add test case for DTLS demo

Author: JacobBarthelmeh

.github/workflows/dtls-demo-test.yml

@@ -0,0 +1,75 @@
+name: DTLS Demo Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  dtls-demo:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout wolfHSM
+      uses: actions/checkout@v4
+
+    - name: Checkout wolfSSL
+      uses: actions/checkout@v4
+      with:
+        repository: wolfssl/wolfssl
+        path: wolfssl
+
+    - name: Build wolfHSM POSIX server
+      run: |
+        cd examples/posix/wh_posix_server
+        make -j DMA=1 WOLFSSL_DIR=../../../wolfssl
+
+    - name: Build DTLS server demo
+      run: |
+        cd examples/demo/dtls_server
+        make -j WOLFSSL_DIR=../../../wolfssl
+
+    - name: Build wolfSSL with DTLS 1.3 support
+      run: |
+        cd wolfssl
+        ./autogen.sh
+        ./configure --enable-dtls --enable-dtls13
+        make -j
+
+    - name: Run DTLS demo test
+      run: |
+        # Start the wolfHSM POSIX server in background
+        cd examples/posix/wh_posix_server
+        ./Build/wh_posix_server.elf --type dma &
+        WH_SERVER_PID=$!
+        cd ../../..
+
+        # Give the server time to start
+        sleep 1
+
+        # Start the DTLS server demo in background
+        cd examples/demo/dtls_server
+        ./Build/wh_server.elf -A ../../../wolfssl/certs/client-cert.pem &
+        DTLS_SERVER_PID=$!
+        cd ../../..
+
+        # Give the DTLS server time to start
+        sleep 1
+
+        # Run the wolfSSL client to connect
+        cd wolfssl
+        timeout 10 ./examples/client/client -u -v 4 || CLIENT_EXIT=$?
+
+        # Clean up background processes
+        kill $DTLS_SERVER_PID 2>/dev/null || true
+        kill $WH_SERVER_PID 2>/dev/null || true
+
+        # Check if client succeeded (exit code 0) or timed out gracefully
+        if [ "${CLIENT_EXIT:-0}" -eq 0 ] || [ "${CLIENT_EXIT:-0}" -eq 124 ]; then
+          echo "DTLS demo test passed"
+          exit 0
+        else
+          echo "DTLS demo test failed with exit code $CLIENT_EXIT"
+          exit 1
+        fi

examples/demo/dtls_server/Makefile

@@ -50,6 +50,7 @@ ASFLAGS ?= $(ARCHFLAGS)
 CFLAGS_EXTRA ?= -Wextra
 CFLAGS ?= $(ARCHFLAGS) -Wno-cpp -std=c99 -Wall -Werror $(CFLAGS_EXTRA)
 LDFLAGS ?= $(ARCHFLAGS)
+LIBS = -lc -lm
 
 # Platform-specific linker flags for dead code stripping
 OS_NAME := $(shell uname -s | tr A-Z a-z)

examples/demo/dtls_server/README.md

@@ -4,7 +4,7 @@ This example demonstrates a TLS/DTLS server that offloads cryptographic
 operations to a wolfHSM server. By default, DTLS (UDP-based) is used, but
 the code can be adapted for TLS (TCP-based) connections.
 
-The wolfHSM server runs separately and communicates via the choosen transport.
+The wolfHSM server runs separately and communicates via the chosen transport.
 
 ## Architecture
 
@@ -210,7 +210,7 @@ the DTLS server.
 
 To use TLS instead of DTLS:
 
-1. In `server_io.c`, change the method from `wolfDTLSv1_3_server_method()` to
+1. In `server_io.c`, change the method from `wolfDTLS_server_method()` to
    `wolfTLSv1_3_server_method()` or another TLS method.
 
 2. Change the socket initialization from UDP to TCP (replace

examples/demo/dtls_server/config/user_settings.h

@@ -115,14 +115,6 @@ extern "C" {
 #define NO_PSK
 #define NO_OLD_TLS
 
-/* Note: Static memory is NOT enabled here.
- * DMA operations work without WOLFSSL_STATIC_MEMORY since
- * wolfHSM handles the DMA memory regions separately.
- */
-
-/* POSIX version of strcasecmp */
-#include <strings.h>
-
 /* Test certificate buffers for demo */
 #define USE_CERT_BUFFERS_256
 #define USE_CERT_BUFFERS_2048
@@ -132,6 +124,10 @@ extern "C" {
 #define DEBUG_WOLFSSL
 #endif
 
+/* Include for POSIX extensions needed by wolfSSL */
+#include <sys/time.h>   /* for struct timeval, gettimeofday */
+#include <strings.h>    /* for strcasecmp */
+
 #ifdef __cplusplus
 }
 #endif

examples/demo/dtls_server/config/wolfhsm_cfg.h

@@ -38,7 +38,4 @@
 /* Enable global keys feature */
 #define WOLFHSM_CFG_GLOBAL_KEYS
 
-/* Printf function for debug output */
-#define WOLFHSM_CFG_PRINTF printf
-
 #endif /* WOLFHSM_CFG_H_ */

examples/demo/dtls_server/server.c

@@ -30,12 +30,8 @@
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/wolfcrypt/cryptocb.h"
 
-/* Shared memory configuration - must match the posix server with --type dma */
-#define WH_SERVER_SHARED_MEMORY_NAME "wh_example_shm"
-#define WH_SERVER_CLIENT_ID          1
-#define WH_SERVER_REQ_SIZE           2048
-#define WH_SERVER_RESP_SIZE          2048
-#define WH_SERVER_DMA_SIZE           8000
+/* Shared POSIX example configuration */
+#include "examples/posix/wh_posix_cfg.h"
 
 /* Global wolfHSM client context */
 static whClientContext g_client[1] = {{0}};
@@ -68,16 +64,16 @@ static int connect_to_hsm_server(void)
     memset(&g_client_config, 0, sizeof(g_client_config));
 
     /* Configure shared memory transport with DMA */
-    g_shm_config.name = WH_SERVER_SHARED_MEMORY_NAME;
-    g_shm_config.req_size = WH_SERVER_REQ_SIZE;
-    g_shm_config.resp_size = WH_SERVER_RESP_SIZE;
-    g_shm_config.dma_size = WH_SERVER_DMA_SIZE;
+    g_shm_config.name = WH_POSIX_SHARED_MEMORY_NAME;
+    g_shm_config.req_size = WH_POSIX_REQ_SIZE;
+    g_shm_config.resp_size = WH_POSIX_RESP_SIZE;
+    g_shm_config.dma_size = WH_POSIX_DMA_SIZE;
 
     /* Configure comm layer */
     g_comm_config.transport_cb = &shm_cb;
     g_comm_config.transport_context = (void*)&g_shm_client_ctx;
     g_comm_config.transport_config = (void*)&g_shm_config;
-    g_comm_config.client_id = WH_SERVER_CLIENT_ID;
+    g_comm_config.client_id = WH_POSIX_CLIENT_ID;
 
 #ifdef WOLFHSM_CFG_DMA
     /* Configure DMA callbacks for static memory operations */
@@ -145,12 +141,6 @@ static void disconnect_from_hsm_server(void)
     wh_Client_Cleanup(g_client);
 }
 
-/* Get the wolfHSM client context for crypto operations */
-whClientContext* get_wolfhsm_client(void)
-{
-    return g_client;
-}
-
 /* Print usage information */
 static void print_usage(const char* progname)
 {

examples/demo/dtls_server/server_io.c

@@ -23,6 +23,7 @@
 /* Standard includes */
 #include <stdio.h>
 #include <string.h>
+#include <limits.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
@@ -55,7 +56,12 @@ struct SERVER_CONTEXT {
 };
 
 /* Single static instance of the server */
-static SERVER_CONTEXT g_server = {0};
+static SERVER_CONTEXT g_server = {
+    .ssl = NULL,
+    .hsm_client = NULL,
+    .listenfd = -1,
+    .port = 0
+};
 
 /*
  * Initialize wolfSSL library and create a context.
@@ -208,6 +214,7 @@ static int initialize_udp_socket(SERVER_CONTEXT* ctx)
     if (ret < 0) {
         perror("setsockopt(SO_REUSEADDR)");
         close(ctx->listenfd);
+        ctx->listenfd = -1;
         return -1;
     }
 
@@ -221,6 +228,7 @@ static int initialize_udp_socket(SERVER_CONTEXT* ctx)
     if (ret < 0) {
         perror("bind()");
         close(ctx->listenfd);
+        ctx->listenfd = -1;
         return -1;
     }
 
@@ -233,6 +241,7 @@ static int initialize_udp_socket(SERVER_CONTEXT* ctx)
     if (ret < 0) {
         perror("recvfrom()");
         close(ctx->listenfd);
+        ctx->listenfd = -1;
         return -1;
     }
 
@@ -326,6 +335,7 @@ int Server_Init(SERVER_CONTEXT* ctx, whClientContext* client,
     }
 
     memset(ctx, 0, sizeof(SERVER_CONTEXT));
+    ctx->listenfd = -1;  /* Initialize to invalid fd to prevent closing stdin */
     ctx->hsm_client = client;
     ctx->port = (g_config.port > 0) ? g_config.port : SERVER_PORT_DEFAULT;
 
@@ -350,6 +360,7 @@ int Server_Init(SERVER_CONTEXT* ctx, whClientContext* client,
     if (ret != 0) {
         fprintf(stderr, "Failed to set up SSL accept\n");
         close(ctx->listenfd);
+        ctx->listenfd = -1;
         wolfSSL_CTX_free(g_ctx);
         g_ctx = NULL;
         return -1;
@@ -375,6 +386,10 @@ int Server_Read(SERVER_CONTEXT* ctx, unsigned char* data, size_t length)
         return -1;
     }
 
+    if (length > INT_MAX) {
+        return -1;
+    }
+
     ret = wolfSSL_read(ctx->ssl, data, (int)length);
     if (ret < 0) {
         int err = wolfSSL_get_error(ctx->ssl, ret);
@@ -397,6 +412,10 @@ int Server_Write(SERVER_CONTEXT* ctx, unsigned char* data, size_t length)
         return -1;
     }
 
+    if (length > INT_MAX) {
+        return -1;
+    }
+
     ret = wolfSSL_write(ctx->ssl, data, (int)length);
     if (ret < 0) {
         int err = wolfSSL_get_error(ctx->ssl, ret);