Merge pull request #10268 from ColtonWilley/zephyr-4.3-default-tls-support

zephyr: changes needed for Zephyr 4.3 default TLS support

Author: JacobBarthelmeh

.wolfssl_known_macro_extras

@@ -157,6 +157,7 @@ CONFIG_WOLFSSL
 CONFIG_WOLFSSL_ALLOW_TLS13
 CONFIG_WOLFSSL_ALPN
 CONFIG_WOLFSSL_ALT_CERT_CHAINS
+CONFIG_WOLFSSL_ALWAYS_VERIFY_CB
 CONFIG_WOLFSSL_APPLE_HOMEKIT
 CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL
 CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
@@ -174,11 +175,13 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
 CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
 CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
 CONFIG_WOLFSSL_HKDF
+CONFIG_WOLFSSL_KEEP_PEER_CERT
 CONFIG_WOLFSSL_MAX_FRAGMENT_LEN
 CONFIG_WOLFSSL_MLKEM
 CONFIG_WOLFSSL_NO_ASN_STRICT
 CONFIG_WOLFSSL_PSK
 CONFIG_WOLFSSL_RSA_PSS
+CONFIG_WOLFSSL_SESSION_EXPORT
 CONFIG_WOLFSSL_TARGET_HOST
 CONFIG_WOLFSSL_TARGET_PORT
 CONFIG_WOLFSSL_TLS13_ENABLED
@@ -281,6 +284,7 @@ HAVE_ECC512
 HAVE_ECC_CDH_CAST
 HAVE_ECC_SM2
 HAVE_ESP_CLK
+HAVE_EXT_CACHE
 HAVE_FIPS_VERSION_PORT
 HAVE_FUZZER
 HAVE_INTEL_MULX

src/internal.c

@@ -10611,7 +10611,8 @@ ProtocolVersion MakeDTLSv1_3(void)
     word32 LowResTimer(void)
     {
         int64_t t;
-    #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX)
+    #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX) \
+                                   && !defined(CONFIG_BOARD_NATIVE_SIM)
         k_cpu_idle();
     #endif
         t = k_uptime_get(); /* returns current uptime in milliseconds */

wolfcrypt/src/wc_port.c

@@ -224,7 +224,7 @@ Threading/Mutex options:
 #endif
 
 #if defined(WOLFSSL_ZEPHYR)
-#if defined(CONFIG_BOARD_NATIVE_POSIX)
+#if defined(CONFIG_BOARD_NATIVE_POSIX) || defined(CONFIG_BOARD_NATIVE_SIM)
 #include "native_rtc.h"
 #define CONFIG_RTC
 #endif
@@ -4113,7 +4113,7 @@ time_t z_time(time_t * timer)
     #if defined(CONFIG_RTC) && \
         (defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC))
 
-    #if defined(CONFIG_BOARD_NATIVE_POSIX)
+    #if defined(CONFIG_BOARD_NATIVE_POSIX) || defined(CONFIG_BOARD_NATIVE_SIM)
 
     /* When using native sim, get time from simulator rtc */
     uint32_t nsec = 0;
@@ -4145,7 +4145,7 @@ time_t z_time(time_t * timer)
             return epochTime;
         }
     }
-    #endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */
+    #endif /* CONFIG_BOARD_NATIVE_POSIX || CONFIG_BOARD_NATIVE_SIM */
     #endif
 
     /* Fallback to uptime since boot. This works for relative times, but

zephyr/Kconfig

@@ -98,6 +98,21 @@ config WOLFSSL_MAX_FRAGMENT_LEN
     Sets the maximum fragment length wolfSSL will use, values 1-6 correspond to enum values
     WOLFSSL_MFL_* in ssl.h
 
+config WOLFSSL_SESSION_EXPORT
+  bool "wolfSSL session export support"
+  help
+    Enable external session cache (HAVE_EXT_CACHE)
+
+config WOLFSSL_KEEP_PEER_CERT
+  bool "wolfSSL keep peer certificate support"
+  help
+    Retain peer certificate after handshake (KEEP_PEER_CERT)
+
+config WOLFSSL_ALWAYS_VERIFY_CB
+  bool "wolfSSL always invoke verify callback"
+  help
+    Invoke verify callback on success as well as failure (WOLFSSL_ALWAYS_VERIFY_CB)
+
 config WOLFCRYPT_ARMASM
 	bool "wolfCrypt ARM Assembly support"
 	depends on WOLFSSL_BUILTIN

zephyr/user_settings.h

@@ -133,6 +133,21 @@ extern "C" {
     #define NO_SESSION_CACHE /* disable session resumption */
 #endif
 
+/* Session export (external session cache) */
+#if defined(CONFIG_WOLFSSL_SESSION_EXPORT)
+    #define HAVE_EXT_CACHE
+#endif
+
+/* Keep peer certificate after handshake */
+#if defined(CONFIG_WOLFSSL_KEEP_PEER_CERT)
+    #define KEEP_PEER_CERT
+#endif
+
+/* Always invoke verify callback (on success as well as failure) */
+#if defined(CONFIG_WOLFSSL_ALWAYS_VERIFY_CB)
+    #define WOLFSSL_ALWAYS_VERIFY_CB
+#endif
+
 /* DTLS */
 #if defined(CONFIG_WOLFSSL_DTLS)
     #define WOLFSSL_DTLS