Merge pull request #10290 from LinuxJedi/emnet

Fix emNET support and add tests

Author: dgarske

.github/workflows/emnet-nonblock.yml

@@ -0,0 +1,61 @@
+name: emNET non-blocking handshake test
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+# Build wolfSSL with -DWOLFSSL_EMNET using the clean-room shim in
+# tests/emnet/ (IP/IP.h + emnet_shim.c), link a non-blocking TLS 1.3
+# handshake test, and run it. The test exercises the WOLFSSL_EMNET
+# path in wolfSSL_LastError() and asserts that would-block events
+# surface as WANT_READ/WANT_WRITE and the handshake completes,
+# guarding against regressions in the emNET error-translation logic.
+
+jobs:
+  emnet_nonblock:
+    name: wolfSSL emNET non-blocking handshake
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    timeout-minutes: 20
+    steps:
+      - name: Checkout wolfSSL
+        uses: actions/checkout@v4
+
+      - name: Install build deps
+        uses: ./.github/actions/install-apt-deps
+        with:
+          packages: autoconf automake libtool build-essential
+
+      - name: Bootstrap
+        run: ./autogen.sh
+
+      - name: Configure wolfSSL (WOLFSSL_EMNET + emNET shim headers)
+        run: |
+          ./configure \
+            --enable-static --disable-shared \
+            --enable-tls13 --disable-oldtls \
+            --enable-ecc --disable-examples \
+            --disable-benchmark --disable-crypttests \
+            CFLAGS="-DWOLFSSL_EMNET -I$(pwd)/tests/emnet"
+
+      # The WOLFSSL_EMNET branch in src/wolfio.c calls IP_SOCK_getsockopt
+      # which only resolves against the test shim. Build only the static
+      # library; examples/benchmark/crypttests are disabled above, but
+      # explicitly target the .a to avoid pulling in any residual link
+      # targets that would fail with an undefined reference.
+      - name: Build wolfSSL static library
+        run: make -j$(nproc) src/libwolfssl.la
+
+      - name: Build emNET non-blocking test
+        run: make -C tests/emnet
+
+      - name: Run emNET non-blocking test
+        run: make -C tests/emnet run

.wolfssl_known_macro_extras

@@ -761,7 +761,6 @@ WOLFSSL_ECDSA_SET_K_ONE_LOOP
 WOLFSSL_EC_POINT_CMP_JACOBIAN
 WOLFSSL_ED448_NO_LARGE_CODE
 WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
-WOLFSSL_EMNET
 WOLFSSL_ESPWROOM32
 WOLFSSL_EVP_PRINT
 WOLFSSL_EXPORT_INT

src/wolfio.c

@@ -151,8 +151,28 @@ static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd)
     return WSAGetLastError();
 #elif defined(EBSNET)
     return xn_getlasterror();
-#elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET)
+#elif defined(WOLFSSL_LINUXKM)
     return -err; /* Return provided error value with corrected sign. */
+#elif defined(WOLFSSL_EMNET)
+    /* Any negative recv/send return is a SOCKET_ERROR sentinel under
+     * emNET; the canonical IP_ERR_* lives in the socket SO_ERROR.
+     * Retrieving it via IP_SOCK_getsockopt works across both emNET
+     * integrator conventions (native: recv returns IP_ERR_* directly;
+     * POSIX facade: recv returns -1 with errno set). If the lookup
+     * itself fails, fall back to IP_ERR_FAULT rather than returning
+     * the raw -1 sentinel - the latter matches no SOCKET_E* constant
+     * and would regress into WOLFSSL_CBIO_ERR_GENERAL. */
+    if (err < 0) {
+        int sock_err = err;
+        if (IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &sock_err,
+                               (int)sizeof(sock_err)) == 0) {
+            err = sock_err;
+        }
+        else if (err == -1) {
+            err = IP_ERR_FAULT;
+        }
+    }
+    return err;
 #elif defined(FUSION_RTOS)
     #include <fclerrno.h>
     return FCL_GET_ERRNO;
@@ -170,10 +190,6 @@ static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd)
         }
         return err;
     }
-#elif defined(WOLFSSL_EMNET)
-    /* Get the real socket error */
-    IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old));
-    return err;
 #else
     return errno;
 #endif

tests/emnet/IP/IP.h

@@ -0,0 +1,46 @@
+/* IP.h -- clean-room shim for the subset of SEGGER emNET (embOS/IP) API
+ * that wolfSSL's WOLFSSL_EMNET port compiles against. Written from the
+ * public API surface documented in SEGGER UM07001; contains no SEGGER
+ * source.
+ *
+ * Scope: enough to build wolfSSL with -DWOLFSSL_EMNET on a POSIX host
+ * for CI test purposes. Only error constants and IP_SOCK_getsockopt
+ * are provided here; send/recv fall through to glibc's POSIX
+ * implementation, and the canonical IP_ERR_* lookup is emulated by
+ * IP_SOCK_getsockopt in emnet_shim.c.
+ */
+
+#ifndef WOLFSSL_EMNET_SHIM_IP_H
+#define WOLFSSL_EMNET_SHIM_IP_H
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* emNET error codes (UM07001). Values match the public ABI. */
+#define IP_ERR_CONN_ABORTED   (-5)
+#define IP_ERR_WOULD_BLOCK    (-6)
+#define IP_ERR_CONN_REFUSED   (-7)
+#define IP_ERR_CONN_RESET     (-8)
+#define IP_ERR_PIPE          (-13)
+#define IP_ERR_FAULT         (-25)
+
+/* BSD-style socket option retrieval. Signature matches the SEGGER
+ * emNET API (UM07001, IP_Socket.h): the length is passed by value as
+ * a plain int, not a POSIX socklen_t* / int*. */
+int IP_SOCK_getsockopt(int hSock, int Level, int Name,
+                       void *pVal, int ValLen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* WOLFSSL_EMNET_SHIM_IP_H */

tests/emnet/Makefile

@@ -0,0 +1,59 @@
+# Build the emNET non-blocking handshake test.
+# Requires wolfSSL already configured + built at the repo root with
+# WOLFSSL_EMNET and the emnet IP include path, e.g.:
+#
+#   cd $(repo_root)
+#   ./autogen.sh
+#   ./configure --enable-static --disable-shared --enable-tls13 \
+#               --disable-oldtls CFLAGS="-DWOLFSSL_EMNET \
+#               -I$$(pwd)/tests/emnet"
+#   make
+#   make -C tests/emnet run
+#
+# recv/send fall through to glibc's POSIX implementation (-1 + errno
+# on would-block); wolfSSL_LastError then retrieves the canonical
+# IP_ERR_* via IP_SOCK_getsockopt in the shim. This is the integrator
+# convention that reproduces ticket #21673 and the one wolfSSL's
+# WOLFSSL_EMNET error path must handle correctly.
+
+CURDIR     := $(shell pwd)
+WOLFSSL_ROOT := $(abspath $(CURDIR)/../..)
+WOLFSSL_LIB := $(WOLFSSL_ROOT)/src/.libs/libwolfssl.a
+
+CC ?= cc
+CFLAGS_TEST := -Wall -Wextra -O2 -g \
+    -DWOLFSSL_EMNET \
+    -I$(CURDIR) \
+    -I$(WOLFSSL_ROOT)
+LIBS_TEST := $(WOLFSSL_LIB) -lpthread -lm
+
+TEST_BIN := emnet_nonblock_test
+
+.PHONY: all run clean check-lib
+
+all: $(TEST_BIN)
+
+check-lib:
+	@if [ ! -f "$(WOLFSSL_LIB)" ]; then \
+	    echo "error: $(WOLFSSL_LIB) not found."; \
+	    echo "Build wolfSSL first (see header of this Makefile)."; \
+	    exit 1; \
+	fi
+
+# check-lib is an order-only dependency (after |) so its phony status
+# does not force the binary to relink on every `make` invocation.
+$(TEST_BIN): emnet_nonblock_test.o emnet_shim.o | check-lib
+	$(CC) -o $@ emnet_nonblock_test.o emnet_shim.o $(LIBS_TEST)
+
+emnet_nonblock_test.o: emnet_nonblock_test.c
+	$(CC) $(CFLAGS_TEST) -c $< -o $@
+
+emnet_shim.o: emnet_shim.c IP/IP.h
+	$(CC) $(CFLAGS_TEST) -c $< -o $@
+
+# Run from the repo root so the relative cert paths resolve.
+run: $(TEST_BIN)
+	cd $(WOLFSSL_ROOT) && ./tests/emnet/$(TEST_BIN)
+
+clean:
+	rm -f *.o $(TEST_BIN)