Improve user_settings.h examples and add validation rules #9719

dgarske · 2026-01-28T17:55:19Z

Description

Fixes:

Standardize header guards to WOLFSSL_USER_SETTINGS_H
Fix typos (WOLFSL_SHA512 → WOLFSSL_SHA512)
Remove duplicate defines
Add NO_DES3_TLS_SUITES where NO_DES3 is defined
Add #if 0/1 gates for feature toggling

New templates:

user_settings_tls13.h - TLS 1.3 only
user_settings_dtls13.h - DTLS 1.3 for IoT
user_settings_pq.h - Post-quantum (ML-KEM, ML-DSA)
user_settings_openssl_compat.h - OpenSSL compatibility layer
user_settings_baremetal.h - No OS, static memory
user_settings_rsa_only.h - RSA only, no ECC
user_settings_pkcs7.h - PKCS#7/CMS signing
user_settings_ca.h - CA/PKI with CertificateManager

Validation:

Auto-define NO_DES3_TLS_SUITES when NO_DES3 without WOLFCRYPT_ONLY
Add macro names to error messages for easier debugging

CI:

Add new templates to os-check.yml test matrix

Testing

Simple test bash script:

#!/bin/bash

# Test script for user_settings.h files
# Mirrors the make_user_settings_testwolfcrypt CI job
#
# Usage:
#   ./test_user_settings.sh                    # Test all user_settings files
#   ./test_user_settings.sh <path/to/file.h>   # Test a single file

set -e

USER_SETTINGS_FILES=(
    "examples/configs/user_settings_ca.h"
    "examples/configs/user_settings_dtls13.h"
    "examples/configs/user_settings_EBSnet.h"
    "examples/configs/user_settings_eccnonblock.h"
    "examples/configs/user_settings_min_ecc.h"
    "examples/configs/user_settings_openssl_compat.h"
    "examples/configs/user_settings_pkcs7.h"
    "examples/configs/user_settings_rsa_only.h"
    "examples/configs/user_settings_template.h"
    "examples/configs/user_settings_tls12.h"
    "examples/configs/user_settings_tls13.h"
    "examples/configs/user_settings_wolfboot_keytools.h"
    "examples/configs/user_settings_wolfssh.h"
    "examples/configs/user_settings_wolftpm.h"
)

# Files requiring special configure options (not included above):
# - user_settings_pq.h: Requires --enable-experimental for ML-KEM (Kyber)
# - user_settings_baremetal.h: Requires static memory setup, custom platform

# If a single file is passed as argument, test only that file
if [ $# -ge 1 ]; then
    if [ ! -f "$1" ]; then
        echo "Error: File not found: $1"
        exit 1
    fi
    USER_SETTINGS_FILES=("$1")
fi

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
cd "$SCRIPT_DIR"

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

FAILED=()
PASSED=()

# Configure once at the start (requires user_settings.h to exist)
echo -e "${YELLOW}Configuring (one time)...${NC}"
cp "${USER_SETTINGS_FILES[0]}" user_settings.h
./configure --enable-usersettings --disable-examples

for settings_file in "${USER_SETTINGS_FILES[@]}"; do
    echo "=============================================="
    echo "Testing: $settings_file"
    echo "=============================================="

    # Copy user_settings.h and generate user_settings_asm.h
    cp "$settings_file" user_settings.h
    ./scripts/user_settings_asm.sh "-I."

    # Clean and build
    if make clean >/dev/null 2>&1 && make -j$(nproc 2>/dev/null || echo 4); then
        # Run testwolfcrypt
        if ./wolfcrypt/test/testwolfcrypt; then
            echo -e "${GREEN}PASSED${NC}: $settings_file"
            PASSED+=("$settings_file")
        else
            echo -e "${RED}FAILED${NC}: $settings_file (testwolfcrypt failed)"
            FAILED+=("$settings_file")
        fi
    else
        echo -e "${RED}FAILED${NC}: $settings_file (make failed)"
        FAILED+=("$settings_file")
    fi

    echo ""
done

# Cleanup
rm -f user_settings.h user_settings_asm.h

# Summary
echo "=============================================="
echo "SUMMARY"
echo "=============================================="
echo -e "${GREEN}Passed: ${#PASSED[@]}${NC}"
for f in "${PASSED[@]}"; do
    echo "  - $f"
done

if [ ${#FAILED[@]} -gt 0 ]; then
    echo -e "${RED}Failed: ${#FAILED[@]}${NC}"
    for f in "${FAILED[@]}"; do
        echo "  - $f"
    done
    exit 1
fi

echo ""
echo "All tests passed!"

Checklist

added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation

- Standardize header guards to WOLFSSL_USER_SETTINGS_H across all files - Add #if 0/1 gates with labels for easy feature toggling - Fix bugs: typos in eccnonblock (WOLFSL_SHA*), duplicates in fipsv5/all - Add NO_DES3_TLS_SUITES alongside NO_DES3 where needed - Update wolfboot_keytools with upstream PQ algorithms (ML-DSA, LMS, XMSS) - Add settings.h validation rules with descriptive error messages - Auto-define NO_DES3_TLS_SUITES when NO_DES3 is set (instead of error) - Update README.md and add missing files to CI tests

…at, baremetal, rsa_only, pkcs7, ca

dgarske · 2026-01-28T20:56:51Z

Jenkins retest this please: FIPS v2 regression "RequestAbortedException"

dgarske assigned dgarske and wolfSSL-Bot Jan 28, 2026

Add new user_settings.h templates for tls13, dtls13, pq, openssl_comp…

c2a9875

…at, baremetal, rsa_only, pkcs7, ca

dgarske removed their assignment Jan 28, 2026

dgarske requested a review from JacobBarthelmeh January 28, 2026 20:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve user_settings.h examples and add validation rules #9719

Improve user_settings.h examples and add validation rules #9719

dgarske commented Jan 28, 2026 •

edited

Loading

Uh oh!

dgarske commented Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Improve user_settings.h examples and add validation rules #9719

Are you sure you want to change the base?

Improve user_settings.h examples and add validation rules #9719

Conversation

dgarske commented Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Testing

Checklist

Uh oh!

dgarske commented Jan 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dgarske commented Jan 28, 2026 •

edited

Loading