From 236603cffc186b1bbf1d9a7b1e7d41b4088456cb Mon Sep 17 00:00:00 2001
From: Florian Lentz <flolen@uni-bremen.de>
Date: Wed, 18 Jan 2023 20:47:01 +0100
Subject: [PATCH 1/7] pkg/wolfssl: Update wolfSSL to 5.5.4 and add DTLS 1.3
 support

---
 pkg/wolfssl/Makefile                          |   4 +--
 pkg/wolfssl/Makefile.wolfcrypt                |   1 +
 pkg/wolfssl/include/user_settings.h           |  29 +++++++++++++++---
 ...ude-necessary-to-use-gettimeofday-on.patch | Bin 0 -> 666 bytes
 ...t-fix-signature-mismatch-to-compile-.patch | Bin 1905 -> 0 bytes
 5 files changed, 28 insertions(+), 6 deletions(-)
 create mode 100644 pkg/wolfssl/patches/0001-Fix-missing-include-necessary-to-use-gettimeofday-on.patch
 delete mode 100644 pkg/wolfssl/patches/0001-wolfssl-wolfcrypt-fix-signature-mismatch-to-compile-.patch

diff --git a/pkg/wolfssl/Makefile b/pkg/wolfssl/Makefile
index 41713432ef..8382bccb7b 100644
--- a/pkg/wolfssl/Makefile
+++ b/pkg/wolfssl/Makefile
@@ -1,7 +1,7 @@
 PKG_NAME=wolfssl
 PKG_URL=https://github.com/wolfssl/wolfssl.git
-# v4.5.0
-PKG_VERSION=0fa5af9929ce2ee99e8789996a3048f41a99830e
+# v5.5.4
+PKG_VERSION=4fbd4fd36a21efd9d1a7e17aba390e91c78693b1
 PKG_LICENSE=GPLv2
 
 include $(RIOTBASE)/pkg/pkg.mk
diff --git a/pkg/wolfssl/Makefile.wolfcrypt b/pkg/wolfssl/Makefile.wolfcrypt
index 51a624e94c..dc84c88e44 100644
--- a/pkg/wolfssl/Makefile.wolfcrypt
+++ b/pkg/wolfssl/Makefile.wolfcrypt
@@ -18,6 +18,7 @@ NO_AUTO_SRC = 1
 # Default CRYPTO source files                                 #
 #-------------------------------------------------------------#
 SRC +=  error.c \
+        kdf.c \
         hash.c \
         logging.c \
         wc_encrypt.c \
diff --git a/pkg/wolfssl/include/user_settings.h b/pkg/wolfssl/include/user_settings.h
index c14f5adb75..79f58f2aca 100644
--- a/pkg/wolfssl/include/user_settings.h
+++ b/pkg/wolfssl/include/user_settings.h
@@ -21,10 +21,8 @@ extern "C" {
 #define NO_MAIN_DRIVER
 #define NO_SIG_WRAPPER
 #define NO_OLD_RNGNAME
-
-/* Uncomment the next two lines to enable wolfSSL debug */
-// #define DEBUG_WOLFSSL
-// #define WOLFSSL_LOG_PRINTF
+#define HAVE_STRINGS_H
+#define WOLFSSL_IPV6
 
 /* Single precision math */
 #define WOLFSSL_SP_MATH
@@ -98,6 +96,12 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz);
 #define WOLFSSL_DTLS
 #endif
 
+#undef WOLFSSL_DTLS13
+#ifdef MODULE_WOLFSSL_DTLS13
+#define WOLFSSL_DTLS13
+#define HAVE_AEAD
+#endif
+
 #undef HAVE_FFDHE_2048
 #ifdef MODULE_WOLFCRYPT_FFDHE_2048
 #define HAVE_FFDHE_2048
@@ -303,6 +307,23 @@ int strncasecmp(const char *s1, const char * s2, unsigned int sz);
 #define HAVE_TLS13
 #define WOLFSSL_TLS13
 #define BUILD_TLS_AES_128_GCM_SHA256
+#define NO_OLD_TLS
+#define HAVE_TLS_EXTENSIONS
+#define HAVE_AES_DECRYPT
+#define HAVE_AESGCM
+#define GCM_SMALL
+#define HAVE_AESCCM
+#define WOLFSSL_AES_COUNTER
+#define WOLFSSL_AES_DIRECT
+#define HAVE_FFDHE_4096
+#define HAVE_HKDF
+#define WC_RSA_PSS
+#define WOLFSSL_SEND_HRR_COOKIE
+#endif
+
+#ifdef MODULE_WOLFSSL_DEBUG
+#define DEBUG_WOLFSSL
+#define WOLFSSL_LOG_PRINTF
 #endif
 
 #ifdef __cplusplus
diff --git a/pkg/wolfssl/patches/0001-Fix-missing-include-necessary-to-use-gettimeofday-on.patch b/pkg/wolfssl/patches/0001-Fix-missing-include-necessary-to-use-gettimeofday-on.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0e91f51c992c452cbe42295a356ed6d15f02ca89
GIT binary patch
literal 666
zcmb7>QES^U5Xay3DgKa`q^=yvcH+d8lCH(HBPC@n^kEERTc=dRk%#R-GxFglXSAe`
zJ%o-sjvqgr(ze-QSuPX>F}aw}mZ~b_Y8K9BkzCAzScl7KUMevcB_11#jQ&8z5F$Ap
z1VTubI!uDJZdy}VtjYF&ai!~~CcD~O!^@U-WPL@~?5^l3!3(KN$OXQ;@jwKjyAruf
zq8Of#La=OK{-&x=@bl^B`S$)7QuBtL={jS#Ft)1qieRatt}EID`Ud-su%*5?J8HBl
z4&w<L%kbl2^UOCHW1Mq_uC1nh-O13ea6|yl^(3^Z3Ds+1w<jyd@2KrfW5?daSwc}w
zr;<+?Q$}lWzBN6H={c`Fub8ol-Vg;;##&e8`-NVLDv+^;d*3{Y2BFUc=6N1IQ&uZ*
zDZ)#)mj7wBVi;odzJn`jTif`r*9;@FPL6@`k<m_C8%t`O=Z`nH_jx|S@p#ruTcU5-
zo$E92OXKI5m(4oOvUNTzIp1Ux=kVdx9lGi88E0ykUf^A4z~uRd1umw8I0p;-F!Cj1
F{{T$q!)E{h

literal 0
HcmV?d00001

diff --git a/pkg/wolfssl/patches/0001-wolfssl-wolfcrypt-fix-signature-mismatch-to-compile-.patch b/pkg/wolfssl/patches/0001-wolfssl-wolfcrypt-fix-signature-mismatch-to-compile-.patch
deleted file mode 100644
index 150eb4d932fc7d4d6ed1a59cabfe135bcc5849b2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1905
zcmb_cZExE)5dN-Tao_S{%aUwGwzQ>4mmzI|v>BQJ{Sc%EMV>4!k|>ap9i!cTdyjIA
zT6TwY*aShsk-X>bp67U1T9puIB4qv<k0xP!=7-~182ht$8iryv;b9!5DH8#nW$<2A
zaEmnrQ}F$ydtvPRfpbML3A|@ovI>4{4bP3l6+R;TT6T-0bZ7BGEf?)b;49~M)?fm6
zc{_x_hYxB=aN{uqQ9`dD!N3oE-??qmKan>H-2d_V?(*#etW=R1Q+W2z^}435Og@2;
zi;6X^Mku8zS;KQ^6mV76vOrkLCWkkdmkzu-hhRK<a-6$d8c4OQ76zIecK~G7Eo4fs
zm=++A7fiE85&^Vj))n92k(cv5?6a3F>jF!xn$BSet6Wkllp&hLaey8#S0#FunzZ#k
zVy%p4RMt=|^gh13x%1Li7Q(9^7hR3LT0Nt=x4?O!R`U|e5l@0?oJ{-#P-~?VV0zKo
z=n#O)pjp=lM{Q-ZL;*Z!`aTLDjyCykiK3lUwUvN-_frRR&a`H0x2CE~Y*3#+bcq9L
zAH!EzDk;G5xkk})Jnq56lMQh4eBPG()qZxLzkAPTYjwxpRYVhMB`aREf|AN?fBwI0
zO~T~AXwcV!bWk;JI>U_eWELcoD1l1ZzOFScrD{#Fer_Nth#5Fa*A2qy5qx2fY)=|m
z{%cFzEFj`O-CSSY-d@kIZ!TY7@6&F9PQje~vUMSj54hgt9biNJXUBD2=kOlczS^ya
z(8e&Jlfgz8>Yi$Wf^I8GWKi1+aXdJ&w!i{A(>-w<A+rozcOe^KKj`57DCx^*99ao`
zf>_LA?z7P-okl@0iD+#2Q5f2CekPJL7!2TNqFr2oJDm-uFzCKy_Jxpiy@1NF{b^M&
z^9mO<%;rl*q?C9}d-ViPhg?;rf&TqCwSxT^PpCF6aBeuGc~iDU(*qp;6X0;C0s49$
zTAPgiWq#d#C!d|fQf6K*)9shJH#WZa@8HFAV7jStz}yy+$YMeqKSK^_>|5eDChME&
kOLXn}@<Xw<WHhRiesB71HMb0tVB}7{>5NB{*(h+FZ}>1_+yDRo


From f595684b0a912cdd9ed131a56286ddd5df4b75bb Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Tue, 28 Feb 2023 23:53:12 +0000
Subject: [PATCH 2/7] pkg/wolfssl: Patch to avoid unnecessarily building
 TLSX_SetResponse

---
 ...g-TLSX_SetResponse-unless-it-is-being-u.patch | Bin 0 -> 2597 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 pkg/wolfssl/patches/0001-Avoid-building-TLSX_SetResponse-unless-it-is-being-u.patch

diff --git a/pkg/wolfssl/patches/0001-Avoid-building-TLSX_SetResponse-unless-it-is-being-u.patch b/pkg/wolfssl/patches/0001-Avoid-building-TLSX_SetResponse-unless-it-is-being-u.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1ae2534485d599e86e81e5698cb18c35c1850272
GIT binary patch
literal 2597
zcmcImS#P6A5Ps)Z)M%s#d~*1TXJ-^-<B65{Sis(B51|H{q$d~<;GK9T``@=3u#-6B
z-MkF4Xk69xb=6k~OwxD*@_=Ym_1qry6**8<ymfuo9r&HTtM%MK>ySam^)#5p5m+<<
zr4O<^EPkNMvLZ|nW(Zd#rE~+o+!yP`*EkHaENpr4=94fcIURz%r43LAFrh9Qsv0Pr
zq1GREy3mySvMg9z_Y3v%A^fq_?a}35p#L2+AKWbqeHPt<eQn)17R^nXC2^Ed*hV4E
zGGIBd3|z|hY%}V&K!9n)az;Y-jlyy|(o|S2$4lFUl-{x|rzx-qNEm`gGMcpnq1kK-
zkfmNb53`mB|8qUU0P5w1W;|3c-6eUO10->pw-e@RYI)y$YZgjGeS}V7CV&b7L*K!>
zBhfAO8=xrYQAX38VPs-mLJ9aZr2N0wlmx+NK>*F>Ee1=9b4o|ur)PmhK7D|$+Ut^Y
z((AWcK0XBfpxXmQmV2EJkMg;-fFZzhgo_JkDjh{_^r2p?iUufSQC^aNNg_X_t0>zh
zJWT2v4>^r8?&EKZ>xpGu*8r0)37CQRG(w;8srjA-@Xn_Ji>NQo7f!X+u?%x<m=Zib
zVyLBdufkL-nk3Y@>5p~XO8hU>KZQEa;@KI9#|V~bFJBycsjm%m$Fio2xnoa9SB5P?
z1@O$fYTIaK8jfkqjn4~vs@rJuBQPG@%U#ZNK3SZ`T`iXj(>BHq;;#+sHRi}L?dfDX
z(rt9s*6o#r_`j|U%XZf4N!-&`uTQYe)ttkRoy(a%Ite+`Z=8v#f1Vk0<ms3o1hI-R
z^w&CTK0S%5UoYp9gtgPI)nG=_dms_eeStw9V~ayZu@+t8-ShwX9R)9BC~85ijs2UG
zoOw`8jpJeQqCgvEIorF0LXI~)^!v*Wdvi~_?YC~N`qTCMa^Q9q>`zVg0$HWL{IWma
z3|O}Bo451s9-KFD)YSP>w01=q@9-s`StCBjV$s7XggozZT7zU7HHs0yqHBteU*pu*
zRFp5ad8vrEIoAlq)O5E&K+`eJyp$nS3N_bvk`I*<5uwJSBLM<%Nzt%doF}(9DT*U&
z+r&@ubWOs8#r}9d%PY`Q0txX=x*;s8#5|^)Z771nN01*T#r49bhKHa|tS}`E^+;bD
z^H3}Is>2R`ap-3UvTVGI$Ofyhl$T+*YdGmC7A;9{GhV92pjEq#9?n^{kK+~vKOq%J
zJo<69)@8?DIJhd}nd?iHzXj_@YLxBOJWI#cEJAIWrl-UlZ#p}W!=VlgSi8u>_bn0u
zIMtE(<ZhQSkA$$Hn>gKp7{xgRA<6EfqMdm;;ZCu5fzN(-rW421XCn7YlCWV563?}Q
z#Pi<IB605pI{fY<aDK{&ieksx&CHlthAkFsHb8FhJ=hM?2OMNLo+wGVB*7{yTjLNL
zN8r8D{4~aKJ|3G$r1-r2CCnI4+*0T0d*+|as&AUpR)<6&V^z}sDZQs5em{MGiUeJ~
VL*n@-6qYA`CJ1UvJ8!9i@Gs!x|2hBw

literal 0
HcmV?d00001


From abf5eddaa675ed37f92afebd712eab6c50b42eac Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Wed, 1 Mar 2023 00:06:16 +0000
Subject: [PATCH 3/7] tests/pkg_wolfcrypt-ed25519-verify: Add missing module

---
 tests/pkg_wolfcrypt-ed25519-verify/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/pkg_wolfcrypt-ed25519-verify/Makefile b/tests/pkg_wolfcrypt-ed25519-verify/Makefile
index e99e037c9b..05f53a831c 100644
--- a/tests/pkg_wolfcrypt-ed25519-verify/Makefile
+++ b/tests/pkg_wolfcrypt-ed25519-verify/Makefile
@@ -8,5 +8,6 @@ CFLAGS+=-DNO_ED25519_SIGN -DNO_ED25519_KEY_EXPORT
 USEPKG +=wolfssl
 USEMODULE += wolfcrypt
 USEMODULE += wolfcrypt_ed25519
+USEMODULE += wolfcrypt_random
 
 include $(RIOTBASE)/Makefile.include

From 997af7afe24dc4314a5aab47f3d9a43137a9b97f Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Wed, 1 Mar 2023 00:24:32 +0000
Subject: [PATCH 4/7] tests/pkg_wolfssl: Increase timeout for bench-test

10 seconds are not enough, each operation takes one second, and we do
more than 10. 20 seems to be a sane value.
---
 tests/pkg_wolfssl/tests/01-run.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/pkg_wolfssl/tests/01-run.py b/tests/pkg_wolfssl/tests/01-run.py
index 652dc517ea..75fea0989d 100755
--- a/tests/pkg_wolfssl/tests/01-run.py
+++ b/tests/pkg_wolfssl/tests/01-run.py
@@ -15,7 +15,7 @@ BOARD = os.environ.get("BOARD", "native")
 TEST_TIMEOUT = 600 if BOARD != 'native' else DEFAULT_TIMEOUT
 # ECDSA 256 takes +30s on samr21-xpro
 # ECDSA 256 takes +40s on nrf51dk
-BENCH_TIMEOUT = 40 if BOARD != 'native' else DEFAULT_TIMEOUT
+BENCH_TIMEOUT = 40 if BOARD != 'native' else 20
 
 
 def _wait_for_test(child):

From abff36ed4db6d401ed005a48ef93201c8f2f0802 Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Wed, 1 Mar 2023 00:55:10 +0000
Subject: [PATCH 5/7] tests/pkg_wolfssl: Mark hifive1b as having insufficient
 memory

---
 examples/dtls-wolfssl/Makefile.ci | 1 +
 tests/pkg_wolfssl/Makefile.ci     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/examples/dtls-wolfssl/Makefile.ci b/examples/dtls-wolfssl/Makefile.ci
index 1709b4b467..f60989871d 100644
--- a/examples/dtls-wolfssl/Makefile.ci
+++ b/examples/dtls-wolfssl/Makefile.ci
@@ -8,6 +8,7 @@ BOARD_INSUFFICIENT_MEMORY := \
     cc2650-launchpad \
     cc2650stk \
     hifive1 \
+    hifive1b \
     i-nucleo-lrwan1 \
     im880b \
     maple-mini \
diff --git a/tests/pkg_wolfssl/Makefile.ci b/tests/pkg_wolfssl/Makefile.ci
index 91ed249852..94a0cf5c4d 100644
--- a/tests/pkg_wolfssl/Makefile.ci
+++ b/tests/pkg_wolfssl/Makefile.ci
@@ -2,6 +2,7 @@ BOARD_INSUFFICIENT_MEMORY := \
     blackpill-stm32f103c8 \
     bluepill-stm32f103c8 \
     bluepill-stm32f030c8 \
+    hifive1b \
     i-nucleo-lrwan1 \
     nucleo-f030r8 \
     nucleo-f031k6 \

From 7909e3c0b0a91ee9baa168904e40bbe67012bfb8 Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Wed, 8 Mar 2023 15:08:15 +0000
Subject: [PATCH 6/7] examples/dtls-wolfssl: Update insufficient flash board
 list

---
 examples/dtls-wolfssl/Makefile.ci | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/examples/dtls-wolfssl/Makefile.ci b/examples/dtls-wolfssl/Makefile.ci
index f60989871d..b3021b3a70 100644
--- a/examples/dtls-wolfssl/Makefile.ci
+++ b/examples/dtls-wolfssl/Makefile.ci
@@ -1,9 +1,10 @@
 BOARD_INSUFFICIENT_MEMORY := \
     airfy-beacon \
-    b-l072z-lrwan1 \
     blackpill-stm32f103c8 \
-    bluepill-stm32f103c8 \
+    blackpill-stm32f103cb \
     bluepill-stm32f030c8 \
+    bluepill-stm32f103c8 \
+    bluepill-stm32f103cb \
     calliope-mini \
     cc2650-launchpad \
     cc2650stk \
@@ -11,7 +12,7 @@ BOARD_INSUFFICIENT_MEMORY := \
     hifive1b \
     i-nucleo-lrwan1 \
     im880b \
-    maple-mini \
+    lobaro-lorabox \
     microbit \
     nrf51dongle \
     nrf6310 \
@@ -24,10 +25,15 @@ BOARD_INSUFFICIENT_MEMORY := \
     nucleo-f302r8 \
     nucleo-f303k8 \
     nucleo-f334r8 \
+    nucleo-f410rb \
+    nucleo-g070rb \
+    nucleo-g071rb \
+    nucleo-g431rb \
     nucleo-l011k4 \
     nucleo-l031k6 \
     nucleo-l053r8 \
-    nucleo-l073rz \
+    nucleo-l412kb \
+    olimexino-stm32 \
     opencm904 \
     samd10-xmini \
     saml10-xpro \
@@ -42,7 +48,6 @@ BOARD_INSUFFICIENT_MEMORY := \
     stm32f7508-dk \
     stm32g0316-disco \
     stm32l0538-disco \
-    stm32mindev \
     stm32mp157c-dk2 \
     yunjia-nrf51822 \
     #

From ede7302751fac02079e41f8605af02e6c801d6e4 Mon Sep 17 00:00:00 2001
From: Flole998 <Flole998@users.noreply.github.com>
Date: Wed, 8 Mar 2023 22:31:41 +0000
Subject: [PATCH 7/7] tests/pkg_wolfssl: Update boards with insufficient memory

---
 tests/pkg_wolfssl/Makefile.ci | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/pkg_wolfssl/Makefile.ci b/tests/pkg_wolfssl/Makefile.ci
index 94a0cf5c4d..118b9f45b0 100644
--- a/tests/pkg_wolfssl/Makefile.ci
+++ b/tests/pkg_wolfssl/Makefile.ci
@@ -1,18 +1,24 @@
 BOARD_INSUFFICIENT_MEMORY := \
     blackpill-stm32f103c8 \
-    bluepill-stm32f103c8 \
+    blackpill-stm32f103cb \
     bluepill-stm32f030c8 \
-    hifive1b \
+    bluepill-stm32f103c8 \
+    bluepill-stm32f103cb \
     i-nucleo-lrwan1 \
     nucleo-f030r8 \
     nucleo-f031k6 \
     nucleo-f042k6 \
+    nucleo-f070rb \
+    nucleo-f072rb \
     nucleo-f302r8 \
     nucleo-f303k8 \
     nucleo-f334r8 \
+    nucleo-g070rb \
+    nucleo-g071rb \
     nucleo-l011k4 \
     nucleo-l031k6 \
     nucleo-l053r8 \
+    opencm904 \
     samd10-xmini \
     saml10-xpro \
     saml11-xpro \