Update hitch support.#9897
Conversation
There was a problem hiding this comment.
Pull request overview
Updates wolfSSL's hitch support from version 1.7.3 to 1.8.0, re-enabling the previously disabled CI/CD workflow.
Changes:
- Bumps the hitch version reference from 1.7.3 to 1.8.0 in the CI workflow
- Adds
CERTIFICATE_STATUS_REQUESTandWC_NO_STATIC_ASSERTflags to the hitch build configuration - Updates the hitch build steps to use the new patch file and
./bootstrapinstead ofautoreconf
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
configure.ac |
Adds CSR and static assert suppression flags needed for hitch 1.8.0 compatibility |
.github/workflows/disabled/hitch.yml |
Updates CI to target hitch 1.8.0, adjusts build steps and ignored tests |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@kareem-wolfssl — friendly ping: @julek-wolfssl's review comment from 2026-03-06 is the only blocker here. It's a one-line refactor: use Landing this would unblock wolfSSL/osp#325 and resolve wolfSSL/osp#218. |
|
Opened kareem-wolfssl#4 against the Once @kareem-wolfssl merges that into |
Address julek-wolfssl's review on wolfSSL#9897: replace the two remaining hardcoded 1.8.0 occurrences with ${{ matrix.ref }} so the matrix entry is the single source of truth for the hitch version under test.
Address julek-wolfssl's review on wolfSSL#9897: replace the two remaining hardcoded 1.8.0 occurrences with ${{ matrix.ref }} so the matrix entry is the single source of truth for the hitch version under test.
|
Retest this please |
|
Updated. OSP PR needs to be merged first so the re-enabled hitch test can work correctly. (wolfSSL/osp#325) |
|
FYI: Not ready for merge just yet as the Github hitch test is still having an issue with including wolfSSL settings. |
|
This now depends on wolfSSL/osp#338 being merged to fix the warnings in the Github runner hitch build. |
|
Retest this please |
Address julek-wolfssl's review on wolfSSL#9897: replace the two remaining hardcoded 1.8.0 occurrences with ${{ matrix.ref }} so the matrix entry is the single source of truth for the hitch version under test.
kareem-wolfssl
assigned
kareem-wolfssl and
wolfSSL-Bot and unassigned
wolfSSL-Bot and
kareem-wolfssl
| # wolfSSL inclusion of assert.h conflicts with hitch's assert definition | ||
| AM_CFLAGS="$AM_CFLAGS -DWC_NO_STATIC_ASSERT" |
There was a problem hiding this comment.
This here is a landmine, because if hitch were added to the enable-all-osp roster, we'd silently lose static asserts in enable-all. I think it will be fine to just disable static asserts unless building the library, something like this:
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index eb11f8436..704f55dfa 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -2186,6 +2186,10 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
#define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d
#define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d)
+#if !defined(BUILDING_WOLFSSL) && !defined(WC_USE_STATIC_ASSERT) && \
+ !defined(WC_NO_STATIC_ASSERT)
+ #define WC_NO_STATIC_ASSERT
+#endif
#if defined(WC_NO_STATIC_ASSERT)
#define wc_static_assert(expr) struct wc_static_assert_dummy_struct
#define wc_static_assert2(expr, msg) wc_static_assert(expr)
Requires wolfSSL/osp#325. Fixes wolfSSL/osp#218.
Address julek-wolfssl's review on wolfSSL#9897: replace the two remaining hardcoded 1.8.0 occurrences with ${{ matrix.ref }} so the matrix entry is the single source of truth for the hitch version under test.
…fine WC_NO_STATIC_ASSERT while not building the library to avoid including assert.h in external applications like hitch.
| #if !defined(BUILDING_WOLFSSL) && !defined(WC_USE_STATIC_ASSERT) && \ | ||
| !defined(WC_NO_STATIC_ASSERT) | ||
| #define WC_NO_STATIC_ASSERT | ||
| #endif |
There was a problem hiding this comment.
I just realized I gave you bad advice on how to do this -- we use wc_static_assert() in the test layer, e.g.
tests/api/test_mldsa.h
tests/api/test_mldsa_legacy.c
So we actually need one more nuance in the gate:
if !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_VIS_FOR_TESTS) && \
!defined(WC_USE_STATIC_ASSERT) && !defined(WC_NO_STATIC_ASSERT)
#define WC_NO_STATIC_ASSERT
#endif
Description
Update hitch support for the latest release of hitch, 1.8.0.
Re-enable hitch CI/CD test support.
Requires wolfSSL/osp#325.
Fixes wolfSSL/osp#218
Testing
How did you test?
Checklist