Merge branch 'master' of https://github.com/wolfssl/wolfssl

Author: kojo1

.github/workflows/multi-compiler.yml

@@ -12,19 +12,32 @@ jobs:
         include:
           - CC: gcc-9
             CXX: g++-9
+            OS: ubuntu-latest
           - CC: gcc-10
             CXX: g++-10
+            OS: ubuntu-latest
           - CC: gcc-11
             CXX: g++-11
+            OS: ubuntu-latest
           - CC: gcc-12
             CXX: g++-12
+            OS: ubuntu-latest
+          - CC: clang-10
+            CXX: clang++-10
+            OS: ubuntu-20.04
+          - CC: clang-11
+            CXX: clang++-11
+            OS: ubuntu-20.04
           - CC: clang-12
             CXX: clang++-12
+            OS: ubuntu-20.04
           - CC: clang-13
             CXX: clang++-13
+            OS: ubuntu-latest
           - CC: clang-14
             CXX: clang++-14
-    runs-on: ubuntu-latest
+            OS: ubuntu-latest
+    runs-on: ${{ matrix.OS }}
     # This should be a safe limit for the tests to run.
     timeout-minutes: 4
     steps:
@@ -34,3 +47,7 @@ jobs:
             CC: ${{ matrix.CC }}
             CXX: ${{ matrix.CXX }}
         run: ./autogen.sh && ./configure && make && make dist
+      - name: Show log on errors
+        if: ${{ failure() }}
+        run: |
+            cat config.log

.github/workflows/os-check.yml

@@ -19,6 +19,8 @@ jobs:
            --enable-opensslextra --enable-sessioncerts 
            CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE 
            -DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
+          '--enable-all --enable-secure-renegotiation',
+          '--enable-all --enable-haproxy --enable-quic',
         ]
     name: make check
     runs-on: ${{ matrix.os }}

.github/workflows/packaging.yml

@@ -16,7 +16,14 @@ jobs:
       - name: Configure wolfSSL
         run: |
           autoreconf -ivf
-          ./configure --enable-distro --disable-examples --disable-silent-rules
+          ./configure --enable-distro --enable-all \
+            --disable-openssl-compatible-defaults --enable-intelasm \
+            --enable-dtls13 --enable-dtls-mtu \
+            --enable-sp-asm --disable-examples --disable-silent-rules
+
+      - name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
+        run: |
+          ! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
 
       - name: Build wolfSSL .deb
         run: make deb-docker

.gitignore

@@ -410,6 +410,7 @@ XXX-fips-test
 
 # ASYNC
 /wolfAsyncCrypt
+/async
 
 # Generated user_settings_asm.h.
 user_settings_asm.h

Docker/Dockerfile

@@ -18,6 +18,9 @@ ARG UID=1000
 ARG GID=1000
 RUN groupadd -f -g ${GID} docker && ( getent passwd ${UID} || useradd -ms /bin/bash ${USER} -u ${UID} -g ${GID} )
 
+# Add github.com as an SSH known host
+RUN ssh -o StrictHostKeyChecking=no -T git@github.com; cat ~/.ssh/known_hosts >> /etc/ssh/ssh_known_hosts
+
 # install ccache
 RUN mkdir -p /opt/ccache/bin && for prog in gcc g++ cc c++ cpp arm-none-eabi-c++ arm-none-eabi-cpp arm-none-eabi-gcc arm-none-eabi-g++; do ln -s /usr/bin/ccache /opt/ccache/bin/$(basename $prog); done
 ENV PATH /opt/ccache/bin:$PATH
@@ -44,4 +47,7 @@ RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump
 # Allow non-root to use gdb on processes (will need SYS_PTRACE capability when running the container)
 RUN setcap 'CAP_SYS_PTRACE+eip' /usr/bin/gdb
 
-USER ${UID}:${GID}
+# Add in Jenkins userID
+RUN for i in $(seq 1001 1010); do ( getent passwd ${i} || useradd -ms /bin/bash jenkins${i} -u ${i} -g ${GID} ); done
+
+USER ${UID}:${GID}

Docker/Dockerfile.cross-compiler

@@ -0,0 +1,11 @@
+ARG DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder
+FROM $DOCKER_BASE_IMAGE
+
+USER root
+
+ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-aarch64-linux-gnu"
+RUN DEBIAN_FRONTEND=noninteractive apt update \
+                    && apt install -y ${DEPS_TESTING} \
+                    && apt clean -y && rm -rf /var/lib/apt/lists/*
+
+USER docker

Docker/README.md

@@ -3,11 +3,14 @@ This is a Docker environment for compiling, testing and running WolfSSL. Use `ru
 
 When the compilation and tests succeed, you will be dropped in to a shell environment within the container. This can be useful to build other things within the environment. Additional tests can be run as well as debugging of code.
 
+# Docker Hub
+These images are also uploaded to the wolfSSL's [Docker Hub page](https://hub.docker.com/orgs/wolfssl/repositories). There is a convenience script here `buildAndPush.sh` that will create the appropriate containers and push them to the repo.
+
 # FAQ
 ## permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
 You need to be added to the `docker` group to run Docker containers. Run `sudo usermod -aG docker $USER`. You may need to restart the Docker daemon.
 
 ## Unable to access symlinked files outside of WolfSSL
 The volume mounted in the Docker container needs to have all files that your compilation will need. To solve this, you have a couple options:
 1. Change the `WOLFSSL_DIR` variable in the `run.sh` to one higher up (by adding `/..` to the path). Then update the `docker build` to include the correct path to the Dockerfile and the `docker run` argument to the working directory (`-w`) to the WolfSSL source directory
-2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.
+2. Move the external repository to within the WolfSSL directory. For example create an `external` folder which has your files. This route may have complications when stashing Git work.

Docker/buildAndPush.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Assume we're in wolfssl/Docker
+WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
+
+DOCKER_BUILD_OPTIONS="$1"
+if [ "${DOCKER_BASE_IMAGE}" != "" ]; then
+    DOCKER_BUILD_OPTIONS+=" --build-arg DOCKER_BASE_IMAGE=${DOCKER_BASE_IMAGE}"
+fi
+
+NUM_FAILURES=0
+
+CUR_DATE=$(date -u +%F)
+echo "Building wolfssl/wolfssl-builder:${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
+docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${WOLFSSL_DIR}/Docker" && \
+    docker tag wolfssl/wolfssl-builder:${CUR_DATE} wolfssl/wolfssl-builder:latest && \
+    docker build --build-arg DOCKER_BASE_IMAGE=wolfssl/wolfssl-builder:${CUR_DATE} -t wolfssl/testing-cross-compiler:${CUR_DATE} "${WOLFSSL_DIR}/Docker" -f Dockerfile.cross-compiler && \
+    docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
+
+if [ $? -eq 0 ]; then
+    echo "Pushing containers to DockerHub"
+    docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
+        docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
+else
+    echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Building wolfssl/wolfCLU:${CUR_DATE}"
+docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
+docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest      --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
+if [ $? -ne 0 ]; then
+    echo "Warning: Build wolfssl/wolfclu failed. Continuing"
+    ((NUM_FAILURES++))
+fi
+
+echo "Script completed in $SECONDS seconds. Had $NUM_FAILURES failures."

Docker/include.am

@@ -3,9 +3,11 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= Docker/Dockerfile
+EXTRA_DIST+= Docker/Dockerfile.cross-compiler
 EXTRA_DIST+= Docker/run.sh
 EXTRA_DIST+= Docker/README.md
 
+ignore_files+=Docker/buildAndPush.sh
 ignore_files+=Docker/OpenWRT/Dockerfile
 ignore_files+=Docker/OpenWRT/runTests.sh
 ignore_files+=Docker/OpenWRT/README.md

Docker/run.sh

@@ -5,9 +5,9 @@ echo "Running with \"${*}\"..."
 # Assume we're in wolfssl/Docker
 WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
 
-docker build -t wolfssl --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
-  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
-  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl /bin/bash
+docker build -t wolfssl/wolfssl-builder --build-arg UID=$(id -u) --build-arg GID=$(id -g) "${WOLFSSL_DIR}/Docker" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash -c "./autogen.sh && ./configure ${*@Q} && make" && \
+  docker run --rm -it -v ${HOME}/.gitconfig:/home/docker/.gitconfig:ro -v ${HOME}/.ssh:/home/docker/.ssh:ro -v "${WOLFSSL_DIR}:/tmp/wolfssl" -w /tmp/wolfssl wolfssl/wolfssl-builder /bin/bash
 
 exitval=$?
 echo "Exited with error code $exitval"