Merge remote-tracking branch 'BLS/ValidateSAN' into develop

.github/SECURITY.md

@@ -6,7 +6,7 @@ If you discover a vulnerability, please report it to [email protected]
 
  1. Include a detailed description
  2. Include method to reproduce and/or method of discovery
- 3. We will evaulate the report promptly and respond to you with findings.
+ 3. We will evaluate the report promptly and respond to you with findings.
  4. We will credit you with the report if you would like.
 
 **Please keep the vulnerability private** until a fix has been released.

.github/workflows/docker-Espressif.yml

@@ -0,0 +1,38 @@
+name: Test Espressif examples on various official Docker containers
+concurrency:
+  group: ${{ github.ref }}
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  espressif_latest:
+    name: Test Espressif on latest Docker container
+    runs-on: ubuntu-latest
+    container:
+      image: espressif/idf:latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v4_4:
+    name: Test Espressif on v4.4 Docker container
+    runs-on: ubuntu-latest
+    container:
+      image: espressif/idf:release-v4.4
+    steps:
+      - uses: actions/checkout@v3
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh
+  espressif_v5_0:
+    name: Test Espressif on v5.0 Docker container
+    runs-on: ubuntu-latest
+    container:
+      image: espressif/idf:release-v5.0
+    steps:
+      - uses: actions/checkout@v3
+      - name: Initialize Espressif IDE and build examples
+        run: . /opt/esp/idf/export.sh; IDE/Espressif/ESP-IDF/compileAllExamples.sh

.github/workflows/os-check.yml

@@ -0,0 +1,160 @@
+name: GitHub Action Tests
+concurrency:
+  group: ${{ github.ref }}
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  macos_build:
+    name: macOS Build Test
+    runs-on: macos-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: brew
+      run: brew install automake libtool
+
+    - name: autogen
+      run: ./autogen.sh
+
+    - name: configure make check
+      run: |
+        ./configure
+        make
+        make check
+        make distcheck
+
+    - name: configure all make check
+      run: |
+        ./configure --enable-all
+        make
+        make check
+        make distcheck
+
+    - name: configure all ASN template
+      run: |
+        ./configure --enable-all --enable-asn=template
+        make
+        make check
+        make distcheck
+
+    - name: make user_settings_all.h
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+    - name: user_settings_all.h with compatibility layer
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        sed -i -e "s/if 0/if 1/" user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+    - name: user_settings_min_ecc.h
+      run: |
+        cp ./examples/configs/user_settings_min_ecc.h user_settings.h
+        ./configure --enable-usersettings --disable-examples
+        make
+        ./wolfcrypt/test/testwolfcrypt
+
+    - name: user_settings_wolfboot_keytools.h
+      run: |
+        cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h
+        ./configure --enable-usersettings --disable-examples
+        make
+        ./wolfcrypt/test/testwolfcrypt
+
+  ubuntu_build:
+    name: Ubuntu Build Test
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: autogen
+      run: ./autogen.sh
+
+    - name: configure make check
+      run: |
+        ./configure
+        make
+        make check
+        make distcheck
+
+    - name: configure all make check
+      run: |
+        ./configure --enable-all
+        make
+        make check
+        make distcheck
+
+    - name: configure all ASN template
+      run: |
+        ./configure --enable-all --enable-asn=template
+        make
+        make check
+        make distcheck
+
+    - name: make user_settings_all.h
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+    - name: user_settings_all.h with compatibility layer
+      run: |
+        cp ./examples/configs/user_settings_all.h user_settings.h
+        sed -i -e "s/if 0/if 1/" user_settings.h
+        ./configure --enable-usersettings
+        make
+        make check
+
+    - name: user_settings_min_ecc.h
+      run: |
+        cp ./examples/configs/user_settings_min_ecc.h user_settings.h
+        ./configure --enable-usersettings --disable-examples
+        make
+        ./wolfcrypt/test/testwolfcrypt
+
+    - name: user_settings_wolfboot_keytools.h
+      run: |
+        cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h
+        ./configure --enable-usersettings --disable-examples
+        make
+        ./wolfcrypt/test/testwolfcrypt
+
+  windows_build:
+    name: Windows Build Test
+    runs-on: windows-latest
+    env:
+      # Path to the solution file relative to the root of the project.
+      SOLUTION_FILE_PATH: wolfssl64.sln
+
+      # Configuration type to build.
+      # You can convert this to a build matrix if you need coverage of multiple configuration types.
+      # https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
+      BUILD_CONFIGURATION: Release
+      BUILD_PLATFORM: x64
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Add MSBuild to PATH
+      uses: microsoft/setup-msbuild@v1
+
+    - name: Restore NuGet packages
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      run: nuget restore ${{env.SOLUTION_FILE_PATH}}
+
+    - name: Build
+      working-directory: ${{env.GITHUB_WORKSPACE}}
+      # Add additional options to the MSBuild command line here (like platform or verbosity level).
+      # See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
+      run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
+

Docker/Dockerfile

@@ -0,0 +1,11 @@
+ARG DOCKER_BASE_IMAGE=ubuntu:22.04
+FROM $DOCKER_BASE_IMAGE
+
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y build-essential autoconf libtool git gdb iputils-ping
+
+ARG USER=docker
+ARG UID=1000
+ARG GID=1000
+RUN groupadd -f -g ${GID} docker && useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID}
+
+USER ${UID}:${GID}

Docker/README.md

@@ -0,0 +1,13 @@
+# Overview
+This is a simple Docker environment for compiling and running WolfSSL. Use `run.sh` to build everything (Docker container, WolfSSL, etc.). This script takes in arguments that can be passed to `./configure`. For example: `run.sh --enable-all`
+
+When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment.
+
+# FAQ
+## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
+You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
+
+## Unable to access symlinked files outside of WolfSSL
+The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
+1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
+2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.

Docker/include.am

@@ -0,0 +1,7 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= Docker/Dockerfile
+EXTRA_DIST+= Docker/run.sh
+EXTRA_DIST+= Docker/README.md

Docker/run.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+echo "Running with \"${*}\"..."
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+docker build -t wolfssl --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
+  docker run -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
+  docker run -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl /bin/bash
+
+exitval=$?
+echo "Exited with error code $exitval"
+exit $exitval

IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino

@@ -1,6 +1,6 @@
 /* wolfssl_client.ino
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino

@@ -1,6 +1,6 @@
 /* wolfssl_server.ino
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/AURIX/Cpu0_Main.c

@@ -1,6 +1,6 @@
 /* Cpu0_Main.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/AURIX/user_settings.h

@@ -1,6 +1,6 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *

IDE/AURIX/wolf_main.c

@@ -1,6 +1,6 @@
 /* wolf_main.c
  *
- * Copyright (C) 2006-2022 wolfSSL Inc.
+ * Copyright (C) 2006-2023 wolfSSL Inc.
  *
  * This file is part of wolfSSL.
  *