Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:v5.2.1
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
..
compare: Cyclic0007:v5.7.6-stable
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

194 Commits
v5.2.1 ... v5.7.6-sta

Author SHA1 Message Date
Daniel Pouzzner
239b85c804 Merge pull request #8323 from JacobBarthelmeh/release 
prepare for release 5.7.6
 2024-12-31 11:58:22 -06:00
JacobBarthelmeh
70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
Daniel Pouzzner
d40698a103 Merge pull request #8322 from JacobBarthelmeh/coverity 
fix for dead code warning CID444417
 2024-12-30 17:56:28 -06:00
JacobBarthelmeh
c9bcbd8c52 fix for dead code warning CID444417 2024-12-30 16:14:28 -07:00
David Garske
8d7c60017c Merge pull request #8263 from JacobBarthelmeh/rsa_pss 
account for rsa_pss_rsae vs rsa_pss_pss type
 2024-12-28 13:47:30 -08:00
JacobBarthelmeh
af4b5c2097 only run RSA-PSS interop test if cipher suites with ephemeral keys are available 2024-12-28 11:34:17 -08:00
JacobBarthelmeh
1ae0f7c66f do not do resume with new test case 
add wolfssl_no_resume flag to openssl.test

check for version of openssl testing against

check if RSA is supported for test case

guard on test case for TLS versions supported
 2024-12-28 02:09:49 -08:00
David Garske
2e8f0176c9 Merge pull request #8316 from JacobBarthelmeh/x509ref 
Up X509 refrence count and add test case
 2024-12-27 10:37:28 -08:00
JacobBarthelmeh
3ee08d81db fix for check on number of objects when free'ing and add test case 2024-12-27 08:09:03 -08:00
David Garske
5c6fdb52f1 Merge pull request #8319 from philljj/fix_coverity 
coverity: correct lock message, check fd value.
 2024-12-26 12:53:36 -08:00
JacobBarthelmeh
f57f044b39 Merge pull request #8318 from dgarske/CID444418 
Fix for finishedSz checking with TLSv1.3 and `WOLFSSL_HAVE_TLS_UNIQUE` (CID444418)
 2024-12-24 15:41:25 -07:00
jordan
c71392bb7e coverity: correct lock message, check fd value. 2024-12-24 16:31:16 -06:00
David Garske
e1baf27831 CID444418. Fix for finishSz checking with TLSv1.3 and WOLFSSL_HAVE_TLS_UNIQUE. 2024-12-24 13:38:57 -08:00
JacobBarthelmeh
17c17cde13 Merge pull request #8317 from night1rider/CID_444416 
Free Val and Oid before returning error
 2024-12-24 10:38:26 -07:00
JacobBarthelmeh
838fe22e61 Merge pull request #8314 from SparkiDev/aarch64_no_crypto_fallback 
Aarch64 ASM: check CPU features before hw crypto instr use
 2024-12-24 10:15:23 -07:00
JacobBarthelmeh
98d212d60b Merge pull request #8315 from SparkiDev/regression_fixes_16 
Regression testing fixes
 2024-12-24 09:56:20 -07:00
msi-debian
545257e498 CID 444416 2024-12-24 09:35:40 -07:00
JacobBarthelmeh
3aa2881cd4 account for rsa_pss_rsae vs rsa_pss_pss type 2024-12-23 23:45:33 -07:00
Sean Parkinson
cad2ebde04 Regression testing fixes 
test.c: Dilithium private key not available in cert_test.h unless
signing is enabled.
./configure --disable-shared --enable-dilithium=make,44,65,87
./configure --disable-shared --enable-dilithium=make,sign,44,65,87
./configure --disable-shared --enable-dilithium=make,verify,44,65,87
test.c: Dilithium doesn't have decode/encode when
WOLFSSL_DILITHIUM_NO_ASN1 is defined.
./configure --disable-shared --enable-dilithium=yes
CFLAGS=-DWOLFSSL_DILITHIUM_NO_ASN1
 2024-12-24 13:55:21 +10:00
Sean Parkinson
e1851cd482 Aarch64 ASM: check CPU features before hw crypto instr use 
For SHA-256, SHA-512 and SHA3, get the CPU features to see if hardware
crypto is available. If not then fallback to an alternate
implementation.
 2024-12-24 12:08:12 +10:00
Sean Parkinson
93812e4286 Merge pull request #8289 from JacobBarthelmeh/harden 
add option for additional sanity checks
 2024-12-24 09:17:08 +10:00
JacobBarthelmeh
ee9b88541f change default to no for --enable-faultharden 2024-12-23 13:51:30 -07:00
Daniel Pouzzner
a13d0fdd86 Merge pull request #8311 from SparkiDev/aarch64_cpuid_fix 
Aarch64 CPU id: fix for privilege instruction detection
 2024-12-23 11:52:14 -06:00
JacobBarthelmeh
2409971b14 Merge pull request #8224 from julek-wolfssl/dtls-server-demux 
DTLS: Add server side stateless and CID QoL API
 2024-12-23 10:01:01 -07:00
JacobBarthelmeh
36d5342f6b Merge pull request #8310 from douzzer/20241221-wolfCrypt-more-AES_BLOCK_SIZE 
20241221-wolfCrypt-more-AES_BLOCK_SIZE
 2024-12-23 09:26:05 -07:00
Sean Parkinson
e7d7e47e07 Aarch64 CPU id: fix for privilege instruction detection 
AES/PMULL is in four bits 4-7.
When value is 0b0010, this indicates both AES and PMULL. Fix code to set
both.
 2024-12-23 11:23:14 +10:00
David Garske
2bcad989da Merge pull request #8309 from douzzer/20241221-fix-CEscape-bounds-check 
20241221-fix-CEscape-bounds-check
 2024-12-21 14:51:46 -08:00
Daniel Pouzzner
50a0773c09 Merge pull request #8285 from LinuxJedi/gaisler 
Add initial support for Gaisler-BCC with Sparc
 2024-12-21 11:03:39 -06:00
Daniel Pouzzner
ed18bf3deb In wolfcrypt/src/port/ and IDE/, replace remaining uses of AES_BLOCK_SIZE with WC_AES_BLOCKSIZE for compatibility with OPENSSL_COEXIST. 
Automated replacement with
```
git ls-files -z wolfcrypt/src/port/ IDE/ | xargs -0 pcre2grep -l '[^_]AES_BLOCK_SIZE' | xargs sed --regexp-extended --in-place 's/([^_])AES_BLOCK_SIZE/\1WC_AES_BLOCK_SIZE/g'
```

Checked for mis-transformations with
```
git ls-files -z | xargs -0 pcre2grep '[^-[()+*/[:space:]]WC_AES_BLOCK_SIZE' | less
```

Checked for residual hits with
```
git ls-files -z | xargs -0 pcre2grep '[^_]AES_BLOCK_SIZE' | less
```

Deliberately excluded:
* ChangeLog.md -- do not alter history.
* doc/ -- do not confuse documentation with newly prefixed macro, because AES_BLOCK_SIZE is available unless -DOPENSSL_COEXIST.
* tests/api.c -- the unit tests deliberately use compatibility names, and are not compatible with -DOPENSSL_COEXIST.
* wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs -- false positive hits on C# names.
* wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs -- false positive hits on C# names.
* reference in wolfssl/wolfcrypt/aes.h that defines AES_BLOCK_SIZE when -UOPENSSL_COEXIST.
* reference in wolfssl/wolfcrypt/settings.h that defines WC_AES_BLOCK_SIZE for old FIPS when -UWC_AES_BLOCK_SIZE.
 2024-12-21 10:28:18 -06:00
Daniel Pouzzner
4ff73b9024 wolfssl/wolfcrypt/aes.h: fix stray reference to AES_BLOCK_SIZE in def for GHASH_ONE_BLOCK(). 2024-12-21 10:08:17 -06:00
Daniel Pouzzner
33a47c1c04 Merge pull request #8265 from JacobBarthelmeh/armasm 
armasm with opensslcoexist build
 2024-12-21 10:06:27 -06:00
Daniel Pouzzner
b07f2cb461 wolfcrypt/src/coding.c: fix incorrect array bounds check in CEscape(), introduced in 8bbe8a7c8a (before which there was no bounds check at all). 2024-12-21 09:47:07 -06:00
Andrew Hutchings
231cea34ef Add initial support for Gaisler-BCC with Sparc 
Slight modifications and documentation to get wolfSSL working with
Gaisler Sparc CPUs and their cross-compilers.
 2024-12-21 09:19:58 +00:00
Daniel Pouzzner
ad20593569 Merge pull request #8279 from LinuxJedi/sk_push_comments 
Fix code comments for some x509.c functions
 2024-12-21 00:09:18 -06:00
Daniel Pouzzner
67800c3a22 Merge pull request #8292 from JacobBarthelmeh/xsocktlen 
set dk-s7g2 socklent
 2024-12-21 00:01:33 -06:00
Daniel Pouzzner
5ef4732745 Merge pull request #8299 from JacobBarthelmeh/cert_regen 
end of year test certificate renewal
 2024-12-20 17:41:33 -06:00
Daniel Pouzzner
9d3e477b63 src/ssl.c: gate wolfSSL_dtls_set_pending_peer() on !defined(WOLFSSL_NO_SOCK), not just defined(WOLFSSL_DTLS_CID). 
tests/api.c: in test_dtls12_basic_connection_id(), omit chacha20 suites if defined(HAVE_FIPS), and fix gate on DHE-PSK-NULL-SHA256.
 2024-12-20 17:24:13 -06:00
Daniel Pouzzner
afc7e0eb8c Merge pull request #8308 from cconlon/sessTickLenCheck 
Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check
 2024-12-20 16:41:09 -06:00
JacobBarthelmeh
961453b5ee fix for free'ing up memory after use 2024-12-20 14:58:57 -07:00
JacobBarthelmeh
b273bff4e9 regenerate certs_test.h with raw dilithium keys 2024-12-20 11:50:11 -07:00
JacobBarthelmeh
67f3343a5d Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix 
ML-KEM/Kyber: fix kyber_prf() for when no AVX2
 2024-12-20 11:40:46 -07:00
JacobBarthelmeh
7cebe95138 Merge pull request #8304 from SparkiDev/regression_fixes_15 
Regression testing: fixes
 2024-12-20 11:29:15 -07:00
JacobBarthelmeh
3dd9f4631d Merge pull request #8305 from kareem-wolfssl/zd19044 
Fix a couple of missing bounds checks found via code analyzer.
 2024-12-20 11:20:19 -07:00
JacobBarthelmeh
19e68ea71a add a faketime test and update cert buffers 2024-12-20 10:35:58 -07:00
Chris Conlon
f68f99b000 Remove dead code in TLSX_PopulateExtensions() around MAX_PSK_ID_LEN check 2024-12-20 09:48:01 -07:00
Sean Parkinson
e507c466d5 ML-KEM/Kyber: fix kyber_prf() for when no AVX2 
When no AVX2 available, kyber_prf() is called to produce more than one
SHAKE-256 blocks worth of ouput. Otherwise only one block is needed.
Changed function to support an outlen of greater than one block.
 2024-12-20 11:03:58 +10:00
Kareem
8bbe8a7c8a Fix a couple of missing bounds checks found via code analyzer. 2024-12-19 17:01:25 -07:00
Sean Parkinson
b7c1e1cf35 Regression testing: fixes 
src/x509.c: wolfssl_x509_name_entry_set() ne->object is freed if call to
wolfSSL_OBJ_nid2obj_ex() fails. Always assign directly back to
ne->object.

wolfcrypt/test/test.c: aes_ctr_test() doesn't need AES decrypt
./configure '--disable-shared' '--enable-cryptonly'
'CFLAGS=-DNO_AES_DECRYPT' '--disable-aescbc' '--disable-aesofb'
'--disable-aescfb' '--disable-aesgcm' '--disable-aesccm'
'--enable-aesctr' '--disable-aesxts' '--disable-aeseax'

tests/api.c: test_X509_STORE_InvalidCa() only defined when !NO_RSA
./configure '--disable-shared' '--enable-opensslall' '--disable-rsa'

tests/api.c: test_wolfSSL_GENERAL_NAME_print() free ridObj if not
assigned into gn.
 2024-12-20 09:25:03 +10:00
Sean Parkinson
00f83facb2 Merge pull request #8302 from cconlon/sessTickLenCheck 
Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side
 2024-12-20 08:44:10 +10:00
JacobBarthelmeh
8ca790218c certs_test.h is using raw dilithium keys 2024-12-19 15:23:37 -07:00
Daniel Pouzzner
ad8f74b650 examples/client/client.c and examples/client/client.c: use XSTRLCPY() to assure proper null termination. 2024-12-19 16:14:59 -06:00
JacobBarthelmeh
8fa238e554 Merge pull request #8301 from douzzer/20241219-gating-fixes 
20241219-gating-fixes
 2024-12-19 14:38:55 -07:00
JacobBarthelmeh
5b6ffe0795 add *.revoked to codespell skip 2024-12-19 14:35:43 -07:00
JacobBarthelmeh
abc87f9c6f add regression test for gencertbuf.pl 2024-12-19 14:32:46 -07:00
Chris Conlon
1101841b95 Loosen MAX_PSK_ID_LEN check in TLSX_PopulateExtensions() to only server side 2024-12-19 14:26:22 -07:00
JacobBarthelmeh
e66905aaf6 fix for gencertbuf script and add dilithium public key 2024-12-19 14:25:12 -07:00
Daniel Pouzzner
994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL. 
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
 2024-12-19 14:29:39 -06:00
Juliusz Sosinowicz
ca4b1667ee strcpy -> strncpy 2024-12-19 11:19:47 +01:00
Juliusz Sosinowicz
feff68d4fd Increase buffer to make room for \0 2024-12-19 11:01:27 +01:00
Daniel Pouzzner
836ee1cbd5 Merge pull request #8298 from lealem47/zd18920 
Printing the rfc822Mailbox x509 attribute
 2024-12-18 22:19:32 -06:00
Daniel Pouzzner
ed76d8ea10 Merge pull request #8297 from miyazakh/ra_jankins 
Fix RA6M4 jankins failure
 2024-12-18 22:18:43 -06:00
Daniel Pouzzner
be2e779280 Merge pull request #8205 from philljj/fedora_crypto_policy 
fedora crypto-policies: initial support.
 2024-12-18 20:54:36 -06:00
JacobBarthelmeh
a5f9ec67c9 Merge pull request #8251 from gojimmypi/pr-post-release-bdd62314-espressif 
Espressif Managed Component wolfSSL 5.7.4 post-release update
 2024-12-18 16:45:33 -07:00
JacobBarthelmeh
df3897d39f adjust tests after cert renewal 2024-12-18 16:19:51 -07:00
JacobBarthelmeh
e998dda1db update test certs to have v3 2024-12-18 16:12:08 -07:00
JacobBarthelmeh
4ed14af331 if no extensions are present a v1 certificate was generated, add a SKID extension to avoid that 2024-12-18 16:11:18 -07:00
jordan
b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
JacobBarthelmeh
bf6ef15be4 update test certificates in header file 2024-12-18 14:27:26 -07:00
JacobBarthelmeh
28184dd8cc update certificates in certs directory 2024-12-18 14:26:15 -07:00
David Garske
afff48f0d6 Merge pull request #8253 from douzzer/20241204-more-C89-expansion 
20241204-more-C89-expansion
 2024-12-18 10:44:18 -08:00
Daniel Pouzzner
122502e2b1 wolfCrypt -Wconversion expansion: fix numerous warnings, all benign, from -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion. 2024-12-18 11:51:06 -06:00
Juliusz Sosinowicz
9cb75ef5f8 fixup! DTLS: Add server side stateless and CID QoL API 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
fe9a5fcd42 fixup! Code review and jenkins fixes 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
faa7b8dfaa wolfSSLReceive: Error return on interrupted connection 
Interrupted connection should return control to the user since they may want to handle the signal that caused the interrupt. Otherwise, we might never give back control to the user (the timeout would error out but that causes a big delay).

socat.yml: in test 475, the test would send a SIGTERM after 3 seconds. We would continue to ignore this signal and continue to call `recvfrom`. Instead we should error out and give control back to the user.
 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
a1ee953411 Protect peer access when WOLFSSL_RW_THREADED 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
4795e0d920 Refactor dtls pending peer processing 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
3ded2bc05d Code review and jenkins fixes 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
71337d2959 Client TLS: Set traffic decrypt keys when parsing Finished 2024-12-18 09:31:25 +01:00
Juliusz Sosinowicz
daa57c492d DTLS: Add server side stateless and CID QoL API 
- wolfDTLS_accept_stateless - statelessly listen for incoming connections
- wolfSSL_inject - insert data into WOLFSSL object
- wolfSSL_SSL(Enable|Disable)Read - enable/disable reading from IO
- wolfSSL_get_wfd - get the write side file descriptor
- wolfSSL_dtls_set_pending_peer - set the pending peer that will be upgraded to regular peer when we successfully de-protect a DTLS record
- wolfSSL_dtls_get0_peer - zero copy access to the peer address
- wolfSSL_is_stateful - boolean to check if we have entered stateful processing
- wolfSSL_dtls_cid_get0_rx - zero copy access to the rx cid
- wolfSSL_dtls_cid_get0_tx - zero copy access to the tx cid
- wolfSSL_dtls_cid_parse - extract cid from a datagram/message
 2024-12-18 09:31:24 +01:00
Sean Parkinson
ba050d6a3f Merge pull request #8296 from douzzer/20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes 
20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes
 2024-12-18 15:27:08 +10:00
Lealem Amedie
651dab3dbf Printing the rfc822Mailbox x509 attribute 2024-12-17 15:39:23 -07:00
Hideki Miyazaki
39c11c269f Fix RA6M jankins failure 2024-12-18 07:37:21 +09:00
Daniel Pouzzner
60afdb557d Merge pull request #8273 from dgarske/no_tls 
Enable support for no TLS while allowing certificate manager
 2024-12-17 16:24:57 -06:00
JacobBarthelmeh
613c1aa16d fix for no malloc build 2024-12-17 14:47:45 -07:00
David Garske
356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
Daniel Pouzzner
f23a2f2f48 wolfcrypt/src/aes.c: add missing WOLFSSL_ARMASM gate clause around wolfCrypt_FIPS_aes_ro_sanity, necessitated by 514a92d6ee/#8293. 2024-12-17 14:17:52 -06:00
JacobBarthelmeh
87ae31b48f some additional sanity checks with harden build 2024-12-17 12:47:42 -07:00
Daniel Pouzzner
7b57ef4912 configure.ac: fix faulty logic in FIPS v6 feature calculation re ENABLED_ARMASM_CRYPTO, originally added in 6e0a90190f. 2024-12-17 12:21:47 -06:00
David Garske
6151160e58 Further fixes with NO_TLS to support use with compatibility layer. 2024-12-17 09:24:38 -08:00
Kaleb Himes
fcbea85ded Merge pull request #8291 from douzzer/20241213-fips-check-refactor-assoc-arrays 
20241213-fips-check-refactor-assoc-arrays
 2024-12-17 10:23:51 -07:00
David Garske
a2b5da8651 Fix nested NO_TLS. 2024-12-17 08:33:33 -08:00
David Garske
16b2884cf1 Fix issues in test_tls13_apis with no filesystem or no RSA/ECC. 2024-12-17 08:33:33 -08:00
David Garske
14e3372826 Enable support for using certificate manager only. Fixes for building without TLS enabled (NO_TLS). ZD 19054. Tested using ./configure --disable-tlsv12 --disable-tls13 CFLAGS="-DNO_TLS" && make check 2024-12-17 08:33:32 -08:00
Daniel Pouzzner
22e95081cd Merge pull request #8181 from gojimmypi/dev-compiler-message 
Initialize vars & change types to appease Windows/VS
 2024-12-16 23:19:05 -06:00
Daniel Pouzzner
058138eb00 Merge pull request #8286 from julek-wolfssl/hostap-action-update 
Use source hostap repo
 2024-12-16 23:07:05 -06:00
Daniel Pouzzner
5aeabbfa3c Merge pull request #8245 from julek-wolfssl/mbed-interop 
Add CID interop with mbedtls
 2024-12-16 23:04:19 -06:00
Daniel Pouzzner
9d7c02589f Merge pull request #8276 from SparkiDev/ed448_muladd_full_reduce 
EdDSA Ed448: sc_muladd now does full reduction
 2024-12-16 20:29:49 -06:00
Daniel Pouzzner
a1035cf8df Merge pull request #8294 from LinuxJedi/test_compile_issue 
Fix compile issue with NO_WOLFSSL_DIR
 2024-12-16 19:26:24 -06:00
Daniel Pouzzner
b5935f38d7 Merge pull request #8282 from SparkiDev/iphone_no_sha3_instrs 
MacOS: allow SHA-3 instructions to be explicitly not used
 2024-12-16 16:55:09 -06:00
Daniel Pouzzner
fd22bfc0b7 Merge pull request #8293 from SparkiDev/aarch64_no_crypto 
Aarch64: make code compile when no hardware crypto avail
 2024-12-16 14:57:53 -06:00
philljj
c5c607bc87 Merge pull request #8295 from douzzer/20241216-linuxkm-export-ns-quotes 
20241216-linuxkm-export-ns-quotes
 2024-12-16 12:37:21 -06:00
Daniel Pouzzner
6fbc18f0dc linuxkm/Kbuild and linuxkm/module_exports.c.template: on kernel >=6.13, add quotes around the namespace arg to EXPORT_SYMBOL_NS_GPL() (upstream change actually made in 6.13-rc2). 2024-12-16 11:43:26 -06:00
Andrew Hutchings
61cb5b479f Fix compile issue with NO_WOLFSSL_DIR 
`test_wolfSSL_CTX_load_system_CA_certs()` would try to use DIR functions
when `NO_WOLFSSL_DIR` was used.
 2024-12-16 17:23:49 +00:00
Sean Parkinson
514a92d6ee Aarch64: make code compile when no hardware crypto avail 
Detects availability of instructions for Aarch64.
 2024-12-16 17:46:08 +10:00
Sean Parkinson
e3876fcab7 Merge pull request #8287 from JacobBarthelmeh/sigfault 
fix for sig fault harden build
 2024-12-16 09:04:29 +10:00
Daniel Pouzzner
7c5451c742 fips-check.sh fixes + enhancements: 
* change default WOLFSSL_REPO to the canonical upstream.
* refactor tag calculation without bash associative arrays, for backward compat.
* add support for fetching FIPS tags/branches into a persistent fips repo if one is found at ../fips.
* use --shared in git clones where applicable.
* always check out the master FIPS branch, for its tooling, and always make sure it's up to date with $FIPS_REPO.
* after each fetch for a previously unknown tag, explicitly associate the tag with the FETCH_HEAD.
 2024-12-13 21:36:40 -06:00
Daniel Pouzzner
4bdccac584 Merge pull request #8290 from wolfSSL/revert-8277-aarch64_no_crypto 
Revert "Aarch64: make code compile when no hardware crypto avail"
 2024-12-13 20:43:01 -06:00
JacobBarthelmeh
ad03518aa8 armasm with opensslcoexist build 2024-12-13 17:11:32 -07:00
JacobBarthelmeh
6442689d22 set dk-s7g2 socklent 2024-12-13 17:01:58 -07:00
David Garske
71325a2a32 Revert "Aarch64: make code compile when no hardware crypto avail" 2024-12-13 13:52:53 -08:00
JacobBarthelmeh
f0f50f1837 add option for additional sanity checks 2024-12-13 14:42:51 -07:00
JacobBarthelmeh
d7e40e7413 Merge pull request #8264 from dgarske/various_20241206 
Various cleanups and fixes
 2024-12-13 13:48:10 -07:00
JacobBarthelmeh
68e85ef33a Merge pull request #8252 from anhu/use_srtp_retcode 
wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 up…
 2024-12-13 13:35:49 -07:00
JacobBarthelmeh
e76e0e33fd Merge pull request #8283 from rlm2002/enableAlwaysKeepSNI 
WOLFSSL_ALWAYS_KEEP_SNI enabled by default with --enable-jni
 2024-12-13 13:32:47 -07:00
JacobBarthelmeh
a22176af40 fix for sig fault harden build 2024-12-13 10:34:23 -07:00
Juliusz Sosinowicz
3407f21e69 Use source hostap repo 2024-12-13 17:12:23 +01:00
David Garske
79d9b2d6c3 Merge pull request #8277 from SparkiDev/aarch64_no_crypto 
Aarch64: make code compile when no hardware crypto avail
 2024-12-12 15:49:57 -08:00
Sean Parkinson
24bb2b7fab Aarch64: make code compile when no hardware crypto avail 
Detects availability of instructions for Aarch64.
 2024-12-13 09:16:11 +10:00
Ruby Martin
b34a39a6bc WOLFSSL_ALWAYS_KEEP_SNI enabled by default with --enable-jni 2024-12-12 15:49:47 -07:00
Sean Parkinson
2aacc7cd87 MacOS: allow SHA-3 instructions to be explicitly not used 
Some iPads and iPhones don't support SHA-3 instructions.
Allow SHA-3 instructions to explicitly not be used for these devices.
 2024-12-13 08:25:39 +10:00
Sean Parkinson
65fc8f8d77 Merge pull request #8280 from kareem-wolfssl/zd19046 
Add support for the RFC822 Mailbox attribute.
 2024-12-13 08:07:46 +10:00
Kareem
d4af181593 Add support for the RFC822 Mailbox attribute. 2024-12-12 12:37:32 -07:00
Andrew Hutchings
8ecbd3479e Fix code comments for some x509.c functions 
The return of `wolfSSL_sk_push` was changed, but some of the functions
that use it did not have their return comments updated appropriately.
 2024-12-12 16:21:16 +00:00
Daniel Pouzzner
dd3012682a Merge pull request #8278 from JacobBarthelmeh/settings 
adjustments on sanity check of build
 2024-12-11 17:04:58 -06:00
Daniel Pouzzner
1f1e985d73 Merge pull request #8268 from bandi13/fixMemleak 
Fix memory leak
 2024-12-11 16:35:38 -06:00
Sean Parkinson
c9c28335ae EdDSA Ed448: sc_muladd now does full reduction 
sc_muladd was reducing to word boundary and not to order.
Now reduces to order as last step.
 2024-12-12 08:33:35 +10:00
Daniel Pouzzner
d825b08e16 Merge pull request #8275 from SparkiDev/aarch64_poly1305_fix 
Aarch64 Poly1305: fix corner case
 2024-12-11 16:24:36 -06:00
Daniel Pouzzner
88241f1a2c Merge pull request #8267 from ColtonWilley/pkcs11_cert_support 
PKCS11 cert support
 2024-12-11 16:04:58 -06:00
Daniel Pouzzner
ee4366acc5 Merge pull request #8162 from redbaron/find-threads 
CMAKE: look for pthreads when importing wolfSSL if required
 2024-12-11 14:36:04 -06:00
Colton Willey
2039d6371f Remove redundant NULL check 2024-12-11 12:25:35 -08:00
Daniel Pouzzner
2ea2e6bf59 Merge pull request #8233 from ColtonWilley/x509_store_add_cert_ref_count 
Use proper ref count handling when adding to x509 store
 2024-12-11 11:54:29 -06:00
JacobBarthelmeh
2749884fdc defining custom config avoids warning of library builds pulling in options.h 2024-12-11 09:50:52 -07:00
JacobBarthelmeh
45992164d6 make new sanity check be a warning 2024-12-11 09:46:39 -07:00
Sean Parkinson
c0f3b433b2 Aarch64 Poly1305: fix corner case 
Don't mask top 26 bits as it may have next bit set as reduction step was
only approximate.
 2024-12-11 12:49:21 +10:00
Anthony Hu
762c36687f Add a test. 2024-12-10 21:21:41 -05:00
Sean Parkinson
7ef328548d Merge pull request #8274 from douzzer/20241210-update-wolfssl_known_macro_extras 
20241210-update-wolfssl_known_macro_extras
 2024-12-11 10:45:11 +10:00
JacobBarthelmeh
59ea24f915 Merge pull request #8225 from gojimmypi/pr-espressif-improve-sha-msg 
Improve Espressif SHA HW/SW mutex messages
 2024-12-10 17:30:03 -07:00
Daniel Pouzzner
6a05ba7cce .wolfssl_known_macro_extras: regenerate 2024-12-10 17:20:24 -06:00
JacobBarthelmeh
1208a7499b Merge pull request #8272 from douzzer/20241210-fixes 
20241210-fixes
 2024-12-10 13:35:09 -07:00
Daniel Pouzzner
d257a59087 add support for WOLFSSL_NO_OPTIONS_H: 
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
 2024-12-10 13:02:37 -06:00
Colton Willey
00386c76bf No redundant NULL check on free 2024-12-10 09:43:03 -08:00
JacobBarthelmeh
e443366748 Merge pull request #8270 from julek-wolfssl/actions-ubuntu-22.04 
Revert to ubuntu-22.04
 2024-12-10 09:14:00 -07:00
Juliusz Sosinowicz
1d2acd9de6 Revert to ubuntu-22.04 2024-12-10 16:27:41 +01:00
JacobBarthelmeh
0772cf692d Merge pull request #8262 from embhorn/zd18968 
Add sanity check for configuration method
 2024-12-09 21:22:54 -07:00
Colton Willey
0c20a20acc Use char instead of sword8, sanity length check on CKA_VALUE 2024-12-09 16:09:04 -08:00
Daniel Pouzzner
ba59f1af19 wolfssl/wolfcrypt/settings.h: use #warning, not #error, for "No configuration for wolfSSL detected, check header order", to avoid unnecessary breakage of old projects with nonstandard custom settings. 2024-12-09 17:04:38 -06:00
gojimmypi
7bc026540b Improve Espressif SHA HW/SW mutex messages 2024-12-09 14:51:18 -08:00
Colton Willey
0cda59e00e Add support for cert format in get cert crypto callback 2024-12-09 14:32:02 -08:00
David Garske
c4e319b092 Cleanup the gating for WOLFSSL_NO_AES_CFB_1_8. 2024-12-09 13:51:51 -08:00
Andras Fekete
ff66998575 Fix memory leak 2024-12-09 16:24:38 -05:00
Colton Willey
c83c9e68c9 Updates per review comments 2024-12-09 13:10:32 -08:00
Daniel Pouzzner
e248d8499a move !defined(EXTERNAL_OPTS_OPENVPN) assert from src/internal.c to wolfssl/wolfcrypt/types.h with refinements; refine logic+message of assert in wolfssl/wolfcrypt/settings.h re "wolfssl/options.h included in compiled wolfssl library object..". 2024-12-09 15:02:41 -06:00
Colton Willey
324b87614e Initial implementation for using PKCS11 to retrieve certificate for SSL CTX 2024-12-09 12:15:41 -08:00
Eric Blankenhorn
fcce09a4d3 Fix from review 2024-12-09 12:59:37 -06:00
Eric Blankenhorn
c77bea6691 Disable hitch OSP test 2024-12-09 12:45:54 -06:00
Eric Blankenhorn
3d0cc250b9 Add sanity check for configuration method 2024-12-09 12:03:25 -06:00
JacobBarthelmeh
67fb29a6f6 Merge pull request #8255 from julek-wolfssl/nss-interop 
Add nss interop
 2024-12-09 09:52:07 -07:00
David Garske
314f7575fa Fixes for macro names. 2024-12-09 08:30:47 -08:00
Juliusz Sosinowicz
aa662ad50a fix redirect order 2024-12-09 13:38:07 +01:00
Juliusz Sosinowicz
a3be826895 use unique key 2024-12-09 13:38:07 +01:00
Juliusz Sosinowicz
3275ebf54b add shebang 2024-12-09 13:37:20 +01:00
Juliusz Sosinowicz
0961be7711 Add CID interop with mbedtls 2024-12-09 13:37:18 +01:00
Juliusz Sosinowicz
ba4d1e6815 Add nss interop 2024-12-09 12:42:32 +01:00
Juliusz Sosinowicz
0e8320347c CID also supported in DTLS 1.2 2024-12-09 12:09:54 +01:00
David Garske
017f931f8b Various cleanups and fixes: 
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
 2024-12-06 16:45:33 -08:00
JacobBarthelmeh
f764dbeee1 Merge pull request #8254 from douzzer/20241204-WOLF_AGG_DUMMY_MEMBER 
20241204-WOLF_AGG_DUMMY_MEMBER
 2024-12-06 14:07:32 -07:00
Daniel Pouzzner
0ad072a34b src/internal.c: in HashSkeData(), remove unneeded logically faulty nullness check around XFREE(ssl->buffers.digest.buffer, ...). 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
0381a47d7e peer review: refactor HAVE_ANONYMOUS_INLINE_AGGREGATES and HAVE_EMPTY_AGGREGATES to conform to wolfssl convention -- defined() for true, !defined() for false -- while retaining ability for user override-off by passing in explicit 0 definition. 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
447d5ea6ee fips-check.sh: add support for WOLFSSL_REPO and noautogen option; tweak git fetching to keep wolfssl and fips tags distinct, and fetch all needed tags by name to assure availability for checkout. also, hide stdout noise from pushd/popd. 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
aec0345f90 update fips-check.sh for cert #4718: remap linuxv5 as an alias for linuxv5.2.1, and add linuxv5-RC12. 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
27e0df040f src/ssl_crypto.c: revert FIPS gate threshold in wolfSSL_AES_decrypt() changed in d85c108952 -- original value was correct, misdiagnosed by faulty test. 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
3dcc12b30a wolfssl/wolfcrypt/types.h and wolfssl/wolfcrypt/hash.h: define WOLF_AGG_DUMMY_MEMBER, pivoting on HAVE_EMPTY_AGGREGATES, and use WOLF_AGG_DUMMY_MEMBER in wc_Hashes. 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
37acac2eb3 configure.ac: fix SC1105 ("Shells disambiguate (( differently or not at all."). 2024-12-06 13:01:40 -06:00
Daniel Pouzzner
66c874bded configure.ac: add --enable-fips=cert4718 alias for v5, and make --enable-fips=v5 set FIPS to 5.2.1; set DEF_FAST_MATH and DEF_SP_MATH to "no" when "yes" would conflict with user-supplied arguments. 2024-12-06 13:01:40 -06:00
JacobBarthelmeh
86b24ef6fa Merge pull request #8261 from julek-wolfssl/libspdm-action 
Add libspdm action
 2024-12-06 11:44:14 -07:00
Juliusz Sosinowicz
6cede13478 Add libspdm action 
Depends on https://github.com/wolfSSL/osp/pull/217
 2024-12-06 17:12:06 +01:00
David Garske
0ed187e16d Merge pull request #8256 from LinuxJedi/ADA-7461 
Fix broken verify on Ada wrapper
 2024-12-06 07:59:01 -08:00
Andrew Hutchings
158d62591f Fix broken verify on Ada wrapper 
The Ada wrapper had an `&` operator for the verification mode. This
effectively caused the verification mode to equal `0`.

The operator has been switched to `or` now, in addition, a getter has
been added to the API. This allows for the test I've added to the server
code to verify that it is being set correctly.

`OPENSSL_ALL` flag added to Ada so that the verify mode getter function
is compiled in.

Fixes #7461

Thanks to @dalybrown for reporting it.
 2024-12-06 12:44:15 +00:00
gojimmypi
06c0c09940 Espressif Managed Component wolfSSL 5.7.4 post-release update 2024-12-05 21:46:33 -08:00
JacobBarthelmeh
20643577e6 Merge pull request #8258 from dgarske/get_verify 
Expose compatibility get_verify functions with openssl_extra
 2024-12-05 17:08:59 -07:00
David Garske
56ed6762d8 Expose compatibility get_verify functions with openssl_extra. 2024-12-05 12:10:51 -08:00
JacobBarthelmeh
1bfbdb6c7f Merge pull request #8257 from dgarske/settings_h 
Fix issue with wc_lms_impl.c or wc_lms not including settings.h
 2024-12-05 11:43:43 -07:00
David Garske
1e9607b65e Fixes for ML-DSA and LMS cast warnings and spelling errors. 2024-12-05 08:34:58 -08:00
JacobBarthelmeh
aa32027c26 Merge pull request #8236 from philljj/zephyr_thread_type 
wc_port: change zephyr struct k_thread tid member to pointer.
 2024-12-05 09:29:30 -07:00
David Garske
19b486e1f7 Fix issue with wc_lms_impl.c or wc_lms not including settings.h. Caused issue enabling LMS from user_settings.h. 2024-12-05 08:15:11 -08:00
Anthony Hu
ab384ee945 wolfSSL_CTX_set_tlsext_use_srtp() should return 1 on failure and 0 upon success. 
Same with wolfSSL_set_tlsext_use_srtp().

See https://docs.openssl.org/1.1.1/man3/SSL_CTX_set_tlsext_use_srtp/
 2024-12-05 10:40:40 -05:00
Colton Willey
c192cbabe8 Free x509 on fail to push 2024-12-04 10:33:58 -08:00
Colton Willey
c5acceca5d Dont use specific free function 2024-12-03 09:55:43 -08:00
Colton Willey
20e8ecec75 Merge branch 'master' of github.com:ColtonWilley/wolfssl into x509_store_add_cert_ref_count 2024-12-03 09:52:34 -08:00
Colton Willey
5684e56e0e Always keep original x509 pointer with proper refcounts even for self signed trusted CA 2024-12-02 12:15:33 -08:00
jordan
a18f71c27b wc_port: change zephyr struct k_thread tid member to pointer. 2024-11-27 16:05:48 -06:00
Colton Willey
c5df3cb6b6 Use proper ref count handling when adding to x509 store 2024-11-27 10:38:32 -08:00
gojimmypi
5d86031f57 Initialize vars & change types to appease Windows/VS 2024-11-17 17:50:17 -08:00
Maxim Ivanov
0319eb098d CMAKE: look for pthreads when importing wolfSSL if required 
All required dependencies of a package must also be found in the
package configuration file. Consumers of wolfSSL can't know
if it was built with or without threads support. This change
adds find_package(Threads) lookup in the file used for
find_package(wolfssl) if wolfSSL was built with threads support.
 2024-11-07 21:42:11 +00:00
477 changed files with 18693 additions and 10729 deletions
Expand all files Collapse all files

2
.github/workflows/async.yml vendored
View File

@@ -24,7 +24,7 @@ jobs:
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:

4
.github/workflows/codespell.yml vendored
View File

@@ -14,7 +14,7 @@ concurrency:
jobs:
codespell:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
@@ -27,4 +27,4 @@ jobs:
# The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored.
exclude_file: '.codespellexcludelines'
# To skip files entirely from being processed, add it to the following list:
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg'
skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked'

2
.github/workflows/coverity-scan-fixes.yml vendored
View File

@@ -10,7 +10,7 @@ on:
jobs:
coverity:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:

4
.github/workflows/curl.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -40,7 +40,7 @@ jobs:
test_curl:
name: ${{ matrix.curl_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl

4
.github/workflows/cyrus-sasl.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -48,7 +48,7 @@ jobs:
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

0
.github/workflows/hitch.yml → .github/workflows/disabled/hitch.yml vendored
View File

6
.github/workflows/docker-Espressif.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
espressif_latest:
name: latest Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
container:
@@ -27,7 +27,7 @@ jobs:
espressif_v4_4:
name: v4.4 Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v4.4
steps:
@@ -37,7 +37,7 @@ jobs:
espressif_v5_0:
name: v5.0 Docker container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
container:
image: espressif/idf:release-v5.0
steps:

4
.github/workflows/docker-OpenWrt.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
build_library:
name: Compile libwolfssl.so
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
container:
@@ -42,7 +42,7 @@ jobs:
compile_container:
name: Compile container
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 2
needs: build_library

41
.github/workflows/gencertbuf.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: Test gencertbuf script
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
gencertbuf:
name: gencertbuf
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test generate wolfssl/certs_test.h
run: ./gencertbuf.pl
- name: Test wolfSSL
run: |
./autogen.sh
./configure --enable-all --enable-experimental --enable-dilithium --enable-kyber
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

4
.github/workflows/grpc.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -52,7 +52,7 @@ jobs:
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl

91
.github/workflows/haproxy.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: haproxy Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-haproxy
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-haproxy
path: build-dir.tgz
retention-days: 5
test_haproxy:
name: ${{ matrix.haproxy_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
haproxy_ref: [ 'v3.1.0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install libpcre2-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-haproxy
- name: untar build-dir
run: tar -xf build-dir.tgz
# check cache for haproxy if not there then download it
- name: Check haproxy cache
uses: actions/cache@v4
id: cache-haproxy
with:
path: build-dir/haproxy-${{matrix.haproxy_ref}}
key: haproxy-${{matrix.haproxy_ref}}
- name: Download haproxy if needed
if: steps.cache-haproxy.outputs.cache-hit != 'true'
uses: actions/checkout@v3
with:
repository: haproxy/haproxy
ref: ${{matrix.haproxy_ref}}
path: build-dir/haproxy-${{matrix.haproxy_ref}}
- name: Build haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
- name: Build haproxy vtest
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: ./scripts/build-vtest.sh
- name: Test haproxy
working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
run: VTEST_PROGRAM=$GITHUB_WORKSPACE/build-dir/vtest/vtest make reg-tests -- --debug reg-tests/ssl/*

54
.github/workflows/hostap-vm.yml vendored
View File

@@ -13,7 +13,7 @@ concurrency:
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
LINUX_REF: v6.12
jobs:
build_wolfssl:
@@ -28,7 +28,7 @@ jobs:
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -63,27 +63,47 @@ jobs:
path: build-dir.tgz
retention-days: 5
checkout_hostap:
name: Checkout hostap repo
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have hostap in cache
uses: actions/cache@v4
id: cache
with:
path: hostap
key: hostap-repo
lookup-only: true
- name: Checkout hostap
run: git clone git://w1.fi/hostap.git hostap
build_uml_linux:
name: Build UML (UserMode Linux)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: checkout_hostap
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
key: hostap-linux-${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
- name: Checking if we have hostap in cache
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
uses: actions/cache/restore@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
@@ -91,6 +111,7 @@ jobs:
with:
repository: torvalds/linux
path: linux
ref: ${{ env.LINUX_REF }}
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
@@ -141,19 +162,18 @@ jobs:
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
needs: [build_wolfssl, build_uml_linux, checkout_hostap]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
key: hostap-linux-${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
@@ -198,12 +218,16 @@ jobs:
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
- name: Checking if we have hostap in cache
uses: actions/cache/restore@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
key: hostap-repo
fail-on-cache-miss: true
- name: Checkout correct ref
working-directory: hostap
run: git checkout ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv

4
.github/workflows/ipmitool.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
# This should be a safe limit for the tests to run.
timeout-minutes: 4
@@ -48,7 +48,7 @@ jobs:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies

4
.github/workflows/jwt-cpp.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
matrix:
config:
- ref: 0.7.0
runner: ubuntu-latest
runner: ubuntu-22.04
- ref: 0.6.0
runner: ubuntu-22.04
name: ${{ matrix.config.ref }}

4
.github/workflows/krb5.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 5
steps:
@@ -50,7 +50,7 @@ jobs:
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl

91
.github/workflows/libspdm.yml vendored Normal file
View File

@@ -0,0 +1,91 @@
name: libspdm Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all --enable-static CFLAGS='-DRSA_MIN_SIZE=512'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libspdm
path: build-dir.tgz
retention-days: 5
libspdm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 3.3.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libspdm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libspdm
uses: actions/checkout@v4
with:
repository: DMTF/libspdm
path: libspdm
ref: ${{ matrix.ref }}
- name: Build and test libspdm
working-directory: libspdm
run: |
patch -p1 < ../osp/libspdm/${{ matrix.ref }}/libspdm-${{ matrix.ref }}.patch
git submodule update --init --recursive
# Silence cmake version warnings
find -name CMakeLists.txt -exec sed -i 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.10)/g' {} \;
mkdir build
cd build
cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=wolfssl -DENABLE_BINARY_BUILD=1 \
-DCOMPILED_LIBWOLFSSL_PATH=$GITHUB_WORKSPACE/build-dir/lib/libwolfssl.a \
-DWOLFSSL_INCDIR=$GITHUB_WORKSPACE/build-dir/include ..
make -j
cd ../unit_test/sample_key
../../build/bin/test_crypt
../../build/bin/test_spdm_secured_message
../../build/bin/test_spdm_crypt

4
.github/workflows/libssh2.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
ref: [ 1.11.0 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl

4
.github/workflows/libvncserver.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
ref: [ 0.9.13 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib

79
.github/workflows/mbedtls.sh vendored Normal file
View File

@@ -0,0 +1,79 @@
#!/usr/bin/env bash
set -e
set -x
# Basic TLS test
./mbedtls/build/programs/ssl/ssl_server2 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2
env -C wolfssl ./examples/client/client -p 4433 -g \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
# Basic DTLS test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
env -C wolfssl ./examples/client/client -p 4433 -g -u \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
./mbedtls/build/programs/ssl/ssl_client2 dtls=1
kill $SERVER_PID
sleep 0.1
# DTLS 1.2 CID test
./mbedtls/build/programs/ssl/ssl_server2 dtls=1 cid=1 cid_val=121212 > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid=1 cid_val=232323 # Confirm working with mbed
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1
env -C wolfssl ./examples/server/server -p 4433 -i -g -u --cid 121212 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/server2-sha256.crt \
-k ../mbedtls/framework/data_files/server2.key.pem > /tmp/server.log 2>&1 &
SERVER_PID=$!
sleep 0.1
./mbedtls/build/programs/ssl/ssl_client2 dtls=1 cid_val=232323
env -C wolfssl ./examples/client/client -p 4433 -g -u --cid 232323 \
-A ../mbedtls/framework/data_files/test-ca-sha256.crt \
-c ../mbedtls/framework/data_files/cli-rsa-sha256.crt \
-k ../mbedtls/framework/data_files/cli-rsa-sha256.key.pem
kill $SERVER_PID
sleep 0.1

86
.github/workflows/mbedtls.yml vendored Normal file
View File

@@ -0,0 +1,86 @@
name: mbedtls interop Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
MBED_REF: v3.6.2
jobs:
build_mbedtls:
name: Build mbedtls
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have mbed in cache
uses: actions/cache@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
lookup-only: true
- name: Checkout mbedtls
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: Mbed-TLS/mbedtls
ref: ${{ env.MBED_REF }}
path: mbedtls
- name: Compile mbedtls
if: steps.cache.outputs.cache-hit != 'true'
working-directory: mbedtls
run: |
git submodule update --init
mkdir build
cd build
cmake ..
make -j
# convert key to pem format
openssl pkey -in framework/data_files/cli-rsa-sha256.key.der -text > framework/data_files/cli-rsa-sha256.key.pem
openssl pkey -in framework/data_files/server2.key.der -text > framework/data_files/server2.key.pem
mbedtls_test:
name: Test interop with mbedtls
runs-on: ubuntu-latest
needs: build_mbedtls
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Disable IPv6 (IMPORTANT, OTHERWISE DTLS MBEDTLS CLIENT WON'T CONNECT)
run: echo 1 | sudo tee /proc/sys/net/ipv6/conf/lo/disable_ipv6
- name: Checking if we have mbed in cache
uses: actions/cache/restore@v4
id: cache
with:
path: mbedtls
key: mbedtls-${{ env.MBED_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtlscid
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/mbedtls.sh
- name: print server logs
if: ${{ failure() }}
run: cat /tmp/server.log

4
.github/workflows/memcached.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
@@ -48,7 +48,7 @@ jobs:
- ref: 1.6.22
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib

4
.github/workflows/mosquitto.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
# Just to keep it the same as the testing target
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -45,7 +45,7 @@ jobs:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

2
.github/workflows/multi-arch.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
ARCH: armel
EXTRA_OPTS: --enable-sp-asm
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:

12
.github/workflows/multi-compiler.yml vendored
View File

@@ -21,16 +21,16 @@ jobs:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-10
CXX: g++-10
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-11
CXX: g++-11
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: gcc-12
CXX: g++-12
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
@@ -42,10 +42,10 @@ jobs:
OS: ubuntu-20.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-latest
OS: ubuntu-22.04
- CC: clang-14
CXX: clang++-14
OS: ubuntu-latest
OS: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.

4
.github/workflows/net-snmp.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -48,7 +48,7 @@ jobs:
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

4
.github/workflows/nginx.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -107,7 +107,7 @@ jobs:
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
needs: build_wolfssl

2
.github/workflows/no-malloc.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
]
name: make check
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:

27
.github/workflows/nss.sh vendored Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
set -e
set -x
# Setup nss cert db
mkdir nssdb
./dist/Debug/bin/certutil -d nssdb -N --empty-password
./dist/Debug/bin/certutil -d nssdb -A -a -i wolfssl/certs/test/server-localhost.pem \
-t TCP -n 'wolf localhost'
# App data for nss
echo Hello from nss > /tmp/in
# TLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1
# DTLS 1.3 test
env -C wolfssl ./examples/server/server -v 4 -p 4433 -u \
-c certs/test/server-localhost.pem -d -w > /tmp/server.log 2>&1 &
sleep 0.1
./dist/Debug/bin/tstclnt -V tls1.3: -P client -h localhost -p 4433 -d nssdb -C -4 -A /tmp/in -v
sleep 0.1

89
.github/workflows/nss.yml vendored Normal file
View File

@@ -0,0 +1,89 @@
name: nss interop Tests
### TODO uncomment stuff
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
NSS_REF: NSS_3_107_RTM
jobs:
build_nss:
name: Build nss
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
steps:
- name: Checking if we have nss in cache
uses: actions/cache@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
lookup-only: true
- name: Install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y gyp ninja-build
- name: Checkout nss
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: nss-dev/nss
ref: ${{ env.NSS_REF }}
path: nss
- name: Compile nss
if: steps.cache.outputs.cache-hit != 'true'
run: |
hg clone https://hg.mozilla.org/projects/nspr
cd nss
./build.sh
nss_test:
name: Test interop with nss
runs-on: ubuntu-22.04
needs: build_nss
timeout-minutes: 10
if: github.repository_owner == 'wolfssl'
steps:
- name: Checking if we have nss in cache
uses: actions/cache/restore@v4
id: cache
with:
path: dist
key: nss-${{ env.NSS_REF }}
fail-on-cache-miss: true
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-dtls --enable-dtls13
install: false
check: false
- name: Test interop
run: bash wolfssl/.github/workflows/nss.sh
- name: print server logs
if: ${{ failure() }}
run: |
cat /tmp/server.log

4
.github/workflows/ntp.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
ref: [ 4.2.8p15 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl

2
.github/workflows/ocsp.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
ocsp_stapling:
name: ocsp stapling
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
timeout-minutes: 10
steps:
- name: Checkout wolfSSL

4
.github/workflows/openldap.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl

4
.github/workflows/openssh.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -49,7 +49,7 @@ jobs:
osp_ver: '9.6'
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Download lib

4
.github/workflows/openvpn.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,7 +46,7 @@ jobs:
ref: [ release/2.6, master ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl

8
.github/workflows/os-check.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
config: [
# Add new configs here
'',
@@ -57,7 +57,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_all.h',
@@ -79,7 +79,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_min_ecc.h',
@@ -109,7 +109,7 @@ jobs:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
os: [ ubuntu-22.04, macos-latest ]
name: make user_setting.h (with sed)
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.os }}

2
.github/workflows/packaging.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
build_wolfssl:
name: Package wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:

4
.github/workflows/pam-ipmi.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -48,7 +48,7 @@ jobs:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
needs: build_wolfssl
steps:
- name: Install dependencies

4
.github/workflows/rng-tools.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
ref: [ 6.16 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

6
.github/workflows/socat.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
timeout-minutes: 4
steps:
- name: Build wolfSSL
@@ -39,7 +39,7 @@ jobs:
socat_check:
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
@@ -78,4 +78,4 @@ jobs:
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,478,492,528,530
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530

4
.github/workflows/softhsm.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
@@ -47,7 +47,7 @@ jobs:
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl

4
.github/workflows/sssd.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
if: github.repository_owner == 'wolfssl'
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -47,7 +47,7 @@ jobs:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:

4
.github/workflows/stunnel.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
@@ -46,7 +46,7 @@ jobs:
ref: [ 5.67 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl

2
.github/workflows/zephyr.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 25
steps:

15
.wolfssl_known_macro_extras
View File

@@ -216,8 +216,6 @@ HAVE_ECC512
HAVE_ECC_CDH_CAST
HAVE_ECC_SM2
HAVE_ESP_CLK
HAVE_EX_DATA_CRYPTO
HAVE_EX_DATA_CLEANUP_HOOKS
HAVE_FACON
HAVE_FIPS_VERSION_PORT
HAVE_FUZZER
@@ -541,7 +539,6 @@ WC_RSA_NO_FERMAT_CHECK
WC_SHA384
WC_SHA384_DIGEST_SIZE
WC_SHA512
WC_SHA512_DIGEST_SIZE
WC_SSIZE_TYPE
WC_STRICT_SIG
WC_XMSS_FULL_HASH
@@ -549,6 +546,7 @@ WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
WOLFSENTRY_H
WOLFSENTRY_NO_JSON
WOLFSSL_32BIT_MILLI_TIME
WOLFSSL_AARCH64_PRIVILEGE_MODE
WOLFSSL_AESNI_BY4
WOLFSSL_AESNI_BY6
WOLFSSL_AFTER_DATE_CLOCK_SKEW
@@ -599,6 +597,7 @@ WOLFSSL_CLANG_TIDY
WOLFSSL_COMMERCIAL_LICENSE
WOLFSSL_CONTIKI
WOLFSSL_CRL_ALLOW_MISSING_CDP
WOLFSSL_CUSTOM_CONFIG
WOLFSSL_DILITHIUM_ASSIGN_KEY
WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
WOLFSSL_DILITHIUM_NO_ASN1
@@ -639,6 +638,7 @@ WOLFSSL_FRDM_K64
WOLFSSL_FRDM_K64_JENKINS
WOLFSSL_FUNC_TIME
WOLFSSL_FUNC_TIME_LOG
WOLFSSL_GAISLER_BCC
WOLFSSL_GEN_CERT
WOLFSSL_GETRANDOM
WOLFSSL_GNRC
@@ -682,6 +682,7 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST
WOLFSSL_NONBLOCK_OCSP
WOLFSSL_NOSHA3_384
WOLFSSL_NOT_WINDOWS_API
WOLFSSL_NO_AES_CFB_1_8
WOLFSSL_NO_BIO_ADDR_IN
WOLFSSL_NO_CLIENT
WOLFSSL_NO_CLIENT_CERT_ERROR
@@ -723,6 +724,7 @@ WOLFSSL_NRF51_AES
WOLFSSL_OLDTLS_AEAD_CIPHERSUITES
WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
WOLFSSL_OLD_SET_CURVES_LIST
WOLFSSL_OLD_TIMINGPADVERIFY
WOLFSSL_OLD_UNSUPPORTED_EXTENSION
WOLFSSL_OPTIONS_IGNORE_SYS
WOLFSSL_PASSTHRU_ERR
@@ -748,7 +750,6 @@ WOLFSSL_RENESAS_RA6M3G
WOLFSSL_RENESAS_RSIP
WOLFSSL_RENESAS_RZN2L
WOLFSSL_RENESAS_TLS
WOLFSSL_RENESAS_TSIP_CRYPTONLY
WOLFSSL_RENESAS_TSIP_IAREWRX
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
WOLFSSL_RSA_DECRYPT_TO_0_LEN
@@ -815,7 +816,6 @@ WOLFSSL_XILINX_PATCH
WOLFSSL_XIL_MSG_NO_SLEEP
WOLFSSL_XMSS_LARGE_SECRET_KEY
WOLFSSL_ZEPHYR
WOLFSS_SP_MATH_ALL
WOLF_ALLOW_BUILTIN
WOLF_CONF_IO
WOLF_CONF_KYBER
@@ -826,10 +826,8 @@ WOLF_CRYPTO_CB_CMD
WOLF_CRYPTO_CB_FIND
WOLF_CRYPTO_CB_ONLY_ECC
WOLF_CRYPTO_CB_ONLY_RSA
WOLF_CRYPTO_CB_RSA_PAD
WOLF_CRYPTO_DEV
WOLF_NO_TRAILING_ENUM_COMMAS
WOLSSL_OLD_TIMINGPADVERIFY
XGETPASSWD
XMSS_CALL_PRF_KEYGEN
XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
@@ -856,6 +854,7 @@ _UINTPTR_T_DECLARED
_WIN32
_WIN32_WCE
_WIN64
_XOPEN_SOURCE_EXTENDED
__32MZ2048ECH144__
__32MZ2048ECM144__
__32MZ2048EFM144__
@@ -907,6 +906,7 @@ __MINGW32__
__MINGW64_VERSION_MAJOR
__MINGW64__
__MWERKS__
__OpenBSD__
__PIE__
__POWERPC__
__PPC__
@@ -966,6 +966,7 @@ __ppc__
__riscv
__riscv_xlen
__s390x__
__sparc
__sparc64__
__sun
__svr4__

6
CMakeLists.txt
View File

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.")
endif()
project(wolfssl VERSION 5.7.4 LANGUAGES C ASM)
project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -49,11 +49,11 @@ endif()
# shared library versioning
# increment if interfaces have been removed or changed
set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 3)
set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or

126
ChangeLog.md
View File

@@ -1,3 +1,129 @@
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
# wolfSSL Release 5.7.4 (Oct 24, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA

83
IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
View File

@@ -3,10 +3,12 @@
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
@@ -25,34 +27,63 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -67,16 +98,46 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# Ensure the this wolfSSL component directory is included
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
if(0)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
message(STATUS "end optional include")
project(wolfssl_template)
message(STATUS "end project")

28
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
View File

@@ -102,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -159,7 +159,8 @@ else()
set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
endif()
# find the user name to search for possible "wolfssl-username"
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -524,7 +525,7 @@ else()
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -951,7 +952,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -959,9 +960,16 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")

41
IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
View File

@@ -3,33 +3,34 @@
#
# wolfssl template
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -43,10 +44,20 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
"./include")
"./include"
PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -76,15 +87,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -100,3 +120,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

23
IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
View File

@@ -1,10 +1,13 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# See separate sdkconfig.defaults.esp8266
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
@@ -18,9 +21,10 @@ CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
CONFIG_ESP_MAIN_TASK_STACK_SIZE=3584
# Legacy stack size for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=3584
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
#
# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -61,8 +65,8 @@ CONFIG_HEAP_DISABLE_IRAM=y
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
CONFIG_ESP_TLS_USING_WOLFSSL=y
CONFIG_TLS_STACK_WOLFSSL=y
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
@@ -87,6 +91,13 @@ CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n

55
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
View File

@@ -3,10 +3,12 @@
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
@@ -25,34 +27,35 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -67,16 +70,46 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# Ensure the this wolfSSL component directory is included
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
if(0)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
message(STATUS "end optional include")
project(wolfssl_benchmark)
message(STATUS "end project")

25
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@@ -102,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -524,7 +524,7 @@ else()
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -951,7 +951,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -959,9 +959,16 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")

55
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
View File

@@ -8,6 +8,32 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(COMPONENT_SRCS "main.c")
set(COMPONENT_ADD_INCLUDEDIRS ".")
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -20,9 +46,20 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
"./include")
"./include"
PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -52,15 +89,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -76,3 +122,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

29
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
View File

@@ -1,12 +1,13 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
CONFIG_BENCH_ARGV="-lng 0"
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
@@ -24,7 +25,7 @@ CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
# Legacy stack size for older ESP-IDF versions
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=28672
#
@@ -66,8 +67,8 @@ CONFIG_HEAP_DISABLE_IRAM=y
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
CONFIG_ESP_TLS_USING_WOLFSSL=y
CONFIG_TLS_STACK_WOLFSSL=y
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
@@ -99,6 +100,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
# CONFIG_MBEDTLS_TLS_SERVER=n
# CONFIG_MBEDTLS_TLS_CLIENT=n
# CONFIG_MBEDTLS_HARDWARE_AES=n
# CONFIG_MBEDTLS_HARDWARE_MPI=n
# CONFIG_MBEDTLS_HARDWARE_SHA=n
# CONFIG_MBEDTLS_ROM_MD5=n
# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
# CONFIG_MBEDTLS_SSL_ALPN=n
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
# CONFIG_MBEDTLS_TLS_ENABLED=n
# CONFIG_MBEDTLS_TLS_DISABLED=y
#
# Compiler options
#

69
IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
@@ -7,6 +7,9 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -24,28 +27,28 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -54,16 +57,33 @@ endif()
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -78,25 +98,46 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
message(STATUS "begin include")
if(0)
message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "end optional include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
message(STATUS "end include")
project(wolfssl_client)
message(STATUS "end project")

25
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
View File

@@ -102,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -524,7 +524,7 @@ else()
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -951,7 +951,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -959,9 +959,16 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")

57
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
View File

@@ -1,36 +1,36 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.0
# v1.1
#
# wolfssl client test
#
message("Begin wolfSSL main CMakeLists.txt")
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -44,14 +44,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
wifi_connect.c
time_helper.c
client-tls.c
INCLUDE_DIRS "."
"./include")
#
"./include"
PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
driver
nvs_flash
protocol_examples_common)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -81,7 +93,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
@@ -90,21 +102,28 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
# WOLFSSL_EXAMPLE_VERSION_GIT_HASH
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE
# LIBWOLFSSL_VERSION_GIT_HASH_DATE
execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
endif()
message(STATUS "")
message("End wolfSSL main CMakeLists.txt")
message(STATUS "End wolfSSL main CMakeLists.txt")

4
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@@ -307,11 +307,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
/* no peer check */
if (doPeerCheck == 0) {
ESP_LOGW(TAG, "doPeerCheck == 0");
ESP_LOGW(TAG, "doPeerCheck == 0; WOLFSSL_VERIFY_NONE");
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
}
else {
ESP_LOGW(TAG, "doPeerCheck != 0");
ESP_LOGI(TAG, "doPeerCheck != 0");
WOLFSSL_MSG("Loading... our cert");
/* load our certificate */
ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,

2
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
View File

@@ -59,7 +59,7 @@
#define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
#else
/* Minimum ESP32 stack size = 8K without Kyber */
#define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
#define TLS_SMP_CLIENT_TASK_BYTES (10 * 1024)
#endif
#endif

2
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
View File

@@ -149,7 +149,7 @@ void app_main(void)
#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
#endif
#ifdef ESP_SDK_MEM_LIB_VERSION
#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
sdk_init_meminfo();
#endif
#ifdef ESP_TASK_MAIN_STACK

30
IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
View File

@@ -6,22 +6,25 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size
# Default main stack size. See user_settings.h
#
# This is typically bigger than needed for stack size.
# Units are words, not bytes. See user_settings.h
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size for older ESP-IDF versions
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
#
@@ -63,8 +66,8 @@ CONFIG_HEAP_DISABLE_IRAM=y
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
CONFIG_ESP_TLS_USING_WOLFSSL=y
CONFIG_TLS_STACK_WOLFSSL=y
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
@@ -76,6 +79,25 @@ CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
CONFIG_ESP_TLS_USING_MBEDTLS=n
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n

67
IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
@@ -7,6 +7,9 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -24,28 +27,28 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -54,16 +57,33 @@ endif()
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -78,25 +98,46 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
message(STATUS "begin include")
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
if(0)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
message(STATUS "end include")
project(wolfssl_server)
message(STATUS "end project")

25
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
View File

@@ -102,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -524,7 +524,7 @@ else()
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -951,7 +951,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -959,9 +959,16 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")

55
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
View File

@@ -1,36 +1,36 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.0
# v1.1
#
# wolfssl server test
#
message("Begin wolfSSL main CMakeLists.txt")
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -44,14 +44,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
wifi_connect.c
time_helper.c
server-tls.c
INCLUDE_DIRS "."
"./include")
#
"./include"
PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
driver
nvs_flash
protocol_examples_common)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -81,7 +93,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
@@ -90,21 +102,28 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
# WOLFSSL_EXAMPLE_VERSION_GIT_HASH
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE
# LIBWOLFSSL_VERSION_GIT_HASH_DATE
execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(WOLFSSL_EXAMPLE_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
endif()
message(STATUS "")
message("End wolfSSL main CMakeLists.txt")
message(STATUS "End wolfSSL main CMakeLists.txt")

10
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c
View File

@@ -131,9 +131,13 @@ void my_atmel_free(int slotId)
/* Entry for FreeRTOS */
void app_main(void)
{
int stack_start = 0;
int this_heap = 0;
esp_err_t ret = 0;
#ifndef SINGLE_THREADED
int this_heap = 0;
#ifdef INCLUDE_uxTaskGetStackHighWaterMark
int stack_start = 0;
#endif
#endif
ESP_LOGI(TAG, "---------------- wolfSSL TLS Server Example ------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -143,7 +147,7 @@ void app_main(void)
#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
#endif
#ifdef ESP_SDK_MEM_LIB_VERSION
#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
sdk_init_meminfo();
#endif
#ifdef ESP_TASK_MAIN_STACK

29
IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults
View File

@@ -7,21 +7,23 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER=y
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# See separate sdkconfig.defaults.esp8266
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size
# Default main stack size. See user_settings.h
#
# This is typically bigger than needed for stack size.
# Units are words, not bytes. See user_settings.h
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
@@ -64,8 +66,8 @@ CONFIG_HEAP_DISABLE_IRAM=y
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
CONFIG_ESP_TLS_USING_WOLFSSL=y
CONFIG_TLS_STACK_WOLFSSL=y
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
@@ -77,6 +79,25 @@ CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
CONFIG_ESP_TLS_USING_MBEDTLS=n
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n

83
IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
View File

@@ -3,10 +3,12 @@
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
@@ -25,34 +27,63 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -67,16 +98,46 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# Ensure the this wolfSSL component directory is included
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
message(STATUS "begin optional PROTOCOL_EXAMPLES_DIR include")
if(0)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
message(STATUS "end optional include")
project(wolfssl_test)
message(STATUS "end project")

25
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
View File

@@ -102,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -524,7 +524,7 @@ else()
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -951,7 +951,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -959,9 +959,16 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")

2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
View File

@@ -291,5 +291,5 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## wolfcrypt
##
# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
$(info ********** end wolfssl component **********)

120
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt
View File

@@ -3,9 +3,121 @@
#
# wolfssl crypt test
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
idf_component_register(SRCS
"main.c"
INCLUDE_DIRS
".")
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
#
# wolfSSL found in both ESP-IDF and local project - needs to be resolved by user
#
message(STATUS "")
message(STATUS "WARNING: Found components/wolfssl in both local project and IDF_PATH")
message(STATUS "")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
"./include"
PRIV_REQUIRES driver "${MAIN_WOLFSSL_COMPONENT_NAME}")
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE
execute_process(COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

32
IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
View File

@@ -1,13 +1,14 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP32.
# sdkconfig.defaults for ESP8266 + ESP32
# See separate sdkconfig.defaults.esp8266
# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
CONFIG_BENCH_ARGV="-lng 0"
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
@@ -24,8 +25,7 @@ CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
# Legacy stack size for older ESP-IDF versions
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=28672
#
@@ -67,8 +67,8 @@ CONFIG_HEAP_DISABLE_IRAM=y
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
CONFIG_ESP_TLS_USING_WOLFSSL=y
CONFIG_TLS_STACK_WOLFSSL=y
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
@@ -100,6 +100,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
# CONFIG_MBEDTLS_TLS_SERVER=n
# CONFIG_MBEDTLS_TLS_CLIENT=n
# CONFIG_MBEDTLS_HARDWARE_AES=n
# CONFIG_MBEDTLS_HARDWARE_MPI=n
# CONFIG_MBEDTLS_HARDWARE_SHA=n
# CONFIG_MBEDTLS_ROM_MD5=n
# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
# CONFIG_MBEDTLS_SSL_ALPN=n
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
# CONFIG_MBEDTLS_TLS_ENABLED=n
# CONFIG_MBEDTLS_TLS_DISABLED=y
#
# Compiler options
#

12
IDE/GCC-ARM/Source/benchmark_main.c
View File

@@ -39,16 +39,16 @@ int main(void)
{
int ret;
#ifndef NO_CRYPT_BENCHMARK
wolfCrypt_Init();
wolfCrypt_Init();
printf("\nBenchmark Test\n");
benchmark_test(&args);
printf("\nBenchmark Test\n");
benchmark_test(&args);
ret = args.return_code;
printf("Benchmark Test: Return code %d\n", ret);
printf("Benchmark Test: Return code %d\n", ret);
wolfCrypt_Cleanup();
wolfCrypt_Cleanup();
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
return ret;
}

12
IDE/GCC-ARM/Source/test_main.c
View File

@@ -40,16 +40,16 @@ int main(void)
{
int ret;
#ifndef NO_CRYPT_TEST
wolfCrypt_Init();
wolfCrypt_Init();
printf("\nCrypt Test\n");
wolfcrypt_test(&args);
printf("\nCrypt Test\n");
wolfcrypt_test(&args);
ret = args.return_code;
printf("Crypt Test: Return code %d\n", ret);
printf("Crypt Test: Return code %d\n", ret);
wolfCrypt_Cleanup();
wolfCrypt_Cleanup();
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
return ret;
}

65
IDE/Gaisler-BCC/README.md Normal file
View File

@@ -0,0 +1,65 @@
# Gaisler BCC
This document outlines how to compile for the Gaisler LEON range of Sparc CPUs
using the BCC2 toolkit. The steps here should also work for the original BCC.
## Compiler
In the examples in this document, a Linux computer is used as a cross compiler
and the compilers have been extracted to `/opt`. You can install them elsewhere,
but please adjust commands accordingly.
### Bare-metal
To compile for bare-metal, you need to download the BCC2 binaries from
[here](https://www.gaisler.com/index.php/downloads/compilers). You can use
either the GCC or CLang version, but do note that you will need to set the
CFLAG `-std=c99` to compile in CLang.
### Linux
For Linux, you will need the "GNU toolchains for LEON and NOEL" from
[this link](https://www.gaisler.com/index.php/downloads/linux).
## Compiling
### Bare metal
Copy the file `examples/config/user_settings_template.h` to `user_settings.h` in
the root of the source code. Then edit this to add the following:
```c
#define WOLFSSL_GAISLER_BCC
#define WOLFSSL_GENSEED_FORTEST
```
The first `#define` is only required to compile the wolfCrypt benchmark.
**Note:** that most Gaisler LEON processors do not have a good source of
entropy for the RNG. It is recommended an external entropy source is used when
developing for production.
You can then compile with the following. Change `leon5` to the LEON CPU version
used:
```sh
export CC=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-gcc
export CXX=/opt/sparc-bcc-2.3.1-gcc/bin/sparc-gaisler-elf-g++
export CFLAGS="-mcpu=leon5"
./configure --host=sparc --enable-usersettings --disable-examples --enable-static
make
```
### Linux
To compile for Linux on the LEON use the following commands:
```sh
export CC=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-gcc
export CXX=/opt/sparc-gaisler-linux5.10/bin/sparc-gaisler-linux5.10-g++
export CFLAGS="-mcpu=leon5"
./configure --host=sparc-linux
make
```

4
IDE/Gaisler-BCC/include.am Normal file
View File

@@ -0,0 +1,4 @@
# vim:ft=automake
# All paths should be given relative to the root
EXTRA_DIST+= IDE/Gaisler-BCC/README.md

4
IDE/QNX/example-cmac/cmac-test.c
View File

@@ -41,13 +41,13 @@ static int createTag(const byte* key, int keySz, byte* msg, int msgSz,
byte* msg2, int msg2Sz)
{
Cmac cmac;
byte tag[AES_BLOCK_SIZE];
byte tag[WC_AES_BLOCK_SIZE];
word32 i, tagSz;
byte out[48];
word32 outSz;
XMEMSET(tag, 0, sizeof(tag));
tagSz = AES_BLOCK_SIZE;
tagSz = WC_AES_BLOCK_SIZE;
outSz = 48;
wc_caamCoverKey((byte*)key, keySz, out, &outSz, 0);

3
IDE/Renesas/e2studio/DK-S7G2/user_settings.h
View File

@@ -74,4 +74,7 @@
#define HAVE_ED25519
#define WOLFSSL_SHA512
/* NETX Duo BSD manual lists the socket len type as an INT */
#undef XSOCKLENT
#define XSOCKLENT int
#endif

3
IDE/Renesas/e2studio/RA6M4/test/.cproject
View File

@@ -105,6 +105,9 @@
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/r_sce_protected/crypto_procedures_protected/src/sce9/private/inc}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
</option>
<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1484044149" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
<listOptionValue builtIn="false" value="_RENESAS_RA_"/>

46
IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
View File

@@ -107,8 +107,8 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
Aes aes[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
int ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
@@ -119,8 +119,8 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
};
byte iv[] = "1234567890abcdef "; /* align */
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
if (prnt) {
printf(" sce_aes_cbc_test() ");
@@ -129,9 +129,9 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
ret = wc_AesInit(aes, NULL, devId);
if (ret == 0) {
ret = wc_AesSetKey(aes, (byte*)aes_key,
AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
}
wc_AesFree(aes);
@@ -144,15 +144,15 @@ static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
ret = wc_AesInit(aes, NULL, devId);
if (ret == 0) {
ret = wc_AesSetKey(aes, (byte*)aes_key,
AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
wc_AesFree(aes);
}
if (ret != 0)
ret = -2;
if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
ret = -3;
#endif /* HAVE_AES_DECRYPT */
@@ -189,8 +189,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
{
Aes enc[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
Aes dec[1];
int ret = 0;
@@ -219,20 +219,20 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
}
ret = wc_AesSetKey(enc, (byte*)aes_key,
AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
WC_AES_BLOCK_SIZE*2, iv, AES_ENCRYPTION);
if (ret != 0){
ret = -3;
goto out;
}
ret = wc_AesSetKey(dec, (byte*)aes_key,
AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
WC_AES_BLOCK_SIZE*2, iv, AES_DECRYPTION);
if (ret != 0) {
ret = -4;
goto out;
}
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
if (ret != 0) {
@@ -240,7 +240,7 @@ static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
goto out;
}
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
if (ret != 0){
@@ -340,8 +340,8 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
};
byte resultT[sizeof(t1)];
byte resultP[sizeof(p) + AES_BLOCK_SIZE];
byte resultC[sizeof(p) + AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;
@@ -366,7 +366,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
}
result = wc_AesGcmSetKey(enc,
(byte*)aes256_key, AES_BLOCK_SIZE*2);
(byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
if (result != 0) {
ret = -3;
goto out;
@@ -383,7 +383,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
}
result = wc_AesGcmSetKey(dec,
(byte*)aes256_key, AES_BLOCK_SIZE*2);
(byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
if (result != 0) {
ret = -7;
goto out;
@@ -408,7 +408,7 @@ static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
XMEMSET(resultP, 0, sizeof(resultP));
wc_AesGcmSetKey(enc,
(byte*)aes256_key, AES_BLOCK_SIZE*2);
(byte*)aes256_key, WC_AES_BLOCK_SIZE*2);
/* AES-GCM encrypt and decrypt both use AES encrypt internally */
result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p),
(byte*)iv1, sizeof(iv1),
@@ -527,8 +527,8 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
};
byte resultT[sizeof(t1)];
byte resultP[sizeof(p) + AES_BLOCK_SIZE];
byte resultC[sizeof(p) + AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;
@@ -553,7 +553,7 @@ static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
goto out;
}
wc_AesGcmSetKey(enc, (byte*)aes128_key, AES_BLOCK_SIZE);
wc_AesGcmSetKey(enc, (byte*)aes128_key, WC_AES_BLOCK_SIZE);
if (result != 0) {
ret = -3;
goto out;

34
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c
View File

@@ -126,8 +126,8 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
Aes aes[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
int ret = 0;
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
@@ -139,8 +139,8 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
byte key[] = "0123456789abcdef "; /* align */
byte iv[] = "1234567890abcdef "; /* align */
ForceZero(cipher, AES_BLOCK_SIZE);
ForceZero(plain, AES_BLOCK_SIZE);
ForceZero(cipher, WC_AES_BLOCK_SIZE);
ForceZero(plain, WC_AES_BLOCK_SIZE);
if (prnt) {
printf(" tsip_aes_cbc_test() ");
@@ -148,13 +148,13 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
aes->ctx.keySize = aes->keylen;
if (ret == 0) {
ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
ret = wc_tsip_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
}
wc_AesFree(aes);
@@ -167,18 +167,18 @@ static int tsip_aes_cbc_test(int prnt, tsip_aes_key_index_t* aes_key)
if (ret == 0)
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
ret = wc_AesSetKey(aes, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION);
XMEMCPY(&aes->ctx.tsip_keyIdx, aes_key,
sizeof(tsip_aes_key_index_t));
aes->ctx.keySize = aes->keylen;
if (ret == 0)
ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
ret = wc_tsip_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
wc_AesFree(aes);
}
if (ret != 0)
ret = -2;
if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
ret = -3;
#endif /* HAVE_AES_DECRYPT */
@@ -216,8 +216,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
{
Aes enc[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
Aes dec[1];
int ret = 0;
@@ -279,7 +279,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
dec->ctx.keySize = dec->keylen;
}
ForceZero(cipher, AES_BLOCK_SIZE);
ForceZero(cipher, WC_AES_BLOCK_SIZE);
ret = wc_tsip_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
if (ret != 0) {
@@ -287,7 +287,7 @@ static int tsip_aes256_test(int prnt, tsip_aes_key_index_t* aes_key)
goto out;
}
ForceZero(plain, AES_BLOCK_SIZE);
ForceZero(plain, WC_AES_BLOCK_SIZE);
ret = wc_tsip_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
if (ret != 0){
@@ -395,8 +395,8 @@ static int tsip_aesgcm256_test(int prnt, tsip_aes_key_index_t* aes256_key)
};
byte resultT[sizeof(t1)];
byte resultP[sizeof(p) + AES_BLOCK_SIZE];
byte resultC[sizeof(p) + AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;
@@ -575,8 +575,8 @@ static int tsip_aesgcm128_test(int prnt, tsip_aes_key_index_t* aes128_key)
};
byte resultT[sizeof(t3)];
byte resultP[sizeof(p3) + AES_BLOCK_SIZE];
byte resultC[sizeof(p3) + AES_BLOCK_SIZE];
byte resultP[sizeof(p3) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p3) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;

30
IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
View File

@@ -134,8 +134,8 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
Aes aes[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
word32 keySz = (word32)(128/8);
int ret = 0;
@@ -147,8 +147,8 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
};
byte iv[] = "1234567890abcdef "; /* align */
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
if (prnt) {
printf(" rsip_aes_cbc_test() ");
@@ -159,7 +159,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
iv, AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, cipher, msg, AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(aes, cipher, msg, WC_AES_BLOCK_SIZE);
}
wc_AesFree(aes);
@@ -174,13 +174,13 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(aes, plain, cipher, AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(aes, plain, cipher, WC_AES_BLOCK_SIZE);
wc_AesFree(aes);
}
if (ret != 0)
ret = -2;
if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0)
ret = -3;
#endif /* HAVE_AES_DECRYPT */
@@ -217,8 +217,8 @@ static void tskAes128_Cbc_Test(void *pvParam)
static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
{
Aes enc[1];
byte cipher[AES_BLOCK_SIZE];
byte plain[AES_BLOCK_SIZE];
byte cipher[WC_AES_BLOCK_SIZE];
byte plain[WC_AES_BLOCK_SIZE];
Aes dec[1];
const word32 keySz = (word32)(256/8);
int ret = 0;
@@ -261,7 +261,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
goto out;
}
XMEMSET(cipher, 0, AES_BLOCK_SIZE);
XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
if (ret != 0) {
@@ -269,7 +269,7 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
goto out;
}
XMEMSET(plain, 0, AES_BLOCK_SIZE);
XMEMSET(plain, 0, WC_AES_BLOCK_SIZE);
ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
if (ret != 0){
@@ -368,8 +368,8 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
};
byte resultT[sizeof(t1)];
byte resultP[sizeof(p) + AES_BLOCK_SIZE];
byte resultC[sizeof(p) + AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;
@@ -554,8 +554,8 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
};
byte resultT[sizeof(t1)];
byte resultP[sizeof(p) + AES_BLOCK_SIZE];
byte resultC[sizeof(p) + AES_BLOCK_SIZE];
byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE];
byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE];
int result = 0;
int ret;

8
IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc
View File

@@ -51,8 +51,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,7,4,0
PRODUCTVERSION 5,7,4,0
FILEVERSION 5,7,6,0
PRODUCTVERSION 5,7,6,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.7.4.0"
VALUE "FileVersion", "5.7.6.0"
VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2023"
VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.7.4.0"
VALUE "ProductVersion", "5.7.6.0"
END
END
BLOCK "VarFileInfo"

8
IDE/WIN10/wolfssl-fips.rc
View File

@@ -51,8 +51,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,7,4,0
PRODUCTVERSION 5,7,4,0
FILEVERSION 5,7,6,0
PRODUCTVERSION 5,7,6,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.7.4.0"
VALUE "FileVersion", "5.7.6.0"
VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2024"
VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.7.4.0"
VALUE "ProductVersion", "5.7.6.0"
END
END
BLOCK "VarFileInfo"

1
IDE/include.am
View File

@@ -14,6 +14,7 @@ include IDE/ECLIPSE/RTTHREAD/include.am
include IDE/ECLIPSE/SIFIVE/include.am
include IDE/Espressif/include.am
include IDE/GCC-ARM/include.am
include IDE/Gaisler-BCC/include.am
include IDE/HEXAGON/include.am
include IDE/IAR-MSP430/include.am
include IDE/Infineon/include.am

278
README
View File

@@ -70,198 +70,130 @@ should be used for the enum name.
*** end Notes ***
# wolfSSL Release 5.7.4 (Oct 24, 2024)
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate
verification behaved differently in wolfSSL than OpenSSL, in the
X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
Previously, in cases where an application explicitly loaded an intermediate
certificate, wolfSSL was verifying only up to that intermediate certificate,
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
* Add support for (DevkitPro)libnds (PR 7990)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
* Add port for init sssd (PR 7781)
* Add port for eXosip2 (PR 7648)
* Add support for STM32G4 (PR 7997)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
Support (PR 7777)
* Add support for building wolfSSL to be used in libspdm (PR 7869)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
* Add option to disable cryptocb test software test using
--disable-cryptocb-sw-test (PR 7862)
* Add a call to certificate verify callback before checking certificate dates
(PR 7895)
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
Hashing (PR 3166)
* Expand MMCAU support for use with DES ECB (PR 7960)
* Update AES SIV to handle multiple associated data inputs (PR 7911)
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
(PR 7731)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
* Renesas RX TSIP ECDSA support (PR 7685)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
* Server-side checks OCSP even if it uses v2 multi (PR 7828)
* Add handling of absent hash params in PKCS7 bundle parsing and creation
(PR 7845)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
environments that do not have a word64 type (PR 7759)
* Update to the maxq10xx support (PR 7824)
* Add support for parsing over optional PKCS8 attributes (PR 7944)
* Add support for either side method with DTLS 1.3 (PR 8012)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
* Add left-most wildcard matching support to X509_check_host() (PR 7966)
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
* Building wolfSSL as a library with Ada and corrections to Alire manifest
(PR 7303,7940)
* Renesas RX72N support updated (PR 7849)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
(PR 8005)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
SSL object (PR 7867)
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
* Memory usage improvements in wc_PRF, sha256 (for small code when many
registers are available) and sp_int objects (PR 7901)
* Change in the configure script to work around ">>" with no command. In older
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at:

278
README.md
View File

@@ -75,197 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
`WC_SHA512` should be used for the enum name.
# wolfSSL Release 5.7.4 (Oct 24, 2024)
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.4 has been developed according to wolfSSL's development and QA
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Low] When the OpenSSL compatibility layer is enabled, certificate
verification behaved differently in wolfSSL than OpenSSL, in the
X509_STORE_add_cert() and X509_STORE_load_locations() implementations.
Previously, in cases where an application explicitly loaded an intermediate
certificate, wolfSSL was verifying only up to that intermediate certificate,
rather than verifying up to the root CA. This only affects use cases where the
API is called directly, and does not affect TLS connections. Users that call
the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their
applications are recommended to update the version of wolfSSL used or to have
additional sanity checks on certificates loaded into the X509_STORE when
verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087)
## PQC TLS Experimental Build Fix
* When using TLS with post quantum algorithms enabled, the connection uses a
smaller EC curve than agreed on. Users building with --enable-experimental and
enabling PQC cipher suites with TLS connections are recommended to update the
version of wolfSSL used. Thanks to Daniel Correa for the report.
(https://github.com/wolfSSL/wolfssl/pull/8084)
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20,
Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916)
* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995)
* Add support for (DevkitPro)libnds (PR 7990)
* Add port for Mosquitto OSP (Open Source Project) (PR 6460)
* Add port for init sssd (PR 7781)
* Add port for eXosip2 (PR 7648)
* Add support for STM32G4 (PR 7997)
* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback
Support (PR 7777)
* Add support for building wolfSSL to be used in libspdm (PR 7869)
* Add port for use with Nucleus Plus 2.3 (PR 7732)
* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with
--enable-acert (PR 7926)
* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS
(sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt).
(PR 7750)
* Added “new” and “delete” style functions for heap/pool allocation and freeing
of low level crypto structures (PR 3166 and 8089)
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
* Increase default max alt. names from 128 to 1024 (PR 7762)
* Added new constant time DH agree function wc_DhAgree_ct (PR 7802)
* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804)
* Add option to disable cryptocb test software test using
--disable-cryptocb-sw-test (PR 7862)
* Add a call to certificate verify callback before checking certificate dates
(PR 7895)
* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding
support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and
Hashing (PR 3166)
* Expand MMCAU support for use with DES ECB (PR 7960)
* Update AES SIV to handle multiple associated data inputs (PR 7911)
* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811)
* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839)
* Set RSA_MIN_SIZE default to 2048 bits (PR 7923)
* Added support for wolfSSL to be used as the default TLS in the zephyr kernel
(PR 7731)
* Add enable provider build using --enable-wolfprovider with autotools (PR 7550)
* Renesas RX TSIP ECDSA support (PR 7685)
* Support DTLS1.3 downgrade when the server supports CID (PR 7841)
* Server-side checks OCSP even if it uses v2 multi (PR 7828)
* Add handling of absent hash params in PKCS7 bundle parsing and creation
(PR 7845)
* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in
environments that do not have a word64 type (PR 7759)
* Update to the maxq10xx support (PR 7824)
* Add support for parsing over optional PKCS8 attributes (PR 7944)
* Add support for either side method with DTLS 1.3 (PR 8012)
* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704)
* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962)
* Add left-most wildcard matching support to X509_check_host() (PR 7966)
* Add option to set custom SKID with PKCS7 bundle creation (PR 7954)
* Building wolfSSL as a library with Ada and corrections to Alire manifest
(PR 7303,7940)
* Renesas RX72N support updated (PR 7849)
* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object
(PR 8005)
* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each
SSL object (PR 7867)
* Add an option to use AES-CBC with HMAC for default session ticket enc/dec.
Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703)
* Memory usage improvements in wc_PRF, sha256 (for small code when many
registers are available) and sp_int objects (PR 7901)
* Change in the configure script to work around ">>" with no command. In older
/bin/sh it can be ambiguous, as used in OSs such as FreeBSD 9.2 (PR 7876)
* Don't attempt to include system headers when not required (PR 7813)
* Certificates: DER encoding of ECC signature algorithm parameter is now
allowed to be NULL with a define (PR 7903)
* SP x86_64 asm: check for AVX2 support for VMs (PR 7979)
* Update rx64n support on gr-rose (PR 7889)
* Update FSP version to v5.4.0 for RA6M4 (PR 7994)
* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993)
* Add a new crypto callback for RSA with padding (PR 7907)
* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA
(PR 7924)
* Modernized memory fence support for C11 and clang (PR 7938)
* Add a CRL error override callback (PR 7986)
* Extend the X509 unknown extension callback for use with a user context
(PR 7730)
* Additional debug error tracing added with TLS (PR 7917)
* Added runtime support for library call stack traces with
enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846)
* Expanded C89 conformance (PR 8077)
* Expanded support for WOLFSSL_NO_MALLOC (PR 8065)
* Added support for cross-compilation of Linux kernel module (PR 7746)
* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826)
* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a
serial number of 0 (PR 7893)
* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871)
### Espressif / Arduino Updates
* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953)
* Update Espressif sha, util, mem, time helpers (PR 7955)
* Espressif _thread_local_start and _thread_local_end fix (PR 8030)
* Improve benchmark for Espressif devices (PR 8037)
* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866)
* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF
(PR 7936)
* Update wolfssl Release for Arduino (PR 7775)
### Post Quantum Crypto Updates
* Dilithium: support fixed size arrays in dilithium_key (PR 7727)
* Dilithium: add option to use precalc with small sign (PR 7744)
* Allow Kyber to be built with FIPS (PR 7788)
* Allow Kyber asm to be used in the Linux kernel module (PR 7872)
* Dilithium, Kyber: Update to final specification (PR 7877)
* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016)
### ARM Assembly Optimizations
* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020)
* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859)
* Poly1305 assembly optimizations added for Thumb-2 (PR 7939)
* Adding ARM ASM build option to STM32CubePack (PR 7747)
* Add ARM64 to Visual Studio Project (PR 8010)
* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998)
* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706)
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* ECC key load: fixes for certificates with parameters that are not default for
size (PR 7751)
* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884)
* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret
(PR 7812)
* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931)
* Fix for detecting older versions of Mac OS when trying to link with
libdispatch (PR 7932)
* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake
packets combined into a single transmission. (PR 7840)
* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest
(PR 7779)
* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934)
* Fix for staticmemory and singlethreaded build (PR 7737)
* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708)
* Fix to support PKCS11 without RSA key generation (PR 7738)
* Fix not calling the signing callback when using PK callbacks + TLS 1.3
(PR 7761)
* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753)
* Fix with PKCS11 to iterate correctly over slotId (PR 7736)
* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710)
* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value
(PR 7742)
* Use max key length for PSK encrypt buffer size (PR 7707)
* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951)
* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787)
* Fix CMake build error for curl builds (PR 8021)
* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038)
* SSL loading of keys/certs: testing and fixes (PR 7789)
* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904)
* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868)
* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773)
* Fix for edge cases with session resumption with TLS 1.2 (PR 8097)
* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member
(PR 8099)
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/

BIN
certs/1024/ca-cert.der
View File

Binary file not shown.

42
certs/1024/ca-cert.pem
View File

@@ -2,16 +2,16 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:29 2024 GMT
Not After : Sep 14 21:25:29 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -29,8 +29,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -38,20 +37,21 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
b7:3d
Signature Value:
09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
66:fc
-----BEGIN CERTIFICATE-----
MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -63,10 +63,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
-----END CERTIFICATE-----

BIN
certs/1024/client-cert.der
View File

Binary file not shown.

44
certs/1024/client-cert.pem
View File

@@ -2,16 +2,16 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:f2:ea:44:08:b5:12:30:a0:96:93:d1:d1:7f:e1:ec:49:75:9b:a2
09:1d:03:41:8b:92:bd:2a:2a:1c:77:e0:13:a8:3d:f0:33:da:7f:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:29 2024 GMT
Not After : Sep 14 21:25:29 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_1024, OU = Programming-1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:
99:21:f9:c8:ec:b3:6d:48:e5:35:35:75:77:37:ec:
@@ -29,8 +29,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:81:69:0F:F8:DF:DD:CF:34:29:D5:67:75:71:85:C7:75:10:69:59:EC
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_1024/OU=Programming-1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:59:F2:EA:44:08:B5:12:30:A0:96:93:D1:D1:7F:E1:EC:49:75:9B:A2
serial:09:1D:03:41:8B:92:BD:2A:2A:1C:77:E0:13:A8:3D:F0:33:DA:7F:72
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -38,21 +37,22 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
45:63:6f:f9:ed:f4:12:3c:3c:c5:2c:51:08:94:61:7e:08:e8:
32:46:2b:22:02:d0:e8:2b:a4:23:15:48:47:87:5d:72:ab:38:
d5:34:b9:fc:f4:86:93:49:95:d8:81:32:1c:21:e3:ef:b8:40:
c5:87:02:e8:28:aa:54:93:2d:8a:e9:1e:dd:5d:11:f8:bf:ca:
4e:33:20:56:4e:6f:53:bb:79:b0:da:65:a1:4b:9f:c8:55:fa:
53:26:84:c6:1e:0a:5e:7a:6e:f2:2d:2a:81:a5:d0:2b:ec:d5:
8e:b9:f0:c7:57:d7:d6:14:1a:3b:dc:09:41:b4:9d:0d:72:20:
44:79
Signature Value:
9a:1c:8f:c4:bd:54:da:63:a7:f8:ba:39:b6:64:60:9d:ba:a5:
fc:43:f5:57:28:31:43:09:4c:03:4c:b8:c3:49:2b:4e:bf:f2:
9b:13:4e:37:1e:a1:57:c6:0c:7b:2c:25:19:37:9f:06:53:ef:
8d:d1:ba:c0:73:6e:7f:c2:0b:46:5f:9b:56:bb:59:19:5c:c9:
ee:ea:02:da:03:2c:fb:29:b6:07:dd:55:b7:e9:ce:60:47:e0:
6b:44:5a:61:74:5c:96:f6:30:d8:1b:a4:15:5e:06:c5:73:4b:
8a:4d:94:23:13:1b:3f:db:67:ca:a7:a6:41:c5:28:0f:fd:2e:
0e:f0
-----BEGIN CERTIFICATE-----
MIIEGDCCA4GgAwIBAgIUWfLqRAi1EjCglpPR0X/h7El1m6IwDQYJKoZIhvcNAQEL
MIIEGDCCA4GgAwIBAgIUCR0DQYuSvSoqHHfgE6g98DPaf3IwDQYJKoZIhvcNAQEL
BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEwMjQxGTAXBgNVBAsMEFByb2dyYW1t
aW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8xMDI0MRkwFwYDVQQLDBBQcm9ncmFt
bWluZy0xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
@@ -63,10 +63,10 @@ BgNVHQ4EFgQUgWkP+N/dzzQp1Wd1cYXHdRBpWewwgd4GA1UdIwSB1jCB04AUgWkP
+N/dzzQp1Wd1cYXHdRBpWeyhgaSkgaEwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI
DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzEw
MjQxGTAXBgNVBAsMEFByb2dyYW1taW5nLTEwMjQxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWfLqRAi1
EjCglpPR0X/h7El1m6IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUCR0DQYuS
vSoqHHfgE6g98DPaf3IwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxl
LmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZI
hvcNAQELBQADgYEARWNv+e30Ejw8xSxRCJRhfgjoMkYrIgLQ6CukIxVIR4ddcqs4
1TS5/PSGk0mV2IEyHCHj77hAxYcC6CiqVJMtiuke3V0R+L/KTjMgVk5vU7t5sNpl
oUufyFX6UyaExh4KXnpu8i0qgaXQK+zVjrnwx1fX1hQaO9wJQbSdDXIgRHk=
hvcNAQELBQADgYEAmhyPxL1U2mOn+Lo5tmRgnbql/EP1VygxQwlMA0y4w0krTr/y
mxNONx6hV8YMeywlGTefBlPvjdG6wHNuf8ILRl+bVrtZGVzJ7uoC2gMs+ym2B91V
t+nOYEfga0RaYXRclvYw2BukFV4GxXNLik2UIxMbP9tnyqemQcUoD/0uDvA=
-----END CERTIFICATE-----

BIN
certs/1024/server-cert.der
View File

Binary file not shown.

80
certs/1024/server-cert.pem
View File

@@ -5,12 +5,12 @@ Certificate:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:30 2024 GMT
Not After : Sep 14 21:25:30 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL, OU = Support_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:aa:3e:a5:9c:d3:17:49:65:43:de:d0:f3:4b:1c:
db:49:0c:fc:7a:65:05:6d:de:6a:c4:e4:73:2c:8a:
@@ -28,8 +28,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -37,20 +36,21 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
35:2e:7b:57:7b:64:70:53:e0:81:ed:f4:ac:b3:3a:3b:ba:82:
8d:a2:31:d9:d4:ac:d1:8a:6d:35:41:15:b3:e8:06:91:ca:2a:
f7:ff:28:0e:3d:cd:e7:28:f0:07:c0:78:62:9e:88:3d:dc:98:
f0:8c:89:a7:1c:5b:77:37:b2:55:38:b2:60:42:e8:02:81:bf:
7c:c3:54:86:7e:e4:2f:7d:74:74:27:f7:9a:e2:8d:a9:2f:7c:
82:31:41:f1:cb:48:a0:05:00:26:3d:a4:6b:27:43:4c:3f:6f:
2f:41:2e:ee:ba:0d:8f:39:42:0d:2d:76:00:12:4c:f9:49:2d:
7f:ed
Signature Value:
94:67:03:63:2a:3e:e4:56:a5:9f:84:89:68:8c:ed:ef:a4:fe:
1f:dc:03:04:1e:d0:87:90:14:7c:82:3f:36:a8:7c:14:64:ab:
88:d4:9d:81:e8:f6:a7:ec:12:51:ea:25:fd:a4:d1:9c:9b:71:
3d:c8:d0:b3:d2:6d:eb:56:11:66:05:4e:92:27:0a:76:8c:3a:
8b:bd:e2:46:f5:7b:8e:ff:03:f3:89:92:dc:9b:46:79:f4:b8:
95:7d:b6:29:79:f3:55:c8:70:de:f7:9f:59:e1:e2:8d:a7:73:
1f:97:1c:52:64:48:77:cf:6d:a0:27:ad:c0:16:56:55:46:b2:
bf:f1
-----BEGIN CERTIFICATE-----
MIID8jCCA1ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53
b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
MzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5MjhaMIGVMQswCQYDVQQGEwJVUzEQMA4G
NDEyMTgyMTI1MzBaFw0yNzA5MTQyMTI1MzBaMIGVMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29sZlNT
TDEVMBMGA1UECwwMU3VwcG9ydF8xMDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j
b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wgZ8wDQYJKoZIhvcN
@@ -62,27 +62,27 @@ A1UdIwSB0TCBzoAU0yKPKCzgBe7T7cNxPcmyNjodv6ihgZ+kgZwwgZkxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYD
VQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18xMDI0MRgwFgYDVQQD
DA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
b22CFFxEK7/TqCrY/VTJzap/99RZB6rdMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
b22CFFlSa5IaJY8b7kxRnEcv//+dQylHMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUw
E4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMA0GCSqGSIb3DQEBCwUAA4GBADUue1d7ZHBT4IHt9KyzOju6go2iMdnUrNGK
bTVBFbPoBpHKKvf/KA49zeco8AfAeGKeiD3cmPCMiaccW3c3slU4smBC6AKBv3zD
VIZ+5C99dHQn95rijakvfIIxQfHLSKAFACY9pGsnQ0w/by9BLu66DY85Qg0tdgAS
TPlJLX/t
BwMCMA0GCSqGSIb3DQEBCwUAA4GBAJRnA2MqPuRWpZ+EiWiM7e+k/h/cAwQe0IeQ
FHyCPzaofBRkq4jUnYHo9qfsElHqJf2k0ZybcT3I0LPSbetWEWYFTpInCnaMOou9
4kb1e47/A/OJktybRnn0uJV9til581XIcN73n1nh4o2ncx+XHFJkSHfPbaAnrcAW
VlVGsr/x
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:44:2b:bf:d3:a8:2a:d8:fd:54:c9:cd:aa:7f:f7:d4:59:07:aa:dd
59:52:6b:92:1a:25:8f:1b:ee:4c:51:9c:47:2f:ff:ff:9d:43:29:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:29 2024 GMT
Not After : Sep 14 21:25:29 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting_1024, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:cd:ac:dd:47:ec:be:b7:24:c3:63:1b:54:98:79:
e1:c7:31:16:59:d6:9d:77:9d:8d:e2:8b:ed:04:17:
@@ -100,8 +100,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:D3:22:8F:28:2C:E0:05:EE:D3:ED:C3:71:3D:C9:B2:36:3A:1D:BF:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting_1024/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:5C:44:2B:BF:D3:A8:2A:D8:FD:54:C9:CD:AA:7F:F7:D4:59:07:AA:DD
serial:59:52:6B:92:1A:25:8F:1B:EE:4C:51:9C:47:2F:FF:FF:9D:43:29:47
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -109,20 +108,21 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
70:7d:83:94:d0:ee:e1:19:8b:17:ca:79:87:12:5b:7f:70:a3:
51:20:4f:21:99:71:69:21:28:55:61:70:85:54:21:a9:70:a2:
a9:12:db:44:11:44:e7:41:00:70:80:b5:37:0c:7e:78:8f:88:
64:bc:e5:c0:44:a7:a5:3d:db:62:c4:d6:cd:aa:4b:ac:fb:01:
46:bb:ec:cb:6f:01:67:b4:65:f3:5e:53:39:64:99:9b:68:80:
14:91:a4:a4:eb:04:f3:76:9a:7d:b4:38:05:9c:a5:e0:bc:7e:
d9:d2:d3:d4:e8:c3:9f:38:4b:6c:29:94:be:35:bd:30:1f:b5:
b7:3d
Signature Value:
09:c6:da:fe:2a:45:83:9e:8b:66:cf:63:1f:11:cb:d9:b4:eb:
b0:97:3d:33:d4:b9:27:56:46:14:3c:fe:2b:b2:36:6e:38:7f:
08:f5:37:3c:f2:a2:6a:8a:c7:a0:be:0f:ac:dd:f4:f0:97:b3:
03:a6:70:48:44:fc:ef:ef:7a:c6:1a:8d:3f:19:f6:71:92:7e:
3a:00:95:f2:b6:57:40:77:c2:80:4e:61:f2:71:56:22:a0:1e:
a9:dd:5c:54:80:ad:e4:27:f2:17:20:9b:5b:89:30:6e:6a:31:
2a:4e:43:52:f8:8a:51:b7:ed:3a:aa:78:41:90:95:e8:40:2e:
66:fc
-----BEGIN CERTIFICATE-----
MIIECTCCA3KgAwIBAgIUXEQrv9OoKtj9VMnNqn/31FkHqt0wDQYJKoZIhvcNAQEL
MIIECTCCA3KgAwIBAgIUWVJrkholjxvuTFGcRy///51DKUcwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDEYMBYGA1UECwwPQ29uc3VsdGluZ18x
MDI0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGlu
Zm9Ad29sZnNzbC5jb20wHhcNMjMxMjEzMjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCB
Zm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4MjEyNTI5WhcNMjcwOTE0MjEyNTI5WjCB
mTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVt
YW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9Db25zdWx0aW5nXzEwMjQx
GDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3
@@ -134,10 +134,10 @@ Io8oLOAF7tPtw3E9ybI2Oh2/qDCB2QYDVR0jBIHRMIHOgBTTIo8oLOAF7tPtw3E9
ybI2Oh2/qKGBn6SBnDCBmTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmEx
EDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRgwFgYDVQQLDA9D
b25zdWx0aW5nXzEwMjQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUXEQrv9OoKtj9VMnNqn/31FkHqt0w
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUWVJrkholjxvuTFGcRy///51DKUcw
DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEAcH2D
lNDu4RmLF8p5hxJbf3CjUSBPIZlxaSEoVWFwhVQhqXCiqRLbRBFE50EAcIC1Nwx+
eI+IZLzlwESnpT3bYsTWzapLrPsBRrvsy28BZ7Rl815TOWSZm2iAFJGkpOsE83aa
fbQ4BZyl4Lx+2dLT1OjDnzhLbCmUvjW9MB+1tz0=
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADgYEACcba
/ipFg56LZs9jHxHL2bTrsJc9M9S5J1ZGFDz+K7I2bjh/CPU3PPKiaorHoL4PrN30
8JezA6ZwSET87+96xhqNPxn2cZJ+OgCV8rZXQHfCgE5h8nFWIqAeqd1cVICt5Cfy
FyCbW4kwbmoxKk5DUviKUbftOqp4QZCV6EAuZvw=
-----END CERTIFICATE-----

BIN
certs/3072/client-cert.der
View File

Binary file not shown.

82
certs/3072/client-cert.pem
View File

@@ -2,16 +2,16 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:5c:9f:12:25:90:aa:52:c0:df:e1:e1:1f:ed:a9:31:01:0a:09:8b
1e:d5:b7:66:40:3a:e9:9b:dd:58:e4:e4:9a:c0:da:1e:d7:b9:5a:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:29 2024 GMT
Not After : Sep 14 21:25:29 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_3072, OU = Programming-3072, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Public-Key: (3072 bit)
Modulus:
00:ac:39:50:68:8f:78:f8:10:9b:68:96:d3:e1:9c:
56:68:5a:41:62:e3:b3:41:b0:55:80:17:b0:88:16:
@@ -46,8 +46,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:3D:D1:84:C2:AF:B0:20:49:BC:74:87:41:38:AB:BA:D2:D4:0C:A3:A8
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_3072/OU=Programming-3072/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:0B:5C:9F:12:25:90:AA:52:C0:DF:E1:E1:1F:ED:A9:31:01:0A:09:8B
serial:1E:D5:B7:66:40:3A:E9:9B:DD:58:E4:E4:9A:C0:DA:1E:D7:B9:5A:1F
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -55,35 +54,36 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
14:27:57:47:12:a4:78:a2:c9:dc:93:f8:47:ee:f4:fd:66:80:
13:43:9e:de:23:8c:f7:3f:fe:46:9c:85:58:2a:6f:8d:22:92:
8c:d6:36:ca:90:4f:45:c3:ab:78:ca:3c:fe:d0:f5:0f:6d:00:
fe:3b:42:b0:86:0b:75:f2:7c:d3:c7:db:0b:70:e8:ec:b7:bf:
26:30:a8:19:67:bd:74:03:cf:d1:08:8e:9c:d5:1b:45:28:b2:
67:8e:3a:a5:27:c9:1b:6a:e9:93:ce:94:c0:00:0c:e8:f1:76:
02:a4:30:72:a8:fd:55:1c:d1:b8:25:f1:62:f6:ba:28:fd:30:
b1:11:63:f7:b3:78:54:09:04:c1:66:12:c7:01:ae:99:e3:55:
c4:29:bd:1b:1a:da:b9:77:fd:04:db:b1:68:56:35:65:e1:aa:
67:c8:ac:be:e5:f8:27:fb:b4:51:4f:38:e5:de:09:a6:81:a9:
ef:dc:d6:4a:96:47:b8:38:14:f8:25:5d:ac:f3:e5:3b:f2:1b:
70:32:3b:2d:fa:20:ca:2e:a5:ca:13:9d:84:d2:d4:35:16:58:
6e:52:5e:09:61:83:c2:e2:56:2c:ab:52:bf:54:dc:bd:f3:bf:
a7:16:6e:0e:ca:68:54:d1:5c:4d:06:7a:93:47:1c:cc:a9:66:
da:69:0f:f9:1f:25:64:29:40:97:50:3b:cf:0c:50:9b:4d:ff:
60:bc:d3:e4:a0:b7:64:c6:66:2a:f6:02:e2:3f:92:31:3b:d7:
ea:1a:c3:1a:0c:19:88:ab:5f:74:b7:9d:7b:8d:4d:3a:84:43:
f2:67:b1:be:a0:9e:fd:3d:aa:c1:38:1a:df:ac:30:fe:63:69:
af:d6:f2:21:63:11:63:29:ac:63:9e:9f:9f:c4:53:b3:db:78:
c0:2d:79:68:1f:d2:d1:36:d1:fb:e3:c0:a7:31:eb:15:63:99:
0b:93:9d:87:c7:fe:56:5d:fc:e7:29:2a:9e:15:be:ef:54:e7:
0f:6d:9b:36:b6:17
Signature Value:
5e:b0:ed:38:36:b8:f7:e4:0c:b0:c3:6a:bb:7a:b9:61:05:9d:
b9:82:12:2d:9c:9e:91:7b:ec:d0:9b:81:ca:51:e8:d4:55:2d:
1a:ff:88:5a:c3:e1:d8:82:17:c5:4a:7a:d4:17:c8:a2:1c:97:
61:a7:cf:de:12:f9:5a:d8:b0:63:63:84:d4:7b:b9:81:37:a0:
49:f3:68:30:0c:84:f8:6c:18:54:34:6f:8d:a3:22:d3:d2:3b:
42:bc:3b:28:0f:95:35:f4:9f:dc:18:9d:4f:c5:5f:0d:d2:bd:
88:b8:a7:88:82:d3:74:5b:a6:ad:b0:2b:70:33:c9:08:7e:5f:
9b:99:3c:61:f0:1b:3c:1c:4a:2a:05:84:f1:47:17:a2:ea:06:
3a:dc:f6:b3:83:30:9c:12:b1:4c:e9:be:40:86:3e:72:58:4e:
44:b8:99:59:c3:58:0f:d7:cf:02:60:77:ad:6f:9c:41:58:ef:
78:63:c0:f7:7d:a7:ed:67:c2:49:ae:06:fc:46:f7:70:53:88:
eb:53:2f:25:8d:7a:ac:ab:c4:b5:b0:27:90:57:d0:31:79:2f:
ad:da:20:c1:6a:00:cc:d9:b4:36:5a:90:99:3d:e3:e2:f4:b6:
e7:85:16:77:3d:69:bb:42:6c:a5:83:45:9f:53:c4:43:78:17:
43:bd:27:c0:6e:4b:40:0f:64:0b:ac:38:1e:09:6d:62:5a:54:
8a:2c:96:99:23:db:f5:4b:4a:aa:69:be:6e:8a:9a:3e:d5:e6:
a3:a9:a9:e9:e8:a9:28:28:3b:f9:9d:d9:5f:e3:cb:2b:2b:38:
ba:f1:bc:45:d8:4a:5a:b1:b3:8a:48:64:78:33:21:55:cd:04:
14:e7:7b:73:c2:b6:f2:de:81:01:d8:8d:c6:cf:f2:85:0f:32:
72:0f:6c:60:be:f5:31:75:39:4b:e3:ae:ed:0c:1e:15:83:ac:
f9:4c:86:cf:df:54:b0:7c:6f:f5:de:26:66:c0:ba:85:38:d0:
25:fe:b9:bf:12:98
-----BEGIN CERTIFICATE-----
MIIGHTCCBIWgAwIBAgIUC1yfEiWQqlLA3+HhH+2pMQEKCYswDQYJKoZIhvcNAQEL
MIIGHTCCBIWgAwIBAgIUHtW3ZkA66ZvdWOTkmsDaHte5Wh8wDQYJKoZIhvcNAQEL
BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzMwNzIxGTAXBgNVBAsMEFByb2dyYW1t
aW5nLTMwNzIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF8zMDcyMRkwFwYDVQQLDBBQcm9ncmFt
bWluZy0zMDcyMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK
@@ -100,15 +100,15 @@ qDCB3gYDVR0jBIHWMIHTgBQ90YTCr7AgSbx0h0E4q7rS1AyjqKGBpKSBoTCBnjEL
MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x
FTATBgNVBAoMDHdvbGZTU0xfMzA3MjEZMBcGA1UECwwQUHJvZ3JhbW1pbmctMzA3
MjEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv
QHdvbGZzc2wuY29tghQLXJ8SJZCqUsDf4eEf7akxAQoJizAMBgNVHRMEBTADAQH/
QHdvbGZzc2wuY29tghQe1bdmQDrpm91Y5OSawNoe17laHzAMBgNVHRMEBTADAQH/
MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQWMBQGCCsGAQUF
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAFCdXRxKkeKLJ3JP4R+70
/WaAE0Oe3iOM9z/+RpyFWCpvjSKSjNY2ypBPRcOreMo8/tD1D20A/jtCsIYLdfJ8
08fbC3Do7Le/JjCoGWe9dAPP0QiOnNUbRSiyZ446pSfJG2rpk86UwAAM6PF2AqQw
cqj9VRzRuCXxYva6KP0wsRFj97N4VAkEwWYSxwGumeNVxCm9GxrauXf9BNuxaFY1
ZeGqZ8isvuX4J/u0UU845d4JpoGp79zWSpZHuDgU+CVdrPPlO/IbcDI7Lfogyi6l
yhOdhNLUNRZYblJeCWGDwuJWLKtSv1TcvfO/pxZuDspoVNFcTQZ6k0cczKlm2mkP
+R8lZClAl1A7zwxQm03/YLzT5KC3ZMZmKvYC4j+SMTvX6hrDGgwZiKtfdLede41N
OoRD8mexvqCe/T2qwTga36ww/mNpr9byIWMRYymsY56fn8RTs9t4wC15aB/S0TbR
++PApzHrFWOZC5Odh8f+Vl385ykqnhW+71TnD22bNrYX
BwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAYEAXrDtODa49+QMsMNqu3q5
YQWduYISLZyekXvs0JuBylHo1FUtGv+IWsPh2IIXxUp61BfIohyXYafP3hL5Wtiw
Y2OE1Hu5gTegSfNoMAyE+GwYVDRvjaMi09I7Qrw7KA+VNfSf3BidT8VfDdK9iLin
iILTdFumrbArcDPJCH5fm5k8YfAbPBxKKgWE8UcXouoGOtz2s4MwnBKxTOm+QIY+
clhORLiZWcNYD9fPAmB3rW+cQVjveGPA932n7WfCSa4G/Eb3cFOI61MvJY16rKvE
tbAnkFfQMXkvrdogwWoAzNm0NlqQmT3j4vS254UWdz1pu0JspYNFn1PEQ3gXQ70n
wG5LQA9kC6w4HgltYlpUiiyWmSPb9UtKqmm+boqaPtXmo6mp6eipKCg7+Z3ZX+PL
Kys4uvG8RdhKWrGzikhkeDMhVc0EFOd7c8K28t6BAdiNxs/yhQ8ycg9sYL71MXU5
S+Ou7QweFYOs+UyGz99UsHxv9d4mZsC6hTjQJf65vxKY
-----END CERTIFICATE-----

BIN
certs/3072/client-key.der
View File

Binary file not shown.

BIN
certs/4096/client-cert.der
View File

Binary file not shown.

104
certs/4096/client-cert.pem
View File

@@ -2,16 +2,16 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:36:54:05:64:52:dd:0e:75:75:33:7c:b2:ce:9f:5c:48:9b:ab:0e
12:66:c3:a2:08:5c:f7:d0:6e:e9:a8:82:a2:ab:9c:0f:76:9e:96:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Validity
Not Before: Dec 13 22:19:28 2023 GMT
Not After : Sep 8 22:19:28 2026 GMT
Not Before: Dec 18 21:25:29 2024 GMT
Not After : Sep 14 21:25:29 2027 GMT
Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_4096, OU = Programming-4096, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Public-Key: (4096 bit)
Modulus:
00:f5:d0:31:e4:71:59:58:b3:07:50:dd:16:79:fc:
c6:95:50:fc:46:0e:57:12:86:71:8d:e3:9b:4a:33:
@@ -55,8 +55,7 @@ Certificate:
X509v3 Authority Key Identifier:
keyid:FA:54:89:67:E5:5F:B7:31:40:EA:FD:E7:F6:A3:C6:5A:56:16:A5:6E
DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_4096/OU=Programming-4096/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
serial:2F:36:54:05:64:52:DD:0E:75:75:33:7C:B2:CE:9F:5C:48:9B:AB:0E
serial:12:66:C3:A2:08:5C:F7:D0:6E:E9:A8:82:A2:AB:9C:0F:76:9E:96:F4
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Alternative Name:
@@ -64,42 +63,43 @@ Certificate:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha256WithRSAEncryption
c2:72:38:27:f0:5c:45:04:4b:09:0e:5d:98:6e:38:6a:bc:fb:
a8:85:4f:f2:04:38:63:4f:86:4f:3c:f5:fd:f8:cd:89:09:76:
72:47:97:df:f8:17:6a:81:3a:b2:b4:fc:ac:e9:fc:e2:47:9b:
07:6d:9c:53:ed:d8:64:bc:6c:4d:a9:bd:3e:5e:cd:61:bc:8e:
82:20:b2:50:bc:9e:72:e6:9f:40:ff:6c:4b:38:f8:4b:82:0f:
7e:49:cd:45:5c:cd:44:de:47:25:b3:57:d0:1a:0d:8d:4d:c7:
ea:23:fa:03:e8:86:d8:37:89:84:2e:e8:53:7a:77:be:94:ec:
70:e7:c4:7b:8f:6f:28:67:33:89:ec:c9:df:98:6d:4a:d9:c6:
7b:d3:b5:82:d0:8a:ce:8f:06:bf:a2:f7:de:4a:45:22:6f:ff:
41:6f:08:f5:c3:65:25:27:fb:43:3e:cc:25:0a:d3:3d:d2:34:
9f:89:6b:e2:97:9c:42:d9:3e:64:03:45:5f:07:95:ed:1a:70:
6a:be:3e:7f:7f:16:be:47:a6:6d:3b:0d:27:b3:89:b1:f1:f6:
ce:99:71:18:b6:c0:c5:9e:76:7a:8e:fb:4a:be:4f:cd:bc:21:
a9:4e:9c:fc:48:86:ff:e4:63:14:96:3a:eb:c8:48:ae:27:bd:
43:0c:27:85:e1:25:1a:69:48:6c:e7:11:f8:f3:68:9d:ee:15:
1a:be:ad:46:33:24:3d:be:b8:0e:6e:4d:ef:12:b6:ae:1b:88:
bd:0e:a6:ff:91:08:dc:ed:af:fa:13:2b:f2:b4:2c:ea:72:c2:
85:d6:ee:64:09:e1:4e:1a:5a:bd:c2:44:c2:95:82:59:0a:d8:
27:bc:48:4a:8a:a3:c3:77:ac:92:b6:8b:0b:13:e2:87:ec:21:
7e:7e:52:29:51:5c:59:e1:c8:db:05:ce:9e:f4:36:d8:63:42:
45:71:9a:ee:0e:24:b0:ba:a5:a5:aa:c9:ee:9e:a3:e3:e9:7f:
c6:64:6c:9e:65:78:88:f2:61:6f:d3:3b:9e:0d:16:fa:ad:c2:
58:ac:bc:14:b1:f7:6f:db:b9:7e:79:81:f1:f8:e9:41:5b:fe:
d9:e2:89:86:5c:01:03:5d:0c:d9:a9:d6:df:4b:26:5c:ae:e6:
df:b5:c9:f0:86:ca:7b:80:db:6a:86:fd:a9:00:46:32:39:5a:
72:c4:67:20:db:d8:7a:5d:2d:78:b9:a7:de:7f:f4:7a:5b:0f:
38:b0:9e:1a:ae:c5:cc:ff:61:5e:ec:f1:0d:f7:0a:22:bb:cb:
08:2b:91:58:77:1f:90:2b:a3:78:be:ef:4d:d8:8d:e8:f7:31:
f8:92:84:e5:b2:2a:e8:3a
Signature Value:
b0:00:28:7b:c8:3f:ae:93:f5:16:87:30:d6:07:2b:71:16:34:
1e:5c:48:0f:4a:e7:50:07:9d:f4:75:5b:90:53:72:87:2a:bb:
ef:04:bc:52:d2:bf:ff:27:58:2f:5c:af:be:f3:f6:00:a2:37:
8b:ec:2c:d7:b7:e7:bb:3b:ca:6f:9d:42:b7:00:b8:c2:a2:8e:
8e:e4:57:fd:83:4b:b8:47:aa:a1:28:ac:bd:c1:59:04:90:17:
40:40:35:04:c6:40:a9:21:d3:79:45:0e:22:c8:6f:ec:ae:58:
a5:c2:d8:1b:11:49:94:58:c2:11:7d:f8:0a:bb:47:fd:ac:cf:
f7:23:05:3f:ab:1d:0e:30:c5:98:29:13:1a:90:6f:f9:3f:f2:
d6:df:03:cc:f1:48:e7:71:e6:c4:ce:f3:f9:bf:07:c9:cf:dd:
63:0e:fe:bc:93:1c:9a:52:7d:63:f9:6d:a5:50:f3:ef:54:d7:
da:42:74:85:b1:b4:7c:d5:03:cc:b8:c3:ba:1f:b8:4f:5a:f9:
05:ba:4b:0d:57:8d:05:cf:4f:b7:c4:64:2e:2c:10:f3:fa:79:
0c:8c:1f:cc:84:33:88:fb:77:b5:6e:45:35:15:cc:28:80:2b:
2d:6b:3f:d0:a3:10:d1:53:c0:bb:70:43:79:2f:ff:3f:63:26:
c5:60:9b:87:e9:a2:5b:40:13:41:25:d2:9c:3e:42:79:00:e1:
12:0e:aa:06:e0:65:59:a1:fa:db:c4:c2:97:a8:87:35:96:1c:
8e:ff:eb:91:e0:8b:e3:3e:c8:b2:8c:d3:84:5e:76:80:d7:29:
0a:59:cc:71:d5:e5:65:3c:30:38:6e:f5:3f:7e:28:0f:3d:15:
10:86:30:39:56:23:13:30:b4:70:f7:7b:c3:0d:51:ad:18:b1:
87:b3:3f:1c:69:f5:d4:1e:72:66:5e:44:b9:53:ba:9e:f0:b8:
4a:b1:34:50:98:d8:f2:b9:b2:c5:ed:73:c9:ee:dd:33:8c:cf:
72:35:e0:3d:0f:45:2a:89:f9:a3:76:40:07:0f:f6:48:6c:f1:
8c:30:3a:c2:51:06:c2:51:5e:75:98:06:e0:1e:29:f7:12:9a:
56:a4:38:83:b1:8b:86:b6:ab:87:aa:3c:39:9d:4d:0c:e8:78:
9f:52:47:66:69:c8:66:0c:fe:d9:74:1d:78:0b:51:e4:d9:c8:
35:97:95:c7:31:97:13:49:ed:aa:9e:9c:fd:66:04:79:d2:24:
4d:64:8d:3f:cd:94:b0:05:0a:30:3b:1c:96:e7:79:00:03:47:
55:34:51:1f:46:3a:24:47:e6:dd:78:89:18:29:32:c5:ad:fb:
9c:f7:26:ac:56:3e:f7:73
-----BEGIN CERTIFICATE-----
MIIHHTCCBQWgAwIBAgIULzZUBWRS3Q51dTN8ss6fXEibqw4wDQYJKoZIhvcNAQEL
MIIHHTCCBQWgAwIBAgIUEmbDoghc99Bu6aiCoqucD3aelvQwDQYJKoZIhvcNAQEL
BQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC
b3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzQwOTYxGTAXBgNVBAsMEFByb2dyYW1t
aW5nLTQwOTYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJ
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yMzEyMTMyMjE5MjhaFw0yNjA5MDgyMjE5
MjhaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
ARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0yNDEyMTgyMTI1MjlaFw0yNzA5MTQyMTI1
MjlaMIGeMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwH
Qm96ZW1hbjEVMBMGA1UECgwMd29sZlNTTF80MDk2MRkwFwYDVQQLDBBQcm9ncmFt
bWluZy00MDk2MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0B
CQEWEGluZm9Ad29sZnNzbC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
@@ -118,19 +118,19 @@ AUswHQYDVR0OBBYEFPpUiWflX7cxQOr95/ajxlpWFqVuMIHeBgNVHSMEgdYwgdOA
FPpUiWflX7cxQOr95/ajxlpWFqVuoYGkpIGhMIGeMQswCQYDVQQGEwJVUzEQMA4G
A1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEVMBMGA1UECgwMd29sZlNT
TF80MDk2MRkwFwYDVQQLDBBQcm9ncmFtbWluZy00MDk2MRgwFgYDVQQDDA93d3cu
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFC82
VAVkUt0OdXUzfLLOn1xIm6sOMAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFBJm
w6IIXPfQbumogqKrnA92npb0MAwGA1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhh
bXBsZS5jb22HBH8AAAEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
CSqGSIb3DQEBCwUAA4ICAQDCcjgn8FxFBEsJDl2YbjhqvPuohU/yBDhjT4ZPPPX9
+M2JCXZyR5ff+BdqgTqytPys6fziR5sHbZxT7dhkvGxNqb0+Xs1hvI6CILJQvJ5y
5p9A/2xLOPhLgg9+Sc1FXM1E3kcls1fQGg2NTcfqI/oD6IbYN4mELuhTene+lOxw
58R7j28oZzOJ7MnfmG1K2cZ707WC0IrOjwa/ovfeSkUib/9Bbwj1w2UlJ/tDPswl
CtM90jSfiWvil5xC2T5kA0VfB5XtGnBqvj5/fxa+R6ZtOw0ns4mx8fbOmXEYtsDF
nnZ6jvtKvk/NvCGpTpz8SIb/5GMUljrryEiuJ71DDCeF4SUaaUhs5xH482id7hUa
vq1GMyQ9vrgObk3vErauG4i9Dqb/kQjc7a/6EyvytCzqcsKF1u5kCeFOGlq9wkTC
lYJZCtgnvEhKiqPDd6yStosLE+KH7CF+flIpUVxZ4cjbBc6e9DbYY0JFcZruDiSw
uqWlqsnunqPj6X/GZGyeZXiI8mFv0zueDRb6rcJYrLwUsfdv27l+eYHx+OlBW/7Z
4omGXAEDXQzZqdbfSyZcrubftcnwhsp7gNtqhv2pAEYyOVpyxGcg29h6XS14uafe
f/R6Ww84sJ4arsXM/2Fe7PEN9woiu8sIK5FYdx+QK6N4vu9N2I3o9zH4koTlsiro
Og==
CSqGSIb3DQEBCwUAA4ICAQCwACh7yD+uk/UWhzDWBytxFjQeXEgPSudQB530dVuQ
U3KHKrvvBLxS0r//J1gvXK++8/YAojeL7CzXt+e7O8pvnUK3ALjCoo6O5Ff9g0u4
R6qhKKy9wVkEkBdAQDUExkCpIdN5RQ4iyG/srlilwtgbEUmUWMIRffgKu0f9rM/3
IwU/qx0OMMWYKRMakG/5P/LW3wPM8UjncebEzvP5vwfJz91jDv68kxyaUn1j+W2l
UPPvVNfaQnSFsbR81QPMuMO6H7hPWvkFuksNV40Fz0+3xGQuLBDz+nkMjB/MhDOI
+3e1bkU1FcwogCstaz/QoxDRU8C7cEN5L/8/YybFYJuH6aJbQBNBJdKcPkJ5AOES
DqoG4GVZofrbxMKXqIc1lhyO/+uR4IvjPsiyjNOEXnaA1ykKWcxx1eVlPDA4bvU/
figPPRUQhjA5ViMTMLRw93vDDVGtGLGHsz8cafXUHnJmXkS5U7qe8LhKsTRQmNjy
ubLF7XPJ7t0zjM9yNeA9D0UqifmjdkAHD/ZIbPGMMDrCUQbCUV51mAbgHin3EppW
pDiDsYuGtquHqjw5nU0M6HifUkdmachmDP7ZdB14C1Hk2cg1l5XHMZcTSe2qnpz9
ZgR50iRNZI0/zZSwBQowOxyW53kAA0dVNFEfRjokR+bdeIkYKTLFrfuc9yasVj73
cw==
-----END CERTIFICATE-----

BIN
certs/4096/client-key.der
View File

Binary file not shown.

BIN
certs/ca-cert-chain.der
View File

Binary file not shown.

BIN
certs/ca-cert.der
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More