salt_sha1
ap_wpa2_eap_pwd_salt_sha256
ap_wpa2_eap_pwd_salt_sha512
ap_wpa2_eap_pwd_groups
ap_wpa2_eap_pwd_invalid_group
ap_wpa2_eap_pwd_disabled_group
ap_wpa2_eap_pwd_as_frag
ap_wpa2_eap_gpsk
ap_wpa2_eap_sake
ap_wpa2_eap_eke
ap_wpa2_eap_eke_many
ap_wpa2_eap_eke_serverid_nai
ap_wpa2_eap_eke_server_oom
ap_wpa2_eap_ikev2
ap_wpa2_eap_ikev2_as_frag
ap_wpa2_eap_ikev2_oom
ap_wpa2_eap_pax
ap_wpa2_eap_psk
ap_wpa2_eap_psk_oom
ap_wpa2_eap_interactive
ap_wpa2_eap_ext_enable_network_while_connected
ap_wpa2_eap_vendor_test
ap_wpa2_eap_vendor_test_oom
ap_wpa2_eap_fast_gtc_identity_change
ap_wpa2_eap_fast_eap_vendor
ap_wpa2_eap_tls_ocsp
ap_wpa2_eap_tls_ocsp_multi
ap_wpa2_eap_tls_ocsp_key_id
ap_wpa2_eap_tls_ocsp_ca_signed_good
ap_wpa2_eap_tls_ocsp_ca_signed_revoked
ap_wpa2_eap_tls_ocsp_ca_signed_unknown
ap_wpa2_eap_tls_ocsp_server_signed
ap_wpa2_eap_tls_ocsp_invalid_data
ap_wpa2_eap_tls_ocsp_invalid
ap_wpa2_eap_tls_ocsp_unknown_sign
ap_wpa2_eap_tls_intermediate_ca
ap_wpa2_eap_tls_ocsp_multi_revoked
ap_wpa2_eap_tls_domain_suffix_match_cn_full
ap_wpa2_eap_tls_domain_match_cn
ap_wpa2_eap_tls_domain_suffix_match_cn
ap_wpa2_eap_tls_domain_suffix_mismatch_cn
ap_wpa2_eap_tls_domain_mismatch_cn
ap_wpa2_eap_ttls_long_duration
ap_wpa2_eap_ttls_server_cert_eku_client
ap_wpa2_eap_ttls_server_cert_eku_client_server
ap_wpa2_eap_ttls_server_pkcs12
ap_wpa2_eap_ttls_server_pkcs12_extra
ap_wpa2_eap_ttls_dh_params_server
ap_wpa2_eap_ttls_dh_params_dsa_server
ap_wpa2_eap_ttls_dh_params_not_found
ap_wpa2_eap_ttls_dh_params_invalid
ap_wpa2_eap_reauth
ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
ap_wpa2_eap_request_identity_message
ap_wpa2_eap_sim_aka_result_ind
ap_wpa2_eap_sim_zero_db_timeout
ap_wpa2_eap_too_many_roundtrips
ap_wpa2_eap_too_many_roundtrips_server
ap_wpa2_eap_too_many_roundtrips_server2
ap_wpa2_eap_expanded_nak
ap_wpa2_eap_sql
ap_wpa2_eap_non_ascii_identity
ap_wpa2_eap_non_ascii_identity2
ap_wpa2_eap_unexpected_wep_eapol_key
ap_wpa2_eap_session_ticket
ap_wpa2_eap_no_workaround
ap_wpa2_eap_tls_check_crl
ap_wpa2_eap_tls_check_crl_not_strict
ap_wpa2_eap_tls_crl_reload
ap_wpa2_eap_tls_check_cert_subject
ap_wpa2_eap_tls_check_cert_subject_neg
ap_wpa2_eap_tls_oom
ap_wpa2_eap_tls_macacl
ap_wpa2_eap_oom
ap_wpa2_eap_tls_13
ap_wpa2_eap_tls_13_ocsp
ap_wpa2_eap_tls_13_missing_prot_success
ap_wpa2_eap_tls_13_fragmentation
ap_wpa2_eap_ttls_13
ap_wpa2_eap_peap_13
ap_wpa2_eap_tls_13_ec
ap_wpa2_eap_sim_db
ap_wpa2_eap_sim_db_sqlite
ap_wpa2_eap_assoc_rsn
ap_wpa2_eap_status
ap_wpa2_eap_gpsk_ptk_rekey_ap
ap_wpa2_eap_wildcard_ssid
ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_tls_tod
ap_wpa2_eap_tls_tod_tofu
ap_wpa2_eap_sake_no_control_port
dpp_network_intro_version
dpp_network_intro_version_change
dpp_network_intro_version_missing_req
dpp_tcp_pkex
dpp_tcp_pkex_auto_connect_2
dpp_tcp_pkex_auto_connect_2_status
dpp_tcp_pkex_auto_connect_2_status_fail
dpp_tcp_pkex_while_associated
dpp_tcp_pkex_while_associated_conn_status
dpp_controller_relay_pkex
dpp_push_button
dpp_push_button_session_overlap_sta
dpp_push_button_session_overlap_ap
dpp_push_button_session_overlap_configurator
dpp_push_button_2sta
dpp_push_button_r_hash_mismatch_sta
dpp_push_button_i_hash_mismatch_ap
dpp_push_button_r_hash_mismatch_ap
dpp_push_button_ext_conf
dpp_push_button_wpas_conf
dpp_private_peer_introduction
dpp_qr_code_parsing
dpp_uri_version
dpp_uri_supported_curves
dpp_uri_host
dpp_qr_code_parsing_fail
dpp_qr_code_curves
dpp_qr_code_curves_brainpool
dpp_qr_code_unsupported_curve
dpp_qr_code_keygen_fail
dpp_qr_code_auth_broadcast
dpp_configurator_enrollee_prime256v1
dpp_configurator_enrollee_secp384r1
dpp_configurator_enrollee_brainpoolP256r1
dpp_configurator_enrollee_brainpoolP384r1
dpp_configurator_enrollee_brainpoolP512r1
dpp_configurator_enroll_conf
dpp_qr_code_curve_prime256v1
dpp_qr_code_curve_secp384r1
dpp_qr_code_curve_secp521r1
dpp_qr_code_curve_brainpoolP256r1
dpp_qr_code_curve_brainpoolP384r1
dpp_qr_code_curve_brainpoolP512r1
dpp_qr_code_set_key
dpp_qr_code_auth_mutual
dpp_qr_code_auth_mutual_p_256
dpp_qr_code_auth_mutual_p_384
dpp_qr_code_auth_mutual_p_521
dpp_qr_code_auth_mutual_bp_256
dpp_qr_code_auth_mutual_bp_384
dpp_qr_code_auth_mutual_bp_512
dpp_auth_resp_retries
dpp_qr_code_auth_mutual_not_used
dpp_qr_code_auth_mutual_curve_mismatch
dpp_qr_code_auth_hostapd_mutual2
dpp_qr_code_listen_continue
dpp_qr_code_auth_initiator_enrollee
dpp_qr_code_auth_initiator_either_2
dpp_qr_code_auth_initiator_either_3
dpp_config_legacy
dpp_config_legacy_psk_hex
dpp_config_fragmentation
dpp_config_legacy_gen
dpp_config_legacy_gen_psk
dpp_config_dpp_gen_prime256v1
dpp_config_dpp_gen_secp384r1
dpp_config_dpp_gen_secp521r1
dpp_config_dpp_gen_expiry
dpp_config_dpp_gen_expired_key
dpp_config_dpp_gen_3rd_party
dpp_config_dpp_override_prime256v1
dpp_config_dpp_override_secp384r1
dpp_config_override_objects
dpp_config_signed_connector_error_no_dot_1
dpp_config_signed_connector_error_no_dot_2
dpp_config_signed_connector_error_unexpected_signature_len
dpp_config_no_csign
dpp_config_no_signed_connector
dpp_config_unexpected_signed_connector_char
dpp_config_root_not_an_object
dpp_config_no_wi_fi_tech
dpp_config_no_discovery
dpp_config_no_discovery_ssid
dpp_config_too_long_discovery_ssid
dpp_config_no_cred
dpp_config_no_cred_akm
dpp_config_error_legacy_no_pass
dpp_config_error_legacy_too_long_pass
dpp_config_error_legacy_psk_with_sae
dpp_config_error_legacy_no_pass_for_sae
dpp_config_error_legacy_invalid_psk
dpp_config_error_legacy_too_short_psk
dpp_config_connector_error_ext_sign
dpp_config_connector_error_too_short_timestamp
dpp_config_connector_error_invalid_timestamp
dpp_config_connector_error_invalid_timestamp_date
dpp_config_connector_error_expired_1
dpp_config_connector_error_expired_2
dpp_config_connector_error_expired_3
dpp_config_connector_error_expired_4
dpp_config_connector_error_expired_6
dpp_config_connector_error_no_groups
dpp_config_connector_error_empty_groups
dpp_config_connector_error_missing_group_id
dpp_config_connector_error_missing_net_role
dpp_config_connector_error_missing_net_access_key
dpp_config_connector_error_net_access_key_mismatch
dpp_akm_sha256
dpp_akm_sha384
dpp_akm_sha512
dpp_network_introduction
dpp_network_introduction_expired
dpp_and_sae_akm
dpp_ap_config
dpp_ap_config_p256_p256
dpp_ap_config_p256_p384
dpp_ap_config_p384_p256
dpp_ap_config_p384_p384
dpp_ap_config_p521_p256
dpp_ap_config_p521_p384
dpp_ap_config_bp256_bp256
dpp_ap_config_bp384_bp384
dpp_ap_config_bp512_bp512
dpp_ap_config_p256_bp256
dpp_ap_config_bp256_p256
dpp_ap_config_p521_bp512
dpp_ap_config_reconfig_configurator
dpp_auto_connect_legacy
dpp_auto_connect_legacy_ssid_charset
dpp_auto_connect_legacy_sae_1
dpp_auto_connect_legacy_sae_2
dpp_auto_connect_legacy_psk_sae_1
dpp_auto_connect_legacy_psk_sae_2
dpp_auto_connect_legacy_psk_sae_3
dpp_auto_connect_legacy_pmf_required
dpp_test_vector_p_256
dpp_test_vector_p_256_b
dpp_test_vector_p_521
dpp_pkex
dpp_pkex_v2
dpp_pkex_p256
dpp_pkex_p384
dpp_pkex_p521
dpp_pkex_bp256
dpp_pkex_bp384
dpp_pkex_bp512
dpp_pkex_config
dpp_pkex_no_identifier
dpp_pkex_identifier_mismatch
dpp_pkex_identifier_mismatch2
dpp_pkex_identifier_mismatch3
dpp_pkex_test_vector
dpp_pkex_code_mismatch
dpp_pkex_code_mismatch_limit
dpp_pkex_curve_mismatch
dpp_pkex_curve_mismatch_failure
dpp_pkex_curve_mismatch_failure2
dpp_pkex_exchange_resp_processing_failure
dpp_pkex_commit_reveal_req_processing_failure
dpp_pkex_config2
dpp_pkex_no_responder
dpp_pkex_after_retry
dpp_pkex_hostapd_responder
dpp_pkex_v2_hostapd_responder
dpp_pkex_hostapd_initiator
dpp_pkex_v2_hostapd_initiator
dpp_pkex_hostapd_initiator_fallback
dpp_pkex_hostapd_initiator_no_response
dpp_pkex_hostapd_errors
dpp_pkex_nak_curve_change
dpp_pkex_nak_curve_change2
dpp_hostapd_configurator
dpp_hostapd_configurator_responder
dpp_hostapd_configurator_fragmentation
dpp_hostapd_enrollee_fragmentation
dpp_hostapd_enrollee_gas_timeout
dpp_hostapd_enrollee_gas_timeout_comeback
dpp_hostapd_enrollee_gas_errors
dpp_hostapd_enrollee_gas_proto
dpp_hostapd_enrollee_gas_tx_status_errors
dpp_hostapd_configurator_override_objects
dpp_own_config
dpp_own_config_group_id
dpp_proto_after_wrapped_data_auth_req
dpp_auth_req_stop_after_ack
dpp_auth_req_retries
dpp_auth_req_retries_multi_chan
dpp_proto_after_wrapped_data_auth_resp
dpp_proto_after_wrapped_data_auth_conf
dpp_proto_after_wrapped_data_conf_req
dpp_proto_after_wrapped_data_conf_resp
dpp_proto_stop_at_pkex_exchange_resp
dpp_proto_stop_at_pkex_cr_req
dpp_proto_stop_at_pkex_cr_resp
dpp_proto_network_introduction
dpp_hostapd_auth_conf_timeout
dpp_tcp
dpp_tcp_port
dpp_tcp_mutual
dpp_tcp_mutual_hostapd_conf
dpp_tcp_conf_init
dpp_tcp_conf_init_hostapd_enrollee
dpp_tcp_controller_management_hostapd
dpp_tcp_controller_management_hostapd2
dpp_tcp_controller_start_failure
dpp_tcp_init_failure
dpp_controller_rx_failure
dpp_controller_rx_errors
dpp_conn_status_success
dpp_conn_status_wrong_passphrase
dpp_conn_status_no_ap
dpp_conn_status_connector_mismatch
dpp_conn_status_assoc_reject
dpp_conn_status_success_hostapd_configurator
dpp_mud_url
dpp_mud_url_hostapd
dpp_config_save
dpp_config_save2
dpp_config_save3
dpp_nfc_uri
dpp_nfc_uri_hostapd
dpp_nfc_uri_hostapd_tag_read
dpp_nfc_negotiated_handover
dpp_nfc_negotiated_handover_diff_curve
dpp_nfc_negotiated_handover_hostapd_sel
dpp_nfc_negotiated_handover_hostapd_req
dpp_nfc_errors_hostapd
dpp_with_p2p_device
dpp_pfs_ap_0
dpp_pfs_ap_1
dpp_pfs_ap_2
dpp_pfs_connect_cmd
dpp_pfs_connect_cmd_ap_2
dpp_pfs_connect_cmd_ap_2_sae
dpp_pfs_ap_0_sta_ver1
dpp_pfs_errors
dpp_qr_code_auth_rand_mac_addr
dpp_enterprise
dpp_enterprise_tcp
dpp_enterprise_tcp2
dpp_qr_code_config_event_initiator
dpp_qr_code_config_event_initiator_set_comeback
dpp_qr_code_config_event_initiator_slow
dpp_qr_code_config_event_initiator_failure
dpp_qr_code_config_event_initiator_no_response
dpp_qr_code_config_event_initiator_both
dpp_tcp_qr_code_config_event_initiator
dpp_discard_public_action

163
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/wpa_supplicant.config vendored
View File

@@ -1,163 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

47
.github/workflows/hostap-files/configs/hostap_2_10/extra.patch vendored
View File

@@ -1,47 +0,0 @@
From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Apr 2024 16:41:38 +0200
Subject: [PATCH] Fixes for running tests under UML
- Apply commit ID fix from more recent commit
- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
---
src/crypto/crypto_wolfssl.c | 2 +-
tests/hwsim/run-all.sh | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 00ecf61352..a57fa50697 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
int ret = -1;
WC_RNG rng;
DhKey *dh = NULL;
- word32 priv_sz, pub_sz;
+ word32 priv_sz = prime_len, pub_sz = prime_len;
if (TEST_FAIL())
return -1;
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
index ee48cd0581..75c3a58b52 100755
--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
@@ -15,7 +15,13 @@ export LOGDIR
if [ -z "$DBFILE" ]; then
DB=""
else
- DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+ DB="-S $DBFILE"
+ if [ -z "$COMMITID" ]; then
+ COMMITID="$(git rev-parse HEAD)"
+ fi
+ if [ -n "$COMMITID" ]; then
+ DB="$DB --commit $COMMITID"
+ fi
if [ -n "$BUILD" ]; then
DB="$DB -b $BUILD"
fi
--
2.34.1

119
.github/workflows/hostap-files/configs/hostap_2_10/hostapd.config vendored
View File

@@ -1,119 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
#CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
#CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
#CONFIG_DPP=y
#CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y

270
.github/workflows/hostap-files/configs/hostap_2_10/tests vendored
View File

@@ -1,270 +0,0 @@
sae
sae_password_ecc
sae_pmksa_caching
sae_pmksa_caching_pmkid
sae_pmksa_caching_disabled
sae_groups
sae_group_nego
sae_group_nego_no_match
sae_anti_clogging
sae_forced_anti_clogging
sae_mixed
sae_and_psk
sae_and_psk2
sae_wpa3_roam
sae_mixed_mfp
sae_mfp
sae_missing_password
sae_key_lifetime_in_memory
sae_oom_wpas
sae_proto_ecc
sae_proto_ffc
sae_proto_commit_delayed
sae_proto_commit_replay
sae_proto_confirm_replay
sae_proto_hostapd
sae_proto_hostapd_ecc
sae_proto_hostapd_ffc
sae_proto_hostapd_status_126
sae_proto_hostapd_status_127
sae_reflection_attack_ecc
sae_reflection_attack_ecc_internal
sae_commit_override
sae_commit_override2
sae_commit_invalid_scalar_element_ap
sae_commit_invalid_element_ap
sae_commit_invalid_scalar_element_sta
sae_commit_invalid_element_sta
sae_anti_clogging_proto
sae_no_random
sae_bignum_failure_unsafe_group
sae_invalid_anti_clogging_token_req
sae_password
sae_password_short
sae_password_long
sae_connect_cmd
sae_password_id
sae_password_id_ecc
sae_password_id_ffc
sae_password_id_only
sae_password_id_pwe_looping
sae_password_id_pwe_check_ap
sae_password_id_pwe_check_sta
sae_forced_anti_clogging_pw_id
sae_reauth
sae_sync
sae_confirm_immediate
sae_confirm_immediate2
sae_pwe_group_19
sae_pwe_group_20
sae_pwe_group_21
sae_pwe_group_1
sae_pwe_group_2
sae_pwe_group_22
sae_pwe_h2e_only_ap
sae_pwe_h2e_only_ap_sta_forcing_loop
sae_pwe_loop_only_ap
sae_h2e_rejected_groups
sae_h2e_rejected_groups_unexpected
sae_h2e_password_id
sae_pwe_in_psk_ap
sae_auth_restart
sae_rsne_mismatch
sae_h2e_rsnxe_mismatch
sae_h2e_rsnxe_mismatch_retries
sae_h2e_rsnxe_mismatch_assoc
sae_h2e_rsnxe_mismatch_ap
sae_h2e_rsnxe_mismatch_ap2
sae_h2e_rsnxe_mismatch_ap3
sae_forced_anti_clogging_h2e
sae_forced_anti_clogging_h2e_loop
sae_okc
sae_okc_sta_only
sae_okc_pmk_lifetime
sae_pmk_lifetime
sae_and_psk_multiple_passwords
sae_pmf_roam
sae_ocv_pmk
sae_ocv_pmk_failure
sae_reject
eap_tls_pkcs8_pkcs5_v2_des3
eap_tls_pkcs8_pkcs5_v15
eap_tls_sha512
eap_tls_sha384
eap_tls_errors
eap_proto_peap_errors_server
eap_proto_peap_errors
ap_wpa2_delayed_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission2
ap_wpa2_delayed_group_m1_retransmission
ap_wpa2_delayed_group_m1_retransmission_igtk
ap_wpa2_delayed_m1_m3_zero_tk
ap_wpa2_plaintext_m1_m3
ap_wpa2_plaintext_m1_m3_pmf
ap_wpa2_plaintext_m3
ap_wpa2_plaintext_group_m1
ap_wpa2_plaintext_group_m1_pmf
ap_wpa2_test_command_failures
ap_wpa2_gtk_initial_rsc_tkip
ap_wpa2_gtk_initial_rsc_ccmp
ap_wpa2_gtk_initial_rsc_ccmp_256
ap_wpa2_gtk_initial_rsc_gcmp
ap_wpa2_gtk_initial_rsc_gcmp_256
ap_wpa2_igtk_initial_rsc_aes_128_cmac
ap_wpa2_igtk_initial_rsc_bip_gmac_128
ap_wpa2_igtk_initial_rsc_bip_gmac_256
ap_wpa2_igtk_initial_rsc_bip_cmac_256
ap_wpa2_psk
ap_wpa2_psk_file
ap_wpa2_psk_file_keyid
ap_wpa2_psk_mem
ap_wpa2_ptk_rekey
ap_wpa2_ptk_rekey_blocked_ap
ap_wpa2_ptk_rekey_blocked_sta
ap_wpa2_ptk_rekey_anonce
ap_wpa2_ptk_rekey_ap
ap_wpa2_sha256_ptk_rekey
ap_wpa2_sha256_ptk_rekey_ap
ap_wpa2_psk_file_errors
ap_wpa2_psk_wildcard_ssid
ap_wpa2_gtk_rekey
ap_wpa2_gtk_rekey_request
ap_wpa2_gtk_rekey_failure
ap_wpa2_gmk_rekey
ap_wpa2_strict_rekey
ap_wpa2_psk_ext
ap_wpa2_psk_unexpected
ap_wpa2_psk_ext_retry_msg_3
ap_wpa2_psk_ext_retry_msg_3b
ap_wpa2_psk_ext_retry_msg_3c
ap_wpa2_psk_ext_retry_msg_3d
ap_wpa2_psk_ext_retry_msg_3e
ap_wpa2_psk_ext_delayed_ptk_rekey
ap_wpa2_psk_ext_eapol
ap_wpa2_psk_ext_eapol_retry1
ap_wpa2_psk_ext_eapol_retry1b
ap_wpa2_psk_ext_eapol_retry1c
ap_wpa2_psk_ext_eapol_retry1d
ap_wpa2_psk_ext_eapol_type_diff
ap_wpa2_psk_ext_eapol_key_info
ap_wpa2_psk_wep
ap_wpa2_psk_ifdown
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
ap_wpa2_psk_no_random
ap_wpa2_psk_assoc_rsn
ap_wpa2_psk_ft_workaround
ap_wpa2_psk_assoc_rsn_pmkid
ap_wpa2_eapol_retry_limit
ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
ap_wpa2_psk_rsnxe_mismatch_ap
ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
ap_wpa2_eap_sim
ap_wpa2_eap_sim_sql
ap_wpa2_eap_sim_config
ap_wpa2_eap_sim_id_0
ap_wpa2_eap_sim_id_1
ap_wpa2_eap_sim_id_2
ap_wpa2_eap_sim_id_3
ap_wpa2_eap_sim_ext
ap_wpa2_eap_sim_ext_replace_sim
ap_wpa2_eap_sim_ext_replace_sim2
ap_wpa2_eap_sim_ext_replace_sim3
ap_wpa2_eap_sim_ext_auth_fail
ap_wpa2_eap_sim_change_bssid
ap_wpa2_eap_sim_no_change_set
ap_wpa2_eap_sim_ext_anonymous
ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
ap_wpa2_eap_sim_oom
ap_wpa2_eap_aka
ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime
ap_wpa2_eap_aka_prime_sql
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_invalid_phase2
ap_wpa2_eap_ttls_eap_vendor
ap_wpa2_eap_fast_eap_sim
ap_wpa2_eap_fast_eap_aka
ap_wpa2_eap_peap_params
ap_wpa2_eap_peap_eap_gtc
ap_wpa2_eap_peap_eap_vendor
ap_wpa2_eap_ttls_server_cert_hash
ap_wpa2_eap_ttls_server_cert_hash_invalid
ap_wpa2_eap_pwd
ap_wpa2_eap_pwd_nthash
ap_wpa2_eap_pwd_salt_sha1
ap_wpa2_eap_pwd_salt_sha256
ap_wpa2_eap_pwd_salt_sha512
ap_wpa2_eap_pwd_groups
ap_wpa2_eap_pwd_invalid_group
ap_wpa2_eap_pwd_disabled_group
ap_wpa2_eap_pwd_as_frag
ap_wpa2_eap_gpsk
ap_wpa2_eap_sake
ap_wpa2_eap_ikev2
ap_wpa2_eap_ikev2_as_frag
ap_wpa2_eap_ikev2_oom
ap_wpa2_eap_pax
ap_wpa2_eap_psk
ap_wpa2_eap_psk_oom
ap_wpa2_eap_interactive
ap_wpa2_eap_ext_enable_network_while_connected
ap_wpa2_eap_vendor_test
ap_wpa2_eap_vendor_test_oom
ap_wpa2_eap_ttls_ocsp_revoked
ap_wpa2_eap_ttls_ocsp_unknown
ap_wpa2_eap_ttls_optional_ocsp_unknown
ap_wpa2_eap_ttls_long_duration
ap_wpa2_eap_ttls_server_cert_eku_client
ap_wpa2_eap_ttls_server_cert_eku_client_server
ap_wpa2_eap_ttls_dh_params
ap_wpa2_eap_ttls_dh_params_dsa
ap_wpa2_eap_ttls_dh_params_not_found
ap_wpa2_eap_ttls_dh_params_invalid
ap_wpa2_eap_ttls_dh_params_blob
ap_wpa2_eap_ttls_dh_params_server
ap_wpa2_eap_ttls_dh_params_dsa_server
ap_wpa2_eap_reauth
ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
ap_wpa2_eap_request_identity_message
ap_wpa2_eap_sim_aka_result_ind
ap_wpa2_eap_sim_zero_db_timeout
ap_wpa2_eap_too_many_roundtrips
ap_wpa2_eap_too_many_roundtrips_server
ap_wpa2_eap_too_many_roundtrips_server2
ap_wpa2_eap_expanded_nak
ap_wpa2_eap_sql
ap_wpa2_eap_non_ascii_identity
ap_wpa2_eap_non_ascii_identity2
ap_wpa2_eap_unexpected_wep_eapol_key
ap_wpa2_eap_oom
ap_wpa2_eap_sim_db
ap_wpa2_eap_sim_db_sqlite
ap_wpa2_eap_assoc_rsn
ap_wpa2_eap_status
ap_wpa2_eap_gpsk_ptk_rekey_ap
ap_wpa2_eap_wildcard_ssid
ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_sake_no_control_port

163
.github/workflows/hostap-files/configs/hostap_2_10/wpa_supplicant.config vendored
View File

@@ -1,163 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
#CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
#CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
#CONFIG_DPP=y
#CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

23
.github/workflows/hostap-files/dbus-wpa_supplicant.conf vendored
View File

@@ -1,23 +0,0 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="fi.epitest.hostap.WPASupplicant"/>
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
<allow own="fi.w1.wpa_supplicant1"/>
<allow send_destination="fi.w1.wpa_supplicant1"/>
<allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
<policy context="default">
<deny own="fi.epitest.hostap.WPASupplicant"/>
<deny send_destination="fi.epitest.hostap.WPASupplicant"/>
<deny send_interface="fi.epitest.hostap.WPASupplicant"/>
<deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/>
<deny send_interface="fi.w1.wpa_supplicant1"/>
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
</busconfig>

320
.github/workflows/hostap-vm.yml vendored
View File

@@ -1,320 +0,0 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-vm-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir.tgz
retention-days: 5
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
path: linux
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
run: |
cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
cd linux
yes "" | ARCH=um make -j $(nproc)
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. Tests are read from the corresponding
# configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-vm-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
},
{
hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
build_id: hostap-vm-build2
},
]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
run: tree
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
run: ./update.sh
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- name: Apply extra patches
working-directory: hostap
run: |
FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
if [ -f "$FILE" ]; then
patch -p1 < $FILE
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap and wpa_supplicant
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
cat <<EOF >> vm/vm-config
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
HWSIM_RES=0 # Not set when command succeeds
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$?
if [ "$HWSIM_RES" -ne "0" ]; then
# Let's re-run the failing tests. We gather the failed tests from the log file.
FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
printf 'failed tests: %s\n' "$FAILED_TESTS"
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
fi
rm -r /tmp/hwsim-test-logs
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
# The logs are quite big. It hasn't been useful so far so let's not waste
# precious gh space.
#- name: zip logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# working-directory: hostap/tests/hwsim/
# run: |
# rm /tmp/hwsim-test-logs/latest
# zip -9 -r logs.zip /tmp/hwsim-test-logs
#
#- name: Upload failure logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# uses: actions/upload-artifact@v4
# with:
# name: hostap-logs-${{ env.our_job_run_id }}
# path: hostap/tests/hwsim/logs.zip
# retention-days: 5

85
.github/workflows/ipmitool.yml vendored
View File

@@ -1,85 +0,0 @@
name: ipmitool Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
if: github.repository_owner == 'wolfssl'
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ipmitool
path: build-dir.tgz
retention-days: 5
build_ipmitool:
strategy:
fail-fast: false
matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ipmitool
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build ipmitool
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: ipmitool/ipmitool
ref: ${{ matrix.git_ref }}
path: ipmitool
patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
# No checks included and not running since it depends on hardware
check: false
- name: Confirm built with wolfSSL
working-directory: ipmitool
run: |
ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl

96
.github/workflows/jwt-cpp.yml vendored
View File

@@ -1,96 +0,0 @@
name: jwt-cpp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-jwt-cpp
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
config:
- ref: 0.7.0
runner: ubuntu-latest
- ref: 0.6.0
runner: ubuntu-22.04
name: ${{ matrix.config.ref }}
runs-on: ${{ matrix.config.runner }}
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libgtest-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-jwt-cpp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jwt-cpp
uses: actions/checkout@v4
with:
repository: Thalhammer/jwt-cpp
path: jwt-cpp
ref: v${{ matrix.config.ref }}
- name: Build pam-ipmi
working-directory: jwt-cpp
run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl
- name: Run jwt-cpp tests
working-directory: jwt-cpp
run: ./build/tests/jwt-cpp-test

103
.github/workflows/krb5.yml vendored
View File

@@ -1,103 +0,0 @@
name: Kerberos 5 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 5
steps:
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-krb CC='gcc -fsanitize=address'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-krb5
path: build-dir.tgz
retention-days: 5
krb5_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-krb5
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout krb5
uses: actions/checkout@v4
with:
repository: krb5/krb5
ref: krb5-${{ matrix.ref }}-final
path: krb5
- name: Apply patch
working-directory: ./krb5
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build krb5
working-directory: ./krb5/src
run: |
autoreconf -ivf
# Using rpath because LD_LIBRARY_PATH is overwritten during testing
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
- name: Run tests
working-directory: ./krb5/src
run: |
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check

74
.github/workflows/libssh2.yml vendored
View File

@@ -1,74 +0,0 @@
name: libssh2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
check: false # config is already tested in many other PRB's
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir.tgz
retention-days: 5
libssh2_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.11.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libssh2
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: libssh2/libssh2
ref: libssh2-${{ matrix.ref }}
path: libssh2
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm libssh2 built with wolfSSL
working-directory: ./libssh2
run: ldd src/.libs/libssh2.so | grep wolfssl

86
.github/workflows/libvncserver.yml vendored
View File

@@ -1,86 +0,0 @@
name: libvncserver Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libvncserver
path: build-dir.tgz
retention-days: 5
build_libvncserver:
strategy:
fail-fast: false
matrix:
ref: [ 0.9.13 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libvncserver
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libvncserver
uses: actions/checkout@v4
with:
repository: LibVNC/libvncserver
path: libvncserver
ref: LibVNCServer-${{ matrix.ref }}
- name: Build libvncserver
working-directory: libvncserver
run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl
- name: Run libvncserver tests
working-directory: libvncserver
run: make -C build test

14
.github/workflows/memcached.sh vendored
View File

@@ -1,14 +0,0 @@
#!/bin/sh
if [ -z "$GITHUB_WORKSPACE" ]; then
echo '$GITHUB_WORKSPACE is not set'
exit 1
fi
if [ -z "$HOST_ROOT" ]; then
echo '$HOST_ROOT is not set'
exit 1
fi
chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \
-j$(nproc) PARALLEL=$(nproc) test_tls

123
.github/workflows/memcached.yml vendored
View File

@@ -1,123 +0,0 @@
name: memcached Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-memcached
install: true
- name: Bundle Docker entry point
run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-memcached
path: build-dir.tgz
retention-days: 5
memcached_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 1.6.22
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-memcached
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
- name: Checkout memcached
uses: actions/checkout@v4
with:
repository: memcached/memcached
ref: 1.6.22
path: memcached
- name: Configure and build memcached
run: |
cd $GITHUB_WORKSPACE/memcached/
patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.22.patch
./autogen.sh
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig ./configure --enable-wolfssl
make -j$(nproc)
- name: Confirm memcached built with wolfSSL
working-directory: ./memcached
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
ldd memcached | grep wolfssl
- name: Run memcached tests
working-directory: ./memcached
run: |
# Retry up to three times
# Using docker because interrupting the tests doesn't close running
# background servers. They can become daemonized and then all re-runs
# will always fail.
chmod +x $GITHUB_WORKSPACE/build-dir/bin/memcached.sh
for i in {1..3}; do
echo "-------- RUNNING TESTS --------"
MEMCACHED_RES=0 # Not set when command succeeds
# Tests should usually take less than 4 minutes. If already taking
# 5 minutes then they are probably stuck. Interrupt and re-run.
time timeout -s SIGKILL 5m docker run -v /:/host \
-v $GITHUB_WORKSPACE/build-dir/bin/memcached.sh:/memcached.sh \
-e GITHUB_WORKSPACE=$GITHUB_WORKSPACE \
-e HOST_ROOT=/host \
-e LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH \
alpine:latest /memcached.sh || MEMCACHED_RES=$?
if [ "$MEMCACHED_RES" -eq "0" ]; then
break
fi
done
echo "test ran $i times"
if [ "$MEMCACHED_RES" -ne "0" ]; then
exit $MEMCACHED_RES
fi

99
.github/workflows/mosquitto.yml vendored
View File

@@ -1,99 +0,0 @@
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make python3-psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi

64
.github/workflows/multi-arch.yml vendored
View File

@@ -1,64 +0,0 @@
name: Multiple architectures
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
name: Multi-arch test
strategy:
fail-fast: false
matrix:
include:
- HOST: aarch64-linux-gnu
CC: aarch64-linux-gnu-gcc
ARCH: arm64
EXTRA_OPTS: --enable-sp-asm --enable-armasm
- HOST: arm-linux-gnueabihf
CC: arm-linux-gnueabihf-gcc
ARCH: armhf
EXTRA_OPTS: --enable-sp-asm
- HOST: riscv64-linux-gnu
CC: riscv64-linux-gnu-gcc
ARCH: riscv64
# Config to ensure CPUs without Thumb instructions compiles
- HOST: arm-linux-gnueabi
CC: arm-linux-gnueabi-gcc
CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
ARCH: armel
EXTRA_OPTS: --enable-sp-asm
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Install Compiler
run: |
sudo apt update
sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}
CFLAGS: ${{ matrix.CFLAGS }}
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f config.log ] ; then
cat config.log
fi
- name: Run WolfCrypt Tests
env:
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./wolfcrypt/test/testwolfcrypt

65
.github/workflows/multi-compiler.yml vendored
View File

@@ -1,65 +0,0 @@
name: Multiple compilers and versions
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
name: Compiler test
strategy:
fail-fast: false
matrix:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-latest
- CC: gcc-10
CXX: g++-10
OS: ubuntu-latest
- CC: gcc-11
CXX: g++-11
OS: ubuntu-latest
- CC: gcc-12
CXX: g++-12
OS: ubuntu-latest
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
- CC: clang-11
CXX: clang++-11
OS: ubuntu-20.04
- CC: clang-12
CXX: clang++-12
OS: ubuntu-20.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-latest
- CC: clang-14
CXX: clang++-14
OS: ubuntu-latest
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Install dependencies
run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y ${{ matrix.CC }}
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}
CXX: ${{ matrix.CXX }}
run: ./autogen.sh && ./configure && make && make dist
- name: Show log on errors
if: ${{ failure() }}
run: |
cat config.log

84
.github/workflows/net-snmp.yml vendored
View File

@@ -1,84 +0,0 @@
name: net-snmp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-net-snmp
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-net-snmp
path: build-dir.tgz
retention-days: 5
net-snmp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 5.9.3
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-net-snmp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build net-snmp
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: net-snmp/net-snmp
ref: v${{ matrix.ref }}
path: net-snmp
patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Run net-snmp tests
working-directory: net-snmp
run: |
autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
make -j test TESTOPTS="${{ matrix.test_opts }}"

226
.github/workflows/nginx.yml vendored
View File

@@ -1,226 +0,0 @@
name: nginx Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
# We don't use --enable-debug since it makes the logs too loud
echo "wolf_debug_flags= CFLAGS='-g3 -O0'" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-nginx ${{ env.wolf_debug_flags }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-nginx
path: build-dir.tgz
retention-days: 5
nginx_check:
strategy:
fail-fast: false
matrix:
include:
# in general we want to pass all tests that match *ssl*
- ref: 1.25.0
test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592
# Following tests pass with sanitizer on
sanitize-ok: >-
h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t
mail_ssl.t proxy_ssl_certificate_empty.t proxy_ssl_certificate.t
proxy_ssl_certificate_vars.t proxy_ssl_conf_command.t proxy_ssl_name.t
ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t
ssl_crl.t ssl_curve.t ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t
ssl_proxy_protocol.t ssl_proxy_upgrade.t ssl_reject_handshake.t
ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_reneg.t
ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t ssl_verify_client.t
ssl_verify_depth.t stream_proxy_ssl_certificate.t stream_proxy_ssl_certificate_vars.t
stream_proxy_ssl_conf_command.t stream_proxy_ssl_name_complex.t
stream_proxy_ssl_name.t stream_ssl_certificate.t stream_ssl_conf_command.t
stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t stream_ssl_preread.t
stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t stream_ssl_variables.t
stream_ssl_verify_client.t stream_upstream_zone_ssl.t upstream_zone_ssl.t
uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t uwsgi_ssl.t
uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
proxy_request_buffering_ssl.t proxy_ssl_keepalive.t proxy_ssl.t
proxy_ssl_verify.t stream_proxy_protocol_ssl.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t stream_ssl_alpn.t
- ref: 1.24.0
test-ref: 212d9d003886e3a24542855fb60355a417f037de
# Following tests pass with sanitizer on
sanitize-ok: >-
h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t mail_ssl.t
proxy_ssl_certificate_empty.t proxy_ssl_certificate.t proxy_ssl_certificate_vars.t
proxy_ssl_name.t ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t ssl_crl.t
ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t ssl_proxy_protocol.t
ssl_proxy_upgrade.t ssl_reject_handshake.t ssl_session_reuse.t
ssl_session_ticket_key.t ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t
ssl_stapling.t ssl.t ssl_verify_client.t stream_proxy_ssl_certificate.t
stream_proxy_ssl_certificate_vars.t stream_proxy_ssl_name_complex.t
stream_proxy_ssl_name.t stream_ssl_alpn.t stream_ssl_certificate.t
stream_ssl_conf_command.t stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t
stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
uwsgi_ssl.t uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
proxy_request_buffering_ssl.t proxy_ssl_conf_command.t proxy_ssl_keepalive.t
proxy_ssl.t proxy_ssl_verify.t ssl_curve.t ssl_verify_depth.t
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-nginx
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
- name: Checkout wolfssl-nginx
uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl-nginx
path: wolfssl-nginx
- name: Checkout nginx
uses: actions/checkout@v4
with:
repository: nginx/nginx
path: nginx
ref: release-${{ matrix.ref }}
- name: Apply nginx patch
working-directory: nginx
run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl.patch
- if: ${{ runner.debug }}
name: Apply nginx debug patch
working-directory: nginx
run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
- name: Checkout nginx-tests
uses: actions/checkout@v4
with:
repository: nginx/nginx-tests
path: nginx-tests
ref: ${{ matrix.test-ref }}
- name: Apply nginx-tests patch
working-directory: nginx-tests
run: patch -p1 < ../wolfssl-nginx/nginx-tests-patches/*${{ matrix.test-ref }}.patch
- name: Build nginx without sanitizer
working-directory: nginx
run: |
./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
--with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
--with-http_v2_module --with-mail --with-mail_ssl_module
make -j
- name: Confirm nginx built with wolfSSL
working-directory: nginx
run: ldd objs/nginx | grep wolfssl
- if: ${{ runner.debug }}
name: Run nginx-tests without sanitizer (debug)
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-not-ok }}
- if: ${{ !runner.debug }}
name: Run nginx-tests without sanitizer
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-not-ok }}
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "nginx_c_flags=-O0" >> $GITHUB_ENV
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build nginx with sanitizer
working-directory: nginx
run: |
./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
--with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
--with-http_v2_module --with-mail --with-mail_ssl_module \
--with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 ${{ env.nginx_c_flags }}' \
--with-ld-opt='-fsanitize=address ${{ env.nginx_c_flags }}'
make -j
- name: Confirm nginx built with wolfSSL
working-directory: nginx
run: ldd objs/nginx | grep wolfssl
- if: ${{ runner.debug }}
name: Run nginx-tests with sanitizer (debug)
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }}
- if: ${{ !runner.debug }}
name: Run nginx-tests with sanitizer
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-ok }}

44
.github/workflows/no-malloc.yml vendored
View File

@@ -1,44 +0,0 @@
name: No Malloc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

93
.github/workflows/ntp.yml vendored
View File

@@ -1,93 +0,0 @@
name: ntp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ntp
path: build-dir.tgz
retention-days: 5
ntp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 4.2.8p15 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ntp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
# Avoid DoS'ing ntp site so cache the tar.gz
- name: Check if we have ntp
uses: actions/cache@v4
id: cache
with:
path: ntp-${{ matrix.ref }}.tar.gz
key: ntp-${{ matrix.ref }}.tar.gz
- name: Download ntp
if: steps.cache.outputs.cache-hit != 'true'
run: |
wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
- name: Extract ntp
run: |
tar -xf ntp-${{ matrix.ref }}.tar.gz
- name: Build and test ntp
working-directory: ntp-${{ matrix.ref }}
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
./bootstrap
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j
make -j check

38
.github/workflows/ocsp.yml vendored
View File

@@ -1,38 +0,0 @@
name: OCSP Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
ocsp_stapling:
name: ocsp stapling
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
- name: Build wolfSSL
run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
- name: Start OCSP responder 1
run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
- name: Start OCSP responder 2
run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
- name: Start TLS server
run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
- name: Test Look Up
run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o

89
.github/workflows/openldap.yml vendored
View File

@@ -1,89 +0,0 @@
name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openldap
path: build-dir.tgz
retention-days: 5
openldap_check:
strategy:
fail-fast: false
matrix:
include:
# List of releases to test
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openldap
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout openldap
uses: actions/checkout@v4
with:
repository: openldap/openldap
path: openldap
ref: ${{ matrix.git_ref }}
- name: Build and test OpenLDAP
working-directory: openldap
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
rm aclocal.m4
autoreconf -ivf
./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
-I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
-L$GITHUB_WORKSPACE/build-dir/lib"
make -j depend
make -j
make -j check

84
.github/workflows/openssh.yml vendored
View File

@@ -1,84 +0,0 @@
name: openssh Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir.tgz
retention-days: 5
openssh_check:
strategy:
fail-fast: false
matrix:
include:
- git_ref: 'V_9_6_P1'
osp_ver: '9.6'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test openssh
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: openssh/openssh-portable
ref: ${{ matrix.git_ref }}
path: openssh
patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |
# Run all the tests except (t-exec) as it takes too long
make file-tests interop-tests extra-tests unit

93
.github/workflows/openvpn.yml vendored
View File

@@ -1,93 +0,0 @@
name: OpenVPN Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openvpn
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir.tgz
retention-days: 5
openvpn_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ release/2.6, master ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openvpn
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
linux-libc-dev man2html libcmocka-dev python3-docutils \
libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- if: ${{ matrix.ref != 'master' }}
name: Build and test openvpn with fsanitize
run: |
echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
- name: Build and test openvpn
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: OpenVPN/openvpn
ref: ${{ matrix.ref }}
path: openvpn
configure: >-
--with-crypto-library=wolfssl
WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl"
WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl"
${{ env.extra_c_flags }}
check: true
- name: Confirm OpenVPN built with wolfSSL
working-directory: ./openvpn
run: ldd src/openvpn/openvpn | grep wolfssl

168
.github/workflows/os-check.yml vendored
View File

@@ -1,168 +0,0 @@
name: Ubuntu-Macos-Windows Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
config: [
# Add new configs here
'',
'--enable-all --enable-asn=template',
'--enable-all --enable-asn=original',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: ${{ matrix.config }}
check: true
make_user_settings:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_all.h',
]
name: make user_setting.h
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: --enable-usersettings
check: true
user-settings: ${{ matrix.user-settings }}
make_user_settings_testwolfcrypt:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
'examples/configs/user_settings_wolfssh.h',
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: --enable-usersettings --disable-examples
check: false
user-settings: ${{ matrix.user-settings }}
- name: Run wolfcrypt/test/testwolfcrypt
run: ./wolfcrypt/test/testwolfcrypt
# Has to be dedicated function due to the sed call
make_user_all:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- uses: actions/checkout@v4
- if: ${{ matrix.os == 'macos-latest' }}
run: brew install automake libtool
- run: ./autogen.sh
- name: user_settings_all.h with compatibility layer
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
sed -i -e "s/if 0/if 1/" user_settings.h
./configure --enable-usersettings
make
make check
windows_build:
name: Windows Build Test
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
arch: [ x64, Win32, ARM64 ]
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl64.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
steps:
- uses: actions/checkout@v4
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v2
- name: Restore NuGet packages
working-directory: ${{env.GITHUB_WORKSPACE}}
run: nuget restore ${{env.SOLUTION_FILE_PATH}}
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- if: ${{ matrix.arch != 'ARM64' }}
name: Run Test
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Release/${{matrix.arch}}/testsuite.exe

57
.github/workflows/packaging.yml vendored
View File

@@ -1,57 +0,0 @@
name: Packaging Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Package wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
- name: Configure wolfSSL
run: |
autoreconf -ivf
./configure --enable-distro --enable-all \
--disable-openssl-compatible-defaults --enable-intelasm \
--enable-dtls13 --enable-dtls-mtu \
--enable-sp-asm --disable-examples --disable-silent-rules
- name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
run: |
! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
- name: Build wolfSSL .deb
run: make deb-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built
run: |
DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
if [ "$DEB_COUNT" != "2" ]; then
echo Did not find exactly two deb packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi

92
.github/workflows/pam-ipmi.yml vendored
View File

@@ -1,92 +0,0 @@
name: pam-ipmi Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-pam-ipmi
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
strategy:
fail-fast: false
matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libpam-dev ninja-build meson
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-pam-ipmi
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout pam-ipmi
uses: actions/checkout@v4
with:
repository: openbmc/pam-ipmi
path: pam-ipmi
ref: ${{ matrix.git_ref }}
- name: Build pam-ipmi
working-directory: pam-ipmi
run: |
patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
ninja -C build
- name: Confirm built with wolfSSL
working-directory: pam-ipmi
run: |
ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl

116
.github/workflows/rng-tools.yml vendored
View File

@@ -1,116 +0,0 @@
name: rng-tools Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-rng-tools
path: build-dir.tgz
retention-days: 5
rng-tools_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 6.16 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-rng-tools
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jitterentropy-library
uses: actions/checkout@v4
with:
repository: smuellerDD/jitterentropy-library
path: jitterentropy-library
ref: v3.5.0
- name: Build jitterentropy-library
working-directory: jitterentropy-library
run: make -j
- name: Build rng-tools
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: nhorman/rng-tools
ref: v${{ matrix.ref }}
path: rng-tools
patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Testing rng-tools
id: testing
working-directory: rng-tools
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi
- name: Print logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: rng-tools/tests
run: cat test-suite.log

81
.github/workflows/socat.yml vendored
View File

@@ -1,81 +0,0 @@
name: socat Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-socat
path: build-dir.tgz
retention-days: 5
socat_check:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-socat
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build socat
working-directory: ./socat-1.8.0.0
run: |
patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
autoreconf -vfi
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4
make
- name: Run socat tests
working-directory: ./socat-1.8.0.0
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,478,492,528,530

94
.github/workflows/softhsm.yml vendored
View File

@@ -1,94 +0,0 @@
name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-softhsm
path: build-dir.tgz
retention-days: 5
softhsm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcppunit-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-softhsm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout SoftHSMv2
uses: actions/checkout@v4
with:
repository: opendnssec/SoftHSMv2
path: softhsm
ref: ${{ matrix.ref }}
# Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
- name: Build softhsm
working-directory: softhsm
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
autoreconf -if
./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
make -j
- name: Test softhsm
working-directory: softhsm
run: make -j check

99
.github/workflows/sssd.yml vendored
View File

@@ -1,99 +0,0 @@
name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
if: github.repository_owner == 'wolfssl'
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sssd
path: build-dir.tgz
retention-days: 5
sssd_check:
if: github.repository_owner == 'wolfssl'
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:
LD_LIBRARY_PATH: /usr/local/lib
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
- name: Setup env
run: |
ln -s samba-4.0/ldb.h /usr/include/ldb.h
ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sssd
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test sssd
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: SSSD/sssd
ref: ${{ matrix.ref }}
path: sssd
patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
configure: >-
--without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
--without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
check: true

81
.github/workflows/stunnel.yml vendored
View File

@@ -1,81 +0,0 @@
name: stunnel Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-stunnel
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir.tgz
retention-days: 5
stunnel_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 5.67 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-stunnel
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test stunnel
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: mtrojnar/stunnel
ref: stunnel-${{ matrix.ref }}
path: stunnel
patch-file: $GITHUB_WORKSPACE/osp/stunnel/${{ matrix.ref }}/stunnel-${{ matrix.ref }}.patch
configure: --enable-wolfssl SSLDIR=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm stunnel built with wolfSSL
working-directory: ./stunnel
run: ldd src/stunnel | grep wolfssl

58
.github/workflows/win-csharp-test.yml vendored
View File

@@ -1,58 +0,0 @@
name: Windows CSharp Build Test
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
if: github.repository_owner == 'wolfssl'
runs-on: windows-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl\wrapper\CSharp\wolfSSL_CSharp.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Debug
BUILD_PLATFORM: x64
steps:
- name: Pull wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Create FIPS stub files (autogen)
working-directory: wolfssl
run: |
echo $null >> wolfcrypt\src\fips.c
echo $null >> wolfcrypt\src\fips_test.c
echo $null >> wolfcrypt\src\wolfcrypt_first.c
echo $null >> wolfcrypt\src\wolfcrypt_last.c
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run wolfCrypt test
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfCrypt-test.exe
- name: Run wolfSSL client/server example
working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl\wrapper\CSharp\Debug\x64\
run: ./wolfSSL-TLS-Server.exe && sleep 1 & ./wolfSSL-TLS-Client.exe

129
.github/workflows/zephyr.yml vendored
View File

@@ -1,129 +0,0 @@
name: Zephyr tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
run_test:
name: Build and run
strategy:
fail-fast: false
matrix:
config:
- zephyr-ref: v3.4.0
zephyr-sdk: 0.16.1
- zephyr-ref: v3.5.0
zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 25
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# most of the ci-base zephyr docker image packages
sudo apt-get install -y zip bridge-utils uml-utilities \
git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget \
python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \
autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \
cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \
gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Install west
run: sudo pip install west
- name: Init west workspace
run: west init --mr ${{ matrix.config.zephyr-ref }} zephyr
- name: Update west.yml
working-directory: zephyr/zephyr
run: |
REF=$(echo '${{ github.ref }}' | sed -e 's/\//\\\//g')
sed -e 's/remotes:/remotes:\n \- name: wolfssl\n url\-base: https:\/\/github.com\/${{ github.repository_owner }}/' -i west.yml
sed -e "s/projects:/projects:\n \- name: wolfssl\n path: modules\/crypto\/wolfssl\n remote: wolfssl\n revision: $REF/" -i west.yml
- name: Update west workspace
working-directory: zephyr
run: west update -n -o=--depth=1
- name: Export zephyr
working-directory: zephyr
run: west zephyr-export
- name: Install pip dependencies
working-directory: zephyr
run: sudo pip install -r zephyr/scripts/requirements.txt
- name: Install zephyr SDK
run: |
wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
./setup.sh -h -c -t x86_64-zephyr-elf
- name: Fix options for 2.7.4
if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
working-directory: zephyr/modules/crypto/wolfssl
run: |
sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
- name: Run wolfssl test
id: wolfssl-test
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS sock test
# Results in a page fault that I can't trace
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-sock
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS thread test
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-thread
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
rm -rf zephyr/twister-out
- name: Zip failure logs
if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
run: |
zip -9 -r logs.zip zephyr/twister-out
- name: Upload failure logs
if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
uses: actions/upload-artifact@v4
with:
name: zephyr-client-test-logs
path: logs.zip
retention-days: 5

307
.gitignore vendored
View File

@@ -5,22 +5,18 @@ ctaocrypt/src/src/
*.o
*.patch
*.deps
*.d
*.libs
*.cache
.dirstamp
*.user
!*-VS2022.vcxproj.user
configure
config.*
!cmake/config.in
*Debug/
*Release/
*.ncb
*.suo
*.sdf
*.opensdf
*.cmd
ipch/
build-aux/
rpm/spec
@@ -28,7 +24,6 @@ rpm/spec
stamp-h
cyassl/options.h
wolfssl/options.h
.build_params
libtool.m4
aclocal.m4
aminclude.am
@@ -50,7 +45,6 @@ fips
wolfcrypt_first.c
wolfcrypt_last.c
selftest.c
fipsv2.c
src/async.c
wolfssl/async.h
wolfcrypt/src/async.c
@@ -65,8 +59,6 @@ ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark
wolfcrypt/test/testwolfcrypt
examples/async/async_client
examples/async/async_server
examples/benchmark/tls_bench
examples/client/client
examples/echoclient/echoclient
@@ -76,26 +68,18 @@ examples/sctp/sctp-server
examples/sctp/sctp-server-dtls
examples/sctp/sctp-client
examples/sctp/sctp-client-dtls
examples/asn1/asn1
examples/pem/pem
server_ready
snifftest
output
mcapi/test
testsuite/testsuite
tests/unit
testsuite/testsuite.test
tests/unit.test
tests/bio_write_test.txt
testsuite/*.der
testsuite/*.pem
testsuite/*.raw
testsuite/*.obj
testsuite/*.pdb
testsuite/*.idb
tests/unit
tests/unit.test
tests/bio_write_test.txt
tests/test-log-dump-to-file.txt
tests/cert_cache.tmp
test-write-dhparams.pem
cert.der
cert.pem
certecc.der
@@ -116,85 +100,22 @@ ecc-key.pem
certreq.der
certreq.pem
pkcs7cert.der
pkcs7authEnvelopedDataAES128GCM.der
pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der
pkcs7authEnvelopedDataAES128GCM_KEKRI.der
pkcs7authEnvelopedDataAES128GCM_ORI.der
pkcs7authEnvelopedDataAES128GCM_PWRI.der
pkcs7authEnvelopedDataAES192GCM.der
pkcs7authEnvelopedDataAES256GCM.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der
pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der
pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der
pkcs7authEnvelopedDataAES256GCM_IANDS.der
pkcs7authEnvelopedDataAES256GCM_SKID.der
pkcs7compressedData_data_zlib.der
pkcs7compressedData_firmwarePkgData_zlib.der
pkcs7encryptedDataAES128CBC.der
pkcs7encryptedDataAES192CBC.der
pkcs7encryptedDataAES256CBC.der
pkcs7encryptedDataAES256CBC_attribs.der
pkcs7encryptedDataAES256CBC_firmwarePkgData.der
pkcs7encryptedDataAES256CBC_multi_attribs.der
pkcs7encryptedDataDES.der
pkcs7encryptedDataDES3.der
pkcs7envelopedDataAES128CBC.der
pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der
pkcs7envelopedDataAES128CBC_KEKRI.der
pkcs7envelopedDataAES128CBC_PWRI.der
pkcs7envelopedDataAES128CBC_ORI.der
pkcs7envelopedDataAES192CBC.der
pkcs7envelopedDataAES256CBC.der
pkcs7envelopedDataAES256CBC_IANDS.der
pkcs7envelopedDataAES256CBC_SKID.der
pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der
pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der
pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der
pkcs7envelopedDataDES3.der
pkcs7signedData_ECDSA_SHA224.der
pkcs7signedData_ECDSA_SHA256_custom_contentType.der
pkcs7signedData_ECDSA_SHA256.der
pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der
pkcs7signedData_ECDSA_SHA256_SKID.der
pkcs7signedData_ECDSA_SHA384.der
pkcs7signedData_ECDSA_SHA512.der
pkcs7signedData_ECDSA_SHA.der
pkcs7signedData_ECDSA_SHA_noattr.der
pkcs7signedData_RSA_SHA224.der
pkcs7signedData_RSA_SHA256_custom_contentType.der
pkcs7signedData_RSA_SHA256.der
pkcs7signedData_RSA_SHA256_firmwarePkgData.der
pkcs7signedData_RSA_SHA256_SKID.der
pkcs7signedData_RSA_SHA256_with_ca_cert.der
pkcs7signedData_RSA_SHA256_detachedSig.der
pkcs7signedData_RSA_SHA384.der
pkcs7signedData_RSA_SHA512.der
pkcs7signedData_RSA_SHA.der
pkcs7signedData_RSA_SHA_noattr.der
pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der
pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der
pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der
pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der
pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der
pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der
pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der
pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der
pkcs7signedFirmwarePkgData_ECDSA_SHA256.der
pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der
pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der
pkcs7signedFirmwarePkgData_RSA_SHA256.der
pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der
pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der
pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der
pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der
pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der
pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der
pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der
pkcs7signedData_RSA_SHA224.der
pkcs7signedData_RSA_SHA256.der
pkcs7signedData_RSA_SHA384.der
pkcs7signedData_RSA_SHA512.der
pkcs7signedData_ECDSA_SHA.der
pkcs7signedData_ECDSA_SHA_noattr.der
pkcs7signedData_ECDSA_SHA224.der
pkcs7signedData_ECDSA_SHA256.der
pkcs7signedData_ECDSA_SHA384.der
pkcs7signedData_ECDSA_SHA512.der
pkcs7envelopedDataDES3.der
pkcs7envelopedDataAES128CBC.der
pkcs7envelopedDataAES192CBC.der
pkcs7envelopedDataAES256CBC.der
diff
sslSniffer/sslSnifferTest/tracefile.txt
tracefile.txt
@@ -217,6 +138,14 @@ TAGS
support/cyassl.pc
support/wolfssl.pc
cyassl/ctaocrypt/stamp-h1
swig/_cyassl.so
swig/_wolfssl.so
swig/cyassl.py
swig/wolfssl.py
swig/cyassl.pyc
swig/wolfssl.pyc
swig/cyassl_wrap.c
swig/wolfssl_wrap.c
stamp-h1
clang_output_*
internal.plist
@@ -232,25 +161,6 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
*.gcno
*.gcda
*.gcov
*.dgcov
!linuxkm/Makefile
/Kbuild
linuxkm/*.ko
linuxkm/*.ko.signed
linuxkm/Module.symvers
linuxkm/built-in.a
linuxkm/modules.order
linuxkm/wolfcrypt
linuxkm/libwolfssl.mod
linuxkm/libwolfssl.mod.c
linuxkm/libwolfssl.lds
linuxkm/module_exports.c
linuxkm/linuxkm/get_thread_size
*.nds
# autotools generated
scripts/unit.test
wolfcrypt/test/test_paths.h
# MPLAB Generated Files (OS X)
mcapi/wolfcrypt_mcapi.X/nbproject/Makefile-*
@@ -291,20 +201,29 @@ mqx/wolfcrypt_benchmark/.settings
mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
# User Crypto example build
wolfcrypt/user-crypto/aclocal.m4
wolfcrypt/user-crypto/config.guess
wolfcrypt/user-crypto/autom4te.cache
wolfcrypt/user-crypto/config.log
wolfcrypt/user-crypto/config.status
wolfcrypt/user-crypto/config.sub
wolfcrypt/user-crypto/depcomp
wolfcrypt/user-crypto/install-sh
wolfcrypt/user-crypto/libtool
wolfcrypt/user-crypto/ltmain.sh
wolfcrypt/user-crypto/m4
wolfcrypt/user-crypto/missing
wolfcrypt/user-crypto/Makefile.in
wolfcrypt/user-crypto/lib/libusercrypto.*
*.hzs
# wolfSSL CSharp wrapper
wrapper/CSharp/x64/
# Visual Studio Code Workspace Files
*.vscode
*.userprefs
*.exe
*.dll
.vs
Backup
UpgradeLog.htm
*.aps
*.VC.db
*.filters
IDE/INTIME-RTOS/Debug_*
IDE/VS-ARM/.vs
@@ -315,149 +234,7 @@ IDE/HEXIWEAR/wolfSSL_HW/Debug
# Linux-SGX
IDE/LINUX-SGX/*.a
IDE/iotsafe/*.map
IDE/iotsafe/*.elf
IDE/iotsafe/*.bin
# Binaries
wolfcrypt/src/port/intel/qat_test
/mplabx/wolfssl.X/dist/default/
/mplabx/wolfcrypt_test.X/dist/default/
# Arduino Generated Files
/IDE/ARDUINO/wolfSSL
scripts/memtest.txt
/IDE/ARDUINO/Arduino_README_prepend.md.tmp
/IDE/ARDUINO/library.properties.tmp
/IDE/ARDUINO/library.properties.tmp.backup
/IDE/ARDUINO/PREPENDED_README.md
# Doxygen generated files
doc/doxygen_warnings
doc/html
doc/pdf
# XCODE Index
IDE/XCODE/Index
IDE/**/xcshareddata
IDE/**/DerivedData
# ARM DS-5 && Eclipse
\.settings/
\.cproject
\.project
\.autotools
# Renesas e2studio
/IDE/Renesas/e2studio/Projects/test/src/smc_gen
/IDE/Renesas/e2studio/Projects/test/trash
/IDE/Renesas/e2studio/Projects/test/*.launch
/IDE/Renesas/e2studio/Projects/test/*.scfg
/IDE/Renesas/e2studio/RX65N/GR-ROSE/.metadata
/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/src
/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/trash
/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/smc_gen
/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/generate
/IDE/Renesas/e2studio/RX65N/RSK/.metadata
/IDE/Renesas/e2studio/RX65N/RSK/smc/src
/IDE/Renesas/e2studio/RX65N/RSK/smc/trash
/IDE/Renesas/e2studio/RX65N/RSK/test/src/smc_gen
/IDE/Renesas/e2studio/RX65N/RSK/test/generate
/IDE/Renesas/e2studio/RX72N/EnvisionKit/.metadata
/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/src
/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/trash
/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/src/smc_gen
/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/generate
# QNX CAAM
/IDE/QNX/example-server/server-tls
/IDE/QNX/example-client/client-tls
/IDE/QNX/example-cmac/cmac-test
/IDE/QNX/CAAM-DRIVER/wolfCrypt
# Xilinx
/IDE/XilinxSDK/data
# Emacs
*~
# CMake
CMakeFiles/
CMakeCache.txt
cmake_install.cmake
# GDB Settings
\.gdbinit
libFuzzer
# Pycharm and other IDEs
\.idea
# FIPS
XXX-fips-test
# ASYNC
/wolfAsyncCrypt
/async
# Generated user_settings_asm.h.
user_settings_asm.h
# VisualGDB
**/.visualgdb
# Espressif sdk config default should be saved in sdkconfig.defaults
# we won't track the actual working sdkconfig files
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release
# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
# auto-created CMake backups
**/CMakeLists.txt.old
# MagicCrypto (ARIA Cipher)
MagicCrypto
# CMake build directory
/out
/out_temp
# debian packaging
debian/changelog
debian/control
*.deb
# Ada/Alire files
wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
/**/.vscode/c_cpp_properties.json
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev
# Autogenerated debug trace headers
wolfssl/debug-trace-error-codes.h
wolfssl/debug-untrace-error-codes.h

0
LPCExpresso.project → .project
View File

982
.wolfssl_known_macro_extras
View File

@@ -1,982 +0,0 @@
AES_GCM_GMULT_NCT
AFX_RESOURCE_DLL
AFX_TARG_ENU
ALLOW_BINARY_MISMATCH_INTROSPECTION
ALLOW_V1_EXTENSIONS
ANDROID
APP_ESP_HTTP_CLIENT
APP_ESP_HTTP_CLIENT_EXAMPLE
APSTUDIO_INVOKED
ARCH_sim
ARDUINO
ARDUINO_ARCH_RP2040
ARDUINO_SAMD_NANO_33_IOT
ARDUINO_SAM_DUE
ASN_DUMP_OID
ASN_TEMPLATE_SKIP_ISCA_CHECK
ATCAPRINTF
ATCA_ENABLE_DEPRECATED
AVR
BASE64_NO_TABLE
BLAKE2B_SELFTEST
BLAKE2S_SELFTEST
BLOCKING
BSP_DEFAULT_IO_CHANNEL_DEFINED
BSP_LED_0
BSP_LED_1
BSP_SDCARD_ESDHC_CHANNEL
BSP_SDCARD_SDHC_CHANNEL
BSP_SDCARD_SPI_CHANNEL
CAAM_OUT_INVALIDATE
CIOCASYMFEAT
CIOCGSESSINFO
CMSIS_OS2_H_
COMPONENT_WOLFSSL
CONFIG_ARCH_CHIP_STM32F746ZG
CONFIG_ARCH_CHIP_STM32H743ZI
CONFIG_ARCH_CHIP_STM32L552ZE
CONFIG_ARCH_POSIX
CONFIG_ARM
CONFIG_ARM64
CONFIG_BOARD_NATIVE_POSIX
CONFIG_COMPILER_OPTIMIZATION_DEFAULT
CONFIG_COMPILER_OPTIMIZATION_NONE
CONFIG_COMPILER_OPTIMIZATION_PERF
CONFIG_COMPILER_OPTIMIZATION_SIZE
CONFIG_CRYPTO_FIPS
CONFIG_CRYPTO_MANAGER
CONFIG_CSPRNG_ENABLED
CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32C3_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ
CONFIG_ESP8266_XTAL_FREQ_26
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_80
CONFIG_ESP_ENABLE_WOLFSSH
CONFIG_ESP_MAIN_TASK_STACK_SIZE
CONFIG_ESP_TLS_USING_WOLFSSL
CONFIG_ESP_WIFI_PASSWORD
CONFIG_ESP_WIFI_SSID
CONFIG_ESP_WOLFSSL_ENABLE_KYBER
CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH
CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT
CONFIG_ESP_WOLFSSL_NO_HW_AES
CONFIG_ESP_WOLFSSL_NO_HW_HASH
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
CONFIG_FREERTOS_HZ
CONFIG_FREERTOS_UNICORE
CONFIG_IDF_TARGET
CONFIG_IDF_TARGET_ARCH_RISCV
CONFIG_IDF_TARGET_ARCH_XTENSA
CONFIG_IDF_TARGET_ESP32
CONFIG_IDF_TARGET_ESP32C2
CONFIG_IDF_TARGET_ESP32C3
CONFIG_IDF_TARGET_ESP32C6
CONFIG_IDF_TARGET_ESP32H2
CONFIG_IDF_TARGET_ESP32S2
CONFIG_IDF_TARGET_ESP32S3
CONFIG_IDF_TARGET_ESP8266
CONFIG_IDF_TARGET_ESP8684
CONFIG_MAIN_TASK_STACK_SIZE
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
CONFIG_MBEDTLS_PSA_CRYPTO_C
CONFIG_MIPS
CONFIG_MODULE_SIG
CONFIG_NET_SOCKETS_SOCKOPT_TLS
CONFIG_NEWLIB_LIBC
CONFIG_NEWLIB_NANO_FORMAT
CONFIG_PICOLIBC
CONFIG_POSIX_API
CONFIG_POSIX_THREADS
CONFIG_PREEMPT_COUNT
CONFIG_PTHREAD_IPC
CONFIG_SMP
CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
CONFIG_TIMER_TASK_STACK_DEPTH
CONFIG_TIMER_TASK_STACK_SIZE
CONFIG_TLS_STACK_WOLFSSL
CONFIG_USE_WOLFSSL_ESP_SDK_TIME
CONFIG_USE_WOLFSSL_ESP_SDK_WIFI
CONFIG_WOLFCRYPT_ARMASM
CONFIG_WOLFCRYPT_FIPS
CONFIG_WOLFCRYPT_INTELASM
CONFIG_WOLFSSL
CONFIG_WOLFSSL_ALLOW_TLS13
CONFIG_WOLFSSL_ALPN
CONFIG_WOLFSSL_ALT_CERT_CHAINS
CONFIG_WOLFSSL_APPLE_HOMEKIT
CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
CONFIG_WOLFSSL_DTLS
CONFIG_WOLFSSL_ENABLE_KYBER
CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_NONE
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE
CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
CONFIG_WOLFSSL_HKDF
CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
CONFIG_WOLFSSL_NO_ASN_STRICT
CONFIG_WOLFSSL_PSK
CONFIG_WOLFSSL_RSA_PSS
CONFIG_WOLFSSL_TARGET_HOST
CONFIG_WOLFSSL_TARGET_PORT
CONFIG_WOLFSSL_TLS13_ENABLED
CONFIG_WOLFSSL_TLS_VERSION_1_2
CONFIG_WOLFSSL_TLS_VERSION_1_3
CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF
CONFIG_X86
CONV_WITH_DIV
CPA_CY_API_VERSION_NUM_MAJOR
CPU_MIMXRT1176DVMAA_cm7
CPU_MK82FN256VLL15
CRLDP_VALIDATE_DATA
CRL_REPORT_LOAD_ERRORS
CRL_STATIC_REVOKED_LIST
CRYPTOCELL_KEY_SIZE
CRYP_HEADERWIDTHUNIT_BYTE
CRYP_KEYIVCONFIG_ONCE
CRYP_KEYSIZE_192B
CSM_UNSUPPORTED_ALGS
CTYPE_USER
CURVED448_SMALL
CY_USING_HAL
DCP_USE_DCACHE
DILITHIUM_MUL_11_SLOW
DILITHIUM_MUL_44_SLOW
DILITHIUM_MUL_QINV_SLOW
DILITHIUM_MUL_Q_SLOW
DILITHIUM_MUL_SLOW
DILITHIUM_USE_HINT_CT
DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
ECCSI_ORDER_MORE_BITS_THAN_PRIME
ECC_DUMP_OID
ECDHE_SIZE
ENABLE_SECURE_SOCKETS_LOGS
ESP32
ESP8266
ESP_ENABLE_WOLFSSH
ESP_IDF_VERSION_MAJOR
ESP_IDF_VERSION_MINOR
ESP_PLATFORM
ESP_TASK_MAIN_STACK
EV_TRIGGER
FP_ECC_CONTROL
FREERTOS_TCP_WINSIM
FREESCALE
FREESCALE_RNGB
FREESCALE_USE_MMCAU_CLASSIC
FSL_FEATURE_HAS_L1CACHE
FSL_FEATURE_LTC_HAS_DES
FSL_FEATURE_LTC_HAS_GCM
FSL_FEATURE_LTC_HAS_PKHA
FSL_FEATURE_LTC_HAS_SHA
FSL_FEATURE_SOC_LTC_COUNT
FSL_FEATURE_SOC_MMCAU_COUNT
FSL_FEATURE_SOC_RNG_COUNT
FSL_FEATURE_SOC_TRNG_COUNT
FUSION_RTOS
GENERATE_MACHINE_PARSEABLE_REPORT
GE_P3_TOBYTES_IMPL
GOAHEAD_WS
HAL_RTC_MODULE_ENABLED
HARDWARE_CACHE_COHERENCY
HASH_AlgoMode_HASH
HASH_BYTE_SWAP
HASH_CR_LKEY
HASH_DIGEST
HASH_DataType_8b
HASH_IMR_DCIE
HASH_IMR_DINIE
HAVE_AESGCM_DECRYPT
HAVE_BYTEREVERSE64
HAVE_CERTIFICATE_STATUS_V2
HAVE_COLDFIRE_SEC
HAVE_CRL_UPDATE_CB
HAVE_CSHARP
HAVE_CURL
HAVE_CURVE22519
HAVE_DANE
HAVE_ECC239
HAVE_ECC320
HAVE_ECC512
HAVE_ECC_CDH_CAST
HAVE_ECC_SM2
HAVE_ESP_CLK
HAVE_EX_DATA_CRYPTO
HAVE_EX_DATA_CLEANUP_HOOKS
HAVE_FACON
HAVE_FIPS_VERSION_PORT
HAVE_FUZZER
HAVE_INTEL_MULX
HAVE_INTEL_QAT_SYNC
HAVE_INTEL_SPEEDUP
HAVE_MDK_RTX
HAVE_NETX_BSD
HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK
HAVE_POCO_LIB
HAVE_RTP_SYS
HAVE_SECURE_GETENV
HAVE_STACK_SIZE_VERBOSE_LOG
HAVE_THREADX
HAVE_TM_TYPE
HAVE_VALIDATE_DATE
HAVE_VA_COPY
HAVE_X448
HONOR_MATH_USED_LENGTH
HSM_KEY_TYPE_HMAC_224
HSM_KEY_TYPE_HMAC_256
HSM_KEY_TYPE_HMAC_384
HSM_KEY_TYPE_HMAC_512
HSM_OP_KEY_GENERATION_FLAGS_CREATE
HSM_OP_KEY_GENERATION_FLAGS_UPDATE
HSM_SVC_KEY_STORE_FLAGS_UPDATE
IDIRECT_DEV_RANDOM
IDIRECT_DEV_TIME
ID_TRNG
IGNORE_KEY_EXTENSIONS
IGNORE_NETSCAPE_CERT_TYPE
INCLUDE_uxTaskGetStackHighWaterMark
INTEGRITY
INTIMEVER
IOTSAFE_NO_GETDATA
IOTSAFE_SIG_8BIT_LENGTH
KCAPI_USE_XMALLOC
KYBER_NONDETERMINISTIC
K_SERIES
LIBWOLFSSL_VERSION_GIT_BRANCH
LIBWOLFSSL_VERSION_GIT_HASH
LIBWOLFSSL_VERSION_GIT_HASH_DATE
LIBWOLFSSL_VERSION_GIT_ORIGIN
LIBWOLFSSL_VERSION_GIT_SHORT_HASH
LIBWOLFSSL_VERSION_GIT_TAG
LINUXKM_FPU_STATES_FOLLOW_THREADS
LINUXKM_LKCAPI_PRIORITY_ALLOW_MASKING
LINUX_CYCLE_COUNT
LINUX_RUSAGE_UTIME
LP64
MAX3266X_AESGCM
MAX3266X_RSA
MAXQ10XX_PRODUCTION_KEY
MAXQ_EXPORT_TLS_KEYS
MAXQ_SHA1
MAXSEG_64K
MAX_WOLFSSL_FILE_SIZE
MDK_CONF_BARE_METAL
MDK_CONF_FS
MDK_CONF_RTX_TCP_FS
MDK_CONF_TCP_FS
MDK_WOLFLIB
MICRIUM_MALLOC
MICROCHIP_MPLAB_HARMONY
MICROCHIP_MPLAB_HARMONY_3
MICRO_SESSION_CACHEx
MODULE_SOCK_TCP
MP_31BIT
MP_8BIT
MQX_USE_IO_OLD
MULTI_VALUE_STATISTICS
MUTEX_DURING_INIT
NEED_THREADX_TYPES
NETX_DUO
NET_SECURE_MODULE_EN
NOTE_TRIGGER
NO_AES_DECRYPT
NO_ARDUINO_DEFAULT
NO_ASM
NO_ASN_OLD_TYPE_NAMES
NO_CAMELLIA_CBC
NO_CERT
NO_CIPHER_SUITE_ALIASES
NO_CLIENT_CACHE
NO_CLOCK_SPEEDUP
NO_CURVE25519_KEY_EXPORT
NO_CURVE25519_KEY_IMPORT
NO_CURVE25519_SHARED_SECRET
NO_CURVE448_KEY_EXPORT
NO_CURVE448_KEY_IMPORT
NO_CURVE448_SHARED_SECRET
NO_DEV_URANDOM
NO_ECC384
NO_ECC521
NO_ECC_CACHE_CURVE
NO_ECC_CHECK_KEY
NO_ECC_KEY_IMPORT
NO_ECC_MAKE_PUB
NO_ED25519_CLIENT_AUTH
NO_ED25519_KEY_EXPORT
NO_ED25519_KEY_IMPORT
NO_ED25519_MAKE_KEY
NO_ED25519_SIGN
NO_ED25519_VERIFY
NO_ED448_CLIENT_AUTH
NO_ED448_KEY_EXPORT
NO_ED448_KEY_IMPORT
NO_ED448_SIGN
NO_ED448_VERIFY
NO_ESP_MP_MUL_EVEN_ALT_CALC
NO_FORCE_SCR_SAME_SUITE
NO_GCM_ENCRYPT_EXTRA
NO_GETENV
NO_HANDSHAKE_DONE_CB
NO_IMX6_CAAM_AES
NO_IMX6_CAAM_HASH
NO_OLD_NAMES
NO_OLD_POLY1305
NO_OLD_TIMEVAL_NAME
NO_PBKDF1
NO_PIC32MZ_CRYPT
NO_PIC32MZ_HASH
NO_PIC32MZ_RNG
NO_PKCS11_AES
NO_PKCS11_AESCBC
NO_PKCS11_AESGCM
NO_PKCS11_ECC
NO_PKCS11_ECDH
NO_PKCS11_EC_KEYGEN
NO_PKCS11_HMAC
NO_PKCS11_RNG
NO_PKCS11_RSA
NO_PKCS11_RSA_PKCS
NO_PKCS7
NO_PKCS7_COMPRESSED_DATA
NO_PKCS7_ENCRYPTED_DATA
NO_PKCS7_STREAM
NO_POLY1305_ASM
NO_PUBLIC_CCM_SET_NONCE
NO_PUBLIC_GCM_SET_IV
NO_RESUME_SUITE_CHECK
NO_RNG
NO_RNG_MUTEX
NO_SESSION_CACHE_ROW_LOCK
NO_SKID
NO_SKIP_PREVIEW
NO_STDIO_FGETS_REMAP
NO_TKERNEL_MEM_POOL
NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
NO_VERIFY_OID
NO_WC_SSIZE_TYPE
NO_WOLFSSL_ALLOC_ALIGN
NO_WOLFSSL_AUTOSAR_CRYIF
NO_WOLFSSL_AUTOSAR_CRYPTO
NO_WOLFSSL_AUTOSAR_CSM
NO_WOLFSSL_BASE64_DECODE
NO_WOLFSSL_MSG_EX
NO_WOLFSSL_RENESAS_FSPSM_AES
NO_WOLFSSL_RENESAS_FSPSM_HASH
NO_WOLFSSL_RENESAS_TSIP_CRYPT_AES
NO_WOLFSSL_SHA256
NO_WOLFSSL_SHA256_INTERLEAVE
NO_WOLFSSL_SHA512_INTERLEAVE
NO_WOLFSSL_SKIP_TRAILING_PAD
NO_WOLFSSL_SMALL_STACK_STATIC
NO_WOLFSSL_XILINX_TAG_MALLOC
NRF52
NRF52_SERIES
NRF_ERROR_MODULE_ALREADY_INITIALIZED
OLD_HELLO_ALLOWED
OPENSSL_EXTRA_BSD
OPENSSL_EXTRA_NO_ASN1
OPENSSL_EXTRA_NO_BN
OPENSSL_NO_PK
OS_WINDOWS
OTHERBOARD
OTHER_BOARD
PEER_INFO
PKA_ECC_SCALAR_MUL_IN_B_COEFF
PLATFORMIO
PLUTON_CRYPTO_ECC
PRINT_SESSION_STATS
PTHREAD_STACK_MIN
QAT_ENABLE_HASH
QAT_ENABLE_RNG
QAT_USE_POLLING_CHECK
RC_NO_RNG
REDIRECTION_IN3_KEYELMID
REDIRECTION_IN3_KEYID
REDIRECTION_OUT1_KEYELMID
REDIRECTION_OUT1_KEYID
REDIRECTION_OUT2_KEYELMID
REDIRECTION_OUT2_KEYID
RENESAS_T4_USE
RTC_ALARMSUBSECONDMASK_ALL
RTE_CMSIS_RTOS_RTX
RTOS_MODULE_NET_AVAIL
RTPLATFORM
SA_INTERRUPT
SCEKEY_INSTALLED
SHA256_MANY_REGISTERS
SHA3_BY_SPEC
SHOW_CERTS
SHOW_GEN
SHOW_SIZES
SHOW_SSID_AND_PASSWORD
SIM_SCGC3_RNGA_MASK
SIM_SCGC5_PORTC_MASK
SIM_SCGC5_PORTD_MASK
SIM_SCGC5_PORTE_MASK
SIM_SCGC6_RNGA_MASK
SL_SE_KEY_TYPE_ECC_P384
SL_SE_KEY_TYPE_ECC_P521
SL_SE_KEY_TYPE_ECC_X25519
SL_SE_KEY_TYPE_ECC_X448
SL_SE_PRF_HMAC_SHA1
SOFTDEVICE_PRESENT
SO_NOSIGPIPE
SO_REUSEPORT
SP_INT_NO_ASM
SP_MATH_NEED_ADD_OFF
SP_USE_DIVTI3
SQRTMOD_USE_MOD_EXP
SSL_SNIFFER_EXPORTS
SSN_BUILDING_LIBYASSL
STATIC_CHUNKS_ONLY
STM32F107xC
STM32F207xx
STM32F217xx
STM32F401xE
STM32F407xx
STM32F437xx
STM32F756xx
STM32F777xx
STM32G071xx
STM32G491xx
STM32H563xx
STM32H723xx
STM32H725xx
STM32H743xx
STM32H753xx
STM32L475xx
STM32L4A6xx
STM32L552xx
STM32L562xx
STM32MP135Fxx
STM32U575xx
STM32U585xx
STM32U5A9xx
STM32WB55xx
STM32WL55xx
STM32_AESGCM_PARTIAL
STM32_HW_CLOCK_AUTO
STM32_NUTTX_RNG
TASK_EXTRA_STACK_SIZE
TCP_NODELAY
TFM_ALREADY_SET
TFM_SMALL_MONT_SET
THREADED_SNIFFTEST
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX
USER_MATH_LIB
USE_ALT_MPRIME
USE_ANY_ADDR
USE_CERT_BUFFERS_25519
USE_CERT_BUFFERS_3072
USE_ECDSA_KEYSZ_HASH_ALGO
USE_FULL_ASSERT
USE_HAL_DRIVER
USE_NXP_LTC
USE_NXP_MMCAU
USE_QAE_THREAD_LS
USE_SECRET_CALLBACK
USE_STSAFE_RNG_SEED
USE_STSAFE_VERBOSE
USE_TLSV13
USE_WOLF_STRNSTR
USS_API
WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
WC_AES_BS_WORD_SIZE
WC_AES_GCM_DEC_AUTH_EARLY
WC_ASN_HASH_SHA256
WC_ASYNC_ENABLE_3DES
WC_ASYNC_ENABLE_AES
WC_ASYNC_ENABLE_ARC4
WC_ASYNC_ENABLE_DH
WC_ASYNC_ENABLE_ECC
WC_ASYNC_ENABLE_ECC_KEYGEN
WC_ASYNC_ENABLE_HMAC
WC_ASYNC_ENABLE_MD5
WC_ASYNC_ENABLE_RSA
WC_ASYNC_ENABLE_RSA_KEYGEN
WC_ASYNC_ENABLE_SHA
WC_ASYNC_ENABLE_SHA224
WC_ASYNC_ENABLE_SHA256
WC_ASYNC_ENABLE_SHA3
WC_ASYNC_ENABLE_SHA384
WC_ASYNC_ENABLE_SHA512
WC_ASYNC_NO_CRYPT
WC_ASYNC_NO_HASH
WC_DILITHIUM_CACHE_PRIV_VECTORS
WC_DILITHIUM_CACHE_PUB_VECTORS
WC_DILITHIUM_FIXED_ARRAY
WC_DISABLE_RADIX_ZERO_PAD
WC_ECC_NONBLOCK_ONLY
WC_KDF_NIST_SP_800_56C
WC_LMS_FULL_HASH
WC_NO_RNG_SIMPLE
WC_NO_STATIC_ASSERT
WC_PKCS11_FIND_WITH_ID_ONLY
WC_PROTECT_ENCRYPTED_MEM
WC_RNG_BLOCKING
WC_RSA_DIRECT
WC_RSA_NONBLOCK
WC_RSA_NONBLOCK_TIME
WC_RSA_NO_FERMAT_CHECK
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
WC_SHA512_DIGEST_SIZE
WC_SSIZE_TYPE
WC_STRICT_SIG
WC_XMSS_FULL_HASH
WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
WOLFSENTRY_H
WOLFSENTRY_NO_JSON
WOLFSSL_32BIT_MILLI_TIME
WOLFSSL_AESNI_BY4
WOLFSSL_AESNI_BY6
WOLFSSL_AFTER_DATE_CLOCK_SKEW
WOLFSSL_ALGO_HW_MUTEX
WOLFSSL_ALLOW_CRIT_AIA
WOLFSSL_ALLOW_CRIT_AKID
WOLFSSL_ALLOW_CRIT_SKID
WOLFSSL_ALLOW_ENCODING_CA_FALSE
WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
WOLFSSL_ALLOW_NO_CN_IN_SAN
WOLFSSL_ALLOW_NO_SUITES
WOLFSSL_ALLOW_SERVER_SC_EXT
WOLFSSL_ALLOW_TLS_SHA1
WOLFSSL_ALTERNATIVE_DOWNGRADE
WOLFSSL_ALT_NAMES_NO_REV
WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ASNC_CRYPT
WOLFSSL_ASN_EXTRA
WOLFSSL_ASN_INT_LEAD_0_ANY
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_ATECC508
WOLFSSL_ATECC508A_NOIDLE
WOLFSSL_ATECC508A_NOSOFTECC
WOLFSSL_ATECC508A_TLS
WOLFSSL_ATECC_ECDH_IOENC
WOLFSSL_ATECC_NO_ECDH_ENC
WOLFSSL_ATECC_RNG
WOLFSSL_ATECC_TFLXTLS
WOLFSSL_ATECC_TNGTLS
WOLFSSL_ATMEL
WOLFSSL_ATMEL_TIME
WOLFSSL_BEFORE_DATE_CLOCK_SKEW
WOLFSSL_BIGINT_TYPES
WOLFSSL_BIO_NO_FLOW_STATS
WOLFSSL_BLAKE2B_INIT_EACH_FIELD
WOLFSSL_BLAKE2S_INIT_EACH_FIELD
WOLFSSL_BLIND_PRIVATE_KEY
WOLFSSL_BYTESWAP32_ASM
WOLFSSL_CAAM_BLACK_KEY_AESCCM
WOLFSSL_CAAM_BLACK_KEY_SM
WOLFSSL_CAAM_NO_BLACK_KEY
WOLFSSL_CALLBACKS
WOLFSSL_CHECK_DESKEY
WOLFSSL_CHECK_MEM_ZERO
WOLFSSL_CHIBIOS
WOLFSSL_CLANG_TIDY
WOLFSSL_COMMERCIAL_LICENSE
WOLFSSL_CONTIKI
WOLFSSL_CRL_ALLOW_MISSING_CDP
WOLFSSL_DILITHIUM_ASSIGN_KEY
WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
WOLFSSL_DILITHIUM_NO_ASN1
WOLFSSL_DILITHIUM_NO_CHECK_KEY
WOLFSSL_DILITHIUM_NO_LARGE_CODE
WOLFSSL_DILITHIUM_NO_MAKE
WOLFSSL_DILITHIUM_REVERSE_HASH_OID
WOLFSSL_DILITHIUM_SIGN_CHECK_W0
WOLFSSL_DILITHIUM_SIGN_CHECK_Y
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM
WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
WOLFSSL_DTLS_DISALLOW_FUTURE
WOLFSSL_DTLS_DROP_STATS
WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT
WOLFSSL_DUMP_MEMIO_STREAM
WOLFSSL_DUP_CERTPOL
WOLFSSL_ECC_BLIND_K
WOLFSSL_ECC_GEN_REJECT_SAMPLING
WOLFSSL_ECC_NO_SMALL_STACK
WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED
WOLFSSL_ECDHX_SHARED_NOT_ZERO
WOLFSSL_ECDSA_MATCH_HASH
WOLFSSL_ECDSA_SET_K_ONE_LOOP
WOLFSSL_EC_POINT_CMP_JACOBIAN
WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
WOLFSSL_EMNET
WOLFSSL_ESPWROOM32
WOLFSSL_EVP_PRINT
WOLFSSL_EXPORT_INT
WOLFSSL_EXPORT_SPC_SZ
WOLFSSL_EXTRA
WOLFSSL_FORCE_OCSP_NONCE_CHECK
WOLFSSL_FRDM_K64
WOLFSSL_FRDM_K64_JENKINS
WOLFSSL_FUNC_TIME
WOLFSSL_FUNC_TIME_LOG
WOLFSSL_GEN_CERT
WOLFSSL_GETRANDOM
WOLFSSL_GNRC
WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
WOLFSSL_I2D_ECDSA_SIG_ALLOC
WOLFSSL_IAR_ARM_TIME
WOLFSSL_IGNORE_BAD_CERT_PATH
WOLFSSL_IMX6
WOLFSSL_IMX6_CAAM
WOLFSSL_IMX6_CAAM_BLOB
WOLFSSL_IMX6_CAAM_RNG
WOLFSSL_IMXRT_DCP
WOLFSSL_ISOTP
WOLFSSL_KEIL
WOLFSSL_KEIL_NET
WOLFSSL_KYBER_INVNTT_UNROLL
WOLFSSL_KYBER_NO_LARGE_CODE
WOLFSSL_KYBER_NTT_UNROLL
WOLFSSL_LIB
WOLFSSL_LMS_CACHE_BITS
WOLFSSL_LMS_FULL_HASH
WOLFSSL_LMS_LARGE_CACHES
WOLFSSL_LMS_MAX_HEIGHT
WOLFSSL_LMS_MAX_LEVELS
WOLFSSL_LMS_NO_SIG_CACHE
WOLFSSL_LMS_ROOT_LEVELS
WOLFSSL_LPC43xx
WOLFSSL_MAKE_SYSTEM_NAME_LINUX
WOLFSSL_MAKE_SYSTEM_NAME_WSL
WOLFSSL_MDK5
WOLFSSL_MEM_FAIL_COUNT
WOLFSSL_MONT_RED_CT
WOLFSSL_MP_COND_COPY
WOLFSSL_MP_INVMOD_CONSTANT_TIME
WOLFSSL_MULTICIRCULATE_ALTNAMELIST
WOLFSSL_NONBLOCK_OCSP
WOLFSSL_NOSHA3_384
WOLFSSL_NOT_WINDOWS_API
WOLFSSL_NO_BIO_ADDR_IN
WOLFSSL_NO_CLIENT
WOLFSSL_NO_CLIENT_CERT_ERROR
WOLFSSL_NO_COPY_CERT
WOLFSSL_NO_COPY_KEY
WOLFSSL_NO_CRL_DATE_CHECK
WOLFSSL_NO_CRL_NEXT_DATE
WOLFSSL_NO_DECODE_EXTRA
WOLFSSL_NO_DER_TO_PEM
WOLFSSL_NO_DH186
WOLFSSL_NO_DTLS_SIZE_CHECK
WOLFSSL_NO_ETM_ALERT
WOLFSSL_NO_FENCE
WOLFSSL_NO_FSEEK
WOLFSSL_NO_INIT_CTX_KEY
WOLFSSL_NO_ISSUERHASH_TDPEER
WOLFSSL_NO_KCAPI_AES_CBC
WOLFSSL_NO_KCAPI_HMAC_SHA1
WOLFSSL_NO_KCAPI_HMAC_SHA224
WOLFSSL_NO_KCAPI_HMAC_SHA256
WOLFSSL_NO_KCAPI_HMAC_SHA384
WOLFSSL_NO_KCAPI_HMAC_SHA512
WOLFSSL_NO_KCAPI_SHA224
WOLFSSL_NO_OCSP_DATE_CHECK
WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK
WOLFSSL_NO_OCSP_OPTIONAL_CERTS
WOLFSSL_NO_PUBLIC_FFDHE
WOLFSSL_NO_RSA_KEY_CHECK
WOLFSSL_NO_SERVER_GROUPS_EXT
WOLFSSL_NO_SESSION_STATS
WOLFSSL_NO_SIGALG
WOLFSSL_NO_SOCKADDR_UN
WOLFSSL_NO_SPHINCS
WOLFSSL_NO_STRICT_CIPHER_SUITE
WOLFSSL_NO_TICKET_EXPIRE
WOLFSSL_NO_TRUSTED_CERTS_VERIFY
WOLFSSL_NO_XOR_OPS
WOLFSSL_NRF51_AES
WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
WOLFSSL_OLD_SET_CURVES_LIST
WOLFSSL_OLD_UNSUPPORTED_EXTENSION
WOLFSSL_OPTIONS_IGNORE_SYS
WOLFSSL_PASSTHRU_ERR
WOLFSSL_PB
WOLFSSL_PEER_ADDRESS_CHANGES
WOLFSSL_PKCS11_RW_TOKENS
WOLFSSL_PRCONNECT_PRO
WOLFSSL_PREFIX
WOLFSSL_PSA_NO_AES
WOLFSSL_PSA_NO_HASH
WOLFSSL_PSA_NO_PKCB
WOLFSSL_PSA_NO_PKCBS
WOLFSSL_PSA_NO_RNG
WOLFSSL_PSK_IDENTITY_ALERT
WOLFSSL_PSK_ID_PROTECTION
WOLFSSL_PSK_MULTI_ID_PER_CS
WOLFSSL_PSK_TLS13_CB
WOLFSSL_PSOC6_CRYPTO
WOLFSSL_PYTHON
WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY
WOLFSSL_RENESAS_RA6M3
WOLFSSL_RENESAS_RA6M3G
WOLFSSL_RENESAS_RSIP
WOLFSSL_RENESAS_RZN2L
WOLFSSL_RENESAS_TLS
WOLFSSL_RENESAS_TSIP_CRYPTONLY
WOLFSSL_RENESAS_TSIP_IAREWRX
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
WOLFSSL_RSA_DECRYPT_TO_0_LEN
WOLFSSL_RW_THREADED
WOLFSSL_SAKKE_SMALL
WOLFSSL_SAKKE_SMALL_MODEXP
WOLFSSL_SE050_CRYPT
WOLFSSL_SE050_HASH
WOLFSSL_SE050_INIT
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
WOLFSSL_SETTINGS_FILE
WOLFSSL_SH224
WOLFSSL_SHA256_ALT_CH_MAJ
WOLFSSL_SHUTDOWNONCE
WOLFSSL_SILABS_TRNG
WOLFSSL_SM4_EBC
WOLFSSL_SNIFFER_NO_RECOVERY
WOLFSSL_SP_ARM32_UDIV
WOLFSSL_SP_DH
WOLFSSL_SP_FAST_NCT_EXPTMOD
WOLFSSL_SP_INT_SQR_VOLATILE
WOLFSSL_STACK_CHECK
WOLFSSL_STM32F427_RNG
WOLFSSL_STM32_RNG_NOLIB
WOLFSSL_STRONGEST_HASH_SIG
WOLFSSL_STSAFE_TAKES_SLOT
WOLFSSL_TELIT_M2MB
WOLFSSL_THREADED_CRYPT
WOLFSSL_TICKET_DECRYPT_NO_CREATE
WOLFSSL_TICKET_ENC_AES128_GCM
WOLFSSL_TICKET_ENC_AES256_CBC
WOLFSSL_TICKET_ENC_AES256_GCM
WOLFSSL_TICKET_ENC_CBC_HMAC
WOLFSSL_TICKET_ENC_CHACHA20_POLY1305
WOLFSSL_TICKET_ENC_HMAC_SHA384
WOLFSSL_TICKET_ENC_HMAC_SHA512
WOLFSSL_TI_CURRTIME
WOLFSSL_TLS13_DRAFT
WOLFSSL_TLS13_IGNORE_AEAD_LIMITS
WOLFSSL_TLS13_MIDDLEBOX_COMPAT
WOLFSSL_TLS13_SHA512
WOLFSSL_TLS13_TICKET_BEFORE_FINISHED
WOLFSSL_TRACK_MEMORY_FULL
WOLFSSL_TRAP_MALLOC_SZ
WOLFSSL_UNALIGNED_64BIT_ACCESS
WOLFSSL_USER_FILESYSTEM
WOLFSSL_USER_LOG
WOLFSSL_USER_MUTEX
WOLFSSL_USER_THREADING
WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
WOLFSSL_USE_FLASHMEM
WOLFSSL_USE_OPTIONS_H
WOLFSSL_USE_POPEN_HOST
WOLFSSL_VALIDATE_DH_KEYGEN
WOLFSSL_WC_XMSS_NO_SHA256
WOLFSSL_WC_XMSS_NO_SHAKE256
WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME
WOLFSSL_X509_STORE_CERTS
WOLFSSL_X509_TRUSTED_CERTIFICATE_CALLBACK
WOLFSSL_XFREE_NO_NULLNESS_CHECK
WOLFSSL_XILINX_CRYPTO_OLD
WOLFSSL_XILINX_PATCH
WOLFSSL_XIL_MSG_NO_SLEEP
WOLFSSL_XMSS_LARGE_SECRET_KEY
WOLFSSL_ZEPHYR
WOLFSS_SP_MATH_ALL
WOLF_ALLOW_BUILTIN
WOLF_CONF_IO
WOLF_CONF_KYBER
WOLF_CONF_PK
WOLF_CONF_RESUMPTION
WOLF_CONF_TPM
WOLF_CRYPTO_CB_CMD
WOLF_CRYPTO_CB_FIND
WOLF_CRYPTO_CB_ONLY_ECC
WOLF_CRYPTO_CB_ONLY_RSA
WOLF_CRYPTO_CB_RSA_PAD
WOLF_CRYPTO_DEV
WOLF_NO_TRAILING_ENUM_COMMAS
WOLSSL_OLD_TIMINGPADVERIFY
XGETPASSWD
XMSS_CALL_PRF_KEYGEN
XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
XSECURE_CACHE_DISABLE
_ABI64
_ABIO64
_ARCH_PPC64
_COMPILER_VERSION
_INTPTR_T_DECLARED
_LP64
_MSC_VER
_MSVC_LANG
_M_ARM64
_M_X64
_NETOS
_POSIX_C_SOURCE
_SDCC_VERSION_PATCHLEVEL
_SH3
_SILICON_LABS_SECURITY_FEATURE
_SOCKLEN_T
_SYS_DEVCON_LOCAL_H
_TIME_HELPER_H
_UINTPTR_T_DECLARED
_WIN32
_WIN32_WCE
_WIN64
__32MZ2048ECH144__
__32MZ2048ECM144__
__32MZ2048EFM144__
__ANDROID__
__APPLE__
__ARCH_STRCASECMP_NO_REDIRECT
__ARCH_STRCMP_NO_REDIRECT
__ARCH_STRNCASECMP_NO_REDIRECT
__ARCH_STRNCAT_NO_REDIRECT
__ARCH_STRNCMP_NO_REDIRECT
__ARCH_STRNCPY_NO_REDIRECT
__ARCH_STRSTR_NO_REDIRECT
__ARM_ARCH_7M__
__ARM_FEATURE_CRYPTO
__ASSEMBLER__
__ATOMIC_RELAXED
__AVR__
__BCPLUSPLUS__
__BIG_ENDIAN__
__BORLANDC__
__CCRX__
__COMPILER_VER__
__CYGWIN__
__DATE__
__DCACHE_PRESENT
__DCC__
__DECC_VER
__ELF__
__EMSCRIPTEN__
__FPU_PRESENT
__FreeBSD__
__GLIBC__
__GNUC_MINOR__
__GNUC__
__HP_cc
__IAR_SYSTEMS_ICC__
__ICCARM__
__ILP32__
__INCLUDE_NUTTX_CONFIG_H
__INTEGRITY
__INTEL_COMPILER
__KEIL__
__KEY_DATA_H__
__LP64
__LP64__
__MACH__
__MICROBLAZE__
__MINGW32__
__MINGW64_VERSION_MAJOR
__MINGW64__
__MWERKS__
__PIE__
__POWERPC__
__PPC__
__PPU
__QNXNTO__
__QNX__
__ROPI__
__SAM3A4C__
__SAM3A8C__
__SAM3A8H__
__SAM3X4C__
__SAM3X4E__
__SAM3X8C__
__SAM3X8E__
__SANITIZE_ADDRESS__
__SDCC_VERSION_MAJOR
__SDCC_VERSION_MINOR
__SDCC_VERSION_PATCH
__SIZEOF_INT128__
__SIZEOF_LONG_LONG__
__STDC_VERSION__
__STDC__
__STM32__
__STRICT_ANSI__
__SUNPRO_C
__SUNPRO_CC
__SVR4
__TI_COMPILER_VERSION__
__TURBOC__
__USE_GNU
__USE_MISC
__USE_XOPEN2K
__WATCOMC__
__WATCOM_INT64__
__XC32
__XTENSA__
__aarch64__
__alpha__
__arch64__
__arm__
__clang__
__clang_major__
__cplusplus
__ghc__
__ghs__
__hpux__
__i386
__i386__
__ia64__
__linux__
__llvm__
__mips
__mips64
__must_check
__ppc64__
__ppc__
__riscv
__riscv_xlen
__s390x__
__sparc64__
__sun
__svr4__
__thumb__
__ti__
__x86_64__
byte
configTICK_RATE_HZ
fallthrough
noinline
ssize_t
sun
versal
wc_Tls13_HKDF_Expand_Label

2788
CMakeLists.txt
View File

File diff suppressed because it is too large Load Diff

1
ChangeLog Normal file
View File

@@ -0,0 +1 @@
Please see the file 'README' in this directory.

5031
ChangeLog.md
View File

File diff suppressed because it is too large Load Diff

58
Docker/Dockerfile
View File

@@ -1,58 +0,0 @@
ARG DOCKER_BASE_IMAGE=ubuntu:22.04
FROM $DOCKER_BASE_IMAGE
USER root
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl android-tools-adb usbutils shellcheck"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
# Add 'docker' user
ARG USER=docker
ARG UID=1000
ARG GID=1000
RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
# Add github.com as an SSH known host
RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
# install ccache
RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
ENV PATH /opt/ccache/bin:$PATH
# install liboqs
RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && cd liboqs && git checkout db08f12b5a96aa6582a82aac7f65cf8a4d8b231f \
&& mkdir build && cd build && cmake -DOQS_DIST_BUILD=ON -DOQS_USE_CPUFEATURE_INSTRUCTIONS=OFF -DOQS_USE_OPENSSL=0 .. && make -j8 all && make install && cd ../.. && rm -rf liboqs
RUN mkdir /opt/sources
# install liblms
RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
&& sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
# Install udp/tcp-proxy
RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
# Install libbacktrace
RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
# Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
# Add in Jenkins userID
RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
USER ${UID}:${GID}

11
Docker/Dockerfile.cross-compiler
View File

@@ -1,11 +0,0 @@
ARG DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder
FROM $DOCKER_BASE_IMAGE
USER root
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
RUN DEBIAN_FRONTEND=noninteractive apt update \
&& apt install -y ${DEPS_TESTING} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
USER docker

12
Docker/OpenWrt/Dockerfile
View File

@@ -1,12 +0,0 @@
# This Dockerfile is used in conjunction with the docker-OpenWrt.yml GitHub Action.
ARG DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-snapshot
FROM $DOCKER_BASE_CONTAINER
RUN mkdir -p /var/lock # Fix for parent container
COPY libwolfssl.so /tmp/libwolfssl.so
RUN export LIBWOLFSSL=$(ls /usr/lib/libwolfssl.so.* -1); \
rm ${LIBWOLFSSL} && ln -s /tmp/libwolfssl.so ${LIBWOLFSSL}
# for debugging purposes to make sure the correct library is tested
RUN ls -Ll /usr/lib/libwolfssl* && ldd /lib/libustream-ssl.so | grep wolfssl
COPY runTests.sh /tmp/.
RUN /tmp/runTests.sh

13
Docker/OpenWrt/README.md
View File

@@ -1,13 +0,0 @@
This container is really only useful in conjunction with the GitHub Workflow
found in .github/workflows/docker-OpenWrt.yml. The idea is that we will
compile a new libwolfssl that gets placed in official OpenWrt containers to
run some tests ensuring the library is still compatible with existing
binaries.
To run the test locally, build libwolfssl.so (or download from the GitHub Action)
and put it in Docker/OpenWrt. Then switch to that folder and run:
docker build -t openwrt --build-args DOCKER_BASE_CONTAINER=<openwrtContainer> .
where 'openwrtContainer' => "openwrt/rootfs:x86-64-22.03-SNAPSHOT" or similar
This should run some sample tests. The resulting container then can be used to
evaluate OpenWrt with the latest wolfSSL library.

27
Docker/OpenWrt/runTests.sh
View File

@@ -1,27 +0,0 @@
#!/bin/sh
runCMD() { # usage: runCMD "<command>" "<retVal>"
TMP_FILE=$(mktemp)
eval $1 > $TMP_FILE 2>&1
RETVAL=$?
if [ "$RETVAL" != "$2" ]; then
echo "Command ($1) returned ${RETVAL}, but expected $2. Error output:"
cat $TMP_FILE
exit 1
fi
}
# Successful tests
runCMD "ldd /lib/libustream-ssl.so" 0
# Temporary workaround: comment out missing kmods repo line for 21.02 specifically.
# Remove after fixed upstream.
runCMD "sed '\/src\/gz openwrt_kmods https:\/\/downloads.openwrt.org\/releases\/21.02-SNAPSHOT\/targets\/x86\/64\/kmods\/5.4.238-1-5a722da41bc36de95a7195be6fce1b45/s//#&/' -i /etc/opkg/distfeeds.conf" 0
runCMD "opkg update" 0
runCMD "uclient-fetch 'https://letsencrypt.org'" 0
# Negative tests
runCMD "uclient-fetch --ca-certificate=/dev/null 'https://letsencrypt.org'" 5
runCMD "uclient-fetch 'https://self-signed.badssl.com/'" 5
runCMD "uclient-fetch 'https://untrusted-root.badssl.com/'" 5
runCMD "uclient-fetch 'https://expired.badssl.com/'" 5
echo "All tests passed."

16
Docker/README.md
View File

@@ -1,16 +0,0 @@
# Overview
This is a Docker environment for compiling, testing and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
# Docker Hub
These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
# FAQ
## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
## Unable to access symlinked files outside of WolfSSL
The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.

56
Docker/buildAndPush.sh
View File

@@ -1,56 +0,0 @@
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
DOCKER_BUILD_OPTIONS="$1"
if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
echo "Building wolfssl/wolfssl-builder:${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${WOLFSSL_DIR}/Docker" && \
docker tag wolfssl/wolfssl-builder:${CUR_DATE} wolfssl/wolfssl-builder:latest && \
docker build --build-arg DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder:${CUR_DATE} -t wolfssl/testing-cross-compiler:${CUR_DATE} "${WOLFSSL_DIR}/Docker" -f Dockerfile.cross-compiler && \
docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
if [ $? -eq 0 ]; then
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
((NUM_FAILURES++))
fi
echo "Building wolfssl/wolfCLU:${CUR_DATE}"
DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
if [ $? -eq 0 ]; then
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfclu failed. Continuing"
((NUM_FAILURES++))
fi
echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

13
Docker/include.am
View File

@@ -1,13 +0,0 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= Docker/Dockerfile
EXTRA_DIST+= Docker/Dockerfile.cross-compiler
EXTRA_DIST+= Docker/run.sh
EXTRA_DIST+= Docker/README.md
ignore_files+=Docker/buildAndPush.sh
ignore_files+=Docker/OpenWRT/Dockerfile
ignore_files+=Docker/OpenWRT/runTests.sh
ignore_files+=Docker/OpenWRT/README.md

6
Docker/packaging/debian/Dockerfile
View File

@@ -1,6 +0,0 @@
FROM debian:latest
RUN apt-get -y update
RUN apt-get -y upgrade
RUN apt-get install -y build-essential autoconf gawk debhelper lintian

3
Docker/packaging/fedora/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM fedora:latest
RUN dnf install -y make automake gcc rpmdevtools

14
Docker/run.sh
View File

@@ -1,14 +0,0 @@
#!/usr/bin/env bash
echo "Running with \"${*}\"..."
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
docker build -t wolfssl/wolfssl-builder --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash
exitval=$?
echo "Exited with error code $exitval"
exit $exitval

26
Docker/wolfCLU/Dockerfile
View File

@@ -1,26 +0,0 @@
ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu AS builder
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
ARG NUM_CPU=16
# This arg is to force a rebuild starting from this line
ARG DUMMY=date
# install wolfssl
RUN DUMMY=${DUMMY} git clone --depth=1 --single-branch --branch=master http://github.com/wolfssl/wolfssl && cd wolfssl && ./autogen.sh && ./configure --enable-all && make -j $NUM_CPU && make install && ldconfig
# install wolfCLU
RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/wolfCLU && cd wolfCLU && ./autogen.sh && ./configure && make -j $NUM_CPU && make install
FROM ${DOCKER_BASE_IMAGE}
USER root
COPY --from=builder /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=builder /usr/local/bin/wolfssl* /usr/local/bin/
RUN ldconfig
ENTRYPOINT ["/usr/local/bin/wolfssl"]
LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
LABEL org.opencontainers.image.description="Simple wolfCLU in a container"

10
Docker/wolfCLU/README.md
View File

@@ -1,10 +0,0 @@
This is a small container that has wolfCLU installed for quick access. To build your own run the following:
```
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
```
To run the container, you can use:
```
docker run -it --rm -v $(pwd):/ws -w /ws wolfclu version
```
This command will allow you to use the certs/keys in your local directory.

29
Docker/yocto/Dockerfile
View File

@@ -1,29 +0,0 @@
FROM ubuntu
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US.UTF-8
# Add in non-root user
ENV UID_OF_DOCKERUSER 1000
RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
USER dockerUser
RUN cd /opt && git clone git://git.yoctoproject.org/poky
WORKDIR /opt/poky
ARG YOCTO_VERSION=kirkstone
RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
# This arg is to be able to force a rebuild starting from this line
ARG DUMMY=date
RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
/bin/bash -c "source oe-init-build-env" && \
echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"

27
Docker/yocto/buildAndPush.sh
View File

@@ -1,27 +0,0 @@
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker/yocto
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
DOCKER_BUILD_OPTIONS="$1"
if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
for ver in kirkstone langdale scarthgap; do
echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
else
echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
((NUM_FAILURES++))
fi
done
echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

19
IDE/ARDUINO/Arduino_README_prepend.md
View File

@@ -1,19 +0,0 @@
# Arduino wolfSSL Library
This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
## Arduino Releases
This release of wolfSSL is version [5.7.4](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.4-stable).
Version [5.7.2](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable) of the Arduino wolfSSL was published August 3, 2024.
The next Official wolfSSL Arduino Library was [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

194
IDE/ARDUINO/README.md
View File

@@ -1,181 +1,25 @@
# wolfSSL with Arduino
### wolfSSL with Arduino
See the [example sketches](./sketches/README.md):
##### Reformatting wolfSSL as a compatible Arduino Library
This is a shell script that will re-organize the wolfSSL library to be
compatible with Arduino projects. The Arduino IDE requires a library's source
files to be in the library's root directory with a header file in the name of
the library. This script moves all src/ files to the root wolfssl directory and
creates a stub header file called wolfssl.h.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
Step 1: To configure wolfSSL with Arduino, enter the following from within the
wolfssl/IDE/ARDUINO directory:
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started) .
```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
```
## Using wolfSSL from the Arduino IDE
The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
This option will allow wolfSSL to be installed directly using the native Arduino tools.
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
The Arduino IDE requires a library's source files to be in the library's root directory with a
header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
directory and creates a stub header file called `wolfssl.h` inside that directory.
### Step 1:
To configure wolfSSL with Arduino, enter ONE of the following 4 commands
from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory
- Moves that directory to the Arduino library directory:
- `$HOME/Arduino/libraries` for most bash environments
- `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- The wolfSSL library is now available from the Arduino IDE.
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`
### Step 2:
Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
Add any other custom settings. For a good start see the examples in wolfssl root
"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)"
### Step 3:
If you experience any issues with custom `user_settings.h` see the wolfssl
porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
If you have any issues contact support@wolfssl.com for help.
# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
1. In the Arduino IDE:
The wolfSSL library should automatically be detected when found in the `libraries`
directory.
- In `Sketch -> Include Library` choose wolfSSL for new sketches.
./wolfssl-arduino.sh
##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
Step 2: Edit <wolfssl-root>/wolfssl/wolfcrypt/settings.h uncomment the define for
WOLFSSL_ARDUINO
1. In the Arduino IDE:
- In `Sketch -> Include Library -> Add .ZIP Library...` and choose the
`IDE/ARDUNIO/wolfSSL` folder.
- In `Sketch -> Include Library` choose wolfSSL.
##### wolfSSL Examples
Open an example Arduino sketch for wolfSSL:
- wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
- wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
#### Script Examples
Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
```bash
# Change to the wolfSSL Arduino IDE directory
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
# remove current Arduino wolfSSL library
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
# Install wolfSSL as an Arduino library
./wolfssl-arduino.sh INSTALL
```
Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
```
Publish wolfSSL from WSL to default Windows local library.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL
```
Test the TLS server by running a local command-line client.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./examples/client/client -h 192.168.1.43 -p 11111 -v 3
```
Build wolfSSL to include wolfSSH support to an alternate development directory.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
make
make install
```
Build wolfSSH with wolfSSL not installed to default directory.
```bash
cd /mnt/c/workspace/wolfssh-$USER
./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
make
./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
```
Test the current wolfSSL.
```bash
cd /mnt/c/workspace/wolfssl-arduino
git status
./autogen.sh
./configure --enable-all
make clean
make && make test
```
Build and run `testwolfcrypt`.
```bash
./autogen.sh
./configure --enable-all
make clean && make && ./wolfcrypt/test/testwolfcrypt
```
also uncomment the define for INTEL_GALILEO if building for that platform
#####Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
1. Copy the wolfSSL directory into Arduino/libraries (or wherever Arduino searches for libraries).
2. In the Arduino IDE:
- Go to ```Sketch > Include Libraries > Manage Libraries```. This refreshes your changes to the libraries.
- Next go to ```Sketch > Include Libraries > wolfSSL```. This includes wolfSSL in your sketch.

11
IDE/ARDUINO/include.am
View File

@@ -3,15 +3,6 @@
# All paths should be given relative to the root
EXTRA_DIST+= IDE/ARDUINO/README.md
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

21
IDE/ARDUINO/keywords.txt
View File

@@ -1,21 +0,0 @@
# Syntax Coloring Map For wolfSSL
# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
#
# Be sure to use tabs, not spaces. This might help:
# tr ' ' '\t' < keywords1.txt > keywords.txt
#=============================================
# Datatypes (KEYWORD1)
#=============================================
#=============================================
# Methods and Functions (KEYWORD2)
#=============================================
wolfSSL_SetIORecv KEYWORD1
#=============================================
# Instances (KEYWORD2)
#=============================================
ctx KEYWORD2

9
IDE/ARDUINO/library.properties.template
View File

@@ -1,9 +0,0 @@
name=wolfssl
version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
author=wolfSSL Inc.
maintainer=wolfSSL inc <support@wolfssl.com>
sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
category=Communication
url=https://www.wolfssl.com/
architectures=*

12
IDE/ARDUINO/sketches/README.md
View File

@@ -1,12 +0,0 @@
# wolfSSL Arduino Examples
There are currently two example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).

22
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,22 +0,0 @@
# Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```

961
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@@ -1,6 +1,6 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2016 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -19,876 +19,127 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <Ethernet.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
const char host[] = "192.168.1.148"; // server to connect to
int port = 11111; // port on server to connect to
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
int reconnect = 10;
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
EthernetClient client;
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WOLFSSL_CTX* ctx = 0;
WOLFSSL* ssl = 0;
WOLFSSL_METHOD* method = 0;
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
void setup() {
Serial.begin(9600);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
method = wolfTLSv1_2_client_method();
if (method == NULL) {
Serial.println("unable to get method");
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println("unable to get ctx");
return;
}
// initialize wolfSSL using callback functions
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
return;
}
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
int sent = 0;
sent = client.write((byte*)msg, sz);
return sent;
}
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char reply[80];
char msg[32] = "hello wolfssl!";
const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int total_input = 0;
int msgSz = 0;
int input = 0;
int ret = 0;
int err = 0;
msgSz = (int)strlen(msg);
Serial.println(F(""));
Serial.println(F("Starting Arduino loop() ..."));
int err = 0;
int input = 0;
int sent = 0;
int total_input = 0;
char msg[32] = "hello wolfssl!";
int msgSz = (int)strlen(msg);
char errBuf[80];
char reply[80];
WOLFSSL_CIPHER* cipher;
if (reconnect) {
reconnect--;
if (client.connect(host, port)) {
if (reconnect) {
reconnect--;
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */
ret = wolfSSL_Init();
error_check(ret, false, F("calling wolfSSL_Init") );
/* create secure connection object. see setup for ctx certs. */
Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
ssl = wolfSSL_new(ctx);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
do {
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ..."));
ret = wolfSSL_connect(ssl);
Serial.print("wolfSSL_connect return result =");
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.print("Connected to ");
Serial.println(host);
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("Unable to get SSL object. Error = ");
Serial.println(errBuf);
}
Serial.print("SSL version is ");
Serial.println(wolfSSL_get_version(ssl));
if ((wolfSSL_write(ssl, msg, strlen(msg))) == msgSz) {
cipher = wolfSSL_get_current_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(wolfSSL_CIPHER_get_name(cipher));
Serial.print("Server response: ");
while (client.available() || wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
total_input += input;
if ( input > 0 ) {
reply[input] = '\0';
Serial.print(reply);
} else if (input < 0) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("wolfSSL_read failed. Error: ");
Serial.println(errBuf);
} else {
Serial.println();
Serial.println(F("Connected!"));
Serial.print(F("SSL version is "));
Serial.println(wolfSSL_get_version(ssl));
}
}
} else {
Serial.println("SSL_write failed");
}
if (ssl != NULL)
wolfSSL_free(ssl);
cipherName = wolfSSL_get_cipher(ssl);
Serial.print(F("SSL cipher suite is "));
Serial.println(cipherName);
/* see test.h
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
}
delay(1000);
if ((reconnect > 0) && (REPEAT_CONNECTION)) {
Serial.println(F("Arduino loop repeating..."));
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
client.stop();
Serial.println("Connection complete.");
reconnect = 0;
} else {
Serial.println("Trying to reconnect...");
}
}
delay(1000);
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

134
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,134 +0,0 @@
# Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client
See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
connect with the `client` executable:
```
./examples/client/client -h 192.168.1.38 -p 11111 -v 3
```
## wolfSSL Error -308 wolfSSL_connect error state on socket
When using a wired Ethernet connection, and this error is encountered, simply
press the reset button or power cycle the Arduino before making a connection.
Here's one possible script to test the server from a command-line client:
```bash
#!/usr/bin/env bash
echo "client log " > client_log.txt
counter=1
THIS_ERR=0
while [ $THIS_ERR -eq 0 ]; do
./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
THIS_ERR=$?
if [ $? -ne 0 ]; then
echo "Failed!"
exit 1
fi
echo "Iteration $counter"
echo "Iteration $counter" >> client_log.txt
((counter++))
done
```
Output expected from the `client` command:
```
$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
Alternate cert chain used
issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
altname = example.com
altname = 127.0.0.1
serial number:01
SSL version is TLSv1.2
SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
SSL curve name is SECP256R1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
DMa5hrjJBMNRN9JP
-----END CERTIFICATE-----
Session timeout set to 500 seconds
Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
SSL-Session:
Protocol : TLSv1.2
Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
Session-ID-ctx:
Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
TLS session ticket: NONE
Start Time: 1705533296
Timeout : 500 (sec)
Extended master secret: no
I hear you fa shizzle!
```
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
```text
c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
collect2.exe: error: ld returned 1 exit status
exit status 1
Compilation error: exit status 1
```
Try cleaning the Arduino cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```
Remove all other boards from other serial ports, leaving one the one being programmed.

838
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@@ -1,838 +0,0 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* we expect our IP address from DHCP */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

3
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,3 +0,0 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.

24
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
View File

@@ -1,24 +0,0 @@
#include <Arduino.h>
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

347
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -2,342 +2,25 @@
# this script will reformat the wolfSSL source code to be compatible with
# an Arduino project
# run as bash ./wolfssl-arduino.sh [INSTALL] [path]
#
# ./wolfssl-arduino.sh
# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
# If successfully built, and the INSTALL option is used, tis directory
# is then moved to the target.
#
# ./wolfssl-arduino.sh INSTALL
# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
#
# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
#
# To ensure a pristine build, the directory must not exist.
#
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
ROOT_DIR="/wolfssl"
# run as bash ./wolfssl-arduino.sh
# The Arduino Version will initially have a suffix appended during fine tuning stage.
WOLFSSL_VERSION_ARUINO_SUFFIX=""
DIR=${PWD##*/}
# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
# Do not set to empty string, as copy will fail with this: CP_CMD=""
# CP_CMD="cp -v "
CP_CMD="cp "
# Specify the executable shell checker you want to use:
MY_SHELLCHECK="shellcheck"
# There are special circumstances to publish to GitHub repository.
# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
#
# Unlike a local Arduino library that requires a clean directory,
# we'll allow extra files, overwrites, etc.
#
# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
THIS_INSTALL_IS_GITHUB="false"
# Check if the executable is available in the PATH
if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
# Run your command here
shellcheck "$0" || exit 1
else
echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
fi
if ! [ "$CP_CMD" = "cp " ]; then
if [ "$CP_CMD" = "cp -v" ]; then
echo "Copy verbose mode"
else
echo "ERROR: Copy mode not supported: $CP_CMD"
exit 1
fi
fi
if [ "$ROOT_DIR" = "" ]; then
echo "ERROR: ROOT_DIR cannot be blank"
exit 1
fi
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
current_path="$(pwd)"
pattern="/mnt/?"
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
if [ $# -gt 0 ]; then
THIS_OPERATION="$1"
if [ "$THIS_OPERATION" = "INSTALL" ]; then
THIS_INSTALL_DIR=$2
if [ "$THIS_INSTALL_DIR" = "/" ]; then
echo "ERROR: THIS_INSTALL_DIR cannot be /"
exit 1
fi
echo "Install is active."
if [ "$THIS_INSTALL_DIR" = "" ]; then
if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
echo "A new directory needs to be created to ensure there are no stray files"
echo "Please delete or move the directory and try again."
exit 1
fi
else
echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub root repository."
THIS_INSTALL_IS_GITHUB="true"
else
echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
fi
fi
else
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
fi
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
# TOP indicates the file directory for top level of the wolfssl repository.
TOP_DIR="../.."
WOLFSSL_SRC_TOP="${TOP_DIR}/src"
WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
WOLFCRYPT_ROOT_TOP="${TOP_DIR}/wolfcrypt"
WOLFCRYPT_SRC_TOP="${WOLFCRYPT_ROOT_TOP}/src"
WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
fi
echo ""
THIS_DIR=${PWD##*/}
if [ "$THIS_DIR" = "ARDUINO" ]; then
# mkdir ./wolfssl
if [ -d ".${ROOT_DIR}" ]; then
echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
exit 1
else
echo "Step 01: mkdir .${ROOT_DIR}"
mkdir ."${ROOT_DIR}"
fi
# mkdir ./wolfssl/src
if [ ! -d ".${ROOT_SRC_DIR}" ]; then
echo "Step 02: mkdir .${ROOT_SRC_DIR}"
mkdir ."${ROOT_SRC_DIR}"
fi
# mkdir ./wolfssl/src/wolfssl
if [ ! -d ".${WOLFSSL_HEADERS}" ]; then
echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
mkdir ."${WOLFSSL_HEADERS}"
fi
# cp ../../wolfssl/*.h ./wolfssl/src/wolfssl
echo "Step 04: cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}"
$CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}"
if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
# mkdir ./wolfssl/src/wolfssl/wolfcrypt
echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}/port"
mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
fi
# cp ../../wolfssl/wolfcrypt/*.h ./wolfssl/src/wolfssl/wolfcrypt
echo "Step 06: cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}"
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h ."${WOLFCRYPT_HEADERS}" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h ."${WOLFCRYPT_HEADERS}/port/atmel" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif" || exit 1
# Add in source files to wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
# mkdir ./wolfssl/src/wolfcrypt
echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
mkdir ."${WOLFCRYPT_ROOT}"
fi
# mkdir ./wolfssl/src/wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"/port
mkdir ."${WOLFCRYPT_SRC}"/port/atmel
mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
fi
# cp ../../wolfcrypt/src/*.c ./wolfssl/src/wolfcrypt/src
echo "Step 09: cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}"
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c ."${WOLFCRYPT_SRC}" || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c ."${WOLFCRYPT_SRC}"/port/atmel || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
# Add in source files to top level src folders
if [ ! -d ".${WOLFSSL_SRC}" ]; then
# mkdir ./wolfssl/src/src
echo "Step 10: mkdir .${WOLFSSL_SRC}"
mkdir ."${WOLFSSL_SRC}"
fi
$CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}" || exit 1
# put bio and evp as includes
$CP_CMD ."${WOLFSSL_SRC}"/bio.c ."${WOLFSSL_HEADERS}" || exit 1
$CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}" || exit 1
# make a copy of evp.c and bio.c for ssl.c to include inline
$CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c || exit 1
$CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c || exit 1
# copy openssl compatibility headers to their appropriate location
if [ ! -d ".${OPENSSL_DIR}" ]; then
mkdir ."${OPENSSL_DIR}"
fi
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
echo "Copy examples...."
# Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
if [ "$DIR" = "ARDUINO" ]; then
cp ../../src/*.c ../../
cp ../../wolfcrypt/src/*.c ../../
echo "/* stub header file for Arduino compatibility */" >> ../../wolfssl.h
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
fi
# At this point, the library is complete, but we need some additional files.
#
# optional diagnostics:
# echo ".${ROOT_DIR}"
# echo "${TOP_DIR}"
# echo "cp ${TOP_DIR}/README.md .${ROOT_DIR}/"
#UPDATED: 19 Apr 2017 to remove bio.c and evp.c from the root directory since
# they are included inline and should not be compiled directly
# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
# file as PREPENDED_README.md, then copy that to the publish directory
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
sed -i.backup s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
# cat library.properties.tmp
# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
echo "Step 11: Final root file copy"
$CP_CMD PREPENDED_README.md ."${ROOT_DIR}"/README.md || exit 1
$CP_CMD library.properties.tmp ."${ROOT_DIR}"/library.properties || exit 1
$CP_CMD "${TOP_DIR}"/"LICENSING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"README" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"COPYING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"ChangeLog.md" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".gitignore" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "keywords.txt" ."${ROOT_DIR}"/ || exit 1
echo "Step 12: Workspace to publish:"
echo ""
head -n 3 PREPENDED_README.md
echo ""
ls ./wolfssl -al
echo ""
# Optionally install to a separate directory.
# Note we should have exited above if a problem was encountered,
# as we'll never want to install a bad library.
if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
# Show the user_settings.h revision string:
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Installing to local directory:"
if [ "$THIS_INSTALL_DIR" = "" ]; then
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
else
echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
mkdir -p "$THIS_INSTALL_DIR" || exit 1
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
fi
fi
fi
echo "Done!"
ARDUINO_DIR=${PWD}
cd ../../
rm bio.c
rm evp.c
cd $ARDUINO_DIR
# end script in the origin directory for any future functionality that may be added.
#End UPDATE: 19 Apr 2017

39
IDE/ARDUINO/wolfssl.h
View File

@@ -1,39 +0,0 @@
/* wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};

153
IDE/AURIX/Cpu0_Main.c
View File

@@ -1,153 +0,0 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Infineon includes */
#include "Ifx_Types.h"
#include "IfxCpu.h"
#include "IfxScuWdt.h"
#include "IfxAsclin_Asc.h"
#include "IfxCpu_Irq.h"
#include "IfxPort.h"
#include "SysSe/Bsp/Bsp.h"
/* For mapping stdio printf */
#include <stdio.h>
#include <string.h>
/* used to wait for CPU sync event */
IFX_ALIGN(4) IfxCpu_syncEvent g_cpuSyncEvent = 0;
#define SERIAL_BAUDRATE 115200 /* Baud rate in bit/s */
#define SERIAL_PIN_RX IfxAsclin0_RXA_P14_1_IN /* RX pin of the board */
#define SERIAL_PIN_TX IfxAsclin0_TX_P14_0_OUT /* TX pin of the board */
#define INTPRIO_ASCLIN0_TX 19 /* Priority of the ISR */
#define ASC_TX_BUFFER_SIZE 128 /* Definition of the buffer size */
/* Declaration of the ASC handle */
static IfxAsclin_Asc g_asc;
/* Declaration of the FIFOs parameters:
* The transfer buffers allocate memory for the data itself and for FIFO runtime
* variables. 8 more bytes have to be added to ensure a proper circular buffer
* handling independent from the address to which the buffers have been located.
*/
static uint8 g_ascTxBuffer[ASC_TX_BUFFER_SIZE + sizeof(Ifx_Fifo) + 8];
/******************************************************************************/
/*----Function Implementations------------------------------------------------*/
/******************************************************************************/
/* Re-target the C library printf function to the asc lin. */
int fputc(int ch, FILE *f)
{
Ifx_SizeT count;
/* convert to CRLF */
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
return ch;
}
/* Add the Interrupt Service Routine */
IFX_INTERRUPT(asclin0_Tx_ISR, 0, INTPRIO_ASCLIN0_TX);
void asclin0_Tx_ISR(void)
{
IfxAsclin_Asc_isrTransmit(&g_asc);
}
static void init_UART(void)
{
IfxAsclin_Asc_Config ascConfig;
IfxCpu_Irq_installInterruptHandler(asclin0_Tx_ISR, INTPRIO_ASCLIN0_TX);
/* Port pins configuration */
const IfxAsclin_Asc_Pins pins = {
NULL_PTR, IfxPort_InputMode_pullUp, /* CTS pin not used */
&SERIAL_PIN_RX, IfxPort_InputMode_pullUp, /* RX pin */
NULL_PTR, IfxPort_OutputMode_pushPull, /* RTS pin not used */
&SERIAL_PIN_TX, IfxPort_OutputMode_pushPull, /* TX pin */
IfxPort_PadDriver_cmosAutomotiveSpeed1
};
/* Initialize an instance of IfxAsclin_Asc_Config with default values */
IfxAsclin_Asc_initModuleConfig(&ascConfig, SERIAL_PIN_TX.module);
/* Set the desired baud rate */
ascConfig.baudrate.baudrate = SERIAL_BAUDRATE;
/* ISR priorities and interrupt target */
ascConfig.interrupt.txPriority = INTPRIO_ASCLIN0_TX;
ascConfig.interrupt.typeOfService = IfxCpu_Irq_getTos(IfxCpu_getCoreIndex());
/* FIFO configuration */
ascConfig.txBuffer = &g_ascTxBuffer;
ascConfig.txBufferSize = ASC_TX_BUFFER_SIZE;
ascConfig.pins = &pins;
/* Initialize module with above parameters */
IfxAsclin_Asc_initModule(&g_asc, &ascConfig);
/* Turn off buffers, so I/O occurs immediately */
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
}
int send_UART(const char* str)
{
Ifx_SizeT count = (Ifx_SizeT)strlen(str);
IfxAsclin_Asc_write(&g_asc, str, &count, TIME_INFINITE);
return (int)count;
}
void core0_main(void)
{
IfxCpu_enableInterrupts();
/* !!WATCHDOG0 AND SAFETY WATCHDOG ARE DISABLED HERE!!
* Enable the watchdogs and service them periodically if it is required
*/
IfxScuWdt_disableCpuWatchdog(IfxScuWdt_getCpuWatchdogPassword());
IfxScuWdt_disableSafetyWatchdog(IfxScuWdt_getSafetyWatchdogPassword());
/* Wait for CPU sync event */
IfxCpu_emitEvent(&g_cpuSyncEvent);
IfxCpu_waitEvent(&g_cpuSyncEvent, 1);
/* Initialize the UART to board VCOM */
init_UART();
/* bare metal loop */
while(1)
{
extern void run_wolf_tests(void);
run_wolf_tests();
/* wait 5 seconds */
waitTime(IfxStm_getTicksFromMilliseconds(BSP_DEFAULT_TIMER, 5 * 1000));
} /* while */
}

114
IDE/AURIX/README.md
View File

@@ -1,114 +0,0 @@
# Infineon AURIX Development Studio
An Eclipse based IDE for developing software for the Infineon TriCore AURIX TX3XX.
Tested Platform:
* Infineon AURIX™ Development Studio 1.7.2 (Build 20220617-0730)
* Infineon TriBoard TC399 v2.0
* wolfSSL v5.4.0 (with PR 5419)
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
3) Add `Libraries/wolfssl` to the include path. C/C++ General -> Paths and Symbols -> Includes -> GNU C
4) Add ignores for the following warnings. Unused static function (553) and switch missing break (536). C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Diagnostics
5) Copy `Cpu0_Main.c`, `user_settings.h` and `wolf_main.c` into the project folder.
6) Increase the stack by modifying `Lcf_Tasking_Tricore_Tc.lsl` to adjusting the USTACK0-4 (`LCF_USTACK#_SIZE`) from 2k to 12k.
6) Build and run/debug.
### Example output from wolfCrypt test and benchmark
Benchmark Configuration:
* TriCore (TC1.6.2P) 32-bit super-scalar running at 300MHz:
* Release build: `-O2`
* SP Math SMALL: sp_c32.c for RSA/ECC/DH
* AES GCM SMALL
```
Running wolfCrypt Tests...
------------------------------------------------------------------------------
wolfSSL version 5.4.0
------------------------------------------------------------------------------
error test passed!
MEMORY test passed!
base64 test passed!
asn test passed!
RANDOM test passed!
SHA test passed!
SHA-256 test passed!
Hash test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
HMAC-KDF test passed!
TLSv1.3 KDF test passed!
GMAC test passed!
Chacha test passed!
POLY1305 test passed!
ChaCha20-Poly1305 AEAD test passed!
AES test passed!
AES192 test passed!
AES256 test passed!
AES-GCM test passed!
RSA test passed!
ECC test passed!
ECC buffer test passed!
CMAC test passed!
logging test passed!
time test passed!
mutex test passed!
memcb test passed!
Test complete
Crypt Test: Return code 0
Running wolfCrypt Benchmarks...
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 725 KB took 1.023 seconds, 708.703 KB/s
AES-128-CBC-enc 2 MB took 1.002 seconds, 2.071 MB/s
AES-128-CBC-dec 2 MB took 1.005 seconds, 2.065 MB/s
AES-192-CBC-enc 2 MB took 1.002 seconds, 1.779 MB/s
AES-192-CBC-dec 2 MB took 1.013 seconds, 1.783 MB/s
AES-256-CBC-enc 2 MB took 1.003 seconds, 1.558 MB/s
AES-256-CBC-dec 2 MB took 1.009 seconds, 1.573 MB/s
AES-128-GCM-enc 225 KB took 1.013 seconds, 222.112 KB/s
AES-128-GCM-dec 225 KB took 1.014 seconds, 221.892 KB/s
AES-192-GCM-enc 225 KB took 1.046 seconds, 215.107 KB/s
AES-192-GCM-dec 225 KB took 1.046 seconds, 215.104 KB/s
AES-256-GCM-enc 225 KB took 1.070 seconds, 210.279 KB/s
AES-256-GCM-dec 225 KB took 1.069 seconds, 210.477 KB/s
GMAC Small 251 KB took 1.000 seconds, 251.000 KB/s
AES-128-ECB-enc 2 MB took 1.000 seconds, 2.000 MB/s
AES-128-ECB-dec 2 MB took 1.000 seconds, 2.049 MB/s
AES-192-ECB-enc 2 MB took 1.000 seconds, 1.727 MB/s
AES-192-ECB-dec 2 MB took 1.000 seconds, 1.772 MB/s
AES-256-ECB-enc 2 MB took 1.000 seconds, 1.518 MB/s
AES-256-ECB-dec 2 MB took 1.000 seconds, 1.563 MB/s
CHACHA 3 MB took 1.007 seconds, 3.322 MB/s
CHA-POLY 2 MB took 1.011 seconds, 2.028 MB/s
POLY1305 6 MB took 1.003 seconds, 6.012 MB/s
SHA 3 MB took 1.004 seconds, 3.380 MB/s
SHA-256 2 MB took 1.003 seconds, 1.558 MB/s
AES-128-CMAC 2 MB took 1.010 seconds, 2.055 MB/s
AES-256-CMAC 2 MB took 1.010 seconds, 1.547 MB/s
HMAC-SHA 3 MB took 1.004 seconds, 3.356 MB/s
HMAC-SHA256 2 MB took 1.010 seconds, 1.547 MB/s
RSA 2048 public 50 ops took 1.020 sec, avg 20.400 ms, 49.019 ops/sec
RSA 2048 private 2 ops took 2.377 sec, avg 1188.492 ms, 0.841 ops/sec
ECC [ SECP256R1] 256 key gen 16 ops took 1.061 sec, avg 66.313 ms, 15.080 ops/sec
ECDHE [ SECP256R1] 256 agree 16 ops took 1.059 sec, avg 66.187 ms, 15.109 ops/sec
ECDSA [ SECP256R1] 256 sign 14 ops took 1.058 sec, avg 75.570 ms, 13.233 ops/sec
ECDSA [ SECP256R1] 256 verify 8 ops took 1.080 sec, avg 135.002 ms, 7.407 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```
## Running wolfCrypt on the HSM (Cortex M3)
Coming soon
## Support
For questions please email facts@wolfssl.com

8
IDE/AURIX/include.am
View File

@@ -1,8 +0,0 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/AURIX/Cpu0_Main.c
EXTRA_DIST+= IDE/AURIX/README.md
EXTRA_DIST+= IDE/AURIX/user_settings.h
EXTRA_DIST+= IDE/AURIX/wolf_main.c

460
IDE/AURIX/user_settings.h
View File

@@ -1,460 +0,0 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Template for the Infineon AURIX Development Studio and TC3XX
* Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features.
* This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined.
*/
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
/* Alignment and sizeof 64-bit */
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define SIZEOF_LONG_LONG 8
/* disable threading - mutex locking */
#define SINGLE_THREADED
/* ignore file include warnings */
#define WOLFSSL_IGNORE_FILE_WARN
/* disable the built-in socket support and use the IO callbacks.
* Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
*/
#define WOLFSSL_USER_IO
/* Disable file system */
#define NO_FILESYSTEM
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME
#define WOLFSSL_GMTIME
#define USER_TICKS
extern unsigned long my_time(unsigned long* timer);
#define XTIME my_time
/* Use built-in P-RNG (SHA256 based) with HW RNG */
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
/* Custom Seed Source */
#define CUSTOM_RAND_TYPE unsigned int
extern unsigned int my_rng_seed_gen(void);
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE my_rng_seed_gen
/* Standard Lib - C89 */
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef USE_FAST_MATH
#undef WOLFSSL_SP
#if 1
/* Wolf Single Precision Math */
#define WOLFSSL_HAVE_SP_RSA
//#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
//#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
#define WOLFSSL_SP_NO_MALLOC
//#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
/* use smaller version of code */
#define WOLFSSL_SP_SMALL
/* SP Assembly Speedups - specific to chip type */
//#define WOLFSSL_SP_ASM
//#define WOLFSSL_SP_ARM32_ASM
//#define WOLFSSL_SP_ARM64_ASM
//#define WOLFSSL_SP_ARM_THUMB_ASM
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif
#ifndef WOLFSSL_SP_MATH
#if 0
/* fast math (tfmc.) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#else
/* normal heap based integer.c (not timing resistant) */
#define USE_INTEGER_HEAP_MATH
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#define FP_MAX_BITS 4096
#endif
/* half as much memory but twice as slow */
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#define WC_RSA_BLINDING
/* RSA PSS Support */
#define WC_RSA_PSS
#else
#define NO_RSA
#endif
/* DH */
#undef NO_DH
#if 0
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
//#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#else
#define NO_DH
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#define FP_ENTRIES 2
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#define ECC_TIMING_RESISTANT
/* Compressed ECC Key Support */
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#if defined(NO_RSA) && defined(NO_DH)
/* Custom fastmath size if not using RSA/DH */
#define FP_MAX_BITS (256 * 2)
#else
/* use heap allocation for ECC points */
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* AES */
#undef NO_AES
#if 1
#define HAVE_AES_CBC
/* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
#define HAVE_AESGCM
#define GCM_SMALL
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 0
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 1
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVED25519_SMALL
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* on by default */
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 0
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 0
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 0
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 0
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 0
/* on by default */
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
/* Note: requires WOLFSSL_AES_DIRECT */
#endif
/* HMAC - on by default */
#undef NO_HMAC
#if 1
/* on by default */
#else
#define NO_HMAC
#endif
/* ------------------------------------------------------------------------- */
/* ASN */
/* ------------------------------------------------------------------------- */
#if 0
/* Use the newer ASN template code */
#define WOLFSSL_ASN_TEMPLATE
//#define WOLFSSL_CUSTOM_OID
//#define HAVE_OID_ENCODING
//#define HAVE_OID_DECODING
#else
/* Use the original custom ASN code */
#endif
/* Optionally disable time checking for ASN */
//#define NO_ASN_TIME
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#define BENCH_EMBEDDED
/* Use test buffers from array (not filesystem) */
#ifndef NO_FILESYSTEM
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
#endif
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#define WOLFSSL_LOG_PRINTF
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
#if 0
/* Static memory requires fast math or SP math with no malloc */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#define WOLFSSL_TLS13
#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_BASE64_ENCODE
//#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
//#define KEEP_PEER_CERT
//#define HAVE_COMP_KEY
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
//#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT
//#define NO_CRYPT_TEST
//#define NO_CRYPT_BENCHMARK
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
//#define NO_INLINE
#define NO_WRITEV
#define NO_MAIN_DRIVER
//#define NO_DEV_RANDOM
#define NO_OLD_TLS
#define NO_PSK
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_PWDBASED
//#define NO_CODING
//#define NO_CERTS
//#define NO_SIG_WRAPPER
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

Some files were not shown because too many files have changed in this diff Show More