From 00a899e9a3cd1d5d8f7c0dc9cd988e80b1e3391e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Sat, 16 May 2026 11:03:35 +0200 Subject: [PATCH] Fixes for Zephyr secure sockets integration --- .wolfssl_known_macro_extras | 1 + src/ssl.c | 3 --- src/x509.c | 5 +++-- zephyr/Kconfig | 7 +++++++ zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf | 10 ---------- zephyr/user_settings.h | 9 +++++++++ 6 files changed, 20 insertions(+), 15 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index fb34d7c6f29..653f801359f 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -183,6 +183,7 @@ CONFIG_WOLFSSL_KEEP_PEER_CERT CONFIG_WOLFSSL_MAX_FRAGMENT_LEN CONFIG_WOLFSSL_MLKEM CONFIG_WOLFSSL_NO_ASN_STRICT +CONFIG_WOLFSSL_OPENSSL_EXTRA_X509_SMALL CONFIG_WOLFSSL_PSK CONFIG_WOLFSSL_RSA_PSS CONFIG_WOLFSSL_SESSION_EXPORT diff --git a/src/ssl.c b/src/ssl.c index efbbf3074e9..3d4940c7436 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10107,7 +10107,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } #endif -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) int wolfSSL_clear(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_clear"); @@ -10224,8 +10223,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return WOLFSSL_SUCCESS; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode) { diff --git a/src/x509.c b/src/x509.c index 73f4c3c92eb..f365cd84cca 100644 --- a/src/x509.c +++ b/src/x509.c @@ -6049,8 +6049,9 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ - defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_WPAS_SMALL) || defined(KEEP_PEER_CERT) || \ + defined(SESSION_CERTS) #ifndef NO_FILESYSTEM WOLFSSL_ABI diff --git a/zephyr/Kconfig b/zephyr/Kconfig index fb6084893a4..e6cb1cb0603 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -113,6 +113,13 @@ config WOLFSSL_ALWAYS_VERIFY_CB help Invoke verify callback on success as well as failure (WOLFSSL_ALWAYS_VERIFY_CB) +config WOLFSSL_OPENSSL_EXTRA_X509_SMALL + bool "wolfSSL minimal X509 compat APIs" + help + Define OPENSSL_EXTRA_X509_SMALL. Exposes a small subset of X509 + helpers (wolfSSL_X509_free, wolfSSL_get_verify_result, ...) without + the rest of OPENSSL_EXTRA. + config WOLFCRYPT_ARMASM bool "wolfCrypt ARM Assembly support" depends on WOLFSSL_BUILTIN diff --git a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf index 830b1944dbc..d14a77e3b54 100644 --- a/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf +++ b/zephyr/samples/wolfssl_tls_sock/prj-no-malloc.conf @@ -3,22 +3,12 @@ CONFIG_MAIN_STACK_SIZE=655360 CONFIG_ENTROPY_GENERATOR=y CONFIG_INIT_STACKS=y -# General config -CONFIG_NEWLIB_LIBC=y - -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # Networking config CONFIG_NETWORKING=y CONFIG_NET_IPV4=y CONFIG_NET_IPV6=n CONFIG_NET_TCP=y CONFIG_NET_SOCKETS=y -CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_TEST=y CONFIG_NET_LOOPBACK=y diff --git a/zephyr/user_settings.h b/zephyr/user_settings.h index 13c689da6de..5198ad5eab8 100644 --- a/zephyr/user_settings.h +++ b/zephyr/user_settings.h @@ -148,6 +148,15 @@ extern "C" { #define WOLFSSL_ALWAYS_VERIFY_CB #endif +/* Lightweight X509 helpers (wolfSSL_X509_free, wolfSSL_get_verify_result, + * wolfSSL_X509_load_certificate_buffer) without pulling in the full + * OPENSSL_EXTRA surface. Apps needing full OpenSSL compat can override + * user_settings.h via CONFIG_WOLFSSL_SETTINGS_FILE. + */ +#if defined(CONFIG_WOLFSSL_OPENSSL_EXTRA_X509_SMALL) + #define OPENSSL_EXTRA_X509_SMALL +#endif + /* DTLS */ #if defined(CONFIG_WOLFSSL_DTLS) #define WOLFSSL_DTLS