Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Cyclic0007:wolfEntropy2
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0
..
compare: Cyclic0007:WCv5.2.3-RSA-SWITCH
Branches Tags
Cyclic0007:master Cyclic0007:nightly-snapshot Cyclic0007:revert-9495-aarch64_no_hw_crypto_asm_aes Cyclic0007:revert-9512-20251210-linuxkm-5.17-ubuntu-jammy-tegra-patches Cyclic0007:TLS13-cipher-suite-fix Cyclic0007:revert-9145-zd20038_2 Cyclic0007:pr-8603 Cyclic0007:remove-arc4 Cyclic0007:devin-lifeguard/update-rules-d59f9c48 Cyclic0007:revert-8277-aarch64_no_crypto Cyclic0007:revert-5549-fix_sha256_debug Cyclic0007:cert-3389
Cyclic0007:WCv5.2.4-KRNL-CHKIN-r5 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC2 Cyclic0007:WCv6.0.0-linuxkm-UPDT-RC1 Cyclic0007:WCv5.2.4-KRNL-CHKIN-r4 Cyclic0007:wolfEntropy2d Cyclic0007:v5.8.4-stable Cyclic0007:WCv5.2.5-STM32-PAA Cyclic0007:WCv5.2.4-KRNL-CHKIN Cyclic0007:v5.8.2-stable Cyclic0007:WCv5.2.3-RSA-SWITCH Cyclic0007:wolfEntropy2 Cyclic0007:WCv5.2.3-DHGENPUB-r2 Cyclic0007:WCv5.2.3-DHGENPUB Cyclic0007:v5.8.0-stable Cyclic0007:WCv6.0.0-RC5 Cyclic0007:WCv6.0.0-RC4 Cyclic0007:WCv5.2.3-STM32-PAA Cyclic0007:WCv6.0.0-RC3 Cyclic0007:v5.7.6-stable Cyclic0007:v5.2.1 Cyclic0007:WCv5.2.3-ARMv8-PAA-r2 Cyclic0007:WCv6.0.0-RC2 Cyclic0007:WCv6.0.0-RC1 Cyclic0007:v5.2.1-stable-OS_Seed-HdrOnly Cyclic0007:v5.7.4-stable Cyclic0007:v5.7.2-stable Cyclic0007:wolfEntropy1 Cyclic0007:v5.7.0-stable Cyclic0007:WCv5.2.3-ARMv8-PAA Cyclic0007:v5.6.6-stable Cyclic0007:v5.6.4-stable Cyclic0007:v5.2.1-stable Cyclic0007:WCv5.2.1-PILOT Cyclic0007:v5.6.3-stable Cyclic0007:v5.6.2-stable Cyclic0007:v5.6.0-stable Cyclic0007:v5.5.4-stable Cyclic0007:v5.5.3-stable Cyclic0007:v5.5.2-stable Cyclic0007:v5.5.1-stable Cyclic0007:v5.5.0-stable Cyclic0007:v5.4.0-stable Cyclic0007:v5.3.0-stable Cyclic0007:v5.2.0-stable Cyclic0007:v5.1.1-stable Cyclic0007:WCv5.0-RC12 Cyclic0007:v5.1.0-stable Cyclic0007:WCv5.0-RC11 Cyclic0007:WCv5.0-RC10 Cyclic0007:v5.0.0-stable Cyclic0007:WCv5.0-RC9 Cyclic0007:v4.8.1-stable Cyclic0007:v4.8.0-stable Cyclic0007:WCv5.0-RC8 Cyclic0007:WCv5.0-RC7 Cyclic0007:WCv5.0-RC6 Cyclic0007:WCv5.0-RC5 Cyclic0007:v4.7.1r Cyclic0007:WCv5.0-RC4 Cyclic0007:WCv5.0-RC3 Cyclic0007:WCv5.0-RC2 Cyclic0007:v4.7.0-stable Cyclic0007:v4.6.0-stable Cyclic0007:v4.5.0-stable Cyclic0007:v4.4.0-stable Cyclic0007:v4.3.0-stable Cyclic0007:v4.2.0c Cyclic0007:v4.2.0-stable Cyclic0007:wolfRand-RC2 Cyclic0007:v4.1.0-stable Cyclic0007:wolfRand-RC1 Cyclic0007:v4.0.0-stable Cyclic0007:list Cyclic0007:WCv4-rng-stable Cyclic0007:v3.15.8 Cyclic0007:v3.15.7-stable Cyclic0007:v3.15.6 Cyclic0007:v3.15.5a Cyclic0007:v3.15.5-stable Cyclic0007:WCv4.0-RC9 Cyclic0007:WCv4.0-RC8 Cyclic0007:WCv4.0-RC7 Cyclic0007:v3.15.3-stable Cyclic0007:l Cyclic0007:WCv4-stable Cyclic0007:v3.15.0-stable Cyclic0007:v3.14.5 Cyclic0007:WCv4.0-RC6 Cyclic0007:WCv4.0-RC5 Cyclic0007:WCv4.0-RC4 Cyclic0007:v3.14.4 Cyclic0007:WCv4.0-RC3 Cyclic0007:WCv4.0-RC2 Cyclic0007:WCv4.0-RC1 Cyclic0007:v3.14.2 Cyclic0007:v3.14.0b Cyclic0007:v3.14.0a Cyclic0007:v3.14.0-stable Cyclic0007:v3.13.3 Cyclic0007:v3.13.2 Cyclic0007:v3.13.0-stable Cyclic0007:v3.12.2-stable Cyclic0007:v3.12.0-stable Cyclic0007:v3.11.1-tls13-beta Cyclic0007:v3.11.0-stable Cyclic0007:v3.10.4 Cyclic0007:v3.10.3 Cyclic0007:v3.10.2-stable Cyclic0007:v3.10.0a Cyclic0007:v3.10.0-stable Cyclic0007:v3.9.10b Cyclic0007:v3.9.10-stable Cyclic0007:v3.9.8 Cyclic0007:v3.9.6w Cyclic0007:v3.9.6 Cyclic0007:v3.9.1 Cyclic0007:v3.9.0 Cyclic0007:v3.8.0 Cyclic0007:v3.7.3 Cyclic0007:v3.7.1 Cyclic0007:v3.7.0 Cyclic0007:v3.6.9d Cyclic0007:v3.69.d Cyclic0007:v3.6.9c Cyclic0007:v3.6.9b Cyclic0007:v3.6.9 Cyclic0007:v3.6.8 Cyclic0007:v3.6.6 Cyclic0007:v3.6.2 Cyclic0007:v3.6.0b Cyclic0007:v3.6.0 Cyclic0007:v3.4.8 Cyclic0007:v3.4.6 Cyclic0007:v3.4.2 Cyclic0007:v3.4.0 Cyclic0007:v3.3.3 Cyclic0007:v3.3.2 Cyclic0007:v3.3.0 Cyclic0007:v3.2.6 Cyclic0007:v3.2.4 Cyclic0007:v3.2.0 Cyclic0007:v3.1.0 Cyclic0007:v3.0.2 Cyclic0007:v3.0.0 Cyclic0007:v2.9.4 Cyclic0007:v2.9.2 Cyclic0007:v2.9.1 Cyclic0007:v0.5 Cyclic0007:v2.9.0 Cyclic0007:v2.8.6 Cyclic0007:v2.8.5a Cyclic0007:v2.8.5 Cyclic0007:v2.8.4 Cyclic0007:v2.8.3 Cyclic0007:v2.8.2 Cyclic0007:v2.8.0 Cyclic0007:v2.7.2 Cyclic0007:v2.7.0 Cyclic0007:v2.6.2 Cyclic0007:v2.6.0 Cyclic0007:v2.5.2b Cyclic0007:v2.5.2 Cyclic0007:v2.5.0 Cyclic0007:v2.4.7 Cyclic0007:v2.4.6 Cyclic0007:v2.4.2 Cyclic0007:v2.4.0 Cyclic0007:v2.3.0 Cyclic0007:v2.2.2 Cyclic0007:v2.1.1 Cyclic0007:v2.2.1 Cyclic0007:v2.2.0 Cyclic0007:v2.1.4 Cyclic0007:v2.1.2 Cyclic0007:v2.0.8 Cyclic0007:v2.0.6 Cyclic0007:v2.0.3 Cyclic0007:v2.0.2 Cyclic0007:v2.0rc3 Cyclic0007:v2.0rc2b Cyclic0007:v2.0rc2 Cyclic0007:v2.0rc1 Cyclic0007:v1.9.0 Cyclic0007:v1.8.8.0

2 Commits
wolfEntrop ... WCv5.2.3-R

Author SHA1 Message Date
Lealem Amedie
064aace824 Add ability to switch to STD RSA method 2025-07-02 10:03:28 -06:00
kaleb-himes
844e961ff5 Check-in FIPS 140-3 PILOT changes 2023-08-28 15:43:24 -07:00
2295 changed files with 349517 additions and 1126578 deletions
Expand all files Collapse all files

40
.cyignore
View File

@@ -1,40 +0,0 @@
# wolfSSL folders
$(SEARCH_wolfssl)/IDE
$(SEARCH_wolfssl)/examples
$(SEARCH_wolfssl)/linuxkm
$(SEARCH_wolfssl)/mcapi
$(SEARCH_wolfssl)/mplabx
$(SEARCH_wolfssl)/mqx
$(SEARCH_wolfssl)/tirtos
$(SEARCH_wolfssl)/tests
$(SEARCH_wolfssl)/testsuite
$(SEARCH_wolfssl)/wolfcrypt/src/port/autosar
$(SEARCH_wolfssl)/zephyr
# wolfSSL files
$(SEARCH_wolfssl)/wolfcrypt/src/aes_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_xts_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/aes_gcm_x86_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/chacha_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/fe_x25519_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/poly1305_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha256_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha512_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sha3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sm3_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha3-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-sha512-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-aes-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-curve25519.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha256-asm.S
$(SEARCH_wolfssl)/wolfcrypt/src/port/arm/thumb2-sha512-asm.S

10
.editorconfig
View File

@@ -1,10 +0,0 @@
# http://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 4
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

58
.github/ISSUE_TEMPLATE/bug_report.yaml vendored
View File

@@ -1,58 +0,0 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
labels: ["bug", "triage"]
body:
- type: markdown
attributes:
value: >
Thanks for reporting an bug. If you would prefer a private method,
please email support@wolfssl.com
- type: input
id: contact
attributes:
label: Contact Details
description: How can we get in touch with you if we need more info?
placeholder: ex. email@example.com
validations:
required: false
- type: input
id: version
attributes:
label: Version
description: What version were you using?
validations:
required: true
- type: textarea
id: details
attributes:
label: Description
description: |
Describe the issue in detail
Please include:
* Specific `./configure` options or `user_settings.h`
* Target and build environment
placeholder: |
Blinded by the light!
Code runs too fast. It's gone plaid!
...
validations:
required: true
- type: textarea
id: reproduce
attributes:
label: Reproduction steps
description: If possible please give instructions on how to reproduce.
placeholder: |
1. `./configure --enable-42`
2. `make question`
3.
...
validations:
required: false
- type: textarea
id: logs
attributes:
label: Relevant log output
description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
render: shell

28
.github/ISSUE_TEMPLATE/other.yaml vendored
View File

@@ -1,28 +0,0 @@
name: General Issue
description: Request support with an issue
labels: ["triage"]
body:
- type: markdown
attributes:
value: >
Thanks for reporting an issue. If you would prefer a private method,
please email support@wolfssl.com
- type: input
id: version
attributes:
label: Version
description: What version were you using?
validations:
required: true
- type: textarea
id: details
attributes:
label: Description
description: |
Describe the issue in detail.
Please include specific configuration options or user_settings.h
placeholder: |
`./configure --enable-world-domination` fails
...
validations:
required: true

16
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,16 +0,0 @@
# Description
Please describe the scope of the fix or feature addition.
Fixes zd#
# Testing
How did you test?
# Checklist
- [ ] added tests
- [ ] updated/added doxygen
- [ ] updated appropriate READMEs
- [ ] Updated manual and documentation

12
.github/SECURITY.md vendored
View File

@@ -1,12 +0,0 @@
# Security Policy
## Reporting a Vulnerability
If you discover a vulnerability, please report it to support@wolfssl.com
1. Include a detailed description
2. Include method to reproduce and/or method of discovery
3. We will evaluate the report promptly and respond to you with findings.
4. We will credit you with the report if you would like.
**Please keep the vulnerability private** until a fix has been released.

44
.github/workflows/async.yml vendored
View File

@@ -1,44 +0,0 @@
name: Async Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-asynccrypt --enable-all --enable-dtls13',
'--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2',
'--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"',
]
name: make check
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL async
run: |
./async-check.sh install
./configure ${{ matrix.config }}
make check
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

70
.github/workflows/curl.yml vendored
View File

@@ -1,70 +0,0 @@
name: curl Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-curl
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-curl
path: build-dir
retention-days: 5
test_curl:
name: ${{ matrix.curl_ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 15
needs: build_wolfssl
strategy:
fail-fast: false
matrix:
curl_ref: [ 'master', 'curl-8_4_0' ]
steps:
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install nghttp2 libpsl5 libpsl-dev
sudo pip install impacket
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-curl
path: build-dir
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: curl/curl
path: curl
ref: ${{ matrix.curl_ref }}
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Test curl
working-directory: curl
run: make -j test-ci

60
.github/workflows/disabled/haproxy.yml vendored
View File

@@ -1,60 +0,0 @@
name: HaProxy Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
haproxy_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ master ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-quic --enable-haproxy
install: true
- name: Checkout VTest
uses: actions/checkout@v4
with:
repository: vtest/VTest
path: VTest
- name: Build VTest
working-directory: VTest
# Special flags due to: https://github.com/vtest/VTest/issues/12
run: make FLAGS='-O2 -s -Wall'
- name: Checkout HaProxy
uses: actions/checkout@v4
with:
repository: haproxy/haproxy
path: haproxy
ref: ${{ matrix.ref }}
- name: Build HaProxy
working-directory: haproxy
run: >-
make -j TARGET=linux-glibc DEBUG='-DDEBUG_MEMORY_POOLS -DDEBUG_STRICT'
USE_OPENSSL_WOLFSSL=1 USE_QUIC=1 SSL_INC=$GITHUB_WORKSPACE/build-dir/include/
SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib/ ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

292
.github/workflows/disabled/hostap.yml vendored
View File

@@ -1,292 +0,0 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-build2
wolf_extra_config: --enable-brainpool --enable-wpas-dpp
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 5
# Build wpa_supplicant with wolfSSL and hostapd with OpenSSL and interop.
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. hostap_cherry_pick is used to apply the
# commit that updates the certificates used for testing. Tests are read
# from the corresponding configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
},
]
# parallelize the tests to be able to run all tests within 10 minutes
# Update the <total server> in the ./run-tests.py step when changing.
server: [1, 2, 3, 4, 5]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-20.04
# This should be a safe limit for the tests to run.
timeout-minutes: 12
needs: build_wolfssl
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev linux-modules-extra-`uname -r` \
bridge-utils
sudo pip3 install pycryptodome
- name: Enable mac80211
run: |
sudo modprobe mac80211
lsmod | grep mac80211
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=-d" >> $GITHUB_ENV
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: Setup d-bus
working-directory: wolfssl/.github/workflows/hostap-files
run: |
sudo cp dbus-wpa_supplicant.conf /usr/share/dbus-1/system.d/wpa_supplicant.conf
sudo service dbus reload
# This is super hack-ish :P
# If you are trying to reproduce this on a more generic system, you can
# just run `sudo apt install linux-modules-extra-$(uname -r)` and
# this should have the module in the package. No need to compile it.
- name: Compile and install mac80211_hwsim
working-directory: wolfssl/.github/workflows/hostap-files
run: |
# The tag will be the first two numbers of from uname -r
LINUX_TAG=$(uname -r | grep -oP '^\d+\.\d+')
# Download the correct version of the driver
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.c
wget https://raw.githubusercontent.com/torvalds/linux/v$LINUX_TAG/drivers/net/wireless/mac80211_hwsim.h
make
sudo make install
sudo modprobe mac80211_hwsim
lsmod | grep mac80211_hwsim
sudo rmmod mac80211_hwsim
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
fetch-depth: 0
- if: ${{ matrix.config.hostap_cherry_pick }}
name: Cherry pick certificate update
working-directory: hostap
run: git cherry-pick -n -X theirs ${{ matrix.config.hostap_cherry_pick }}
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
# Run tests in increments of 50 to cut down on the uploaded log size.
while mapfile -t -n 50 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
# Retry up to three times
for i in {1..3}; do
HWSIM_RES=0 # Not set when command succeeds
# Logs can grow quickly especially in debug mode
sudo rm -rf logs
sudo ./start.sh
sudo ./run-tests.py ${{ env.hostap_debug_flags }} --split ${{ matrix.server }}/5 $TESTS || HWSIM_RES=$?
sudo ./stop.sh
if [ "$HWSIM_RES" -eq "0" ]; then
break
fi
done
echo "test ran $i times"
if [ "$HWSIM_RES" -ne "0" ]; then
exit $HWSIM_RES
fi
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
- name: Change failure log permissions
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: hostap/tests/hwsim/
run: |
sudo chown -R $USER:$USER logs
zip -9 -r logs.zip logs/current
- name: Upload failure logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: hostap-logs-${{ env.our_job_run_id }}
path: hostap/tests/hwsim/logs.zip
retention-days: 5

43
.github/workflows/docker-Espressif.yml vendored
View File

@@ -1,43 +0,0 @@
name: Espressif examples tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
espressif_latest:
name: latest Docker container
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 12
container:
image: espressif/idf:latest
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v4_4:
name: v4.4 Docker container
runs-on: ubuntu-latest
container:
image: espressif/idf:release-v4.4
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
espressif_v5_0:
name: v5.0 Docker container
runs-on: ubuntu-latest
container:
image: espressif/idf:release-v5.0
steps:
- uses: actions/checkout@v4
- name: Initialize Espressif IDE and build examples
run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh

63
.github/workflows/docker-OpenWrt.yml vendored
View File

@@ -1,63 +0,0 @@
# This workflow tests out new libraries with existing OpenWrt builds to check
# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
name: OpenWrt test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
name: Compile libwolfssl.so
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
container:
image: alpine:latest
steps:
- name: Install required tools
run: apk add argp-standalone asciidoc bash bc binutils bzip2 cdrkit coreutils diffutils elfutils-dev findutils flex musl-fts-dev g++ gawk gcc gettext git grep intltool libxslt linux-headers make musl-libintl musl-obstack-dev ncurses-dev openssl-dev patch perl python3-dev rsync tar unzip util-linux wget zlib-dev autoconf automake libtool
- uses: actions/checkout@v4
- name: Compile libwolfssl.so
run: ./autogen.sh && ./configure --enable-all && make
- name: Upload libwolfssl.so
uses: actions/upload-artifact@v4
with:
name: openwrt-libwolfssl.so
path: src/.libs/libwolfssl.so
retention-days: 5
compile_container:
name: Compile container
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 2
needs: build_library
strategy:
fail-fast: false
matrix:
release: [ "22.03.6", "21.02.7" ] # some other versions: 21.02.0 21.02.5 22.03.0 22.03.3 snapshot
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/download-artifact@v4
with:
name: openwrt-libwolfssl.so
path: Docker/OpenWrt/.
- name: Build but dont push
uses: docker/build-push-action@v5
with:
context: Docker/OpenWrt
platforms: linux/amd64
push: false
tags: openwrt-test:latest
build-args: DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-${{ matrix.release }}
cache-from: type=gha
cache-to: type=gha,mode=max

101
.github/workflows/grpc.yml vendored
View File

@@ -1,101 +0,0 @@
name: grpc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-grpc
path: build-dir
retention-days: 5
grpc_check:
strategy:
fail-fast: false
matrix:
include:
- ref: v1.60.0
tests: >-
bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
crl_ssl_transport_security_test server_ssl_test
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Confirm IPv4 and IPv6 support
run: |
ip addr list lo | grep 'inet '
ip addr list lo | grep 'inet6 '
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-grpc
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout grpc
uses: actions/checkout@v4
with:
repository: grpc/grpc
path: grpc
ref: ${{ matrix.ref }}
- name: Build grpc
working-directory: ./grpc
run: |
patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}
- name: Run grpc tests
working-directory: ./grpc
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
./tools/run_tests/start_port_server.py
for t in ${{ matrix.tests }} ; do
./cmake/build/$t
done

103
.github/workflows/hitch.yml vendored
View File

@@ -1,103 +0,0 @@
name: hitch Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-hitch
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
retention-days: 5
hitch_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 1.7.3
ignore-tests: >-
test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make
- name: Checkout hitch
uses: actions/checkout@v4
with:
repository: varnish/hitch
ref: 1.7.3
path: hitch
# Do this before configuring so that it only detects the updated list of
# tests
- if: ${{ matrix.ignore-tests }}
name: Remove tests that we want to ignore
working-directory: ./hitch/src/tests
run: |
rm ${{ matrix.ignore-tests }}
- name: Configure and build hitch
run: |
cd $GITHUB_WORKSPACE/hitch/
patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch
autoreconf -ivf
SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir
make -j$(nproc)
- name: Confirm hitch built with wolfSSL
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
ldd src/hitch | grep wolfssl
- name: Run hitch tests, skipping ignored tests
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
make check

11
.github/workflows/hostap-files/Makefile vendored
View File

@@ -1,11 +0,0 @@
obj-m := mac80211_hwsim.o
KDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
default:
$(MAKE) -C $(KDIR) M=$(PWD) modules
install:
$(MAKE) -C $(KDIR) M=$(PWD) modules_install
depmod -A
clean:
$(MAKE) -C $(KDIR) M=$(PWD) clean

2
.github/workflows/hostap-files/README vendored
View File

@@ -1,2 +0,0 @@
Makefile and directory used in .github/workflows/hostap.yml to
compile the mac80211_hwsim kernel module.

122
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config vendored
View File

@@ -1,122 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y
CONFIG_IEEE80211BE=y

1677
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests vendored
View File

File diff suppressed because it is too large Load Diff

164
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config vendored
View File

@@ -1,164 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

120
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/hostapd.config vendored
View File

@@ -1,120 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y

656
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests vendored
View File

@@ -1,656 +0,0 @@
sae_pk
sae_pk_group_negotiation
sae_pk_sec_3
sae_pk_sec_5
sae_pk_group_20
sae_pk_group_21
sae_pk_group_20_sae_group_19
sae_pk_group_20_sae_group_21
sae_pk_group_19_sae_group_20
sae_pk_password_without_pk
sae_pk_only
sae_pk_modes
sae_pk_not_on_ap
sae_pk_mixed
sae_pk_mixed_immediate_confirm
sae_pk_missing_ie
sae_pk_unexpected_status
sae_pk_invalid_signature
sae_pk_invalid_fingerprint
sae_pk_and_psk
sae_pk_and_psk_invalid_password
sae_pk_invalid_pw
sae
sae_password_ecc
sae_pmksa_caching
sae_pmksa_caching_pmkid
sae_pmksa_caching_disabled
sae_groups
sae_group_nego
sae_group_nego_no_match
sae_anti_clogging
sae_forced_anti_clogging
sae_mixed
sae_and_psk
sae_and_psk2
sae_wpa3_roam
sae_mixed_mfp
sae_mfp
sae_missing_password
sae_key_lifetime_in_memory
sae_oom_wpas
sae_proto_ecc
sae_proto_ffc
sae_proto_commit_delayed
sae_proto_commit_replay
sae_proto_confirm_replay
sae_proto_hostapd
sae_proto_hostapd_ecc
sae_proto_hostapd_ffc
sae_proto_hostapd_status_126
sae_proto_hostapd_status_127
sae_reflection_attack_ecc
sae_reflection_attack_ecc_internal
sae_commit_override
sae_commit_override2
sae_commit_invalid_scalar_element_ap
sae_commit_invalid_element_ap
sae_commit_invalid_scalar_element_sta
sae_commit_invalid_element_sta
sae_anti_clogging_proto
sae_no_random
sae_invalid_anti_clogging_token_req
sae_password
sae_password_short
sae_password_long
sae_connect_cmd
sae_password_id
sae_password_id_ecc
sae_password_id_ffc
sae_password_id_only
sae_password_id_pwe_looping
sae_password_id_pwe_check_ap
sae_password_id_pwe_check_sta
sae_forced_anti_clogging_pw_id
sae_reauth
sae_sync
sae_confirm_immediate
sae_confirm_immediate2
sae_pwe_group_19
sae_pwe_group_20
sae_pwe_group_21
sae_pwe_group_28
sae_pwe_group_29
sae_pwe_group_30
sae_pwe_group_1
sae_pwe_group_2
sae_pwe_group_22
sae_pwe_h2e_only_ap
sae_pwe_h2e_only_ap_sta_forcing_loop
sae_pwe_loop_only_ap
sae_h2e_rejected_groups
sae_h2e_rejected_groups_unexpected
sae_h2e_password_id
sae_pwe_in_psk_ap
sae_auth_restart
sae_rsne_mismatch
sae_h2e_rsnxe_mismatch
sae_h2e_rsnxe_mismatch_retries
sae_h2e_rsnxe_mismatch_assoc
sae_h2e_rsnxe_mismatch_ap
sae_h2e_rsnxe_mismatch_ap2
sae_h2e_rsnxe_mismatch_ap3
sae_forced_anti_clogging_h2e
sae_forced_anti_clogging_h2e_loop
sae_okc
sae_okc_sta_only
sae_okc_pmk_lifetime
sae_pmk_lifetime
sae_and_psk_multiple_passwords
sae_pmf_roam
sae_ocv_pmk
sae_ocv_pmk_failure
sae_reject
eap_tls_pkcs8_pkcs5_v2_des3
eap_tls_pkcs8_pkcs5_v15
eap_tls_session_resumption
eap_tls_session_resumption_expiration
eap_tls_session_resumption_radius
eap_tls_sha512
eap_tls_sha384
eap_tls_ext_cert_check
eap_tls_errors
ap_wpa2_delayed_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission2
ap_wpa2_delayed_group_m1_retransmission
ap_wpa2_delayed_group_m1_retransmission_igtk
ap_wpa2_delayed_m1_m3_zero_tk
ap_wpa2_plaintext_m1_m3
ap_wpa2_plaintext_m1_m3_pmf
ap_wpa2_plaintext_m3
ap_wpa2_plaintext_group_m1
ap_wpa2_plaintext_group_m1_pmf
ap_wpa2_test_command_failures
ap_wpa2_gtk_initial_rsc_tkip
ap_wpa2_gtk_initial_rsc_ccmp
ap_wpa2_gtk_initial_rsc_ccmp_256
ap_wpa2_gtk_initial_rsc_gcmp
ap_wpa2_gtk_initial_rsc_gcmp_256
ap_wpa2_igtk_initial_rsc_aes_128_cmac
ap_wpa2_igtk_initial_rsc_bip_gmac_128
ap_wpa2_igtk_initial_rsc_bip_gmac_256
ap_wpa2_igtk_initial_rsc_bip_cmac_256
ap_wpa2_psk
ap_wpa2_psk_file
ap_wpa2_psk_file_keyid
ap_wpa2_psk_mem
ap_wpa2_ptk_rekey
ap_wpa2_ptk_rekey_blocked_ap
ap_wpa2_ptk_rekey_blocked_sta
ap_wpa2_ptk_rekey_anonce
ap_wpa2_ptk_rekey_ap
ap_wpa2_sha256_ptk_rekey
ap_wpa2_sha256_ptk_rekey_ap
ap_wpa2_psk_file_errors
ap_wpa2_psk_wildcard_ssid
ap_wpa2_gtk_rekey
ap_wpa2_gtk_rekey_request
ap_wpa2_gtk_rekey_failure
ap_wpa2_gtk_rekey_fail_1_sta
ap_wpa2_gmk_rekey
ap_wpa2_strict_rekey
ap_wpa2_psk_ext
ap_wpa2_psk_unexpected
ap_wpa2_psk_ext_retry_msg_3
ap_wpa2_psk_ext_retry_msg_3b
ap_wpa2_psk_ext_retry_msg_3c
ap_wpa2_psk_ext_retry_msg_3d
ap_wpa2_psk_ext_retry_msg_3e
ap_wpa2_psk_ext_delayed_ptk_rekey
ap_wpa2_psk_ext_eapol
ap_wpa2_psk_ext_eapol_retry1
ap_wpa2_psk_ext_eapol_retry1b
ap_wpa2_psk_ext_eapol_retry1c
ap_wpa2_psk_ext_eapol_retry1d
ap_wpa2_psk_ext_eapol_type_diff
ap_wpa2_psk_ext_eapol_key_info
ap_wpa2_psk_supp_proto
ap_wpa2_psk_supp_proto_no_ie
ap_wpa2_psk_supp_proto_ie_mismatch
ap_wpa2_psk_supp_proto_ok
ap_wpa2_psk_supp_proto_no_gtk
ap_wpa2_psk_supp_proto_anonce_change
ap_wpa2_psk_supp_proto_unexpected_group_msg
ap_wpa2_psk_supp_proto_msg_1_invalid_kde
ap_wpa2_psk_supp_proto_wrong_pairwise_key_len
ap_wpa2_psk_supp_proto_wrong_group_key_len
ap_wpa2_psk_supp_proto_gtk_tx_bit_workaround
ap_wpa2_psk_supp_proto_gtk_keyidx_0_and_3
ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_kde
ap_wpa2_psk_supp_proto_gtk_not_encrypted
ap_wpa2_psk_wep
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
ap_wpa2_psk_no_random
ap_wpa2_psk_assoc_rsn
ap_wpa2_psk_ft_workaround
ap_wpa2_psk_assoc_rsn_pmkid
ap_wpa2_eapol_retry_limit
ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
ap_wpa2_psk_rsnxe_mismatch_ap
ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
ap_wpa2_eap_sim
ap_wpa2_eap_sim_imsi_identity
ap_wpa2_eap_sim_imsi_privacy_key
ap_wpa2_eap_sim_imsi_privacy_attr
ap_wpa2_eap_sim_sql
ap_wpa2_eap_sim_config
ap_wpa2_eap_sim_id_0
ap_wpa2_eap_sim_id_1
ap_wpa2_eap_sim_id_2
ap_wpa2_eap_sim_id_3
ap_wpa2_eap_sim_ext
ap_wpa2_eap_sim_ext_replace_sim
ap_wpa2_eap_sim_ext_replace_sim2
ap_wpa2_eap_sim_ext_replace_sim3
ap_wpa2_eap_sim_ext_auth_fail
ap_wpa2_eap_sim_change_bssid
ap_wpa2_eap_sim_no_change_set
ap_wpa2_eap_sim_ext_anonymous
ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
ap_wpa2_eap_sim_oom
ap_wpa2_eap_aka
ap_wpa2_eap_aka_imsi_identity
ap_wpa2_eap_aka_imsi_privacy_key
ap_wpa2_eap_aka_imsi_privacy_attr
ap_wpa2_eap_aka_imsi_privacy_key_expired
ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime_imsi_identity
ap_wpa2_eap_aka_prime_imsi_privacy_key
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_pap
ap_wpa2_eap_ttls_pap_subject_match
ap_wpa2_eap_ttls_pap_check_cert_subject
ap_wpa2_eap_ttls_pap_incorrect_password
ap_wpa2_eap_ttls_chap
ap_wpa2_eap_ttls_chap_altsubject_match
ap_wpa2_eap_ttls_chap_incorrect_password
ap_wpa2_eap_ttls_mschap
ap_wpa2_eap_ttls_mschap_incorrect_password
ap_wpa2_eap_ttls_mschapv2
ap_wpa2_eap_ttls_invalid_phase2
ap_wpa2_eap_ttls_mschapv2_suffix_match
ap_wpa2_eap_ttls_mschapv2_domain_match
ap_wpa2_eap_ttls_mschapv2_incorrect_password
ap_wpa2_eap_ttls_mschapv2_utf8
ap_wpa2_eap_ttls_eap_gtc
ap_wpa2_eap_ttls_eap_gtc_incorrect_password
ap_wpa2_eap_ttls_eap_gtc_no_password
ap_wpa2_eap_ttls_eap_gtc_server_oom
ap_wpa2_eap_ttls_eap_gtc_oom
ap_wpa2_eap_ttls_eap_md5
ap_wpa2_eap_ttls_eap_md5_incorrect_password
ap_wpa2_eap_ttls_eap_md5_no_password
ap_wpa2_eap_ttls_eap_md5_server_oom
ap_wpa2_eap_ttls_eap_mschapv2
ap_wpa2_eap_ttls_eap_mschapv2_no_password
ap_wpa2_eap_ttls_eap_mschapv2_server_oom
ap_wpa2_eap_ttls_eap_sim
ap_wpa2_eap_ttls_eap_sim_ext
ap_wpa2_eap_ttls_eap_vendor
ap_wpa2_eap_peap_eap_sim
ap_wpa2_eap_peap_eap_sim_ext
ap_wpa2_eap_fast_eap_sim_ext
ap_wpa2_eap_ttls_eap_aka
ap_wpa2_eap_peap_eap_aka
ap_wpa2_eap_peap_eap_mschapv2
ap_wpa2_eap_peap_eap_mschapv2_domain
ap_wpa2_eap_peap_eap_mschapv2_incorrect_password
ap_wpa2_eap_peap_crypto_binding
ap_wpa2_eap_peap_crypto_binding_server_oom
ap_wpa2_eap_peap_params
ap_wpa2_eap_peap_eap_gtc
ap_wpa2_eap_peap_eap_tls
ap_wpa2_eap_peap_eap_vendor
ap_wpa2_eap_tls
ap_wpa2_eap_tls_blob
ap_wpa2_eap_tls_blob_pem
ap_wpa2_eap_tls_blob_missing
ap_wpa2_eap_tls_with_tls_len
ap_wpa2_eap_tls_pkcs12
ap_wpa2_eap_tls_pkcs12_blob
ap_wpa2_eap_tls_pkcs12_blob_pem
ap_wpa2_eap_tls_diff_ca_trust
ap_wpa2_eap_tls_diff_ca_trust2
ap_wpa2_eap_tls_diff_ca_trust3
ap_wpa2_eap_tls_neg_suffix_match
ap_wpa2_eap_tls_neg_domain_match
ap_wpa2_eap_tls_neg_subject_match
ap_wpa2_eap_tls_neg_altsubject_match
ap_wpa2_eap_unauth_tls
ap_wpa2_eap_ttls_server_cert_hash
ap_wpa2_eap_ttls_server_cert_hash_invalid
ap_wpa2_eap_pwd
ap_wpa2_eap_pwd_nthash
ap_wpa2_eap_pwd_salt_sha1
ap_wpa2_eap_pwd_salt_sha256
ap_wpa2_eap_pwd_salt_sha512
ap_wpa2_eap_pwd_groups
ap_wpa2_eap_pwd_invalid_group
ap_wpa2_eap_pwd_disabled_group
ap_wpa2_eap_pwd_as_frag
ap_wpa2_eap_gpsk
ap_wpa2_eap_sake
ap_wpa2_eap_eke
ap_wpa2_eap_eke_many
ap_wpa2_eap_eke_serverid_nai
ap_wpa2_eap_eke_server_oom
ap_wpa2_eap_ikev2
ap_wpa2_eap_ikev2_as_frag
ap_wpa2_eap_ikev2_oom
ap_wpa2_eap_pax
ap_wpa2_eap_psk
ap_wpa2_eap_psk_oom
ap_wpa2_eap_interactive
ap_wpa2_eap_ext_enable_network_while_connected
ap_wpa2_eap_vendor_test
ap_wpa2_eap_vendor_test_oom
ap_wpa2_eap_fast_gtc_identity_change
ap_wpa2_eap_fast_eap_vendor
ap_wpa2_eap_tls_ocsp
ap_wpa2_eap_tls_ocsp_multi
ap_wpa2_eap_tls_ocsp_key_id
ap_wpa2_eap_tls_ocsp_ca_signed_good
ap_wpa2_eap_tls_ocsp_ca_signed_revoked
ap_wpa2_eap_tls_ocsp_ca_signed_unknown
ap_wpa2_eap_tls_ocsp_server_signed
ap_wpa2_eap_tls_ocsp_invalid_data
ap_wpa2_eap_tls_ocsp_invalid
ap_wpa2_eap_tls_ocsp_unknown_sign
ap_wpa2_eap_tls_intermediate_ca
ap_wpa2_eap_tls_ocsp_multi_revoked
ap_wpa2_eap_tls_domain_suffix_match_cn_full
ap_wpa2_eap_tls_domain_match_cn
ap_wpa2_eap_tls_domain_suffix_match_cn
ap_wpa2_eap_tls_domain_suffix_mismatch_cn
ap_wpa2_eap_tls_domain_mismatch_cn
ap_wpa2_eap_ttls_long_duration
ap_wpa2_eap_ttls_server_cert_eku_client
ap_wpa2_eap_ttls_server_cert_eku_client_server
ap_wpa2_eap_ttls_server_pkcs12
ap_wpa2_eap_ttls_server_pkcs12_extra
ap_wpa2_eap_ttls_dh_params_server
ap_wpa2_eap_ttls_dh_params_dsa_server
ap_wpa2_eap_ttls_dh_params_not_found
ap_wpa2_eap_ttls_dh_params_invalid
ap_wpa2_eap_reauth
ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
ap_wpa2_eap_request_identity_message
ap_wpa2_eap_sim_aka_result_ind
ap_wpa2_eap_sim_zero_db_timeout
ap_wpa2_eap_too_many_roundtrips
ap_wpa2_eap_too_many_roundtrips_server
ap_wpa2_eap_too_many_roundtrips_server2
ap_wpa2_eap_expanded_nak
ap_wpa2_eap_sql
ap_wpa2_eap_non_ascii_identity
ap_wpa2_eap_non_ascii_identity2
ap_wpa2_eap_unexpected_wep_eapol_key
ap_wpa2_eap_session_ticket
ap_wpa2_eap_no_workaround
ap_wpa2_eap_tls_check_crl
ap_wpa2_eap_tls_check_crl_not_strict
ap_wpa2_eap_tls_crl_reload
ap_wpa2_eap_tls_check_cert_subject
ap_wpa2_eap_tls_check_cert_subject_neg
ap_wpa2_eap_tls_oom
ap_wpa2_eap_tls_macacl
ap_wpa2_eap_oom
ap_wpa2_eap_tls_13
ap_wpa2_eap_tls_13_ocsp
ap_wpa2_eap_tls_13_missing_prot_success
ap_wpa2_eap_tls_13_fragmentation
ap_wpa2_eap_ttls_13
ap_wpa2_eap_peap_13
ap_wpa2_eap_tls_13_ec
ap_wpa2_eap_sim_db
ap_wpa2_eap_sim_db_sqlite
ap_wpa2_eap_assoc_rsn
ap_wpa2_eap_status
ap_wpa2_eap_gpsk_ptk_rekey_ap
ap_wpa2_eap_wildcard_ssid
ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_tls_tod
ap_wpa2_eap_tls_tod_tofu
ap_wpa2_eap_sake_no_control_port
dpp_network_intro_version
dpp_network_intro_version_change
dpp_network_intro_version_missing_req
dpp_tcp_pkex
dpp_tcp_pkex_auto_connect_2
dpp_tcp_pkex_auto_connect_2_status
dpp_tcp_pkex_auto_connect_2_status_fail
dpp_tcp_pkex_while_associated
dpp_tcp_pkex_while_associated_conn_status
dpp_controller_relay_pkex
dpp_push_button
dpp_push_button_session_overlap_sta
dpp_push_button_session_overlap_ap
dpp_push_button_session_overlap_configurator
dpp_push_button_2sta
dpp_push_button_r_hash_mismatch_sta
dpp_push_button_i_hash_mismatch_ap
dpp_push_button_r_hash_mismatch_ap
dpp_push_button_ext_conf
dpp_push_button_wpas_conf
dpp_private_peer_introduction
dpp_qr_code_parsing
dpp_uri_version
dpp_uri_supported_curves
dpp_uri_host
dpp_qr_code_parsing_fail
dpp_qr_code_curves
dpp_qr_code_curves_brainpool
dpp_qr_code_unsupported_curve
dpp_qr_code_keygen_fail
dpp_qr_code_auth_broadcast
dpp_configurator_enrollee_prime256v1
dpp_configurator_enrollee_secp384r1
dpp_configurator_enrollee_brainpoolP256r1
dpp_configurator_enrollee_brainpoolP384r1
dpp_configurator_enrollee_brainpoolP512r1
dpp_configurator_enroll_conf
dpp_qr_code_curve_prime256v1
dpp_qr_code_curve_secp384r1
dpp_qr_code_curve_secp521r1
dpp_qr_code_curve_brainpoolP256r1
dpp_qr_code_curve_brainpoolP384r1
dpp_qr_code_curve_brainpoolP512r1
dpp_qr_code_set_key
dpp_qr_code_auth_mutual
dpp_qr_code_auth_mutual_p_256
dpp_qr_code_auth_mutual_p_384
dpp_qr_code_auth_mutual_p_521
dpp_qr_code_auth_mutual_bp_256
dpp_qr_code_auth_mutual_bp_384
dpp_qr_code_auth_mutual_bp_512
dpp_auth_resp_retries
dpp_qr_code_auth_mutual_not_used
dpp_qr_code_auth_mutual_curve_mismatch
dpp_qr_code_auth_hostapd_mutual2
dpp_qr_code_listen_continue
dpp_qr_code_auth_initiator_enrollee
dpp_qr_code_auth_initiator_either_2
dpp_qr_code_auth_initiator_either_3
dpp_config_legacy
dpp_config_legacy_psk_hex
dpp_config_fragmentation
dpp_config_legacy_gen
dpp_config_legacy_gen_psk
dpp_config_dpp_gen_prime256v1
dpp_config_dpp_gen_secp384r1
dpp_config_dpp_gen_secp521r1
dpp_config_dpp_gen_expiry
dpp_config_dpp_gen_expired_key
dpp_config_dpp_gen_3rd_party
dpp_config_dpp_override_prime256v1
dpp_config_dpp_override_secp384r1
dpp_config_override_objects
dpp_config_signed_connector_error_no_dot_1
dpp_config_signed_connector_error_no_dot_2
dpp_config_signed_connector_error_unexpected_signature_len
dpp_config_no_csign
dpp_config_no_signed_connector
dpp_config_unexpected_signed_connector_char
dpp_config_root_not_an_object
dpp_config_no_wi_fi_tech
dpp_config_no_discovery
dpp_config_no_discovery_ssid
dpp_config_too_long_discovery_ssid
dpp_config_no_cred
dpp_config_no_cred_akm
dpp_config_error_legacy_no_pass
dpp_config_error_legacy_too_long_pass
dpp_config_error_legacy_psk_with_sae
dpp_config_error_legacy_no_pass_for_sae
dpp_config_error_legacy_invalid_psk
dpp_config_error_legacy_too_short_psk
dpp_config_connector_error_ext_sign
dpp_config_connector_error_too_short_timestamp
dpp_config_connector_error_invalid_timestamp
dpp_config_connector_error_invalid_timestamp_date
dpp_config_connector_error_expired_1
dpp_config_connector_error_expired_2
dpp_config_connector_error_expired_3
dpp_config_connector_error_expired_4
dpp_config_connector_error_expired_6
dpp_config_connector_error_no_groups
dpp_config_connector_error_empty_groups
dpp_config_connector_error_missing_group_id
dpp_config_connector_error_missing_net_role
dpp_config_connector_error_missing_net_access_key
dpp_config_connector_error_net_access_key_mismatch
dpp_akm_sha256
dpp_akm_sha384
dpp_akm_sha512
dpp_network_introduction
dpp_network_introduction_expired
dpp_and_sae_akm
dpp_ap_config
dpp_ap_config_p256_p256
dpp_ap_config_p256_p384
dpp_ap_config_p384_p256
dpp_ap_config_p384_p384
dpp_ap_config_p521_p256
dpp_ap_config_p521_p384
dpp_ap_config_bp256_bp256
dpp_ap_config_bp384_bp384
dpp_ap_config_bp512_bp512
dpp_ap_config_p256_bp256
dpp_ap_config_bp256_p256
dpp_ap_config_p521_bp512
dpp_ap_config_reconfig_configurator
dpp_auto_connect_legacy
dpp_auto_connect_legacy_ssid_charset
dpp_auto_connect_legacy_sae_1
dpp_auto_connect_legacy_sae_2
dpp_auto_connect_legacy_psk_sae_1
dpp_auto_connect_legacy_psk_sae_2
dpp_auto_connect_legacy_psk_sae_3
dpp_auto_connect_legacy_pmf_required
dpp_test_vector_p_256
dpp_test_vector_p_256_b
dpp_test_vector_p_521
dpp_pkex
dpp_pkex_v2
dpp_pkex_p256
dpp_pkex_p384
dpp_pkex_p521
dpp_pkex_bp256
dpp_pkex_bp384
dpp_pkex_bp512
dpp_pkex_config
dpp_pkex_no_identifier
dpp_pkex_identifier_mismatch
dpp_pkex_identifier_mismatch2
dpp_pkex_identifier_mismatch3
dpp_pkex_test_vector
dpp_pkex_code_mismatch
dpp_pkex_code_mismatch_limit
dpp_pkex_curve_mismatch
dpp_pkex_curve_mismatch_failure
dpp_pkex_curve_mismatch_failure2
dpp_pkex_exchange_resp_processing_failure
dpp_pkex_commit_reveal_req_processing_failure
dpp_pkex_config2
dpp_pkex_no_responder
dpp_pkex_after_retry
dpp_pkex_hostapd_responder
dpp_pkex_v2_hostapd_responder
dpp_pkex_hostapd_initiator
dpp_pkex_v2_hostapd_initiator
dpp_pkex_hostapd_initiator_fallback
dpp_pkex_hostapd_initiator_no_response
dpp_pkex_hostapd_errors
dpp_pkex_nak_curve_change
dpp_pkex_nak_curve_change2
dpp_hostapd_configurator
dpp_hostapd_configurator_responder
dpp_hostapd_configurator_fragmentation
dpp_hostapd_enrollee_fragmentation
dpp_hostapd_enrollee_gas_timeout
dpp_hostapd_enrollee_gas_timeout_comeback
dpp_hostapd_enrollee_gas_errors
dpp_hostapd_enrollee_gas_proto
dpp_hostapd_enrollee_gas_tx_status_errors
dpp_hostapd_configurator_override_objects
dpp_own_config
dpp_own_config_group_id
dpp_proto_after_wrapped_data_auth_req
dpp_auth_req_stop_after_ack
dpp_auth_req_retries
dpp_auth_req_retries_multi_chan
dpp_proto_after_wrapped_data_auth_resp
dpp_proto_after_wrapped_data_auth_conf
dpp_proto_after_wrapped_data_conf_req
dpp_proto_after_wrapped_data_conf_resp
dpp_proto_stop_at_pkex_exchange_resp
dpp_proto_stop_at_pkex_cr_req
dpp_proto_stop_at_pkex_cr_resp
dpp_proto_network_introduction
dpp_hostapd_auth_conf_timeout
dpp_tcp
dpp_tcp_port
dpp_tcp_mutual
dpp_tcp_mutual_hostapd_conf
dpp_tcp_conf_init
dpp_tcp_conf_init_hostapd_enrollee
dpp_tcp_controller_management_hostapd
dpp_tcp_controller_management_hostapd2
dpp_tcp_controller_start_failure
dpp_tcp_init_failure
dpp_controller_rx_failure
dpp_controller_rx_errors
dpp_conn_status_success
dpp_conn_status_wrong_passphrase
dpp_conn_status_no_ap
dpp_conn_status_connector_mismatch
dpp_conn_status_assoc_reject
dpp_conn_status_success_hostapd_configurator
dpp_mud_url
dpp_mud_url_hostapd
dpp_config_save
dpp_config_save2
dpp_config_save3
dpp_nfc_uri
dpp_nfc_uri_hostapd
dpp_nfc_uri_hostapd_tag_read
dpp_nfc_negotiated_handover
dpp_nfc_negotiated_handover_diff_curve
dpp_nfc_negotiated_handover_hostapd_sel
dpp_nfc_negotiated_handover_hostapd_req
dpp_nfc_errors_hostapd
dpp_with_p2p_device
dpp_pfs_ap_0
dpp_pfs_ap_1
dpp_pfs_ap_2
dpp_pfs_connect_cmd
dpp_pfs_connect_cmd_ap_2
dpp_pfs_connect_cmd_ap_2_sae
dpp_pfs_ap_0_sta_ver1
dpp_pfs_errors
dpp_qr_code_auth_rand_mac_addr
dpp_enterprise
dpp_enterprise_tcp
dpp_enterprise_tcp2
dpp_qr_code_config_event_initiator
dpp_qr_code_config_event_initiator_set_comeback
dpp_qr_code_config_event_initiator_slow
dpp_qr_code_config_event_initiator_failure
dpp_qr_code_config_event_initiator_no_response
dpp_qr_code_config_event_initiator_both
dpp_tcp_qr_code_config_event_initiator
dpp_discard_public_action

163
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/wpa_supplicant.config vendored
View File

@@ -1,163 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

47
.github/workflows/hostap-files/configs/hostap_2_10/extra.patch vendored
View File

@@ -1,47 +0,0 @@
From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Apr 2024 16:41:38 +0200
Subject: [PATCH] Fixes for running tests under UML
- Apply commit ID fix from more recent commit
- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
---
src/crypto/crypto_wolfssl.c | 2 +-
tests/hwsim/run-all.sh | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 00ecf61352..a57fa50697 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
int ret = -1;
WC_RNG rng;
DhKey *dh = NULL;
- word32 priv_sz, pub_sz;
+ word32 priv_sz = prime_len, pub_sz = prime_len;
if (TEST_FAIL())
return -1;
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
index ee48cd0581..75c3a58b52 100755
--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
@@ -15,7 +15,13 @@ export LOGDIR
if [ -z "$DBFILE" ]; then
DB=""
else
- DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+ DB="-S $DBFILE"
+ if [ -z "$COMMITID" ]; then
+ COMMITID="$(git rev-parse HEAD)"
+ fi
+ if [ -n "$COMMITID" ]; then
+ DB="$DB --commit $COMMITID"
+ fi
if [ -n "$BUILD" ]; then
DB="$DB -b $BUILD"
fi
--
2.34.1

119
.github/workflows/hostap-files/configs/hostap_2_10/hostapd.config vendored
View File

@@ -1,119 +0,0 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
#CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
#CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
#CONFIG_DPP=y
#CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y

270
.github/workflows/hostap-files/configs/hostap_2_10/tests vendored
View File

@@ -1,270 +0,0 @@
sae
sae_password_ecc
sae_pmksa_caching
sae_pmksa_caching_pmkid
sae_pmksa_caching_disabled
sae_groups
sae_group_nego
sae_group_nego_no_match
sae_anti_clogging
sae_forced_anti_clogging
sae_mixed
sae_and_psk
sae_and_psk2
sae_wpa3_roam
sae_mixed_mfp
sae_mfp
sae_missing_password
sae_key_lifetime_in_memory
sae_oom_wpas
sae_proto_ecc
sae_proto_ffc
sae_proto_commit_delayed
sae_proto_commit_replay
sae_proto_confirm_replay
sae_proto_hostapd
sae_proto_hostapd_ecc
sae_proto_hostapd_ffc
sae_proto_hostapd_status_126
sae_proto_hostapd_status_127
sae_reflection_attack_ecc
sae_reflection_attack_ecc_internal
sae_commit_override
sae_commit_override2
sae_commit_invalid_scalar_element_ap
sae_commit_invalid_element_ap
sae_commit_invalid_scalar_element_sta
sae_commit_invalid_element_sta
sae_anti_clogging_proto
sae_no_random
sae_bignum_failure_unsafe_group
sae_invalid_anti_clogging_token_req
sae_password
sae_password_short
sae_password_long
sae_connect_cmd
sae_password_id
sae_password_id_ecc
sae_password_id_ffc
sae_password_id_only
sae_password_id_pwe_looping
sae_password_id_pwe_check_ap
sae_password_id_pwe_check_sta
sae_forced_anti_clogging_pw_id
sae_reauth
sae_sync
sae_confirm_immediate
sae_confirm_immediate2
sae_pwe_group_19
sae_pwe_group_20
sae_pwe_group_21
sae_pwe_group_1
sae_pwe_group_2
sae_pwe_group_22
sae_pwe_h2e_only_ap
sae_pwe_h2e_only_ap_sta_forcing_loop
sae_pwe_loop_only_ap
sae_h2e_rejected_groups
sae_h2e_rejected_groups_unexpected
sae_h2e_password_id
sae_pwe_in_psk_ap
sae_auth_restart
sae_rsne_mismatch
sae_h2e_rsnxe_mismatch
sae_h2e_rsnxe_mismatch_retries
sae_h2e_rsnxe_mismatch_assoc
sae_h2e_rsnxe_mismatch_ap
sae_h2e_rsnxe_mismatch_ap2
sae_h2e_rsnxe_mismatch_ap3
sae_forced_anti_clogging_h2e
sae_forced_anti_clogging_h2e_loop
sae_okc
sae_okc_sta_only
sae_okc_pmk_lifetime
sae_pmk_lifetime
sae_and_psk_multiple_passwords
sae_pmf_roam
sae_ocv_pmk
sae_ocv_pmk_failure
sae_reject
eap_tls_pkcs8_pkcs5_v2_des3
eap_tls_pkcs8_pkcs5_v15
eap_tls_sha512
eap_tls_sha384
eap_tls_errors
eap_proto_peap_errors_server
eap_proto_peap_errors
ap_wpa2_delayed_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission
ap_wpa2_delayed_m1_m3_retransmission2
ap_wpa2_delayed_group_m1_retransmission
ap_wpa2_delayed_group_m1_retransmission_igtk
ap_wpa2_delayed_m1_m3_zero_tk
ap_wpa2_plaintext_m1_m3
ap_wpa2_plaintext_m1_m3_pmf
ap_wpa2_plaintext_m3
ap_wpa2_plaintext_group_m1
ap_wpa2_plaintext_group_m1_pmf
ap_wpa2_test_command_failures
ap_wpa2_gtk_initial_rsc_tkip
ap_wpa2_gtk_initial_rsc_ccmp
ap_wpa2_gtk_initial_rsc_ccmp_256
ap_wpa2_gtk_initial_rsc_gcmp
ap_wpa2_gtk_initial_rsc_gcmp_256
ap_wpa2_igtk_initial_rsc_aes_128_cmac
ap_wpa2_igtk_initial_rsc_bip_gmac_128
ap_wpa2_igtk_initial_rsc_bip_gmac_256
ap_wpa2_igtk_initial_rsc_bip_cmac_256
ap_wpa2_psk
ap_wpa2_psk_file
ap_wpa2_psk_file_keyid
ap_wpa2_psk_mem
ap_wpa2_ptk_rekey
ap_wpa2_ptk_rekey_blocked_ap
ap_wpa2_ptk_rekey_blocked_sta
ap_wpa2_ptk_rekey_anonce
ap_wpa2_ptk_rekey_ap
ap_wpa2_sha256_ptk_rekey
ap_wpa2_sha256_ptk_rekey_ap
ap_wpa2_psk_file_errors
ap_wpa2_psk_wildcard_ssid
ap_wpa2_gtk_rekey
ap_wpa2_gtk_rekey_request
ap_wpa2_gtk_rekey_failure
ap_wpa2_gmk_rekey
ap_wpa2_strict_rekey
ap_wpa2_psk_ext
ap_wpa2_psk_unexpected
ap_wpa2_psk_ext_retry_msg_3
ap_wpa2_psk_ext_retry_msg_3b
ap_wpa2_psk_ext_retry_msg_3c
ap_wpa2_psk_ext_retry_msg_3d
ap_wpa2_psk_ext_retry_msg_3e
ap_wpa2_psk_ext_delayed_ptk_rekey
ap_wpa2_psk_ext_eapol
ap_wpa2_psk_ext_eapol_retry1
ap_wpa2_psk_ext_eapol_retry1b
ap_wpa2_psk_ext_eapol_retry1c
ap_wpa2_psk_ext_eapol_retry1d
ap_wpa2_psk_ext_eapol_type_diff
ap_wpa2_psk_ext_eapol_key_info
ap_wpa2_psk_wep
ap_wpa2_psk_ifdown
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
ap_wpa2_psk_no_random
ap_wpa2_psk_assoc_rsn
ap_wpa2_psk_ft_workaround
ap_wpa2_psk_assoc_rsn_pmkid
ap_wpa2_eapol_retry_limit
ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
ap_wpa2_psk_rsnxe_mismatch_ap
ap_wpa2_psk_ext_key_id_ptk_rekey_ap0
ap_wpa2_psk_ext_key_id_ptk_rekey_ap1
ap_wpa2_psk_ext_key_id_ptk_rekey_ap2
ap_wpa2_psk_ext_key_id_ptk_rekey_sta0
ap_wpa2_psk_ext_key_id_ptk_rekey_sta1
ap_wpa2_psk_ext_key_id_ptk_rekey_sta2
ap_wpa2_eap_sim
ap_wpa2_eap_sim_sql
ap_wpa2_eap_sim_config
ap_wpa2_eap_sim_id_0
ap_wpa2_eap_sim_id_1
ap_wpa2_eap_sim_id_2
ap_wpa2_eap_sim_id_3
ap_wpa2_eap_sim_ext
ap_wpa2_eap_sim_ext_replace_sim
ap_wpa2_eap_sim_ext_replace_sim2
ap_wpa2_eap_sim_ext_replace_sim3
ap_wpa2_eap_sim_ext_auth_fail
ap_wpa2_eap_sim_change_bssid
ap_wpa2_eap_sim_no_change_set
ap_wpa2_eap_sim_ext_anonymous
ap_wpa2_eap_sim_ext_anonymous_no_pseudonym
ap_wpa2_eap_sim_oom
ap_wpa2_eap_aka
ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime
ap_wpa2_eap_aka_prime_sql
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_invalid_phase2
ap_wpa2_eap_ttls_eap_vendor
ap_wpa2_eap_fast_eap_sim
ap_wpa2_eap_fast_eap_aka
ap_wpa2_eap_peap_params
ap_wpa2_eap_peap_eap_gtc
ap_wpa2_eap_peap_eap_vendor
ap_wpa2_eap_ttls_server_cert_hash
ap_wpa2_eap_ttls_server_cert_hash_invalid
ap_wpa2_eap_pwd
ap_wpa2_eap_pwd_nthash
ap_wpa2_eap_pwd_salt_sha1
ap_wpa2_eap_pwd_salt_sha256
ap_wpa2_eap_pwd_salt_sha512
ap_wpa2_eap_pwd_groups
ap_wpa2_eap_pwd_invalid_group
ap_wpa2_eap_pwd_disabled_group
ap_wpa2_eap_pwd_as_frag
ap_wpa2_eap_gpsk
ap_wpa2_eap_sake
ap_wpa2_eap_ikev2
ap_wpa2_eap_ikev2_as_frag
ap_wpa2_eap_ikev2_oom
ap_wpa2_eap_pax
ap_wpa2_eap_psk
ap_wpa2_eap_psk_oom
ap_wpa2_eap_interactive
ap_wpa2_eap_ext_enable_network_while_connected
ap_wpa2_eap_vendor_test
ap_wpa2_eap_vendor_test_oom
ap_wpa2_eap_ttls_ocsp_revoked
ap_wpa2_eap_ttls_ocsp_unknown
ap_wpa2_eap_ttls_optional_ocsp_unknown
ap_wpa2_eap_ttls_long_duration
ap_wpa2_eap_ttls_server_cert_eku_client
ap_wpa2_eap_ttls_server_cert_eku_client_server
ap_wpa2_eap_ttls_dh_params
ap_wpa2_eap_ttls_dh_params_dsa
ap_wpa2_eap_ttls_dh_params_not_found
ap_wpa2_eap_ttls_dh_params_invalid
ap_wpa2_eap_ttls_dh_params_blob
ap_wpa2_eap_ttls_dh_params_server
ap_wpa2_eap_ttls_dh_params_dsa_server
ap_wpa2_eap_reauth
ap_wpa2_eap_reauth_ptk_rekey_blocked_sta
ap_wpa2_eap_request_identity_message
ap_wpa2_eap_sim_aka_result_ind
ap_wpa2_eap_sim_zero_db_timeout
ap_wpa2_eap_too_many_roundtrips
ap_wpa2_eap_too_many_roundtrips_server
ap_wpa2_eap_too_many_roundtrips_server2
ap_wpa2_eap_expanded_nak
ap_wpa2_eap_sql
ap_wpa2_eap_non_ascii_identity
ap_wpa2_eap_non_ascii_identity2
ap_wpa2_eap_unexpected_wep_eapol_key
ap_wpa2_eap_oom
ap_wpa2_eap_sim_db
ap_wpa2_eap_sim_db_sqlite
ap_wpa2_eap_assoc_rsn
ap_wpa2_eap_status
ap_wpa2_eap_gpsk_ptk_rekey_ap
ap_wpa2_eap_wildcard_ssid
ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_sake_no_control_port

163
.github/workflows/hostap-files/configs/hostap_2_10/wpa_supplicant.config vendored
View File

@@ -1,163 +0,0 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
#CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
#CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
#CONFIG_DPP=y
#CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

23
.github/workflows/hostap-files/dbus-wpa_supplicant.conf vendored
View File

@@ -1,23 +0,0 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="fi.epitest.hostap.WPASupplicant"/>
<allow send_destination="fi.epitest.hostap.WPASupplicant"/>
<allow send_interface="fi.epitest.hostap.WPASupplicant"/>
<allow own="fi.w1.wpa_supplicant1"/>
<allow send_destination="fi.w1.wpa_supplicant1"/>
<allow send_interface="fi.w1.wpa_supplicant1"/>
<allow receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
<policy context="default">
<deny own="fi.epitest.hostap.WPASupplicant"/>
<deny send_destination="fi.epitest.hostap.WPASupplicant"/>
<deny send_interface="fi.epitest.hostap.WPASupplicant"/>
<deny own="fi.w1.wpa_supplicant1"/>
<deny send_destination="fi.w1.wpa_supplicant1"/>
<deny send_interface="fi.w1.wpa_supplicant1"/>
<deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/>
</policy>
</busconfig>

313
.github/workflows/hostap-vm.yml vendored
View File

@@ -1,313 +0,0 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-vm-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
retention-days: 5
build_uml_linux:
name: Build UML (UserMode Linux)
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
path: linux
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
run: |
cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
cd linux
yes "" | ARCH=um make -j $(nproc)
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. Tests are read from the corresponding
# configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-vm-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
},
{
hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
build_id: hostap-vm-build2
},
]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
run: tree
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark
sudo pip3 install pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
run: ./update.sh
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- name: Apply extra patches
working-directory: hostap
run: |
FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
if [ -f "$FILE" ]; then
patch -p1 < $FILE
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap and wpa_supplicant
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
cat <<EOF >> vm/vm-config
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
HWSIM_RES=0 # Not set when command succeeds
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$?
if [ "$HWSIM_RES" -ne "0" ]; then
# Let's re-run the failing tests. We gather the failed tests from the log file.
FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
printf 'failed tests: %s\n' "$FAILED_TESTS"
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
fi
rm -r /tmp/hwsim-test-logs
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
# The logs are quite big. It hasn't been useful so far so let's not waste
# precious gh space.
#- name: zip logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# working-directory: hostap/tests/hwsim/
# run: |
# rm /tmp/hwsim-test-logs/latest
# zip -9 -r logs.zip /tmp/hwsim-test-logs
#
#- name: Upload failure logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# uses: actions/upload-artifact@v4
# with:
# name: hostap-logs-${{ env.our_job_run_id }}
# path: hostap/tests/hwsim/logs.zip
# retention-days: 5

96
.github/workflows/krb5.yml vendored
View File

@@ -1,96 +0,0 @@
name: Kerberos 5 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 5
steps:
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-krb CC='gcc -fsanitize=address'
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
retention-days: 5
krb5_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.21.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout krb5
uses: actions/checkout@v4
with:
repository: krb5/krb5
ref: krb5-${{ matrix.ref }}-final
path: krb5
- name: Apply patch
working-directory: ./krb5
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/krb5/Patch-for-Kerberos-5-${{ matrix.ref }}.patch
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build krb5
working-directory: ./krb5/src
run: |
autoreconf -ivf
# Using rpath because LD_LIBRARY_PATH is overwritten during testing
export WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -I$GITHUB_WORKSPACE/build-dir/include/wolfssl -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
export WOLFSSL_LIBS="-lwolfssl -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib"
./configure --with-crypto-impl=wolfssl --with-tls-impl=wolfssl --disable-pkinit \
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address'
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j
- name: Run tests
working-directory: ./krb5/src
run: |
CFLAGS='-fsanitize=address' LDFLAGS='-fsanitize=address' make -j check

67
.github/workflows/libssh2.yml vendored
View File

@@ -1,67 +0,0 @@
name: libssh2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
check: false # config is already tested in many other PRB's
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
retention-days: 5
libssh2_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 1.11.0 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 8
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: libssh2/libssh2
ref: libssh2-${{ matrix.ref }}
path: libssh2
configure: --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm libssh2 built with wolfSSL
working-directory: ./libssh2
run: ldd src/.libs/libssh2.so | grep wolfssl

28
.github/workflows/macos-check.yml vendored Normal file
View File

@@ -0,0 +1,28 @@
name: macOS Build Test
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
- name: brew
run: brew install automake libtool
- name: autogen
run: ./autogen.sh
- name: configure
run: ./configure
- name: make
run: make
- name: make check
run: make check
- name: make distcheck
run: make distcheck

14
.github/workflows/memcached.sh vendored
View File

@@ -1,14 +0,0 @@
#!/bin/sh
if [ -z "$GITHUB_WORKSPACE" ]; then
echo '$GITHUB_WORKSPACE is not set'
exit 1
fi
if [ -z "$HOST_ROOT" ]; then
echo '$HOST_ROOT is not set'
exit 1
fi
chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \
-j$(nproc) PARALLEL=$(nproc) test_tls

116
.github/workflows/memcached.yml vendored
View File

@@ -1,116 +0,0 @@
name: memcached Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-memcached
install: true
- name: Bundle Docker entry point
run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
retention-days: 5
memcached_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 1.6.22
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl
- name: Checkout memcached
uses: actions/checkout@v4
with:
repository: memcached/memcached
ref: 1.6.22
path: memcached
- name: Configure and build memcached
run: |
cd $GITHUB_WORKSPACE/memcached/
patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_1.6.22.patch
./autogen.sh
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig ./configure --enable-wolfssl
make -j$(nproc)
- name: Confirm memcached built with wolfSSL
working-directory: ./memcached
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
ldd memcached | grep wolfssl
- name: Run memcached tests
working-directory: ./memcached
run: |
# Retry up to three times
# Using docker because interrupting the tests doesn't close running
# background servers. They can become daemonized and then all re-runs
# will always fail.
chmod +x $GITHUB_WORKSPACE/build-dir/bin/memcached.sh
for i in {1..3}; do
echo "-------- RUNNING TESTS --------"
MEMCACHED_RES=0 # Not set when command succeeds
# Tests should usually take less than 4 minutes. If already taking
# 5 minutes then they are probably stuck. Interrupt and re-run.
time timeout -s SIGKILL 5m docker run -v /:/host \
-v $GITHUB_WORKSPACE/build-dir/bin/memcached.sh:/memcached.sh \
-e GITHUB_WORKSPACE=$GITHUB_WORKSPACE \
-e HOST_ROOT=/host \
-e LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH \
alpine:latest /memcached.sh || MEMCACHED_RES=$?
if [ "$MEMCACHED_RES" -eq "0" ]; then
break
fi
done
echo "test ran $i times"
if [ "$MEMCACHED_RES" -ne "0" ]; then
exit $MEMCACHED_RES
fi

63
.github/workflows/multi-arch.yml vendored
View File

@@ -1,63 +0,0 @@
name: Multiple architectures
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
name: Multi-arch test
strategy:
fail-fast: false
matrix:
include:
- HOST: aarch64-linux-gnu
CC: aarch64-linux-gnu-gcc
ARCH: arm64
EXTRA_OPTS: --enable-sp-asm --enable-armasm
- HOST: arm-linux-gnueabihf
CC: arm-linux-gnueabihf-gcc
ARCH: armhf
EXTRA_OPTS: --enable-sp-asm
- HOST: riscv64-linux-gnu
CC: riscv64-linux-gnu-gcc
ARCH: riscv64
# Config to ensure CPUs without Thumb instructions compiles
- HOST: arm-linux-gnueabi
CC: arm-linux-gnueabi-gcc
CFLAGS: -marm -DWOLFSSL_SP_ARM_ARCH=6
ARCH: armel
EXTRA_OPTS: --enable-sp-asm
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Install Compiler
run: |
sudo apt update
sudo apt install -y crossbuild-essential-${{ matrix.ARCH }} qemu-user
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}
CFLAGS: ${{ matrix.CFLAGS }}
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f config.log ] ; then
cat config.log
fi
- name: Run WolfCrypt Tests
env:
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./wolfcrypt/test/testwolfcrypt

62
.github/workflows/multi-compiler.yml vendored
View File

@@ -1,62 +0,0 @@
name: Multiple compilers and versions
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:
name: Compiler test
strategy:
fail-fast: false
matrix:
include:
- CC: gcc-9
CXX: g++-9
OS: ubuntu-latest
- CC: gcc-10
CXX: g++-10
OS: ubuntu-latest
- CC: gcc-11
CXX: g++-11
OS: ubuntu-latest
- CC: gcc-12
CXX: g++-12
OS: ubuntu-latest
- CC: clang-10
CXX: clang++-10
OS: ubuntu-20.04
- CC: clang-11
CXX: clang++-11
OS: ubuntu-20.04
- CC: clang-12
CXX: clang++-12
OS: ubuntu-20.04
- CC: clang-13
CXX: clang++-13
OS: ubuntu-latest
- CC: clang-14
CXX: clang++-14
OS: ubuntu-latest
runs-on: ${{ matrix.OS }}
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- uses: actions/checkout@v4
- name: Build
env:
CC: ${{ matrix.CC }}
CXX: ${{ matrix.CXX }}
run: ./autogen.sh && ./configure && make && make dist
- name: Show log on errors
if: ${{ failure() }}
run: |
cat config.log

219
.github/workflows/nginx.yml vendored
View File

@@ -1,219 +0,0 @@
name: nginx Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
# We don't use --enable-debug since it makes the logs too loud
echo "wolf_debug_flags= CFLAGS='-g3 -O0'" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-nginx ${{ env.wolf_debug_flags }}
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
retention-days: 5
nginx_check:
strategy:
fail-fast: false
matrix:
include:
# in general we want to pass all tests that match *ssl*
- ref: 1.25.0
test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592
# Following tests pass with sanitizer on
sanitize-ok: >-
h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t
mail_ssl.t proxy_ssl_certificate_empty.t proxy_ssl_certificate.t
proxy_ssl_certificate_vars.t proxy_ssl_conf_command.t proxy_ssl_name.t
ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t
ssl_crl.t ssl_curve.t ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t
ssl_proxy_protocol.t ssl_proxy_upgrade.t ssl_reject_handshake.t
ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_reneg.t
ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t ssl_verify_client.t
ssl_verify_depth.t stream_proxy_ssl_certificate.t stream_proxy_ssl_certificate_vars.t
stream_proxy_ssl_conf_command.t stream_proxy_ssl_name_complex.t
stream_proxy_ssl_name.t stream_ssl_certificate.t stream_ssl_conf_command.t
stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t stream_ssl_preread.t
stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t stream_ssl_variables.t
stream_ssl_verify_client.t stream_upstream_zone_ssl.t upstream_zone_ssl.t
uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t uwsgi_ssl.t
uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
proxy_request_buffering_ssl.t proxy_ssl_keepalive.t proxy_ssl.t
proxy_ssl_verify.t stream_proxy_protocol_ssl.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t stream_ssl_alpn.t
- ref: 1.24.0
test-ref: 212d9d003886e3a24542855fb60355a417f037de
# Following tests pass with sanitizer on
sanitize-ok: >-
h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t h2_ssl_verify_client.t
mail_imap_ssl.t mail_ssl_conf_command.t mail_ssl_session_reuse.t mail_ssl.t
proxy_ssl_certificate_empty.t proxy_ssl_certificate.t proxy_ssl_certificate_vars.t
proxy_ssl_name.t ssl_certificate_chain.t ssl_certificate_perl.t ssl_certificates.t
ssl_certificate.t ssl_client_escaped_cert.t ssl_conf_command.t ssl_crl.t
ssl_engine_keys.t ssl_ocsp.t ssl_password_file.t ssl_proxy_protocol.t
ssl_proxy_upgrade.t ssl_reject_handshake.t ssl_session_reuse.t
ssl_session_ticket_key.t ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t
ssl_stapling.t ssl.t ssl_verify_client.t stream_proxy_ssl_certificate.t
stream_proxy_ssl_certificate_vars.t stream_proxy_ssl_name_complex.t
stream_proxy_ssl_name.t stream_ssl_alpn.t stream_ssl_certificate.t
stream_ssl_conf_command.t stream_ssl_preread_alpn.t stream_ssl_preread_protocol.t
stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
uwsgi_ssl.t uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
proxy_request_buffering_ssl.t proxy_ssl_conf_command.t proxy_ssl_keepalive.t
proxy_ssl.t proxy_ssl_verify.t ssl_curve.t ssl_verify_depth.t
stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t stream_proxy_ssl.t
stream_proxy_ssl_verify.t
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
- name: Install dependencies
run: |
sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
- name: Checkout wolfssl-nginx
uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl-nginx
path: wolfssl-nginx
- name: Checkout nginx
uses: actions/checkout@v4
with:
repository: nginx/nginx
path: nginx
ref: release-${{ matrix.ref }}
- name: Apply nginx patch
working-directory: nginx
run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl.patch
- if: ${{ runner.debug }}
name: Apply nginx debug patch
working-directory: nginx
run: patch -p1 < ../wolfssl-nginx/nginx-${{ matrix.ref }}-wolfssl-debug.patch
- name: Checkout nginx-tests
uses: actions/checkout@v4
with:
repository: nginx/nginx-tests
path: nginx-tests
ref: ${{ matrix.test-ref }}
- name: Apply nginx-tests patch
working-directory: nginx-tests
run: patch -p1 < ../wolfssl-nginx/nginx-tests-patches/*${{ matrix.test-ref }}.patch
- name: Build nginx without sanitizer
working-directory: nginx
run: |
./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
--with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
--with-http_v2_module --with-mail --with-mail_ssl_module
make -j
- name: Confirm nginx built with wolfSSL
working-directory: nginx
run: ldd objs/nginx | grep wolfssl
- if: ${{ runner.debug }}
name: Run nginx-tests without sanitizer (debug)
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-not-ok }}
- if: ${{ !runner.debug }}
name: Run nginx-tests without sanitizer
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-not-ok }}
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "nginx_c_flags=-O0" >> $GITHUB_ENV
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- name: Build nginx with sanitizer
working-directory: nginx
run: |
./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
--with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
--with-http_v2_module --with-mail --with-mail_ssl_module \
--with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 ${{ env.nginx_c_flags }}' \
--with-ld-opt='-fsanitize=address ${{ env.nginx_c_flags }}'
make -j
- name: Confirm nginx built with wolfSSL
working-directory: nginx
run: ldd objs/nginx | grep wolfssl
- if: ${{ runner.debug }}
name: Run nginx-tests with sanitizer (debug)
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }}
- if: ${{ !runner.debug }}
name: Run nginx-tests with sanitizer
working-directory: nginx-tests
run: |
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-ok }}

43
.github/workflows/no-malloc.yml vendored
View File

@@ -1,43 +0,0 @@
name: No Malloc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
]
name: make check
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure ${{ matrix.config }}
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then
cat test-suite.log
fi

37
.github/workflows/ocsp.yml vendored
View File

@@ -1,37 +0,0 @@
name: OCSP Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
ocsp_stapling:
name: ocsp stapling
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
- name: Build wolfSSL
run: autoreconf -ivf && ./configure --enable-ocsp --enable-ocspstapling && make
- name: Start OCSP responder 1
run: openssl ocsp -port 22221 -ndays 1000 -index certs/ocsp/index-intermediate1-ca-issued-certs.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/intermediate1-ca-cert.pem &
- name: Start OCSP responder 2
run: openssl ocsp -port 22220 -ndays 1000 -index certs/ocsp/index-ca-and-intermediate-cas.txt -rsigner certs/ocsp/ocsp-responder-cert.pem -rkey certs/ocsp/ocsp-responder-key.pem -CA certs/ocsp/root-ca-cert.pem &
- name: Start TLS server
run: ./examples/server/server -p 11111 -c ./certs/ocsp/server1-cert.pem -k ./certs/ocsp/server1-key.pem -d &
- name: Test Look Up
run: ./examples/client/client -A ./certs/ocsp/root-ca-cert.pem -o

77
.github/workflows/openssh.yml vendored
View File

@@ -1,77 +0,0 @@
name: openssh Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
retention-days: 5
openssh_check:
strategy:
fail-fast: false
matrix:
include:
- git_ref: 'V_9_6_P1'
osp_ver: '9.6'
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test openssh
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: openssh/openssh-portable
ref: ${{ matrix.git_ref }}
path: openssh
patch-file: $GITHUB_WORKSPACE/osp/openssh-patches/openssh-${{ matrix.osp_ver }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |
# Run all the tests except (t-exec) as it takes too long
make file-tests interop-tests extra-tests unit

86
.github/workflows/openvpn.yml vendored
View File

@@ -1,86 +0,0 @@
name: OpenVPN Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openvpn
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
retention-days: 5
openvpn_check:
strategy:
fail-fast: false
matrix:
# List of refs to test
ref: [ release/2.6, v2.6.0, master ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
linux-libc-dev man2html libcmocka-dev python3-docutils \
libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200
- name: workaround high-entropy ASLR
# not needed after either an update to llvm or runner is done
run: sudo sysctl vm.mmap_rnd_bits=28
- if: ${{ matrix.ref != 'master' }}
name: Build and test openvpn with fsanitize
run: |
echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV
- name: Build and test openvpn
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: OpenVPN/openvpn
ref: ${{ matrix.ref }}
path: openvpn
configure: >-
--with-crypto-library=wolfssl
WOLFSSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl"
WOLFSSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl"
${{ env.extra_c_flags }}
check: true
- name: Confirm OpenVPN built with wolfSSL
working-directory: ./openvpn
run: ldd src/openvpn/openvpn | grep wolfssl

151
.github/workflows/os-check.yml vendored
View File

@@ -1,151 +0,0 @@
name: Ubuntu-Macos-Windows Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
config: [
# Add new configs here
'',
'--enable-all --enable-asn=template',
'--enable-all --enable-asn=original',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
]
name: make check
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: ${{ matrix.config }}
check: true
make_user_settings:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_all.h',
]
name: make user_setting.h
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: --enable-usersettings
check: true
user-settings: ${{ matrix.user-settings }}
make_user_settings_testwolfcrypt:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
user-settings: [
# Add new user_settings.h here
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- name: Build and test wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
configure: --enable-usersettings --disable-examples
check: false
user-settings: ${{ matrix.user-settings }}
- name: Run wolfcrypt/test/testwolfcrypt
run: ./wolfcrypt/test/testwolfcrypt
# Has to be dedicated function due to the sed call
make_user_all:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-latest ]
name: make user_setting.h (with sed)
runs-on: ${{ matrix.os }}
# This should be a safe limit for the tests to run.
timeout-minutes: 14
steps:
- uses: actions/checkout@v4
- if: ${{ matrix.os == 'macos-latest' }}
run: brew install automake libtool
- run: ./autogen.sh
- name: user_settings_all.h with compatibility layer
run: |
cp ./examples/configs/user_settings_all.h user_settings.h
sed -i -e "s/if 0/if 1/" user_settings.h
./configure --enable-usersettings
make
make check
windows_build:
name: Windows Build Test
runs-on: windows-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 6
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl64.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
steps:
- uses: actions/checkout@v4
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v2
- name: Restore NuGet packages
working-directory: ${{env.GITHUB_WORKSPACE}}
run: nuget restore ${{env.SOLUTION_FILE_PATH}}
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
- name: Run Test
working-directory: ${{env.GITHUB_WORKSPACE}}
run: Release/x64/testsuite.exe

54
.github/workflows/packaging.yml vendored
View File

@@ -1,54 +0,0 @@
name: Packaging Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Package wolfSSL
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checkout wolfSSL
uses: actions/checkout@v4
- name: Configure wolfSSL
run: |
autoreconf -ivf
./configure --enable-distro --enable-all \
--disable-openssl-compatible-defaults --enable-intelasm \
--enable-dtls13 --enable-dtls-mtu \
--enable-sp-asm --disable-examples --disable-silent-rules
- name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
run: |
! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
- name: Build wolfSSL .deb
run: make deb-docker
- name: Build wolfSSL .rpm
run: make rpm-docker
- name: Confirm packages built
run: |
DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
if [ "$DEB_COUNT" != "2" ]; then
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi

74
.github/workflows/stunnel.yml vendored
View File

@@ -1,74 +0,0 @@
name: stunnel Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-stunnel
install: true
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
retention-days: 5
stunnel_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 5.67 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test stunnel
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: mtrojnar/stunnel
ref: stunnel-${{ matrix.ref }}
path: stunnel
patch-file: $GITHUB_WORKSPACE/osp/stunnel/${{ matrix.ref }}/stunnel-${{ matrix.ref }}.patch
configure: --enable-wolfssl SSLDIR=$GITHUB_WORKSPACE/build-dir
check: true
- name: Confirm stunnel built with wolfSSL
working-directory: ./stunnel
run: ldd src/stunnel | grep wolfssl

26
.github/workflows/ubuntu-check.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: Ubuntu Build Test
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: autogen
run: ./autogen.sh
- name: configure
run: ./configure
- name: make
run: make
- name: make check
run: make check
- name: make distcheck
run: make distcheck

38
.github/workflows/windows-check.yml vendored Normal file
View File

@@ -0,0 +1,38 @@
name: Windows Build Test
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
env:
# Path to the solution file relative to the root of the project.
SOLUTION_FILE_PATH: wolfssl64.sln
# Configuration type to build.
# You can convert this to a build matrix if you need coverage of multiple configuration types.
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
BUILD_CONFIGURATION: Release
BUILD_PLATFORM: x64
jobs:
build:
runs-on: windows-latest
steps:
- uses: actions/checkout@v2
- name: Add MSBuild to PATH
uses: microsoft/setup-msbuild@v1
- name: Restore NuGet packages
working-directory: ${{env.GITHUB_WORKSPACE}}
run: nuget restore ${{env.SOLUTION_FILE_PATH}}
- name: Build
working-directory: ${{env.GITHUB_WORKSPACE}}
# Add additional options to the MSBuild command line here (like platform or verbosity level).
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}

128
.github/workflows/zephyr.yml vendored
View File

@@ -1,128 +0,0 @@
name: Zephyr tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
run_test:
name: Build and run
strategy:
fail-fast: false
matrix:
config:
- zephyr-ref: v3.4.0
zephyr-sdk: 0.16.1
- zephyr-ref: v3.5.0
zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 25
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# most of the ci-base zephyr docker image packages
sudo apt-get install -y zip bridge-utils uml-utilities \
git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget \
python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \
autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \
cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \
gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Install west
run: sudo pip install west
- name: Init west workspace
run: west init --mr ${{ matrix.config.zephyr-ref }} zephyr
- name: Update west.yml
working-directory: zephyr/zephyr
run: |
REF=$(echo '${{ github.ref }}' | sed -e 's/\//\\\//g')
sed -e 's/remotes:/remotes:\n \- name: wolfssl\n url\-base: https:\/\/github.com\/${{ github.repository_owner }}/' -i west.yml
sed -e "s/projects:/projects:\n \- name: wolfssl\n path: modules\/crypto\/wolfssl\n remote: wolfssl\n revision: $REF/" -i west.yml
- name: Update west workspace
working-directory: zephyr
run: west update -n -o=--depth=1
- name: Export zephyr
working-directory: zephyr
run: west zephyr-export
- name: Install pip dependencies
working-directory: zephyr
run: sudo pip install -r zephyr/scripts/requirements.txt
- name: Install zephyr SDK
run: |
wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
./setup.sh -h -c -t x86_64-zephyr-elf
- name: Fix options for 2.7.4
if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
working-directory: zephyr/modules/crypto/wolfssl
run: |
sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
- name: Run wolfssl test
id: wolfssl-test
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS sock test
# Results in a page fault that I can't trace
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-sock
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS thread test
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-thread
working-directory: zephyr
run: |
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
rm -rf zephyr/twister-out
- name: Zip failure logs
if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
run: |
zip -9 -r logs.zip zephyr/twister-out
- name: Upload failure logs
if: ${{ failure() && (steps.wolfssl-test.outcome == 'failure' || steps.wolfssl-tls-sock.outcome == 'failure' || steps.wolfssl-tls-thread.outcome == 'failure') }}
uses: actions/upload-artifact@v4
with:
name: zephyr-client-test-logs
path: logs.zip
retention-days: 5

120
.gitignore vendored
View File

@@ -64,8 +64,6 @@ ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt ctaocrypt/test/testctaocrypt
wolfcrypt/benchmark/benchmark wolfcrypt/benchmark/benchmark
wolfcrypt/test/testwolfcrypt wolfcrypt/test/testwolfcrypt
examples/async/async_client
examples/async/async_server
examples/benchmark/tls_bench examples/benchmark/tls_bench
examples/client/client examples/client/client
examples/echoclient/echoclient examples/echoclient/echoclient
@@ -75,26 +73,20 @@ examples/sctp/sctp-server
examples/sctp/sctp-server-dtls examples/sctp/sctp-server-dtls
examples/sctp/sctp-client examples/sctp/sctp-client
examples/sctp/sctp-client-dtls examples/sctp/sctp-client-dtls
examples/asn1/asn1
examples/pem/pem
server_ready server_ready
snifftest snifftest
output output
mcapi/test mcapi/test
testsuite/testsuite testsuite/testsuite
testsuite/testsuite.test
testsuite/*.der
testsuite/*.pem
testsuite/*.raw
testsuite/*.obj
testsuite/*.pdb
testsuite/*.idb
tests/unit tests/unit
testsuite/testsuite.test
tests/unit.test tests/unit.test
tests/bio_write_test.txt tests/bio_write_test.txt
tests/test-log-dump-to-file.txt tests/test-log-dump-to-file.txt
tests/cert_cache.tmp
test-write-dhparams.pem test-write-dhparams.pem
testsuite/*.der
testsuite/*.pem
testsuite/*.raw
cert.der cert.der
cert.pem cert.pem
certecc.der certecc.der
@@ -216,6 +208,14 @@ TAGS
support/cyassl.pc support/cyassl.pc
support/wolfssl.pc support/wolfssl.pc
cyassl/ctaocrypt/stamp-h1 cyassl/ctaocrypt/stamp-h1
swig/_cyassl.so
swig/_wolfssl.so
swig/cyassl.py
swig/wolfssl.py
swig/cyassl.pyc
swig/wolfssl.pyc
swig/cyassl_wrap.c
swig/wolfssl_wrap.c
stamp-h1 stamp-h1
clang_output_* clang_output_*
internal.plist internal.plist
@@ -235,7 +235,6 @@ IDE/MDK-ARM/LPC43xx/LPC43xx/
!linuxkm/Makefile !linuxkm/Makefile
/Kbuild /Kbuild
linuxkm/*.ko linuxkm/*.ko
linuxkm/*.ko.signed
linuxkm/Module.symvers linuxkm/Module.symvers
linuxkm/built-in.a linuxkm/built-in.a
linuxkm/modules.order linuxkm/modules.order
@@ -289,6 +288,23 @@ mqx/wolfcrypt_benchmark/.settings
mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog mqx/wolfcrypt_benchmark/.cwGeneratedFileSetLog
mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig mqx/wolfcrypt_benchmark/SaAnalysispointsManager.apconfig
# User Crypto example build
wolfcrypt/user-crypto/aclocal.m4
wolfcrypt/user-crypto/config.guess
wolfcrypt/user-crypto/autom4te.cache
wolfcrypt/user-crypto/config.log
wolfcrypt/user-crypto/config.status
wolfcrypt/user-crypto/config.sub
wolfcrypt/user-crypto/depcomp
wolfcrypt/user-crypto/install-sh
wolfcrypt/user-crypto/libtool
wolfcrypt/user-crypto/ltmain.sh
wolfcrypt/user-crypto/m4
wolfcrypt/user-crypto/missing
wolfcrypt/user-crypto/Makefile.in
wolfcrypt/user-crypto/lib/libusercrypto.*
*.hzs
# wolfSSL CSharp wrapper # wolfSSL CSharp wrapper
wrapper/CSharp/x64/ wrapper/CSharp/x64/
@@ -325,10 +341,6 @@ wolfcrypt/src/port/intel/qat_test
# Arduino Generated Files # Arduino Generated Files
/IDE/ARDUINO/wolfSSL /IDE/ARDUINO/wolfSSL
scripts/memtest.txt scripts/memtest.txt
/IDE/ARDUINO/Arduino_README_prepend.md.tmp
/IDE/ARDUINO/library.properties.tmp
/IDE/ARDUINO/library.properties.tmp.backup
/IDE/ARDUINO/PREPENDED_README.md
# Doxygen generated files # Doxygen generated files
doc/doxygen_warnings doc/doxygen_warnings
@@ -337,8 +349,6 @@ doc/pdf
# XCODE Index # XCODE Index
IDE/XCODE/Index IDE/XCODE/Index
IDE/**/xcshareddata
IDE/**/DerivedData
# ARM DS-5 && Eclipse # ARM DS-5 && Eclipse
\.settings/ \.settings/
@@ -352,33 +362,12 @@ IDE/**/DerivedData
/IDE/Renesas/e2studio/Projects/test/*.launch /IDE/Renesas/e2studio/Projects/test/*.launch
/IDE/Renesas/e2studio/Projects/test/*.scfg /IDE/Renesas/e2studio/Projects/test/*.scfg
/IDE/Renesas/e2studio/RX65N/GR-ROSE/.metadata
/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/src
/IDE/Renesas/e2studio/RX65N/GR-ROSE/smc/trash
/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/smc_gen
/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/generate
/IDE/Renesas/e2studio/RX65N/RSK/.metadata
/IDE/Renesas/e2studio/RX65N/RSK/smc/src
/IDE/Renesas/e2studio/RX65N/RSK/smc/trash
/IDE/Renesas/e2studio/RX65N/RSK/test/src/smc_gen
/IDE/Renesas/e2studio/RX65N/RSK/test/generate
/IDE/Renesas/e2studio/RX72N/EnvisionKit/.metadata
/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/src
/IDE/Renesas/e2studio/RX72N/EnvisionKit/smc/trash
/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/src/smc_gen
/IDE/Renesas/e2studio/RX72N/EnvisionKit/test/generate
# QNX CAAM # QNX CAAM
/IDE/QNX/example-server/server-tls /IDE/QNX/example-server/server-tls
/IDE/QNX/example-client/client-tls /IDE/QNX/example-client/client-tls
/IDE/QNX/example-cmac/cmac-test /IDE/QNX/example-cmac/cmac-test
/IDE/QNX/CAAM-DRIVER/wolfCrypt /IDE/QNX/CAAM-DRIVER/wolfCrypt
# Xilinx
/IDE/XilinxSDK/data
# Emacs # Emacs
*~ *~
@@ -390,54 +379,3 @@ cmake_install.cmake
# GDB Settings # GDB Settings
\.gdbinit \.gdbinit
libFuzzer
# Pycharm and other IDEs
\.idea
# FIPS
XXX-fips-test
# ASYNC
/wolfAsyncCrypt
/async
# Generated user_settings_asm.h.
user_settings_asm.h
# VisualGDB
**/.visualgdb
# Espressif sdk config default should be saved in sdkconfig.defaults
# we won't track the actual working sdkconfig files
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
/IDE/MPLABX16/wolfcrypt_test.X/dist/default/
/IDE/MPLABX16/wolfcrypt_test.X/.generated_files
# auto-created CMake backups
**/CMakeLists.txt.old
# MagicCrypto (ARIA Cipher)
MagicCrypto
# CMake build directory
/out
/out_temp
# debian packaging
debian/changelog
debian/control
*.deb
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
/**/.vscode/c_cpp_properties.json
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev

1773
CMakeLists.txt
View File

File diff suppressed because it is too large Load Diff

1394
ChangeLog.md
View File

File diff suppressed because it is too large Load Diff

56
Docker/Dockerfile
View File

@@ -1,56 +0,0 @@
ARG DOCKER_BASE_IMAGE=ubuntu:22.04
FROM $DOCKER_BASE_IMAGE
USER root
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
ARG DEPS_TOOLS="ccache clang-tidy maven"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
# Add 'docker' user
ARG USER=docker
ARG UID=1000
ARG GID=1000
RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
# Add github.com as an SSH known host
RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
# install ccache
RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
ENV PATH /opt/ccache/bin:$PATH
# install liboqs
RUN git clone --single-branch https://github.com/open-quantum-safe/liboqs.git && cd liboqs && git checkout db08f12b5a96aa6582a82aac7f65cf8a4d8b231f \
&& mkdir build && cd build && cmake -DOQS_DIST_BUILD=ON -DOQS_USE_CPUFEATURE_INSTRUCTIONS=OFF -DOQS_USE_OPENSSL=0 .. && make -j8 all && make install && cd ../.. && rm -rf liboqs
RUN mkdir /opt/sources
# install liblms
RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-sigs.git && cd hash-sigs && git checkout b0631b8891295bf2929e68761205337b7c031726 \
&& sed -i 's/USE_OPENSSL 1/USE_OPENSSL 0/g' sha256.h && make -j4 hss_lib_thread.a
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
# Install udp/tcp-proxy
RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
# Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
# Add in Jenkins userID
RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
USER ${UID}:${GID}

11
Docker/Dockerfile.cross-compiler
View File

@@ -1,11 +0,0 @@
ARG DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder
FROM $DOCKER_BASE_IMAGE
USER root
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
RUN DEBIAN_FRONTEND=noninteractive apt update \
&& apt install -y ${DEPS_TESTING} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
USER docker

12
Docker/OpenWrt/Dockerfile
View File

@@ -1,12 +0,0 @@
# This Dockerfile is used in conjunction with the docker-OpenWrt.yml GitHub Action.
ARG DOCKER_BASE_CONTAINER=openwrt/rootfs:x86-64-snapshot
FROM $DOCKER_BASE_CONTAINER
RUN mkdir -p /var/lock # Fix for parent container
COPY libwolfssl.so /tmp/libwolfssl.so
RUN export LIBWOLFSSL=$(ls /usr/lib/libwolfssl.so.* -1); \
rm ${LIBWOLFSSL} && ln -s /tmp/libwolfssl.so ${LIBWOLFSSL}
# for debugging purposes to make sure the correct library is tested
RUN ls -Ll /usr/lib/libwolfssl* && ldd /lib/libustream-ssl.so | grep wolfssl
COPY runTests.sh /tmp/.
RUN /tmp/runTests.sh

13
Docker/OpenWrt/README.md
View File

@@ -1,13 +0,0 @@
This container is really only useful in conjunction with the GitHub Workflow
found in .github/workflows/docker-OpenWrt.yml. The idea is that we will
compile a new libwolfssl that gets placed in official OpenWrt containers to
run some tests ensuring the library is still compatible with existing
binaries.
To run the test locally, build libwolfssl.so (or download from the GitHub Action)
and put it in Docker/OpenWrt. Then switch to that folder and run:
docker build -t openwrt --build-args DOCKER_BASE_CONTAINER=<openwrtContainer> .
where 'openwrtContainer' => "openwrt/rootfs:x86-64-22.03-SNAPSHOT" or similar
This should run some sample tests. The resulting container then can be used to
evaluate OpenWrt with the latest wolfSSL library.

27
Docker/OpenWrt/runTests.sh
View File

@@ -1,27 +0,0 @@
#!/bin/sh
runCMD() { # usage: runCMD "<command>" "<retVal>"
TMP_FILE=$(mktemp)
eval $1 > $TMP_FILE 2>&1
RETVAL=$?
if [ "$RETVAL" != "$2" ]; then
echo "Command ($1) returned ${RETVAL}, but expected $2. Error output:"
cat $TMP_FILE
exit 1
fi
}
# Successful tests
runCMD "ldd /lib/libustream-ssl.so" 0
# Temporary workaround: comment out missing kmods repo line for 21.02 specifically.
# Remove after fixed upstream.
runCMD "sed '\/src\/gz openwrt_kmods https:\/\/downloads.openwrt.org\/releases\/21.02-SNAPSHOT\/targets\/x86\/64\/kmods\/5.4.238-1-5a722da41bc36de95a7195be6fce1b45/s//#&/' -i /etc/opkg/distfeeds.conf" 0
runCMD "opkg update" 0
runCMD "uclient-fetch 'https://letsencrypt.org'" 0
# Negative tests
runCMD "uclient-fetch --ca-certificate=/dev/null 'https://letsencrypt.org'" 5
runCMD "uclient-fetch 'https://self-signed.badssl.com/'" 5
runCMD "uclient-fetch 'https://untrusted-root.badssl.com/'" 5
runCMD "uclient-fetch 'https://expired.badssl.com/'" 5
echo "All tests passed."

16
Docker/README.md
View File

@@ -1,16 +0,0 @@
# Overview
This is a Docker environment for compiling, testing and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
# Docker Hub
These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
# FAQ
## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
## Unable to access symlinked files outside of WolfSSL
The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.

37
Docker/buildAndPush.sh
View File

@@ -1,37 +0,0 @@
#!/bin/bash
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
DOCKER_BUILD_OPTIONS="$1"
if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
echo "Building wolfssl/wolfssl-builder:${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${WOLFSSL_DIR}/Docker" && \
docker tag wolfssl/wolfssl-builder:${CUR_DATE} wolfssl/wolfssl-builder:latest && \
docker build --build-arg DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder:${CUR_DATE} -t wolfssl/testing-cross-compiler:${CUR_DATE} "${WOLFSSL_DIR}/Docker" -f Dockerfile.cross-compiler && \
docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
else
echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
((NUM_FAILURES++))
fi
echo "Building wolfssl/wolfCLU:${CUR_DATE}"
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
if [ $? -ne 0 ]; then
echo "Warning: Build wolfssl/wolfclu failed. Continuing"
((NUM_FAILURES++))
fi
echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

13
Docker/include.am
View File

@@ -1,13 +0,0 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= Docker/Dockerfile
EXTRA_DIST+= Docker/Dockerfile.cross-compiler
EXTRA_DIST+= Docker/run.sh
EXTRA_DIST+= Docker/README.md
ignore_files+=Docker/buildAndPush.sh
ignore_files+=Docker/OpenWRT/Dockerfile
ignore_files+=Docker/OpenWRT/runTests.sh
ignore_files+=Docker/OpenWRT/README.md

6
Docker/packaging/debian/Dockerfile
View File

@@ -1,6 +0,0 @@
FROM debian:latest
RUN apt-get -y update
RUN apt-get -y upgrade
RUN apt-get install -y build-essential autoconf gawk debhelper lintian

3
Docker/packaging/fedora/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM fedora:latest
RUN dnf install -y make automake gcc rpmdevtools

14
Docker/run.sh
View File

@@ -1,14 +0,0 @@
#!/bin/bash
echo "Running with \"${*}\"..."
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
docker build -t wolfssl/wolfssl-builder --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash
exitval=$?
echo "Exited with error code $exitval"
exit $exitval

26
Docker/wolfCLU/Dockerfile
View File

@@ -1,26 +0,0 @@
ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu as BUILDER
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
ARG NUM_CPU=16
# This arg is to force a rebuild starting from this line
ARG DUMMY=date
# install wolfssl
RUN DUMMY=${DUMMY} git clone --depth=1 --single-branch --branch=master http://github.com/wolfssl/wolfssl && cd wolfssl && ./autogen.sh && ./configure --enable-all && make -j $NUM_CPU && make install && ldconfig
# install wolfCLU
RUN git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/wolfCLU && cd wolfCLU && ./autogen.sh && ./configure && make -j $NUM_CPU && make install
FROM ${DOCKER_BASE_IMAGE}
USER root
COPY --from=BUILDER /usr/local/lib/libwolfssl.so /usr/local/lib/
COPY --from=BUILDER /usr/local/bin/wolfssl* /usr/local/bin/
RUN ldconfig
ENTRYPOINT ["/usr/local/bin/wolfssl"]
LABEL org.opencontainers.image.source=https://github.com/wolfssl/wolfssl
LABEL org.opencontainers.image.description="Simple wolfCLU in a container"

10
Docker/wolfCLU/README.md
View File

@@ -1,10 +0,0 @@
This is a small container that has wolfCLU installed for quick access. To build your own run the following:
```
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
```
To run the container, you can use:
```
docker run -it --rm -v $(pwd):/ws -w /ws wolfclu version
```
This command will allow you to use the certs/keys in your local directory.

29
Docker/yocto/Dockerfile
View File

@@ -1,29 +0,0 @@
FROM ubuntu
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y gawk wget git diffstat unzip texinfo gcc build-essential chrpath socat cpio python3 python3-pip python3-pexpect xz-utils debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file locales libacl1 vim && apt clean -y && rm -rf /var/lib/apt/lists/*
RUN locale-gen en_US.UTF-8
# Add in non-root user
ENV UID_OF_DOCKERUSER 1000
RUN useradd -m -s /bin/bash -g users -u ${UID_OF_DOCKERUSER} dockerUser
RUN chown -R dockerUser:users /home/dockerUser && chown dockerUser:users /opt
USER dockerUser
RUN cd /opt && git clone git://git.yoctoproject.org/poky
WORKDIR /opt/poky
ARG YOCTO_VERSION=kirkstone
RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
# This arg is to be able to force a rebuild starting from this line
ARG DUMMY=date
RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
/bin/bash -c "source oe-init-build-env" && \
echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf
RUN /bin/bash -c "source oe-init-build-env && bitbake core-image-minimal"

27
Docker/yocto/buildAndPush.sh
View File

@@ -1,27 +0,0 @@
#!/bin/bash
# Assume we're in wolfssl/Docker/yocto
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)
DOCKER_BUILD_OPTIONS="$1"
if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
for ver in kirkstone langdale scarthgap; do
echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/yocto:${ver}-${CUR_DATE} && docker push wolfssl/yocto:${ver}-latest
else
echo "Warning: Build wolfssl/yocto:${ver} failed. Continuing"
((NUM_FAILURES++))
fi
done
echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

13
IDE/ARDUINO/Arduino_README_prepend.md
View File

@@ -1,13 +0,0 @@
# Arduino wolfSSL Library
This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release ${WOLFSSL_VERSION} for the Arduino platform.
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
## Arduino Releases
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

184
IDE/ARDUINO/README.md
View File

@@ -1,89 +1,29 @@
# wolfSSL with Arduino ### wolfSSL with Arduino
See the [example sketches](./sketches/README.md): ##### Reformatting wolfSSL as a compatible Arduino Library
This is a shell script that will re-organize the wolfSSL library to be
compatible with Arduino projects. The Arduino IDE requires a library's source
files to be in the library's root directory with a header file in the name of
the library. This script moves all src/ files to the `IDE/ARDUINO/wolfSSL`
directory and creates a stub header file called `wolfssl.h`.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) Step 1: To configure wolfSSL with Arduino, enter the following from within the
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) wolfssl/IDE/ARDUINO directory:
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script. `./wolfssl-arduino.sh`
## Boards Step 2: Copy the directory wolfSSL that was just created to:
`~/Documents/Arduino/libraries/` directory so the Arduino IDE can find it.
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/) Step 3: Edit `<arduino-libraries>/wolfSSL/user_settings.h`
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started) .
```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
```
## Using wolfSSL from the Arduino IDE
The Official wolfSSL: https://github.com/wolfSSL/arduino-wolfSSL See [PR #1](https://github.com/wolfSSL/Arduino-wolfSSL/pull/1).
This option will allow wolfSSL to be installed directly using the native Arduino tools.
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
The Arduino IDE requires a library's source files to be in the library's root directory with a
header file in the name of the library. This script moves all `src/` files to the `IDE/ARDUINO/wolfSSL/src`
directory and creates a stub header file called `wolfssl.h` inside that directory.
### Step 1:
To configure wolfSSL with Arduino, enter ONE of the following 4 commands
from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory
- Moves that directory to the Arduino library directory:
- `$HOME/Arduino/libraries` for most bash environments
- `/mnt/c/Users/$USER/Documents/Arduino/libraries` (for WSL)
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- The wolfSSL library is now available from the Arduino IDE.
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`
### Step 2:
Edit `<arduino-libraries>/wolfSSL/src/user_settings.h`
If building for Intel Galileo platform add: `#define INTEL_GALILEO`. If building for Intel Galileo platform add: `#define INTEL_GALILEO`.
Add any other custom settings. For a good start see the examples in wolfssl root Add any other custom settings, for a good start see the examples in wolfssl root
"[/examples/configs/user_settings_*.h](https://github.com/wolfssl/wolfssl/tree/master/examples/configs)" "/examples/configs/user_settings_*.h"
### Step 3: Step 4: If you experience any issues with custom user_settings.h see the wolfssl
If you experience any issues with custom `user_settings.h` see the wolfssl
porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/ porting guide here for more assistance: https://www.wolfssl.com/docs/porting-guide/
If you have any issues contact support@wolfssl.com for help. Step 5: If you still have any issues contact support@wolfssl.com for more help.
# Including wolfSSL in Arduino Libraries (for Arduino version 2.0 or greater)
1. In the Arduino IDE:
The wolfSSL library should automatically be detected when found in the `libraries`
directory.
- In `Sketch -> Include Library` choose wolfSSL for new sketches.
##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6) ##### Including wolfSSL in Arduino Libraries (for Arduino version 1.6.6)
@@ -92,90 +32,6 @@ directory.
`IDE/ARDUNIO/wolfSSL` folder. `IDE/ARDUNIO/wolfSSL` folder.
- In `Sketch -> Include Library` choose wolfSSL. - In `Sketch -> Include Library` choose wolfSSL.
##### wolfSSL Examples 2. Open an example Arduino sketch for wolfSSL:
- wolfSSL Client INO sketch: `sketches/wolfssl_client/wolfssl_client.ino`
Open an example Arduino sketch for wolfSSL: - wolfSSL Server INO sketch: `sketches/wolfssl_server/wolfssl_server.ino`
- wolfSSL [Client INO sketch](./sketches/wolfssl_client/README.md): `sketches/wolfssl_client/wolfssl_client.ino`
- wolfSSL [Server INO sketch](./sketches/wolfssl_server/README.md): `sketches/wolfssl_server/wolfssl_server.ino`
#### Script Examples
Refresh the local Windows Arduino wolfSSL library from GitHub repository directory using WSL:
Don't forget to edit `WOLFSSL_VERSION_ARUINO_SUFFIX`!
```bash
# Change to the wolfSSL Arduino IDE directory
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
# remove current Arduino wolfSSL library
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfssl
# Install wolfSSL as an Arduino library
./wolfssl-arduino.sh INSTALL
```
Publish wolfSSL from WSL to a `Arduino-wolfSSL-$USER` repository.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER/
```
Publish wolfSSL from WSL to default Windows local library.
```bash
cd /mnt/c/workspace/wolfssl-$USER/IDE/ARDUINO
rm -rf /mnt/c/Users/$USER/Documents/Arduino/libraries/wolfSSL
rm -rf /mnt/c/workspace/wolfssl-arduino/IDE/ARDUINO/wolfSSL
./wolfssl-arduino.sh INSTALL
```
Test the TLS server by running a local command-line client.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./examples/client/client -h 192.168.1.43 -p 11111 -v 3
```
Build wolfSSL to include wolfSSH support to an alternate development directory.
```bash
cd /mnt/c/workspace/wolfssl-$USER
./configure --prefix=/mnt/c/workspace/wolfssh-$USER/wolfssl_install --enable-ssh
make
make install
```
Build wolfSSH with wolfSSL not installed to default directory.
```bash
cd /mnt/c/workspace/wolfssh-$USER
./configure --with-wolfssl=/mnt/c/workspace/wolfssh-$USER/wolfssl_install
make
./examples/client/client -u jill -h 192.168.1.34 -p 22222 -P upthehill
```
Test the current wolfSSL.
```bash
cd /mnt/c/workspace/wolfssl-arduino
git status
./autogen.sh
./configure --enable-all
make clean
make && make test
```
Build and run `testwolfcrypt`.
```bash
./autogen.sh
./configure --enable-all
make clean && make && ./wolfcrypt/test/testwolfcrypt
```

9
IDE/ARDUINO/include.am
View File

@@ -3,15 +3,6 @@
# All paths should be given relative to the root # All paths should be given relative to the root
EXTRA_DIST+= IDE/ARDUINO/README.md EXTRA_DIST+= IDE/ARDUINO/README.md
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

21
IDE/ARDUINO/keywords.txt
View File

@@ -1,21 +0,0 @@
# Syntax Coloring Map For wolfSSL
# See https://arduino.github.io/arduino-cli/0.35/library-specification/#keywords
#
# Be sure to use tabs, not spaces. This might help:
# tr ' ' '\t' < keywords1.txt > keywords.txt
#=============================================
# Datatypes (KEYWORD1)
#=============================================
#=============================================
# Methods and Functions (KEYWORD2)
#=============================================
wolfSSL_SetIORecv KEYWORD1
#=============================================
# Instances (KEYWORD2)
#=============================================
ctx KEYWORD2

9
IDE/ARDUINO/library.properties.template
View File

@@ -1,9 +0,0 @@
name=wolfssl
version=${WOLFSSL_VERSION}${WOLFSSL_VERSION_ARUINO_SUFFIX}
author=wolfSSL Inc.
maintainer=wolfSSL inc <support@wolfssl.com>
sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.
paragraph=Manual: https://www.wolfssl.com/documentation/manuals/wolfssl/index.html.
category=Communication
url=https://www.wolfssl.com/
architectures=*

12
IDE/ARDUINO/sketches/README.md
View File

@@ -1,12 +0,0 @@
# wolfSSL Arduino Examples
There are currently two example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).

22
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,22 +0,0 @@
# Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, try cleaning the Arduino
cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```

969
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@@ -1,6 +1,6 @@
/* wolfssl_client.ino /* wolfssl_client.ino
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -19,876 +19,141 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h> #include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h> #include <Ethernet.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ const char host[] = "192.168.1.148"; /* server to connect to */
#if defined(DEBUG_WOLFSSL) const int port = 11111; /* port on server to connect to */
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */ int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
#define xstr(x) str(x) int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
#define str(x) #x int reconnect = 10;
/* optional board-specific networking includes */ EthernetClient client;
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
#elif defined(ESP8266) WOLFSSL_CTX* ctx = NULL;
#define USING_WIFI WOLFSSL* ssl = NULL;
#include <ESP8266WiFi.h>
WiFiClient client;
#elif defined(ARDUINO_SAM_DUE) void setup() {
#include <SPI.h> WOLFSSL_METHOD* method;
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
#elif defined(ARDUINO_SAMD_NANO_33_IOT) Serial.begin(9600);
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040) method = wolfTLSv1_2_client_method();
#define USING_WIFI if (method == NULL) {
#include <SPI.h> Serial.println("unable to get method");
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
return; return;
} /* Arduino setup */ }
ctx = wolfSSL_CTX_new(method);
/*****************************************************************************/ if (ctx == NULL) {
/* wolfSSL error_check() */ Serial.println("unable to get ctx");
/*****************************************************************************/ return;
int error_check(int this_ret, bool halt_on_error, }
const __FlashStringHelper* message) { /* initialize wolfSSL using callback functions */
int ret = 0; wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if (this_ret == WOLFSSL_SUCCESS) { wolfSSL_SetIOSend(ctx, EthernetSend);
Serial.print(F("Success: ")); wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(message);
} return;
else { }
Serial.print(F("ERROR: return = "));
Serial.print(this_ret); int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
Serial.print(F(": ")); int sent = 0;
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret)); sent = client.write((byte*)msg, sz);
if (halt_on_error) {
fail_wait(); return sent;
} }
}
show_memory(); int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
return ret;
} /* error_check */ while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
/*****************************************************************************/ }
/* wolfSSL error_check_ssl */
/* Parameters: */ return ret;
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
} }
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() { void loop() {
char reply[80]; int err = 0;
char msg[32] = "hello wolfssl!"; int input = 0;
const char* cipherName; int total_input = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */ char msg[32] = "hello wolfssl!";
int total_input = 0; int msgSz = (int)strlen(msg);
int msgSz = 0; char errBuf[80];
int input = 0; char reply[80];
int ret = 0; const char* cipherName;
int err = 0;
msgSz = (int)strlen(msg); if (reconnect) {
Serial.println(F("")); reconnect--;
Serial.println(F("Starting Arduino loop() ..."));
if (client.connect(host, port)) {
if (reconnect) { Serial.print("Connected to ");
reconnect--; Serial.println(host);
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */ ssl = wolfSSL_new(ctx);
ret = wolfSSL_Init(); if (ssl == NULL) {
error_check(ret, false, F("calling wolfSSL_Init") ); Serial.println("Unable to allocate SSL object");
return;
}
/* create secure connection object. see setup for ctx certs. */ err = wolfSSL_connect(ssl);
Serial.println(F("Calling ssl = wolfSSL_new(ctx)")); if (err != WOLFSSL_SUCCESS) {
ssl = wolfSSL_new(ctx); err = wolfSSL_get_error(ssl, 0);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx")); wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Connect Error: ");
Serial.println(errBuf);
}
Serial.print(F("Connecting to wolfSSL TLS Secure Server...")); Serial.print("SSL version is ");
do { Serial.println(wolfSSL_get_version(ssl));
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ...")); cipherName = wolfSSL_get_cipher(ssl);
ret = wolfSSL_connect(ssl); Serial.print("SSL cipher suite is ");
Serial.print("wolfSSL_connect return result ="); Serial.println(cipherName);
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
Serial.print("Server response: ");
/* wait for data */
while (!client.available()) {}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
total_input += input;
if (input < 0) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
} else if (input > 0) {
reply[input] = '\0';
Serial.print(reply);
} else {
Serial.println(); Serial.println();
Serial.println(F("Connected!")); }
Serial.print(F("SSL version is ")); }
Serial.println(wolfSSL_get_version(ssl)); } else {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
cipherName = wolfSSL_get_cipher(ssl); client.stop();
Serial.print(F("SSL cipher suite is ")); Serial.println("Connection complete.");
Serial.println(cipherName); reconnect = 0;
} else {
/* see test.h Serial.println("Trying to reconnect...");
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
} }
delay(1000); }
if ((reconnect > 0) && (REPEAT_CONNECTION)) { delay(1000);
Serial.println(F("Arduino loop repeating...")); }
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

134
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,134 +0,0 @@
# Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Other IDE products are also supported, such as:
- [PlatformIO in VS Code](https://docs.platformio.org/en/latest/frameworks/arduino.html)
- [VisualGDB](https://visualgdb.com/tutorials/arduino/)
- [VisualMicro](https://www.visualmicro.com/)
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client
See also the [wolfSSL Example TLS Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client)
and [wolfSSL Example TLS Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server).
Assuming a listening [Arduino Sketch Server](./wolfssl_server.ino) at `192.168.1.38` on port `11111`,
connect with the `client` executable:
```
./examples/client/client -h 192.168.1.38 -p 11111 -v 3
```
## wolfSSL Error -308 wolfSSL_connect error state on socket
When using a wired Ethernet connection, and this error is encountered, simply
press the reset button or power cycle the Arduino before making a connection.
Here's one possible script to test the server from a command-line client:
```bash
#!/bin/bash
echo "client log " > client_log.txt
counter=1
THIS_ERR=0
while [ $THIS_ERR -eq 0 ]; do
./examples/client/client -h 192.168.1.38 -p 11111 -v 3 >> client_log.txt
THIS_ERR=$?
if [ $? -ne 0 ]; then
echo "Failed!"
exit 1
fi
echo "Iteration $counter"
echo "Iteration $counter" >> client_log.txt
((counter++))
done
```
Output expected from the `client` command:
```
$ ./examples/client/client -h 192.168.1.38 -p 11111 -v 3
Alternate cert chain used
issuer : /C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
subject: /C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
altname = example.com
altname = 127.0.0.1
serial number:01
SSL version is TLSv1.2
SSL cipher suite is ECDHE-RSA-AES128-GCM-SHA256
SSL curve name is SECP256R1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjMxMjEz
MjIxOTI4WhcNMjYwOTA4MjIxOTI4WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW
BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t
M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh
bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL
DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFDNEGqhsAez2YPJwUQpM0RT6vOlEMAwG
A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBK/7nl
hZvaU2Z/ByK/thnqQuukEQdi/zlfMzc6hyZxPROyyrhkOHuKmUgOpaRrsZlu4EZR
vRlSrbymfip6fCOnzNteQ31rBMi33ZWt8JGAWcUZkSYnkbhIHOtVtqp9pDjxA7xs
i6qU1jwFepbFBvEmFC51+93lNbMBLLOtYlohmgi+Vvz5okKHhuWpxZnPrhS+4LkI
JA0dXNYU4UyfQLOp6S1Si0y/rEQxZ8GNBoXsD+SZ10t7IQZm1OT1nf+O8IY5WB2k
W+Jj73zJGIeoAiUQPoco+fXvR56lgAgRkGj+0aOoUbk3/9XKfId/a7wsEsjFhYv8
DMa5hrjJBMNRN9JP
-----END CERTIFICATE-----
Session timeout set to 500 seconds
Client Random : 56A0BB9647B064D3F20947032B74B31FDB4C93DBAC9460BA8AEA213A2B2DD4A8
SSL-Session:
Protocol : TLSv1.2
Cipher : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Session-ID: 3255404E997FA9C27ECB4F1A20A70E722E4AA504B63A945FC175434D1907EC31
Session-ID-ctx:
Master-Key: 67F22168BBADD678643BBA76B398277270C29788AC18FD05B57F6B715F49A7BCEEF75BEAF7FE266B0CC058534AF76C1F
TLS session ticket: NONE
Start Time: 1705533296
Timeout : 500 (sec)
Extended master secret: no
I hear you fa shizzle!
```
### Troubleshooting
When encountering odd errors such as `undefined reference to ``_impure_ptr'`, such as this:
```text
c:/users/gojimmypi/appdata/local/arduino15/packages/esp32/tools/xtensa-esp32-elf-gcc/esp-2021r2-patch5-8.4.0/bin/../lib/gcc/xtensa-esp32-elf/8.4.0/../../../../xtensa-esp32-elf/bin/ld.exe: C:\Users\gojimmypi\AppData\Local\Temp\arduino\sketches\EAB8D79A02D1ECF107884802D893914E\libraries\wolfSSL\wolfcrypt\src\logging.c.o:(.literal.wolfssl_log+0x8): undefined reference to `_impure_ptr'
collect2.exe: error: ld returned 1 exit status
exit status 1
Compilation error: exit status 1
```
Try cleaning the Arduino cache directories. For Windows, that's typically in:
```text
C:\Users\%USERNAME%\AppData\Local\Temp\arduino\sketches
```
Remove all other boards from other serial ports, leaving one the one being programmed.

925
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@@ -1,6 +1,6 @@
/* wolfssl_server.ino /* wolfssl_server.ino
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -19,820 +19,161 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h> #include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h> #include <wolfssl/ssl.h>
#include <Ethernet.h>
#define USE_CERT_BUFFERS_256
#include <wolfssl/certs_test.h> #include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ #ifdef NO_WOLFSSL_SERVER
#if defined(DEBUG_WOLFSSL) #error Please undefine NO_WOLFSSL_SERVER for this example
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif #endif
/* Convert a macro to a string */ const int port = 11111; /* port to listen on */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */ int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
#if defined(ESP32) int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */ EthernetServer server(port);
#if defined(HAVE_SNI) \ EthernetClient client;
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;
/* we expect our IP address from DHCP */ void setup() {
int err;
WOLFSSL_METHOD* method;
static WOLFSSL_CTX* ctx = NULL; Serial.begin(9600);
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST) method = wolfTLSv1_2_server_method();
#define MEMORY_STRESS_ITERATIONS 100 if (method == NULL) {
#define MEMORY_STRESS_BLOCK_SIZE 1024 Serial.println("unable to get method");
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return; return;
} /* Arduino setup */ }
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println("unable to get ctx");
return;
}
/*****************************************************************************/ /* initialize wolfSSL using callback functions */
/* wolfSSL error_check() */ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/*****************************************************************************/ wolfSSL_SetIOSend(ctx, EthernetSend);
int error_check(int this_ret, bool halt_on_error, wolfSSL_SetIORecv(ctx, EthernetReceive);
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret; /* setup the private key and certificate */
} /* error_check */ err = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256,
sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
if (err != WOLFSSL_SUCCESS) {
Serial.println("error setting key");
return;
}
err = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256,
sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
if (err != WOLFSSL_SUCCESS) {
Serial.println("error setting certificate");
return;
}
/*****************************************************************************/ /* Start the server */
/* wolfSSL error_check_ssl */ server.begin();
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */ return;
/* halt_on_error set to true to suspend operations for critical error */ }
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/ int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, int sent = 0;
const __FlashStringHelper* message) {
int err = 0; sent = client.write((byte*)msg, sz);
if (ssl == NULL) { return sent;
Serial.println(F("ssl is Null; Unable to allocate SSL object?")); }
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more.")); int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
#else int ret = 0;
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif while (client.available() > 0 && ret < sz) {
Serial.print(F("ERROR: ")); reply[ret++] = client.read();
Serial.println(message); }
show_memory();
if (halt_on_error) { return ret;
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
} }
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() { void loop() {
char errBuf[80] = "(no error"; int err = 0;
char reply[80] = "(no reply)"; int input = 0;
const char msg[] = "I hear you fa shizzle!"; char errBuf[80];
const char* cipherName; char reply[80];
int input = 0; int replySz = 0;
int replySz = 0; const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */ /* Listen for incoming client requests. */
client = server.available(); client = server.available();
if (client) { if (!client) {
Serial.println("Have Client"); return;
while (!client.connected()) { }
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx); if (client.connected()) {
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl); Serial.println("Client connected");
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl); ssl = wolfSSL_new(ctx);
Serial.print("SSL cipher suite is "); if (ssl == NULL) {
Serial.println(cipherName); Serial.println("Unable to allocate SSL object");
return;
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
} }
delay(100); err = wolfSSL_accept(ssl);
} /* Arduino loop repeats */ if (err != WOLFSSL_SUCCESS) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
Serial.print("SSL version is ");
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
/* wait for data */
while (!client.available()) {}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
} else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
} else {
Serial.println();
}
}
/* echo data */
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
}
client.stop();
Serial.println("Connection complete");
}

3
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,3 +0,0 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.

24
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
View File

@@ -1,24 +0,0 @@
#include <Arduino.h>
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

360
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -2,323 +2,89 @@
# this script will reformat the wolfSSL source code to be compatible with # this script will reformat the wolfSSL source code to be compatible with
# an Arduino project # an Arduino project
# run as bash ./wolfssl-arduino.sh [INSTALL] [path] # run as bash ./wolfssl-arduino.sh
#
# ./wolfssl-arduino.sh
# The default is to install to a local wolfSSL directory (`ROOT_DIR`).
# If successfully built, and the INSTALL option is used, tis directory
# is then moved to the target.
#
# ./wolfssl-arduino.sh INSTALL
# Creates a local wolfSSL directory and then moves it to the ARDUINO_ROOT
#
# ./wolfssl-arduino.sh INSTALL /mnt/c/workspace/Arduino-wolfSSL-$USER
# Updates the Arduino-wolfSSL fork for $USER to refresh versions.
#
# To ensure a pristine build, the directory must not exist.
#
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; Theres a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
# The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
# See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
ROOT_DIR="/wolfssl"
# The Arduino Version will initially have a suffix appended during fine tuning stage. DIR=${PWD##*/}
WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp" space(){
# Do not set to empty string, as copy will fail with this: CP_CMD="" echo "" >> "$1"
# CP_CMD="cp -v " }
CP_CMD="cp "
# Specify the executable shell checker you want to use: if [ "$DIR" = "ARDUINO" ]; then
MY_SHELLCHECK="shellcheck" if [ ! -d "wolfSSL" ]; then
mkdir wolfSSL
# There are special circumstances to publish to GitHub repository.
# Typically: https://github.com/wolfSSL/Arduino-wolfSSL
#
# Unlike a local Arduino library that requires a clean directory,
# we'll allow extra files, overwrites, etc.
#
# Note in all cases, the local IDE/ARDUINO/wolfssl must be empty.
THIS_INSTALL_IS_GITHUB="false"
# Check if the executable is available in the PATH
if command -v "$MY_SHELLCHECK" >/dev/null 2>&1; then
# Run your command here
shellcheck "$0" || exit 1
else
echo "$MY_SHELLCHECK is not installed. Please install it if changes to this script have been made."
fi
if ! [ "$CP_CMD" = "cp " ]; then
if [ "$CP_CMD" = "cp -v" ]; then
echo "Copy verbose mode"
else
echo "ERROR: Copy mode not supported: $CP_CMD"
exit 1
fi
fi
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
current_path="$(pwd)"
pattern="/mnt/?"
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
if [ $# -gt 0 ]; then
THIS_OPERATION="$1"
if [ "$THIS_OPERATION" = "INSTALL" ]; then
THIS_INSTALL_DIR=$2
echo "Install is active."
if [ "$THIS_INSTALL_DIR" = "" ]; then
if [ -d "$ARDUINO_ROOT$ROOT_DIR" ]; then
echo "Error: the installation directory already exists: $ARDUINO_ROOT$ROOT_DIR"
echo "A new directory needs to be created to ensure there are no stray files"
echo "Please delete or move the directory and try again."
exit 1
fi
else
echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub repository."
THIS_INSTALL_IS_GITHUB="true"
else
echo "Target is NOT a GitHub repository."
fi
fi
else
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
fi
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
WOLFCRYPT_SRC="${WOLFCRYPT_ROOT}/src"
WOLFCRYPT_HEADERS="${WOLFSSL_HEADERS}/wolfcrypt"
OPENSSL_DIR="${WOLFSSL_HEADERS}/openssl"
# TOP indicates the file directory for top level of the wolfssl repository.
TOP_DIR="../.."
WOLFSSL_SRC_TOP="${TOP_DIR}/src"
WOLFSSL_HEADERS_TOP="${TOP_DIR}/wolfssl"
WOLFCRYPT_ROOT_TOP="${TOP_DIR}/wolfcrypt"
WOLFCRYPT_SRC_TOP="${WOLFCRYPT_ROOT_TOP}/src"
WOLFCRYPT_HEADERS_TOP="${WOLFSSL_HEADERS_TOP}/wolfcrypt"
OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
fi
echo ""
THIS_DIR=${PWD##*/}
if [ "$THIS_DIR" = "ARDUINO" ]; then
# mkdir ./wolfssl
if [ -d ".${ROOT_DIR}" ]; then
echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
exit 1
else
echo "Step 01: mkdir .${ROOT_DIR}"
mkdir ."${ROOT_DIR}"
fi fi
# mkdir ./wolfssl/src cp ../../src/*.c ./wolfSSL
if [ ! -d ".${ROOT_SRC_DIR}" ]; then cp ../../wolfcrypt/src/*.c ./wolfSSL
echo "Step 02: mkdir .${ROOT_SRC_DIR}"
mkdir ."${ROOT_SRC_DIR}" if [ ! -d "wolfSSL/wolfssl" ]; then
mkdir wolfSSL/wolfssl
fi fi
cp ../../wolfssl/*.h ./wolfSSL/wolfssl
# mkdir ./wolfssl/src/wolfssl if [ ! -d "wolfSSL/wolfssl/wolfcrypt" ]; then
if [ ! -d ".${WOLFSSL_HEADERS}" ]; then mkdir wolfSSL/wolfssl/wolfcrypt
echo "Step 03: mkdir .${WOLFSSL_HEADERS}"
mkdir ."${WOLFSSL_HEADERS}"
fi fi
cp ../../wolfssl/wolfcrypt/*.h ./wolfSSL/wolfssl/wolfcrypt
# cp ../../wolfssl/*.h ./wolfssl/src/wolfssl # support misc.c as include in wolfcrypt/src
echo "Step 04: cp ${WOLFSSL_HEADERS_TOP}/*.h .${WOLFSSL_HEADERS}" if [ ! -d "./wolfSSL/wolfcrypt" ]; then
$CP_CMD "${WOLFSSL_HEADERS_TOP}"/*.h ."${WOLFSSL_HEADERS}" mkdir ./wolfSSL/wolfcrypt
if [ ! -d ".${WOLFCRYPT_HEADERS}" ]; then
# mkdir ./wolfssl/src/wolfssl/wolfcrypt
echo "Step 05: mkdir .${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}"
mkdir ."${WOLFCRYPT_HEADERS}/port"
mkdir ."${WOLFCRYPT_HEADERS}/port/atmel"
mkdir ."${WOLFCRYPT_HEADERS}/port/Espressif"
fi fi
if [ ! -d "./wolfSSL/wolfcrypt/src" ]; then
# cp ../../wolfssl/wolfcrypt/*.h ./wolfssl/src/wolfssl/wolfcrypt mkdir ./wolfSSL/wolfcrypt/src
echo "Step 06: cp ${WOLFCRYPT_HEADERS_TOP}/*.h .${WOLFCRYPT_HEADERS}"
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/*.h ."${WOLFCRYPT_HEADERS}" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/atmel/*.h ."${WOLFCRYPT_HEADERS}/port/atmel" || exit 1
$CP_CMD "${WOLFCRYPT_HEADERS_TOP}"/port/Espressif/*.h ."${WOLFCRYPT_HEADERS}/port/Espressif" || exit 1
# Add in source files to wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_ROOT}" ]; then
# mkdir ./wolfssl/src/wolfcrypt
echo "Step 07: mkdir .${WOLFCRYPT_ROOT}"
mkdir ."${WOLFCRYPT_ROOT}"
fi fi
cp ../../wolfcrypt/src/misc.c ./wolfSSL/wolfcrypt/src
cp ../../wolfcrypt/src/asm.c ./wolfSSL/wolfcrypt/src
# mkdir ./wolfssl/src/wolfcrypt/src
if [ ! -d ".${WOLFCRYPT_SRC}" ]; then
echo "Step 08: mkdir .${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"
mkdir ."${WOLFCRYPT_SRC}"/port
mkdir ."${WOLFCRYPT_SRC}"/port/atmel
mkdir ."${WOLFCRYPT_SRC}"/port/Espressif
fi
# cp ../../wolfcrypt/src/*.c ./wolfssl/src/wolfcrypt/src
echo "Step 09: cp ${WOLFCRYPT_SRC_TOP}/*.c .${WOLFCRYPT_SRC}"
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/*.c ."${WOLFCRYPT_SRC}" || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/atmel/*.c ."${WOLFCRYPT_SRC}"/port/atmel || exit 1
$CP_CMD -r "${WOLFCRYPT_SRC_TOP}"/port/Espressif/*.c ."${WOLFCRYPT_SRC}"/port/Espressif || exit 1
# Add in source files to top level src folders
if [ ! -d ".${WOLFSSL_SRC}" ]; then
# mkdir ./wolfssl/src/src
echo "Step 10: mkdir .${WOLFSSL_SRC}"
mkdir ."${WOLFSSL_SRC}"
fi
$CP_CMD "${WOLFSSL_SRC_TOP}"/*.c ."${WOLFSSL_SRC}" || exit 1
# put bio and evp as includes # put bio and evp as includes
$CP_CMD ."${WOLFSSL_SRC}"/bio.c ."${WOLFSSL_HEADERS}" || exit 1 mv ./wolfSSL/bio.c ./wolfSSL/wolfssl
$CP_CMD ."${WOLFCRYPT_SRC}"/evp.c ."${WOLFSSL_HEADERS}" || exit 1 mv ./wolfSSL/evp.c ./wolfSSL/wolfssl
# make a copy of evp.c and bio.c for ssl.c to include inline # make a copy of evp.c and bio.c for ssl.c to include inline
$CP_CMD ."${WOLFSSL_HEADERS}"/evp.c ."${WOLFCRYPT_SRC}"/evp.c || exit 1 cp ./wolfSSL/wolfssl/evp.c ./wolfSSL/wolfcrypt/src/evp.c
$CP_CMD ."${WOLFSSL_HEADERS}"/bio.c ."${WOLFCRYPT_SRC}"/bio.c || exit 1 cp ./wolfSSL/wolfssl/bio.c ./wolfSSL/wolfcrypt/src/bio.c
# copy openssl compatibility headers to their appropriate location # copy openssl compatibility headers to their appropriate location
if [ ! -d ".${OPENSSL_DIR}" ]; then if [ ! -d "./wolfSSL/wolfssl/openssl" ]; then
mkdir ."${OPENSSL_DIR}" mkdir ./wolfSSL/wolfssl/openssl
fi fi
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1 cp ../../wolfssl/openssl/* ./wolfSSL/wolfssl/openssl
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src echo "/* Generated wolfSSL header file for Arduino */" > ./wolfSSL/wolfssl.h
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h echo "#include <user_settings.h>" >> ./wolfSSL/wolfssl.h
echo "#include <wolfssl/wolfcrypt/settings.h>" >> ./wolfSSL/wolfssl.h
echo "#include <wolfssl/ssl.h>" >> ./wolfSSL/wolfssl.h
echo "Copy examples...." if [ ! -f "./wolfSSL/user_settings.h" ]; then
# Copy examples echo "/* Generated wolfSSL user_settings.h file for Arduino */" > ./wolfSSL/user_settings.h
mkdir -p ".${ROOT_SRC_DIR}"/examples echo "#ifndef ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
echo "#define ARDUINO_USER_SETTINGS_H" >> ./wolfSSL/user_settings.h
space ./wolfSSL/user_settings.h
echo "/* Platform */" >> ./wolfSSL/user_settings.h
echo "#define WOLFSSL_ARDUINO" >> ./wolfSSL/user_settings.h
space ./wolfSSL/user_settings.h
echo "/* Math library (remove this to use normal math)*/" >> ./wolfSSL/user_settings.h
echo "#define USE_FAST_MATH" >> ./wolfSSL/user_settings.h
echo "#define TFM_NO_ASM" >> ./wolfSSL/user_settings.h
space ./wolfSSL/user_settings.h
echo "/* RNG DEFAULT !!FOR TESTING ONLY!! */" >> ./wolfSSL/user_settings.h
echo "/* comment out the error below to get started w/ bad entropy source" >> ./wolfSSL/user_settings.h
echo " * This will need fixed before distribution but is OK to test with */" >> ./wolfSSL/user_settings.h
echo "#error \"needs solved, see: https://www.wolfssl.com/docs/porting-guide/\"" >> ./wolfSSL/user_settings.h
echo "#define WOLFSSL_GENSEED_FORTEST" >> ./wolfSSL/user_settings.h
space ./wolfSSL/user_settings.h
echo "#endif /* ARDUINO_USER_SETTINGS_H */" >> ./wolfSSL/user_settings.h
fi
echo "Copy wolfssl_client example...." cp wolfSSL/wolfssl/wolfcrypt/settings.h wolfSSL/wolfssl/wolfcrypt/settings.h.bak
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client echo " /* wolfSSL Generated ARDUINO settings */" > ./wolfSSL/wolfssl/wolfcrypt/settings.h
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 echo "#ifndef WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 echo " #define WOLFSSL_USER_SETTINGS" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
echo "#endif /* WOLFSSL_USER_SETTINGS */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
echo " /* wolfSSL Generated ARDUINO settings: END */" >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
cat ./wolfSSL/wolfssl/wolfcrypt/settings.h.bak >> ./wolfSSL/wolfssl/wolfcrypt/settings.h
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
fi fi
# At this point, the library is complete, but we need some additional files.
#
# optional diagnostics:
# echo ".${ROOT_DIR}"
# echo "${TOP_DIR}"
# echo "cp ${TOP_DIR}/README.md .${ROOT_DIR}/"
# Replace the `${WOLFSSL_VERSION}` text in Arduino_README_prepend.md,
# saving it to a .tmp file. Prepend that file to the wolfSSL README.md
# file as PREPENDED_README.md, then copy that to the publish directory
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
cat "$PREPEND_FILE.tmp" ${TOP_DIR}/README.md > PREPENDED_README.md
# Here we'll insert the wolfSSL version into the `library.properties.tmp` file, along with an Arduino version suffix.
# The result should be something like version=5.6.6.Arduino.1 (for the 1st incremental version on top of 5.6.6)
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PROPERTIES_FILE_TEMPLATE" > "library.properties.tmp"
sed -i.backup s/"$ARDUINO_VERSION_SUFFIX_PLACEHOLDER"/"$WOLFSSL_VERSION_ARUINO_SUFFIX"/ "library.properties.tmp"
# cat library.properties.tmp
# echo "${WOLFSSL_VERSION_ARUINO_SUFFIX}"
echo "Step 11: Final root file copy"
$CP_CMD PREPENDED_README.md ."${ROOT_DIR}"/README.md || exit 1
$CP_CMD library.properties.tmp ."${ROOT_DIR}"/library.properties || exit 1
$CP_CMD "${TOP_DIR}"/"LICENSING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"README" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"COPYING" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/"ChangeLog.md" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".editorconfig" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "${TOP_DIR}"/".gitignore" ."${ROOT_DIR}"/ || exit 1
$CP_CMD "keywords.txt" ."${ROOT_DIR}"/ || exit 1
echo "Step 12: Workspace to publish:"
echo ""
head -n 3 PREPENDED_README.md
echo ""
ls ./wolfssl -al
echo ""
# Optionally install to a separate directory.
# Note we should have exited above if a problem was encountered,
# as we'll never want to install a bad library.
if [ "$THIS_OPERATION" = "INSTALL" ]; then
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
else
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
# Show the user_settings.h revision string:
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
echo "Install:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
fi
fi
echo "Done!"

39
IDE/ARDUINO/wolfssl.h
View File

@@ -1,39 +0,0 @@
/* wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#endif
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};

153
IDE/AURIX/Cpu0_Main.c
View File

@@ -1,153 +0,0 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Infineon includes */
#include "Ifx_Types.h"
#include "IfxCpu.h"
#include "IfxScuWdt.h"
#include "IfxAsclin_Asc.h"
#include "IfxCpu_Irq.h"
#include "IfxPort.h"
#include "SysSe/Bsp/Bsp.h"
/* For mapping stdio printf */
#include <stdio.h>
#include <string.h>
/* used to wait for CPU sync event */
IFX_ALIGN(4) IfxCpu_syncEvent g_cpuSyncEvent = 0;
#define SERIAL_BAUDRATE 115200 /* Baud rate in bit/s */
#define SERIAL_PIN_RX IfxAsclin0_RXA_P14_1_IN /* RX pin of the board */
#define SERIAL_PIN_TX IfxAsclin0_TX_P14_0_OUT /* TX pin of the board */
#define INTPRIO_ASCLIN0_TX 19 /* Priority of the ISR */
#define ASC_TX_BUFFER_SIZE 128 /* Definition of the buffer size */
/* Declaration of the ASC handle */
static IfxAsclin_Asc g_asc;
/* Declaration of the FIFOs parameters:
* The transfer buffers allocate memory for the data itself and for FIFO runtime
* variables. 8 more bytes have to be added to ensure a proper circular buffer
* handling independent from the address to which the buffers have been located.
*/
static uint8 g_ascTxBuffer[ASC_TX_BUFFER_SIZE + sizeof(Ifx_Fifo) + 8];
/******************************************************************************/
/*----Function Implementations------------------------------------------------*/
/******************************************************************************/
/* Re-target the C library printf function to the asc lin. */
int fputc(int ch, FILE *f)
{
Ifx_SizeT count;
/* convert to CRLF */
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);
return ch;
}
/* Add the Interrupt Service Routine */
IFX_INTERRUPT(asclin0_Tx_ISR, 0, INTPRIO_ASCLIN0_TX);
void asclin0_Tx_ISR(void)
{
IfxAsclin_Asc_isrTransmit(&g_asc);
}
static void init_UART(void)
{
IfxAsclin_Asc_Config ascConfig;
IfxCpu_Irq_installInterruptHandler(asclin0_Tx_ISR, INTPRIO_ASCLIN0_TX);
/* Port pins configuration */
const IfxAsclin_Asc_Pins pins = {
NULL_PTR, IfxPort_InputMode_pullUp, /* CTS pin not used */
&SERIAL_PIN_RX, IfxPort_InputMode_pullUp, /* RX pin */
NULL_PTR, IfxPort_OutputMode_pushPull, /* RTS pin not used */
&SERIAL_PIN_TX, IfxPort_OutputMode_pushPull, /* TX pin */
IfxPort_PadDriver_cmosAutomotiveSpeed1
};
/* Initialize an instance of IfxAsclin_Asc_Config with default values */
IfxAsclin_Asc_initModuleConfig(&ascConfig, SERIAL_PIN_TX.module);
/* Set the desired baud rate */
ascConfig.baudrate.baudrate = SERIAL_BAUDRATE;
/* ISR priorities and interrupt target */
ascConfig.interrupt.txPriority = INTPRIO_ASCLIN0_TX;
ascConfig.interrupt.typeOfService = IfxCpu_Irq_getTos(IfxCpu_getCoreIndex());
/* FIFO configuration */
ascConfig.txBuffer = &g_ascTxBuffer;
ascConfig.txBufferSize = ASC_TX_BUFFER_SIZE;
ascConfig.pins = &pins;
/* Initialize module with above parameters */
IfxAsclin_Asc_initModule(&g_asc, &ascConfig);
/* Turn off buffers, so I/O occurs immediately */
setvbuf(stdin, NULL, _IONBF, 0);
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
}
int send_UART(const char* str)
{
Ifx_SizeT count = (Ifx_SizeT)strlen(str);
IfxAsclin_Asc_write(&g_asc, str, &count, TIME_INFINITE);
return (int)count;
}
void core0_main(void)
{
IfxCpu_enableInterrupts();
/* !!WATCHDOG0 AND SAFETY WATCHDOG ARE DISABLED HERE!!
* Enable the watchdogs and service them periodically if it is required
*/
IfxScuWdt_disableCpuWatchdog(IfxScuWdt_getCpuWatchdogPassword());
IfxScuWdt_disableSafetyWatchdog(IfxScuWdt_getSafetyWatchdogPassword());
/* Wait for CPU sync event */
IfxCpu_emitEvent(&g_cpuSyncEvent);
IfxCpu_waitEvent(&g_cpuSyncEvent, 1);
/* Initialize the UART to board VCOM */
init_UART();
/* bare metal loop */
while(1)
{
extern void run_wolf_tests(void);
run_wolf_tests();
/* wait 5 seconds */
waitTime(IfxStm_getTicksFromMilliseconds(BSP_DEFAULT_TIMER, 5 * 1000));
} /* while */
}

114
IDE/AURIX/README.md
View File

@@ -1,114 +0,0 @@
# Infineon AURIX Development Studio
An Eclipse based IDE for developing software for the Infineon TriCore AURIX TX3XX.
Tested Platform:
* Infineon AURIX™ Development Studio 1.7.2 (Build 20220617-0730)
* Infineon TriBoard TC399 v2.0
* wolfSSL v5.4.0 (with PR 5419)
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.
3) Add `Libraries/wolfssl` to the include path. C/C++ General -> Paths and Symbols -> Includes -> GNU C
4) Add ignores for the following warnings. Unused static function (553) and switch missing break (536). C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Diagnostics
5) Copy `Cpu0_Main.c`, `user_settings.h` and `wolf_main.c` into the project folder.
6) Increase the stack by modifying `Lcf_Tasking_Tricore_Tc.lsl` to adjusting the USTACK0-4 (`LCF_USTACK#_SIZE`) from 2k to 12k.
6) Build and run/debug.
### Example output from wolfCrypt test and benchmark
Benchmark Configuration:
* TriCore (TC1.6.2P) 32-bit super-scalar running at 300MHz:
* Release build: `-O2`
* SP Math SMALL: sp_c32.c for RSA/ECC/DH
* AES GCM SMALL
```
Running wolfCrypt Tests...
------------------------------------------------------------------------------
wolfSSL version 5.4.0
------------------------------------------------------------------------------
error test passed!
MEMORY test passed!
base64 test passed!
asn test passed!
RANDOM test passed!
SHA test passed!
SHA-256 test passed!
Hash test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
HMAC-KDF test passed!
TLSv1.3 KDF test passed!
GMAC test passed!
Chacha test passed!
POLY1305 test passed!
ChaCha20-Poly1305 AEAD test passed!
AES test passed!
AES192 test passed!
AES256 test passed!
AES-GCM test passed!
RSA test passed!
ECC test passed!
ECC buffer test passed!
CMAC test passed!
logging test passed!
time test passed!
mutex test passed!
memcb test passed!
Test complete
Crypt Test: Return code 0
Running wolfCrypt Benchmarks...
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 725 KB took 1.023 seconds, 708.703 KB/s
AES-128-CBC-enc 2 MB took 1.002 seconds, 2.071 MB/s
AES-128-CBC-dec 2 MB took 1.005 seconds, 2.065 MB/s
AES-192-CBC-enc 2 MB took 1.002 seconds, 1.779 MB/s
AES-192-CBC-dec 2 MB took 1.013 seconds, 1.783 MB/s
AES-256-CBC-enc 2 MB took 1.003 seconds, 1.558 MB/s
AES-256-CBC-dec 2 MB took 1.009 seconds, 1.573 MB/s
AES-128-GCM-enc 225 KB took 1.013 seconds, 222.112 KB/s
AES-128-GCM-dec 225 KB took 1.014 seconds, 221.892 KB/s
AES-192-GCM-enc 225 KB took 1.046 seconds, 215.107 KB/s
AES-192-GCM-dec 225 KB took 1.046 seconds, 215.104 KB/s
AES-256-GCM-enc 225 KB took 1.070 seconds, 210.279 KB/s
AES-256-GCM-dec 225 KB took 1.069 seconds, 210.477 KB/s
GMAC Small 251 KB took 1.000 seconds, 251.000 KB/s
AES-128-ECB-enc 2 MB took 1.000 seconds, 2.000 MB/s
AES-128-ECB-dec 2 MB took 1.000 seconds, 2.049 MB/s
AES-192-ECB-enc 2 MB took 1.000 seconds, 1.727 MB/s
AES-192-ECB-dec 2 MB took 1.000 seconds, 1.772 MB/s
AES-256-ECB-enc 2 MB took 1.000 seconds, 1.518 MB/s
AES-256-ECB-dec 2 MB took 1.000 seconds, 1.563 MB/s
CHACHA 3 MB took 1.007 seconds, 3.322 MB/s
CHA-POLY 2 MB took 1.011 seconds, 2.028 MB/s
POLY1305 6 MB took 1.003 seconds, 6.012 MB/s
SHA 3 MB took 1.004 seconds, 3.380 MB/s
SHA-256 2 MB took 1.003 seconds, 1.558 MB/s
AES-128-CMAC 2 MB took 1.010 seconds, 2.055 MB/s
AES-256-CMAC 2 MB took 1.010 seconds, 1.547 MB/s
HMAC-SHA 3 MB took 1.004 seconds, 3.356 MB/s
HMAC-SHA256 2 MB took 1.010 seconds, 1.547 MB/s
RSA 2048 public 50 ops took 1.020 sec, avg 20.400 ms, 49.019 ops/sec
RSA 2048 private 2 ops took 2.377 sec, avg 1188.492 ms, 0.841 ops/sec
ECC [ SECP256R1] 256 key gen 16 ops took 1.061 sec, avg 66.313 ms, 15.080 ops/sec
ECDHE [ SECP256R1] 256 agree 16 ops took 1.059 sec, avg 66.187 ms, 15.109 ops/sec
ECDSA [ SECP256R1] 256 sign 14 ops took 1.058 sec, avg 75.570 ms, 13.233 ops/sec
ECDSA [ SECP256R1] 256 verify 8 ops took 1.080 sec, avg 135.002 ms, 7.407 ops/sec
Benchmark complete
Benchmark Test: Return code 0
```
## Running wolfCrypt on the HSM (Cortex M3)
Coming soon
## Support
For questions please email facts@wolfssl.com

8
IDE/AURIX/include.am
View File

@@ -1,8 +0,0 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= IDE/AURIX/Cpu0_Main.c
EXTRA_DIST+= IDE/AURIX/README.md
EXTRA_DIST+= IDE/AURIX/user_settings.h
EXTRA_DIST+= IDE/AURIX/wolf_main.c

460
IDE/AURIX/user_settings.h
View File

@@ -1,460 +0,0 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* Template for the Infineon AURIX Development Studio and TC3XX
* Example wolfSSL user settings with #if 0/1 gates to enable/disable algorithms and features.
* This file is included with wolfssl/wolfcrypt/settings.h when WOLFSSL_USER_SETTINGS is defined.
*/
#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H
#ifdef __cplusplus
extern "C" {
#endif
/* ------------------------------------------------------------------------- */
/* Platform */
/* ------------------------------------------------------------------------- */
/* Alignment and sizeof 64-bit */
#define WOLFSSL_GENERAL_ALIGNMENT 4
#define SIZEOF_LONG_LONG 8
/* disable threading - mutex locking */
#define SINGLE_THREADED
/* ignore file include warnings */
#define WOLFSSL_IGNORE_FILE_WARN
/* disable the built-in socket support and use the IO callbacks.
* Set with wolfSSL_CTX_SetIORecv/wolfSSL_CTX_SetIOSend
*/
#define WOLFSSL_USER_IO
/* Disable file system */
#define NO_FILESYSTEM
/* ------------------------------------------------------------------------- */
/* Port */
/* ------------------------------------------------------------------------- */
/* Override Current Time */
/* Allows custom "custom_time()" function to be used for benchmark */
#define WOLFSSL_USER_CURRTIME
#define WOLFSSL_GMTIME
#define USER_TICKS
extern unsigned long my_time(unsigned long* timer);
#define XTIME my_time
/* Use built-in P-RNG (SHA256 based) with HW RNG */
#undef HAVE_HASHDRBG
#define HAVE_HASHDRBG
/* Custom Seed Source */
#define CUSTOM_RAND_TYPE unsigned int
extern unsigned int my_rng_seed_gen(void);
#undef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_GENERATE my_rng_seed_gen
/* Standard Lib - C89 */
#define XSTRCASECMP(s1,s2) strcmp((s1),(s2))
/* ------------------------------------------------------------------------- */
/* Math Configuration */
/* ------------------------------------------------------------------------- */
#undef USE_FAST_MATH
#undef WOLFSSL_SP
#if 1
/* Wolf Single Precision Math */
#define WOLFSSL_HAVE_SP_RSA
//#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */
//#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */
#define WOLFSSL_SP_NO_MALLOC
//#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */
/* use smaller version of code */
#define WOLFSSL_SP_SMALL
/* SP Assembly Speedups - specific to chip type */
//#define WOLFSSL_SP_ASM
//#define WOLFSSL_SP_ARM32_ASM
//#define WOLFSSL_SP_ARM64_ASM
//#define WOLFSSL_SP_ARM_THUMB_ASM
//#define WOLFSSL_SP_ARM_CORTEX_M_ASM
#endif
#ifndef WOLFSSL_SP_MATH
#if 0
/* fast math (tfmc.) (stack based and timing resistant) */
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#else
/* normal heap based integer.c (not timing resistant) */
#define USE_INTEGER_HEAP_MATH
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Crypto */
/* ------------------------------------------------------------------------- */
/* RSA */
#undef NO_RSA
#if 1
#ifdef USE_FAST_MATH
/* Maximum math bits (Max RSA key bits * 2) */
#define FP_MAX_BITS 4096
#endif
/* half as much memory but twice as slow */
//#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#define WC_RSA_BLINDING
/* RSA PSS Support */
#define WC_RSA_PSS
#else
#define NO_RSA
#endif
/* DH */
#undef NO_DH
#if 0
/* Use table for DH instead of -lm (math) lib dependency */
#if 1
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048
//#define HAVE_FFDHE_4096
//#define HAVE_FFDHE_6144
//#define HAVE_FFDHE_8192
#endif
#else
#define NO_DH
#endif
/* ECC */
#undef HAVE_ECC
#if 1
#define HAVE_ECC
/* Manually define enabled curves */
#define ECC_USER_CURVES
#ifdef ECC_USER_CURVES
/* Manual Curve Selection */
//#define HAVE_ECC192
//#define HAVE_ECC224
#undef NO_ECC256
#define HAVE_ECC384
//#define HAVE_ECC521
#endif
/* Fixed point cache (speeds repeated operations against same private key) */
//#define FP_ECC
#ifdef FP_ECC
/* Bits / Entries */
#define FP_ENTRIES 2
#define FP_LUT 4
#endif
/* Optional ECC calculation method */
/* Note: doubles heap usage, but slightly faster */
#define ECC_SHAMIR
/* Reduces heap usage, but slower */
#define ECC_TIMING_RESISTANT
/* Compressed ECC Key Support */
//#define HAVE_COMP_KEY
/* Use alternate ECC size for ECC math */
#ifdef USE_FAST_MATH
/* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
#if defined(NO_RSA) && defined(NO_DH)
/* Custom fastmath size if not using RSA/DH */
#define FP_MAX_BITS (256 * 2)
#else
/* use heap allocation for ECC points */
#define ALT_ECC_SIZE
/* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
//#define FP_MAX_BITS_ECC (256 * 2)
#endif
/* Speedups specific to curve */
#ifndef NO_ECC256
#define TFM_ECC256
#endif
#endif
#endif
/* AES */
#undef NO_AES
#if 1
#define HAVE_AES_CBC
/* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */
#define HAVE_AESGCM
#define GCM_SMALL
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_ECB
#else
#define NO_AES
#endif
/* DES3 */
#undef NO_DES3
#if 0
#else
#define NO_DES3
#endif
/* ChaCha20 / Poly1305 */
#undef HAVE_CHACHA
#undef HAVE_POLY1305
#if 1
#define HAVE_CHACHA
#define HAVE_POLY1305
/* Needed for Poly1305 */
#define HAVE_ONE_TIME_AUTH
#endif
/* Ed25519 / Curve25519 */
#undef HAVE_CURVE25519
#undef HAVE_ED25519
#if 0
#define HAVE_CURVE25519
#define HAVE_ED25519 /* ED25519 Requires SHA512 */
/* Optionally use small math (less flash usage, but much slower) */
#if 1
#define CURVED25519_SMALL
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Hashing */
/* ------------------------------------------------------------------------- */
/* Sha */
#undef NO_SHA
#if 1
/* on by default */
/* 1k smaller, but 25% slower */
//#define USE_SLOW_SHA
#else
#define NO_SHA
#endif
/* Sha256 */
#undef NO_SHA256
#if 1
/* not unrolled - ~2k smaller and ~25% slower */
//#define USE_SLOW_SHA256
/* Sha224 */
#if 0
#define WOLFSSL_SHA224
#endif
#else
#define NO_SHA256
#endif
/* Sha512 */
#undef WOLFSSL_SHA512
#if 0
#define WOLFSSL_SHA512
/* Sha384 */
#undef WOLFSSL_SHA384
#if 0
#define WOLFSSL_SHA384
#endif
/* over twice as small, but 50% slower */
//#define USE_SLOW_SHA512
#endif
/* Sha3 */
#undef WOLFSSL_SHA3
#if 0
#define WOLFSSL_SHA3
#endif
/* MD5 */
#undef NO_MD5
#if 0
/* on by default */
#else
#define NO_MD5
#endif
/* HKDF */
#undef HAVE_HKDF
#if 1
#define HAVE_HKDF
#endif
/* CMAC */
#undef WOLFSSL_CMAC
#if 1
#define WOLFSSL_CMAC
/* Note: requires WOLFSSL_AES_DIRECT */
#endif
/* HMAC - on by default */
#undef NO_HMAC
#if 1
/* on by default */
#else
#define NO_HMAC
#endif
/* ------------------------------------------------------------------------- */
/* ASN */
/* ------------------------------------------------------------------------- */
#if 0
/* Use the newer ASN template code */
#define WOLFSSL_ASN_TEMPLATE
//#define WOLFSSL_CUSTOM_OID
//#define HAVE_OID_ENCODING
//#define HAVE_OID_DECODING
#else
/* Use the original custom ASN code */
#endif
/* Optionally disable time checking for ASN */
//#define NO_ASN_TIME
/* ------------------------------------------------------------------------- */
/* Benchmark / Test */
/* ------------------------------------------------------------------------- */
/* Use reduced benchmark / test sizes */
#define BENCH_EMBEDDED
/* Use test buffers from array (not filesystem) */
#ifndef NO_FILESYSTEM
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
#endif
/* ------------------------------------------------------------------------- */
/* Debugging */
/* ------------------------------------------------------------------------- */
#undef DEBUG_WOLFSSL
#undef NO_ERROR_STRINGS
#if 0
#define DEBUG_WOLFSSL
#define WOLFSSL_LOG_PRINTF
#else
#if 0
#define NO_ERROR_STRINGS
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Memory */
/* ------------------------------------------------------------------------- */
#if 0
/* Static memory requires fast math or SP math with no malloc */
#define WOLFSSL_STATIC_MEMORY
/* Disable fallback malloc/free */
#define WOLFSSL_NO_MALLOC
#if 1
#define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
#endif
#endif
/* ------------------------------------------------------------------------- */
/* Enable Features */
/* ------------------------------------------------------------------------- */
#define WOLFSSL_TLS13
#define WOLFSSL_OLD_PRIME_CHECK /* Use faster DH prime checking */
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_BASE64_ENCODE
//#define WOLFSSL_KEY_GEN /* For RSA Key gen only */
//#define KEEP_PEER_CERT
//#define HAVE_COMP_KEY
/* TLS Session Cache */
#if 0
#define SMALL_SESSION_CACHE
#else
#define NO_SESSION_CACHE
#endif
/* ------------------------------------------------------------------------- */
/* Disable Features */
/* ------------------------------------------------------------------------- */
//#define NO_WOLFSSL_SERVER
//#define NO_WOLFSSL_CLIENT
//#define NO_CRYPT_TEST
//#define NO_CRYPT_BENCHMARK
//#define WOLFCRYPT_ONLY
/* In-lining of misc.c functions */
/* If defined, must include wolfcrypt/src/misc.c in build */
/* Slower, but about 1k smaller */
//#define NO_INLINE
#define NO_WRITEV
#define NO_MAIN_DRIVER
//#define NO_DEV_RANDOM
#define NO_OLD_TLS
#define NO_PSK
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_PWDBASED
//#define NO_CODING
//#define NO_CERTS
//#define NO_SIG_WRAPPER
#ifdef __cplusplus
}
#endif
#endif /* WOLFSSL_USER_SETTINGS_H */

150
IDE/AURIX/wolf_main.c
View File

@@ -1,150 +0,0 @@
/* wolf_main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* wolfSSL includes */
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/random.h> /* for CUSTOM_RAND_TYPE */
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
#include <stdint.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
/* Infineon Includes */
#include "Ifx_Types.h"
#include "IfxStm.h"
extern int send_UART(const char* str);
static void my_logging_cb(const int logLevel, const char *const logMessage)
{
send_UART(logMessage);
send_UART("\r\n");
(void)logLevel; /* not used */
}
/* TIME CODE */
/* Optionally you can define NO_ASN_TIME to disable all cert time checks */
static int hw_get_time_sec(void)
{
/* get time in seconds */
return IfxStm_get(&MODULE_STM0) / IfxStm_getFrequency(&MODULE_STM0);
}
/* This is used by wolfCrypt asn.c for cert time checking */
unsigned long my_time(unsigned long* timer)
{
(void)timer;
return hw_get_time_sec();
}
#ifndef WOLFCRYPT_ONLY
/* This is used by TLS only */
unsigned int LowResTimer(void)
{
return hw_get_time_sec();
}
#endif
#ifndef NO_CRYPT_BENCHMARK
/* This is used by wolfCrypt benchmark tool only */
double current_time(int reset)
{
double timeNow;
uint64_t timeMs, ticks = IfxStm_get(&MODULE_STM0);
(void)reset;
timeMs = ticks / (IfxStm_getFrequency(&MODULE_STM0) / 1000);
timeNow = (timeMs / 1000); // sec
timeNow += (double)(timeMs % 1000) / 1000; // ms
return timeNow;
}
#endif
/* RNG CODE */
/* TODO: Implement real RNG */
static unsigned int gCounter;
unsigned int hw_rand(void)
{
//#warning Must implement your own random source
return ++gCounter;
}
unsigned int my_rng_seed_gen(void)
{
return hw_rand();
}
typedef struct func_args {
int argc;
char** argv;
int return_code;
} func_args;
void run_wolf_tests(void)
{
func_args args;
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
wolfSSL_SetLoggingCb(my_logging_cb);
/* initialize wolfSSL */
#ifdef WOLFCRYPT_ONLY
wolfCrypt_Init();
#else
wolfSSL_Init();
#endif
memset(&args, 0, sizeof(args));
args.return_code = NOT_COMPILED_IN; /* default */
printf("Running wolfCrypt Tests...\n");
#ifndef NO_CRYPT_TEST
args.return_code = 0;
wolfcrypt_test(&args);
printf("Crypt Test: Return code %d\n", args.return_code);
#else
args.return_code = NOT_COMPILED_IN;
#endif
printf("Running wolfCrypt Benchmarks...\n");
#ifndef NO_CRYPT_BENCHMARK
args.return_code = 0;
benchmark_test(&args);
#else
args.return_code = NOT_COMPILED_IN;
#endif
printf("Benchmark Test: Return code %d\n", args.return_code);
#ifdef WOLFCRYPT_ONLY
wolfCrypt_Cleanup();
#else
wolfSSL_Cleanup();
#endif
}

9
IDE/Android/Android.bp
View File

@@ -17,11 +17,6 @@ cc_library_shared {
"-DWOLFSSL_USER_SETTINGS", "-DWOLFSSL_USER_SETTINGS",
"-Os", "-Os",
"-fomit-frame-pointer", "-fomit-frame-pointer",
/* If using WOLFSSL_ARMASM then add these cflags for ARM crypto extensions */
/* "-mcpu=cortex-a73+crypto", */
/* "-march=armv8-a", */
/* "-mstrict-align", */
], ],
include_dirs: [ include_dirs: [
"external/wolfssl/wolfssl", "external/wolfssl/wolfssl",
@@ -73,9 +68,10 @@ cc_library_shared {
"./wolfcrypt/src/ge_operations.c", "./wolfcrypt/src/ge_operations.c",
"./wolfcrypt/src/hash.c", "./wolfcrypt/src/hash.c",
"./wolfcrypt/src/kdf.c", "./wolfcrypt/src/kdf.c",
"./wolfcrypt/src/hc128.c",
"./wolfcrypt/src/hmac.c", "./wolfcrypt/src/hmac.c",
"./wolfcrypt/src/idea.c",
"./wolfcrypt/src/integer.c", "./wolfcrypt/src/integer.c",
"./wolfcrypt/src/kdf.c",
"./wolfcrypt/src/logging.c", "./wolfcrypt/src/logging.c",
"./wolfcrypt/src/md2.c", "./wolfcrypt/src/md2.c",
"./wolfcrypt/src/md4.c", "./wolfcrypt/src/md4.c",
@@ -85,6 +81,7 @@ cc_library_shared {
"./wolfcrypt/src/pkcs7.c", "./wolfcrypt/src/pkcs7.c",
"./wolfcrypt/src/poly1305.c", "./wolfcrypt/src/poly1305.c",
"./wolfcrypt/src/pwdbased.c", "./wolfcrypt/src/pwdbased.c",
"./wolfcrypt/src/rabbit.c",
"./wolfcrypt/src/random.c", "./wolfcrypt/src/random.c",
"./wolfcrypt/src/rc2.c", "./wolfcrypt/src/rc2.c",
"./wolfcrypt/src/ripemd.c", "./wolfcrypt/src/ripemd.c",

36
IDE/Android/user_settings.h
View File

@@ -8,32 +8,12 @@
#define HAVE_FIPS #define HAVE_FIPS
#endif #endif
#ifdef __aarch64__
#if !defined(__clang__) || \
(defined(__clang__) && defined(__clang_major__) && __clang_major__ >= 5)
/* older clang v4 has issue with inline assembly constraints */
#define WOLFSSL_ARMASM
#endif
#endif
#if 1 /* SP Assembly Speedups (wPAA) */
#define WOLFSSL_SP
#define WOLFSSL_SP_SMALL /* use smaller version of code */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#ifdef WOLFSSL_ARMASM
#define WOLFSSL_SP_ARM64_ASM
#endif
#endif
/* WPA Supplicant Support */ /* WPA Supplicant Support */
#define WOLFSSL_WPAS_SMALL #define WOLFSSL_WPAS_SMALL
#define OPENSSL_ALL #define OPENSSL_ALL
#define HAVE_THREAD_LS #define HAVE_THREAD_LS
#define USE_FAST_MATH #define USE_FAST_MATH
#define FP_MAX_BITS (4096*2) /* Maximum math bits (Max RSA key bits * 2) */
#define TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT #define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING #define WC_RSA_BLINDING
@@ -42,8 +22,8 @@
#if 1 #if 1
#define WOLFSSL_TLS13 #define WOLFSSL_TLS13
#define WC_RSA_PSS
#endif #endif
#define WC_RSA_PSS
#define HAVE_SESSION_TICKET #define HAVE_SESSION_TICKET
#define HAVE_TLS_EXTENSIONS #define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES #define HAVE_SUPPORTED_CURVES
@@ -58,7 +38,7 @@
#define HAVE_PK_CALLBACKS #define HAVE_PK_CALLBACKS
/* crypto callback support is not in FIPS 3389 */ /* crypto callback support is not in FIPS 3389 */
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
#define WOLF_CRYPTO_CB #define WOLF_CRYPTO_CB
#endif #endif
#define KEEP_OUR_CERT #define KEEP_OUR_CERT
@@ -78,10 +58,7 @@
#define WOLFSSL_KEY_GEN #define WOLFSSL_KEY_GEN
#define WC_RSA_NO_PADDING #define WC_RSA_NO_PADDING
#define WOLFSSL_DH_CONST
#define HAVE_FFDHE_2048 #define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define HAVE_DH_DEFAULT_PARAMS #define HAVE_DH_DEFAULT_PARAMS
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT #define WOLFSSL_VALIDATE_FFC_IMPORT
@@ -91,9 +68,6 @@
#define WOLFSSL_SHA224 #define WOLFSSL_SHA224
#define WOLFSSL_SHA512 #define WOLFSSL_SHA512
#define WOLFSSL_SHA384 #define WOLFSSL_SHA384
#define WOLFSSL_NOSHA512_256
#define WOLFSSL_NOSHA512_224
#define WOLFSSL_SHA3
#define HAVE_HKDF #define HAVE_HKDF
#define HAVE_PKCS8 #define HAVE_PKCS8
@@ -106,9 +80,6 @@
#define HAVE_ECC_CDH #define HAVE_ECC_CDH
#define WOLFSSL_VALIDATE_ECC_IMPORT #define WOLFSSL_VALIDATE_ECC_IMPORT
#endif #endif
#ifdef __i386
#define TFM_NO_ASM
#endif
#define HAVE_AESGCM #define HAVE_AESGCM
#define HAVE_AESCCM #define HAVE_AESCCM
@@ -122,6 +93,9 @@
#define NO_DSA #define NO_DSA
#define NO_RC4 #define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define NO_RC4
#define NO_PSK #define NO_PSK
#define WOLFSSL_NO_SHAKE256 #define WOLFSSL_NO_SHAKE256
#define NO_MD4 #define NO_MD4

5
IDE/CRYPTOCELL/main.c
View File

@@ -1,6 +1,6 @@
/* main.c /* main.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -19,7 +19,6 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h> #include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h> #include <wolfcrypt/benchmark/benchmark.h>
@@ -27,7 +26,7 @@
/* wolfCrypt_Init/wolfCrypt_Cleanup to turn CryptoCell hardware on/off */ /* wolfCrypt_Init/wolfCrypt_Cleanup to turn CryptoCell hardware on/off */
#include <wolfssl/wolfcrypt/wc_port.h> #include <wolfssl/wolfcrypt/wc_port.h>
/* SEGGER_RTT_Init, you can potentially replace it with other serial terminal */ /* SEGGER_RTT_Init, you can potential replace it with other serial terminal */
#include "SEGGER_RTT.h" #include "SEGGER_RTT.h"
int main(void) int main(void)

9
IDE/CRYPTOCELL/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h /* user_settings.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -88,6 +88,7 @@ extern "C" {
#define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH #define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC #define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_CACHE_RESISTANT
//#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */ //#define WOLFSSL_SP_MATH /* only SP math - eliminates fast math code */
/* Assembly */ /* Assembly */
@@ -557,6 +558,12 @@ extern "C" {
#undef NO_OLD_TLS #undef NO_OLD_TLS
#define NO_OLD_TLS #define NO_OLD_TLS
#undef NO_HC128
#define NO_HC128
#undef NO_RABBIT
#define NO_RABBIT
#undef NO_PSK #undef NO_PSK
#define NO_PSK #define NO_PSK

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@@ -1,6 +1,6 @@
/* deos_malloc.c /* deos_malloc.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

15
IDE/ECLIPSE/DEOS/deos_wolfssl/.project
View File

@@ -424,11 +424,21 @@
<type>1</type> <type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hash.c</locationURI> <locationURI>WOLFSSL_ROOT/wolfcrypt/src/hash.c</locationURI>
</link> </link>
<link>
<name>wolfcrypt/src/hc128.c</name>
<type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hc128.c</locationURI>
</link>
<link> <link>
<name>wolfcrypt/src/hmac.c</name> <name>wolfcrypt/src/hmac.c</name>
<type>1</type> <type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/hmac.c</locationURI> <locationURI>WOLFSSL_ROOT/wolfcrypt/src/hmac.c</locationURI>
</link> </link>
<link>
<name>wolfcrypt/src/idea.c</name>
<type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/idea.c</locationURI>
</link>
<link> <link>
<name>wolfcrypt/src/integer.c</name> <name>wolfcrypt/src/integer.c</name>
<type>1</type> <type>1</type>
@@ -479,6 +489,11 @@
<type>1</type> <type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/pwdbased.c</locationURI> <locationURI>WOLFSSL_ROOT/wolfcrypt/src/pwdbased.c</locationURI>
</link> </link>
<link>
<name>wolfcrypt/src/rabbit.c</name>
<type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/rabbit.c</locationURI>
</link>
<link> <link>
<name>wolfcrypt/src/random.c</name> <name>wolfcrypt/src/random.c</name>
<type>1</type> <type>1</type>

22
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.c /* tls_wolfssl.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -31,19 +31,19 @@ int setupTransport(clientConnectionHandleType* connectionHandle,
char* connectionId) { char* connectionId) {
int ret, error; int ret, error;
void * sendBuffer; void * sendBuffer;
size_t bufferSizeInBytes; DWORD bufferSizeInBytes;
if ((ret = socketTransportInitialize("mailbox-transport.config", if ((ret = socketTransportInitialize("mailbox-transport.config",
"transportConfigurationId", "transportConfigurationId",
waitIndefinitely,&error)) != transportSuccess) (DWORD)waitIndefinitely,&error)) != transportSuccess)
printf("Initialize 0x%x, error=%d\n", ret, error); printf("Initialize 0x%x, error=%d\n", ret, error);
else if ((ret = socketTransportClientInitialize(waitIndefinitely, else if ((ret = socketTransportClientInitialize((DWORD)waitIndefinitely,
&error)) != transportSuccess) &error)) != transportSuccess)
printf("ClientInitialize 0x%x, error=%d\n", ret, error); printf("ClientInitialize 0x%x, error=%d\n", ret, error);
else if ((ret = socketTransportCreateConnection(connectionId, else if ((ret = socketTransportCreateConnection(connectionId,
waitIndefinitely, (DWORD)waitIndefinitely,
COMPATIBILITY_ID_2, COMPATIBILITY_ID_2,
connectionHandle, connectionHandle,
&sendBuffer, &sendBuffer,
@@ -53,7 +53,7 @@ int setupTransport(clientConnectionHandleType* connectionHandle,
else if ((ret = socketTransportSetConnectionForThread(currentThreadHandle(), else if ((ret = socketTransportSetConnectionForThread(currentThreadHandle(),
*connectionHandle, *connectionHandle,
waitIndefinitely, (DWORD)waitIndefinitely,
&error)) != transportSuccess) &error)) != transportSuccess)
printf("SetConnectionForThread 0x%x, error=%d\n", ret, error); printf("SetConnectionForThread 0x%x, error=%d\n", ret, error);
@@ -162,7 +162,7 @@ void wolfssl_client_test(uintData_t statusPtr) {
TCP_SERVER_IP_ADDR, TCP_SERVER_PORT); TCP_SERVER_IP_ADDR, TCP_SERVER_PORT);
server_addr.sin_family = AF_INET; server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = inet_addr(TCP_SERVER_IP_ADDR); server_addr.sin_addr = inet_addr(TCP_SERVER_IP_ADDR);
server_addr.sin_port = htons(TCP_SERVER_PORT); server_addr.sin_port = htons(TCP_SERVER_PORT);
printf("Calling connect on socket\n"); printf("Calling connect on socket\n");
@@ -407,7 +407,7 @@ void wolfssl_server_test(uintData_t statusPtr)
printf("Setting up server_addr struct\n"); printf("Setting up server_addr struct\n");
server_addr.sin_family = AF_INET; server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = INADDR_ANY; server_addr.sin_addr = INADDR_ANY;
server_addr.sin_port = htons(TLS_SERVER_PORT); server_addr.sin_port = htons(TLS_SERVER_PORT);
bindStatus = bind(sock_listen, (sockaddr *) &server_addr, sizeof(server_addr)); bindStatus = bind(sock_listen, (sockaddr *) &server_addr, sizeof(server_addr));
@@ -510,7 +510,7 @@ void wolfssl_server_test(uintData_t statusPtr)
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
return; return;
} }
/* goToSleep() for 500 milliseconds */ /* goToSleep() for 500 milli sec*/
} }
} while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ)); } while ((ret != SSL_SUCCESS) && (error == SSL_ERROR_WANT_READ));
@@ -580,14 +580,14 @@ int wolfsslRunTests (void)
ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test, ts = createThread("TCPclient", "TCPThreadTemplate", wolfssl_client_test,
0, &TCPhandle ); 0, &TCPhandle );
if (ts != threadSuccess) { if (ts != threadSuccess) {
printf("Unable to create TCP client thread, %i ", (size_t)ts); printf("Unable to create TCP client thread, %i ", (DWORD)ts);
} }
#endif #endif
#if !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_SERVER)
ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test, ts = createThread("TCPserver", "TCPThreadTemplate", wolfssl_server_test,
0, &TCPhandle ); 0, &TCPhandle );
if (ts != threadSuccess) { if (ts != threadSuccess) {
printf("Unable to create TCP server thread, %i ", (size_t)ts); printf("Unable to create TCP server thread, %i ", (DWORD)ts);
} }
#endif #endif

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.h /* tls_wolfssl.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

184
IDE/ECLIPSE/DEOS/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h /* user_setting.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *
@@ -26,140 +26,75 @@
extern "C" { extern "C" {
#endif #endif
#if 0 #define WOLFSSL_DEOS
/* RTEMS */
#define WOLFSSL_DEOS_RTEMS
#include <stdio.h> /* You can select none or all of the following tests
#include <string.h> using #define instead of #undef.
#include <netinet/in.h> By default, all four tests run*/
#include <sys/socket.h>
#include <pthread.h>
#include <stdint.h>
#include <stddef.h> /* for size_t */
#include <stdlib.h> /* for malloc/free */
#if (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__) #undef NO_CRYPT_TEST
#define BIG_ENDIAN_ORDER #undef NO_CRYPT_BENCHMARK
#else #undef NO_WOLFSSL_CLIENT
#undef BIG_ENDIAN_ORDER #undef NO_WOLFSSL_SERVER
#define LITTLE_ENDIAN_ORDER
#endif
#else
/* DEOS Native */
#define WOLFSSL_DEOS
#include <deos.h>
#include <timeout.h>
#include <socketapi.h>
#include <lwip-socket.h>
#include <mem.h>
#include <string.h>
#include <stdlib.h> /* for rand_r: pseudo-random number generator */
#include <stdio.h> /* for snprintf */
#endif
/* Porting */
/* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC) /* adjust CURRENT_UNIX_TIMESTAMP to seconds since Jan 01 1970. (UTC)
You can get the current time from https://www.unixtimestamp.com/ */ You can get the current time from https://www.unixtimestamp.com/
#define CURRENT_UNIX_TIMESTAMP 1663020069 */
#define CURRENT_UNIX_TIMESTAMP 1545864916
#define BENCH_EMBEDDED /* use kB instead of mB for embedded benchmarking */ #define NO_FILESYSTEM
#define WOLFSSL_IGNORE_FILE_WARN /* ignore warning for include of files not required */
/* Math */
#define USE_FAST_MATH
#define FP_MAX_BITS (4096*2)
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
/* Wolf Single Precision Math */ /* prevents from including multiple definition of main() */
#undef WOLFSSL_SP #define NO_MAIN_DRIVER
#if 1 #define NO_TESTSUITE_MAIN_DRIVER
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_HAVE_SP_DH
#define WOLFSSL_HAVE_SP_ECC
#define WOLFSSL_SP_4096 /* Enable RSA/RH 4096-bit support */
#define WOLFSSL_SP_384 /* Enable ECC 384-bit SECP384R1 support */
#define WOLFSSL_SP_MATH /* only SP math - disables integer.c/tfm.c */ /* includes certificate test buffers via header files */
//#define WOLFSSL_SP_MATH_ALL /* use SP math for all key sizes and curves */ #define USE_CERT_BUFFERS_2048
#define WOLFSSL_SP_NO_MALLOC /*use kB instead of mB for embedded benchmarking*/
//#define WOLFSSL_SP_DIV_32 /* do not use 64-bit divides */ #define BENCH_EMBEDDED
/* use smaller version of code */ #define NO_WRITE_TEMP_FILES
#define WOLFSSL_SP_SMALL
#endif
/* Algorithms */
#undef NO_RSA
#undef NO_DH
#define WOLFSSL_DH_CONST
#define HAVE_ECC
#define ECC_USER_CURVES
#define HAVE_ECC384
#if 1
#define HAVE_CURVE25519
#define HAVE_ED25519
#define CURVED25519_SMALL
#endif
#undef NO_SHA
#undef NO_MD5
#undef NO_SHA256
#define HAVE_AESGCM #define HAVE_AESGCM
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512 #define WOLFSSL_SHA512
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519
#define ED25519_SMALL
/* TLS */ #define WOLFSSL_DTLS
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
//#define WOLFSSL_DTLS
//#define WOLFSSL_DTLS13
//#define WOLFSSL_NO_TLS12
/* TLS 1.3 */
#if 0 #if 0
/* TLS 1.3 */
#define WOLFSSL_TLS13 #define WOLFSSL_TLS13
#define WC_RSA_PSS #define WC_RSA_PSS
#define HAVE_HKDF #define HAVE_HKDF
#define HAVE_FFDHE_2048 #define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072 #define HAVE_AEAD
#define HAVE_FFDHE_4096
#endif #endif
/* wolfSentry */
#if 0 #if 0
#define WOLFSSL_WOLFSENTRY_HOOKS
#define HAVE_EX_DATA /* You can use your own custom random generator function with
#define HAVE_EX_DATA_CLEANUP_HOOKS no input parameters and a `CUSTOM_RAND_TYPE` return type*/
#ifndef CUSTOM_RAND_GENERATE
#define CUSTOM_RAND_TYPE int
#define CUSTOM_RAND_GENERATE yourRandGenFunc
#endif
#endif #endif
/* compatibility layer */ #if 1
#if 0 #undef XMALLOC_OVERRIDE
#define OPENSSL_EXTRA
#endif
/* Random */
#ifdef WOLFSSL_DEOS_RTEMS
extern int rtems_wolf_seed(unsigned char* output, unsigned int sz);
#define CUSTOM_RAND_GENERATE_SEED rtems_wolf_seed
#endif
/* custom heap handling */
#ifdef WOLFSSL_DEOS
#define WOLFSSL_NO_MALLOC
#define XMALLOC_OVERRIDE #define XMALLOC_OVERRIDE
/* prototypes for user heap override functions */ /* prototypes for user heap override functions */
#include <stddef.h> /* for size_t */
extern void *malloc_deos(size_t size); extern void *malloc_deos(size_t size);
extern void free_deos(void *ptr); extern void free_deos(void *ptr);
extern void *realloc_deos(void *ptr, size_t size); extern void *realloc_deos(void *ptr, size_t size);
@@ -167,40 +102,9 @@ You can get the current time from https://www.unixtimestamp.com/ */
#define XMALLOC(n, h, t) malloc_deos(n) #define XMALLOC(n, h, t) malloc_deos(n)
#define XFREE(p, h, t) free_deos(p) #define XFREE(p, h, t) free_deos(p)
#define XREALLOC(p, n, h, t) realloc_deos(p, n) #define XREALLOC(p, n, h, t) realloc_deos(p, n)
#endif #endif
#if 0
#define DEBUG_WOLFSSL
#endif
/* You can select none or all of the following tests
* using #define instead of #undef.
* By default, all four tests run*/
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK
#undef NO_WOLFSSL_CLIENT
#undef NO_WOLFSSL_SERVER
/* file system has not been ported since it is a separate product */
#define NO_FILESYSTEM
#define NO_WOLFSSL_DIR
#define NO_WRITEV
#define NO_WRITE_TEMP_FILES
/* disable old protocols and algorithms */
#define NO_OLD_TLS
#define NO_PSK
#define NO_DSA
#define NO_RC4
#define NO_MD4
#define NO_PWDBASED
/* prevents from including multiple definition of main() */
#define NO_MAIN_DRIVER
#define NO_TESTSUITE_MAIN_DRIVER
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

74
IDE/ECLIPSE/MICRIUM/README.md
View File

@@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the
4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL. 4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL.
5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm, aes_xts_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder. 5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths. 6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
Here's an example of the paths that must be added. Here's an example of the paths that must be added.
@@ -93,6 +93,8 @@ HMAC-SHA test passed!
HAC-SHA256 test passed! HAC-SHA256 test passed!
HMAC-SHA512 test passed! HMAC-SHA512 test passed!
GMC test passed! GMC test passed!
HC-128 test passed!
Rabbit test passed!
DS test passed! DS test passed!
DS3 test passed! DS3 test passed!
AES test passed! AES test passed!
@@ -118,41 +120,41 @@ memcb test passed!
wolfSSL version 3.15.5 wolfSSL version 3.15.5
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 225 KB took 1.026 seconds, 219.313 KB/s RNG 225 KB tooks 1.026 seconds, 219.313 KB/s
AES-128-CBC-enc 250 KB took 1.105 seconds 226.210 KB/s AES-128-CBC-enc 250 KB toks 1.105 seconds 226.210 KB/s
AES-128-CBC-dec 225 KB took 1.005 seconds, 223.922 KB/s AES-128-CBC-dec 225 KB tooks 1.005 seconds, 223.922 KB/s
AES-192-CBC-enc 225 KB took 1.076 seconds, 209.104 KB/s AES-192-CBC-enc 225 KB tooks 1.076 seconds, 209.104 KB/s
AES-192-CBC-dec 225 KB took 1.077 seconds, 208.981 K/s AES-192-CBC-dec 225 KB tooks 1.077 seconds, 208.981 K/s
AES-56-CBC-enc 200 KB took 1.029 seconds, 19.396 KB/s AES-56-CBC-enc 200 KB tooks 1.029 seconds, 19.396 KB/s
AES-256-CBC-dec 200 KB took 1.022 seconds, 195.785 KB/s AES-256-CBC-dec 200 KB toks 1.022 seconds, 195.785 KB/s
AES-128-GCM-enc 125 KB took 1.28 seconds, 101.70 KB/s AES-128-GCM-enc 125 KB tooks 1.28 secnds, 101.70 KB/s
AES-128-GC-dec 125 KB took 1.228 seconds 101.756 KB/s AES-128-GC-dec 125 KB tooks 1.228 seconds 101.756 KB/s
AES-192-GCM-enc 100 KB took 1.026 seconds, 97.493 KB/s AES-192-GCM-enc 100 KB tooks 1.026 seconds, 97.493 KB/s
AES-192-GCM-dec 100 KB took 1.026 seconds, 97.480 KB/s AES-192-GCM-dec 100 KB tooks 1.026 seconds, 97.480 KB/s
AES-256-GCM-enc 100 KB took 1.065 seconds, 93.909 KB/s AES-256-GCM-enc 100 KB tooks 1.065 seconds, 93.909 KB/s
AES-256-GC-dec 100 KB took 1.065 seconds, 93.897 KB/s AES-256-GC-dec 100 KB tooks 1.065 seconds, 93.897 KB/s
RABBIT 2 MB took 1.011 seconds, 2.19 MB/s RABBIT 2 MB tooks 1.011 seconds, 2.19 MB/s
3DES 100 KB took 1.007 seconds, 99.312 KB/s 3DES 100 KB tooks 1.007 sconds, 99.312 KB/s
MD5 3MB took 1.008 seconds, 2.907 MBs MD5 3MB tooks 1.008 seonds, 2.907 MBs
SHA 1 MB took 1.09 secends, 1.283 MB/s SHA 1 MB tooks 1.09 secnds, 1.283 MB/s
SHA-256 575 KB took 1.037 seconds, 554.501 KB/s SHA-256 575 KB tooks 1.037 seconds, 554.501 KB/s
SHA-512 200 KB took 1.003 seconds, 199.444 KB/s SHA-512 200 KB tooks 1.003 seconds, 199.444 KB/s
HMAC-MD5 3 B took 1.002 seconds, 2.876 MB/s HMAC-MD5 3 B tooks 1.002 seconds, 2.876 MB/s
HMAC-SHA26 550 KB took 1.000 seconds, 549.95 KB//s HMAC-SHA26 550 KB tooks 1.000 seconds, 549.95 KB//s
HMAC-SHA512 200 KB topk 1.018 seconds, 196.452 KB/s HMAC-SHA512 200 KB toks 1.018 seconds, 196.452 KB/s
RSA 2048 public 8 ops took 1.025 seconds, avg 128.135 ms, 7.804 ops/s RSA 2048 public 8 ops took 1.025 sec, avg 128.135 ms, 7.804 op/sec
RSA 2048 private 2 ops took 4.972 seconds, avg 2485.951 s, 0.402 ops/s RSA 2048 private 2 ops took 4.972 ec, avg 2485.951 s, 0.402 ops/sec
DH 2048 key en 2 ops took 1.927 seconds, avg 96.303 ms, 1.038 ops/s DH 2048 key en 2 ops took 1.927 sec, avg 96.303 ms, 1.038 op/sec
DH 2048 agree 2ops took 1.937 seconds, avg 968.578 ms, 1.032 ops/s DH 2048 agree 2ops took 1.937 sc, avg 968.578 ms, 1.032 ops/sec
ECC 256 key gen 3 ops took 1.185 seconds, avg 394.944 ms, 2.53 ops/s ECC 256 key gen 3 ops took 1.185 sec, avg 394.944 ms, 2.53 ops/sec
ECDHE 256 agree 4 ops took 1.585 seconds, avg 396.168 ms, 2.524 ops/s ECDHE 256 agree 4 ops took 1.585 sec, avg 396.168 ms, 2.524 ops/sec
ECSA 256 sign 4 ops took 1.611 seconds, avg 402.865 ms, 2.482 ops/s ECSA 256 sign 4 ops took 1.611 sec, avg 402.865 ms, 2.482 ops/sec
ECDSA 256verif 2 ops took 1.586 seconds, avg 793.153 ms, 1.261 ops/s ECDSA 256verif 2 ops tok 1.586 sec, avg 793.153 ms, 1.261 opssec
CURVE 25519 key gen 2 ops took 1.262 seconds, avg 630.907 ms, 1.585 ops/s CURVE 25519 key gen 2 ops took 1.262 sec, avg 630.907 ms, 1.585 ops/sec
CURE 25519 agree 2 ops took 1.261 seconds, avg630.469 ms, 1.586 ops/s CURE 25519 agree 2 ops took 1.261 sec, avg630.469 ms, 1.586 ops/sec
ED 2519 key gen 2 ops took 1.27 seconds, avg 66.099 ms, 1.572 ops/s ED 2519 key gen 2 ops took 1.27 sec, avg 66.099ms, 1.572 ops/sec
ED 25519 sign 2 ops took 1.303 seconds, ag 65.633 ms, 1.35 ops/s ED 25519 sign 2 ops took 1.303 sec, ag 65.633 ms, 1.35 op/sec
ED 25519 verify 2 ops took 2.674 seconds, avg1337.68 ms 0.748 ops/s ED 25519 verify 2 ops took 2.674 sec, avg1337.68 ms 0.748 ops/ec
``` ```
### `WOLFSSL_CLIENT_TEST` wolfssl_client_test() ### `WOLFSSL_CLIENT_TEST` wolfssl_client_test()

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.c /* client_wolfssl.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.h /* client_wolfssl.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.c /* server_wolfssl.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.h /* server_wolfssl.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h /* user_setting.h
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c /* wolfsslRunTests.c
* *
* Copyright (C) 2006-2023 wolfSSL Inc. * Copyright (C) 2006-2021 wolfSSL Inc.
* *
* This file is part of wolfSSL. * This file is part of wolfSSL.
* *

4
IDE/ECLIPSE/RTTHREAD/README.md
View File

@@ -93,6 +93,8 @@ HMAC-SHA512 test passed!
X963-KDF test passed! X963-KDF test passed!
GMAC test passed! GMAC test passed!
ARC4 test passed! ARC4 test passed!
HC-128 test passed!
Rabbit test passed!
DES test passed! DES test passed!
DES3 test passed! DES3 test passed!
AES test passed! AES test passed!
@@ -170,4 +172,4 @@ ED 25519 verify 2 ops took 1.000 sec, avg 500.000 ms, 2.000 ops/sec
## References ## References
For more information please contact info@wolfssl.com. For more information please contact info@wolfssl.com.

Some files were not shown because too many files have changed in this diff Show More