configure.ac: Add in --enable-rpk option

[mrdeep1]

Description

By default RPK (RFC7250) support is not enabled, but is enabled when
--enable-rpk, --enable-all or --enable-dist is used.

Makes use of the HAVE_RPK compile time option.

Note: should not be merged until after #7375 is merged.

Testing

Checking that the CFLAGS -DHAVE_RPK option is created when --enable-rpk, --enable-all or --enable-dist options are used, but not set otherwise.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[wolfSSL-Bot]

Can one of the admins verify this patch?

[dgarske]

Thank you @mrdeep1 . Okay to test. I see this is related to #7375. I do not see a contributor agreement on file yet. I think you are working with Kareem on this.

[mrdeep1]

Please see https://wolfssl.zendesk.com/hc/requests/17707 for a copy of my Contributor Agreement.

[dgarske]

Thanks @mrdeep1 we will work on getting your contributor agreement processed. I'm assigning this ticket to @anhu for now.

[anhu]

Hello @mrdeep1, I noticed a clang tidy error with your change so added a fix. That said, I'm not sure my fix was valid. I will have other members of our team have a look at my work as a double check.

[anhu]

By the way, I can confirm that the Contributor Agreement was accepted.

[anhu]

@mrdeep1 ,
I hope you don't mind that I directly pushed commits to you PR. All tests are now passing.
@wolfSSL-Bot , Contributor agreement has been accepted and this PR is now ready for a second look and merge if satisfactory.

Warm regards, Anthony

[mrdeep1]

@anhu No issues with the additional changes that you have made in the clang tidy up found in other code given that this PR now enables HAVE_RPK by default. Thanks for sorting that out.

[mrdeep1]

I don't know if you need the commits squashed into a single commit.

[dgarske]

Please expand description for RPK to "Raw Public Key (RPC) RFC7250"

[mrdeep1]

Updated

[dgarske]

I'm not sure removing this information about the ssl->options.rpkState.sending_ClientCertTypeCnt must be one is good. Can you at least leave a comment in there?

[mrdeep1]

Added comment, as well as sanity check that the Cert type actually is RPK as per RFC7250.
Code changes pushed.

[douzzer]

@mrdeep1 We just merged another PR (#7395) that addresses many of the same defects, and even one of the same comment spelling errors, due to duplicated/uncoordinated efforts. Can you rebase your PR on latest master and resolve the conflicts? Thanks!

[mrdeep1]

@douzzer Rebased, merge errors fixed and code pushed. Various commits squashed. Tidied further the code @anhu changed for clang tidy issues.

[mrdeep1]

@douzzer @anhu I have removed the clang tidy updates as they have all been fixed in #7395 so the only change now is in configure.ac. Code pushed.

[dgarske]

Okay to test

[mrdeep1]

Do I need a login to Jenkins to look at the PRB-master-job failure?

[dgarske]

Sorry we will have to post the results here:

[all-c89-clang-tidy] [1 of 1] [e8426ea6f3]
    autogen.sh e8426ea6f3...   real 0m18.836s  user 0m16.959s  sys 0m1.042s
    configure...   real 0m44.523s  user 0m29.887s  sys 0m17.768s
    build.../var/lib/jenkins/workspace/PRB-multi-test-script/wolfssl/tests/api.c:68808:9: warning: mixing declarations and code is a C99 extension [clang-diagnostic-declaration-after-statement]
int isServer = 0;
^

Looks like this change is part of the original PR and is a mixed declaration. Would you mind applying this patch to the PR?

% git diff
diff --git a/tests/api.c b/tests/api.c
index ad07619f7..b07b232fb 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -68186,6 +68186,9 @@ static int test_tls13_rpk_handshake(void)
     int typeCnt_c;
     int typeCnt_s;
     int tp;
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB)
+    int isServer;
+#endif

     (void)err;
     (void)typeCnt_c;
@@ -68804,8 +68807,9 @@ static int test_tls13_rpk_handshake(void)
     ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
                                                         WOLFSSL_SUCCESS);

+
     /* set certificate verify callback to both client and server */
-    int isServer = 0;
+    isServer = 0;
     wolfSSL_SetCertCbCtx(ssl_c, &isServer);
     wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb);

Thanks,
David Garske, wolfSSL

[dgarske]

Okay to test

[mrdeep1]

Need to understand the new issue thrown up by PRB-master-job failure

[dgarske]

It was a FIPS test failure and test results were already removed from history. Jenkins retest this please.

Changes made as requested in review.