Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:v5.8.0-stable
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
..
compare: Cyclic0007:remove-arc4
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

1 Commits
v5.8.0-sta ... remove-arc

Author SHA1 Message Date
Devin AI
96d039c8dc Remove ARC4 implementation while preserving RC4 API 
Co-Authored-By: Anthony H <anthony@wolfssl.com>
 2025-03-18 18:49:52 +00:00
513 changed files with 39312 additions and 59009 deletions
Expand all files Collapse all files

33
.github/workflows/ada.yml vendored
View File

@@ -1,33 +0,0 @@
name: WolfSSL Ada Build Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install gnat
run: |
sudo apt-get update
sudo apt-get install -y gnat gprbuild
- name: Checkout wolfssl
uses: actions/checkout@master
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Build wolfssl Ada
working-directory: ./wolfssl/wrapper/Ada
run: |
mkdir obj
gprbuild default.gpr
gprbuild examples.gpr

5
.github/workflows/cmake.yml vendored
View File

@@ -39,7 +39,7 @@ jobs:
-DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \
-DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \
-DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \
-DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=no \
-DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \
-DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \
-DWOLFSSL_CERTEXT:BOOL=yes -DWOLFSSL_CERTGEN:BOOL=yes -DWOLFSSL_CERTGENCACHE:BOOL=no \
@@ -75,9 +75,8 @@ jobs:
-DWOLFSSL_SNI:BOOL=yes -DWOLFSSL_SP_MATH_ALL:BOOL=yes -DWOLFSSL_SRTP:BOOL=yes \
-DWOLFSSL_STUNNEL:BOOL=yes -DWOLFSSL_SUPPORTED_CURVES:BOOL=yes -DWOLFSSL_SYS_CA_CERTS:BOOL=yes \
-DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \
-DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
-DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \
-DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \
-DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \
-DWOLFSSL_X963KDF:BOOL=yes \
-DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \
..

7
.github/workflows/grpc.yml vendored
View File

@@ -71,11 +71,6 @@ jobs:
with:
name: wolf-install-grpc
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -99,7 +94,7 @@ jobs:
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.1 -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}

2
.github/workflows/hostap-vm.yml vendored
View File

@@ -217,7 +217,6 @@ jobs:
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome
sudo pip install pycryptodome
- name: Checking if we have hostap in cache
uses: actions/cache/restore@v4
@@ -313,7 +312,6 @@ jobs:
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
git config --global --add safe.directory $GITHUB_WORKSPACE/hostap
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')

2
.github/workflows/intelasm-c-fallback.yml vendored
View File

@@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -DWC_AES_C_DYNAMIC_FALLBACK -DWC_C_DYNAMIC_FALLBACK -DDEBUG_VECTOR_REGISTER_ACCESS -DDEBUG_VECTOR_REGISTER_ACCESS_FUZZING -DWC_DEBUG_CIPHER_LIFECYCLE"'
]
name: make check
if: github.repository_owner == 'wolfssl'

7
.github/workflows/jwt-cpp.yml vendored
View File

@@ -66,11 +66,6 @@ jobs:
with:
name: wolf-install-jwt-cpp
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -92,7 +87,7 @@ jobs:
run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.config.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl

7
.github/workflows/libvncserver.yml vendored
View File

@@ -55,11 +55,6 @@ jobs:
with:
name: wolf-install-libvncserver
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: untar build-dir
run: tar -xf build-dir.tgz
@@ -81,7 +76,7 @@ jobs:
run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl

17
.github/workflows/multi-compiler.yml vendored
View File

@@ -21,28 +21,31 @@ jobs:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-24.04
OS: ubuntu-22.04
- CC: gcc-10
CXX: g++-10
OS: ubuntu-24.04
OS: ubuntu-22.04
- CC: gcc-11
CXX: g++-11
OS: ubuntu-24.04
OS: ubuntu-22.04
- CC: gcc-12
CXX: g++-12
OS: ubuntu-24.04
OS: ubuntu-22.04
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
- CC: clang-11
CXX: clang++-11
OS: ubuntu-22.04
OS: ubuntu-20.04
- CC: clang-12
CXX: clang++-12
OS: ubuntu-22.04
OS: ubuntu-20.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-22.04
- CC: clang-14
CXX: clang++-14
OS: ubuntu-24.04
OS: ubuntu-22.04
if: github.repository_owner == 'wolfssl'
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.

3
.github/workflows/pq-all.yml vendored
View File

@@ -18,8 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST"'
]
name: make check
if: github.repository_owner == 'wolfssl'

5
.github/workflows/zephyr.yml vendored
View File

@@ -49,11 +49,6 @@ jobs:
python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
with:
cmake-version: '3.25.x'
- name: Install west
run: sudo pip install west

45
.wolfssl_known_macro_extras
View File

@@ -9,17 +9,9 @@ APP_ESP_HTTP_CLIENT_EXAMPLE
APSTUDIO_INVOKED
ARCH_sim
ARDUINO
ARDUINO_ARCH_ESP32
ARDUINO_ARCH_ESP8266
ARDUINO_ARCH_MBED
ARDUINO_ARCH_NRF52
ARDUINO_ARCH_RP2040
ARDUINO_ARCH_SAMD
ARDUINO_ARCH_STM32
ARDUINO_SAMD_NANO_33_IOT
ARDUINO_SAM_DUE
ARDUINO_SEEED_XIAO
ARDUINO_TEENSY41
ASN_DUMP_OID
ASN_TEMPLATE_SKIP_ISCA_CHECK
ATCAPRINTF
@@ -89,12 +81,10 @@ CONFIG_IDF_TARGET_ESP32C2
CONFIG_IDF_TARGET_ESP32C3
CONFIG_IDF_TARGET_ESP32C6
CONFIG_IDF_TARGET_ESP32H2
CONFIG_IDF_TARGET_ESP32P4
CONFIG_IDF_TARGET_ESP32S2
CONFIG_IDF_TARGET_ESP32S3
CONFIG_IDF_TARGET_ESP8266
CONFIG_IDF_TARGET_ESP8684
CONFIG_KASAN
CONFIG_MAIN_TASK_STACK_SIZE
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
CONFIG_MBEDTLS_PSA_CRYPTO_C
@@ -165,7 +155,6 @@ CRYP_KEYSIZE_192B
CSM_UNSUPPORTED_ALGS
CTYPE_USER
CURVED448_SMALL
CUSTOM_ENTROPY_TIMEHIRES
CY_USING_HAL
DCP_USE_DCACHE
DILITHIUM_MUL_11_SLOW
@@ -186,7 +175,6 @@ ESP_IDF_VERSION_MAJOR
ESP_IDF_VERSION_MINOR
ESP_PLATFORM
ESP_TASK_MAIN_STACK
ETHERNET_AVAILABLE
EV_TRIGGER
FP_ECC_CONTROL
FREERTOS_TCP_WINSIM
@@ -256,7 +244,6 @@ HSM_KEY_TYPE_HMAC_512
HSM_OP_KEY_GENERATION_FLAGS_CREATE
HSM_OP_KEY_GENERATION_FLAGS_UPDATE
HSM_SVC_KEY_STORE_FLAGS_UPDATE
HWCAP_ASIMDRDM
IDIRECT_DEV_RANDOM
IDIRECT_DEV_TIME
ID_TRNG
@@ -268,6 +255,7 @@ INTIMEVER
IOTSAFE_NO_GETDATA
IOTSAFE_SIG_8BIT_LENGTH
KCAPI_USE_XMALLOC
KYBER_NONDETERMINISTIC
K_SERIES
LIBWOLFSSL_VERSION_GIT_BRANCH
LIBWOLFSSL_VERSION_GIT_HASH
@@ -296,7 +284,6 @@ MICRIUM_MALLOC
MICROCHIP_MPLAB_HARMONY
MICROCHIP_MPLAB_HARMONY_3
MICRO_SESSION_CACHEx
MLKEM_NONDETERMINISTIC
MODULE_SOCK_TCP
MP_31BIT
MP_8BIT
@@ -327,7 +314,6 @@ NO_ECC384
NO_ECC521
NO_ECC_CACHE_CURVE
NO_ECC_CHECK_KEY
NO_ECC_CHECK_PUBKEY_ORDER
NO_ECC_KEY_IMPORT
NO_ECC_MAKE_PUB
NO_ED25519_CLIENT_AUTH
@@ -484,7 +470,6 @@ STM32U575xx
STM32U585xx
STM32U5A9xx
STM32WB55xx
STM32WBA52xx
STM32WL55xx
STM32_AESGCM_PARTIAL
STM32_HW_CLOCK_AUTO
@@ -494,12 +479,9 @@ TCP_NODELAY
TFM_ALREADY_SET
TFM_SMALL_MONT_SET
THREADED_SNIFFTEST
TIF_NEED_FPU_LOAD
TIME_T_NOT_LONG
TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_RSAES_1024
TSIP_RSAES_2048
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX
@@ -526,7 +508,7 @@ WC_AES_GCM_DEC_AUTH_EARLY
WC_ASN_HASH_SHA256
WC_ASYNC_ENABLE_3DES
WC_ASYNC_ENABLE_AES
WC_ASYNC_ENABLE_ARC4
/* ARC4 implementation has been removed */
WC_ASYNC_ENABLE_DH
WC_ASYNC_ENABLE_ECC
WC_ASYNC_ENABLE_ECC_KEYGEN
@@ -542,7 +524,6 @@ WC_ASYNC_ENABLE_SHA384
WC_ASYNC_ENABLE_SHA512
WC_ASYNC_NO_CRYPT
WC_ASYNC_NO_HASH
WC_CACHE_RESISTANT_BASE64_TABLE
WC_DILITHIUM_CACHE_PRIV_VECTORS
WC_DILITHIUM_CACHE_PUB_VECTORS
WC_DILITHIUM_FIXED_ARRAY
@@ -564,9 +545,7 @@ WC_SHA384_DIGEST_SIZE
WC_SHA512
WC_SSIZE_TYPE
WC_STRICT_SIG
WC_WANT_FLAG_DONT_USE_AESNI
WC_XMSS_FULL_HASH
WIFI_AVAILABLE
WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
WOLFSENTRY_H
WOLFSENTRY_NO_JSON
@@ -574,7 +553,6 @@ WOLFSSL_32BIT_MILLI_TIME
WOLFSSL_AARCH64_PRIVILEGE_MODE
WOLFSSL_AESNI_BY4
WOLFSSL_AESNI_BY6
WOLFSSL_AES_CTR_EXAMPLE
WOLFSSL_AFTER_DATE_CLOCK_SKEW
WOLFSSL_ALGO_HW_MUTEX
WOLFSSL_ALLOW_CRIT_AIA
@@ -592,6 +570,7 @@ WOLFSSL_ARM_ARCH_NEON_64BIT
WOLFSSL_ASCON_UNROLL
WOLFSSL_ASNC_CRYPT
WOLFSSL_ASN_EXTRA
WOLFSSL_ASN_INT_LEAD_0_ANY
WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32
WOLFSSL_ASN_TEMPLATE_TYPE_CHECK
WOLFSSL_ATECC508
@@ -620,7 +599,6 @@ WOLFSSL_CHECK_DESKEY
WOLFSSL_CHECK_MEM_ZERO
WOLFSSL_CHIBIOS
WOLFSSL_CLANG_TIDY
WOLFSSL_CLIENT_EXAMPLE
WOLFSSL_COMMERCIAL_LICENSE
WOLFSSL_CONTIKI
WOLFSSL_CRL_ALLOW_MISSING_CDP
@@ -685,9 +663,10 @@ WOLFSSL_IMXRT_DCP
WOLFSSL_ISOTP
WOLFSSL_KEIL
WOLFSSL_KEIL_NET
WOLFSSL_KYBER_NO_DECAPSULATE
WOLFSSL_KYBER_NO_ENCAPSULATE
WOLFSSL_KYBER_NO_MAKE_KEY
WOLFSSL_KYBER_INVNTT_UNROLL
WOLFSSL_KYBER_NO_LARGE_CODE
WOLFSSL_KYBER_NO_MALLOC
WOLFSSL_KYBER_NTT_UNROLL
WOLFSSL_LIB
WOLFSSL_LMS_CACHE_BITS
WOLFSSL_LMS_FULL_HASH
@@ -702,11 +681,7 @@ WOLFSSL_MAKE_SYSTEM_NAME_WSL
WOLFSSL_MDK5
WOLFSSL_MEM_FAIL_COUNT
WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM
WOLFSSL_MLKEM_INVNTT_UNROLL
WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM
WOLFSSL_MLKEM_NO_LARGE_CODE
WOLFSSL_MLKEM_NO_MALLOC
WOLFSSL_MLKEM_NTT_UNROLL
WOLFSSL_MONT_RED_CT
WOLFSSL_MP_COND_COPY
WOLFSSL_MP_INVMOD_CONSTANT_TIME
@@ -782,7 +757,6 @@ WOLFSSL_RENESAS_RSIP
WOLFSSL_RENESAS_RZN2L
WOLFSSL_RENESAS_TLS
WOLFSSL_RENESAS_TSIP_IAREWRX
WOLFSSL_REQUIRE_TCA
WOLFSSL_RSA_CHECK_D_ON_DECRYPT
WOLFSSL_RSA_DECRYPT_TO_0_LEN
WOLFSSL_RW_THREADED
@@ -795,7 +769,6 @@ WOLFSSL_SE050_INIT
WOLFSSL_SE050_NO_RSA
WOLFSSL_SE050_NO_TRNG
WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT
WOLFSSL_SERVER_EXAMPLE
WOLFSSL_SETTINGS_FILE
WOLFSSL_SH224
WOLFSSL_SHA256_ALT_CH_MAJ
@@ -804,6 +777,7 @@ WOLFSSL_SILABS_TRNG
WOLFSSL_SM4_EBC
WOLFSSL_SNIFFER_NO_RECOVERY
WOLFSSL_SP_ARM32_UDIV
WOLFSSL_SP_DH
WOLFSSL_SP_FAST_NCT_EXPTMOD
WOLFSSL_SP_INT_SQR_VOLATILE
WOLFSSL_STACK_CHECK
@@ -812,7 +786,6 @@ WOLFSSL_STM32_RNG_NOLIB
WOLFSSL_STRONGEST_HASH_SIG
WOLFSSL_STSAFE_TAKES_SLOT
WOLFSSL_TELIT_M2MB
WOLFSSL_TEMPLATE_EXAMPLE
WOLFSSL_THREADED_CRYPT
WOLFSSL_TICKET_DECRYPT_NO_CREATE
WOLFSSL_TICKET_ENC_AES128_GCM
@@ -858,7 +831,6 @@ WOLF_CRYPTO_CB_ONLY_ECC
WOLF_CRYPTO_CB_ONLY_RSA
WOLF_CRYPTO_DEV
WOLF_NO_TRAILING_ENUM_COMMAS
WindowsCE
XGETPASSWD
XMSS_CALL_PRF_KEYGEN
XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ
@@ -908,7 +880,6 @@ __BIG_ENDIAN__
__BORLANDC__
__CCRX__
__COMPILER_VER__
__COUNTER__
__CYGWIN__
__DATE__
__DCACHE_PRESENT

153
CMakeLists.txt
View File

@@ -34,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.")
endif()
project(wolfssl VERSION 5.8.0 LANGUAGES C ASM)
project(wolfssl VERSION 5.7.6 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "")
@@ -53,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 43)
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 1)
set(WOLFSSL_LIBRARY_VERSION_SECOND 0)
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@@ -125,9 +125,6 @@ check_function_exists("socket" HAVE_SOCKET)
check_function_exists("strftime" HAVE_STRFTIME)
check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
include(CheckSymbolExists)
check_symbol_exists(isascii "ctype.h" HAVE_ISASCII)
include(CheckTypeSize)
check_type_size("__uint128_t" __UINT128_T)
@@ -572,18 +569,9 @@ add_option(WOLFSSL_OQS
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
"no" "yes;no")
# ML-KEM/Kyber
add_option(WOLFSSL_MLKEM
"Enable the wolfSSL PQ ML-KEM library (default: disabled)"
"no" "yes;no")
# LMS
add_option(WOLFSSL_LMS
"Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)"
"no" "yes;no")
add_option(WOLFSSL_LMSSHA256192
"Enable the LMS SHA_256_192 truncated variant (default: disabled)"
# Kyber
add_option(WOLFSSL_KYBER
"Enable the wolfSSL PQ Kyber library (default: disabled)"
"no" "yes;no")
# Experimental features
@@ -599,7 +587,7 @@ if (WOLFSSL_EXPERIMENTAL)
# check if any experimental features are also enabled:
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESULT)
set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
# Checking for experimental feature: OQS
message(STATUS "Looking for WOLFSSL_OQS")
@@ -614,9 +602,9 @@ if (WOLFSSL_EXPERIMENTAL)
list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
set_wolfssl_definitions("HAVE_LIBOQS" RESULT)
set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESULT)
set_wolfssl_definitions("OPENSSL_EXTRA" RESULT)
set_wolfssl_definitions("HAVE_LIBOQS" RESUlT)
set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESUlT)
set_wolfssl_definitions("OPENSSL_EXTRA" RESUlT)
else()
message(STATUS "Checking OQS - not found")
@@ -626,52 +614,20 @@ if (WOLFSSL_EXPERIMENTAL)
message(STATUS "Looking for WOLFSSL_OQS - not found")
endif()
# Checking for experimental feature: WOLFSSL_MLKEM
message(STATUS "Looking for WOLFSSL_MLKEM")
if (WOLFSSL_MLKEM)
# Checking for experimental feature: Kyber
message(STATUS "Looking for WOLFSSL_KYBER")
if (WOLFSSL_KYBER)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Automatically set related requirements for ML-KEM:")
add_definitions("-DWOLFSSL_HAVE_MLKEM")
add_definitions("-DWOLFSSL_WC_MLKEM")
add_definitions("-DWOLFSSL_SHA3")
add_definitions("-DWOLFSSL_SHAKE128")
add_definitions("-DWOLFSSL_SHAKE256")
set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT)
set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESULT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT)
message(STATUS "Looking for WOLFSSL_MLKEM - found")
message(STATUS "Automatically set related requirements for Kyber:")
set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
message(STATUS "Looking for WOLFSSL_KYBER - found")
else()
message(STATUS "Looking for WOLFSSL_MLKEM - not found")
endif()
# Checking for experimental feature: WOLFSSL_LMS
message(STATUS "Looking for WOLFSSL_LMS")
if (WOLFSSL_LMS)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 2)
message(STATUS "Automatically set related requirements for LMS")
add_definitions("-DWOLFSSL_HAVE_LMS")
add_definitions("-DWOLFSSL_WC_LMS")
set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT)
set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT)
message(STATUS "Looking for WOLFSSL_LMS - found")
# Checking for experimental feature: WOLFSSL_LMSSHA256192
if (WOLFSSL_LMSSHA256192)
message(STATUS "Automatically set related requirements for LMS SHA256-192")
add_definitions("-DWOLFSSL_LMS_SHA256_192")
add_definitions("-DWOLFSSL_NO_LMS_SHA256_256")
set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192" RESULT)
set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT)
message(STATUS "Looking for WOLFSSL_LMSSHA256192 - found")
else()
message(STATUS "Looking for WOLFSSL_LMSSHA256192 - not found")
endif()
else()
message(STATUS "Looking for WOLFSSL_LMS - not found")
message(STATUS "Looking for WOLFSSL_KYBER - not found")
endif()
# Other experimental feature detection can be added here...
@@ -684,8 +640,8 @@ if (WOLFSSL_EXPERIMENTAL)
endif()
# Sanity checks
if(WOLFSSL_OQS AND WOLFSSL_MLKEM)
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.")
if(WOLFSSL_OQS AND WOLFSSL_KYBER)
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
endif()
else()
@@ -694,8 +650,8 @@ else()
if (WOLFSSL_OQS)
message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
if(WOLFSSL_MLKEM)
message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.")
if(WOLFSSL_KYBER)
message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
endif()
@@ -796,8 +752,7 @@ add_option("WOLFSSL_AESCTR"
if(WOLFSSL_OPENVPN OR
WOLFSSL_LIBSSH2 OR
WOLFSSL_AESSIV OR
WOLFSSL_CLU)
WOLFSSL_AESSIV)
override_cache(WOLFSSL_AESCTR "yes")
endif()
@@ -937,7 +892,7 @@ endif()
# - SEP
add_option("WOLFSSL_KEYGEN"
"Enable key generation (default: disabled)"
"Enable key generation (default: disabled)])"
"no" "yes;no")
add_option("WOLFSSL_CERTGEN"
@@ -1064,7 +1019,7 @@ add_option("WOLFSSL_ED25519"
"Enable ED25519 (default: disabled)"
"no" "yes;no")
if(WOLFSSL_OPENSSH OR WOLFSSL_CLU)
if(WOLFSSL_OPENSSH)
override_cache(WOLFSSL_ED25519 "yes")
endif()
@@ -1398,8 +1353,8 @@ if(NOT WOLFSSL_DES3_TLS_SUITES)
list(APPEND WOLFSSL_DEFINITIONS "-DNO_DES3_TLS_SUITES")
endif()
# ARC4
set(WOLFSSL_ARC4_HELP_STRING "Enable ARC4 (default: disabled)")
# RC4 API (ARC4 implementation removed)
set(WOLFSSL_ARC4_HELP_STRING "Enable RC4 API (default: disabled, ARC4 implementation removed)")
add_option("WOLFSSL_ARC4" ${WOLFSSL_ARC4_HELP_STRING} "no" "yes;no")
if(WOLFSSL_OPENSSH OR WOLFSSL_WPAS)
@@ -1739,9 +1694,6 @@ add_option(WOLFSSL_PKCS7 ${WOLFSSL_PKCS7_HELP_STRING} "no" "yes;no")
set(WOLFSSL_TPM_HELP_STRING "Enable wolfTPM options (default: disabled)")
add_option(WOLFSSL_TPM ${WOLFSSL_TPM_HELP_STRING} "no" "yes;no")
set(WOLFSSL_CLU_HELP_STRING "Enable wolfCLU options (default: disabled)")
add_option(WOLFSSL_CLU ${WOLFSSL_CLU_HELP_STRING} "no" "yes;no")
set(WOLFSSL_AESKEYWRAP_HELP_STRING "Enable AES key wrap support (default: disabled)")
add_option(WOLFSSL_AESKEYWRAP ${WOLFSSL_AESKEYWRAP_HELP_STRING} "no" "yes;no")
@@ -2086,25 +2038,6 @@ if(WOLFSSL_TPM)
override_cache(WOLFSSL_AESCFB "yes")
endif()
if(WOLFSSL_CLU)
override_cache(WOLFSSL_CERTGEN "yes")
override_cache(WOLFSSL_CERTREQ "yes")
override_cache(WOLFSSL_CERTEXT "yes")
override_cache(WOLFSSL_MD5 "yes")
override_cache(WOLFSSL_AESCTR "yes")
override_cache(WOLFSSL_KEYGEN "yes")
override_cache(WOLFSSL_OPENSSLALL "yes")
override_cache(WOLFSSL_ED25519 "yes")
override_cache(WOLFSSL_SHA512 "yes")
override_cache(WOLFSSL_DES3 "yes")
override_cache(WOLFSSL_PKCS7 "yes")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_OID_ENCODING" "-DWOLFSSL_NO_ASN_STRICT" "-DWOLFSSL_ALT_NAMES")
# Add OPENSSL_ALL definition to ensure OpenSSL compatibility functions are available
list(APPEND WOLFSSL_DEFINITIONS "-DOPENSSL_ALL")
# Remove NO_DES3 from WOLFSSL_DEFINITIONS to ensure DES3 is enabled
list(REMOVE_ITEM WOLFSSL_DEFINITIONS "-DNO_DES3")
endif()
if(WOLFSSL_AESCFB)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CFB")
endif()
@@ -2364,18 +2297,6 @@ if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
endif()
endif()
add_option("WOLFSSL_KEYLOG_EXPORT"
"Enable insecure export of TLS secrets to an NSS keylog file (default: disabled)"
"no" "yes;no")
if(WOLFSSL_KEYLOG_EXPORT)
message(WARNING "Keylog export enabled -- Sensitive key data will be stored insecurely.")
list(APPEND WOLFSSL_DEFINITIONS
"-DSHOW_SECRETS"
"-DHAVE_SECRET_CALLBACK"
"-DWOLFSSL_SSLKEYLOGFILE"
"-DWOLFSSL_KEYLOG_EXPORT_WARNED")
endif()
file(REMOVE ${OPTION_FILE})
@@ -2609,30 +2530,16 @@ if(WOLFSSL_EXAMPLES)
tests/api/test_poly1305.c
tests/api/test_chacha20_poly1305.c
tests/api/test_camellia.c
tests/api/test_arc4.c
# ARC4 implementation has been removed
tests/api/test_rc2.c
tests/api/test_aes.c
tests/api/test_ascon.c
tests/api/test_sm4.c
tests/api/test_wc_encrypt.c
tests/api/test_random.c
tests/api/test_wolfmath.c
tests/api/test_rsa.c
tests/api/test_dsa.c
tests/api/test_dh.c
tests/api/test_ecc.c
tests/api/test_sm2.c
tests/api/test_curve25519.c
tests/api/test_ed25519.c
tests/api/test_curve448.c
tests/api/test_ed448.c
tests/api/test_mlkem.c
tests/api/test_mldsa.c
tests/api/test_signature.c
tests/api/test_dtls.c
tests/api/test_ocsp.c
tests/api/test_evp.c
tests/api/test_tls_ext.c
tests/srp.c
tests/suites.c
tests/w64wrapper.c

210
ChangeLog.md
View File

@@ -1,213 +1,3 @@
# wolfSSL Release 5.8.0 (Apr 24, 2025)
Release 5.8.0 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is deprecated
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## New Feature Additions
* Algorithm registration in the Linux kernel module for all supported FIPS AES,
SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes.
* Implemented various fixes to support building for Open Watcom including OS/2
support and Open Watcom 1.9 compatibility (PR 8505, 8484)
* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488)
* Added support for STM32WBA (PR 8550)
* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks
build (PR 8303)
* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594)
* Added support for libimobiledevice commit 860ffb (PR 8373)
* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD
(PR 8307)
* Added blinding option when using a Curve25519 private key by defining the
macro WOLFSSL_CURVE25519_BLINDING (PR 8392)
## Linux Kernel Module
* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes),
rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256,
P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with
bare and PKCS1 padding
* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552)
* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for
compatibility with FIPS 140-3 Cert #4718.
* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override
macro (PR 8654)
* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit
7450ebd29c (merged for Linux 6.15) (PR 8667)
* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673)
* Fix for uninitialized build error with fedora (PR 8569)
* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663,
8646)
* Added force zero shared secret buffer, and clear of old key with ecdh
(PR 8685)
* Update fips-check.sh script to pickup XTS streaming support on aarch64 and
disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546)
## Enhancements and Optimizations
### Security & Cryptography
* Add constant-time implementation improvements for encoding functions. We thank
Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and
reporting several non-constant-time implementations. (PR 8396, 8617)
* Additional support for PKCS7 verify and decode with indefinite lengths
(PR 8520, 834, 8645)
* Add more PQC hybrid key exchange algorithms such as support for combinations
with X25519 and X448 enabling compatibility with the PQC key exchange support
in Chromium browsers and Mozilla Firefox (PR 7821)
* Add short-circuit comparisons to DH key validation for RFC 7919 parameters
(PR 8335)
* Improve FIPS compatibility with various build configurations for more resource
constrained builds (PR 8370)
* Added option to disable ECC public key order checking (PR 8581)
* Allow critical alt and basic constraints extensions (PR 8542)
* New codepoint for MLDSA to help with interoperability (PR 8393)
* Add support for parsing trusted PEM certs having the header
“BEGIN_TRUSTED_CERT” (PR 8400)
* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs
(PR 8599, 8686)
* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c
handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425)
### Build System, Configuration, CI & Protocols
* Internal refactor for include of config.h and when building with
BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated
function” when trying to improperly use an internal API of wolfSSL in an
external application. (PR 8640, 8647, 8660, 8662, 8664)
* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548)
* Add CMake and Zephyr support for XMSS and LMS (PR 8494)
* Added GitHub CI for CMake builds (PR 8439)
* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382)
* Add MSYS2 build continuous integration test (PR 8504)
* Update DevKitPro doc to list calico dependency with build commands (PR 8607)
* Conversion compiler warning fixes and additional continuous integration test
added (PR 8538)
* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481)
* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds
(PR 8526)
### Performance Improvements
* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429)
* LMS fixes and improvements adding API to get Key ID from raw private key,
change to identifiers to match standard, and fix for when
WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623)
* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage,
performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619,
8622, 8588)
* Performance improvements for AES-GCM and when doing multiple HMAC operations
(PR 8445)
### Assembly and Platform-Specific Enhancements
* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for
Aarch64 use (PR 8344, 8561, 8671)
* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD
(PR 8325, 8348)
* Only perform ARM assembly CPUID checks if support was enabled at build time
(PR 8566)
* Optimizations for ARM32 assembly instructions on platforms less than ARMv7
(PR 8395)
* Improve MSVC feature detection for static assert macros (PR 8440)
* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402)
* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h
(PR 8422, PR 8641)
### OpenSSL Compatibility Layer
* Modification to the push/pop to/from in OpenSSL compatibility layer. This is
a pretty major API change in the OpenSSL compatibility stack functions.
Previously the API would push/pop from the beginning of the list but now they
operate on the tail of the list. This matters when using the sk_value with
index values. (PR 8616)
* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498)
* Expand the OpenSSL compatibility layer to include an implementation of
BN_CTX_get (PR 8388)
### API Additions and Modifications
* Refactor Hpke to allow multiple uses of a context instead of just one shot
mode (PR 6805)
* Add support for PSK client callback with Ada and use with Alire (thanks
@mgrojo, PR 8332, 8606)
* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add
functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to
rotate the server's echConfigs (PR 8556)
* Added the public API wc_PkcsPad to do PKCS padding (PR 8502)
* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518)
* Update Kyber APIs to ML-KEM APIs (PR 8536)
* Add option to disallow automatic use of "default" devId using the macro
WC_NO_DEFAULT_DEVID (PR 8555)
* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk
format (PR 8630)
### Porting and Language Support
* Update Python port to support version 3.12.6 (PR 8345)
* New additions for MAXQ with wolfPKCS11 (PR 8343)
* Port to ntp 4.2.8p17 additions (PR 8324)
* Add version 0.9.14 to tested libvncserver builds (PR 8337)
### General Improvements and Cleanups
* Cleanups for STM32 AES GCM (PR 8584)
* Improvements to isascii() and the CMake key log option (PR 8596)
* Arduino documentation updates, comments and spelling corrections (PR 8381,
8384, 8514)
* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and
--enable-all builds (PR 8369, 8371)
## Fixes
* Fix a use after free caused by an early free on error in the X509 store
(PR 8449)
* Fix to account for existing PKCS8 header with
wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612)
* Fixed failing CMake build issue when standard threads support is not found in
the system (PR 8485)
* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with
gcc -march=native -O2 (PR 8329)
* Fix Windows socket API compatibility warning with mingw32 build (PR 8424)
* Fix potential null pointer increments in cipher list parsing (PR 8420)
* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7.
Thanks to the team at Code Intelligence for the report. (PR 8466)
* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379)
* Fixed building with VS2008 and .NET 3.5 (PR 8621)
* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447)
* Fixed SSL_set_mtu compatibility function return code (PR 8330)
* Fixed Renesas RX TSIP (PR 8595)
* Fixed ECC non-blocking tests (PR 8533)
* Fixed CMake on MINGW and MSYS (PR 8377)
* Fixed Watcom compiler and added new CI test (PR 8391)
* Fixed STM32 PKA ECC 521-bit support (PR 8450)
* Fixed STM32 PKA with P521 and shared secret (PR 8601)
* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602)
* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD
(PR 8575)
* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350)
* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407)
* Fix CMake lean_tls build (PR 8460)
* Fix for QUIC callback failure (PR 8475)
* Fix missing alert types in AlertTypeToString for print out with debugging
enabled (PR 8572)
* Fixes for MSVS build issues with PQC configure (PR 8568)
* Fix for SE050 port and minor improvements (PR 8431, 8437)
* Fix for missing rewind function in zephyr and add missing files for compiling
with assembly optimizations (PR 8531, 8541)
* Fix for quic_record_append to return the correct code (PR 8340, 8358)
* Fixes for Bind 9.18.28 port (PR 8331)
* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when
negotiating TLS 1.3 (PR 8487)
* Fix to properly check for signature_algorithms from the client in a TLS 1.3
server (PR 8356)
* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code
Intelligence for the report (PR 8426)
* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations
(PR 8590, 8635)
* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm
or zmm registers are used (PR 8479)
* Entropy MemUse fix for when block size less than update bits (PR 8675)
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.7.6 has been developed according to wolfSSL's development and QA

17
IDE/ARDUINO/README.md
View File

@@ -2,19 +2,8 @@
See the [example sketches](./sketches/README.md):
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
Bare-bones templates:
- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
- [sketches/template](./sketches/template/README.md) multiple file example.
Functional examples:
- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
@@ -73,7 +62,7 @@ from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h).
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory

24
IDE/ARDUINO/include.am
View File

@@ -2,32 +2,16 @@
# included from Top Level Makefile.am
# All paths should be given relative to the root
# Library files:
EXTRA_DIST+= IDE/ARDUINO/README.md
# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md
# Not to be confused with the interim PREPENDED_README.md that is created by script.
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
# Core library files
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
# Sketch Examples
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
# wolfssl_client example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
# wolfssl_server example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
# wolfssl_version example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
# Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory.
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

51
IDE/ARDUINO/sketches/README.md
View File

@@ -1,20 +1,15 @@
# wolfSSL Arduino Examples
There are currently five example Arduino sketches:
There are currently two example Arduino sketches:
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
* `template`: Reference template wolfSSL example, including optional VisualGDB project files.
* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example.
* `wolfssl_client`: Basic TLS listening client.
* `wolfssl_server`: Basic TLS server.
* `wolfssl_version`: Bare-bones wolfSSL example.
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Using wolfSSL
@@ -25,7 +20,7 @@ The typical include will look something like this:
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not edit wolfSSL `settings.h` or `configh.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
@@ -33,43 +28,7 @@ The typical include will look something like this:
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* settings.h is typically included in wolfssl.h, but here as a reminder: */
#include <wolfssl/wolfcrypt/settings.h>
/* Any other wolfSSL includes follow:*
#include <wolfssl/version.h>
```
## Configuring wolfSSL
See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically:
```
C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
```
WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE.
## Troubleshooting
If compile problems are encountered, for example:
```
ctags: cannot open temporary file : File exists
exit status 1
Compilation error: exit status 1
```
Try deleting the Arduino cache directory:
```
C:\Users\%USERNAME%\AppData\Local\arduino\sketches
```
For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories.
## More Information
For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

10
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,14 +1,6 @@
# Arduino Basic TLS Listening Client
Open the `wolfssl_client.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:

903
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino Normal file
View File

@@ -0,0 +1,903 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char reply[80];
char msg[32] = "hello wolfssl!";
const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int total_input = 0;
int msgSz = 0;
int input = 0;
int ret = 0;
int err = 0;
msgSz = (int)strlen(msg);
Serial.println(F(""));
Serial.println(F("Starting Arduino loop() ..."));
if (reconnect) {
reconnect--;
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */
ret = wolfSSL_Init();
error_check(ret, false, F("calling wolfSSL_Init") );
/* create secure connection object. see setup for ctx certs. */
Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
ssl = wolfSSL_new(ctx);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
do {
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ..."));
ret = wolfSSL_connect(ssl);
Serial.print("wolfSSL_connect return result =");
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println(F("Connected!"));
Serial.print(F("SSL version is "));
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print(F("SSL cipher suite is "));
Serial.println(cipherName);
/* see test.h
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
}
delay(1000);
if ((reconnect > 0) && (REPEAT_CONNECTION)) {
Serial.println(F("Arduino loop repeating..."));
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

10
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,14 +1,6 @@
# Arduino Basic TLS Server
Open the `wolfssl_server.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:

847
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino Normal file
View File

@@ -0,0 +1,847 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* we expect our IP address from DHCP */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

2
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,5 +1,3 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

55
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino Normal file
View File

@@ -0,0 +1,55 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

33
IDE/ARDUINO/wolfssl-arduino.cpp
View File

@@ -1,33 +0,0 @@
/* wolfssl-arduino.cpp
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
#include "wolfssl.h"
/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages.
* See wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s)
{
/* Reminder: Serial.print is only available in C++ */
Serial.println(F(s));
return 0;
};

80
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -70,9 +70,6 @@ if [ "$ROOT_DIR" = "" ]; then
exit 1
fi
ARDUINO_ROOT="$HOME/Arduino/libraries"
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
@@ -81,6 +78,8 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
@@ -117,21 +116,11 @@ if [ $# -gt 0 ]; then
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
else
echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR"
fi
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino"
echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR"
else
echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples"
echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples."
fi
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
@@ -152,16 +141,8 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "Current user: [$USER]"
if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then
# Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner"
echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow."
WOLFSSL_VERSION="GitHub"
else
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
echo "Check autogen.sh and configure"
exit 1
fi
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
@@ -254,46 +235,26 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h || exit 1
$CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
unset NO_ARDUINO_EXAMPLES
echo "Copy examples...."
# Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
echo "Copy template example...."
mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino ".${EXAMPLES_DIR}"/template/template.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md ".${EXAMPLES_DIR}"/template/README.md || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c ".${EXAMPLES_DIR}"/template/wolfssl_helper.c || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h ".${EXAMPLES_DIR}"/template/wolfssl_helper.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp || exit 1
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_AES_CTR example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_version example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
NO_ARDUINO_EXAMPLES=1
fi
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
@@ -312,8 +273,6 @@ fi
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
@@ -381,9 +340,4 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
fi
fi
if [ -n "$NO_ARDUINO_EXAMPLES" ]; then
echo ""
echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate."
echo ""
fi
echo "Done!"

14
IDE/ARDUINO/wolfssl.h
View File

@@ -22,7 +22,6 @@
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
/* Should already be defined in settings.h for #if defined(ARDUINO) */
#define WOLFSSL_USER_SETTINGS
#endif
@@ -40,10 +39,9 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#ifndef WOLFSSL_ARDUINO_H
#define WOLFSSL_ARDUINO_H
/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s);
#endif /* WOLFSSL_ARDUINO_H */
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};

2
IDE/Android/Android.bp
View File

@@ -40,7 +40,7 @@ cc_library_shared {
"./src/wolfio.c",
] + [
"./wolfcrypt/src/aes.c",
"./wolfcrypt/src/arc4.c",
// ARC4 implementation has been removed
"./wolfcrypt/src/asm.c",
"./wolfcrypt/src/asn.c",
"./wolfcrypt/src/blake2b.c",

5
IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
View File

@@ -14,6 +14,7 @@ else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -128,7 +129,7 @@ endif()
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
@@ -139,7 +140,7 @@ if(0)
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)

8
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk
View File

@@ -176,7 +176,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
# ARC4 implementation has been removed
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
@@ -203,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -266,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o

5
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@@ -110,6 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@@ -212,8 +213,8 @@
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */

11
IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild
View File

@@ -65,6 +65,11 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
@@ -90,6 +95,12 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_APPLE_HOMEKIT
bool "Apple HomeKit for the ESP32"
help
See AchimPieters/esp32-homekit-demo on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help

8
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
View File

@@ -176,7 +176,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
# ARC4 implementation has been removed
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
@@ -203,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -266,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o

5
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@@ -110,6 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@@ -212,8 +213,8 @@
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */

97
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
View File

@@ -1,102 +1,5 @@
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config BENCH_ARGV
string "Arguments for benchmark test"
default "-lng 0"

2
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
View File

@@ -1,5 +1,5 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK=y
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_BENCHMARK=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"

5
IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
View File

@@ -14,6 +14,7 @@ else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -128,7 +129,7 @@ endif()
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
@@ -139,7 +140,7 @@ if(0)
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)

8
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
View File

@@ -176,7 +176,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
# ARC4 implementation has been removed
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
@@ -203,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -266,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o

5
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
View File

@@ -110,6 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@@ -212,8 +213,8 @@
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */

11
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
View File

@@ -65,6 +65,11 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
@@ -90,6 +95,12 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_APPLE_HOMEKIT
bool "Apple HomeKit for the ESP32"
help
See AchimPieters/esp32-homekit-demo on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help

18
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@@ -41,9 +41,9 @@
#undef USE_WOLFSSL_ESP_SDK_WIFI
#include <wolfssl/ssl.h>
#if defined(WOLFSSL_WC_MLKEM)
#include <wolfssl/wolfcrypt/mlkem.h>
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#if defined(WOLFSSL_WC_KYBER)
#include <wolfssl/wolfcrypt/kyber.h>
#include <wolfssl/wolfcrypt/wc_kyber.h>
#endif
#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
#include <wolfssl/certs_test.h>
@@ -397,22 +397,22 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
&this_heap, this_heap);
#endif
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_KYBER1024)
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL5");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
#elif defined(WOLFSSL_KYBER768)
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL3");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
#elif defined(WOLFSSL_KYBER512)
/* This will typically be a low memory situation, such as ESP8266 */
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL1");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
#else
ESP_LOGW(TAG, "WOLFSSL_HAVE_MLKEM enabled but no key size available.");
ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
ret_i = ESP_FAIL;
#endif
if (ret_i == WOLFSSL_SUCCESS) {
@@ -422,7 +422,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGE(TAG, "UseKeyShare Kyber failed");
}
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled");
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
#endif
}

4
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
View File

@@ -44,7 +44,7 @@
/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
#if defined(WOLFSSL_ESP8266)
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_HAVE_KYBER)
/* Minimum ESP8266 stack size = 10K with Kyber.
* Note there's a maximum not far away as Kyber needs heap
* and the total DRAM is typically only 80KB total. */
@@ -54,7 +54,7 @@
#define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
#endif
#else
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_HAVE_KYBER)
/* Minimum ESP32 stack size = 12K with Kyber enabled. */
#define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
#else

5
IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
View File

@@ -14,6 +14,7 @@ else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -128,7 +129,7 @@ endif()
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
@@ -139,7 +140,7 @@ if(0)
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)

8
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
View File

@@ -176,7 +176,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
# ARC4 implementation has been removed
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
@@ -203,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -266,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o

5
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
View File

@@ -110,6 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@@ -212,8 +213,8 @@
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */

11
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
View File

@@ -65,6 +65,11 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
@@ -90,6 +95,12 @@ choice WOLFSSL_EXAMPLE_CHOOSE
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_APPLE_HOMEKIT
bool "Apple HomeKit for the ESP32"
help
See AchimPieters/esp32-homekit-demo on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help

10
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c
View File

@@ -54,9 +54,9 @@
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
#if defined(WOLFSSL_WC_MLKEM)
#include <wolfssl/wolfcrypt/mlkem.h>
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#if defined(WOLFSSL_WC_KYBER)
#include <wolfssl/wolfcrypt/kyber.h>
#include <wolfssl/wolfcrypt/wc_kyber.h>
#endif
#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
#include <wolfssl/certs_test.h>
@@ -329,7 +329,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
if ((ssl = wolfSSL_new(ctx)) == NULL) {
ESP_LOGE(TAG, "ERROR: failed to create WOLFSSL object");
}
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_HAVE_KYBER)
else {
/* If success creating CTX and Kyber enabled, set key share: */
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
@@ -341,7 +341,7 @@ WOLFSSL_ESP_TASK tls_smp_server_task(void *args)
}
}
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled, not using PQ.");
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled, not using PQ.");
#endif
/* show what cipher connected for this WOLFSSL* object */
ShowCiphers(ssl);

5
IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
View File

@@ -14,6 +14,7 @@ else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -128,7 +129,7 @@ endif()
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
@@ -139,7 +140,7 @@ if(0)
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)

8
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk
View File

@@ -176,7 +176,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
# ARC4 implementation has been removed
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
@@ -203,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -266,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o

17
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
View File

@@ -110,6 +110,7 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
@@ -212,8 +213,8 @@
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
@@ -559,6 +560,9 @@
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@@ -780,15 +784,6 @@
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32P4)
#define WOLFSSL_ESP32
/* wolfSSL Hardware Acceleration not yet implemented */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP32P4 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8266)
#define WOLFSSL_ESP8266

131
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild
View File

@@ -1,112 +1,29 @@
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
menu "Example Configuration"
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example wolfSSL Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
config BENCH_ARGV
string "Arguments for benchmark test"
default "-lng 0"
help
The user settings file can be adjusted to specific wolfSSL examples.
-? <num> Help, print this usage
0: English, 1: Japanese
-csv Print terminal output in csv format
-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)
-no_aad No additional authentication data passed.
-dgst_full Full digest operation performed.
-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.
-<alg> Algorithm to benchmark. Available algorithms include:
cipher aes-cbc aes-gcm chacha20 chacha20-poly1305
digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3
sha3-224 sha3-256 sha3-384 sha3-512
mac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 hmac-sha384
hmac-sha512
asym rsa rsa-sz dh ecc-kg ecc
other rng
-lng <num> Display benchmark result by specified language.
0: English, 1: Japanese
<num> Size of block in bytes
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config WOLFSSL_TARGET_HOST
string "Target host"
default "127.0.0.1"
help
host address for the example to connect
config WOLFSSL_TARGET_PORT
int "Target port"
default 11111
help
host port for the example to connect
e.g -lng 1
e.g sha
endmenu

8
IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c
View File

@@ -164,8 +164,6 @@ void app_main(void)
.stop_bits = UART_STOP_BITS_1,
};
int stack_start = 0;
int heap_start = 0;
int heap_current = 0;
int loops = 0;
esp_err_t ret = 0;
@@ -247,12 +245,8 @@ void app_main(void)
** note it is still always called in wolf_test_task.
*/
stack_start = uxTaskGetStackHighWaterMark(NULL);
heap_start = heap_caps_get_free_size(MALLOC_CAP_8BIT);
do {
heap_current = heap_caps_get_free_size(MALLOC_CAP_8BIT);
ESP_LOGI(TAG, "Free heap memory: %d bytes; Start %d",
heap_current, heap_start);
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
ret = wolf_test_task();
@@ -278,7 +272,7 @@ void app_main(void)
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
#endif
#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
esp_hw_show_mp_metrics();
#endif

2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults
View File

@@ -1,5 +1,5 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TEST=y
CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSL_TEST=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"

2
IDE/GCC-ARM/Makefile.common
View File

@@ -178,7 +178,7 @@ SRC_C += ../../wolfcrypt/src/selftest.c
endif
# wolfCrypt non-standard algorithms (disabled by default)
SRC_C += ../../wolfcrypt/src/arc4.c
# ARC4 implementation has been removed
SRC_C += ../../wolfcrypt/src/blake2b.c
SRC_C += ../../wolfcrypt/src/camellia.c
SRC_C += ../../wolfcrypt/src/dsa.c

2
IDE/HEXAGON/DSP/Makefile
View File

@@ -80,7 +80,7 @@ libwolfssl_dsp_skel.C_SRCS += ../../../wolfcrypt/src/wolfmath.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/wc_encrypt.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/pwdbased.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hash.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/arc4.c
#eccverify_q.C_SRCS += # ../../../wolfcrypt/src/arc4.c - ARC4 implementation has been removed
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/hmac.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/md5.c
#eccverify_q.C_SRCS += ../../../wolfcrypt/src/coding.c

2
IDE/HEXAGON/Makefile
View File

@@ -65,7 +65,7 @@ libwolfssl_LD_FLAGS += -ldl
libwolfssl_C_SRCS += \
../../wolfcrypt/src/aes \
../../wolfcrypt/src/md2 \
../../wolfcrypt/src/arc4 \
# ARC4 implementation has been removed \
../../wolfcrypt/src/md4 \
../../wolfcrypt/src/asm \
../../wolfcrypt/src/md5 \

2
IDE/IAR-EWARM/Projects/lib/wolfSSL-Lib.ewp
View File

@@ -1904,7 +1904,7 @@
<name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\aes.c</name>
</file>
<file>
<name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\arc4.c</name>
<!-- ARC4 implementation has been removed -->
</file>
<file>
<name>$PROJ_DIR$\..\..\..\..\wolfcrypt\src\asm.c</name>

4
IDE/INTIME-RTOS/libwolfssl.vcxproj
View File

@@ -24,7 +24,7 @@
<ClCompile Include="..\..\src\ssl.c" />
<ClCompile Include="..\..\src\tls.c" />
<ClCompile Include="..\..\wolfcrypt\src\aes.c" />
<ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
<!-- ARC4 implementation has been removed -->
<ClCompile Include="..\..\wolfcrypt\src\asm.c" />
<ClCompile Include="..\..\wolfcrypt\src\asn.c" />
<ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
@@ -87,7 +87,7 @@
<ClInclude Include="..\..\wolfssl\test.h" />
<ClInclude Include="..\..\wolfssl\version.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\aes.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\arc4.h" />
<!-- ARC4 implementation has been removed -->
<ClInclude Include="..\..\wolfssl\wolfcrypt\asn.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\asn_public.h" />
<ClInclude Include="..\..\wolfssl\wolfcrypt\async.h" />

2
IDE/LINUX-SGX/sgx_t_static.mk
View File

@@ -47,7 +47,7 @@ Crypto_Library_Name := sgx_tcrypto
Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
# ARC4 implementation has been removed\
$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
$(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c\
$(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c\

6
IDE/MCUEXPRESSO/RT1170/wolfssl_cm7/.cproject
View File

@@ -241,7 +241,7 @@
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="drivers"/>
<entry excluding="freertos_kernel/portable/MemMang/heap_1.c|freertos_kernel/portable/MemMang/heap_2.c|freertos_kernel/portable/MemMang/heap_3.c|freertos_kernel/portable/MemMang/heap_5.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="freertos"/>
<entry excluding="src/netif/ppp/polarssl/arc4.c|src/netif/ppp/polarssl/des.c|src/netif/ppp/polarssl/md4.c|src/netif/ppp/polarssl/md5.c|src/netif/ppp/polarssl/sha1.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="lwip"/>
<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_mlkem_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_kyber_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source/wolfcrypt/src/port/caam"/>
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="startup"/>
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="utilities"/>
@@ -489,7 +489,7 @@
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="drivers"/>
<entry excluding="freertos_kernel/portable/MemMang/heap_1.c|freertos_kernel/portable/MemMang/heap_2.c|freertos_kernel/portable/MemMang/heap_3.c|freertos_kernel/portable/MemMang/heap_5.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="freertos"/>
<entry excluding="src/netif/ppp/polarssl/arc4.c|src/netif/ppp/polarssl/des.c|src/netif/ppp/polarssl/md4.c|src/netif/ppp/polarssl/md5.c|src/netif/ppp/polarssl/sha1.c" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="lwip"/>
<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_mlkem_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
<entry excluding="wolfcrypt/src/misc.c|src/x509.c|src/x509_str.c|wolfcrypt/src/evp.c|src/conf.c|src/pk.c|src/bio.c|wolfcrypt/src/wc_kyber_asm.S|wolfcrypt/src/sp_x86_64_asm.S|wolfcrypt/src/sp_x86_64_asm.asm|wolfcrypt/src/sha512_asm.S|wolfcrypt/src/sha3_asm.S|wolfcrypt/src/sha256_asm.S|wolfcrypt/src/poly1305_asm.S|wolfcrypt/src/fe_x25519_asm.S|wolfcrypt/src/port|wolfcrypt/src/chacha_asm.S|wolfcrypt/src/aes_gcm_x86_asm.S|wolfcrypt/src/aes_gcm_asm.S|wolfcrypt/src/aes_asm.S|wolfcrypt/src/aes_asm.asm|wolfcrypt/user-crypto|wolfcrypt/test|wolfcrypt/benchmark" flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source"/>
<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="source/wolfcrypt/src/port/caam"/>
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="startup"/>
<entry flags="LOCAL|VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="utilities"/>
@@ -565,4 +565,4 @@
</storageModule>
<storageModule moduleId="org.eclipse.cdt.make.core.buildtargets"/>
<storageModule moduleId="refreshScope"/>
</cproject>
</cproject>

4
IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c
View File

@@ -142,7 +142,7 @@ extern void hmac_sha384_test(void *arg) ;
#endif
#endif
#ifndef NO_RC4
extern void arc4_test(void *arg) ;
extern void arc4_test(void *arg) ; /* ARC4 implementation has been removed */
#endif
#ifndef NO_DES3
@@ -257,7 +257,7 @@ static struct {
#endif
#endif
#ifndef NO_RC4
"arc4", arc4_test,
"arc4", arc4_test, /* ARC4 implementation has been removed */
#endif
#ifndef NO_DES3
"des", des_test,

2
IDE/MDK5-ARM/Projects/wolfSSL-Full/Abstract.txt
View File

@@ -27,7 +27,7 @@ SHA test passed!
>benchmark
AES 25 kB took 0.025 seconds, 0.96 MB/s
ARC4 25 kB took 0.006 seconds, 3.83 MB/s
/* ARC4 implementation has been removed */
...
DH 2048 key agreement 685.93 milliseconds, avg over 1 iterations

4
IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c
View File

@@ -149,7 +149,7 @@ extern void hmac_sha384_test(void *arg) ;
#endif
#endif
#ifndef NO_RC4
extern void arc4_test(void *arg) ;
extern void arc4_test(void *arg) ; /* ARC4 implementation has been removed */
#endif
#ifndef NO_DES3
@@ -264,7 +264,7 @@ static struct {
#endif
#endif
#ifndef NO_RC4
"arc4", arc4_test,
"arc4", arc4_test, /* ARC4 implementation has been removed */
#endif
#ifndef NO_DES3
"des", des_test,

2
IDE/MPLABX16/wolfssl.X/nbproject/configurations.xml
View File

@@ -15,7 +15,7 @@
projectFiles="true">
<logicalFolder name="f2" displayName="wolfcrypt" projectFiles="true">
<itemPath>../../../wolfcrypt/src/aes.c</itemPath>
<itemPath>../../../wolfcrypt/src/arc4.c</itemPath>
<!-- ARC4 implementation has been removed -->
<itemPath>../../../wolfcrypt/src/asm.c</itemPath>
<itemPath>../../../wolfcrypt/src/asn.c</itemPath>
<itemPath>../../../wolfcrypt/src/blake2b.c</itemPath>

2
IDE/MQX/Makefile
View File

@@ -72,7 +72,7 @@ $(WOLF_ROOT)/src/tls13.o\
$(WOLF_ROOT)/src/tls.o\
$(WOLF_ROOT)/src/wolfio.o\
$(WOLF_ROOT)/wolfcrypt/src/aes.o\
$(WOLF_ROOT)/wolfcrypt/src/arc4.o\
# ARC4 implementation has been removed\
$(WOLF_ROOT)/wolfcrypt/src/asm.o\
$(WOLF_ROOT)/wolfcrypt/src/asn.o\
$(WOLF_ROOT)/wolfcrypt/src/blake2b.o\

6
IDE/MYSQL/CMakeLists_wolfCrypt.txt
View File

@@ -23,14 +23,16 @@ INCLUDE_DIRECTORIES(
${CMAKE_SOURCE_DIR}/extra/wolfssl)
ADD_DEFINITIONS(${SSL_DEFINES})
SET(WOLFCRYPT_SOURCES src/aes.c src/arc4.c src/asn.c src/blake2b.c
SET(WOLFCRYPT_SOURCES src/aes.c # src/arc4.c - ARC4 implementation has been removed
src/asn.c src/blake2b.c
src/camellia.c src/chacha.c src/coding.c src/compress.c src/des3.c
src/dh.c src/dsa.c src/ecc.c src/error.c src/hmac.c
src/integer.c src/kdf.c src/logging.c src/md2.c src/md4.c src/md5.c src/memory.c
src/pkcs7.c src/pkcs12.c src/poly1305.c src/pwdbased.c
src/random.c src/ripemd.c src/rsa.c src/sha.c src/sha256.c src/sha512.c
src/tfm.c src/wc_port.c src/wc_encrypt.c src/hash.c src/wolfmath.c
../wolfssl/wolfcrypt/aes.h ../wolfssl/wolfcrypt/arc4.h ../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
../wolfssl/wolfcrypt/aes.h # ../wolfssl/wolfcrypt/arc4.h - ARC4 implementation has been removed
../wolfssl/wolfcrypt/asn.h ../wolfssl/wolfcrypt/blake2.h
../wolfssl/wolfcrypt/camellia.h ../wolfssl/wolfcrypt/chacha.h ../wolfssl/wolfcrypt/coding.h ../wolfssl/wolfcrypt/compress.h ../wolfssl/wolfcrypt/des3.h
../wolfssl/wolfcrypt/dh.h ../wolfssl/wolfcrypt/dsa.h ../wolfssl/wolfcrypt/ecc.h ../wolfssl/wolfcrypt/error-crypt.h ../wolfssl/wolfcrypt/hmac.h
../wolfssl/wolfcrypt/integer.h ../wolfssl/wolfcrypt/logging.h ../wolfssl/wolfcrypt/md2.h ../wolfssl/wolfcrypt/md4.h ../wolfssl/wolfcrypt/md5.h ../wolfssl/wolfcrypt/memory.h

22
IDE/NDS/README.md
View File

@@ -15,16 +15,13 @@ $ ./configure \
AR=$DEVKITARM/bin/arm-none-eabi-ar \
STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
LIBS="-lfat -lnds9 -lcalico_ds9" \
LDFLAGS="-L$DEVKITPRO/libnds/lib \
-L$DEVKITPRO/calico/lib" \
LIBS="-lfat -lnds9" \
LDFLAGS="-L/opt/devkitpro/libnds/lib" \
--prefix=$DEVKITPRO/portlibs/nds \
CFLAGS="-march=armv5te -mtune=arm946e-s \
-specs=$DEVKITPRO/calico/share/ds9.specs \
-D__NDS__ -DARM9 -D__thumb__=0 \
--specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
-DWOLFSSL_MELONDS \
-DWOLFSSL_NDS -DWOLFSSL_USER_IO \
-I$DEVKITPRO/calico/include \
-DWOLFSSL_USER_IO \
-I$DEVKITPRO/libnds/include" \
--enable-fastmath --disable-benchmark \
--disable-shared --disable-examples --disable-ecc
@@ -40,15 +37,12 @@ $ ./configure \
AR=$DEVKITARM/bin/arm-none-eabi-ar \
STRIP=$DEVKITARM/bin/arm-none-eabi-strip \
RANLIB=$DEVKITARM/bin/arm-none-eabi-ranlib \
LIBS="-lfat -lnds9 -lcalico_ds9" \
LDFLAGS="-L$DEVKITPRO/libnds/lib \
-L$DEVKITPRO/calico/lib" \
LIBS="-lfat -lnds9" \
LDFLAGS="-L/opt/devkitpro/libnds/lib" \
--prefix=$DEVKITPRO/portlibs/nds \
CFLAGS="-march=armv5te -mtune=arm946e-s \
-specs=$DEVKITPRO/calico/share/ds9.specs \
-D__NDS__ -DARM9 -D__thumb__=0 \
-DWOLFSSL_NDS -DWOLFSSL_USER_IO \
-I$DEVKITPRO/calico/include \
--specs=ds_arm9.specs -DARM9 -DWOLFSSL_NDS \
-DWOLFSSL_USER_IO \
-I$DEVKITPRO/libnds/include" \
--enable-fastmath --disable-benchmark \
--disable-shared --disable-examples --disable-ecc

4
IDE/NETOS/Makefile.wolfcrypt.inc
View File

@@ -1,11 +1,11 @@
WOLFSSL_ROOT=wolfssl-5.7.2-commercial-fips-linuxv5.2.1
WOLFSSL_ROOT=wolfCrypt_v4_5_2
APP_WOLFCRYPTOBJS = $(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/wolfcrypt_first.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/aes.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/cmac.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/des3.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/dh.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/ecc.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/hmac.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/kdf.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/random.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/rsa.o\
$(NETOS_DIR)/src/$(WOLFSSL_ROOT)/objs/ns9210/32b/gnu/sha.o\

1
IDE/NETOS/include.am
View File

@@ -4,7 +4,6 @@
EXTRA_DIST+= IDE/NETOS/Makefile.wolfcrypt.inc
EXTRA_DIST+= IDE/NETOS/user_settings.h
EXTRA_DIST+= IDE/NETOS/user_settings.h-cert3389
EXTRA_DIST+= IDE/NETOS/user_settings.h-cert2425
EXTRA_DIST+= IDE/NETOS/wolfssl_netos_custom.c
EXTRA_DIST+= IDE/NETOS/README.md

540
IDE/NETOS/user_settings.h
View File

@@ -1,5 +1,5 @@
/* user_settings.h
*
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
@@ -19,6 +19,7 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Custom wolfSSL user settings for GCC ARM */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
@@ -27,39 +28,11 @@
extern "C" {
#endif
#undef HAVE_FIPS
#if 1
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 5
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR 5
#undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 2
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
#undef WC_RNG_SEED_CB
#define WC_RNG_SEED_CB
#if 1
#undef NO_ATTRIBUTE_CONSTRUCTOR
#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
#undef THREADX
#define THREADX
@@ -74,99 +47,85 @@ extern "C" {
#undef BIG_ENDIAN_ORDER
#define BIG_ENDIAN_ORDER
#undef WOLFSSL_USE_ALIGN
#define WOLFSSL_USE_ALIGN
#undef WOLFSSL_SMALL_STACK
//#define WOLFSSL_SMALL_STACK
#undef NO_THREAD_LS
#undef WOLFSSL_USER_IO
//#define WOLFSSL_USER_IO
#undef NO_THREAD_LS
#define NO_THREAD_LS
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
F0E3A7F32D8FDE71DA017855072247B27D8C0F5A74CACE89AED272A7CF5EAC0E
#if 0
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_RSA
#define WOLFSSL_SP_DH
#define WOLFSSL_SP_ECC
#define WOLFSSL_SP_4096
#define WOLFSSL_SP_384
#define WOLFSSL_SP_521
#define WOLFSSL_SP_SMALL
#define WOLFSSL_SP_NO_MALLOC
#define SP_INT_BITS 8192
#endif
#if 1
#undef USE_FAST_MATH
#define USE_FAST_MATH
#if 1
#define WOLFSSL_SP_RSA
#define WOLFSSL_SP_DH
#define WOLFSSL_SP_ECC
#define WOLFSSL_SP_4096
#define WOLFSSL_SP_384
#define WOLFSSL_SP_521
#define WOLFSSL_SP_SMALL
#define SP_INT_BITS 8192
#endif
#endif
#if 0
#undef USE_INTEGER_HEAP_MATH
#define USE_INTEGER_HEAP_MATH
#undef WOLFSSL_SMALL_STACK
#define WOLFSSL_SMALL_STACK
#endif
#undef SIZEOF_LONG_LONG
#undef SIZEOF_LONG_LONG
#define SIZEOF_LONG_LONG 8
#ifdef USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#undef SIZEOF_LONG
#define SIZEOF_LONG 4
#undef USE_FAST_MATH
#if 1
#define USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#undef FP_MAX_BITS
#define FP_MAX_BITS 16384
#define TFM_NO_ASM
/* Optimizations (on M0 UMULL is not supported, need another assembly
* solution) */
//#define TFM_ARM
/* Optimizations */
#define TFM_ARM
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 1
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 2
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#endif
#if 1
#undef NO_ATTRIBUTE_CONSTRUCTOR
#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#if 0
#undef WC_RSA_BLINDING
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else
#undef WC_NO_HARDEN
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 1
#undef WC_RSA_PSS
#define WC_RSA_PSS
#undef WOLFSSL_PSS_LONG_SALT
#define WOLFSSL_PSS_LONG_SALT
#undef WOLFSSL_PSS_SALT_LEN_DISCOVER
#define WOLFSSL_PSS_SALT_LEN_DISCOVER
#endif
#if 1
@@ -182,86 +141,86 @@ extern "C" {
#define HAVE_ECC
/* Manually define enabled curves */
#undef ECC_USER_CURVES
#define ECC_USER_CURVES
#undef ECC_USER_CURVES
//#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
#define HAVE_ECC192
#define HAVE_ECC224
#undef NO_ECC256
#define HAVE_ECC256
#define HAVE_ECC384
#define HAVE_ECC521
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key)
*/
#undef FP_ECC
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#undef ECC_TIMING_RESISTANT
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH /* Enable cofactor support */
#undef NO_STRICT_ECDSA_LEN
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
#undef WOLFSSL_VALIDATE_ECC_KEYGEN
#define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
#undef WOLFSSL_ECDSA_SET_K
#define WOLFSSL_ECDSA_SET_K
//#define WOLFCRYPT_HAVE_SAKKE
#endif
/* Compressed Key Support */
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 * 2)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
//#undef FP_MAX_BITS_ECC
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#undef TFM_ECC256
#undef TFM_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* DH */
#undef NO_DH
#undef NO_DH
#if 1
#define HAVE_DH
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define HAVE_DH_DEFAULT_PARAMS
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define HAVE_FFDHE_6144
#define HAVE_FFDHE_8192
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
@@ -276,31 +235,28 @@ extern "C" {
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
* GCM_TABLE_4BIT */
#define GCM_TABLE_4BIT
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
// #define GCM_SMALL
// #define GCM_WORD32
#define GCM_TABLE
#undef WOLFSSL_AES_DIRECT
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#undef HAVE_AESCCM
#define HAVE_AESCCM
#undef WOLFSSL_AES_OFB
#define WOLFSSL_AES_OFB
#else
#define NO_AES
#endif
@@ -308,11 +264,8 @@ extern "C" {
/* DES3 */
#undef NO_DES3
#if 0
#if 1
#undef WOLFSSL_DES_ECB
#define WOLFSSL_DES_ECB
#endif
#if 1
/* No change */
#else
#define NO_DES3
#endif
@@ -325,29 +278,20 @@ extern "C" {
#define HAVE_POLY1305
/* Needed for Poly1305 */
#undef HAVE_ONE_TIME_AUTH
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#endif
/* Curve25519 */
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#if 0
#define HAVE_CURVE25519
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVE25519_SMALL
#endif
#endif
/* Ed25519 */
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define ED25519_SMALL
#define CURVED25519_SMALL
#endif
#endif
@@ -359,7 +303,7 @@ extern "C" {
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
#define USE_SLOW_SHA
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
@@ -368,7 +312,7 @@ extern "C" {
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
#define USE_SLOW_SHA256
//#define USE_SLOW_SHA256
/* Sha224 */
#if 1
@@ -383,17 +327,14 @@ extern "C" {
#if 1
#define WOLFSSL_SHA512
#define WOLFSSL_NOSHA512_224 /* Not in FIPS mode */
#define WOLFSSL_NOSHA512_256 /* Not in FIPS mode */
/* Sha384 */
#undef WOLFSSL_SHA384
#undef WOLFSSL_SHA384
#if 1
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
#define USE_SLOW_SHA512
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
@@ -403,18 +344,17 @@ extern "C" {
#endif
/* MD5 */
#undef NO_MD5
#undef NO_MD5
#if 1
/* No change */
#else
#define NO_MD5
#endif
/* HKDF / PRF */
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#define WOLFSSL_HAVE_PRF
#endif
/* CMAC */
@@ -423,49 +363,101 @@ extern "C" {
#define WOLFSSL_CMAC
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#undef BENCH_EMBEDDED
#define BENCH_EMBEDDED
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#undef USE_CERT_BUFFERS_1024
//#define USE_CERT_BUFFERS_1024
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#undef FORCE_BUFFER_TEST
#define FORCE_BUFFER_TEST
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#define DEBUG_WOLFSSL
/* Use this to measure / print heap usage */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#undef USE_WOLFSSL_MEMORY
#define DEBUG_WOLFSSL
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
/* Override Memory API's */
#if 0
#undef XMALLOC_OVERRIDE
#define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
/* Note2: XFREE(NULL) must be properly handled */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);
extern void *myRealloc(void *p, size_t n, void* heap, int type);
#define XMALLOC(n, h, t) myMalloc(n, h, t)
#define XFREE(p, h, t) myFree(p, h, t)
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
#endif
#if 0
/* Static memory requires fast math */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* Memory callbacks */
#if 1
#undef USE_WOLFSSL_MEMORY
#define USE_WOLFSSL_MEMORY
#undef WOLFSSL_TRACK_MEMORY
//#define WOLFSSL_TRACK_MEMORY
/* Use this to measure / print heap usage */
#if 0
#undef WOLFSSL_TRACK_MEMORY
// #define WOLFSSL_TRACK_MEMORY
#undef WOLFSSL_DEBUG_MEMORY
//#define WOLFSSL_DEBUG_MEMORY
#undef WOLFSSL_DEBUG_MEMORY
//#define WOLFSSL_DEBUG_MEMORY
#undef WOLFSSL_DEBUG_MEMORY_PRINT
//#define WOLFSSL_DEBUG_MEMORY_PRINT
#endif
#else
#undef NO_WOLFSSL_MEMORY
#define NO_WOLFSSL_MEMORY
#ifndef WOLFSSL_STATIC_MEMORY
#define NO_WOLFSSL_MEMORY
/* Otherwise we will use stdlib malloc, free and realloc */
#endif
#endif
#ifndef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#define NO_ERROR_STRINGS
#endif
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
//#define WOLFSSL_USER_CURRTIME
//#define XTIME time
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
/* Size of returned HW RNG value */
//#define CUSTOM_RAND_TYPE unsigned int
/* Seed Source */
#if 1
@@ -481,194 +473,152 @@ extern "C" {
#define CUSTOM_RAND_TYPE unsigned char
#endif
//#define WOLFSSL_GENSEED_FORTEST
/* Choose RNG method */
#if 1
/* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */
#undef HAVE_HASHDRBG
//#define WOLFSSL_GENSEED_FORTEST
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#else
#undef WC_NO_HASHDRBG
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */
extern int custom_rand_generate_block(unsigned char* output,
unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK custom_rand_generate_block
extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_TLS13
#if 0
#undef WOLFSSL_TLS13
#define WOLFSSL_TLS13
#endif
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_KEY_GEN
#if 1
#define WOLFSSL_KEY_GEN
#endif
#undef KEEP_PEER_CERT
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
#define WOLFSSL_OLD_PRIME_CHECK
#endif
#undef KEEP_PEER_CERT
//#define KEEP_PEER_CERT
#undef HAVE_COMP_KEY
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
#undef HAVE_TLS_EXTENSIONS
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef WOLFSSL_BASE64_ENCODE
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16
/* TLS Session Cache */
#if 1
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
#define BENCH_EMBEDDED
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#undef NO_WOLFSSL_SERVER
#undef NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_SERVER
#undef NO_WOLFSSL_CLIENT
#undef NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_CLIENT
#undef NO_CRYPT_TEST
#undef NO_CRYPT_TEST
//#define NO_CRYPT_TEST
#undef NO_CRYPT_BENCHMARK
#undef NO_CRYPT_BENCHMARK
//#define NO_CRYPT_BENCHMARK
#undef WOLFCRYPT_ONLY
#undef WOLFCRYPT_ONLY
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
#undef NO_INLINE
#undef NO_INLINE
//#define NO_INLINE
#undef NO_FILESYSTEM
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
#undef NO_WRITEV
#undef NO_WRITEV
#define NO_WRITEV
#undef NO_MAIN_DRIVER
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef NO_DEV_RANDOM
#undef NO_DEV_RANDOM
#define NO_DEV_RANDOM
#undef NO_DSA
#undef NO_DSA
#define NO_DSA
#undef NO_DES3
#define NO_DES3
#undef NO_RC4
#undef NO_RC4
#define NO_RC4
#undef NO_OLD_TLS
#undef NO_OLD_TLS
#define NO_OLD_TLS
#undef NO_PSK
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
#undef NO_PWDBASED
//#define NO_PWDBASED
#undef NO_CODING
#undef NO_CODING
//#define NO_CODING
#undef NO_ASN_TIME
#undef NO_ASN_TIME
//#define NO_ASN_TIME
#undef NO_CERTS
#undef NO_CERTS
//#define NO_CERTS
#undef NO_SIG_WRAPPER
#undef NO_SIG_WRAPPER
//#define NO_SIG_WRAPPER
/* FIPS optesting for wolfSSL Engineering only, disable in production */
/* ACVP Testing ONLY specific settings */
#if 0
#define DEBUG_FIPS_VERBOSE
#define NO_CAVP_TDES
#define USE_UART_READ_LINE
#undef USE_NORMAL_PRINTF
#define USE_NORMAL_PRINTF
#undef USE_UART_READ_LINE
#define USE_UART_READ_LINE
#undef USE_SMALL_MONTE
#define USE_SMALL_MONTE
#undef WOLFSSL_PUBLIC_MP
#define WOLFSSL_PUBLIC_MP
#define NO_MAIN_OPTEST_DRIVER
#define OPTEST_LOGGING_ENABLED
#define DEBUG_FIPS_VERBOSE
#define OPTEST_INVALID_LOGGING_ENABLED
#define OPTEST_RUNNING_ORGANIC
#undef HAVE_FORCE_FIPS_FAILURE
#define HAVE_FORCE_FIPS_FAILURE
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256
#define FORCE_BUFFER_TEST
#define NO_MAIN_OPTEST_DRIVER
#define DEEPLY_EMBEDDED
#endif
/* End optesting only section */
/* START Customer specified options */
#if 1
#undef HAVE_SECRET_CALLBACK
#define HAVE_SECRET_CALLBACK
#undef ATOMIC_USER
#define ATOMIC_USER
#undef HAVE_EX_DATA
#define HAVE_EX_DATA
#undef NO_WOLFSSL_STUB
#define NO_WOLFSSL_STUB
#undef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef OPENSSL_ALL
#define OPENSSL_ALL
#undef HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER
#undef WC_NO_ASYNC_THREADING
#define WC_NO_ASYNC_THREADING
#undef NO_TESTSUITE_MAIN_DRIVER
#define NO_TESTSUITE_MAIN_DRIVER
#undef WOLFSSL_NO_ASN_STRICT
#define WOLFSSL_NO_ASN_STRICT
#endif
/* END Customer specified options */
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

22
IDE/NETOS/user_settings.h-cert2425
View File

@@ -1,25 +1,3 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _NETOS_USER_SETTINGS_H_
#define _NETOS_USER_SETTINGS_H_

623
IDE/NETOS/user_settings.h-cert3389
View File

@@ -1,623 +0,0 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Custom wolfSSL user settings for GCC ARM */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
#undef THREADX
#define THREADX
#ifndef TX_TIMER_TICKS_PER_SECOND
#define TX_TIMER_TICKS_PER_SECOND 100
#endif
#undef NETOS
#define NETOS
#undef BIG_ENDIAN_ORDER
#define BIG_ENDIAN_ORDER
#undef WOLFSSL_SMALL_STACK
//#define WOLFSSL_SMALL_STACK
#undef WOLFSSL_USER_IO
//#define WOLFSSL_USER_IO
#undef NO_THREAD_LS
#define NO_THREAD_LS
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef SIZEOF_LONG_LONG
#define SIZEOF_LONG_LONG 8
#undef SIZEOF_LONG
#define SIZEOF_LONG 4
#undef USE_FAST_MATH
#if 1
#define USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
/* Optimizations */
#define TFM_ARM
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 1
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 2
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#endif
#if 1
#undef NO_ATTRIBUTE_CONSTRUCTOR
#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 8192
#endif
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#if 0
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 1
#define WC_RSA_PSS
#endif
#if 1
#define WC_RSA_NO_PADDING
#endif
#else
#define NO_RSA
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#undef ECC_USER_CURVES
//#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
//#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH /* Enable cofactor support */
#undef NO_STRICT_ECDSA_LEN
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
#endif
/* Compressed Key Support */
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 * 2)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
//#undef FP_MAX_BITS_ECC
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#undef TFM_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* DH */
#undef NO_DH
#if 1
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#else
#define NO_DH
#endif
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method: GCM_SMALL, GCM_WORD32 or GCM_TABLE */
// #define GCM_SMALL
// #define GCM_WORD32
#define GCM_TABLE
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#define HAVE_AESCCM
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 1
/* No change */
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 0
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVED25519_SMALL
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 1
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 1
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 1
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 1
/* No change */
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#undef BENCH_EMBEDDED
#define BENCH_EMBEDDED
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#undef USE_CERT_BUFFERS_1024
//#define USE_CERT_BUFFERS_1024
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
#undef FORCE_BUFFER_TEST
#define FORCE_BUFFER_TEST
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
/* Override Memory API's */
#if 0
#undef XMALLOC_OVERRIDE
#define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);
extern void *myRealloc(void *p, size_t n, void* heap, int type);
#define XMALLOC(n, h, t) myMalloc(n, h, t)
#define XFREE(p, h, t) myFree(p, h, t)
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
#endif
#if 0
/* Static memory requires fast math */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* Memory callbacks */
#if 1
#undef USE_WOLFSSL_MEMORY
#define USE_WOLFSSL_MEMORY
/* Use this to measure / print heap usage */
#if 0
#undef WOLFSSL_TRACK_MEMORY
// #define WOLFSSL_TRACK_MEMORY
#undef WOLFSSL_DEBUG_MEMORY
//#define WOLFSSL_DEBUG_MEMORY
#undef WOLFSSL_DEBUG_MEMORY_PRINT
//#define WOLFSSL_DEBUG_MEMORY_PRINT
#endif
#else
#ifndef WOLFSSL_STATIC_MEMORY
#define NO_WOLFSSL_MEMORY
/* Otherwise we will use stdlib malloc, free and realloc */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
/* Seed Source */
#if 1
extern int my_rng_generate_seed(unsigned char* output, int sz);
#undef CUSTOM_RAND_GENERATE_SEED
#define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed
#endif
/* NETOS */
#if 0
extern unsigned char get_byte_from_pool(void);
#define CUSTOM_RAND_GENERATE get_byte_from_pool
#define CUSTOM_RAND_TYPE unsigned char
#endif
/* Choose RNG method */
#if 1
/* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */
//#define WOLFSSL_GENSEED_FORTEST
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#else
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */
extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_TLS13
#if 0
#define WOLFSSL_TLS13
#endif
#undef WOLFSSL_KEY_GEN
#if 1
#define WOLFSSL_KEY_GEN
#endif
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
#define WOLFSSL_OLD_PRIME_CHECK
#endif
#undef KEEP_PEER_CERT
//#define KEEP_PEER_CERT
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#undef NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_SERVER
#undef NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_CLIENT
#undef NO_CRYPT_TEST
//#define NO_CRYPT_TEST
#undef NO_CRYPT_BENCHMARK
//#define NO_CRYPT_BENCHMARK
#undef WOLFCRYPT_ONLY
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
#undef NO_INLINE
//#define NO_INLINE
#undef NO_FILESYSTEM
#define NO_FILESYSTEM
#undef NO_WOLFSSL_DIR
#define NO_WOLFSSL_DIR
#undef NO_WRITEV
#define NO_WRITEV
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef NO_DEV_RANDOM
#define NO_DEV_RANDOM
#undef NO_DSA
#define NO_DSA
#undef NO_RC4
#define NO_RC4
#undef NO_OLD_TLS
#define NO_OLD_TLS
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
//#define NO_PWDBASED
#undef NO_CODING
//#define NO_CODING
#undef NO_ASN_TIME
//#define NO_ASN_TIME
#undef NO_CERTS
//#define NO_CERTS
#undef NO_SIG_WRAPPER
//#define NO_SIG_WRAPPER
/* ACVP Testing ONLY specific settings */
#if 0
#undef USE_NORMAL_PRINTF
#define USE_NORMAL_PRINTF
#undef USE_UART_READ_LINE
#define USE_UART_READ_LINE
#undef USE_SMALL_MONTE
#define USE_SMALL_MONTE
#undef WOLFSSL_PUBLIC_MP
#define WOLFSSL_PUBLIC_MP
#undef HAVE_FORCE_FIPS_FAILURE
#define HAVE_FORCE_FIPS_FAILURE
#endif
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

2
IDE/NETOS/wolfssl_netos_custom.c
View File

@@ -68,7 +68,7 @@ unsigned char get_byte_from_pool(void)
int my_rng_generate_seed(unsigned char* output, int sz)
{
int i;
word32 i;
srand(get_byte_from_pool());
for (i = 0; i < sz; i++) {

4
IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c
View File

@@ -79,7 +79,7 @@ void main(void)
SAMPLE OUTPUT: Freescale K64 running at 96MHz with no MMCAU:
Benchmark Test 0:
AES 25 kB took 0.073 seconds, 0.334 MB/s
ARC4 25 kB took 0.033 seconds, 0.740 MB/s
/* ARC4 implementation has been removed */
RABBIT 25 kB took 0.027 seconds, 0.904 MB/s
3DES 25 kB took 0.375 seconds, 0.065 MB/s
MD5 25 kB took 0.016 seconds, 1.526 MB/s
@@ -94,7 +94,7 @@ Benchmark Test 0: Return code 0
SAMPLE OUTPUT: Freescale K64 running at 96MHz with MMCAU enabled:
Benchmark Test 0:
AES 25 kB took 0.019 seconds, 1.285 MB/s
ARC4 25 kB took 0.033 seconds, 0.740 MB/s
/* ARC4 implementation has been removed */
RABBIT 25 kB took 0.028 seconds, 0.872 MB/s
3DES 25 kB took 0.026 seconds, 0.939 MB/s
MD5 25 kB took 0.005 seconds, 4.883 MB/s

2
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl.hzp
View File

@@ -18,7 +18,7 @@
</folder>
<folder Name="src">
<file file_name="../../wolfcrypt/src/aes.c" />
<file file_name="../../wolfcrypt/src/arc4.c" />
<!-- ARC4 implementation has been removed -->
<file file_name="../../wolfcrypt/src/asm.c" />
<file file_name="../../wolfcrypt/src/asn.c" />
<file file_name="../../wolfcrypt/src/blake2b.c" />

2
IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
View File

@@ -18,7 +18,7 @@
</folder>
<folder Name="src">
<file file_name="../../wolfcrypt/src/aes.c" />
<file file_name="../../wolfcrypt/src/arc4.c" />
<!-- ARC4 implementation has been removed -->
<file file_name="../../wolfcrypt/src/asm.c">
<configuration Name="ARM_Debug" build_exclude_from_build="Yes" />
</file>

3
IDE/Renesas/cs+/Projects/README
View File

@@ -13,6 +13,3 @@ test:
- set stack size in "bsp/stacksct.h"
Build "test" wolfCrypt
Note: It could need to initialize clock for the device. You can refer the link below
https://www.renesas.com/ja/document/apn/rx65n-group-rx651-group-initial-settings-example-rev211?language=en&r=1054461

1
IDE/Renesas/cs+/Projects/common/user_settings.h
View File

@@ -76,5 +76,4 @@
#define NO_FILESYSTEM
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))

5
IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c
View File

@@ -59,9 +59,4 @@ void abort(void)
while(1);
}
/* dummy return true when char is alphanumeric character */
int isascii(const char *s)
{
return isalnum(s);
}

4
IDE/Renesas/cs+/Projects/wolfssl_lib/wolfssl_lib.mtpj
View File

@@ -108,7 +108,7 @@
<Instance Guid="5e231ff0-c118-4dc7-a48b-4a49019341fd">
<Name>arc4.c</Name>
<Type>File</Type>
<RelativePath>..\..\..\..\..\wolfcrypt\src\arc4.c</RelativePath>
<!-- ARC4 implementation has been removed -->
<TreeImageGuid>941832c1-fc3b-4e1b-94e8-01ea17128b42</TreeImageGuid>
<ParentItem>2170607d-803e-45b0-80af-6507d495a8de</ParentItem>
</Instance>
@@ -2293,4 +2293,4 @@
<ProductVersion>8.01.00.00</ProductVersion>
</Instance>
</Class>
</CubeSuiteProject>
</CubeSuiteProject>

2
IDE/Renesas/e2studio/RX65N/GR-ROSE/wolfssl/wolfssl.rcpc
View File

@@ -28,7 +28,7 @@
</Category>
<Category Name="src">
<Path>..\..\..\..\..\..\wolfcrypt\src\aes.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\arc4.c</Path>
<!-- ARC4 implementation has been removed -->
<Path>..\..\..\..\..\..\wolfcrypt\src\asm.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\asn.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\blake2b.c</Path>

2
IDE/Renesas/e2studio/RX65N/RSK/wolfssl/wolfssl.rcpc
View File

@@ -27,7 +27,7 @@
</Category>
<Category Name="src">
<Path>..\..\..\..\..\..\wolfcrypt\src\aes.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\arc4.c</Path>
<!-- ARC4 implementation has been removed -->
<Path>..\..\..\..\..\..\wolfcrypt\src\asm.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\asn.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\blake2b.c</Path>

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/wolfssl.rcpc
View File

@@ -28,7 +28,7 @@
</Category>
<Category Name="src">
<Path>..\..\..\..\..\..\..\wolfcrypt\src\aes.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\arc4.c</Path>
<!-- ARC4 implementation has been removed -->
<Path>..\..\..\..\..\..\..\wolfcrypt\src\asm.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\asn.c</Path>
<Path>..\..\..\..\..\..\..\wolfcrypt\src\blake2b.c</Path>

2
IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl/wolfssl.rcpc
View File

@@ -27,7 +27,7 @@
</Category>
<Category Name="src">
<Path>..\..\..\..\..\..\wolfcrypt\src\aes.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\arc4.c</Path>
<!-- ARC4 implementation has been removed -->
<Path>..\..\..\..\..\..\wolfcrypt\src\asm.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\asn.c</Path>
<Path>..\..\..\..\..\..\wolfcrypt\src\blake2b.c</Path>

1
IDE/STM32Cube/README.md
View File

@@ -95,7 +95,6 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
* To enable STM32H7 support define `WOLFSSL_STM32H7`.
* To enable STM32H7S support define `WOLFSSL_STM32H7S`.
* To enable STM32WB support define `WOLFSSL_STM32WB`.
* To enable STM32WBA support define `WOLFSSL_STM32WBA`.
* To enable STM32WL support define `WOLFSSL_STM32WL`.
* To enable STM32U5 support define `WOLFSSL_STM32U5`.
* To enable STM32H5 support define `WOLFSSL_STM32H5`.

269
IDE/STM32Cube/STM32_Benchmarks.md
View File

@@ -10,7 +10,6 @@
* [STM32L562E](#stm32l562e)
* [STM32U585](#stm32u585)
* [STM32WB55](#stm32wb55)
* [STM32WBA52](#stm32wba52)
* [STM32WL55](#stm32wl55)
## STM32H753ZI
@@ -182,10 +181,6 @@ CPU: Cortex-M7 at 600 MHz
IDE: STM32CubeIDE
RTOS: Bare-metal
Notes:
* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.
* These tests were run without the SP Cortex-M assembly speedups due to issues with release optimizations possibly related to execute in place or caching.
### STM32H7S3 (-Os, HW Crypto (AES/HASH/PKA), WOLF_CONF_MATH=3 (sp_c32.c))
```
@@ -193,156 +188,123 @@ Notes:
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 2 MiB took 1.000 seconds, 1.880 MiB/s
RNG 2 MiB took 1.004 seconds, 1.897 MiB/s
AES-128-CBC-enc 16 MiB took 1.000 seconds, 15.747 MiB/s
AES-128-CBC-dec 15 MiB took 1.000 seconds, 15.454 MiB/s
AES-128-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-192-CBC-enc 16 MiB took 1.000 seconds, 15.723 MiB/s
AES-192-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-256-CBC-enc 16 MiB took 1.000 seconds, 15.723 MiB/s
AES-256-CBC-dec 15 MiB took 1.000 seconds, 15.356 MiB/s
AES-128-GCM-enc 10 MiB took 1.000 seconds, 10.132 MiB/s
AES-128-GCM-dec 10 MiB took 1.000 seconds, 10.083 MiB/s
AES-192-GCM-enc 10 MiB took 1.000 seconds, 10.156 MiB/s
AES-192-GCM-dec 10 MiB took 1.000 seconds, 10.083 MiB/s
AES-256-GCM-enc 10 MiB took 1.000 seconds, 10.156 MiB/s
AES-256-GCM-dec 10 MiB took 1.000 seconds, 10.107 MiB/s
AES-128-GCM-enc-no_AAD 10 MiB took 1.000 seconds, 10.229 MiB/s
AES-128-GCM-dec-no_AAD 10 MiB took 1.000 seconds, 10.132 MiB/s
AES-192-GCM-enc-no_AAD 10 MiB took 1.000 seconds, 10.181 MiB/s
AES-192-GCM-dec-no_AAD 10 MiB took 1.000 seconds, 10.107 MiB/s
AES-256-GCM-enc-no_AAD 10 MiB took 1.000 seconds, 10.181 MiB/s
AES-256-GCM-dec-no_AAD 10 MiB took 1.000 seconds, 10.132 MiB/s
GMAC Table 4-bit 46 MiB took 1.000 seconds, 45.835 MiB/s
CHACHA 32 MiB took 1.000 seconds, 31.519 MiB/s
CHA-POLY 15 MiB took 1.000 seconds, 15.259 MiB/s
POLY1305 57 MiB took 1.000 seconds, 56.934 MiB/s
SHA-256 90 MiB took 1.000 seconds, 90.381 MiB/s
SHA-384 98 MiB took 1.000 seconds, 97.925 MiB/s
SHA-512 98 MiB took 1.000 seconds, 97.925 MiB/s
SHA-512/224 98 MiB took 1.000 seconds, 98.120 MiB/s
SHA-512/256 98 MiB took 1.000 seconds, 98.096 MiB/s
HMAC-SHA256 71 MiB took 1.000 seconds, 71.265 MiB/s
HMAC-SHA384 89 MiB took 1.000 seconds, 88.599 MiB/s
HMAC-SHA512 89 MiB took 1.000 seconds, 88.843 MiB/s
AES-256-CBC-enc 16 MiB took 1.000 seconds, 15.698 MiB/s
AES-256-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-128-GCM-enc 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-128-GCM-dec 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-192-GCM-enc 1 MiB took 1.008 seconds, 1.041 MiB/s
AES-192-GCM-dec 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-256-GCM-enc 1 MiB took 1.016 seconds, 1.033 MiB/s
AES-256-GCM-dec 1 MiB took 1.016 seconds, 1.033 MiB/s
AES-128-GCM-enc-no_AAD 1 MiB took 1.004 seconds, 1.046 MiB/s
AES-128-GCM-dec-no_AAD 1 MiB took 1.000 seconds, 1.050 MiB/s
AES-192-GCM-enc-no_AAD 1 MiB took 1.000 seconds, 1.050 MiB/s
AES-192-GCM-dec-no_AAD 1 MiB took 1.019 seconds, 1.054 MiB/s
AES-256-GCM-enc-no_AAD 1 MiB took 1.004 seconds, 1.046 MiB/s
AES-256-GCM-dec-no_AAD 1 MiB took 1.008 seconds, 1.041 MiB/s
GMAC Table 4-bit 2 MiB took 1.000 seconds, 1.716 MiB/s
CHACHA 32 MiB took 1.000 seconds, 31.714 MiB/s
CHA-POLY 15 MiB took 1.000 seconds, 15.308 MiB/s
POLY1305 58 MiB took 1.000 seconds, 57.861 MiB/s
SHA-256 88 MiB took 1.000 seconds, 88.062 MiB/s
HMAC-SHA256 83 MiB took 1.000 seconds, 83.032 MiB/s
RSA 2048 public 352 ops took 1.000 sec, avg 2.841 ms, 352.000 ops/sec
RSA 2048 private 6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
RSA 2048 private 6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
DH 2048 key gen 15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
DH 2048 agree 16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.011 sec, avg 16.850 ms, 59.347 ops/sec
DH 2048 agree 16 ops took 1.113 sec, avg 69.563 ms, 14.376 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.008 sec, avg 16.800 ms, 59.524 ops/sec
ECDSA [ SECP256R1] 256 sign 106 ops took 1.008 sec, avg 9.509 ms, 105.159 ops/sec
ECDSA [ SECP256R1] 256 verify 102 ops took 1.004 sec, avg 9.843 ms, 101.594 ops/sec
CURVE 25519 key gen 14 ops took 1.011 sec, avg 72.214 ms, 13.848 ops/sec
CURVE 25519 agree 18 ops took 1.079 sec, avg 59.944 ms, 16.682 ops/sec
ED 25519 key gen 11 ops took 1.063 sec, avg 96.636 ms, 10.348 ops/sec
ED 25519 sign 12 ops took 1.173 sec, avg 97.750 ms, 10.230 ops/sec
ED 25519 verify 6 ops took 1.015 sec, avg 169.167 ms, 5.911 ops/sec
ECDSA [ SECP256R1] 256 verify 100 ops took 1.011 sec, avg 10.110 ms, 98.912 ops/sec
```
### STM32H7S3 (-O2, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=4 (sp_cortexm.c))
### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=6 (sp_int.c))
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 4 MiB took 1.004 seconds, 4.231 MiB/s
RNG 4 MiB took 1.000 seconds, 3.516 MiB/s
AES-128-CBC-enc 425 KiB took 1.027 seconds, 413.827 KiB/s
AES-128-CBC-dec 425 KiB took 1.020 seconds, 416.667 KiB/s
AES-192-CBC-enc 350 KiB took 1.011 seconds, 346.192 KiB/s
AES-192-CBC-dec 350 KiB took 1.012 seconds, 345.850 KiB/s
AES-256-CBC-enc 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-256-CBC-dec 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-128-GCM-enc 350 KiB took 1.000 seconds, 350.000 KiB/s
AES-128-GCM-dec 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-CBC-dec 425 KiB took 1.016 seconds, 418.307 KiB/s
AES-192-CBC-enc 350 KiB took 1.015 seconds, 344.828 KiB/s
AES-192-CBC-dec 350 KiB took 1.020 seconds, 343.137 KiB/s
AES-256-CBC-enc 300 KiB took 1.015 seconds, 295.567 KiB/s
AES-256-CBC-dec 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-128-GCM-enc 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec 375 KiB took 1.062 seconds, 353.107 KiB/s
AES-192-GCM-enc 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-256-GCM-dec 275 KiB took 1.047 seconds, 262.655 KiB/s
AES-128-GCM-enc-no_AAD 350 KiB took 1.000 seconds, 350.000 KiB/s
AES-128-GCM-dec-no_AAD 350 KiB took 1.000 seconds, 350.000 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.003 seconds, 299.103 KiB/s
AES-256-GCM-enc 275 KiB took 1.047 seconds, 262.655 KiB/s
AES-256-GCM-dec 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-128-GCM-enc-no_AAD 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec-no_AAD 375 KiB took 1.062 seconds, 353.107 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-256-GCM-dec-no_AAD 275 KiB took 1.047 seconds, 262.655 KiB/s
GMAC Table 4-bit 9 MiB took 1.000 seconds, 8.525 MiB/s
CHACHA 52 MiB took 1.000 seconds, 51.636 MiB/s
CHA-POLY 28 MiB took 1.000 seconds, 28.052 MiB/s
POLY1305 164 MiB took 1.000 seconds, 164.258 MiB/s
SHA-256 16 MiB took 1.000 seconds, 16.064 MiB/s
SHA-384 8 MiB took 1.000 seconds, 8.398 MiB/s
SHA-512 8 MiB took 1.000 seconds, 8.398 MiB/s
SHA-512/224 8 MiB took 1.000 seconds, 8.398 MiB/s
SHA-512/256 8 MiB took 1.000 seconds, 8.374 MiB/s
HMAC-SHA256 16 MiB took 1.000 seconds, 15.894 MiB/s
HMAC-SHA384 8 MiB took 1.000 seconds, 8.252 MiB/s
HMAC-SHA512 8 MiB took 1.000 seconds, 8.276 MiB/s
RSA 2048 public 598 ops took 1.000 sec, avg 1.672 ms, 598.000 ops/sec
RSA 2048 private 18 ops took 1.074 sec, avg 59.667 ms, 16.760 ops/sec
DH 2048 key gen 37 ops took 1.024 sec, avg 27.676 ms, 36.133 ops/sec
DH 2048 agree 38 ops took 1.051 sec, avg 27.658 ms, 36.156 ops/sec
ECC [ SECP256R1] 256 key gen 906 ops took 1.000 sec, avg 1.104 ms, 906.000 ops/sec
ECDHE [ SECP256R1] 256 agree 562 ops took 1.000 sec, avg 1.779 ms, 562.000 ops/sec
ECDSA [ SECP256R1] 256 sign 304 ops took 1.004 sec, avg 3.303 ms, 302.789 ops/sec
ECDSA [ SECP256R1] 256 verify 232 ops took 1.004 sec, avg 4.328 ms, 231.076 ops/sec
CURVE 25519 key gen 16 ops took 1.008 sec, avg 63.000 ms, 15.873 ops/sec
CURVE 25519 agree 20 ops took 1.023 sec, avg 51.150 ms, 19.550 ops/sec
ED 25519 key gen 12 ops took 1.016 sec, avg 84.667 ms, 11.811 ops/sec
ED 25519 sign 12 ops took 1.028 sec, avg 85.667 ms, 11.673 ops/sec
ED 25519 verify 8 ops took 1.176 sec, avg 147.000 ms, 6.803 ops/sec
AES-256-GCM-dec-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
GMAC Table 4-bit 8 MiB took 1.000 seconds, 8.456 MiB/s
CHACHA 51 MiB took 1.000 seconds, 50.879 MiB/s
CHA-POLY 27 MiB took 1.000 seconds, 27.100 MiB/s
POLY1305 165 MiB took 1.000 seconds, 164.990 MiB/s
SHA-256 16 MiB took 1.000 seconds, 16.382 MiB/s
HMAC-SHA256 16 MiB took 1.000 seconds, 16.187 MiB/s
RSA 2048 public 358 ops took 1.004 sec, avg 2.804 ms, 356.574 ops/sec
RSA 2048 private 6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
DH 2048 key gen 15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
DH 2048 agree 16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.015 sec, avg 16.917 ms, 59.113 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDSA [ SECP256R1] 256 sign 48 ops took 1.008 sec, avg 21.000 ms, 47.619 ops/sec
ECDSA [ SECP256R1] 256 verify 28 ops took 1.019 sec, avg 36.393 ms, 27.478 ops/sec
```
### STM32H7S3 (-O2, No HW Crypto, WOLF_CONF_ARMASM=0, WOLF_CONF_MATH=6 (sp_int.c))
### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=3 (sp_c32.c))
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 2 MiB took 1.004 seconds, 2.189 MiB/s
AES-128-CBC-enc 425 KiB took 1.044 seconds, 407.088 KiB/s
AES-128-CBC-dec 350 KiB took 1.032 seconds, 339.147 KiB/s
AES-192-CBC-enc 350 KiB took 1.031 seconds, 339.476 KiB/s
AES-192-CBC-dec 300 KiB took 1.059 seconds, 283.286 KiB/s
AES-256-CBC-enc 300 KiB took 1.027 seconds, 292.113 KiB/s
AES-256-CBC-dec 250 KiB took 1.027 seconds, 243.427 KiB/s
AES-128-GCM-enc 350 KiB took 1.055 seconds, 331.754 KiB/s
AES-128-GCM-dec 350 KiB took 1.055 seconds, 331.754 KiB/s
AES-192-GCM-enc 300 KiB took 1.059 seconds, 283.286 KiB/s
AES-192-GCM-dec 300 KiB took 1.059 seconds, 283.286 KiB/s
AES-256-GCM-enc 250 KiB took 1.008 seconds, 248.016 KiB/s
AES-256-GCM-dec 250 KiB took 1.008 seconds, 248.016 KiB/s
AES-128-GCM-enc-no_AAD 350 KiB took 1.051 seconds, 333.016 KiB/s
AES-128-GCM-dec-no_AAD 350 KiB took 1.071 seconds, 326.797 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.055 seconds, 284.360 KiB/s
AES-192-GCM-dec-no_AAD 300 KiB took 1.055 seconds, 284.360 KiB/s
AES-256-GCM-enc-no_AAD 250 KiB took 1.004 seconds, 249.004 KiB/s
AES-256-GCM-dec-no_AAD 250 KiB took 1.004 seconds, 249.004 KiB/s
GMAC Table 4-bit 2 MiB took 1.000 seconds, 1.690 MiB/s
CHACHA 36 MiB took 1.000 seconds, 35.522 MiB/s
CHA-POLY 14 MiB took 1.000 seconds, 14.185 MiB/s
POLY1305 78 MiB took 1.000 seconds, 77.686 MiB/s
SHA-256 6 MiB took 1.000 seconds, 5.591 MiB/s
SHA-384 6 MiB took 1.000 seconds, 6.470 MiB/s
SHA-512 6 MiB took 1.000 seconds, 6.348 MiB/s
SHA-512/224 6 MiB took 1.000 seconds, 6.348 MiB/s
SHA-512/256 6 MiB took 1.000 seconds, 6.348 MiB/s
HMAC-SHA256 6 MiB took 1.000 seconds, 5.542 MiB/s
HMAC-SHA384 6 MiB took 1.000 seconds, 6.250 MiB/s
HMAC-SHA512 6 MiB took 1.000 seconds, 6.299 MiB/s
RSA 2048 public 382 ops took 1.000 sec, avg 2.618 ms, 382.000 ops/sec
RSA 2048 private 8 ops took 1.196 sec, avg 149.500 ms, 6.689 ops/sec
DH 2048 key gen 17 ops took 1.039 sec, avg 61.118 ms, 16.362 ops/sec
DH 2048 agree 18 ops took 1.098 sec, avg 61.000 ms, 16.393 ops/sec
ECC [ SECP256R1] 256 key gen 64 ops took 1.020 sec, avg 15.937 ms, 62.745 ops/sec
ECDHE [ SECP256R1] 256 agree 64 ops took 1.016 sec, avg 15.875 ms, 62.992 ops/sec
ECDSA [ SECP256R1] 256 sign 52 ops took 1.035 sec, avg 19.904 ms, 50.242 ops/sec
ECDSA [ SECP256R1] 256 verify 30 ops took 1.035 sec, avg 34.500 ms, 28.986 ops/sec
CURVE 25519 key gen 16 ops took 1.008 sec, avg 63.000 ms, 15.873 ops/sec
CURVE 25519 agree 20 ops took 1.020 sec, avg 51.000 ms, 19.608 ops/sec
ED 25519 key gen 13 ops took 1.094 sec, avg 84.154 ms, 11.883 ops/sec
ED 25519 sign 12 ops took 1.004 sec, avg 83.667 ms, 11.952 ops/sec
ED 25519 verify 8 ops took 1.149 sec, avg 143.625 ms, 6.963 ops/sec
RNG 4 MiB took 1.004 seconds, 3.939 MiB/s
AES-128-CBC-enc 425 KiB took 1.028 seconds, 413.424 KiB/s
AES-128-CBC-dec 425 KiB took 1.019 seconds, 417.076 KiB/s
AES-192-CBC-enc 350 KiB took 1.016 seconds, 344.488 KiB/s
AES-192-CBC-dec 350 KiB took 1.016 seconds, 344.488 KiB/s
AES-256-CBC-enc 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-256-CBC-dec 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-128-GCM-enc 375 KiB took 1.066 seconds, 351.782 KiB/s
AES-128-GCM-dec 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-192-GCM-enc 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec 300 KiB took 1.003 seconds, 299.103 KiB/s
AES-256-GCM-enc 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-256-GCM-dec 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-128-GCM-enc-no_AAD 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec-no_AAD 375 KiB took 1.066 seconds, 351.782 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.000 seconds, 300.000 KiB/s
AES-192-GCM-dec-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc-no_AAD 275 KiB took 1.047 seconds, 262.655 KiB/s
AES-256-GCM-dec-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
GMAC Table 4-bit 8 MiB took 1.000 seconds, 8.439 MiB/s
CHACHA 51 MiB took 1.000 seconds, 51.147 MiB/s
CHA-POLY 28 MiB took 1.000 seconds, 27.588 MiB/s
POLY1305 168 MiB took 1.000 seconds, 168.140 MiB/s
SHA-256 16 MiB took 1.000 seconds, 16.333 MiB/s
HMAC-SHA256 16 MiB took 1.000 seconds, 16.016 MiB/s
RSA 2048 public 360 ops took 1.004 sec, avg 2.789 ms, 358.566 ops/sec
RSA 2048 private 6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
DH 2048 key gen 15 ops took 1.050 sec, avg 70.000 ms, 14.286 ops/sec
DH 2048 agree 16 ops took 1.098 sec, avg 68.625 ms, 14.572 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDSA [ SECP256R1] 256 sign 48 ops took 1.012 sec, avg 21.083 ms, 47.431 ops/sec
ECDSA [ SECP256R1] 256 verify 28 ops took 1.020 sec, avg 36.429 ms, 27.451 ops/sec
```
@@ -464,57 +426,6 @@ Benchmark Test: Return code 0
```
## STM32WBA52
Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
Board: NUCLEO-WBA52CG
CPU: Cortex-M33 at 96MHz
IDE: STM32CubeIDE
RTOS: Bare-metal
### STM32WBA52 (STM AES/Hash/PKA ECC Acceleration, -Os, SP-C32)
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
Running wolfCrypt Benchmarks...
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 275 KiB took 1.020 seconds, 269.608 KiB/s
AES-128-CBC-enc 4 MiB took 1.000 seconds, 4.395 MiB/s
AES-128-CBC-dec 4 MiB took 1.000 seconds, 4.370 MiB/s
AES-256-CBC-enc 4 MiB took 1.000 seconds, 4.102 MiB/s
AES-256-CBC-dec 4 MiB took 1.000 seconds, 4.077 MiB/s
AES-128-GCM-enc 575 KiB took 1.031 seconds, 557.711 KiB/s
AES-128-GCM-dec 575 KiB took 1.032 seconds, 557.171 KiB/s
AES-256-GCM-enc 550 KiB took 1.000 seconds, 550.000 KiB/s
AES-256-GCM-dec 550 KiB took 1.000 seconds, 550.000 KiB/s
AES-128-GCM-enc-no_AAD 575 KiB took 1.024 seconds, 561.523 KiB/s
AES-128-GCM-dec-no_AAD 575 KiB took 1.023 seconds, 562.072 KiB/s
AES-256-GCM-enc-no_AAD 575 KiB took 1.039 seconds, 553.417 KiB/s
AES-256-GCM-dec-no_AAD 575 KiB took 1.039 seconds, 553.417 KiB/s
GMAC Table 4-bit 1 MiB took 1.000 seconds, 1.266 MiB/s
CHACHA 3 MiB took 1.004 seconds, 2.942 MiB/s
CHA-POLY 2 MiB took 1.008 seconds, 1.865 MiB/s
POLY1305 7 MiB took 1.000 seconds, 7.251 MiB/s
SHA-256 7 MiB took 1.000 seconds, 7.495 MiB/s
SHA-384 600 KiB took 1.039 seconds, 577.478 KiB/s
HMAC-SHA256 7 MiB took 1.000 seconds, 7.275 MiB/s
HMAC-SHA384 575 KiB took 1.012 seconds, 568.182 KiB/s
RSA 2048 public 62 ops took 1.019 sec, avg 16.435 ms, 60.844 ops/sec
RSA 2048 private 2 ops took 1.102 sec, avg 551.000 ms, 1.815 ops/sec
DH 2048 key gen 4 ops took 1.086 sec, avg 271.500 ms, 3.683 ops/sec
DH 2048 agree 4 ops took 1.086 sec, avg 271.500 ms, 3.683 ops/sec
ECC [ SECP256R1] 256 key gen 114 ops took 1.000 sec, avg 8.772 ms, 114.000 ops/sec
ECDHE [ SECP256R1] 256 agree 54 ops took 1.024 sec, avg 18.963 ms, 52.734 ops/sec
ECDSA [ SECP256R1] 256 sign 36 ops took 1.047 sec, avg 29.083 ms, 34.384 ops/sec
ECDSA [ SECP256R1] 256 verify 34 ops took 1.019 sec, avg 29.971 ms, 33.366 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```
## STM32WL55
Supports RNG, ECC P-256 and AES-CBC acceleration.

15
IDE/STM32Cube/default_conf.ftl
View File

@@ -76,13 +76,6 @@ extern ${variable.value} ${variable.name};
#define WOLFSSL_STM32_PKA
#undef NO_STM32_CRYPTO
#define HAL_CONSOLE_UART huart1
#elif defined(STM32WBA52xx)
#define WOLFSSL_STM32WBA
#define WOLFSSL_STM32_PKA
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
/* NUCLEO-WBA52CG USART1 (TX=PB12 / RX=PA8) */
#define HAL_CONSOLE_UART huart1
#elif defined(STM32WL55xx)
#define WOLFSSL_STM32WL
#define WOLFSSL_STM32_PKA
@@ -595,11 +588,11 @@ extern ${variable.value} ${variable.name};
#undef WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#undef WOLFSSL_HAVE_MLKEM
#define WOLFSSL_HAVE_MLKEM
#undef WOLFSSL_HAVE_KYBER
#define WOLFSSL_HAVE_KYBER
#undef WOLFSSL_WC_MLKEM
#define WOLFSSL_WC_MLKEM
#undef WOLFSSL_WC_KYBER
#define WOLFSSL_WC_KYBER
#undef WOLFSSL_NO_SHAKE128
#undef WOLFSSL_SHAKE128

2
IDE/STM32Cube/wolfssl_example.c
View File

@@ -1750,7 +1750,7 @@ static int tls13_uart_client(void)
wolfSSL_SetIOReadCtx(ssl, tbuf);
#ifdef WOLFSSL_HAVE_MLKEM
#ifdef WOLFSSL_HAVE_KYBER
#ifndef WOLFSSL_NO_ML_KEM
if (wolfSSL_UseKeyShare(ssl, WOLFSSL_ML_KEM_512) != WOLFSSL_SUCCESS) {
printf("wolfSSL_UseKeyShare Error!!");

2
IDE/VS-ARM/wolfssl.vcxproj
View File

@@ -44,7 +44,7 @@
<ClCompile Include="..\..\src\tls.c" />
<ClCompile Include="..\..\src\tls13.c" />
<ClCompile Include="..\..\wolfcrypt\src\aes.c" />
<ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
<!-- ARC4 implementation has been removed -->
<ClCompile Include="..\..\wolfcrypt\src\asn.c" />
<ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
<ClCompile Include="..\..\wolfcrypt\src\camellia.c" />

2
IDE/VS-AZURE-SPHERE/wolfssl.vcxproj
View File

@@ -22,7 +22,7 @@
<ClCompile Include="..\..\src\tls13.c" />
<ClCompile Include="..\..\src\wolfio.c" />
<ClCompile Include="..\..\wolfcrypt\src\aes.c" />
<ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
<!-- ARC4 implementation has been removed -->
<ClCompile Include="..\..\wolfcrypt\src\asn.c" />
<ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
<ClCompile Include="..\..\wolfcrypt\src\camellia.c" />

10
IDE/WIN10/wolfssl-fips.rc
View File

@@ -51,8 +51,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 5,8,0,0
PRODUCTVERSION 5,8,0,0
FILEVERSION 5,7,6,0
PRODUCTVERSION 5,7,6,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "wolfSSL Inc."
VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set."
VALUE "FileVersion", "5.8.0.0"
VALUE "FileVersion", "5.7.6.0"
VALUE "InternalName", "wolfssl-fips"
VALUE "LegalCopyright", "Copyright (C) 2025"
VALUE "LegalCopyright", "Copyright (C) 2024"
VALUE "OriginalFilename", "wolfssl-fips.dll"
VALUE "ProductName", "wolfSSL FIPS"
VALUE "ProductVersion", "5.8.0.0"
VALUE "ProductVersion", "5.7.6.0"
END
END
BLOCK "VarFileInfo"

7
IDE/XCODE-FIPSv6/README
View File

@@ -1,7 +0,0 @@
- The user_settings.h in this directory is intended for use with the FIPS 140-3
submission candidate for upcoming SRTP-KDF submission. As such it is subject to
change between now and when the CMVP issues the wolfCrypt FIPS 140-3
certificate.
- Last updated: 28 Feb 2025

9
IDE/XCODE-FIPSv6/include.am
View File

@@ -1,9 +0,0 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
# NOTE: The app will be stored in wolfssl/fips repository and copied
# into the proper release bundles when packaging the release.
EXTRA_DIST+= IDE/XCODE-FIPSv6/user_settings.h
EXTRA_DIST+= IDE/XCODE-FIPSv6/README

949
IDE/XCODE-FIPSv6/user_settings.h
View File

@@ -1,949 +0,0 @@
/* user_settings.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Custom wolfSSL user settings for GCC ARM */
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_GENERAL_ALIGNMENT
#define WOLFSSL_GENERAL_ALIGNMENT 4
#undef SINGLE_THREADED
//#define SINGLE_THREADED
#undef WOLFSSL_SMALL_STACK
//#define WOLFSSL_SMALL_STACK
#undef WOLFSSL_USER_IO
//#define WOLFSSL_USER_IO
#undef ANDROID_V454
/* #define ANDROID_V454 */ /* application specific stuff in benchmark and harness from 140-2 days, carry
* over to 140-3 work also */
#undef NO_WRITE_TEMP_FILES
#define NO_WRITE_TEMP_FILES
#ifdef ANDROID_V454
#define MAX_FIPS_DATA_SZ 50000000
#define MAX_FIPS_CODE_SZ 50000000
#if 0
/* To have all printouts go to the app view on the device use: */
extern int appendToTextView(const char* fmt, ...);
#undef printf
#define printf(format, ...) appendToTextView(format, ## __VA_ARGS__)
#else
#include <stdio.h>
#include <android/log.h>
#include <unistd.h>
/* Inline function for WOLFLOGV */
static inline int wolf_logv(const char* fmt, ...) {
usleep(500); /* Sleep for 0.5 millisecond */
va_list args;
va_start(args, fmt);
int n = __android_log_vprint(ANDROID_LOG_VERBOSE,
"wolfCrypt_android", fmt, args);
va_end(args);
usleep(500); /* Sleep for 0.5 millisecond */
return n;
}
#define WOLFLOGV(...) wolf_logv(__VA_ARGS__)
#undef printf
#define printf WOLFLOGV
#endif
#endif
/* Uncomment for iOS devices with PAA */
#undef IPHONE
#define IPHONE
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef SIZEOF_LONG_LONG
#define SIZEOF_LONG_LONG 8
/* Maximum math bits (Max RSA key bits * 2) */
#undef FP_MAX_BITS
#define FP_MAX_BITS 16384
/* Maximum math bits (largest supported key bits) */
#undef SP_INT_BITS
#define SP_INT_BITS 8192
#undef USE_FAST_MATH
#if 0 /* Flip to 1 for PAA with single precision */
#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_INT_NEGATIVE
#else
#define USE_FAST_MATH
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
#define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
#undef TFM_NO_ASM
//#define TFM_NO_ASM
#if 0 /* Flip to 1 for PAA with tfm */
/* Optimizations */
#define TFM_ARM
#endif
#endif
/* Wolf Single Precision Math */
#undef WOLFSSL_SP
#if 0 /* SP Assembly Speedups (wPAA) */ /* Flip to 1 for PAA with tfm or single precision */
#define WOLFSSL_SP
//#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_SP_1024
#undef WOLFCRYPT_HAVE_SAKKE
#define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
#define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */
#define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */
#define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
/* Customer indicated no desire for PAA, leave out */
#if 0 /* Flip to 1 for PAA with single precision */
#define WOLFSSL_ARMASM
#define WOLFSSL_SP_ARM64
#define WOLFSSL_SP_ARM64_ASM
#define WOLFSSL_ARMASM_INLINE
#endif
#endif
/* ------------------------------------------------------------------------- */
/* FIPS - Requires eval or license from wolfSSL */
/* ------------------------------------------------------------------------- */
#undef HAVE_FIPS
#if 1
#define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
1EF567FF471CFF983D21DA74623BDD14CCBCD0B14DADA8E4A9A79A47DEE82F3C
#define HAVE_FIPS
#undef HAVE_FIPS_VERSION
#define HAVE_FIPS_VERSION 6
#undef HAVE_FIPS_VERSION_MAJOR
#define HAVE_FIPS_VERSION_MAJOR HAVE_FIPS_VERSION
#undef HAVE_FIPS_VERSION_MINOR
#define HAVE_FIPS_VERSION_MINOR 0
#undef HAVE_FIPS_VERSION_PATCH
#define HAVE_FIPS_VERSION_PATCH 0
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
#undef WOLFSSL_ECDSA_SET_K
#define WOLFSSL_ECDSA_SET_K
#undef WC_RNG_SEED_CB
#define WC_RNG_SEED_CB
#ifdef SINGLE_THREADED
#undef NO_THREAD_LS
#define NO_THREAD_LS
#endif
#if 0
#undef NO_ATTRIBUTE_CONSTRUCTOR
#define NO_ATTRIBUTE_CONSTRUCTOR
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
/* half as much memory but twice as slow */
#undef RSA_LOW_MEM
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#if 1
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else
#undef WC_NO_HARDEN
#define WC_NO_HARDEN
#endif
/* RSA PSS Support */
#if 1
#undef WC_RSA_PSS
#define WC_RSA_PSS
#undef WOLFSSL_PSS_LONG_SALT
#define WOLFSSL_PSS_LONG_SALT
#undef WOLFSSL_PSS_SALT_LEN_DISCOVER /* ? */
#define WOLFSSL_PSS_SALT_LEN_DISCOVER /* ? */
#endif
#if 1
#define WC_RSA_NO_PADDING
#endif
#else
#define NO_RSA
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#undef ECC_USER_CURVES
#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
#define HAVE_ECC192
#define HAVE_ECC224
#undef NO_ECC256
#define HAVE_ECC256
#define HAVE_ECC384
#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
#undef FP_ECC
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#undef FP_ENTRIES
#define FP_ENTRIES 2
#undef FP_LUT
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#undef ECC_SHAMIR
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#undef ECC_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#ifdef HAVE_FIPS
#undef HAVE_ECC_CDH
#define HAVE_ECC_CDH /* Enable cofactor support */
#undef NO_STRICT_ECDSA_LEN
#define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
#undef WOLFSSL_VALIDATE_ECC_IMPORT
#define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
#undef WOLFSSL_VALIDATE_ECC_KEYGEN
#define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
#endif
/* Compressed Key Support */
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#ifdef NO_RSA
/* Custom fastmath size if not using RSA */
#undef FP_MAX_BITS
#define FP_MAX_BITS (256 * 2)
#else
#undef ALT_ECC_SIZE
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
//#undef FP_MAX_BITS_ECC
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#undef TFM_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* DH */
#undef NO_DH
#if 1
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define HAVE_DH_DEFAULT_PARAMS
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define HAVE_FFDHE_6144
#define HAVE_FFDHE_8192
#endif
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#else
#define NO_DH
#endif
/* AES */
#undef NO_AES
#if 1
#undef HAVE_AES_CBC
#define HAVE_AES_CBC
#undef HAVE_AESGCM
#define HAVE_AESGCM
/* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
* GCM_TABLE_4BIT */
#define GCM_TABLE_4BIT
#undef WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_DIRECT
#undef HAVE_AES_ECB
#define HAVE_AES_ECB
#undef WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_COUNTER
#undef HAVE_AESCCM
#define HAVE_AESCCM
#undef WOLFSSL_AES_OFB
#define WOLFSSL_AES_OFB
/* Required for module v6.0.0 */
#undef WOLFSSL_AES_CFB
#define WOLFSSL_AES_CFB
#undef WOLFSSL_AES_XTS
#define WOLFSSL_AES_XTS
#undef WOLFSSL_AESXTS_STREAM
#define WOLFSSL_AESXTS_STREAM
#undef WOLFSSL_AES_128
#define WOLFSSL_AES_128
#undef WOLFSSL_AES_256
#define WOLFSSL_AES_256
#undef WOLFSSL_AESGCM_STREAM
#define WOLFSSL_AESGCM_STREAM
#undef HAVE_AES_KEYWRAP
#define HAVE_AES_KEYWRAP
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 0
#if 1
#undef WOLFSSL_DES_ECB
#define WOLFSSL_DES_ECB
#endif
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 0
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#undef HAVE_ONE_TIME_AUTH
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
/* Required for module v6.0.0 */
#if 1
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
#define WOLFSSL_ED25519_STREAMING_VERIFY
#define HAVE_ED25519_KEY_IMPORT
/* Optionally use small math (less flash usage, but much slower) */
#if 0
#define CURVED25519_SMALL
#endif
#endif
/* Ed448 / Curve448 */
/* Required for module v6.0.0 */
#if 1
#define HAVE_CURVE448
#define HAVE_ED448
#define WOLFSSL_ED448_STREAMING_VERIFY
#define HAVE_ED448_KEY_IMPORT
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 1
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 1
#define WOLFSSL_SHA512
#define WOLFSSL_NOSHA512_224 /* Not in FIPS mode */
#define WOLFSSL_NOSHA512_256 /* Not in FIPS mode */
/* Sha384 */
#undef WOLFSSL_SHA384
#if 1
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 1
#define WOLFSSL_SHA3
/* Required to not be disabled for module v6.0.0 */
#if 0
#undef WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE128
#undef WOLFSSL_NO_SHAKE256
#define WOLFSSL_NO_SHAKE256
#else
#define WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE128
#endif
#endif
/* MD5 */
#undef NO_MD5
#if 0
#else
#define NO_MD5
#endif
/* HKDF / PRF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#define WOLFSSL_HAVE_PRF
/* Required for module v6.0.0 */
#define WC_SRTP_KDF
#define HAVE_PBKDF2
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
#endif
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#undef BENCH_EMBEDDED
#define BENCH_EMBEDDED
#undef USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_2048
#undef USE_CERT_BUFFERS_1024
//#define USE_CERT_BUFFERS_1024
#undef USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_256
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 1
//#define DEBUG_WOLFSSL
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
/* Override Memory API's */
#if 0
#undef XMALLOC_OVERRIDE
#define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);
extern void *myRealloc(void *p, size_t n, void* heap, int type);
#define XMALLOC(n, h, t) myMalloc(n, h, t)
#define XFREE(p, h, t) myFree(p, h, t)
#define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
#endif
#if 0
/* Static memory requires fast math */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* Memory callbacks */
#if 1
#undef USE_WOLFSSL_MEMORY
#define USE_WOLFSSL_MEMORY
/* Use this to measure / print heap usage */
#if 0
#undef WOLFSSL_TRACK_MEMORY
// #define WOLFSSL_TRACK_MEMORY
#undef WOLFSSL_DEBUG_MEMORY
//#define WOLFSSL_DEBUG_MEMORY
#undef WOLFSSL_DEBUG_MEMORY_PRINT
//#define WOLFSSL_DEBUG_MEMORY_PRINT
#endif
#else
#ifndef WOLFSSL_STATIC_MEMORY
#define NO_WOLFSSL_MEMORY
/* Otherwise we will use stdlib malloc, free and realloc */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
//#define WOLFSSL_USER_CURRTIME
//#define WOLFSSL_GMTIME
//#define USER_TICKS
//extern unsigned long my_time(unsigned long* timer);
//#define XTIME my_time
/* ------------------------------------------------------------------------- */
/* RNG */
/* ------------------------------------------------------------------------- */
/* Seed Source */
/* Seed Source */
// extern int my_rng_generate_seed(unsigned char* output, int sz);
// #undef CUSTOM_RAND_GENERATE_SEED
// #define CUSTOM_RAND_GENERATE_SEED my_rng_generate_seed
/* Choose RNG method */
#if 1
/* Use built-in P-RNG (SHA256 based) with HW RNG */
/* P-RNG + HW RNG (P-RNG is ~8K) */
//#define WOLFSSL_GENSEED_FORTEST
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
#else
#undef WC_NO_HASHDRBG
#define WC_NO_HASHDRBG
/* Bypass P-RNG and use only HW RNG */
extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
#undef CUSTOM_RAND_GENERATE_BLOCK
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block
#endif
/* ------------------------------------------------------------------------- */
/* Custom Standard Lib */
/* ------------------------------------------------------------------------- */
/* Allows override of all standard library functions */
#undef STRING_USER
#if 0
#define STRING_USER
#include <string.h>
#undef USE_WOLF_STRSEP
#define USE_WOLF_STRSEP
#define XSTRSEP(s1,d) wc_strsep((s1),(d))
#undef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK
#define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
#define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l) memmove((d),(s),(l))
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
#define XSTRSTR(s1,s2) strstr((s1),(s2))
#define XSTRNCMP(s1,s2,n) strncmp((s1),(s2),(n))
#define XSTRNCAT(s1,s2,n) strncat((s1),(s2),(n))
#define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
#define XSNPRINTF snprintf
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#undef WOLFSSL_ASN_TEMPLATE
#define WOLFSSL_ASN_TEMPLATE
#undef WOLFSSL_ASN_PRINT
#define WOLFSSL_ASN_PRINT
#undef WOLFSSL_TLS13
#if 1
#define WOLFSSL_TLS13
#endif
#undef WOLFSSL_KEY_GEN
#if 1
#define WOLFSSL_KEY_GEN
#endif
#if defined(HAVE_FIPS) && !defined(WOLFSSL_KEY_GEN)
#define WOLFSSL_OLD_PRIME_CHECK
#endif
#undef KEEP_PEER_CERT
//#define KEEP_PEER_CERT
#undef HAVE_COMP_KEY
//#define HAVE_COMP_KEY
#undef HAVE_TLS_EXTENSIONS
#define HAVE_TLS_EXTENSIONS
#undef HAVE_EXTENDED_MASTER
#define HAVE_EXTENDED_MASTER
#undef HAVE_SUPPORTED_CURVES
#define HAVE_SUPPORTED_CURVES
#undef WOLFSSL_BASE64_ENCODE
#define WOLFSSL_BASE64_ENCODE
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
#undef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef WOLFSSL_DER_LOAD
#define WOLFSSL_DER_LOAD
#undef HAVE_SESSION_TICKET
#define HAVE_SESSION_TICKET
#undef HAVE_EX_DATA
#define HAVE_EX_DATA
#undef HAVE_ENCRYPT_THEN_MAC
#define HAVE_ENCRYPT_THEN_MAC
#undef WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_GEN
#undef ATOMIC_USER
#define ATOMIC_USER
#undef HAVE_SECRET_CALLBACK
#define HAVE_SECRET_CALLBACK
/* wolfEngine */
#if 0
#define OPENSSL_COEXIST
/* HKDF for engine */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#define HAVE_X963_KDF
#endif
#undef WOLFSSL_PUBLIC_MP
#define WOLFSSL_PUBLIC_MP
#undef NO_OLD_RNGNAME
#define NO_OLD_RNGNAME
#undef NO_OLD_WC_NAMES
#define NO_OLD_WC_NAMES
#undef NO_OLD_SSL_NAMES
#define NO_OLD_SSL_NAMES
#undef NO_OLD_SHA_NAMES
#define NO_OLD_SHA_NAMES
#undef NO_OLD_MD5_NAME
#define NO_OLD_MD5_NAME
#undef NO_OLD_SHA256_NAMES
#define NO_OLD_SHA256_NAMES
#endif
#undef WOLFSSL_SYS_CA_CERTS
//#define WOLFSSL_SYS_CA_CERTS
#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
#undef HAVE_SERVER_RENEGOTIATION_INFO
#define HAVE_SERVER_RENEGOTIATION_INFO
#undef WOLFSSL_PEM_TO_DER
#define WOLFSSL_PEM_TO_DER
#undef WOLFSSL_PUB_PEM_TO_DER
#define WOLFSSL_PUB_PEM_TO_DER
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
#undef NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_SERVER
#undef NO_WOLFSSL_CLIENT
//#define NO_WOLFSSL_CLIENT
#undef NO_CRYPT_TEST
//#define NO_CRYPT_TEST
#undef NO_CRYPT_BENCHMARK
//#define NO_CRYPT_BENCHMARK
#undef WOLFCRYPT_ONLY
#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
#undef NO_INLINE
//#define NO_INLINE
#undef NO_FILESYSTEM
//#define NO_FILESYSTEM
#undef NO_WRITEV
//#define NO_WRITEV
#undef NO_MAIN_DRIVER
#define NO_MAIN_DRIVER
#undef NO_DEV_RANDOM
//#define NO_DEV_RANDOM
#undef NO_DSA
#define NO_DSA
#undef NO_RC4
#define NO_RC4
#undef NO_OLD_TLS
#define NO_OLD_TLS
#undef NO_PSK
#define NO_PSK
#undef NO_MD4
#define NO_MD4
#undef NO_PWDBASED
//#define NO_PWDBASED
#undef NO_CODING
//#define NO_CODING
#undef NO_ASN_TIME
//#define NO_ASN_TIME
#undef NO_CERTS
//#define NO_CERTS
#undef NO_SIG_WRAPPER
//#define NO_SIG_WRAPPER
#undef NO_DO178
#define NO_DO178
/* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
#if 1
#ifndef WOLFSSL_PUBLIC_MP
#define WOLFSSL_PUBLIC_MP
#endif
#define OPTEST_LOGGING_ENABLED
#define DEBUG_FIPS_VERBOSE
#ifndef DEBUG_WOLFSSL
//#define DEBUG_WOLFSSL
#endif
#define OPTEST_RUNNING_ORGANIC
#define OPTEST_INVALID_LOGGING_ENABLED
#define HAVE_FORCE_FIPS_FAILURE
#define DEEPLY_EMBEDDED
#define OPTEST_LOG_TE_MAPPING
#define NO_MAIN_OPTEST_DRIVER
#define NO_MAIN_DRIVER
#define NO_MAIN_HARNESS_DRIVER
#ifdef BENCH_EMBEDDED
/* NOTE: Can not be on for operational testing */
#undef BENCH_EMBEDDED
#endif
#define NO_WRITE_TEMP_FILES
#endif
/* Customer Specific Section */
/* #define CUSTOMER_1_IOS */
#ifdef CUSTOMER_1_IOS
/* not certified, disable for full FIPS compliance, will attempt to include
* in UPDT submission and/or next FS submission */
#undef HAVE_PKCS7
#define HAVE_PKCS7
#undef HAVE_SNI
#define HAVE_SNI
#undef HAVE_THREAD_LS
#define HAVE_THREAD_LS
/* Not certifiable but external to module boundary and out of scope */
#undef WOLFCRYPT_HAVE_ECCSI
#define WOLFCRYPT_HAVE_ECCSI
#undef WOLFSSL_DTLS
#define WOLFSSL_DTLS
#undef WOLFSSL_DTLS_MTU
#define WOLFSSL_DTLS_MTU
/* OpenSSL Compatibility (NOTE: Incompatible with wolfEngine and
OPENSSL_COEXIST) */
#ifndef OPENSSL_COEXIST
#undef OPENSSL_EXTRA
#if 1
#define OPENSSL_EXTRA
/* Larger footprint but enable ALL compatibility not just a subset */
#if 1
#define OPENSSL_ALL
#endif
#endif
#endif
#endif /* CUSTOMER_1_IOS */
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

8
IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj
View File

@@ -63,7 +63,7 @@
A4ADF8E51FCE0C5600A06E90 /* sha.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF8891FCE0C4D00A06E90 /* sha.c */; };
A4ADF8EA1FCE0C5600A06E90 /* ge_operations.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF88E1FCE0C4E00A06E90 /* ge_operations.c */; };
A4ADF8EB1FCE0C5600A06E90 /* chacha20_poly1305.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF88F1FCE0C4E00A06E90 /* chacha20_poly1305.c */; };
A4ADF8EE1FCE0C5600A06E90 /* arc4.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF8921FCE0C4E00A06E90 /* arc4.c */; };
/* ARC4 implementation has been removed */
A4ADF8F01FCE0C5600A06E90 /* memory.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF8941FCE0C4E00A06E90 /* memory.c */; };
A4ADF8F31FCE0C5600A06E90 /* rsa.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF8971FCE0C4F00A06E90 /* rsa.c */; };
A4ADF8F41FCE0C5600A06E90 /* pkcs7.c in Sources */ = {isa = PBXBuildFile; fileRef = A4ADF8981FCE0C4F00A06E90 /* pkcs7.c */; };
@@ -168,7 +168,7 @@
A4ADF8891FCE0C4D00A06E90 /* sha.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sha.c; path = ../../../wolfcrypt/src/sha.c; sourceTree = "<group>"; };
A4ADF88E1FCE0C4E00A06E90 /* ge_operations.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ge_operations.c; path = ../../../wolfcrypt/src/ge_operations.c; sourceTree = "<group>"; };
A4ADF88F1FCE0C4E00A06E90 /* chacha20_poly1305.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = chacha20_poly1305.c; path = ../../../wolfcrypt/src/chacha20_poly1305.c; sourceTree = "<group>"; };
A4ADF8921FCE0C4E00A06E90 /* arc4.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = arc4.c; path = ../../../wolfcrypt/src/arc4.c; sourceTree = "<group>"; };
/* ARC4 implementation has been removed */
A4ADF8941FCE0C4E00A06E90 /* memory.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = memory.c; path = ../../../wolfcrypt/src/memory.c; sourceTree = "<group>"; };
A4ADF8971FCE0C4F00A06E90 /* rsa.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = rsa.c; path = ../../../wolfcrypt/src/rsa.c; sourceTree = "<group>"; };
A4ADF8981FCE0C4F00A06E90 /* pkcs7.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = pkcs7.c; path = ../../../wolfcrypt/src/pkcs7.c; sourceTree = "<group>"; };
@@ -283,7 +283,7 @@
isa = PBXGroup;
children = (
A4ADF8821FCE0C4D00A06E90 /* aes.c */,
A4ADF8921FCE0C4E00A06E90 /* arc4.c */,
/* ARC4 implementation has been removed */,
A4DFEC0F1FD4CB8500A7BB33 /* armv8-aes.c */,
A46FE14C2493E8F500A25BE7 /* armv8-chacha.c */,
CB81DE1E24C93EC000B98DA6 /* armv8-curve25519.S */,
@@ -522,7 +522,7 @@
A4ADF8E01FCE0C5600A06E90 /* ecc_fp.c in Sources */,
A4ADF8EB1FCE0C5600A06E90 /* chacha20_poly1305.c in Sources */,
A4ADF86B1FCE0C1C00A06E90 /* keys.c in Sources */,
A4ADF8EE1FCE0C5600A06E90 /* arc4.c in Sources */,
/* ARC4 implementation has been removed */,
A4DFEC111FD4CB8500A7BB33 /* armv8-aes.c in Sources */,
A46FE1812493E8F800A25BE7 /* wc_dsp.c in Sources */,
A4ADF9061FCE0C5600A06E90 /* wc_encrypt.c in Sources */,

24
IDE/XCODE/wolfssl-FIPS.xcodeproj/project.pbxproj
View File

@@ -125,7 +125,7 @@
700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDB2A2FC0D500755BA7 /* eccsi.h */; };
700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD22A2FC0D500755BA7 /* ed448.h */; };
700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE12A2FC0D500755BA7 /* ed25519.h */; };
700F0CF82A2FC11300755BA7 /* ext_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */; };
700F0CF82A2FC11300755BA7 /* ext_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD52A2FC0D500755BA7 /* ext_kyber.h */; };
700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDD2A2FC0D500755BA7 /* falcon.h */; };
700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDE2A2FC0D500755BA7 /* fe_448.h */; };
700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CC72A2FC0D400755BA7 /* fe_operations.h */; };
@@ -133,7 +133,7 @@
700F0CFD2A2FC11300755BA7 /* ge_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE22A2FC0D500755BA7 /* ge_448.h */; };
700F0CFE2A2FC11300755BA7 /* ge_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCA2A2FC0D500755BA7 /* ge_operations.h */; };
700F0CFF2A2FC11300755BA7 /* hpke.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCD2A2FC0D500755BA7 /* hpke.h */; };
700F0D002A2FC11300755BA7 /* mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCC2A2FC0D500755BA7 /* mlkem.h */; };
700F0D002A2FC11300755BA7 /* kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CCC2A2FC0D500755BA7 /* kyber.h */; };
700F0D012A2FC11300755BA7 /* mem_track.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDA2A2FC0D500755BA7 /* mem_track.h */; };
700F0D022A2FC11300755BA7 /* pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD92A2FC0D500755BA7 /* pkcs11.h */; };
700F0D032A2FC11300755BA7 /* pkcs12.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE42A2FC0D500755BA7 /* pkcs12.h */; };
@@ -147,7 +147,7 @@
700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD12A2FC0D500755BA7 /* sp.h */; };
700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CEC2A2FC0D500755BA7 /* sphincs.h */; };
700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CDC2A2FC0D500755BA7 /* srp.h */; };
700F0D0E2A2FC11300755BA7 /* wc_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */; };
700F0D0E2A2FC11300755BA7 /* wc_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD82A2FC0D500755BA7 /* wc_kyber.h */; };
700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */; };
700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CD62A2FC0D500755BA7 /* wolfevent.h */; };
700F0D112A2FC11300755BA7 /* wolfmath.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0CEB2A2FC0D500755BA7 /* wolfmath.h */; };
@@ -285,7 +285,7 @@
700F0CF52A2FC11300755BA7 /* eccsi.h in CopyFiles */,
700F0CF62A2FC11300755BA7 /* ed448.h in CopyFiles */,
700F0CF72A2FC11300755BA7 /* ed25519.h in CopyFiles */,
700F0CF82A2FC11300755BA7 /* ext_mlkem.h in CopyFiles */,
700F0CF82A2FC11300755BA7 /* ext_kyber.h in CopyFiles */,
700F0CF92A2FC11300755BA7 /* falcon.h in CopyFiles */,
700F0CFA2A2FC11300755BA7 /* fe_448.h in CopyFiles */,
700F0CFB2A2FC11300755BA7 /* fe_operations.h in CopyFiles */,
@@ -293,7 +293,7 @@
700F0CFD2A2FC11300755BA7 /* ge_448.h in CopyFiles */,
700F0CFE2A2FC11300755BA7 /* ge_operations.h in CopyFiles */,
700F0CFF2A2FC11300755BA7 /* hpke.h in CopyFiles */,
700F0D002A2FC11300755BA7 /* mlkem.h in CopyFiles */,
700F0D002A2FC11300755BA7 /* kyber.h in CopyFiles */,
700F0D012A2FC11300755BA7 /* mem_track.h in CopyFiles */,
700F0D022A2FC11300755BA7 /* pkcs11.h in CopyFiles */,
700F0D032A2FC11300755BA7 /* pkcs12.h in CopyFiles */,
@@ -307,7 +307,7 @@
700F0D0B2A2FC11300755BA7 /* sp.h in CopyFiles */,
700F0D0C2A2FC11300755BA7 /* sphincs.h in CopyFiles */,
700F0D0D2A2FC11300755BA7 /* srp.h in CopyFiles */,
700F0D0E2A2FC11300755BA7 /* wc_mlkem.h in CopyFiles */,
700F0D0E2A2FC11300755BA7 /* wc_kyber.h in CopyFiles */,
700F0D0F2A2FC11300755BA7 /* wc_pkcs11.h in CopyFiles */,
700F0D102A2FC11300755BA7 /* wolfevent.h in CopyFiles */,
700F0D112A2FC11300755BA7 /* wolfmath.h in CopyFiles */,
@@ -563,7 +563,7 @@
700F0CC92A2FC0D500755BA7 /* selftest.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = selftest.h; path = ../../wolfssl/wolfcrypt/selftest.h; sourceTree = "<group>"; };
700F0CCA2A2FC0D500755BA7 /* ge_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_operations.h; path = ../../wolfssl/wolfcrypt/ge_operations.h; sourceTree = "<group>"; };
700F0CCB2A2FC0D500755BA7 /* async.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = async.h; path = ../../wolfssl/wolfcrypt/async.h; sourceTree = "<group>"; };
700F0CCC2A2FC0D500755BA7 /* mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mlkem.h; path = ../../wolfssl/wolfcrypt/mlkem.h; sourceTree = "<group>"; };
700F0CCC2A2FC0D500755BA7 /* kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kyber.h; path = ../../wolfssl/wolfcrypt/kyber.h; sourceTree = "<group>"; };
700F0CCD2A2FC0D500755BA7 /* hpke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = hpke.h; path = ../../wolfssl/wolfcrypt/hpke.h; sourceTree = "<group>"; };
700F0CCE2A2FC0D500755BA7 /* cpuid.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cpuid.h; path = ../../wolfssl/wolfcrypt/cpuid.h; sourceTree = "<group>"; };
700F0CCF2A2FC0D500755BA7 /* fips.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fips.h; path = ../../wolfssl/wolfcrypt/fips.h; sourceTree = "<group>"; };
@@ -572,10 +572,10 @@
700F0CD22A2FC0D500755BA7 /* ed448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ed448.h; path = ../../wolfssl/wolfcrypt/ed448.h; sourceTree = "<group>"; };
700F0CD32A2FC0D500755BA7 /* curve448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = curve448.h; path = ../../wolfssl/wolfcrypt/curve448.h; sourceTree = "<group>"; };
700F0CD42A2FC0D500755BA7 /* siphash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = siphash.h; path = ../../wolfssl/wolfcrypt/siphash.h; sourceTree = "<group>"; };
700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_mlkem.h; path = ../../wolfssl/wolfcrypt/ext_mlkem.h; sourceTree = "<group>"; };
700F0CD52A2FC0D500755BA7 /* ext_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_kyber.h; path = ../../wolfssl/wolfcrypt/ext_kyber.h; sourceTree = "<group>"; };
700F0CD62A2FC0D500755BA7 /* wolfevent.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wolfevent.h; path = ../../wolfssl/wolfcrypt/wolfevent.h; sourceTree = "<group>"; };
700F0CD72A2FC0D500755BA7 /* cmac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cmac.h; path = ../../wolfssl/wolfcrypt/cmac.h; sourceTree = "<group>"; };
700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mlkem.h; path = ../../wolfssl/wolfcrypt/wc_mlkem.h; sourceTree = "<group>"; };
700F0CD82A2FC0D500755BA7 /* wc_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_kyber.h; path = ../../wolfssl/wolfcrypt/wc_kyber.h; sourceTree = "<group>"; };
700F0CD92A2FC0D500755BA7 /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs11.h; path = ../../wolfssl/wolfcrypt/pkcs11.h; sourceTree = "<group>"; };
700F0CDA2A2FC0D500755BA7 /* mem_track.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mem_track.h; path = ../../wolfssl/wolfcrypt/mem_track.h; sourceTree = "<group>"; };
700F0CDB2A2FC0D500755BA7 /* eccsi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eccsi.h; path = ../../wolfssl/wolfcrypt/eccsi.h; sourceTree = "<group>"; };
@@ -643,7 +643,7 @@
700F0CDB2A2FC0D500755BA7 /* eccsi.h */,
700F0CD22A2FC0D500755BA7 /* ed448.h */,
700F0CE12A2FC0D500755BA7 /* ed25519.h */,
700F0CD52A2FC0D500755BA7 /* ext_mlkem.h */,
700F0CD52A2FC0D500755BA7 /* ext_kyber.h */,
700F0CDD2A2FC0D500755BA7 /* falcon.h */,
700F0CDE2A2FC0D500755BA7 /* fe_448.h */,
700F0CC72A2FC0D400755BA7 /* fe_operations.h */,
@@ -651,7 +651,7 @@
700F0CE22A2FC0D500755BA7 /* ge_448.h */,
700F0CCA2A2FC0D500755BA7 /* ge_operations.h */,
700F0CCD2A2FC0D500755BA7 /* hpke.h */,
700F0CCC2A2FC0D500755BA7 /* mlkem.h */,
700F0CCC2A2FC0D500755BA7 /* kyber.h */,
700F0CDA2A2FC0D500755BA7 /* mem_track.h */,
700F0CD92A2FC0D500755BA7 /* pkcs11.h */,
700F0CE42A2FC0D500755BA7 /* pkcs12.h */,
@@ -665,7 +665,7 @@
700F0CD12A2FC0D500755BA7 /* sp.h */,
700F0CEC2A2FC0D500755BA7 /* sphincs.h */,
700F0CDC2A2FC0D500755BA7 /* srp.h */,
700F0CD82A2FC0D500755BA7 /* wc_mlkem.h */,
700F0CD82A2FC0D500755BA7 /* wc_kyber.h */,
700F0CE82A2FC0D500755BA7 /* wc_pkcs11.h */,
700F0CD62A2FC0D500755BA7 /* wolfevent.h */,
700F0CEB2A2FC0D500755BA7 /* wolfmath.h */,

24
IDE/XCODE/wolfssl.xcodeproj/project.pbxproj
View File

@@ -256,7 +256,7 @@
700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF72A2FBC1600755BA7 /* eccsi.h */; };
700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF82A2FBC1600755BA7 /* ed448.h */; };
700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF42A2FBC1600755BA7 /* ed25519.h */; };
700F0C102A2FBC5100755BA7 /* ext_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */; };
700F0C102A2FBC5100755BA7 /* ext_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF92A2FBC1600755BA7 /* ext_kyber.h */; };
700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C022A2FBC1600755BA7 /* falcon.h */; };
700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEB2A2FBC1500755BA7 /* fe_448.h */; };
700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF62A2FBC1600755BA7 /* fe_operations.h */; };
@@ -264,7 +264,7 @@
700F0C152A2FBC5100755BA7 /* ge_448.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE72A2FBC1500755BA7 /* ge_448.h */; };
700F0C162A2FBC5100755BA7 /* ge_operations.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0C012A2FBC1600755BA7 /* ge_operations.h */; };
700F0C172A2FBC5100755BA7 /* hpke.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE12A2FBC1500755BA7 /* hpke.h */; };
700F0C182A2FBC5100755BA7 /* mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEA2A2FBC1500755BA7 /* mlkem.h */; };
700F0C182A2FBC5100755BA7 /* kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEA2A2FBC1500755BA7 /* kyber.h */; };
700F0C192A2FBC5100755BA7 /* pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFD2A2FBC1600755BA7 /* pkcs11.h */; };
700F0C1A2A2FBC5100755BA7 /* pkcs12.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BEC2A2FBC1500755BA7 /* pkcs12.h */; };
700F0C1B2A2FBC5100755BA7 /* rc2.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE02A2FBC1500755BA7 /* rc2.h */; };
@@ -277,7 +277,7 @@
700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE92A2FBC1500755BA7 /* sp.h */; };
700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE22A2FBC1500755BA7 /* sphincs.h */; };
700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF32A2FBC1600755BA7 /* srp.h */; };
700F0C252A2FBC5100755BA7 /* wc_mlkem.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */; };
700F0C252A2FBC5100755BA7 /* wc_kyber.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */; };
700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */; };
700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 700F0BE62A2FBC1500755BA7 /* wolfevent.h */; };
700F0C282A2FBC5100755BA7 /* kdf.h in CopyFiles */ = {isa = PBXBuildFile; fileRef = 6AC8513B272CB04F00F2B32A /* kdf.h */; };
@@ -625,7 +625,7 @@
700F0C0D2A2FBC5100755BA7 /* eccsi.h in CopyFiles */,
700F0C0E2A2FBC5100755BA7 /* ed448.h in CopyFiles */,
700F0C0F2A2FBC5100755BA7 /* ed25519.h in CopyFiles */,
700F0C102A2FBC5100755BA7 /* ext_mlkem.h in CopyFiles */,
700F0C102A2FBC5100755BA7 /* ext_kyber.h in CopyFiles */,
700F0C112A2FBC5100755BA7 /* falcon.h in CopyFiles */,
700F0C122A2FBC5100755BA7 /* fe_448.h in CopyFiles */,
700F0C132A2FBC5100755BA7 /* fe_operations.h in CopyFiles */,
@@ -633,7 +633,7 @@
700F0C152A2FBC5100755BA7 /* ge_448.h in CopyFiles */,
700F0C162A2FBC5100755BA7 /* ge_operations.h in CopyFiles */,
700F0C172A2FBC5100755BA7 /* hpke.h in CopyFiles */,
700F0C182A2FBC5100755BA7 /* mlkem.h in CopyFiles */,
700F0C182A2FBC5100755BA7 /* kyber.h in CopyFiles */,
700F0C192A2FBC5100755BA7 /* pkcs11.h in CopyFiles */,
700F0C1A2A2FBC5100755BA7 /* pkcs12.h in CopyFiles */,
700F0C1B2A2FBC5100755BA7 /* rc2.h in CopyFiles */,
@@ -646,7 +646,7 @@
700F0C222A2FBC5100755BA7 /* sp.h in CopyFiles */,
700F0C232A2FBC5100755BA7 /* sphincs.h in CopyFiles */,
700F0C242A2FBC5100755BA7 /* srp.h in CopyFiles */,
700F0C252A2FBC5100755BA7 /* wc_mlkem.h in CopyFiles */,
700F0C252A2FBC5100755BA7 /* wc_kyber.h in CopyFiles */,
700F0C262A2FBC5100755BA7 /* wc_pkcs11.h in CopyFiles */,
700F0C272A2FBC5100755BA7 /* wolfevent.h in CopyFiles */,
700F0C282A2FBC5100755BA7 /* kdf.h in CopyFiles */,
@@ -985,7 +985,7 @@
700F0BE72A2FBC1500755BA7 /* ge_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_448.h; path = ../../wolfssl/wolfcrypt/ge_448.h; sourceTree = "<group>"; };
700F0BE82A2FBC1500755BA7 /* sp_int.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sp_int.h; path = ../../wolfssl/wolfcrypt/sp_int.h; sourceTree = "<group>"; };
700F0BE92A2FBC1500755BA7 /* sp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sp.h; path = ../../wolfssl/wolfcrypt/sp.h; sourceTree = "<group>"; };
700F0BEA2A2FBC1500755BA7 /* mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = mlkem.h; path = ../../wolfssl/wolfcrypt/mlkem.h; sourceTree = "<group>"; };
700F0BEA2A2FBC1500755BA7 /* kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = kyber.h; path = ../../wolfssl/wolfcrypt/kyber.h; sourceTree = "<group>"; };
700F0BEB2A2FBC1500755BA7 /* fe_448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fe_448.h; path = ../../wolfssl/wolfcrypt/fe_448.h; sourceTree = "<group>"; };
700F0BEC2A2FBC1500755BA7 /* pkcs12.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs12.h; path = ../../wolfssl/wolfcrypt/pkcs12.h; sourceTree = "<group>"; };
700F0BED2A2FBC1500755BA7 /* chacha20_poly1305.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = chacha20_poly1305.h; path = ../../wolfssl/wolfcrypt/chacha20_poly1305.h; sourceTree = "<group>"; };
@@ -1000,13 +1000,13 @@
700F0BF62A2FBC1600755BA7 /* fe_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fe_operations.h; path = ../../wolfssl/wolfcrypt/fe_operations.h; sourceTree = "<group>"; };
700F0BF72A2FBC1600755BA7 /* eccsi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = eccsi.h; path = ../../wolfssl/wolfcrypt/eccsi.h; sourceTree = "<group>"; };
700F0BF82A2FBC1600755BA7 /* ed448.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ed448.h; path = ../../wolfssl/wolfcrypt/ed448.h; sourceTree = "<group>"; };
700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_mlkem.h; path = ../../wolfssl/wolfcrypt/ext_mlkem.h; sourceTree = "<group>"; };
700F0BF92A2FBC1600755BA7 /* ext_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ext_kyber.h; path = ../../wolfssl/wolfcrypt/ext_kyber.h; sourceTree = "<group>"; };
700F0BFA2A2FBC1600755BA7 /* sha3.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = sha3.h; path = ../../wolfssl/wolfcrypt/sha3.h; sourceTree = "<group>"; };
700F0BFB2A2FBC1600755BA7 /* signature.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = signature.h; path = ../../wolfssl/wolfcrypt/signature.h; sourceTree = "<group>"; };
700F0BFC2A2FBC1600755BA7 /* cmac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = cmac.h; path = ../../wolfssl/wolfcrypt/cmac.h; sourceTree = "<group>"; };
700F0BFD2A2FBC1600755BA7 /* pkcs11.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = pkcs11.h; path = ../../wolfssl/wolfcrypt/pkcs11.h; sourceTree = "<group>"; };
700F0BFE2A2FBC1600755BA7 /* siphash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = siphash.h; path = ../../wolfssl/wolfcrypt/siphash.h; sourceTree = "<group>"; };
700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_mlkem.h; path = ../../wolfssl/wolfcrypt/wc_mlkem.h; sourceTree = "<group>"; };
700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = wc_kyber.h; path = ../../wolfssl/wolfcrypt/wc_kyber.h; sourceTree = "<group>"; };
700F0C002A2FBC1600755BA7 /* fips.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = fips.h; path = ../../wolfssl/wolfcrypt/fips.h; sourceTree = "<group>"; };
700F0C012A2FBC1600755BA7 /* ge_operations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ge_operations.h; path = ../../wolfssl/wolfcrypt/ge_operations.h; sourceTree = "<group>"; };
700F0C022A2FBC1600755BA7 /* falcon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = falcon.h; path = ../../wolfssl/wolfcrypt/falcon.h; sourceTree = "<group>"; };
@@ -1157,7 +1157,7 @@
700F0BF72A2FBC1600755BA7 /* eccsi.h */,
700F0BF82A2FBC1600755BA7 /* ed448.h */,
700F0BF42A2FBC1600755BA7 /* ed25519.h */,
700F0BF92A2FBC1600755BA7 /* ext_mlkem.h */,
700F0BF92A2FBC1600755BA7 /* ext_kyber.h */,
700F0C022A2FBC1600755BA7 /* falcon.h */,
700F0BEB2A2FBC1500755BA7 /* fe_448.h */,
700F0BF62A2FBC1600755BA7 /* fe_operations.h */,
@@ -1165,7 +1165,7 @@
700F0BE72A2FBC1500755BA7 /* ge_448.h */,
700F0C012A2FBC1600755BA7 /* ge_operations.h */,
700F0BE12A2FBC1500755BA7 /* hpke.h */,
700F0BEA2A2FBC1500755BA7 /* mlkem.h */,
700F0BEA2A2FBC1500755BA7 /* kyber.h */,
700F0BFD2A2FBC1600755BA7 /* pkcs11.h */,
700F0BEC2A2FBC1500755BA7 /* pkcs12.h */,
700F0BE02A2FBC1500755BA7 /* rc2.h */,
@@ -1178,7 +1178,7 @@
700F0BE92A2FBC1500755BA7 /* sp.h */,
700F0BE22A2FBC1500755BA7 /* sphincs.h */,
700F0BF32A2FBC1600755BA7 /* srp.h */,
700F0BFF2A2FBC1600755BA7 /* wc_mlkem.h */,
700F0BFF2A2FBC1600755BA7 /* wc_kyber.h */,
700F0BF52A2FBC1600755BA7 /* wc_pkcs11.h */,
700F0BE62A2FBC1500755BA7 /* wolfevent.h */,
5216465E1A8993770062516A /* aes.h */,

1
IDE/include.am
View File

@@ -61,7 +61,6 @@ include IDE/WINCE/include.am
include IDE/WORKBENCH/include.am
include IDE/XCODE-FIPSv2/include.am
include IDE/XCODE-FIPSv5/include.am
include IDE/XCODE-FIPSv6/include.am
include IDE/XCODE/include.am
include IDE/XilinxSDK/include.am
include IDE/zephyr/include.am

3
Makefile.am
View File

@@ -213,8 +213,7 @@ if BUILD_LINUXKM
EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
AM_CCASFLAGS CCASFLAGS \
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_LKCAPI_REGISTER \
ENABLED_LINUXKM_PIE ENABLED_ASM \
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_PIE ENABLED_ASM \
CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \
ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \

300
README
View File

@@ -70,214 +70,130 @@ should be used for the enum name.
*** end Notes ***
# wolfSSL Release 5.8.0 (Apr 24, 2025)
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.8.0 has been developed according to wolfSSL's development and QA
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is deprecated
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Algorithm registration in the Linux kernel module for all supported FIPS AES,
SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes.
* Implemented various fixes to support building for Open Watcom including OS/2
support and Open Watcom 1.9 compatibility (PR 8505, 8484)
* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488)
* Added support for STM32WBA (PR 8550)
* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks
build (PR 8303)
* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594)
* Added support for libimobiledevice commit 860ffb (PR 8373)
* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD
(PR 8307)
* Added blinding option when using a Curve25519 private key by defining the
macro WOLFSSL_CURVE25519_BLINDING (PR 8392)
## Linux Kernel Module
* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes),
rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256,
P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with
bare and PKCS1 padding
* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552)
* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for
compatibility with FIPS 140-3 Cert #4718.
* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override
macro (PR 8654)
* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit
7450ebd29c (merged for Linux 6.15) (PR 8667)
* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673)
* Fix for uninitialized build error with fedora (PR 8569)
* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663,
8646)
* Added force zero shared secret buffer, and clear of old key with ecdh
(PR 8685)
* Update fips-check.sh script to pickup XTS streaming support on aarch64 and
disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546)
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
### Security & Cryptography
* Add constant-time implementation improvements for encoding functions. We thank
Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and
reporting several non-constant-time implementations. (PR 8396, 8617)
* Additional support for PKCS7 verify and decode with indefinite lengths
(PR 8520, 834, 8645)
* Add more PQC hybrid key exchange algorithms such as support for combinations
with X25519 and X448 enabling compatibility with the PQC key exchange support
in Chromium browsers and Mozilla Firefox (PR 7821)
* Add short-circuit comparisons to DH key validation for RFC 7919 parameters
(PR 8335)
* Improve FIPS compatibility with various build configurations for more resource
constrained builds (PR 8370)
* Added option to disable ECC public key order checking (PR 8581)
* Allow critical alt and basic constraints extensions (PR 8542)
* New codepoint for MLDSA to help with interoperability (PR 8393)
* Add support for parsing trusted PEM certs having the header
“BEGIN_TRUSTED_CERT” (PR 8400)
* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs
(PR 8599, 8686)
* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c
handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425)
### Build System, Configuration, CI & Protocols
* Internal refactor for include of config.h and when building with
BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated
function” when trying to improperly use an internal API of wolfSSL in an
external application. (PR 8640, 8647, 8660, 8662, 8664)
* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548)
* Add CMake and Zephyr support for XMSS and LMS (PR 8494)
* Added GitHub CI for CMake builds (PR 8439)
* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382)
* Add MSYS2 build continuous integration test (PR 8504)
* Update DevKitPro doc to list calico dependency with build commands (PR 8607)
* Conversion compiler warning fixes and additional continuous integration test
added (PR 8538)
* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481)
* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds
(PR 8526)
### Performance Improvements
* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429)
* LMS fixes and improvements adding API to get Key ID from raw private key,
change to identifiers to match standard, and fix for when
WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623)
* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage,
performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619,
8622, 8588)
* Performance improvements for AES-GCM and when doing multiple HMAC operations
(PR 8445)
### Assembly and Platform-Specific Enhancements
* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for
Aarch64 use (PR 8344, 8561, 8671)
* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD
(PR 8325, 8348)
* Only perform ARM assembly CPUID checks if support was enabled at build time
(PR 8566)
* Optimizations for ARM32 assembly instructions on platforms less than ARMv7
(PR 8395)
* Improve MSVC feature detection for static assert macros (PR 8440)
* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402)
* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h
(PR 8422, PR 8641)
### OpenSSL Compatibility Layer
* Modification to the push/pop to/from in OpenSSL compatibility layer. This is
a pretty major API change in the OpenSSL compatibility stack functions.
Previously the API would push/pop from the beginning of the list but now they
operate on the tail of the list. This matters when using the sk_value with
index values. (PR 8616)
* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498)
* Expand the OpenSSL compatibility layer to include an implementation of
BN_CTX_get (PR 8388)
### API Additions and Modifications
* Refactor Hpke to allow multiple uses of a context instead of just one shot
mode (PR 6805)
* Add support for PSK client callback with Ada and use with Alire (thanks
@mgrojo, PR 8332, 8606)
* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add
functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to
rotate the server's echConfigs (PR 8556)
* Added the public API wc_PkcsPad to do PKCS padding (PR 8502)
* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518)
* Update Kyber APIs to ML-KEM APIs (PR 8536)
* Add option to disallow automatic use of "default" devId using the macro
WC_NO_DEFAULT_DEVID (PR 8555)
* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk
format (PR 8630)
### Porting and Language Support
* Update Python port to support version 3.12.6 (PR 8345)
* New additions for MAXQ with wolfPKCS11 (PR 8343)
* Port to ntp 4.2.8p17 additions (PR 8324)
* Add version 0.9.14 to tested libvncserver builds (PR 8337)
### General Improvements and Cleanups
* Cleanups for STM32 AES GCM (PR 8584)
* Improvements to isascii() and the CMake key log option (PR 8596)
* Arduino documentation updates, comments and spelling corrections (PR 8381,
8384, 8514)
* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and
--enable-all builds (PR 8369, 8371)
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a use after free caused by an early free on error in the X509 store
(PR 8449)
* Fix to account for existing PKCS8 header with
wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612)
* Fixed failing CMake build issue when standard threads support is not found in
the system (PR 8485)
* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with
gcc -march=native -O2 (PR 8329)
* Fix Windows socket API compatibility warning with mingw32 build (PR 8424)
* Fix potential null pointer increments in cipher list parsing (PR 8420)
* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7.
Thanks to the team at Code Intelligence for the report. (PR 8466)
* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379)
* Fixed building with VS2008 and .NET 3.5 (PR 8621)
* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447)
* Fixed SSL_set_mtu compatibility function return code (PR 8330)
* Fixed Renesas RX TSIP (PR 8595)
* Fixed ECC non-blocking tests (PR 8533)
* Fixed CMake on MINGW and MSYS (PR 8377)
* Fixed Watcom compiler and added new CI test (PR 8391)
* Fixed STM32 PKA ECC 521-bit support (PR 8450)
* Fixed STM32 PKA with P521 and shared secret (PR 8601)
* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602)
* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD
(PR 8575)
* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350)
* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407)
* Fix CMake lean_tls build (PR 8460)
* Fix for QUIC callback failure (PR 8475)
* Fix missing alert types in AlertTypeToString for print out with debugging
enabled (PR 8572)
* Fixes for MSVS build issues with PQC configure (PR 8568)
* Fix for SE050 port and minor improvements (PR 8431, 8437)
* Fix for missing rewind function in zephyr and add missing files for compiling
with assembly optimizations (PR 8531, 8541)
* Fix for quic_record_append to return the correct code (PR 8340, 8358)
* Fixes for Bind 9.18.28 port (PR 8331)
* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when
negotiating TLS 1.3 (PR 8487)
* Fix to properly check for signature_algorithms from the client in a TLS 1.3
server (PR 8356)
* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code
Intelligence for the report (PR 8426)
* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations
(PR 8590, 8635)
* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm
or zmm registers are used (PR 8479)
* Entropy MemUse fix for when block size less than update bits (PR 8675)
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at:

301
README.md
View File

@@ -75,214 +75,131 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a
`WC_SHA512` should be used for the enum name.
# wolfSSL Release 5.8.0 (Apr 24, 2025)
# wolfSSL Release 5.7.6 (Dec 31, 2024)
Release 5.8.0 has been developed according to wolfSSL's development and QA
Release 5.7.6 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is deprecated
NOTE:
* --enable-heapmath is deprecated.
* In this release, the default cipher suite preference is updated to prioritize
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256 when enabled.
* This release adds a sanity check for including wolfssl/options.h or
user_settings.h.
PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
number where the code change was added.
## Vulnerabilities
* [Med] An OCSP (non stapling) issue was introduced in wolfSSL version 5.7.4
when performing OCSP requests for intermediate certificates in a certificate
chain. This affects only TLS 1.3 connections on the server side. It would not
impact other TLS protocol versions or connections that are not using the
traditional OCSP implementation. (Fix in pull request 8115)
## New Feature Additions
* Algorithm registration in the Linux kernel module for all supported FIPS AES,
SHA, HMAC, ECDSA, ECDH, and RSA modes, key sizes, and digest sizes.
* Implemented various fixes to support building for Open Watcom including OS/2
support and Open Watcom 1.9 compatibility (PR 8505, 8484)
* Added support for STM32H7S (tested on NUCLEO-H7S3L8) (PR 8488)
* Added support for STM32WBA (PR 8550)
* Added Extended Master Secret Generation Callback to the --enable-pkcallbacks
build (PR 8303)
* Implement AES-CTS (configure flag --enable-aescts) in wolfCrypt (PR 8594)
* Added support for libimobiledevice commit 860ffb (PR 8373)
* Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 IPD
(PR 8307)
* Added blinding option when using a Curve25519 private key by defining the
macro WOLFSSL_CURVE25519_BLINDING (PR 8392)
## Linux Kernel Module
* Production-ready LKCAPI registration for cbc(aes), cfb(aes), gcm(aes),
rfc4106 (gcm(aes)), ctr(aes), ofb(aes), and ecb(aes), ECDSA with P192, P256,
P384, and P521 curves, ECDH with P192, P256, and P384 curves, and RSA with
bare and PKCS1 padding
* Various fixes for LKCAPI wrapper for AES-CBC and AES-CFB (PR 8534, 8552)
* Adds support for the legacy one-shot AES-GCM back end (PR 8614, 8567) for
compatibility with FIPS 140-3 Cert #4718.
* On kernel >=6.8, for CONFIG_FORTIFY_SOURCE, use 5-arg fortify_panic() override
macro (PR 8654)
* Update calls to scatterwalk_map() and scatterwalk_unmap() for linux commit
7450ebd29c (merged for Linux 6.15) (PR 8667)
* Inhibit LINUXKM_LKCAPI_REGISTER_ECDH on kernel <5.13 (PR 8673)
* Fix for uninitialized build error with fedora (PR 8569)
* Register ecdsa, ecdh, and rsa for use with linux kernel crypto (PR 8637, 8663,
8646)
* Added force zero shared secret buffer, and clear of old key with ecdh
(PR 8685)
* Update fips-check.sh script to pickup XTS streaming support on aarch64 and
disable XTS-384 as an allowed use in FIPS mode (PR 8509, 8546)
* Add support for RP2350 and improve RP2040 support, both with RNG optimizations
(PR 8153)
* Add support for STM32MP135F, including STM32CubeIDE support and HAL support
for SHA2/SHA3/AES/RNG/ECC optimizations. (PR 8223, 8231, 8241)
* Implement Renesas TSIP RSA Public Enc/Private support (PR 8122)
* Add support for Fedora/RedHat system-wide crypto-policies (PR 8205)
* Curve25519 generic keyparsing API added with wc_Curve25519KeyToDer and
wc_Curve25519KeyDecode (PR 8129)
* CRL improvements and update callback, added the functions
wolfSSL_CertManagerGetCRLInfo and wolfSSL_CertManagerSetCRLUpdate_Cb (PR 8006)
* For DTLS, add server-side stateless and CID quality-of-life API. (PR 8224)
## Enhancements and Optimizations
### Security & Cryptography
* Add constant-time implementation improvements for encoding functions. We thank
Zhiyuan and Gilles for sharing a new constant-time analysis tool (CT-LLVM) and
reporting several non-constant-time implementations. (PR 8396, 8617)
* Additional support for PKCS7 verify and decode with indefinite lengths
(PR 8520, 834, 8645)
* Add more PQC hybrid key exchange algorithms such as support for combinations
with X25519 and X448 enabling compatibility with the PQC key exchange support
in Chromium browsers and Mozilla Firefox (PR 7821)
* Add short-circuit comparisons to DH key validation for RFC 7919 parameters
(PR 8335)
* Improve FIPS compatibility with various build configurations for more resource
constrained builds (PR 8370)
* Added option to disable ECC public key order checking (PR 8581)
* Allow critical alt and basic constraints extensions (PR 8542)
* New codepoint for MLDSA to help with interoperability (PR 8393)
* Add support for parsing trusted PEM certs having the header
“BEGIN_TRUSTED_CERT” (PR 8400)
* Add support for parsing only of DoD certificate policy and Comodo Ltd PKI OIDs
(PR 8599, 8686)
* Update ssl code in `src/*.c` to be consistent with wolfcrypt/src/asn.c
handling of ML_DSA vs Dilithium and add dual alg. test (PR 8360, 8425)
### Build System, Configuration, CI & Protocols
* Internal refactor for include of config.h and when building with
BUILDING_WOLFSSL macro. This refactor will give a warning of “deprecated
function” when trying to improperly use an internal API of wolfSSL in an
external application. (PR 8640, 8647, 8660, 8662, 8664)
* Add WOLFSSL_CLU option to CMakeLists.txt (PR 8548)
* Add CMake and Zephyr support for XMSS and LMS (PR 8494)
* Added GitHub CI for CMake builds (PR 8439)
* Added necessary macros when building wolfTPM Zephyr with wolfSSL (PR 8382)
* Add MSYS2 build continuous integration test (PR 8504)
* Update DevKitPro doc to list calico dependency with build commands (PR 8607)
* Conversion compiler warning fixes and additional continuous integration test
added (PR 8538)
* Enable DTLS 1.3 by default in --enable-jni builds (PR 8481)
* Enabled TLS 1.3 middlebox compatibility by default for --enable-jni builds
(PR 8526)
### Performance Improvements
* Performance improvements AES-GCM and HMAC (in/out hash copy) (PR 8429)
* LMS fixes and improvements adding API to get Key ID from raw private key,
change to identifiers to match standard, and fix for when
WOLFSSL_LMS_MAX_LEVELS is 1 (PR 8390, 8684, 8613, 8623)
* ML-KEM/Kyber improvements and fixes; no malloc builds, small memory usage,
performance improvement, fix for big-endian (PR 8397, 8412, 8436, 8467, 8619,
8622, 8588)
* Performance improvements for AES-GCM and when doing multiple HMAC operations
(PR 8445)
### Assembly and Platform-Specific Enhancements
* Poly1305 arm assembly changes adding ARM32 NEON implementation and fix for
Aarch64 use (PR 8344, 8561, 8671)
* Aarch64 assembly enhancement to use more CPU features, fix for FreeBSD/OpenBSD
(PR 8325, 8348)
* Only perform ARM assembly CPUID checks if support was enabled at build time
(PR 8566)
* Optimizations for ARM32 assembly instructions on platforms less than ARMv7
(PR 8395)
* Improve MSVC feature detection for static assert macros (PR 8440)
* Improve Espressif make and CMake for ESP8266 and ESP32 series (PR 8402)
* Espressif updates for Kconfig, ESP32P4 and adding a sample user_settings.h
(PR 8422, PR 8641)
### OpenSSL Compatibility Layer
* Modification to the push/pop to/from in OpenSSL compatibility layer. This is
a pretty major API change in the OpenSSL compatibility stack functions.
Previously the API would push/pop from the beginning of the list but now they
operate on the tail of the list. This matters when using the sk_value with
index values. (PR 8616)
* OpenSSL Compat Layer: OCSP response improvements (PR 8408, 8498)
* Expand the OpenSSL compatibility layer to include an implementation of
BN_CTX_get (PR 8388)
### API Additions and Modifications
* Refactor Hpke to allow multiple uses of a context instead of just one shot
mode (PR 6805)
* Add support for PSK client callback with Ada and use with Alire (thanks
@mgrojo, PR 8332, 8606)
* Change wolfSSL_CTX_GenerateEchConfig to generate multiple configs and add
functions wolfSSL_CTX_SetEchConfigs and wolfSSL_CTX_SetEchConfigsBase64 to
rotate the server's echConfigs (PR 8556)
* Added the public API wc_PkcsPad to do PKCS padding (PR 8502)
* Add NULL_CIPHER_TYPE support to wolfSSL_EVP_CipherUpdate (PR 8518)
* Update Kyber APIs to ML-KEM APIs (PR 8536)
* Add option to disallow automatic use of "default" devId using the macro
WC_NO_DEFAULT_DEVID (PR 8555)
* Detect unknown key format on ProcessBufferTryDecode() and handle RSA-PSSk
format (PR 8630)
### Porting and Language Support
* Update Python port to support version 3.12.6 (PR 8345)
* New additions for MAXQ with wolfPKCS11 (PR 8343)
* Port to ntp 4.2.8p17 additions (PR 8324)
* Add version 0.9.14 to tested libvncserver builds (PR 8337)
### General Improvements and Cleanups
* Cleanups for STM32 AES GCM (PR 8584)
* Improvements to isascii() and the CMake key log option (PR 8596)
* Arduino documentation updates, comments and spelling corrections (PR 8381,
8384, 8514)
* Expanding builds with WOLFSSL_NO_REALLOC for use with --enable-opensslall and
--enable-all builds (PR 8369, 8371)
* Add a CMake dependency check for pthreads when required. (PR 8162)
* Update OS_Seed declarations for legacy compilers and FIPS modules (boundary
not affected). (PR 8170)
* Enable WOLFSSL_ALWAYS_KEEP_SNI by default when using --enable-jni. (PR 8283)
* Change the default cipher suite preference, prioritizing
TLS_AES_256_GCM_SHA384 over TLS_AES_128_GCM_SHA256. (PR 7771)
* Add SRTP-KDF (FIPS module v6.0.0) to checkout script for release bundling
(PR 8215)
* Make library build when no hardware crypto available for Aarch64 (PR 8293)
* Update assembly code to avoid `uint*_t` types for better compatibility with
older C standards. (PR 8133)
* Add initial documentation for writing ASN template code to decode BER/DER.
(PR 8120)
* Perform full reduction in sc_muladd for EdDSA with Curve448 (PR 8276)
* Allow SHA-3 hardware cryptography instructions to be explicitly not used in
MacOS builds (PR 8282)
* Make Kyber and ML-KEM available individually and together. (PR 8143)
* Update configuration options to include Kyber/ML-KEM and fix defines used in
wolfSSL_get_curve_name. (PR 8183)
* Make GetShortInt available with WOLFSSL_ASN_EXTRA (PR 8149)
* Improved test coverage and minor improvements of X509 (PR 8176)
* Add sanity checks for configuration methods, ensuring the inclusion of
wolfssl/options.h or user_settings.h. (PR 8262)
* Enable support for building without TLS (NO_TLS). Provides reduced code size
option for non-TLS users who want features like the certificate manager or
compatibility layer. (PR 8273)
* Exposed get_verify functions with OPENSSL_EXTRA. (PR 8258)
* ML-DSA/Dilithium: obtain security level from DER when decoding (PR 8177)
* Implementation for using PKCS11 to retrieve certificate for SSL CTX (PR 8267)
* Add support for the RFC822 Mailbox attribute (PR 8280)
* Initialize variables and adjust types resolve warnings with Visual Studio in
Windows builds. (PR 8181)
* Refactors and expansion of opensslcoexist build (PR 8132, 8216, 8230)
* Add DTLS 1.3 interoperability, libspdm and DTLS CID interoperability tests
(PR 8261, 8255, 8245)
* Remove trailing error exit code in wolfSSL install setup script (PR 8189)
* Update Arduino files for wolfssl 5.7.4 (PR 8219)
* Improve Espressif SHA HW/SW mutex messages (PR 8225)
* Apply post-5.7.4 release updates for Espressif Managed Component examples
(PR 8251)
* Expansion of c89 conformance (PR 8164)
* Added configure option for additional sanity checks with --enable-faultharden
(PR 8289)
* Aarch64 ASM additions to check CPU features before hardware crypto instruction
use (PR 8314)
## Fixes
* Fix a use after free caused by an early free on error in the X509 store
(PR 8449)
* Fix to account for existing PKCS8 header with
wolfSSL_PEM_write_PKCS8PrivateKey (PR 8612)
* Fixed failing CMake build issue when standard threads support is not found in
the system (PR 8485)
* Fix segmentation fault in SHA-512 implementation for AVX512 targets built with
gcc -march=native -O2 (PR 8329)
* Fix Windows socket API compatibility warning with mingw32 build (PR 8424)
* Fix potential null pointer increments in cipher list parsing (PR 8420)
* Fix for possible stack buffer overflow read with wolfSSL_SMIME_write_PKCS7.
Thanks to the team at Code Intelligence for the report. (PR 8466)
* Fix AES ECB implementation for Aarch64 ARM assembly (PR 8379)
* Fixed building with VS2008 and .NET 3.5 (PR 8621)
* Fixed possible error case memory leaks in CRL and EVP_Sign_Final (PR 8447)
* Fixed SSL_set_mtu compatibility function return code (PR 8330)
* Fixed Renesas RX TSIP (PR 8595)
* Fixed ECC non-blocking tests (PR 8533)
* Fixed CMake on MINGW and MSYS (PR 8377)
* Fixed Watcom compiler and added new CI test (PR 8391)
* Fixed STM32 PKA ECC 521-bit support (PR 8450)
* Fixed STM32 PKA with P521 and shared secret (PR 8601)
* Fixed crypto callback macro guards with `DEBUG_CRYPTOCB` (PR 8602)
* Fix outlen return for RSA private decrypt with WOLF_CRYPTO_CB_RSA_PAD
(PR 8575)
* Additional sanity check on r and s lengths in DecodeECC_DSA_Sig_Bin (PR 8350)
* Fix compat. layer ASN1_TIME_diff to accept NULL output params (PR 8407)
* Fix CMake lean_tls build (PR 8460)
* Fix for QUIC callback failure (PR 8475)
* Fix missing alert types in AlertTypeToString for print out with debugging
enabled (PR 8572)
* Fixes for MSVS build issues with PQC configure (PR 8568)
* Fix for SE050 port and minor improvements (PR 8431, 8437)
* Fix for missing rewind function in zephyr and add missing files for compiling
with assembly optimizations (PR 8531, 8541)
* Fix for quic_record_append to return the correct code (PR 8340, 8358)
* Fixes for Bind 9.18.28 port (PR 8331)
* Fix to adhere more closely with RFC8446 Appendix D and set haveEMS when
negotiating TLS 1.3 (PR 8487)
* Fix to properly check for signature_algorithms from the client in a TLS 1.3
server (PR 8356)
* Fix for when BIO data is less than seq buffer size. Thanks to the team at Code
Intelligence for the report (PR 8426)
* ARM32/Thumb2 fixes for WOLFSSL_NO_VAR_ASSIGN_REG and td4 variable declarations
(PR 8590, 8635)
* Fix for Intel AVX1/SSE2 assembly to not use vzeroupper instructions unless ymm
or zmm registers are used (PR 8479)
* Entropy MemUse fix for when block size less than update bits (PR 8675)
* Fix a memory issue when using the compatibility layer with
WOLFSSL_GENERAL_NAME and handling registered ID types. (PR 8155)
* Fix a build issue with signature fault hardening when using public key
callbacks (HAVE_PK_CALLBACKS). (PR 8287)
* Fix for handling heap hint pointer properly when managing multiple WOLFSSL_CTX
objects and freeing one of them (PR 8180)
* Fix potential memory leak in error case with Aria. (PR 8268)
* Fix Set_Verify flag behaviour on Ada wrapper. (PR 8256)
* Fix a compilation error with the NO_WOLFSSL_DIR flag. (PR 8294)
* Resolve a corner case for Poly1305 assembly code on Aarch64. (PR 8275)
* Fix incorrect version setting in CSRs. (PR 8136)
* Correct debugging output for cryptodev. (PR 8202)
* Fix for benchmark application use with /dev/crypto GMAC auth error due to size
of AAD (PR 8210)
* Add missing checks for the initialization of sp_int/mp_int with DSA to free
memory properly in error cases. (PR 8209)
* Fix return value of wolfSSL_CTX_set_tlsext_use_srtp (8252)
* Check Root CA by Renesas TSIP before adding it to ca-table (PR 8101)
* Prevent adding a certificate to the CA cache for Renesas builds if it does not
set CA:TRUE in basic constraints. (PR 8060)
* Fix attribute certificate holder entityName parsing. (PR 8166)
* Resolve build issues for configurations without any wolfSSL/openssl
compatibility layer headers. (PR 8182)
* Fix for building SP RSA small and RSA public only (PR 8235)
* Fix for Renesas RX TSIP RSA Sign/Verify with wolfCrypt only (PR 8206)
* Fix to ensure all files have settings.h included (like wc_lms.c) and guards
for building all `*.c` files (PR 8257 and PR 8140)
* Fix x86 target build issues in Visual Studio for non-Windows operating
systems. (PR 8098)
* Fix wolfSSL_X509_STORE_get0_objects to handle no CA (PR 8226)
* Properly handle reference counting when adding to the X509 store. (PR 8233)
* Fix for various typos and improper size used with FreeRTOS_bind in the Renesas
example. Thanks to Hongbo for the report on example issues. (PR 7537)
* Fix for potential heap use after free with wolfSSL_PEM_read_bio_PrivateKey.
Thanks to Peter for the issue reported. (PR 8139)
For additional vulnerability information visit the vulnerability page at:
https://www.wolfssl.com/docs/security-vulnerabilities/

BIN
certs/fpki-certpol-cert.der
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More