From 241a1ed3608db5de1884ed3277f66d540114e5ca Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Sat, 12 Apr 2025 15:38:37 +0200 Subject: [PATCH] Introduce and move new Arduino examples and configuration updates --- .wolfssl_known_macro_extras | 14 + IDE/ARDUINO/README.md | 17 +- IDE/ARDUINO/include.am | 24 +- IDE/ARDUINO/sketches/README.md | 51 +- IDE/ARDUINO/sketches/wolfssl_client/README.md | 10 +- .../wolfssl_client/wolfssl_client.ino | 903 ------------------ IDE/ARDUINO/sketches/wolfssl_server/README.md | 10 +- .../wolfssl_server/wolfssl_server.ino | 847 ---------------- .../sketches/wolfssl_version/README.md | 2 + .../wolfssl_version/wolfssl_version.ino | 55 -- IDE/ARDUINO/wolfssl-arduino.cpp | 33 + IDE/ARDUINO/wolfssl-arduino.sh | 80 +- IDE/ARDUINO/wolfssl.h | 14 +- examples/configs/user_settings_arduino.h | 34 +- src/internal.c | 182 ++-- src/tls13.c | 4 +- wolfssl/wolfcrypt/settings.h | 9 +- 17 files changed, 352 insertions(+), 1937 deletions(-) delete mode 100644 IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino delete mode 100644 IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino delete mode 100644 IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino create mode 100644 IDE/ARDUINO/wolfssl-arduino.cpp diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 02a135d76..c77a46658 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -9,9 +9,17 @@ APP_ESP_HTTP_CLIENT_EXAMPLE APSTUDIO_INVOKED ARCH_sim ARDUINO +ARDUINO_ARCH_ESP32 +ARDUINO_ARCH_ESP8266 +ARDUINO_ARCH_MBED +ARDUINO_ARCH_NRF52 ARDUINO_ARCH_RP2040 +ARDUINO_ARCH_SAMD +ARDUINO_ARCH_STM32 ARDUINO_SAMD_NANO_33_IOT ARDUINO_SAM_DUE +ARDUINO_SEEED_XIAO +ARDUINO_TEENSY41 ASN_DUMP_OID ASN_TEMPLATE_SKIP_ISCA_CHECK ATCAPRINTF @@ -176,6 +184,7 @@ ESP_IDF_VERSION_MAJOR ESP_IDF_VERSION_MINOR ESP_PLATFORM ESP_TASK_MAIN_STACK +ETHERNET_AVAILABLE EV_TRIGGER FP_ECC_CONTROL FREERTOS_TCP_WINSIM @@ -554,11 +563,13 @@ WC_SSIZE_TYPE WC_STRICT_SIG WC_WANT_FLAG_DONT_USE_AESNI WC_XMSS_FULL_HASH +WIFI_AVAILABLE WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE WOLFSENTRY_H WOLFSENTRY_NO_JSON WOLFSSL_32BIT_MILLI_TIME WOLFSSL_AARCH64_PRIVILEGE_MODE +WOLFSSL_AES_CTR_EXAMPLE WOLFSSL_AESNI_BY4 WOLFSSL_AESNI_BY6 WOLFSSL_AFTER_DATE_CLOCK_SKEW @@ -607,6 +618,7 @@ WOLFSSL_CHECK_DESKEY WOLFSSL_CHECK_MEM_ZERO WOLFSSL_CHIBIOS WOLFSSL_CLANG_TIDY +WOLFSSL_CLIENT_EXAMPLE WOLFSSL_COMMERCIAL_LICENSE WOLFSSL_CONTIKI WOLFSSL_CRL_ALLOW_MISSING_CDP @@ -780,6 +792,7 @@ WOLFSSL_SE050_INIT WOLFSSL_SE050_NO_RSA WOLFSSL_SE050_NO_TRNG WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT +WOLFSSL_SERVER_EXAMPLE WOLFSSL_SETTINGS_FILE WOLFSSL_SH224 WOLFSSL_SHA256_ALT_CH_MAJ @@ -797,6 +810,7 @@ WOLFSSL_STM32_RNG_NOLIB WOLFSSL_STRONGEST_HASH_SIG WOLFSSL_STSAFE_TAKES_SLOT WOLFSSL_TELIT_M2MB +WOLFSSL_TEMPLATE_EXAMPLE WOLFSSL_THREADED_CRYPT WOLFSSL_TICKET_DECRYPT_NO_CREATE WOLFSSL_TICKET_ENC_AES128_GCM diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md index 9a8934e44..8808b0e29 100644 --- a/IDE/ARDUINO/README.md +++ b/IDE/ARDUINO/README.md @@ -2,8 +2,19 @@ See the [example sketches](./sketches/README.md): -- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) -- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) +NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 + +Bare-bones templates: + +- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file. +- [sketches/template](./sketches/template/README.md) multiple file example. + +Functional examples: +- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt. +- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client. +- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server. + +Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files. When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script. @@ -62,7 +73,7 @@ from within the `wolfssl/IDE/ARDUINO` directory: 1. `./wolfssl-arduino.sh` - Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`. - - You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h). + - You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h). 2. `./wolfssl-arduino.sh INSTALL` (The most common option) - Creates an Arduino Library in the local `wolfSSL` directory diff --git a/IDE/ARDUINO/include.am b/IDE/ARDUINO/include.am index 52491a8b1..cf1695fab 100644 --- a/IDE/ARDUINO/include.am +++ b/IDE/ARDUINO/include.am @@ -2,16 +2,32 @@ # included from Top Level Makefile.am # All paths should be given relative to the root +# Library files: EXTRA_DIST+= IDE/ARDUINO/README.md + +# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md +# Not to be confused with the interim PREPENDED_README.md that is created by script. EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md + +# Core library files +EXTRA_DIST+= IDE/ARDUINO/wolfssl.h +EXTRA_DIST+= IDE/ARDUINO/wolfssl.h +EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp + EXTRA_DIST+= IDE/ARDUINO/keywords.txt EXTRA_DIST+= IDE/ARDUINO/library.properties.template + +# Sketch Examples EXTRA_DIST+= IDE/ARDUINO/sketches/README.md + +# wolfssl_client example sketch EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md -EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino + +# wolfssl_server example sketch EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md -EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino + +# wolfssl_version example sketch EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md -EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino -EXTRA_DIST+= IDE/ARDUINO/wolfssl.h + +# Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory. EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh diff --git a/IDE/ARDUINO/sketches/README.md b/IDE/ARDUINO/sketches/README.md index cc54fdd02..020331da5 100644 --- a/IDE/ARDUINO/sketches/README.md +++ b/IDE/ARDUINO/sketches/README.md @@ -1,15 +1,20 @@ # wolfSSL Arduino Examples -There are currently two example Arduino sketches: +There are currently five example Arduino sketches: -* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client. -* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server. +NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 + +* `template`: Reference template wolfSSL example, including optional VisualGDB project files. +* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example. +* `wolfssl_client`: Basic TLS listening client. +* `wolfssl_server`: Basic TLS server. +* `wolfssl_version`: Bare-bones wolfSSL example. Examples have been most recently confirmed operational on the [Arduino IDE](https://www.arduino.cc/en/software) 2.2.1. For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE). -Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). +Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/). ## Using wolfSSL @@ -20,7 +25,7 @@ The typical include will look something like this: /* wolfSSL user_settings.h must be included from settings.h * Make all configurations changes in user_settings.h - * Do not edit wolfSSL `settings.h` or `configh.h` files. + * Do not edit wolfSSL `settings.h` or `config.h` files. * Do not explicitly include user_settings.h in any source code. * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" * C/C++ source files can use: #include @@ -28,7 +33,43 @@ The typical include will look something like this: * The wolfSSL "settings.h" must appear before any other wolfSSL include. */ #include + +/* settings.h is typically included in wolfssl.h, but here as a reminder: */ +#include + +/* Any other wolfSSL includes follow:* #include ``` +## Configuring wolfSSL + +See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically: + +``` +C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src +``` + +WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE. + +## Troubleshooting + +If compile problems are encountered, for example: + +``` +ctags: cannot open temporary file : File exists +exit status 1 + +Compilation error: exit status 1 +``` + +Try deleting the Arduino cache directory: + +``` +C:\Users\%USERNAME%\AppData\Local\arduino\sketches +``` + +For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories. + +## More Information + For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md) diff --git a/IDE/ARDUINO/sketches/wolfssl_client/README.md b/IDE/ARDUINO/sketches/wolfssl_client/README.md index caf83c58e..1f114fcb9 100644 --- a/IDE/ARDUINO/sketches/wolfssl_client/README.md +++ b/IDE/ARDUINO/sketches/wolfssl_client/README.md @@ -1,6 +1,14 @@ # Arduino Basic TLS Listening Client -Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE. +Open the `wolfssl_client.ino` file in the Arduino IDE. + +NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 + +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. Other IDE products are also supported, such as: diff --git a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino b/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino deleted file mode 100644 index d6ef702e4..000000000 --- a/IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino +++ /dev/null @@ -1,903 +0,0 @@ -/* wolfssl_client.ino - * - * Copyright (C) 2006-2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* -Tested with: - -1) Intel Galileo acting as the Client, with a laptop acting as a server using - the server example provided in examples/server. - Legacy Arduino v1.86 was used to compile and program the Galileo - -2) Espressif ESP32 WiFi - -3) Arduino Due, Nano33 IoT, Nano RP-2040 -*/ - -/* - * Note to code editors: the Arduino client and server examples are edited in - * parallel for side-by-side comparison between examples. - */ - -/* If you have a private include, define it here, otherwise edit WiFi params */ -#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" - -/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ -#define REPEAT_CONNECTION 0 - -/* Edit this with your other TLS host server address to connect to: */ -#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39" - -/* wolfssl TLS examples communicate on port 11111 */ -#define WOLFSSL_PORT 11111 - -/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ -#define SERIAL_BAUD 115200 - -/* We'll wait up to 2000 milliseconds to properly shut down connection */ -#define SHUTDOWN_DELAY_MS 2000 - -/* Number of times to retry connection. */ -#define RECONNECT_ATTEMPTS 20 - -/* Optional stress test. Define to consume memory until exhausted: */ -/* #define MEMORY_STRESS_TEST */ - -/* Choose client or server example, not both. */ -#define WOLFSSL_CLIENT_EXAMPLE -/* #define WOLFSSL_SERVER_EXAMPLE */ - -#if defined(MY_PRIVATE_CONFIG) - /* the /workspace directory may contain a private config - * excluded from GitHub with items such as WiFi passwords */ - #include MY_PRIVATE_CONFIG - static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD; -#else - /* when using WiFi capable boards: */ - static const char* ssid PROGMEM = "your_SSID"; - static const char* password PROGMEM = "your_PASSWORD"; -#endif - -#define BROADCAST_ADDRESS "255.255.255.255" - -/* There's an optional 3rd party NTPClient library by Fabrice Weinberg. - * If it is installed, uncomment define USE_NTP_LIB here: */ -/* #define USE_NTP_LIB */ -#ifdef USE_NTP_LIB - #include -#endif - -/* wolfSSL user_settings.h must be included from settings.h - * Make all configurations changes in user_settings.h - * Do not edit wolfSSL `settings.h` or `config.h` files. - * Do not explicitly include user_settings.h in any source code. - * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" - * C/C++ source files can use: #include - * The wolfSSL "settings.h" must be included in each source file using wolfSSL. - * The wolfSSL "settings.h" must appear before any other wolfSSL include. - */ -#include -/* Important: make sure settings.h appears before any other wolfSSL headers */ -#include -/* Reminder: settings.h includes user_settings.h - * For ALL project wolfSSL settings, see: - * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */ -#include -#include -#include - -/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ -#if defined(DEBUG_WOLFSSL) - #define PROGRESS_DOT F("") -#else - #define PROGRESS_DOT F(".") -#endif - -/* Convert a macro to a string */ -#define xstr(x) str(x) -#define str(x) #x - -/* optional board-specific networking includes */ -#if defined(ESP32) - #define USING_WIFI - #include - #include - #ifdef USE_NTP_LIB - WiFiUDP ntpUDP; - #endif - /* Ensure the F() flash macro is defined */ - #ifndef F - #define F - #endif - WiFiClient client; - -#elif defined(ESP8266) - #define USING_WIFI - #include - WiFiClient client; - -#elif defined(ARDUINO_SAM_DUE) - #include - /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield. - /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ - #include - EthernetClient client; - -#elif defined(ARDUINO_SAMD_NANO_33_IOT) - #define USING_WIFI - #include - #include /* Needs Arduino WiFiNINA library installed manually */ - WiFiClient client; - -#elif defined(ARDUINO_ARCH_RP2040) - #define USING_WIFI - #include - #include - WiFiClient client; - -#elif defined(USING_WIFI) - #define USING_WIFI - #include - #include - #ifdef USE_NTP_LIB - WiFiUDP ntpUDP; - #endif - WiFiClient client; - -/* TODO -#elif defined(OTHER_BOARD) -*/ -#else - #define USING_WIFI - WiFiClient client; - -#endif - -/* Only for syntax highlighters to show interesting options enabled: */ -#if defined(HAVE_SNI) \ - || defined(HAVE_MAX_FRAGMENT) \ - || defined(HAVE_TRUSTED_CA) \ - || defined(HAVE_TRUNCATED_HMAC) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ - || defined(HAVE_SUPPORTED_CURVES) \ - || defined(HAVE_ALPN) \ - || defined(HAVE_SESSION_TICKET) \ - || defined(HAVE_SECURE_RENEGOTIATION) \ - || defined(HAVE_SERVER_RENEGOTIATION_INFO) -#endif - -static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */ -static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */ - -static WOLFSSL_CTX* ctx = NULL; -static WOLFSSL* ssl = NULL; -static char* wc_error_message = (char*)malloc(80 + 1); -static char errBuf[80]; - -#if defined(MEMORY_STRESS_TEST) - #define MEMORY_STRESS_ITERATIONS 100 - #define MEMORY_STRESS_BLOCK_SIZE 1024 - #define MEMORY_STRESS_INITIAL (4*1024) - static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */ - static int mem_ctr = 0; -#endif - -static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); -static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); -static int reconnect = RECONNECT_ATTEMPTS; -static int lng_index PROGMEM = 0; /* 0 = English */ - -#if defined(__arm__) - #include - extern char _end; - extern "C" char *sbrk(int i); - static char *ramstart=(char *)0x20070000; - static char *ramend=(char *)0x20088000; -#endif - -/*****************************************************************************/ -/* fail_wait - in case of unrecoverable error */ -/*****************************************************************************/ -int fail_wait(void) { - show_memory(); - - Serial.println(F("Failed. Halt.")); - while (1) { - delay(1000); - } - return 0; -} - -/*****************************************************************************/ -/* show_memory() to optionally view during debugging. */ -/*****************************************************************************/ -int show_memory(void) -{ -#if defined(__arm__) - struct mallinfo mi = mallinfo(); - - char *heapend=sbrk(0); - register char * stack_ptr asm("sp"); - #if defined(DEBUG_WOLFSSL_VERBOSE) - Serial.print(" arena="); - Serial.println(mi.arena); - Serial.print(" ordblks="); - Serial.println(mi.ordblks); - Serial.print(" uordblks="); - Serial.println(mi.uordblks); - Serial.print(" fordblks="); - Serial.println(mi.fordblks); - Serial.print(" keepcost="); - Serial.println(mi.keepcost); - #endif - - #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST) - Serial.print("Estimated free memory: "); - Serial.print(stack_ptr - heapend + mi.fordblks); - Serial.println(F(" bytes")); - #endif - - #if (0) - /* Experimental: not supported on all devices: */ - Serial.print("RAM Start %lx\n", (unsigned long)ramstart); - Serial.print("Data/Bss end %lx\n", (unsigned long)&_end); - Serial.print("Heap End %lx\n", (unsigned long)heapend); - Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr); - Serial.print("RAM End %lx\n", (unsigned long)ramend); - - Serial.print("Heap RAM Used: ",mi.uordblks); - Serial.print("Program RAM Used ",&_end - ramstart); - Serial.print("Stack RAM Used ",ramend - stack_ptr); - - Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks); - #endif -#else - Serial.println(F("show_memory() not implemented for this platform")); -#endif - return 0; -} - -/*****************************************************************************/ -/* EthernetSend() to send a message string. */ -/*****************************************************************************/ -int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) { - int sent = 0; - (void)ssl; - (void)ctx; - - sent = client.write((byte*)message, sz); - return sent; -} - -/*****************************************************************************/ -/* EthernetReceive() to receive a reply string. */ -/*****************************************************************************/ -int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) { - int ret = 0; - (void)ssl; - (void)ctx; - - while (client.available() > 0 && ret < sz) { - reply[ret++] = client.read(); - } - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_hardware() */ -/*****************************************************************************/ -int setup_hardware(void) { - int ret = 0; - -#if defined(ARDUINO_SAMD_NANO_33_IOT) - Serial.println(F("Detected known tested and working Arduino Nano 33 IoT")); -#elif defined(ARDUINO_ARCH_RP2040) - Serial.println(F("Detected known tested and working Arduino RP-2040")); -#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG) - /* need to manually turn on random number generator on Arduino Due, etc. */ - pmc_enable_periph_clk(ID_TRNG); - trng_enable(TRNG); - Serial.println(F("Enabled ARM TRNG")); -#endif - - show_memory(); - randomSeed(analogRead(0)); - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_datetime() */ -/* The device needs to have a valid date within the valid range of certs. */ -/*****************************************************************************/ -int setup_datetime(void) { - int ret = 0; - int ntp_tries = 20; - - /* we need a date in the range of cert expiration */ -#ifdef USE_NTP_LIB - #if defined(ESP32) - NTPClient timeClient(ntpUDP, "pool.ntp.org"); - - timeClient.begin(); - timeClient.update(); - delay(1000); - while (!timeClient.isTimeSet() && (ntp_tries > 0)) { - timeClient.forceUpdate(); - Serial.println(F("Waiting for NTP update")); - delay(2000); - ntp_tries--; - } - if (ntp_tries <= 0) { - Serial.println(F("Warning: gave up waiting on NTP")); - } - Serial.println(timeClient.getFormattedTime()); - Serial.println(timeClient.getEpochTime()); - #endif -#endif - -#if defined(ESP32) - /* see esp32-hal-time.c */ - ntp_tries = 5; - /* Replace "pool.ntp.org" with your preferred NTP server */ - configTime(0, 0, "pool.ntp.org"); - - /* Wait for time to be set */ - while ((time(nullptr) <= 100000) && ntp_tries > 0) { - Serial.println(F("Waiting for time to be set...")); - delay(2000); - ntp_tries--; - } -#endif - - return ret; -} /* setup_datetime */ - -/*****************************************************************************/ -/* Arduino setup_network() */ -/*****************************************************************************/ -int setup_network(void) { - int ret = 0; - -#if defined(USING_WIFI) - int status = WL_IDLE_STATUS; - - /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */ - #if defined(ESP8266) || defined(ESP32) - WiFi.mode(WIFI_STA); - #else - String fv; - if (WiFi.status() == WL_NO_MODULE) { - Serial.println("Communication with WiFi module failed!"); - /* don't continue if no network */ - while (true) ; - } - - fv = WiFi.firmwareVersion(); - if (fv < WIFI_FIRMWARE_LATEST_VERSION) { - Serial.println("Please upgrade the firmware"); - } - #endif - - Serial.print(F("Connecting to WiFi ")); - Serial.print(ssid); - status = WiFi.begin(ssid, password); - while (status != WL_CONNECTED) { - delay(1000); - Serial.print(F(".")); - Serial.print(status); - status = WiFi.status(); - } - - Serial.println(F(" Connected!")); -#else - /* Newer Ethernet shields have a - * MAC address printed on a sticker on the shield */ - byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; - IPAddress ip(192, 168, 1, 42); - IPAddress myDns(192, 168, 1, 1); - Ethernet.init(10); /* Most Arduino shields */ - /* Ethernet.init(5); * MKR ETH Shield */ - /* Ethernet.init(0); * Teensy 2.0 */ - /* Ethernet.init(20); * Teensy++ 2.0 */ - /* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */ - /* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */ - Serial.println(F("Initialize Ethernet with DHCP:")); - if (Ethernet.begin(mac) == 0) { - Serial.println(F("Failed to configure Ethernet using DHCP")); - /* Check for Ethernet hardware present */ - if (Ethernet.hardwareStatus() == EthernetNoHardware) { - Serial.println(F("Ethernet shield was not found.")); - while (true) { - delay(1); /* do nothing */ - } - } - if (Ethernet.linkStatus() == LinkOFF) { - Serial.println(F("Ethernet cable is not connected.")); - } - /* try to configure using IP address instead of DHCP : */ - Ethernet.begin(mac, ip, myDns); - } - else { - Serial.print(F(" DHCP assigned IP ")); - Serial.println(Ethernet.localIP()); - } - /* We'll assume the Ethernet connection is ready to go. */ -#endif - - Serial.println(F("********************************************************")); - Serial.print(F(" wolfSSL Example Client IP = ")); -#if defined(USING_WIFI) - Serial.println(WiFi.localIP()); -#else - Serial.println(Ethernet.localIP()); -#endif - Serial.print(F(" Configured Server Host to connect to: ")); - Serial.println(host); - Serial.println(F("********************************************************")); - Serial.println(F("Setup network complete.")); - - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_wolfssl() */ -/*****************************************************************************/ -int setup_wolfssl(void) { - int ret = 0; - WOLFSSL_METHOD* method; - - /* Show a revision of wolfssl user_settings.h file in use when available: */ -#if defined(WOLFSSL_USER_SETTINGS_ID) - Serial.print(F("WOLFSSL_USER_SETTINGS_ID: ")); - Serial.println(F(WOLFSSL_USER_SETTINGS_ID)); -#else - Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found.")); -#endif - -#if defined(NO_WOLFSSL_SERVER) - Serial.println(F("wolfSSL server code disabled to save space.")); -#endif -#if defined(NO_WOLFSSL_CLIENT) - Serial.println(F("wolfSSL client code disabled to save space.")); -#endif - -#if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); - Serial.println(F("wolfSSL Debugging is On!")); -#else - Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); -#endif - - /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */ -#if defined(NO_SESSION_CACHE) - Serial.println(F("wolfSSL TLS NO_SESSION_CACHE")); -#elif defined(MICRO_SESSION_CACHEx) - Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE")); -#elif defined(SMALL_SESSION_CACHE) - Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE")); -#elif defined(MEDIUM_SESSION_CACHE) - Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE")); -#elif defined(BIG_SESSION_CACHE) - Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE")); -#elif defined(HUGE_SESSION_CACHE) - Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); -#elif defined(HUGE_SESSION_CACHE) - Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); -#else - Serial.println(F("WARNING: Unknown or no TLS session cache setting.")); - /* See wolfssl/src/ssl.c for amount of memory used. - * It is best on embedded devices to choose a TLS session cache size. */ -#endif - - ret = wolfSSL_Init(); - if (ret == WOLFSSL_SUCCESS) { - Serial.println("Successfully called wolfSSL_Init"); - } - else { - Serial.println("ERROR: wolfSSL_Init failed"); - } - - /* See companion server example with wolfSSLv23_server_method here. - * method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3. - * method = wolfTLSv1_2_client_method(); only TLS 1.2 - * method = wolfTLSv1_3_client_method(); only TLS 1.3 - * - * see Arduino\libraries\wolfssl\src\user_settings.h */ - - Serial.println("Here we go!"); - - method = wolfSSLv23_client_method(); - if (method == NULL) { - Serial.println(F("unable to get wolfssl client method")); - fail_wait(); - } - ctx = wolfSSL_CTX_new(method); - if (ctx == NULL) { - Serial.println(F("unable to get ctx")); - fail_wait(); - } - - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_certificates() */ -/*****************************************************************************/ -int setup_certificates(void) { - int ret = 0; - - Serial.println(F("Initializing certificates...")); - show_memory(); - - /* Use built-in validation, No verification callback function: */ - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); - - /* Certificate */ - Serial.println("Initializing certificates..."); - ret = wolfSSL_CTX_use_certificate_buffer(ctx, - CTX_CLIENT_CERT, - CTX_CLIENT_CERT_SIZE, - CTX_CLIENT_CERT_TYPE); - if (ret == WOLFSSL_SUCCESS) { - Serial.print("Success: use certificate: "); - Serial.println(xstr(CTX_SERVER_CERT)); - } - else { - Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: ")); - wc_ErrorString(ret, wc_error_message); - Serial.println(wc_error_message); - fail_wait(); - } - - /* Setup private client key */ - ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, - CTX_CLIENT_KEY, - CTX_CLIENT_KEY_SIZE, - CTX_CLIENT_KEY_TYPE); - if (ret == WOLFSSL_SUCCESS) { - Serial.print("Success: use private key buffer: "); - Serial.println(xstr(CTX_SERVER_KEY)); - } - else { - Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ")); - wc_ErrorString(ret, wc_error_message); - Serial.println(wc_error_message); - fail_wait(); - } - - ret = wolfSSL_CTX_load_verify_buffer(ctx, - CTX_CA_CERT, - CTX_CA_CERT_SIZE, - CTX_CA_CERT_TYPE); - if (ret == WOLFSSL_SUCCESS) { - Serial.println(F("Success: load_verify CTX_CA_CERT")); - } - else { - Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: ")); - wc_ErrorString(ret, wc_error_message); - Serial.println(wc_error_message); - fail_wait(); - } - - - - return ret; -} /* Arduino setup */ - -/*****************************************************************************/ -/*****************************************************************************/ -/* Arduino setup() */ -/*****************************************************************************/ -/*****************************************************************************/ -void setup(void) { - int i = 0; - Serial.begin(SERIAL_BAUD); - while (!Serial && (i < 10)) { - /* wait for serial port to connect. Needed for native USB port only */ - delay(1000); - i++; - } - Serial.println(F("")); - Serial.println(F("")); - Serial.println(F("wolfSSL TLS Client Example Startup.")); - - /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */ -#if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); -#endif - - /* Optionally pre-allocate a large block of memory for testing */ -#if defined(MEMORY_STRESS_TEST) - Serial.println(F("WARNING: Memory Stress Test Active!")); - Serial.print(F("Allocating extra memory: ")); - Serial.print(MEMORY_STRESS_INITIAL); - Serial.println(F(" bytes...")); - memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL); - show_memory(); -#endif - - setup_hardware(); - - setup_network(); - - setup_datetime(); - - setup_wolfssl(); - - setup_certificates(); - - /* Initialize wolfSSL using callback functions. */ - wolfSSL_SetIOSend(ctx, EthernetSend); - wolfSSL_SetIORecv(ctx, EthernetReceive); - - Serial.println(F("Completed Arduino setup!")); - /* See companion wolfssl_server.ino code; server begins listening here - * https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server - * Any other server will work. See also: - * https://github.com/wolfSSL/wolfssl/tree/master/examples/client - */ - /* See companion wolfssl_server.ino code */ - return; -} /* Arduino setup */ - -/*****************************************************************************/ -/* wolfSSL error_check() */ -/*****************************************************************************/ -int error_check(int this_ret, bool halt_on_error, - const __FlashStringHelper* message) { - int ret = 0; - if (this_ret == WOLFSSL_SUCCESS) { - Serial.print(F("Success: ")); - Serial.println(message); - } - else { - Serial.print(F("ERROR: return = ")); - Serial.print(this_ret); - Serial.print(F(": ")); - Serial.println(message); - Serial.println(wc_GetErrorString(this_ret)); - if (halt_on_error) { - fail_wait(); - } - } - show_memory(); - - return ret; -} /* error_check */ - -/*****************************************************************************/ -/* wolfSSL error_check_ssl */ -/* Parameters: */ -/* ssl is the current WOLFSSL object pointer */ -/* halt_on_error set to true to suspend operations for critical error */ -/* message is expected to be a memory-efficient F("") macro string */ -/*****************************************************************************/ -int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, - const __FlashStringHelper* message) { - int err = 0; - - if (ssl == NULL) { - Serial.println(F("ssl is Null; Unable to allocate SSL object?")); -#ifndef DEBUG_WOLFSSL - Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more.")); -#else - Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes.")); -#endif - Serial.print(F("ERROR: ")); - Serial.println(message); - show_memory(); - if (halt_on_error) { - fail_wait(); - } - } - else { - err = wolfSSL_get_error(ssl, this_ret); - if (err == WOLFSSL_SUCCESS) { - Serial.print(F("Success m: ")); - Serial.println(message); - } - else { - if (err < 0) { - wolfSSL_ERR_error_string(err, errBuf); - Serial.print(F("WOLFSSL Error: ")); - Serial.print(err); - Serial.print(F("; ")); - Serial.println(errBuf); - } - else { - Serial.println(F("Success: ssl object.")); - } - } - } - - return err; -} - -/*****************************************************************************/ -/*****************************************************************************/ -/* Arduino loop() */ -/*****************************************************************************/ -/*****************************************************************************/ -void loop() { - char reply[80]; - char msg[32] = "hello wolfssl!"; - const char* cipherName; - int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */ - int total_input = 0; - int msgSz = 0; - int input = 0; - int ret = 0; - int err = 0; - msgSz = (int)strlen(msg); - Serial.println(F("")); - Serial.println(F("Starting Arduino loop() ...")); - - if (reconnect) { - reconnect--; - /* WiFi client returns true if connection succeeds, false if not. */ - /* Wired client returns int (1,-1,-2,-3,-4) for connection status. */ - Serial.print(F("Connecting to ")); - Serial.print(host); - Serial.print(F(":")); - Serial.println(port); - /* can also use: IPAddress server(192,168,1,37); */ - Serial.println(F("Here we go...")); - ret = client.connect(host, port); - Serial.println(F("Ok, checking...")); - if (ret > 0) { - Serial.println(F("Connected!")); - - /* initialize wolfSSL */ - ret = wolfSSL_Init(); - error_check(ret, false, F("calling wolfSSL_Init") ); - - /* create secure connection object. see setup for ctx certs. */ - Serial.println(F("Calling ssl = wolfSSL_new(ctx)")); - ssl = wolfSSL_new(ctx); - error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx")); - - Serial.print(F("Connecting to wolfSSL TLS Secure Server...")); - do { - err = 0; /* reset error */ - Serial.println(F("wolfSSL_connect ...")); - ret = wolfSSL_connect(ssl); - Serial.print("wolfSSL_connect return result ="); - Serial.println(ret); - if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) { - Serial.println(F("Failed connection, checking error.")); - err = error_check_ssl(ssl, ret, true, - F("Create WOLFSSL object from ctx")); - Serial.print("err ="); - Serial.println(err); - } - else { - Serial.print(PROGRESS_DOT); - } - } while (err == WC_PENDING_E); - - Serial.println(); - Serial.println(F("Connected!")); - Serial.print(F("SSL version is ")); - Serial.println(wolfSSL_get_version(ssl)); - - cipherName = wolfSSL_get_cipher(ssl); - Serial.print(F("SSL cipher suite is ")); - Serial.println(cipherName); - - /* see test.h - * TODO: test.h needs a little bit of Arduino work for these: - showPeerEx(ssl, lng_index); - showPeerPEM(ssl); - */ - - Serial.print(F("Sending secure message to server: ")); - Serial.println(msg); - ret = wolfSSL_write(ssl, msg, msgSz); - if (ret == msgSz) { - Serial.print(F("Waiting for Server response...")); - - while (!client.available()) { - /* wait for data */ - delay(1); /* 1 ms delay */ - } - - Serial.print(F("Reading response..")); - /* read data */ - do { - ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1); - if (ret < 0) { - error_check_ssl(ssl, ret, false, - F("during TLS Read")); - } - else { - Serial.print(PROGRESS_DOT); - } - } while (err == WC_PENDING_E); - Serial.println(); - - Serial.println(); - Serial.println(reply); /* typically: I hear you fa shizzle! */ - Serial.println(); - - } /* wolfSSL_write message size matched */ - else { - error_check_ssl(ssl, ret, false, - F("during TLS Write")); - } /* any wolfSSL_write message size mismatch is an error */ - - Serial.print(F("Shutting down..")); - do { - delay(1); - Serial.print(PROGRESS_DOT); - retry_shutdown--; - ret = wolfSSL_shutdown(ssl); - } while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE) - && (retry_shutdown > 0) - ); /* There may be pending data, so wait until done. */ - Serial.println(); - - if (retry_shutdown <= 0) { - /* if wolfSSL_free is called before properly shutting down the - * ssl object, undesired results may occur. */ - Serial.println(F("Warning! Shutdown did not properly complete.")); - } - - wolfSSL_free(ssl); - client.stop(); - Serial.println(F("Connection complete.")); - if (REPEAT_CONNECTION) { - reconnect = RECONNECT_ATTEMPTS; - } - else { - reconnect = 0; - } - } /* client.connect(host, port) */ - else { - Serial.println(F("Problem sending message. Trying to reconnect...")); - } - } - delay(1000); - if ((reconnect > 0) && (REPEAT_CONNECTION)) { - Serial.println(F("Arduino loop repeating...")); - Serial.println(); - } - else { - printf("wow"); - Serial.println(F("Done!")); - while(1) { - /* wait forever */ - } - } - -#if defined(MEMORY_STRESS_TEST) - if (mem_ctr < MEMORY_STRESS_ITERATIONS) { - /* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */ - mem_ctr++; - Serial.print(F("Memory stress increment: ")); - Serial.print(mem_ctr); - Serial.print(F(". Allocating addition memory (bytes): ")); - Serial.println(MEMORY_STRESS_BLOCK_SIZE); - memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE); - show_memory(); - } -#endif -} /* Arduino loop repeats */ diff --git a/IDE/ARDUINO/sketches/wolfssl_server/README.md b/IDE/ARDUINO/sketches/wolfssl_server/README.md index a7073573b..ecad3f0c5 100644 --- a/IDE/ARDUINO/sketches/wolfssl_server/README.md +++ b/IDE/ARDUINO/sketches/wolfssl_server/README.md @@ -1,6 +1,14 @@ # Arduino Basic TLS Server -Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE. +Open the `wolfssl_server.ino` file in the Arduino IDE. + +NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 + +If using WiFi, be sure to set `ssid` and `password` values. + +May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1. + +See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address. Other IDE products are also supported, such as: diff --git a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino b/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino deleted file mode 100644 index e87a50f2b..000000000 --- a/IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino +++ /dev/null @@ -1,847 +0,0 @@ -/* wolfssl_server.ino - * - * Copyright (C) 2006-2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/* -Tested with: - -1) Intel Galileo acting as the Client, with a laptop acting as a server using - the server example provided in examples/server. - Legacy Arduino v1.86 was used to compile and program the Galileo - -2) Espressif ESP32 WiFi - -3) Arduino Due, Nano33 IoT, Nano RP-2040 -*/ - -/* - * Note to code editors: the Arduino client and server examples are edited in - * parallel for side-by-side comparison between examples. - */ - -/* If you have a private include, define it here, otherwise edit WiFi params */ -#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h" - -/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */ -#define REPEAT_CONNECTION 1 - -/* Edit this with your other TLS host server address to connect to: */ -/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */ - -/* wolfssl TLS examples communicate on port 11111 */ -#define WOLFSSL_PORT 11111 - -/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ -#define SERIAL_BAUD 115200 - -/* We'll wait up to 2000 milliseconds to properly shut down connection */ -#define SHUTDOWN_DELAY_MS 2000 - -/* Number of times to retry connection. */ -#define RECONNECT_ATTEMPTS 20 - -/* Optional stress test. Define to consume memory until exhausted: */ -/* #define MEMORY_STRESS_TEST */ - -/* Choose client or server example, not both. */ -/* #define WOLFSSL_CLIENT_EXAMPLE */ -#define WOLFSSL_SERVER_EXAMPLE - -#if defined(MY_PRIVATE_CONFIG) - /* the /workspace directory may contain a private config - * excluded from GitHub with items such as WiFi passwords */ - #include MY_PRIVATE_CONFIG - static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID; - static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD; -#else - /* when using WiFi capable boards: */ - static const char* ssid PROGMEM = "your_SSID"; - static const char* password PROGMEM = "your_PASSWORD"; -#endif - -#define BROADCAST_ADDRESS "255.255.255.255" - -/* There's an optional 3rd party NTPClient library by Fabrice Weinberg. - * If it is installed, uncomment define USE_NTP_LIB here: */ -/* #define USE_NTP_LIB */ -#ifdef USE_NTP_LIB - #include -#endif - -/* wolfSSL user_settings.h must be included from settings.h - * Make all configurations changes in user_settings.h - * Do not edit wolfSSL `settings.h` or `config.h` files. - * Do not explicitly include user_settings.h in any source code. - * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" - * C/C++ source files can use: #include - * The wolfSSL "settings.h" must be included in each source file using wolfSSL. - * The wolfSSL "settings.h" must appear before any other wolfSSL include. - */ -#include -/* Important: make sure settings.h appears before any other wolfSSL headers */ -#include -/* Reminder: settings.h includes user_settings.h - * For ALL project wolfSSL settings, see: - * [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */ -#include -#include -#include - -/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */ -#if defined(DEBUG_WOLFSSL) - #define PROGRESS_DOT F("") -#else - #define PROGRESS_DOT F(".") -#endif - -/* Convert a macro to a string */ -#define xstr(x) str(x) -#define str(x) #x - -/* optional board-specific networking includes */ -#if defined(ESP32) - #define USING_WIFI - #include - #include - #ifdef USE_NTP_LIB - WiFiUDP ntpUDP; - #endif - /* Ensure the F() flash macro is defined */ - #ifndef F - #define F - #endif - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -#elif defined(ESP8266) - #define USING_WIFI - #include - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -#elif defined(ARDUINO_SAM_DUE) - #include - /* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield. - /* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */ - #include - EthernetClient client; - EthernetClient server(WOLFSSL_PORT); -#elif defined(ARDUINO_SAMD_NANO_33_IOT) - #define USING_WIFI - #include - #include /* Needs Arduino WiFiNINA library installed manually */ - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -#elif defined(ARDUINO_ARCH_RP2040) - #define USING_WIFI - #include - #include - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -#elif defined(USING_WIFI) - #define USING_WIFI - #include - #include - #ifdef USE_NTP_LIB - WiFiUDP ntpUDP; - #endif - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -/* TODO -#elif defined(OTHER_BOARD) -*/ -#else - #define USING_WIFI - WiFiClient client; - WiFiServer server(WOLFSSL_PORT); -#endif - -/* Only for syntax highlighters to show interesting options enabled: */ -#if defined(HAVE_SNI) \ - || defined(HAVE_MAX_FRAGMENT) \ - || defined(HAVE_TRUSTED_CA) \ - || defined(HAVE_TRUNCATED_HMAC) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \ - || defined(HAVE_SUPPORTED_CURVES) \ - || defined(HAVE_ALPN) \ - || defined(HAVE_SESSION_TICKET) \ - || defined(HAVE_SECURE_RENEGOTIATION) \ - || defined(HAVE_SERVER_RENEGOTIATION_INFO) -#endif - - -/* we expect our IP address from DHCP */ - -static WOLFSSL_CTX* ctx = NULL; -static WOLFSSL* ssl = NULL; -static char* wc_error_message = (char*)malloc(80 + 1); -static char errBuf[80]; - -#if defined(MEMORY_STRESS_TEST) - #define MEMORY_STRESS_ITERATIONS 100 - #define MEMORY_STRESS_BLOCK_SIZE 1024 - #define MEMORY_STRESS_INITIAL (4*1024) - static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */ - static int mem_ctr = 0; -#endif - -static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); -static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx); -static int reconnect = RECONNECT_ATTEMPTS; -static int lng_index PROGMEM = 0; /* 0 = English */ - -#if defined(__arm__) - #include - extern char _end; - extern "C" char *sbrk(int i); - static char *ramstart=(char *)0x20070000; - static char *ramend=(char *)0x20088000; -#endif - -/*****************************************************************************/ -/* fail_wait - in case of unrecoverable error */ -/*****************************************************************************/ -int fail_wait(void) { - show_memory(); - - Serial.println(F("Failed. Halt.")); - while (1) { - delay(1000); - } - return 0; -} - -/*****************************************************************************/ -/* show_memory() to optionally view during debugging. */ -/*****************************************************************************/ -int show_memory(void) -{ -#if defined(__arm__) - struct mallinfo mi = mallinfo(); - - char *heapend=sbrk(0); - register char * stack_ptr asm("sp"); - #if defined(DEBUG_WOLFSSL_VERBOSE) - Serial.print(" arena="); - Serial.println(mi.arena); - Serial.print(" ordblks="); - Serial.println(mi.ordblks); - Serial.print(" uordblks="); - Serial.println(mi.uordblks); - Serial.print(" fordblks="); - Serial.println(mi.fordblks); - Serial.print(" keepcost="); - Serial.println(mi.keepcost); - #endif - - #if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST) - Serial.print("Estimated free memory: "); - Serial.print(stack_ptr - heapend + mi.fordblks); - Serial.println(F(" bytes")); - #endif - - #if (0) - /* Experimental: not supported on all devices: */ - Serial.print("RAM Start %lx\n", (unsigned long)ramstart); - Serial.print("Data/Bss end %lx\n", (unsigned long)&_end); - Serial.print("Heap End %lx\n", (unsigned long)heapend); - Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr); - Serial.print("RAM End %lx\n", (unsigned long)ramend); - - Serial.print("Heap RAM Used: ",mi.uordblks); - Serial.print("Program RAM Used ",&_end - ramstart); - Serial.print("Stack RAM Used ",ramend - stack_ptr); - - Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks); - #endif -#else - Serial.println(F("show_memory() not implemented for this platform")); -#endif - return 0; -} - -/*****************************************************************************/ -/* EthernetSend() to send a message string. */ -/*****************************************************************************/ -int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) { - int sent = 0; - (void)ssl; - (void)ctx; - - sent = client.write((byte*)message, sz); - return sent; -} - -/*****************************************************************************/ -/* EthernetReceive() to receive a reply string. */ -/*****************************************************************************/ -int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) { - int ret = 0; - (void)ssl; - (void)ctx; - - while (client.available() > 0 && ret < sz) { - reply[ret++] = client.read(); - } - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_hardware() */ -/*****************************************************************************/ -int setup_hardware(void) { - int ret = 0; - -#if defined(ARDUINO_SAMD_NANO_33_IOT) - Serial.println(F("Detected known tested and working Arduino Nano 33 IoT")); -#elif defined(ARDUINO_ARCH_RP2040) - Serial.println(F("Detected known tested and working Arduino RP-2040")); -#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG) - /* need to manually turn on random number generator on Arduino Due, etc. */ - pmc_enable_periph_clk(ID_TRNG); - trng_enable(TRNG); - Serial.println(F("Enabled ARM TRNG")); -#endif - - show_memory(); - randomSeed(analogRead(0)); - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_datetime() */ -/* The device needs to have a valid date within the valid range of certs. */ -/*****************************************************************************/ -int setup_datetime(void) { - int ret = 0; - int ntp_tries = 20; - - /* we need a date in the range of cert expiration */ -#ifdef USE_NTP_LIB - #if defined(ESP32) - NTPClient timeClient(ntpUDP, "pool.ntp.org"); - - timeClient.begin(); - timeClient.update(); - delay(1000); - while (!timeClient.isTimeSet() && (ntp_tries > 0)) { - timeClient.forceUpdate(); - Serial.println(F("Waiting for NTP update")); - delay(2000); - ntp_tries--; - } - if (ntp_tries <= 0) { - Serial.println(F("Warning: gave up waiting on NTP")); - } - Serial.println(timeClient.getFormattedTime()); - Serial.println(timeClient.getEpochTime()); - #endif -#endif - -#if defined(ESP32) - /* see esp32-hal-time.c */ - ntp_tries = 5; - /* Replace "pool.ntp.org" with your preferred NTP server */ - configTime(0, 0, "pool.ntp.org"); - - /* Wait for time to be set */ - while ((time(nullptr) <= 100000) && ntp_tries > 0) { - Serial.println(F("Waiting for time to be set...")); - delay(2000); - ntp_tries--; - } -#endif - - return ret; -} /* setup_datetime */ - -/*****************************************************************************/ -/* Arduino setup_network() */ -/*****************************************************************************/ -int setup_network(void) { - int ret = 0; - -#if defined(USING_WIFI) - int status = WL_IDLE_STATUS; - - /* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */ - #if defined(ESP8266) || defined(ESP32) - WiFi.mode(WIFI_STA); - #else - String fv; - if (WiFi.status() == WL_NO_MODULE) { - Serial.println("Communication with WiFi module failed!"); - /* don't continue if no network */ - while (true) ; - } - - fv = WiFi.firmwareVersion(); - if (fv < WIFI_FIRMWARE_LATEST_VERSION) { - Serial.println("Please upgrade the firmware"); - } - #endif - - Serial.print(F("Connecting to WiFi ")); - Serial.print(ssid); - status = WiFi.begin(ssid, password); - while (status != WL_CONNECTED) { - delay(1000); - Serial.print(F(".")); - Serial.print(status); - status = WiFi.status(); - } - - Serial.println(F(" Connected!")); -#else - /* Newer Ethernet shields have a - * MAC address printed on a sticker on the shield */ - byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED }; - IPAddress ip(192, 168, 1, 42); - IPAddress myDns(192, 168, 1, 1); - Ethernet.init(10); /* Most Arduino shields */ - /* Ethernet.init(5); * MKR ETH Shield */ - /* Ethernet.init(0); * Teensy 2.0 */ - /* Ethernet.init(20); * Teensy++ 2.0 */ - /* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */ - /* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */ - Serial.println(F("Initialize Ethernet with DHCP:")); - if (Ethernet.begin(mac) == 0) { - Serial.println(F("Failed to configure Ethernet using DHCP")); - /* Check for Ethernet hardware present */ - if (Ethernet.hardwareStatus() == EthernetNoHardware) { - Serial.println(F("Ethernet shield was not found.")); - while (true) { - delay(1); /* do nothing */ - } - } - if (Ethernet.linkStatus() == LinkOFF) { - Serial.println(F("Ethernet cable is not connected.")); - } - /* try to configure using IP address instead of DHCP : */ - Ethernet.begin(mac, ip, myDns); - } - else { - Serial.print(F(" DHCP assigned IP ")); - Serial.println(Ethernet.localIP()); - } - /* We'll assume the Ethernet connection is ready to go. */ -#endif - - Serial.println(F("********************************************************")); - Serial.print(F(" wolfSSL Example Server IP = ")); -#if defined(USING_WIFI) - Serial.println(WiFi.localIP()); -#else - Serial.println(Ethernet.localIP()); -#endif - /* In server mode, there's no host definition. */ - /* See companion example: wolfssl_client.ino */ - Serial.println(F("********************************************************")); - Serial.println(F("Setup network complete.")); - - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_wolfssl() */ -/*****************************************************************************/ -int setup_wolfssl(void) { - int ret = 0; - WOLFSSL_METHOD* method; - - /* Show a revision of wolfssl user_settings.h file in use when available: */ -#if defined(WOLFSSL_USER_SETTINGS_ID) - Serial.print(F("WOLFSSL_USER_SETTINGS_ID: ")); - Serial.println(F(WOLFSSL_USER_SETTINGS_ID)); -#else - Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found.")); -#endif - -#if defined(NO_WOLFSSL_SERVER) - Serial.println(F("wolfSSL server code disabled to save space.")); -#endif -#if defined(NO_WOLFSSL_CLIENT) - Serial.println(F("wolfSSL client code disabled to save space.")); -#endif - -#if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); - Serial.println(F("wolfSSL Debugging is On!")); -#else - Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)")); -#endif - - /* See ssl.c for TLS cache settings. Larger cache = use more RAM. */ -#if defined(NO_SESSION_CACHE) - Serial.println(F("wolfSSL TLS NO_SESSION_CACHE")); -#elif defined(MICRO_SESSION_CACHEx) - Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE")); -#elif defined(SMALL_SESSION_CACHE) - Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE")); -#elif defined(MEDIUM_SESSION_CACHE) - Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE")); -#elif defined(BIG_SESSION_CACHE) - Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE")); -#elif defined(HUGE_SESSION_CACHE) - Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); -#elif defined(HUGE_SESSION_CACHE) - Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE")); -#else - Serial.println(F("WARNING: Unknown or no TLS session cache setting.")); - /* See wolfssl/src/ssl.c for amount of memory used. - * It is best on embedded devices to choose a TLS session cache size. */ -#endif - - ret = wolfSSL_Init(); - if (ret == WOLFSSL_SUCCESS) { - Serial.println("Successfully called wolfSSL_Init"); - } - else { - Serial.println("ERROR: wolfSSL_Init failed"); - } - - /* See companion server example with wolfSSLv23_server_method here. - * method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3. - * method = wolfTLSv1_2_client_method(); only TLS 1.2 - * method = wolfTLSv1_3_client_method(); only TLS 1.3 - * - * see Arduino\libraries\wolfssl\src\user_settings.h */ - - Serial.println("Here we go!"); - - method = wolfSSLv23_server_method(); - if (method == NULL) { - Serial.println(F("unable to get wolfssl server method")); - fail_wait(); - } - ctx = wolfSSL_CTX_new(method); - if (ctx == NULL) { - Serial.println(F("unable to get ctx")); - fail_wait(); - } - - return ret; -} - -/*****************************************************************************/ -/* Arduino setup_certificates() */ -/*****************************************************************************/ -int setup_certificates(void) { - int ret = 0; - - Serial.println(F("Initializing certificates...")); - show_memory(); - - /* Use built-in validation, No verification callback function: */ - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - - /* Certificate */ - Serial.println("Initializing certificates..."); - ret = wolfSSL_CTX_use_certificate_buffer(ctx, - CTX_SERVER_CERT, - CTX_SERVER_CERT_SIZE, - CTX_CA_CERT_TYPE); - if (ret == WOLFSSL_SUCCESS) { - Serial.print("Success: use certificate: "); - Serial.println(xstr(CTX_SERVER_CERT)); - } - else { - Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: "); - wc_ErrorString(ret, wc_error_message); - Serial.println(wc_error_message); - fail_wait(); - } - - /* Setup private server key */ - ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, - CTX_SERVER_KEY, - CTX_SERVER_KEY_SIZE, - CTX_SERVER_KEY_TYPE); - if (ret == WOLFSSL_SUCCESS) { - Serial.print("Success: use private key buffer: "); - Serial.println(xstr(CTX_SERVER_KEY)); - } - else { - Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "); - wc_ErrorString(ret, wc_error_message); - Serial.println(wc_error_message); - fail_wait(); - } - - return ret; -} /* Arduino setup */ - -/*****************************************************************************/ -/*****************************************************************************/ -/* Arduino setup() */ -/*****************************************************************************/ -/*****************************************************************************/ -void setup(void) { - int i = 0; - Serial.begin(SERIAL_BAUD); - while (!Serial && (i < 10)) { - /* wait for serial port to connect. Needed for native USB port only */ - delay(1000); - i++; - } - - Serial.println(F("")); - Serial.println(F("")); - Serial.println(F("wolfSSL TLS Server Example Startup.")); - - /* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */ -#if defined(DEBUG_WOLFSSL) - wolfSSL_Debugging_ON(); -#endif - - /* Optionally pre-allocate a large block of memory for testing */ -#if defined(MEMORY_STRESS_TEST) - Serial.println(F("WARNING: Memory Stress Test Active!")); - Serial.print(F("Allocating extra memory: ")); - Serial.print(MEMORY_STRESS_INITIAL); - Serial.println(F(" bytes...")); - memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL); - show_memory(); -#endif - - setup_hardware(); - - setup_network(); - - setup_datetime(); - - setup_wolfssl(); - - setup_certificates(); - - /* Initialize wolfSSL using callback functions. */ - wolfSSL_SetIOSend(ctx, EthernetSend); - wolfSSL_SetIORecv(ctx, EthernetReceive); - -#if defined THIS_USER_SETTINGS_VERSION - Serial.print(F("This user_settings.h version:")) - Serial.println(THIS_USER_SETTINGS_VERSION) -#endif - - /* Start the server - * See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/ - */ - - Serial.println(F("Completed Arduino setup()")); - - server.begin(); - Serial.println("Begin Server... (waiting for remote client to connect)"); - - /* See companion wolfssl_client.ino code */ - return; -} /* Arduino setup */ - -/*****************************************************************************/ -/* wolfSSL error_check() */ -/*****************************************************************************/ -int error_check(int this_ret, bool halt_on_error, - const __FlashStringHelper* message) { - int ret = 0; - if (this_ret == WOLFSSL_SUCCESS) { - Serial.print(F("Success: ")); - Serial.println(message); - } - else { - Serial.print(F("ERROR: return = ")); - Serial.print(this_ret); - Serial.print(F(": ")); - Serial.println(message); - Serial.println(wc_GetErrorString(this_ret)); - if (halt_on_error) { - fail_wait(); - } - } - show_memory(); - - return ret; -} /* error_check */ - -/*****************************************************************************/ -/* wolfSSL error_check_ssl */ -/* Parameters: */ -/* ssl is the current WOLFSSL object pointer */ -/* halt_on_error set to true to suspend operations for critical error */ -/* message is expected to be a memory-efficient F("") macro string */ -/*****************************************************************************/ -int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error, - const __FlashStringHelper* message) { - int err = 0; - - if (ssl == NULL) { - Serial.println(F("ssl is Null; Unable to allocate SSL object?")); -#ifndef DEBUG_WOLFSSL - Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more.")); -#else - Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes.")); -#endif - Serial.print(F("ERROR: ")); - Serial.println(message); - show_memory(); - if (halt_on_error) { - fail_wait(); - } - } - else { - err = wolfSSL_get_error(ssl, this_ret); - if (err == WOLFSSL_SUCCESS) { - Serial.print(F("Success m: ")); - Serial.println(message); - } - else { - if (err < 0) { - wolfSSL_ERR_error_string(err, errBuf); - Serial.print(F("WOLFSSL Error: ")); - Serial.print(err); - Serial.print(F("; ")); - Serial.println(errBuf); - } - else { - Serial.println(F("Success: ssl object.")); - } - } - } - - return err; -} - -/*****************************************************************************/ -/*****************************************************************************/ -/* Arduino loop() */ -/*****************************************************************************/ -/*****************************************************************************/ -void loop() { - char errBuf[80] = "(no error"; - char reply[80] = "(no reply)"; - const char msg[] = "I hear you fa shizzle!"; - const char* cipherName; - int input = 0; - int replySz = 0; - int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */ - int ret = 0; - IPAddress broadcast_address(255, 255, 255, 255); - - /* Listen for incoming client requests. */ - client = server.available(); - if (client) { - Serial.println("Have Client"); - while (!client.connected()) { - /* wait for the client to actually connect */ - delay(10); - } - Serial.print("Client connected from remote IP: "); - Serial.println(client.remoteIP()); - - ssl = wolfSSL_new(ctx); - if (ssl == NULL) { - Serial.println("Unable to allocate SSL object"); - fail_wait(); - } - - ret = wolfSSL_accept(ssl); - if (ret != WOLFSSL_SUCCESS) { - ret = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(ret, errBuf); - Serial.print("TLS Accept Error: "); - Serial.println(errBuf); - } - - cipherName = wolfSSL_get_cipher(ssl); - Serial.print("SSL cipher suite is "); - Serial.println(cipherName); - - Serial.print("Server Read: "); - while (!client.available()) { - /* wait for data */ - } - - /* read data */ - while (wolfSSL_pending(ssl)) { - input = wolfSSL_read(ssl, reply, sizeof(reply) - 1); - if (input < 0) { - ret = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(ret, errBuf); - Serial.print("TLS Read Error: "); - Serial.println(errBuf); - break; - } - else if (input > 0) { - replySz = input; - reply[input] = '\0'; - Serial.print(reply); - } - else { - Serial.println(""); - } - } - - /* Write our message into reply buffer to send */ - memset(reply, 0, sizeof(reply)); - memcpy(reply, msg, sizeof(msg)); - replySz = strnlen(reply, sizeof(reply)); - - Serial.println("Sending reply..."); - if ((wolfSSL_write(ssl, reply, replySz)) != replySz) { - ret = wolfSSL_get_error(ssl, 0); - wolfSSL_ERR_error_string(ret, errBuf); - Serial.print("TLS Write Error: "); - Serial.println(errBuf); - } - else { - Serial.println("Reply sent!"); - } - - Serial.println("Shutdown!"); - do { - delay(1); - retry_shutdown--; - ret = wolfSSL_shutdown(ssl); - } while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0)); - - if (retry_shutdown <= 0) { - /* if wolfSSL_free is called before properly shutting down the - * ssl object, undesired results may occur. */ - Serial.println("Warning! Shutdown did not properly complete."); - } - - wolfSSL_free(ssl); - Serial.println("Connection complete."); - if (REPEAT_CONNECTION) { - Serial.println(); - Serial.println("Waiting for next connection."); - } - else { - client.stop(); - Serial.println("Done!"); - while (1) { - /* wait forever if not repeating */ - delay(100); - } - } - } - else { - /* Serial.println("Client not connected. Trying again..."); */ - } - - delay(100); -} /* Arduino loop repeats */ diff --git a/IDE/ARDUINO/sketches/wolfssl_version/README.md b/IDE/ARDUINO/sketches/wolfssl_version/README.md index 3abfe8299..16230049f 100644 --- a/IDE/ARDUINO/sketches/wolfssl_version/README.md +++ b/IDE/ARDUINO/sketches/wolfssl_version/README.md @@ -1,3 +1,5 @@ # Arduino Basic Hello World This example simply compiles in wolfSSL and shows the current version number. + +NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499 diff --git a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino b/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino deleted file mode 100644 index a2f13fecc..000000000 --- a/IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino +++ /dev/null @@ -1,55 +0,0 @@ -/* wolfssl_server.ino - * - * Copyright (C) 2006-2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -#include - - /* wolfSSL user_settings.h must be included from settings.h - * Make all configurations changes in user_settings.h - * Do not edit wolfSSL `settings.h` or `config.h` files. - * Do not explicitly include user_settings.h in any source code. - * Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h" - * C/C++ source files can use: #include - * The wolfSSL "settings.h" must be included in each source file using wolfSSL. - * The wolfSSL "settings.h" must appear before any other wolfSSL include. - */ -#include -#include - -/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */ -#define SERIAL_BAUD 115200 - -/* Arduino setup */ -void setup() { - Serial.begin(SERIAL_BAUD); - while (!Serial) { - /* wait for serial port to connect. Needed for native USB port only */ - } - Serial.println(F("")); - Serial.println(F("")); - Serial.println(F("wolfSSL setup complete!")); -} - -/* Arduino main application loop. */ -void loop() { - Serial.print("wolfSSL Version: "); - Serial.println(LIBWOLFSSL_VERSION_STRING); - delay(60000); -} diff --git a/IDE/ARDUINO/wolfssl-arduino.cpp b/IDE/ARDUINO/wolfssl-arduino.cpp new file mode 100644 index 000000000..3d3c78735 --- /dev/null +++ b/IDE/ARDUINO/wolfssl-arduino.cpp @@ -0,0 +1,33 @@ +/* wolfssl-arduino.cpp + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include "wolfssl.h" + +/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages. + * See wolfssl/wolfcrypt/logging.c */ + +int wolfSSL_Arduino_Serial_Print(const char* const s) +{ + /* Reminder: Serial.print is only available in C++ */ + Serial.println(F(s)); + return 0; +}; diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index 63dcf4cc1..0b9a3f32d 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -70,6 +70,9 @@ if [ "$ROOT_DIR" = "" ]; then exit 1 fi + +ARDUINO_ROOT="$HOME/Arduino/libraries" + # Check environment if [ -n "$WSL_DISTRO_NAME" ]; then # we found a non-blank WSL environment distro name @@ -78,8 +81,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then if echo "$current_path" | grep -Eq "^$pattern"; then # if we are in WSL and shared Windows file system, 'ln' does not work. ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries" - else - ARDUINO_ROOT="$HOME/Arduino/libraries" fi fi echo "The Arduino library root is: $ARDUINO_ROOT" @@ -116,11 +117,21 @@ if [ $# -gt 0 ]; then echo "Error: not a valid operation: $THIS_OPERATION" exit 1 fi +else + echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR" fi ROOT_SRC_DIR="${ROOT_DIR}/src" EXAMPLES_DIR="${ROOT_DIR}/examples" + +if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then + EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino" + echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR" +else + echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples" + echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples." +fi WOLFSSL_SRC="${ROOT_SRC_DIR}/src" WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl" WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt" @@ -141,8 +152,16 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl" WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2) if [ "$WOLFSSL_VERSION" = "" ]; then - echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h" - exit 1 + echo "Current user: [$USER]" + if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then + # Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner" + echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow." + WOLFSSL_VERSION="GitHub" + else + echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h" + echo "Check autogen.sh and configure" + exit 1 + fi else echo "Found wolfSSL version $WOLFSSL_VERSION" echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX" @@ -235,26 +254,46 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then $CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1 # Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src - $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h + $CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h || exit 1 + $CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1 + unset NO_ARDUINO_EXAMPLES echo "Copy examples...." # Copy examples mkdir -p ".${ROOT_SRC_DIR}"/examples - echo "Copy wolfssl_client example...." - mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client - $CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 - $CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 + if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then + echo "Copy template example...." + mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino ".${EXAMPLES_DIR}"/template/template.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md ".${EXAMPLES_DIR}"/template/README.md || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c ".${EXAMPLES_DIR}"/template/wolfssl_helper.c || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h ".${EXAMPLES_DIR}"/template/wolfssl_helper.h || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp || exit 1 - echo "Copy wolfssl_server example...." - mkdir -p .${EXAMPLES_DIR}/wolfssl_server - $CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1 - $CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1 + echo "Copy wolfssl_AES_CTR example...." + mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1 - echo "Copy wolfssl_server example...." - mkdir -p .${EXAMPLES_DIR}/wolfssl_version - $CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1 - $CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1 + echo "Copy wolfssl_client example...." + mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1 + + echo "Copy wolfssl_server example...." + mkdir -p .${EXAMPLES_DIR}/wolfssl_server + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1 + + echo "Copy wolfssl_version example...." + mkdir -p .${EXAMPLES_DIR}/wolfssl_version + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1 + $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1 + else + NO_ARDUINO_EXAMPLES=1 + fi else echo "ERROR: You must be in the IDE/ARDUINO directory to run this script" exit 1 @@ -273,6 +312,8 @@ fi # as an Arduino-specific README.md file. VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}" ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}" + +# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md PREPEND_FILE="Arduino_README_prepend.md" PROPERTIES_FILE_TEMPLATE="library.properties.template" sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp" @@ -340,4 +381,9 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then fi fi +if [ -n "$NO_ARDUINO_EXAMPLES" ]; then + echo "" + echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate." + echo "" +fi echo "Done!" diff --git a/IDE/ARDUINO/wolfssl.h b/IDE/ARDUINO/wolfssl.h index 303b73224..8b29806b6 100644 --- a/IDE/ARDUINO/wolfssl.h +++ b/IDE/ARDUINO/wolfssl.h @@ -22,6 +22,7 @@ /* Edit with caution. This is an Arduino-library specific header for wolfSSL */ #ifndef WOLFSSL_USER_SETTINGS + /* Should already be defined in settings.h for #if defined(ARDUINO) */ #define WOLFSSL_USER_SETTINGS #endif @@ -39,9 +40,10 @@ #include #include -int wolfSSL_Arduino_Serial_Print(const char *const s) -{ - /* See wolfssl/wolfcrypt/logging.c */ - Serial.println(F(s)); - return 0; -}; +#ifndef WOLFSSL_ARDUINO_H +#define WOLFSSL_ARDUINO_H + +/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */ +int wolfSSL_Arduino_Serial_Print(const char* const s); + +#endif /* WOLFSSL_ARDUINO_H */ diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h index 49415bccd..8ff2d8c3b 100644 --- a/examples/configs/user_settings_arduino.h +++ b/examples/configs/user_settings_arduino.h @@ -21,11 +21,18 @@ /* This is a sample Arduino user_settings.h for wolfSSL >> Edit with caution. This is the file copied to wolfSSL Arduino library. - >> at publish time. (lines with ">>" are removed) + >> at publish time. (lines with ">>" are removed at publish time) */ /* Define a macro to display user settings version in example code: */ -#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.4" +#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.6" + +/* Disable wolfcrypt cryptographic security hardening. Comment out to enable: */ +/* #define WC_NO_HARDEN */ + +/* Instead, we harden ECC and RSA */ +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING /* Due to limited build control, we'll ignore file warnings. */ /* See https://github.com/arduino/arduino-cli/issues/631 */ @@ -39,6 +46,7 @@ #undef WOLFSSL_ESPIDF #define HAVE_ECC + #define WOLFSSL_SMALL_STACK /* #define WOLFSSL_SMALL_STACK_EXTRA */ /* #define WOLFSSL_SMALL_STACK_CIPHERS */ @@ -76,17 +84,27 @@ * WOLFSSL_CLIENT_EXAMPLE * WOLFSSL_SERVER_EXAMPLE */ + +/* The examples must be manually selected here: */ + #if defined(WOLFSSL_CLIENT_EXAMPLE) #define NO_WOLFSSL_SERVER #elif defined(WOLFSSL_SERVER_EXAMPLE) #define NO_WOLFSSL_CLIENT +#elif defined(WOLFSSL_TEMPLATE_EXAMPLE) + #define NO_WOLFSSL_SERVER + #define NO_WOLFSSL_CLIENT +#elif defined(WOLFSSL_AES_CTR_EXAMPLE) + #define NO_WOLFSSL_SERVER + #define NO_WOLFSSL_CLIENT + #define WOLFSSL_AES + #define WOLFSSL_AES_COUNTER #else /* Provide a hint to application that neither WOLFSSL_CLIENT_EXAMPLE * or WOLFSSL_SERVER_EXAMPLE macro hint was desired but not found. */ #define NO_WOLFSSL_SERVER_CLIENT_MISSING - #warning "Define WOLFSSL_CLIENT_EXAMPLE or WOLFSSL_SERVER_EXAMPLE to" \ - " optimize memory for small embedded devices." - /* Both can be disabled in wolfssl test & benchmark */ + + /* By default all examples are enabled; no specific optimizations */ #endif @@ -114,8 +132,8 @@ /* #define HAVE_PKCS7 */ /* when you want to use AES counter mode */ -/* #define WOLFSSL_AES_DIRECT */ -/* #define WOLFSSL_AES_COUNTER */ +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_COUNTER /* esp32-wroom-32se specific definition */ #if defined(WOLFSSL_ESPWROOM32SE) @@ -354,7 +372,7 @@ */ /* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm -/* The section below defines macros used in typically all of the wolfSSL + * The section below defines macros used in typically all of the wolfSSL * examples such as the client and server for certs stored in header files. * * There are various certificate examples in this header file: diff --git a/src/internal.c b/src/internal.c index d127cd299..2fce64fee 100644 --- a/src/internal.c +++ b/src/internal.c @@ -153,7 +153,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #error Cannot use both secure-renegotiation and renegotiation-indication #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #ifndef NO_WOLFSSL_CLIENT static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, @@ -166,7 +166,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size); #endif -#endif +#endif /* !NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER @@ -179,7 +179,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif #endif /* !NO_WOLFSSL_SERVER */ -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET) #if defined(WOLFSSL_HAPROXY) @@ -198,7 +198,7 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS int enc, byte* ticket, int inLen, int* outLen, void* userCtx); #endif -#endif +#endif /* !NO_WOLFSSL_SERVER && HAVE_SESSION_TICKET */ int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, byte dec, byte** seq, int verifyOrder); @@ -236,13 +236,14 @@ enum processReply { }; -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ static const byte tls13Downgrade[7] = { 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44 }; + #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ @@ -253,7 +254,7 @@ static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, #endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #if !defined(NO_CERT) && defined(WOLFSSL_BLIND_PRIVATE_KEY) @@ -296,7 +297,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) xorbuf(key->buffer, mask->buffer, mask->length); } } -#endif +#endif /* !NO_CERT && WOLFSSL_BLIND_PRIVATE_KEY */ #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) @@ -601,24 +602,24 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv) int IsEncryptionOn(const WOLFSSL* ssl, int isSend) { - #ifdef WOLFSSL_DTLS +#ifdef WOLFSSL_DTLS /* For DTLS, epoch 0 is always not encrypted. */ if (ssl->options.dtls && !isSend) { if (!IsAtLeastTLSv1_3(ssl->version) && ssl->keys.curEpoch == 0) return 0; -#ifdef WOLFSSL_DTLS13 + #ifdef WOLFSSL_DTLS13 else if (IsAtLeastTLSv1_3(ssl->version) && w64IsZero(ssl->keys.curEpoch64)) return 0; -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ } - #endif /* WOLFSSL_DTLS */ - #ifdef WOLFSSL_QUIC +#endif /* WOLFSSL_DTLS */ +#ifdef WOLFSSL_QUIC if (WOLFSSL_IS_QUIC(ssl) && IsAtLeastTLSv1_3(ssl->version)) { return 0; } - #endif +#endif /* WOLFSSL_QUIC */ return ssl->keys.encryptionOn && (isSend ? ssl->encrypt.setup : ssl->decrypt.setup); } @@ -2258,7 +2259,8 @@ int InitSSL_Side(WOLFSSL* ssl, word16 side) return InitSSL_Suites(ssl); } -#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ +#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE || + * WOLFSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(WOLFSSL_SYS_CRYPTO_POLICY) /* Check the wolfssl method meets minimum requirements for @@ -2808,7 +2810,7 @@ void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) (void)heap; } -#endif +#endif /* WOLFSSL_TLS13 && HAVE_ECH */ /* In case contexts are held in array and don't want to free actual ctx. */ @@ -3474,7 +3476,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, (void) tls; tls1_2 = pv.minor <= DTLSv1_2_MINOR; } -#endif +#endif /* WOLFSSL_DTLS */ (void)tls; /* shut up compiler */ (void)tls1_2; @@ -3544,6 +3546,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_SM4_GCM_SM3; } #endif + #ifdef BUILD_TLS_SM4_CCM_SM3 if (tls1_3) { suites->suites[idx++] = CIPHER_BYTE; @@ -3774,7 +3777,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif -#endif +#endif /* WOLFSSL_MYSQL_COMPATIBLE */ #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #ifdef OPENSSL_EXTRA @@ -4011,7 +4014,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4023,7 +4026,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ /* Place as higher priority for MYSQL testing */ #if !defined(WOLFSSL_MYSQL_COMPATIBLE) @@ -4033,7 +4036,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; } #endif -#endif +#endif /* !WOLFSSL_MYSQL_COMPATIBLE */ #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA if (tls && haveDH && haveRSA && haveAES128 && haveSHA1) { @@ -4115,7 +4118,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA if (tls && haveECC && haveNull && haveSHA1) { @@ -4148,7 +4151,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA if (tls && havePSK && haveSHA1) { @@ -4167,7 +4170,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4179,7 +4182,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; } -#endif +#endif /* BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 */ #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4191,7 +4194,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4236,7 +4239,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4248,7 +4251,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4260,7 +4263,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CHACHA_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4272,7 +4275,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4284,7 +4287,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECDHE_PSK_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM if (tls && havePSK && haveAES128) { @@ -4324,7 +4327,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4336,7 +4339,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; } -#endif +#endif /* BUILD_TLS_PSK_WITH_NULL_SHA384 */ #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4348,7 +4351,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = ECC_BYTE; suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4360,7 +4363,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4372,7 +4375,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; } -#endif +#endif /* BUILD_TLS_PSK_WITH_NULL_SHA256 */ #ifdef BUILD_TLS_PSK_WITH_NULL_SHA if (tls && havePSK && haveNull) { @@ -4440,7 +4443,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4452,7 +4455,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4464,7 +4467,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES @@ -4476,7 +4479,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = CIPHER_BYTE; suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; } -#endif +#endif /* BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3 if (tls && haveECC) { @@ -4484,12 +4487,14 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_CBC_SM3; } #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3 if (tls && haveECC) { suites->suites[idx++] = SM_BYTE; suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3; } #endif + #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3 if (tls && haveECC) { suites->suites[idx++] = SM_BYTE; @@ -4615,7 +4620,8 @@ void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) break; } } -#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ +#endif /* !NO_WOLFSSL_SERVER || !NO_CERTS || + * ( !NO_WOLFSSL_CLIENT && (!NO_DH || HAVE_ECC) ) */ #ifndef WOLFSSL_NO_TLS12 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) @@ -4900,7 +4906,8 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) } #endif -#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH) +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) static void SetDigest(WOLFSSL* ssl, int hashAlgo) { switch (hashAlgo) { @@ -4961,7 +4968,7 @@ word32 MacSize(const WOLFSSL* ssl) } #ifndef NO_RSA -#if !defined(WOLFSSL_NO_TLS12) || \ +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) || \ (defined(WC_RSA_PSS) && defined(HAVE_PK_CALLBACKS)) #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) static int TypeHash(int hashAlgo) @@ -5787,7 +5794,7 @@ int Sm2wSm3Verify(WOLFSSL* ssl, const byte* id, word32 idSz, const byte* sig, return ret; } -#endif /* WOLFSSL_SM2 */ +#endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */ #ifdef HAVE_ED25519 /* Check whether the key contains a public key. @@ -5974,7 +5981,7 @@ int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, } #endif /* HAVE_ED25519 */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #ifdef HAVE_CURVE25519 #ifdef HAVE_PK_CALLBACKS @@ -6117,7 +6124,7 @@ static int X25519MakeKey(WOLFSSL* ssl, curve25519_key* key, } #endif /* HAVE_CURVE25519 */ -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #ifdef HAVE_ED448 /* Check whether the key contains a public key. @@ -7456,7 +7463,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) wc_MemZero_Add("ServerFinished hash", &ssl->serverFinished, TLS_FINISHED_SZ_MAX); #endif -#endif +#endif /* WOLFSSL_CHECK_MEM_ZERO */ #if defined(WOLFSSL_STATIC_MEMORY) if (ctx->heap != NULL) { @@ -7612,7 +7619,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) !defined(HAVE_SELFTEST) ssl->options.dhDoKeyTest = 1; #endif -#endif +#endif /* !NO_DH */ #ifdef WOLFSSL_DTLS #ifdef WOLFSSL_SCTP @@ -7656,7 +7663,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */ ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */ #endif -#endif +#endif /* WOLFSSL_DTLS */ #ifndef WOLFSSL_AEAD_ONLY @@ -7670,7 +7677,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->hmac = Renesas_cmn_TLS_hmac; #endif #endif -#endif +#endif /* WOLFSSL_AEAD_ONLY */ #if defined(WOLFSSL_OPENVPN) && defined(HAVE_KEYING_MATERIAL) /* Save arrays by default for OpenVPN */ @@ -7711,7 +7718,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT ssl->options.tls13MiddleBoxCompat = 1; #endif -#endif +#endif /* WOLFSSL_TLS13 */ #ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_MAX_FRAGMENT @@ -16853,7 +16860,7 @@ exit_ppc: } #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* handle processing of certificate (11) */ @@ -17070,11 +17077,11 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #endif /* !NO_CERTS */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, word32 totalSz) @@ -17683,7 +17690,7 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) } #endif } -#endif +#endif /* !NO_WOLFSSL_SERVER */ if (ssl->options.dtls) ssl->msgsReceived.got_change_cipher = 1; break; @@ -17697,7 +17704,6 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type) return 0; } - int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, byte type, word32 size, word32 totalSz) { @@ -18210,8 +18216,7 @@ static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_LEAVE("DoHandShakeMsg()", ret); return ret; } - -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_EXTRA_ALERTS int SendFatalAlertOnly(WOLFSSL *ssl, int error) @@ -23080,7 +23085,8 @@ int SendChangeCipher(WOLFSSL* ssl) else return SendBuffered(ssl); } -#endif +#endif /* !WOLFSSL_NO_TLS12 || !NO_OLD_TLS || + * (WOLFSSL_TLS13 && WOLFSSL_TLS13_MIDDLEBOX_COMPAT) */ #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY) @@ -24305,7 +24311,9 @@ int cipherExtraData(WOLFSSL* ssl) #ifndef WOLFSSL_NO_TLS12 #ifndef NO_CERTS -#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) + +#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + !defined(NO_TLS) /* handle generation of certificate (11) */ int SendCertificate(WOLFSSL* ssl) { @@ -24618,8 +24626,9 @@ int SendCertificate(WOLFSSL* ssl) return ret; } -#endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* !NO_TLS && (!NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH) */ +#if !defined(NO_TLS) /* handle generation of certificate_request (13) */ int SendCertificateRequest(WOLFSSL* ssl) { @@ -24827,8 +24836,11 @@ int SendCertificateRequest(WOLFSSL* ssl) return ret; } +#endif /* !NO_TLS */ + #ifndef NO_WOLFSSL_SERVER + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status, @@ -24944,6 +24956,7 @@ static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl) } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */ + #endif /* NO_WOLFSSL_SERVER */ /* handle generation of certificate_status (22) */ @@ -25253,7 +25266,8 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) } #endif /* WOLFSSL_DTLS */ -#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) +#if !defined(NO_TLS) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) /* * Enforce limits specified in * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 @@ -28540,7 +28554,7 @@ int SetCipherListFromBytes(WOLFSSL_CTX* ctx, Suites* suites, const byte* list, return ret; } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES */ #ifdef OPENSSL_EXTRA @@ -29276,7 +29290,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz, return 0; } -#endif /* WOLFSSL_CALLBACKS */ +#endif /* WOLFSSL_CALLBACKS || OPENSSL_EXTRA */ #if !defined(NO_CERTS) @@ -30406,7 +30420,8 @@ exit_dapk: return ret; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ -#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ + +#endif /* !NO_CERTS */ #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) /* returns 1 if able to do TLS 1.3 otherwise 0 */ @@ -30431,7 +30446,7 @@ exit_dapk: } #endif /* WOLFSSL_TLS13 */ -#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) #if (!defined(NO_WOLFSSL_CLIENT) && (!defined(NO_DH) || defined(HAVE_ECC) || \ defined(HAVE_CURVE25519) || defined(HAVE_CURVE448))) || \ (!defined(NO_WOLFSSL_SERVER) && (defined(HAVE_ECC) || \ @@ -30542,8 +30557,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, return ret; } -#endif -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !NO_WOLFSSL_CLIENT [...etc] || !NO_WOLFSSL_SERVER [...etc] */ +#endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ /* client only parts */ #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -30619,7 +30634,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, idSz = 0; } -#endif +#endif /* HAVE_SESSION_TICKET */ length = VERSION_SZ + RAN_LEN + (word32)idSz + ENUM_LEN + SUITE_LEN @@ -30650,7 +30665,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif if (extSz != 0) length += extSz + HELLO_EXT_SZ_SZ; -#endif +#endif /* HAVE_TLS_EXTENSIONS */ sendSz = (int)length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; if (ssl->arrays == NULL) { @@ -30722,7 +30737,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, idx += cookieSz; } } -#endif +#endif /* WOLFSSL_DTLS */ #ifndef NO_FORCE_SCR_SAME_SUITE if (IsSCR(ssl)) { @@ -30732,7 +30747,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, output[idx++] = ssl->options.cipherSuite; } else -#endif +#endif /* NO_FORCE_SCR_SAME_SUITE */ { /* then cipher suites */ c16toa(suites->suiteSz, output + idx); @@ -30788,7 +30803,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif } -#endif +#endif /* HAVE_TLS_EXTENSIONS */ if (IsEncryptionOn(ssl, 1)) { byte* input; @@ -30938,7 +30953,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, && ssl->session->ticketLen > 0 #endif ); -#endif +#endif /* HAVE_SECRET_CALLBACK */ #ifdef HAVE_SESSION_TICKET /* server may send blank ticket which may not be expected to indicate @@ -30972,11 +30987,11 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } #endif - #ifdef OPENSSL_EXTRA + #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { ssl->CBIS(ssl, WOLFSSL_CB_HANDSHAKE_START, WOLFSSL_SUCCESS); } - #endif + #endif if (ssl->options.dtls) { if (pv.major != DTLS_MAJOR || pv.minor == DTLS_BOGUS_MINOR) { @@ -31024,7 +31039,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, WOLFSSL_ERROR_VERBOSE(VERSION_ERROR); return VERSION_ERROR; } - #endif + #endif /* HAVE_SECURE_RENEGOTIATION */ /* Checks made - OK to downgrade. */ ssl->version.minor = pv.minor; @@ -31188,7 +31203,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } } else -#endif +#endif /* HAVE_SECURE_RENEGOTIATION && !NO_FORCE_SCR_SAME_SUITE */ { word32 idx, found = 0; const Suites* suites = WOLFSSL_SUITES(ssl); @@ -31258,6 +31273,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, else ssl->options.haveEMS = 0; /* If no extensions, no EMS */ #else + /* !HAVE_TLS_EXTENSIONS */ { byte pendingEMS = 0; @@ -31319,7 +31335,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (!pendingEMS && ssl->options.haveEMS) ssl->options.haveEMS = 0; } -#endif +#endif /* HAVE_TLS_EXTENSIONS */ #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) if (ssl->secure_renegotiation == NULL || @@ -31384,7 +31400,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } } else - #endif + #endif /* WOLFSSL_TLS13 */ if (ssl->ctx->method->version.major == SSLv3_MAJOR && ssl->ctx->method->version.minor == TLSv1_2_MINOR && (wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_2) == 0) { @@ -35106,7 +35122,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLF_PRIVATE_KEY_ID || HAVE_PK_CALLBACKS */ -#endif /* NO_CERTS */ +#endif /* !NO_CERTS */ #ifdef HAVE_ECC /* returns the WOLFSSL_* version of the curve from the OID sum */ @@ -42280,7 +42296,7 @@ int wolfSSL_set_iotsafe_ctx(WOLFSSL *ssl, IOTSAFE *iotsafe) return 0; } -#endif +#endif /* WOLFSSL_IOTSAFE && HAVE_PK_CALLBACKS */ #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) /* create an instance of WOLFSSL_BY_DIR_HASH structure */ @@ -42566,7 +42582,7 @@ int wolfSSL_sk_BY_DIR_entry_push(WOLF_STACK_OF(WOLFSSL_BY_DIR_entry)* sk, return wolfSSL_sk_push(sk, in); } -#endif /* OPENSSL_ALL */ +#endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_FILESYSTEM */ #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) @@ -42705,4 +42721,4 @@ cleanup: #undef ERROR_OUT -#endif /* WOLFCRYPT_ONLY */ +#endif /* !WOLFCRYPT_ONLY */ diff --git a/src/tls13.c b/src/tls13.c index faab073b5..a44a41f01 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -89,7 +89,7 @@ * Default behavior is to return a signed 64-bit value. */ -#ifdef WOLFSSL_TLS13 +#if !defined(NO_TLS) && defined(WOLFSSL_TLS13) #ifndef WOLFCRYPT_ONLY @@ -15077,4 +15077,4 @@ int tls13ShowSecrets(WOLFSSL* ssl, int id, const unsigned char* secret, #endif /* !WOLFCRYPT_ONLY */ -#endif /* WOLFSSL_TLS13 */ +#endif /* !NO_TLS && WOLFSSL_TLS13 */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 12397f182..21e0d1166 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -648,7 +648,7 @@ #define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS #endif - #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL) + #if defined(CONFIG_TLS_STACK_WOLFSSL) /* When using ESP-TLS, some old algorithms such as SHA1 are no longer * enabled in wolfSSL, except for the OpenSSL compatibility. So enable * that here: */ @@ -1276,7 +1276,7 @@ #error "https://www.wolfssl.com/docs/porting-guide/" #endif #endif - #define WOLFSSL_USER_IO + #define HAVE_ECC #define NO_DH #define NO_SESSION_CACHE @@ -4416,6 +4416,11 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ENTROPY_MEMUSE */ +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) +#error "If TLS is enabled please make sure either client or server is enabled." +#endif + #ifdef __cplusplus } /* extern "C" */ #endif