From dc01459c19ab0d64395d8d0924945832982fa736 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 4 May 2026 10:02:55 -0600 Subject: [PATCH] support for dynamic link to libwolfssl and add test case use local utils function for force zero and compare with SHE set HAVE_ANONYMOUS_INLINE_AGGREGATES=1 with build of wolfSSL in test case rename internal function and adjust test configure add macro guards around bench and crypt test code set LD_LIBRARY_PATH in test case --- .../workflows/build-and-test-wolfssl-lib.yml | 129 ++++++++++++++++++ benchmark/Makefile | 21 ++- examples/demo/client/wh_demo_client_crypto.c | 2 +- examples/demo/client/wh_demo_client_wcbench.c | 4 +- examples/demo/client/wh_demo_client_wctest.c | 4 +- examples/posix/wh_posix_client/Makefile | 36 +++-- examples/posix/wh_posix_server/Makefile | 19 ++- .../posix/wh_posix_server/wh_posix_server.c | 2 + src/wh_server_cert.c | 20 ++- src/wh_server_she.c | 44 +++--- test/Makefile | 22 ++- tools/whnvmtool/Makefile | 20 ++- 12 files changed, 278 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/build-and-test-wolfssl-lib.yml diff --git a/.github/workflows/build-and-test-wolfssl-lib.yml b/.github/workflows/build-and-test-wolfssl-lib.yml new file mode 100644 index 000000000..07b849494 --- /dev/null +++ b/.github/workflows/build-and-test-wolfssl-lib.yml @@ -0,0 +1,129 @@ +name: Build with installed wolfSSL (WOLFSSL_LIB) + +# Exercises the WOLFSSL_LIB=1 build mode, which links wolfHSM against an +# installed libwolfssl rather than compiling the wolfSSL sources in-tree. + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Checkout wolfssl + uses: actions/checkout@v4 + with: + repository: wolfssl/wolfssl + path: wolfssl + + - name: Build and install wolfssl + # HAVE_ANONYMOUS_INLINE_AGGREGATES toggles the layout of wc_CryptoInfo + # (anonymous union vs named .u member). wolfHSM requires the anonymous + # form. + run: | + cd wolfssl + ./autogen.sh + ./configure \ + --disable-benchmark \ + --disable-crypttests \ + --disable-examples \ + --enable-all \ + --enable-cryptocb \ + --prefix=$HOME/wolfssl-install \ + CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_SHA512_HASHTYPE -DWOLFSSL_PUBLIC_ASN -DHAVE_ANONYMOUS_INLINE_AGGREGATES=1 -DNO_MAIN_DRIVER" + make -j + make install + + - name: Build test (WOLFSSL_LIB=1) + run: | + cd test + make clean + make -j WOLFSSL_LIB=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build test (WOLFSSL_LIB=1 DMA=1 ASAN=1) + run: | + cd test + make clean + make -j WOLFSSL_LIB=1 DMA=1 ASAN=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build test (WOLFSSL_LIB=1 SHE=1) + run: | + cd test + make clean + make -j WOLFSSL_LIB=1 SHE=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build test (WOLFSSL_LIB=1 AUTH=1) + run: | + cd test + make clean + make -j WOLFSSL_LIB=1 AUTH=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + # NOCRYPTO short-circuits the wolfssl source compile entirely, but we + # still want to make sure WOLFSSL_LIB=1 doesn't break that path. + - name: Build test (WOLFSSL_LIB=1 NOCRYPTO=1) + run: | + cd test + make clean + make -j WOLFSSL_LIB=1 NOCRYPTO=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build benchmark (WOLFSSL_LIB=1) + run: | + cd benchmark + make clean + make -j WOLFSSL_LIB=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build POSIX server example (WOLFSSL_LIB=1) + run: | + cd examples/posix/wh_posix_server + make clean + make -j WOLFSSL_LIB=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build POSIX client example (WOLFSSL_LIB=1) + run: | + cd examples/posix/wh_posix_client + make clean + make -j WOLFSSL_LIB=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Build whnvmtool (WOLFSSL_LIB=1) + run: | + cd tools/whnvmtool + make clean + make WOLFSSL_LIB=1 \ + WOLFSSL_DIR=$HOME/wolfssl-install/include \ + WOLFSSL_LIBDIR=$HOME/wolfssl-install/lib + + - name: Run POSIX server/client smoke test (WOLFSSL_LIB=1) + run: | + export LD_LIBRARY_PATH=$HOME/wolfssl-install/lib:$LD_LIBRARY_PATH + cd examples/posix/wh_posix_server + ./Build/wh_posix_server.elf --type tcp & + SERVER_PID=$! + sleep 1 + cd ../wh_posix_client + ./Build/wh_posix_client.elf --type tcp + kill $SERVER_PID || true diff --git a/benchmark/Makefile b/benchmark/Makefile index 874d96cb4..96ad846b7 100644 --- a/benchmark/Makefile +++ b/benchmark/Makefile @@ -28,8 +28,14 @@ INC = -I$(PROJECT_DIR) \ # POSIX requires C source be defined before any header DEF += -D_POSIX_C_SOURCE=200809L -# Library configuration defines for user-supplied settings -DEF += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG +# Library configuration defines for user-supplied settings. +# When linking against an installed wolfSSL (WOLFSSL_LIB=1), skip +# WOLFSSL_USER_SETTINGS so the installed library's compiled-in options.h +# is used instead. +DEF += -DWOLFHSM_CFG +ifneq ($(WOLFSSL_LIB),1) +DEF += -DWOLFSSL_USER_SETTINGS +endif # Ensure this build uses POSIX test features DEF += -DWOLFHSM_CFG_TEST_POSIX @@ -124,11 +130,22 @@ endif SRC_ASM += ifneq ($(NOCRYPTO),1) +ifeq ($(WOLFSSL_LIB),1) +# Link against an installed wolfSSL library instead of compiling sources. +# Set WOLFSSL_LIBDIR for a non-default install path. NO_INLINE keeps the +# installed wolfSSL headers C90-clean. +LIBS += -lwolfssl +DEF += -DNO_INLINE +ifneq ($(WOLFSSL_LIBDIR),) +LDFLAGS += -L$(WOLFSSL_LIBDIR) +endif +else # wolfCrypt source files SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c) # wolfSSL source files SRC_C += $(wildcard $(WOLFSSL_DIR)/src/*.c) +endif # End of NOCRYPTO endif diff --git a/examples/demo/client/wh_demo_client_crypto.c b/examples/demo/client/wh_demo_client_crypto.c index f7844a435..19108a8d2 100644 --- a/examples/demo/client/wh_demo_client_crypto.c +++ b/examples/demo/client/wh_demo_client_crypto.c @@ -1609,7 +1609,7 @@ int wh_DemoClient_CryptoCmacKdfCache(whClientContext* clientContext) /* Example: evict the key from cache once we are done with it */ ret = wh_Client_KeyEvict(clientContext, keyId); if (ret != 0) { - WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", evictRet); + WOLFHSM_CFG_PRINTF("Failed to wh_Client_KeyEvict %d\n", ret); } return ret; diff --git a/examples/demo/client/wh_demo_client_wcbench.c b/examples/demo/client/wh_demo_client_wcbench.c index 9f7f82c96..4a92a104a 100644 --- a/examples/demo/client/wh_demo_client_wcbench.c +++ b/examples/demo/client/wh_demo_client_wcbench.c @@ -1,7 +1,7 @@ #include "wolfhsm/wh_client.h" #include "wolfhsm/wh_error.h" -#if !defined(WOLFHSM_CFG_NO_CRYPTO) +#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WH_DEMO_WCBENCH) #include "wolfcrypt/benchmark/benchmark.h" #endif @@ -10,7 +10,7 @@ int wh_DemoClient_wcBench(whClientContext* clientContext) { (void)clientContext; -#if !defined(WOLFHSM_CFG_NO_CRYPTO) +#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WH_DEMO_WCBENCH) return benchmark_test(NULL); #else return WH_ERROR_NOTIMPL; diff --git a/examples/demo/client/wh_demo_client_wctest.c b/examples/demo/client/wh_demo_client_wctest.c index a4869a22a..2fae64264 100644 --- a/examples/demo/client/wh_demo_client_wctest.c +++ b/examples/demo/client/wh_demo_client_wctest.c @@ -1,7 +1,7 @@ #include "wolfhsm/wh_client.h" #include "wolfhsm/wh_error.h" -#if !defined(WOLFHSM_CFG_NO_CRYPTO) +#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WH_DEMO_WCTEST) #include "wolfcrypt/test/test.h" #endif @@ -10,7 +10,7 @@ int wh_DemoClient_wcTest(whClientContext* clientContext) { (void)clientContext; -#if !defined(WOLFHSM_CFG_NO_CRYPTO) +#if !defined(WOLFHSM_CFG_NO_CRYPTO) && defined(WH_DEMO_WCTEST) return wolfcrypt_test(NULL); #else return WH_ERROR_NOTIMPL; diff --git a/examples/posix/wh_posix_client/Makefile b/examples/posix/wh_posix_client/Makefile index 53cc9fc0b..dbd1c39ed 100644 --- a/examples/posix/wh_posix_client/Makefile +++ b/examples/posix/wh_posix_client/Makefile @@ -30,8 +30,14 @@ INC = -I$(PROJECT_DIR) \ # POSIX requires C source be defined before any header DEF += -D_POSIX_C_SOURCE=200809L -# Library configuration defines for user-supplied settings -DEF += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG +# Library configuration defines for user-supplied settings. +# When linking against an installed wolfSSL (WOLFSSL_LIB=1), skip +# WOLFSSL_USER_SETTINGS so the installed library's compiled-in options.h +# is used instead. +DEF += -DWOLFHSM_CFG +ifneq ($(WOLFSSL_LIB),1) +DEF += -DWOLFSSL_USER_SETTINGS +endif # Architecture flags for assembler, C compiler and linker ARCHFLAGS ?= @@ -96,15 +102,29 @@ endif SRC_ASM += ifneq ($(NOCRYPTO),1) +ifeq ($(WOLFSSL_LIB),1) +# Link against an installed wolfSSL library instead of compiling sources. +# Set WOLFSSL_LIBDIR for a non-default install path. NO_INLINE keeps the +# installed wolfSSL headers C90-clean. Note: wolfCrypt test/benchmark +# sources still require WOLFSSL_DIR to point at a wolfSSL checkout if +# you want to build them in. +LIBS += -lwolfssl +DEF += -DNO_INLINE +ifneq ($(WOLFSSL_LIBDIR),) +LDFLAGS += -L$(WOLFSSL_LIBDIR) +endif +else # wolfCrypt source files SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c) -# wolfCrypt test/benchmark source files -SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/test/*.c) -SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.c) - # wolfSSL source files SRC_C += $(wildcard $(WOLFSSL_DIR)/src/*.c) +endif + +# wolfCrypt test/benchmark source files (compiled even with WOLFSSL_LIB=1 +# since these are not part of libwolfssl) +SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/test/*.c) +SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.c) # Set the default device ID for wolfCrypt tests ifeq ($(DMA),1) @@ -123,10 +143,6 @@ ifeq ($(AUTH),1) DEF += -DWOLFHSM_CFG_ENABLE_AUTHENTICATION endif -#wolfCrypt test/benchmark source files -SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/test/*.c) -SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/benchmark/*.c) - else DEF += -DWOLFHSM_CFG_NO_CRYPTO endif diff --git a/examples/posix/wh_posix_server/Makefile b/examples/posix/wh_posix_server/Makefile index 2d101a387..f24ba2a49 100644 --- a/examples/posix/wh_posix_server/Makefile +++ b/examples/posix/wh_posix_server/Makefile @@ -28,8 +28,14 @@ INC = -I$(PROJECT_DIR) \ # POSIX requires C source be defined before any header DEF += -D_POSIX_C_SOURCE=200809L -# Library configuration defines for user-supplied settings -DEF += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG +# Library configuration defines for user-supplied settings. +# When linking against an installed wolfSSL (WOLFSSL_LIB=1), skip +# WOLFSSL_USER_SETTINGS so the installed library's compiled-in options.h +# is used instead. +DEF += -DWOLFHSM_CFG +ifneq ($(WOLFSSL_LIB),1) +DEF += -DWOLFSSL_USER_SETTINGS +endif # Architecture flags for assembler, C compiler and linker @@ -113,9 +119,18 @@ SRC_ASM += # wolfCrypt source files ifneq ($(NOCRYPTO),1) +ifeq ($(WOLFSSL_LIB),1) +# Link against an installed wolfSSL library instead of compiling sources. +# Set WOLFSSL_LIBDIR for a non-default install path. +LIBS += -lwolfssl +ifneq ($(WOLFSSL_LIBDIR),) +LDFLAGS += -L$(WOLFSSL_LIBDIR) +endif +else SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c) # wolfSSL source files SRC_C += $(wildcard $(WOLFSSL_DIR)/src/*.c) +endif else DEF += -DWOLFHSM_CFG_NO_CRYPTO endif diff --git a/examples/posix/wh_posix_server/wh_posix_server.c b/examples/posix/wh_posix_server/wh_posix_server.c index f4e644fa8..c1c6c6ec4 100644 --- a/examples/posix/wh_posix_server/wh_posix_server.c +++ b/examples/posix/wh_posix_server/wh_posix_server.c @@ -25,6 +25,8 @@ #ifndef WOLFHSM_CFG_NO_CRYPTO /* included to print out the version of wolfSSL linked with */ #include "wolfssl/version.h" +#include "wolfssl/wolfcrypt/cryptocb.h" +#include "wolfssl/wolfcrypt/error-crypt.h" #endif #include "wh_posix_cfg.h" diff --git a/src/wh_server_cert.c b/src/wh_server_cert.c index 44e6487ea..9d343a0a4 100644 --- a/src/wh_server_cert.c +++ b/src/wh_server_cert.c @@ -43,6 +43,24 @@ #include "wolfssl/wolfcrypt/asn.h" +/* Replicates GetSequence, which is WOLFSSL_LOCAL. */ +static int DerNextSequence(const uint8_t* input, uint32_t maxIdx, + word32* inOutIdx, int* len) +{ + byte tag = 0; + int rc; + + rc = GetASNTag(input, inOutIdx, &tag, maxIdx); + if (rc < 0) { + return rc; + } + if (tag != (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + return ASN_PARSE_E; + } + return GetLength(input, inOutIdx, len, maxIdx); +} + + static int _verifyChainAgainstCmStore(whServerContext* server, WOLFSSL_CERT_MANAGER* cm, const uint8_t* chain, uint32_t chain_len, @@ -66,7 +84,7 @@ static int _verifyChainAgainstCmStore(whServerContext* server, idx = 0; /* Get the length of the current certificate */ - rc = GetSequence(cert_ptr, &idx, &cert_len, remaining_len); + rc = DerNextSequence(cert_ptr, remaining_len, &idx, &cert_len); if (rc < 0) { return rc; } diff --git a/src/wh_server_she.c b/src/wh_server_she.c index 77e2084be..d7ad48a3e 100644 --- a/src/wh_server_she.c +++ b/src/wh_server_she.c @@ -405,7 +405,7 @@ static int _SecureBootFinish(whServerContext* server, uint16_t magic, } if (ret == 0) { /* compare and set either success or failure */ - ret = ConstantCompare(cmacOutput, macDigest, field); + ret = wh_Utils_ConstantCompare(cmacOutput, macDigest, field); if (ret == 0) { server->she->sbState = WH_SHE_SB_SUCCESS; resp.status = WH_SHE_ERC_NO_ERROR; @@ -422,8 +422,8 @@ static int _SecureBootFinish(whServerContext* server, uint16_t magic, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(cmacOutput, sizeof(cmacOutput)); - ForceZero(macDigest, sizeof(macDigest)); + wh_Utils_ForceZero(cmacOutput, sizeof(cmacOutput)); + wh_Utils_ForceZero(macDigest, sizeof(macDigest)); return ret; } @@ -536,7 +536,7 @@ static int _LoadKey(whServerContext* server, uint16_t magic, uint16_t req_size, sizeof(cmacInput), tmpKey, WH_SHE_KEY_SZ, NULL, server->devId); } /* compare digest to M3 */ - if (ret == 0 && ConstantCompare(req.messageThree, cmacOutput, field) != 0) { + if (ret == 0 && wh_Utils_ConstantCompare(req.messageThree, cmacOutput, field) != 0) { ret = WH_SHE_ERC_KEY_UPDATE_ERROR; } /* make K1 using AES-MP(authKey | WH_SHE_KEY_UPDATE_ENC_C) */ @@ -589,7 +589,7 @@ static int _LoadKey(whServerContext* server, uint16_t magic, uint16_t req_size, } } /* compare to UID */ - else if (ret == 0 && ConstantCompare(req.messageOne, server->she->uid, + else if (ret == 0 && wh_Utils_ConstantCompare(req.messageOne, server->she->uid, sizeof(server->she->uid)) != 0) { ret = WH_SHE_ERC_KEY_UPDATE_ERROR; } @@ -696,10 +696,10 @@ static int _LoadKey(whServerContext* server, uint16_t magic, uint16_t req_size, resp.rc = _TranslateSheReturnCode(ret); (void)wh_MessageShe_TranslateLoadKeyResponse(magic, &resp, resp_packet); - ForceZero(kdfInput, sizeof(kdfInput)); - ForceZero(cmacOutput, sizeof(cmacOutput)); - ForceZero(tmpKey, sizeof(tmpKey)); - ForceZero(counter_buffer, sizeof(counter_buffer)); + wh_Utils_ForceZero(kdfInput, sizeof(kdfInput)); + wh_Utils_ForceZero(cmacOutput, sizeof(cmacOutput)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(counter_buffer, sizeof(counter_buffer)); return ret; } @@ -903,9 +903,9 @@ static int _ExportRamKey(whServerContext* server, uint16_t magic, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(kdfInput, sizeof(kdfInput)); - ForceZero(cmacOutput, sizeof(cmacOutput)); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(kdfInput, sizeof(kdfInput)); + wh_Utils_ForceZero(cmacOutput, sizeof(cmacOutput)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1010,9 +1010,9 @@ static int _InitRnd(whServerContext* server, uint16_t magic, uint16_t req_size, (void)wh_MessageShe_TranslateInitRngResponse(magic, &resp, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(kdfInput, sizeof(kdfInput)); - ForceZero(cmacOutput, sizeof(cmacOutput)); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(kdfInput, sizeof(kdfInput)); + wh_Utils_ForceZero(cmacOutput, sizeof(cmacOutput)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1132,7 +1132,7 @@ static int _ExtendSeed(whServerContext* server, uint16_t magic, (void)wh_MessageShe_TranslateExtendSeedResponse(magic, &resp, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(kdfInput, sizeof(kdfInput)); + wh_Utils_ForceZero(kdfInput, sizeof(kdfInput)); return ret; } @@ -1208,7 +1208,7 @@ static int _EncEcb(whServerContext* server, uint16_t magic, uint16_t req_size, resp.rc = _TranslateSheReturnCode(ret); (void)wh_MessageShe_TranslateEncEcbResponse(magic, &resp, resp_packet); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1291,7 +1291,7 @@ static int _EncCbc(whServerContext* server, uint16_t magic, uint16_t req_size, resp.rc = _TranslateSheReturnCode(ret); (void)wh_MessageShe_TranslateEncCbcResponse(magic, &resp, resp_packet); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1374,7 +1374,7 @@ static int _DecEcb(whServerContext* server, uint16_t magic, uint16_t req_size, resp.rc = _TranslateSheReturnCode(ret); (void)wh_MessageShe_TranslateDecEcbResponse(magic, &resp, resp_packet); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1457,7 +1457,7 @@ static int _DecCbc(whServerContext* server, uint16_t magic, uint16_t req_size, resp.rc = _TranslateSheReturnCode(ret); (void)wh_MessageShe_TranslateDecCbcResponse(magic, &resp, resp_packet); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1514,7 +1514,7 @@ static int _GenerateMac(whServerContext* server, uint16_t magic, (void)wh_MessageShe_TranslateGenMacResponse(magic, &resp, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } @@ -1589,7 +1589,7 @@ static int _VerifyMac(whServerContext* server, uint16_t magic, (void)wh_MessageShe_TranslateVerifyMacResponse(magic, &resp, resp_packet); *out_resp_size = sizeof(resp); - ForceZero(tmpKey, sizeof(tmpKey)); + wh_Utils_ForceZero(tmpKey, sizeof(tmpKey)); return ret; } diff --git a/test/Makefile b/test/Makefile index a90706c62..27f25921b 100644 --- a/test/Makefile +++ b/test/Makefile @@ -26,8 +26,14 @@ INC = -I$(PROJECT_DIR) \ # POSIX requires C source be defined before any header DEF += -D_POSIX_C_SOURCE=200809L -# Library configuration defines for user-supplied settings -DEF += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG +# Library configuration defines for user-supplied settings. +# When linking against an installed wolfSSL (WOLFSSL_LIB=1), skip +# WOLFSSL_USER_SETTINGS so the installed library's compiled-in options.h +# is used instead of the in-tree user_settings.h. +DEF += -DWOLFHSM_CFG +ifneq ($(WOLFSSL_LIB),1) +DEF += -DWOLFSSL_USER_SETTINGS +endif # Ensure this build uses POSIX test features DEF += -DWOLFHSM_CFG_TEST_POSIX @@ -182,11 +188,23 @@ endif SRC_ASM += ifneq ($(NOCRYPTO),1) +ifeq ($(WOLFSSL_LIB),1) +# Link against an installed wolfSSL shared/static library instead of +# compiling wolfSSL/wolfCrypt sources. Set WOLFSSL_LIBDIR for non-default +# install paths. NO_INLINE keeps wolfSSL's headers C90-clean (the +# in-tree user_settings.h normally provides this). +LIBS += -lwolfssl +DEF += -DNO_INLINE +ifneq ($(WOLFSSL_LIBDIR),) +LDFLAGS += -L$(WOLFSSL_LIBDIR) +endif +else # wolfCrypt source files SRC_C += $(wildcard $(WOLFSSL_DIR)/wolfcrypt/src/*.c) # wolfSSL source files SRC_C += $(wildcard $(WOLFSSL_DIR)/src/*.c) +endif ifeq ($(TESTWOLFCRYPT),1) diff --git a/tools/whnvmtool/Makefile b/tools/whnvmtool/Makefile index fe3ead8b7..da2ae9fd7 100644 --- a/tools/whnvmtool/Makefile +++ b/tools/whnvmtool/Makefile @@ -50,12 +50,30 @@ LIBS = \ LIB_DIRS = CFLAGS = -Wall $(INCLUDE_DIRS) -CFLAGS += -DWOLFSSL_USER_SETTINGS -DWOLFHSM_CFG_ENABLE_SERVER -DWOLFHSM_CFG_NO_SYS_TIME +CFLAGS += -DWOLFHSM_CFG_ENABLE_SERVER -DWOLFHSM_CFG_NO_SYS_TIME CFLAGS += -std=c90 -D_GNU_SOURCE -Wno-cpp +# When linking against an installed wolfSSL (WOLFSSL_LIB=1), skip +# WOLFSSL_USER_SETTINGS so the installed library's compiled-in options.h +# is used instead. +ifneq ($(WOLFSSL_LIB),1) +CFLAGS += -DWOLFSSL_USER_SETTINGS +endif + ifneq ($(NOCRYPTO),1) +ifeq ($(WOLFSSL_LIB),1) +# Link against an installed wolfSSL library instead of compiling sources. +# Set WOLFSSL_LIBDIR for a non-default install path. NO_INLINE keeps the +# installed wolfSSL headers C90-clean. +LIBS += -lwolfssl +CFLAGS += -DNO_INLINE +ifneq ($(WOLFSSL_LIBDIR),) +LIB_DIRS += -L$(WOLFSSL_LIBDIR) +endif +else SRC += \ $(WOLFCRYPT_SRC) +endif else CFLAGS += -DWOLFHSM_CFG_NO_CRYPTO endif