feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Update upstream

Browse Source
This commit is contained in:
Fernando Oleo Blanco
2024-08-10 13:56:14 +02:00
parent ad25e9b063 f660299de0
commit ae7e7e716a
1073 changed files with 138723 additions and 37878 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/async.yml vendored
View File

@ -1,7 +1,16 @@
name: Async Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:

20
.github/workflows/curl.yml vendored
View File

@ -1,7 +1,16 @@
name: curl Test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -17,11 +26,14 @@ jobs:
configure: --enable-curl
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-curl
path: build-dir
path: build-dir.tgz
retention-days: 5
test_curl:
@ -45,7 +57,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-curl
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1

103
.github/workflows/cyrus-sasl.yml vendored Normal file
View File

@ -0,0 +1,103 @@
name: cyrus-sasl Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sasl
path: build-dir.tgz
retention-days: 5
sasl_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.1.28 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install krb5-kdc krb5-otp libkrb5-dev \
libsocket-wrapper libnss-wrapper krb5-admin-server libdb5.3-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sasl
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout sasl
uses: actions/checkout@v4
with:
repository: cyrusimap/cyrus-sasl
ref: cyrus-sasl-${{ matrix.ref }}
path: sasl
- name: Build cyrus-sasl
working-directory: sasl
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/${{ matrix.ref }}.patch
autoreconf -ivf
./configure --with-openssl=no --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-dblib=berkeley --disable-shared
# Need to run 'make' twice with '--disable-shared' for some reason
make -j || make -j
- name: Run testsuite
working-directory: sasl
run: |
make -j -C utils testsuite saslpasswd2
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
$GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done

11
.github/workflows/haproxy.yml → .github/workflows/disabled/haproxy.yml vendored
View File

@ -1,7 +1,16 @@
name: HaProxy Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
haproxy_check:

15
.github/workflows/hostap.yml → .github/workflows/disabled/hostap.yml vendored
View File

@ -1,7 +1,16 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -62,7 +71,7 @@ jobs:
config: [
{
hostap_ref: hostap_2_10,
hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-build1,
@ -70,7 +79,7 @@ jobs:
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
hostap_cherry_pick: 5679ec5c3dda25a0547a5f66407fd9b0b55fd04a,
hostap_cherry_pick: 36fcbb1a4ee4aa604f15079eae2ffa4fe7f44680,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-build2
},

11
.github/workflows/docker-Espressif.yml vendored
View File

@ -1,6 +1,15 @@
name: Espressif examples tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
espressif_latest:

21
.github/workflows/docker-OpenWrt.yml vendored
View File

@ -2,8 +2,17 @@
# there aren't any compatibility issues. Take a look at Docker/OpenWrt/README.md
name: OpenWrt test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
@ -19,11 +28,15 @@ jobs:
- uses: actions/checkout@v4
- name: Compile libwolfssl.so
run: ./autogen.sh && ./configure --enable-all && make
# 2024-08-05 - Something broke in the actions. They are no longer following links.
- name: tar libwolfssl.so
working-directory: src/.libs
run: tar -zcf libwolfssl.tgz libwolfssl.so*
- name: Upload libwolfssl.so
uses: actions/upload-artifact@v4
with:
name: openwrt-libwolfssl.so
path: src/.libs/libwolfssl.so
path: src/.libs/libwolfssl.tgz
retention-days: 5
compile_container:
name: Compile container
@ -41,7 +54,9 @@ jobs:
- uses: actions/download-artifact@v4
with:
name: openwrt-libwolfssl.so
path: Docker/OpenWrt/.
path: .
- name: untar libwolfssl.so
run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
- name: Build but dont push
uses: docker/build-push-action@v5
with:

106
.github/workflows/grpc.yml vendored Normal file
View File

@ -0,0 +1,106 @@
name: grpc Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-grpc
path: build-dir.tgz
retention-days: 5
grpc_check:
strategy:
fail-fast: false
matrix:
include:
- ref: v1.60.0
tests: >-
bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test
crl_ssl_transport_security_test server_ssl_test
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Confirm IPv4 and IPv6 support
run: |
ip addr list lo | grep 'inet '
ip addr list lo | grep 'inet6 '
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config cmake clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-grpc
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout grpc
uses: actions/checkout@v4
with:
repository: grpc/grpc
path: grpc
ref: ${{ matrix.ref }}
- name: Build grpc
working-directory: ./grpc
run: |
patch -p1 < ../osp/grpc/grpc-${{ matrix.ref }}.patch
git submodule update --init
mkdir cmake/build
cd cmake/build
cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=wolfssl \
-DWOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir ../..
make -j $(nproc) ${{ matrix.tests }}
- name: Run grpc tests
working-directory: ./grpc
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
./tools/run_tests/start_port_server.py
for t in ${{ matrix.tests }} ; do
./cmake/build/$t
done

20
.github/workflows/hitch.yml vendored
View File

@ -1,7 +1,16 @@
name: hitch Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -18,11 +27,14 @@ jobs:
configure: --enable-hitch
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
path: build-dir.tgz
retention-days: 5
hitch_check:
@ -44,7 +56,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

122
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/hostapd.config vendored Normal file
View File

@ -0,0 +1,122 @@
#CC=ccache gcc
CONFIG_DRIVER_NONE=y
CONFIG_DRIVER_NL80211=y
CONFIG_RSN_PREAUTH=y
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
CONFIG_EAP=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_EAP_TLS=y
CONFIG_EAP_MSCHAPV2=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_GTC=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_PAX=y
CONFIG_EAP_PSK=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_UNAUTH_TLS=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_EAP_EKE=y
CONFIG_PKCS12=y
CONFIG_RADIUS_SERVER=y
CONFIG_IPV6=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_FULL_DYNAMIC_VLAN=y
CONFIG_VLAN_NETLINK=y
CONFIG_LIBNL32=y
CONFIG_LIBNL3_ROUTE=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_WPS=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
#CONFIG_WPS_STRICT=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_P2P_MANAGER=y
CONFIG_DEBUG_FILE=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_WPA_CLI_EDIT=y
CONFIG_ACS=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_WNM=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_SQLITE=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CFLAGS += -DCONFIG_RADIUS_TEST
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_h += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_n += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_h += -fsanitize=undefined
#LIBS_n += -fsanitize=undefined
#LIBS_c += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_TAXONOMY=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y
CONFIG_AIRTIME_POLICY=y
CONFIG_IEEE80211BE=y

1677
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/tests vendored Normal file
View File

File diff suppressed because it is too large Load Diff

164
.github/workflows/hostap-files/configs/07c9f183ea744ac04585fb6dd10220c75a5e2e74/wpa_supplicant.config vendored Normal file
View File

@ -0,0 +1,164 @@
#CC=ccache gcc
#CONFIG_TLS=openssl
CONFIG_TLS=wolfssl
#CONFIG_TLS=internal
#CONFIG_INTERNAL_LIBTOMMATH=y
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
CONFIG_IEEE8021X_EAPOL=y
CONFIG_ERP=y
CONFIG_EAP_MD5=y
CONFIG_MSCHAPV2=y
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_GTC=y
CONFIG_EAP_OTP=y
CONFIG_EAP_PSK=y
CONFIG_EAP_PAX=y
CONFIG_EAP_LEAP=y
CONFIG_EAP_SIM=y
CONFIG_EAP_AKA=y
CONFIG_EAP_AKA_PRIME=y
CONFIG_EAP_VENDOR_TEST=y
CONFIG_EAP_TLV=y
CONFIG_EAP_SAKE=y
CONFIG_EAP_GPSK=y
CONFIG_EAP_GPSK_SHA256=y
CONFIG_EAP_EKE=y
CONFIG_EAP_TNC=y
CFLAGS += -DTNC_CONFIG_FILE=\"tnc/tnc_config\"
LIBS += -rdynamic
CONFIG_EAP_FAST=y
CONFIG_EAP_TEAP=y
CONFIG_EAP_IKEV2=y
ifeq ($(CONFIG_TLS), openssl)
CONFIG_EAP_PWD=y
endif
ifeq ($(CONFIG_TLS), wolfssl)
CONFIG_EAP_PWD=y
endif
CONFIG_USIM_SIMULATOR=y
CONFIG_SIM_SIMULATOR=y
#CONFIG_PCSC=y
CONFIG_IPV6=y
CONFIG_DRIVER_NONE=y
CONFIG_PKCS12=y
CONFIG_CTRL_IFACE=unix
CONFIG_WPA_CLI_EDIT=y
CONFIG_OCSP=y
#CONFIG_ELOOP_POLL=y
CONFIG_CTRL_IFACE_DBUS_NEW=y
CONFIG_CTRL_IFACE_DBUS_INTRO=y
CONFIG_IEEE80211R=y
CONFIG_IEEE80211AC=y
CONFIG_IEEE80211AX=y
CONFIG_OCV=y
CONFIG_DEBUG_FILE=y
CONFIG_WPS=y
#CONFIG_WPS_STRICT=y
CONFIG_WPS_UPNP=y
CONFIG_WPS_NFC=y
CONFIG_WPS_ER=y
#CONFIG_WPS_REG_DISABLE_OPEN=y
CONFIG_DRIVER_WEXT=y
CONFIG_DRIVER_NL80211=y
CFLAGS += -I/usr/include/libnl3
CONFIG_LIBNL32=y
CONFIG_IBSS_RSN=y
CONFIG_AP=y
CONFIG_MESH=y
CONFIG_P2P=y
CONFIG_WIFI_DISPLAY=y
CONFIG_ACS=y
CONFIG_BGSCAN_SIMPLE=y
CONFIG_BGSCAN_LEARN=y
CONFIG_WPA_TRACE=y
CONFIG_WPA_TRACE_BFD=y
CONFIG_TDLS=y
CONFIG_TDLS_TESTING=y
CONFIG_NO_RANDOM_POOL=y
CONFIG_TLSV11=y
CONFIG_TLSV12=y
CONFIG_HT_OVERRIDES=y
CONFIG_VHT_OVERRIDES=y
CONFIG_HE_OVERRIDES=y
CONFIG_DEBUG_LINUX_TRACING=y
CONFIG_INTERWORKING=y
CONFIG_HS20=y
CONFIG_AUTOSCAN_EXPONENTIAL=y
CONFIG_AUTOSCAN_PERIODIC=y
CONFIG_EXT_PASSWORD_TEST=y
CONFIG_EXT_PASSWORD_FILE=y
CONFIG_EAP_UNAUTH_TLS=y
CONFIG_SAE=y
CONFIG_SAE_PK=y
CFLAGS += -DALL_DH_GROUPS
CONFIG_WNM=y
CONFIG_FST=y
CONFIG_FST_TEST=y
CONFIG_TESTING_OPTIONS=y
CONFIG_MODULE_TESTS=y
CONFIG_SUITEB=y
CONFIG_SUITEB192=y
# AddressSanitizer (ASan) can be enabled by uncommenting the following lines.
# This can be used as a more efficient memory error detector than valgrind
# (though, with still some CPU and memory cost, so VM cases will need more
# memory allocated for the guest).
#CFLAGS += -fsanitize=address -O1 -fno-omit-frame-pointer -g
#LIBS += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_c += -fsanitize=address -fno-omit-frame-pointer -g
#LIBS_p += -fsanitize=address -fno-omit-frame-pointer -g
# Undefined Behavior Sanitizer (UBSan) can be enabled by uncommenting the
# following lines.
#CFLAGS += -Wno-format-nonliteral
#CFLAGS += -fsanitize=undefined
##CFLAGS += -fno-sanitize-recover
#LIBS += -fsanitize=undefined
##LIBS += -fno-sanitize-recover
#LIBS_c += -fsanitize=undefined
#LIBS_p += -fsanitize=undefined
CONFIG_MBO=y
CONFIG_FILS=y
CONFIG_FILS_SK_PFS=y
CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y
CONFIG_PASN=y

51
.github/workflows/hostap-files/configs/b607d2723e927a3446d89aed813f1aa6068186bb/tests vendored
View File

@ -191,13 +191,7 @@ ap_wpa2_psk_supp_proto_no_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_in_group_msg
ap_wpa2_psk_supp_proto_too_long_gtk_kde
ap_wpa2_psk_supp_proto_gtk_not_encrypted
ap_wpa2_psk_supp_proto_no_igtk
ap_wpa2_psk_supp_proto_igtk_ok
ap_wpa2_psk_supp_proto_igtk_keyid_swap
ap_wpa2_psk_supp_proto_igtk_keyid_too_large
ap_wpa2_psk_supp_proto_igtk_keyid_unexpected
ap_wpa2_psk_wep
ap_wpa2_psk_ifdown
ap_wpa2_psk_drop_first_msg_4
ap_wpa2_psk_disable_enable
ap_wpa2_psk_incorrect_passphrase
@ -210,10 +204,7 @@ ap_wpa2_disable_eapol_retry
ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
ap_wpa2_psk_rsne_mismatch_ap2
ap_wpa2_psk_rsne_mismatch_ap3
@ -253,10 +244,8 @@ ap_wpa2_eap_aka_sql
ap_wpa2_eap_aka_config
ap_wpa2_eap_aka_ext
ap_wpa2_eap_aka_ext_auth_fail
ap_wpa2_eap_aka_prime
ap_wpa2_eap_aka_prime_imsi_identity
ap_wpa2_eap_aka_prime_imsi_privacy_key
ap_wpa2_eap_aka_prime_sql
ap_wpa2_eap_aka_prime_ext_auth_fail
ap_wpa2_eap_aka_prime_ext
ap_wpa2_eap_ttls_pap
@ -416,19 +405,6 @@ ap_wpa2_radius_server_get_id
ap_wpa2_eap_tls_tod
ap_wpa2_eap_tls_tod_tofu
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown
dpp_network_intro_version
dpp_network_intro_version_change
dpp_network_intro_version_missing_req
@ -459,12 +435,9 @@ dpp_qr_code_curves
dpp_qr_code_curves_brainpool
dpp_qr_code_unsupported_curve
dpp_qr_code_keygen_fail
dpp_qr_code_curve_select
dpp_qr_code_auth_broadcast
dpp_configurator_enrollee
dpp_configurator_enrollee_prime256v1
dpp_configurator_enrollee_secp384r1
dpp_configurator_enrollee_secp521r1
dpp_configurator_enrollee_brainpoolP256r1
dpp_configurator_enrollee_brainpoolP384r1
dpp_configurator_enrollee_brainpoolP512r1
@ -477,7 +450,6 @@ dpp_qr_code_curve_brainpoolP384r1
dpp_qr_code_curve_brainpoolP512r1
dpp_qr_code_set_key
dpp_qr_code_auth_mutual
dpp_qr_code_auth_mutual2
dpp_qr_code_auth_mutual_p_256
dpp_qr_code_auth_mutual_p_384
dpp_qr_code_auth_mutual_p_521
@ -514,13 +486,11 @@ dpp_config_no_signed_connector
dpp_config_unexpected_signed_connector_char
dpp_config_root_not_an_object
dpp_config_no_wi_fi_tech
dpp_config_unsupported_wi_fi_tech
dpp_config_no_discovery
dpp_config_no_discovery_ssid
dpp_config_too_long_discovery_ssid
dpp_config_no_cred
dpp_config_no_cred_akm
dpp_config_unsupported_cred_akm
dpp_config_error_legacy_no_pass
dpp_config_error_legacy_too_long_pass
dpp_config_error_legacy_psk_with_sae
@ -531,13 +501,10 @@ dpp_config_connector_error_ext_sign
dpp_config_connector_error_too_short_timestamp
dpp_config_connector_error_invalid_timestamp
dpp_config_connector_error_invalid_timestamp_date
dpp_config_connector_error_invalid_time_zone
dpp_config_connector_error_invalid_time_zone_2
dpp_config_connector_error_expired_1
dpp_config_connector_error_expired_2
dpp_config_connector_error_expired_3
dpp_config_connector_error_expired_4
dpp_config_connector_error_expired_5
dpp_config_connector_error_expired_6
dpp_config_connector_error_no_groups
dpp_config_connector_error_empty_groups
@ -565,13 +532,6 @@ dpp_ap_config_p256_bp256
dpp_ap_config_bp256_p256
dpp_ap_config_p521_bp512
dpp_ap_config_reconfig_configurator
dpp_auto_connect_1
dpp_auto_connect_2
dpp_auto_connect_2_connect_cmd
dpp_auto_connect_2_sta_ver1
dpp_auto_connect_2_ap_ver1
dpp_auto_connect_2_ver1
dpp_auto_connect_2_conf_ver1
dpp_auto_connect_legacy
dpp_auto_connect_legacy_ssid_charset
dpp_auto_connect_legacy_sae_1
@ -580,13 +540,6 @@ dpp_auto_connect_legacy_psk_sae_1
dpp_auto_connect_legacy_psk_sae_2
dpp_auto_connect_legacy_psk_sae_3
dpp_auto_connect_legacy_pmf_required
dpp_qr_code_auth_responder_configurator
dpp_qr_code_auth_responder_configurator_group_id
dpp_qr_code_auth_enrollee_init_netrole
dpp_qr_code_hostapd_init
dpp_qr_code_hostapd_init_offchannel
dpp_qr_code_hostapd_init_offchannel_neg_freq
dpp_qr_code_hostapd_ignore_mismatch
dpp_test_vector_p_256
dpp_test_vector_p_256_b
dpp_test_vector_p_521
@ -603,7 +556,6 @@ dpp_pkex_no_identifier
dpp_pkex_identifier_mismatch
dpp_pkex_identifier_mismatch2
dpp_pkex_identifier_mismatch3
dpp_pkex_5ghz
dpp_pkex_test_vector
dpp_pkex_code_mismatch
dpp_pkex_code_mismatch_limit
@ -625,7 +577,6 @@ dpp_pkex_hostapd_errors
dpp_pkex_nak_curve_change
dpp_pkex_nak_curve_change2
dpp_hostapd_configurator
dpp_hostapd_configurator_enrollee_v1
dpp_hostapd_configurator_responder
dpp_hostapd_configurator_fragmentation
dpp_hostapd_enrollee_fragmentation
@ -650,7 +601,6 @@ dpp_proto_stop_at_pkex_cr_req
dpp_proto_stop_at_pkex_cr_resp
dpp_proto_network_introduction
dpp_hostapd_auth_conf_timeout
dpp_hostapd_auth_resp_retries
dpp_tcp
dpp_tcp_port
dpp_tcp_mutual
@ -702,6 +652,5 @@ dpp_qr_code_config_event_initiator_failure
dpp_qr_code_config_event_initiator_no_response
dpp_qr_code_config_event_initiator_both
dpp_tcp_qr_code_config_event_initiator
dpp_qr_code_config_event_responder
dpp_discard_public_action

47
.github/workflows/hostap-files/configs/hostap_2_10/extra.patch vendored Normal file
View File

@ -0,0 +1,47 @@
From a53a6a67dc121b45d611318e2a37815cc209839c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Fri, 19 Apr 2024 16:41:38 +0200
Subject: [PATCH] Fixes for running tests under UML
- Apply commit ID fix from more recent commit
- priv_sz and pub_sz are checked and fail on UML. Probably because stack is zeroed out.
---
src/crypto/crypto_wolfssl.c | 2 +-
tests/hwsim/run-all.sh | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
index 00ecf61352..a57fa50697 100644
--- a/src/crypto/crypto_wolfssl.c
+++ b/src/crypto/crypto_wolfssl.c
@@ -785,7 +785,7 @@ int crypto_dh_init(u8 generator, const u8 *prime, size_t prime_len, u8 *privkey,
int ret = -1;
WC_RNG rng;
DhKey *dh = NULL;
- word32 priv_sz, pub_sz;
+ word32 priv_sz = prime_len, pub_sz = prime_len;
if (TEST_FAIL())
return -1;
diff --git a/tests/hwsim/run-all.sh b/tests/hwsim/run-all.sh
index ee48cd0581..75c3a58b52 100755
--- a/tests/hwsim/run-all.sh
+++ b/tests/hwsim/run-all.sh
@@ -15,7 +15,13 @@ export LOGDIR
if [ -z "$DBFILE" ]; then
DB=""
else
- DB="-S $DBFILE --commit $(git rev-parse HEAD)"
+ DB="-S $DBFILE"
+ if [ -z "$COMMITID" ]; then
+ COMMITID="$(git rev-parse HEAD)"
+ fi
+ if [ -n "$COMMITID" ]; then
+ DB="$DB --commit $COMMITID"
+ fi
if [ -n "$BUILD" ]; then
DB="$DB -b $BUILD"
fi
--
2.34.1

14
.github/workflows/hostap-files/configs/hostap_2_10/tests vendored
View File

@ -163,7 +163,6 @@ ap_wpa2_disable_eapol_retry_group
ap_wpa2_psk_mic_0
ap_wpa2_psk_local_error
ap_wpa2_psk_inject_assoc
ap_wpa2_psk_no_control_port
ap_wpa2_psk_ap_control_port
ap_wpa2_psk_ap_control_port_disabled
ap_wpa2_psk_rsne_mismatch_ap
@ -269,16 +268,3 @@ ap_wpa2_eap_psk_mac_addr_change
ap_wpa2_eap_server_get_id
ap_wpa2_radius_server_get_id
ap_wpa2_eap_sake_no_control_port
ap_wpa2_tdls
ap_wpa2_tdls_concurrent_init
ap_wpa2_tdls_concurrent_init2
ap_wpa2_tdls_decline_resp
ap_wpa2_tdls_long_lifetime
ap_wpa2_tdls_long_frame
ap_wpa2_tdls_reneg
ap_wpa2_tdls_wrong_lifetime_resp
ap_wpa2_tdls_diff_rsnie
ap_wpa2_tdls_wrong_tpk_m2_mic
ap_wpa2_tdls_wrong_tpk_m3_mic
ap_wpa2_tdls_double_tpk_m2
ap_wpa2_tdls_responder_teardown

318
.github/workflows/hostap-vm.yml vendored Normal file
View File

@ -0,0 +1,318 @@
name: hostap and wpa-supplicant Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
env:
LINUX_REF: v6.6
jobs:
build_wolfssl:
strategy:
matrix:
include:
- build_id: hostap-vm-build1
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- if: ${{ runner.debug }}
name: Enable wolfSSL debug logging
run: |
echo "wolf_debug_flags=--enable-debug" >> $GITHUB_ENV
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-wpas CPPFLAGS=-DWOLFSSL_STATIC_RSA
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir.tgz
retention-days: 5
build_uml_linux:
name: Build UML (UserMode Linux)
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Checking if we have kernel in cache
uses: actions/cache@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
lookup-only: true
- name: Checkout hostap
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
- name: Checkout linux
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
path: linux
- name: Compile linux
if: steps.cache.outputs.cache-hit != 'true'
run: |
cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config
cd linux
yes "" | ARCH=um make -j $(nproc)
hostap_test:
strategy:
fail-fast: false
matrix:
# should hostapd be compiled with wolfssl
hostapd: [true, false]
# should wpa_supplicant be compiled with wolfssl
wpa_supplicant: [true, false]
# Fix the versions of hostap and osp to not break testing when a new
# patch is added in to osp. Tests are read from the corresponding
# configs/hostap_ref/tests file.
config: [
{
hostap_ref: hostap_2_10,
remove_teap: true,
# TLS 1.3 does not work for this version
build_id: hostap-vm-build1,
},
# Test the dpp patch
{
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
},
{
hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74,
osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528,
build_id: hostap-vm-build2
},
]
exclude:
# don't test openssl on both sides
- hostapd: false
wpa_supplicant: false
# no hostapd support for dpp yet
- hostapd: true
config: {
hostap_ref: b607d2723e927a3446d89aed813f1aa6068186bb,
osp_ref: ad5b52a49b3cc2a5bfb47ccc1d6a5137132e9446,
build_id: hostap-vm-build2
}
name: hwsim test
# For openssl 1.1
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 45
needs: [build_wolfssl, build_uml_linux]
steps:
- name: Checking if we have kernel in cache
uses: actions/cache/restore@v4
id: cache
with:
path: linux/linux
key: ${{ env.LINUX_REF }}
fail-on-cache-miss: true
- name: show file structure
run: tree
# No way to view the full strategy in the browser (really weird)
- name: Print strategy
run: |
cat <<EOF
${{ toJSON(matrix) }}
EOF
- name: Print computed job run ID
run: |
SHA_SUM=$(sha256sum << 'END_OF_HEREDOC' | cut -d " " -f 1
${{ toJSON(github) }}
END_OF_HEREDOC
)
echo "our_job_run_id=$SHA_SUM" >> $GITHUB_ENV
echo Our job run ID is $SHA_SUM
- name: Checkout wolfSSL
uses: actions/checkout@v4
with:
path: wolfssl
- name: Download lib
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# hostap dependencies
sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \
libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \
libnl-route-3-dev libdbus-1-dev bridge-utils tshark
sudo pip3 install pycryptodome
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
- name: Update certs
working-directory: hostap/tests/hwsim/auth_serv
run: ./update.sh
- if: ${{ matrix.config.osp_ref }}
name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
ref: ${{ matrix.config.osp_ref }}
- if: ${{ matrix.config.osp_ref }}
name: Apply patch files
working-directory: hostap
run: |
for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/*
do
patch -p1 < $f
done
- name: Apply extra patches
working-directory: hostap
run: |
FILE=$GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/extra.patch
if [ -f "$FILE" ]; then
patch -p1 < $FILE
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
cat <<EOF >> hostap/hostapd/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config
cat <<EOF >> hostap/wpa_supplicant/.config
CFLAGS += -I$GITHUB_WORKSPACE/build-dir/include -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
LIBS += -L$GITHUB_WORKSPACE/build-dir/lib -Wl,-rpath=$GITHUB_WORKSPACE/build-dir/lib
EOF
- name: Build hostap and wpa_supplicant
working-directory: hostap/tests/hwsim/
run: ./build.sh
- if: ${{ matrix.hostapd }}
name: Confirm hostapd linking with wolfSSL
run: ldd hostap/hostapd/hostapd | grep wolfssl
- if: ${{ matrix.wpa_supplicant }}
name: Confirm wpa_supplicant linking with wolfSSL
run: ldd hostap/wpa_supplicant/wpa_supplicant | grep wolfssl
- if: ${{ matrix.config.remove_teap }}
name: Remove EAP-TEAP from test configuration
working-directory: hostap/tests/hwsim/auth_serv
run: |
sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf
sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf
sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf
sed -e 's/TEAP,//' -i eap_user.conf
- if: ${{ runner.debug }}
name: Enable hostap debug logging
run: |
echo "hostap_debug_flags=--debug" >> $GITHUB_ENV
- name: Run tests
id: testing
working-directory: hostap/tests/hwsim/
run: |
cat <<EOF >> vm/vm-config
KERNELDIR=$GITHUB_WORKSPACE/linux
KVMARGS="-cpu host"
EOF
# Run tests in increments of 200 to not stall out the parallel-vm script
while mapfile -t -n 200 ary && ((${#ary[@]})); do
TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ')
HWSIM_RES=0 # Not set when command succeeds
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $TESTS || HWSIM_RES=$?
if [ "$HWSIM_RES" -ne "0" ]; then
# Let's re-run the failing tests. We gather the failed tests from the log file.
FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ')
printf 'failed tests: %s\n' "$FAILED_TESTS"
./vm/parallel-vm.py ${{ env.hostap_debug_flags }} --nocurses $(nproc) $FAILED_TESTS
fi
rm -r /tmp/hwsim-test-logs
done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests
# The logs are quite big. It hasn't been useful so far so let's not waste
# precious gh space.
#- name: zip logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# working-directory: hostap/tests/hwsim/
# run: |
# rm /tmp/hwsim-test-logs/latest
# zip -9 -r logs.zip /tmp/hwsim-test-logs
#
#- name: Upload failure logs
# if: ${{ failure() && steps.testing.outcome == 'failure' }}
# uses: actions/upload-artifact@v4
# with:
# name: hostap-logs-${{ env.our_job_run_id }}
# path: hostap/tests/hwsim/logs.zip
# retention-days: 5

82
.github/workflows/ipmitool.yml vendored Normal file
View File

@ -0,0 +1,82 @@
name: ipmitool Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ipmitool
path: build-dir.tgz
retention-days: 5
build_ipmitool:
strategy:
fail-fast: false
matrix:
git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ]
name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ipmitool
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build ipmitool
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: ipmitool/ipmitool
ref: ${{ matrix.git_ref }}
path: ipmitool
patch-file: $GITHUB_WORKSPACE/osp/ipmitool/*-${{ matrix.git_ref }}.patch
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir
# No checks included and not running since it depends on hardware
check: false
- name: Confirm built with wolfSSL
working-directory: ipmitool
run: |
ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl

90
.github/workflows/jwt-cpp.yml vendored Normal file
View File

@ -0,0 +1,90 @@
name: jwt-cpp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-jwt-cpp
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
strategy:
fail-fast: false
matrix:
ref: [ 0.6.0 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libgtest-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-jwt-cpp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jwt-cpp
uses: actions/checkout@v4
with:
repository: Thalhammer/jwt-cpp
path: jwt-cpp
ref: v${{ matrix.ref }}
- name: Build pam-ipmi
working-directory: jwt-cpp
run: |
patch -p1 < ../osp/jwt-cpp/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DJWT_SSL_LIBRARY:STRING=wolfSSL -DJWT_BUILD_TESTS=ON .
make -j -C build
ldd ./build/tests/jwt-cpp-test | grep wolfssl
- name: Run jwt-cpp tests
working-directory: jwt-cpp
run: ./build/tests/jwt-cpp-test

20
.github/workflows/krb5.yml vendored
View File

@ -1,7 +1,16 @@
name: Kerberos 5 Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -22,11 +31,14 @@ jobs:
configure: --enable-krb CC='gcc -fsanitize=address'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
path: build-dir.tgz
retention-days: 5
krb5_check:
@ -45,7 +57,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

20
.github/workflows/libssh2.yml vendored
View File

@ -1,7 +1,16 @@
name: libssh2 Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -19,11 +28,14 @@ jobs:
check: false # config is already tested in many other PRB's
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
path: build-dir.tgz
retention-days: 5
libssh2_check:
@ -42,7 +54,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1

84
.github/workflows/libvncserver.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: libvncserver Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libvncserver
path: build-dir.tgz
retention-days: 5
build_libvncserver:
strategy:
fail-fast: false
matrix:
ref: [ 0.9.13 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-libvncserver
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout libvncserver
uses: actions/checkout@v4
with:
repository: LibVNC/libvncserver
path: libvncserver
ref: LibVNCServer-${{ matrix.ref }}
- name: Build libvncserver
working-directory: libvncserver
run: |
patch -p1 < ../osp/libvncserver/${{ matrix.ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \
cmake -B build -DWITH_GNUTLS=OFF -DWITH_OPENSSL=OFF -DWITH_GCRYPT=OFF -DWITH_WOLFSSL=ON .
make -j -C build VERBOSE=1
ldd build/libvncclient.so | grep wolfssl
ldd build/libvncserver.so | grep wolfssl
- name: Run libvncserver tests
working-directory: libvncserver
run: make -C build test

55
.github/workflows/main.yml vendored
View File

@ -1,55 +0,0 @@
name: CI
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
espressif:
uses: ./.github/workflows/docker-Espressif.yml
multi-compiler:
uses: ./.github/workflows/multi-compiler.yml
multi-arch:
uses: ./.github/workflows/multi-arch.yml
openwrt:
uses: ./.github/workflows/docker-OpenWrt.yml
os-check:
uses: ./.github/workflows/os-check.yml
async:
uses: ./.github/workflows/async.yml
stunnel:
uses: ./.github/workflows/stunnel.yml
openvpn:
uses: ./.github/workflows/openvpn.yml
hostap:
uses: ./.github/workflows/hostap.yml
nginx:
uses: ./.github/workflows/nginx.yml
zephyr:
uses: ./.github/workflows/zephyr.yml
hitch:
uses: ./.github/workflows/hitch.yml
curl:
uses: ./.github/workflows/curl.yml
krb5:
uses: ./.github/workflows/krb5.yml
packaging:
uses: ./.github/workflows/packaging.yml
memcached:
uses: ./.github/workflows/memcached.yml
libssh2:
uses: ./.github/workflows/libssh2.yml
openssh:
uses: ./.github/workflows/openssh.yml
# TODO: Currently this test fails. Enable it once it becomes passing.
# haproxy:
# uses: ./.github/workflows/haproxy.yml
ocsp:
uses: ./.github/workflows/ocsp.yml
no-malloc:
uses: ./.github/workflows/no-malloc.yml

20
.github/workflows/memcached.yml vendored
View File

@ -1,7 +1,16 @@
name: memcached Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -19,11 +28,14 @@ jobs:
- name: Bundle Docker entry point
run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
path: build-dir.tgz
retention-days: 5
memcached_check:
@ -41,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

98
.github/workflows/mosquitto.yml vendored Normal file
View File

@ -0,0 +1,98 @@
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
sudo pip install --upgrade psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi

11
.github/workflows/multi-arch.yml vendored
View File

@ -1,7 +1,16 @@
name: Multiple architectures
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:

11
.github/workflows/multi-compiler.yml vendored
View File

@ -1,7 +1,16 @@
name: Multiple compilers and versions
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
my_matrix:

82
.github/workflows/net-snmp.yml vendored Normal file
View File

@ -0,0 +1,82 @@
name: net-snmp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-net-snmp
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-net-snmp
path: build-dir.tgz
retention-days: 5
net-snmp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: 5.9.3
test_opts: -e 'agentxperl'
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-net-snmp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build net-snmp
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: net-snmp/net-snmp
ref: v${{ matrix.ref }}
path: net-snmp
patch-file: $GITHUB_WORKSPACE/osp/net-snmp/${{ matrix.ref }}.patch
configure: --disable-shared --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Run net-snmp tests
working-directory: net-snmp
run: |
autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
make -j test TESTOPTS="${{ matrix.test_opts }}"

20
.github/workflows/nginx.yml vendored
View File

@ -1,7 +1,16 @@
name: nginx Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -24,11 +33,14 @@ jobs:
configure: --enable-nginx ${{ env.wolf_debug_flags }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
path: build-dir.tgz
retention-days: 5
nginx_check:
@ -102,7 +114,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |

11
.github/workflows/no-malloc.yml vendored
View File

@ -1,7 +1,16 @@
name: No Malloc Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:

92
.github/workflows/ntp.yml vendored Normal file
View File

@ -0,0 +1,92 @@
name: ntp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ntp
path: build-dir.tgz
retention-days: 5
ntp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 4.2.8p15 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ntp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
# Avoid DoS'ing ntp site so cache the tar.gz
- name: Check if we have ntp
uses: actions/cache@v4
id: cache
with:
path: ntp-${{ matrix.ref }}.tar.gz
key: ntp-${{ matrix.ref }}.tar.gz
- name: Download ntp
if: steps.cache.outputs.cache-hit != 'true'
run: |
wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
- name: Extract ntp
run: |
tar -xf ntp-${{ matrix.ref }}.tar.gz
- name: Build and test ntp
working-directory: ntp-${{ matrix.ref }}
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
./bootstrap
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j
make -j check

11
.github/workflows/ocsp.yml vendored
View File

@ -1,7 +1,16 @@
name: OCSP Test
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
ocsp_stapling:

20
.github/workflows/openssh.yml vendored
View File

@ -1,7 +1,16 @@
name: openssh Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -20,11 +29,14 @@ jobs:
--enable-intelasm --enable-sp-asm
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
path: build-dir.tgz
retention-days: 5
openssh_check:
@ -42,7 +54,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

20
.github/workflows/openvpn.yml vendored
View File

@ -1,7 +1,16 @@
name: OpenVPN Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -18,11 +27,14 @@ jobs:
configure: --enable-openvpn
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
path: build-dir.tgz
retention-days: 5
openvpn_check:
@ -41,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |

12
.github/workflows/os-check.yml vendored
View File

@ -1,7 +1,16 @@
name: Ubuntu-Macos-Windows Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
@ -67,6 +76,7 @@ jobs:
'examples/configs/user_settings_min_ecc.h',
'examples/configs/user_settings_wolfboot_keytools.h',
'examples/configs/user_settings_wolftpm.h',
'examples/configs/user_settings_wolfssh.h',
'examples/configs/user_settings_tls12.h',
]
name: make user_setting.h (testwolfcrypt only)

11
.github/workflows/packaging.yml vendored
View File

@ -1,7 +1,16 @@
name: Packaging Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:

91
.github/workflows/pam-ipmi.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: pam-ipmi Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-pam-ipmi
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
strategy:
fail-fast: false
matrix:
git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ]
name: ${{ matrix.git_ref }}
runs-on: ubuntu-latest
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install libpam-dev ninja-build
sudo pip3 install meson
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-pam-ipmi
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout pam-ipmi
uses: actions/checkout@v4
with:
repository: openbmc/pam-ipmi
path: pam-ipmi
ref: ${{ matrix.git_ref }}
- name: Build pam-ipmi
working-directory: pam-ipmi
run: |
patch -p1 < ../osp/pam-ipmi/*-${{ matrix.git_ref }}.patch
PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig meson setup build
ninja -C build
- name: Confirm built with wolfSSL
working-directory: pam-ipmi
run: |
ldd ./build/src/pam_ipmisave/pam_ipmisave.so | grep wolfssl

114
.github/workflows/rng-tools.yml vendored Normal file
View File

@ -0,0 +1,114 @@
name: rng-tools Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-rng-tools
path: build-dir.tgz
retention-days: 5
rng-tools_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 6.16 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-rng-tools
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jitterentropy-library
uses: actions/checkout@v4
with:
repository: smuellerDD/jitterentropy-library
path: jitterentropy-library
ref: v3.5.0
- name: Build jitterentropy-library
working-directory: jitterentropy-library
run: make -j
- name: Build rng-tools
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: nhorman/rng-tools
ref: v${{ matrix.ref }}
path: rng-tools
patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Testing rng-tools
id: testing
working-directory: rng-tools
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi
- name: Print logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: rng-tools/tests
run: cat test-suite.log

81
.github/workflows/socat.yml vendored Normal file
View File

@ -0,0 +1,81 @@
name: socat Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
runs-on: ubuntu-latest
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-socat
path: build-dir.tgz
retention-days: 5
socat_check:
strategy:
fail-fast: false
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 30
needs: build_wolfssl
steps:
- name: Install prereqs
run:
sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-socat
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build socat
working-directory: ./socat-1.8.0.0
run: |
patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch
autoreconf -vfi
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make
- name: Run socat tests
working-directory: ./socat-1.8.0.0
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
export SHELL=/bin/bash
SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 146,216,309,310,386,399,402,459,460,467,468,478,492,528,530

20
.github/workflows/stunnel.yml vendored
View File

@ -1,7 +1,16 @@
name: stunnel Tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
@ -18,11 +27,14 @@ jobs:
configure: --enable-stunnel
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
path: build-dir.tgz
retention-days: 5
stunnel_check:
@ -41,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

34
.github/workflows/zephyr.yml vendored
View File

@ -1,7 +1,16 @@
name: Zephyr tests
# START OF COMMON SECTION
on:
workflow_call:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
run_test:
@ -14,9 +23,11 @@ jobs:
zephyr-sdk: 0.16.1
- zephyr-ref: v3.5.0
zephyr-sdk: 0.16.3
- zephyr-ref: v2.7.4
zephyr-sdk: 0.16.3
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 15
timeout-minutes: 25
steps:
- name: Install dependencies
run: |
@ -69,25 +80,38 @@ jobs:
cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
./setup.sh -h -c -t x86_64-zephyr-elf
- name: Fix options for 2.7.4
if: ${{ matrix.config.zephyr-ref == 'v2.7.4' }}
working-directory: zephyr/modules/crypto/wolfssl
run: |
sed -i -e 's/CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE/CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE/g' $(find -name prj.conf)
- name: Run wolfssl test
id: wolfssl-test
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_test/sample.crypto.wolfssl_test_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS sock test
# Results in a page fault that I can't trace
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-sock
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock -vvv
rm -rf zephyr/twister-out
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_sock/sample.crypto.wolfssl_tls_sock_no_malloc -vvv
rm -rf zephyr/twister-out
- name: Run wolfssl TLS thread test
if: ${{ matrix.config.zephyr-ref != 'v2.7.4' }}
id: wolfssl-tls-thread
working-directory: zephyr
run: |
./zephyr/scripts/twister --testsuite-root modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
./zephyr/scripts/twister -T modules/crypto/wolfssl --test zephyr/samples/wolfssl_tls_thread/sample.crypto.wolfssl_tls_thread -vvv
rm -rf zephyr/twister-out
- name: Zip failure logs

16
.gitignore vendored
View File

@ -413,6 +413,14 @@ user_settings_asm.h
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release
# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
@ -439,3 +447,11 @@ wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*
/**/.vscode/c_cpp_properties.json
/**/.vscode/launch.json
/**/.vscode/ipch
/**/sdkconfig.esp32dev

202
CMakeLists.txt
View File

@ -1,6 +1,6 @@
# CMakeList.txt
# CMakeLists.txt
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL. (formerly known as CyaSSL)
#
@ -21,6 +21,12 @@
cmake_minimum_required(VERSION 3.16)
if(${CMAKE_VERSION} VERSION_LESS "3.22")
message(STATUS "This project recommends using CMake version 3.22 or higher. You are using ${CMAKE_VERSION}.")
else()
cmake_policy(SET CMP0128 NEW)
endif()
if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
message(FATAL_ERROR "In-source builds are not allowed.\
Run cmake from a separate directory from where CMakeLists.txt lives.\
@ -28,7 +34,7 @@ if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}")
You must delete them, or cmake will refuse to work.")
endif()
project(wolfssl VERSION 5.7.0 LANGUAGES C ASM)
project(wolfssl VERSION 5.7.2 LANGUAGES C ASM)
# Set WOLFSSL_ROOT if not already defined
if ("${WOLFSSL_ROOT}" STREQUAL "")
@ -47,7 +53,7 @@ set(WOLFSSL_LIBRARY_VERSION_FIRST 42)
# increment if interfaces have been added
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented
set(WOLFSSL_LIBRARY_VERSION_SECOND 1)
set(WOLFSSL_LIBRARY_VERSION_SECOND 2)
# increment if source code has changed
# set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or
@ -278,6 +284,8 @@ if(NOT WOLFSSL_SINGLE_THREADED)
"-DHAVE_PTHREAD"
"-D_POSIX_THREADS")
endif()
else()
list(APPEND WOLFSSL_DEFINITIONS "-DSINGLE_THREADED")
endif()
# DTLS-SRTP
@ -530,6 +538,15 @@ if (WOLFSSL_OPENSSLALL)
"-DWOLFSSL_ERROR_CODE_OPENSSL" "-DWOLFSSL_CERT_NAME_ALL")
endif()
add_option(WOLFSSL_NO_STUB
"Removes OpenSSL compatibility stub functions (default: disabled)"
"no" "yes;no")
if (WOLFSSL_NO_STUB)
list(APPEND WOLFSSL_DEFINITIONS
"-DNO_WOLFSSL_STUB")
endif()
# TODO: - IPv6 test apps
set(WOLFSSL_SLOW_MATH "yes")
@ -539,16 +556,89 @@ add_option(WOLFSSL_OQS
"Enable integration with the OQS (Open Quantum Safe) liboqs library (default: disabled)"
"no" "yes;no")
if (WOLFSSL_OQS)
find_package(OQS)
# Kyber
add_option(WOLFSSL_KYBER
"Enable the wolfSSL PQ Kyber library (default: disabled)"
"no" "yes;no")
# Experimental features
add_option(WOLFSSL_EXPERIMENTAL
"Enable experimental features (default: disabled)"
"no" "yes;no")
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL")
if (WOLFSSL_EXPERIMENTAL)
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found")
# We've enabled the experimental environment, but let's
# check if any experimental features are also enabled:
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 0)
set_wolfssl_definitions("WOLFSSL_EXPERIMENTAL_SETTINGS" RESUlT)
# Checking for experimental feature: OQS
message(STATUS "Looking for WOLFSSL_OQS")
if (WOLFSSL_OQS)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Looking for WOLFSSL_OQS - found")
message(STATUS "Checking OQS")
find_package(OQS)
if (OQS_FOUND)
message(STATUS "Checking OQS - found")
list(APPEND WOLFSSL_LINK_LIBS ${OQS_LIBRARY})
list(APPEND WOLFSSL_INCLUDE_DIRS ${OQS_INCLUDE_DIR})
set(HAVE_LIBOQS 1)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_TLS_EXTENSIONS"
"-DHAVE_LIBOQS")
set_wolfssl_definitions("HAVE_LIBOQS" RESUlT)
set_wolfssl_definitions("HAVE_TLS_EXTENSIONS" RESUlT)
set_wolfssl_definitions("OPENSSL_EXTRA" RESUlT)
else()
message(STATUS "Checking OQS - not found")
message(STATUS "WARNING: WOLFSSL_OQS enabled but not found: OQS_LIBRARY=${OQS_LIBRARY}, OQS_INCLUDE_DIR=${OQS_INCLUDE_DIR} ")
endif()
else()
message(STATUS "Looking for WOLFSSL_OQS - not found")
endif()
# Checking for experimental feature: Kyber
message(STATUS "Looking for WOLFSSL_KYBER")
if (WOLFSSL_KYBER)
set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1)
message(STATUS "Automatically set related requirements for Kyber:")
set_wolfssl_definitions("WOLFSSL_HAVE_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_WC_KYBER" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHA3" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE128" RESUlT)
set_wolfssl_definitions("WOLFSSL_SHAKE256" RESUlT)
message(STATUS "Looking for WOLFSSL_KYBER - found")
else()
message(STATUS "Looking for WOLFSSL_KYBER - not found")
endif()
# Other experimental feature detection can be added here...
# Were any experimental features found? Display a message.
if(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE)
message(STATUS "WOLFSSL_EXPERIMENTAL enabled, experimental features enabled.")
else()
message(STATUS "Warning: WOLFSSL_EXPERIMENTAL enabled, but no experimental features enabled.")
endif()
# Sanity checks
if(WOLFSSL_OQS AND WOLFSSL_KYBER)
message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_KYBER at the same time.")
endif()
else()
# Experimental mode not enabled, but were any experimental features enabled? Error out if so:
message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found")
if (WOLFSSL_OQS)
message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
if(WOLFSSL_KYBER)
message(FATAL_ERROR "Error: WOLFSSL_KYBER requires WOLFSSL_EXPERIMENTAL at this time.")
endif()
endif()
@ -565,6 +655,9 @@ endif()
# - Atomic user record layer
# - Public key callbacks
# - Microchip/Atmel CryptoAuthLib
# - XMSS
# - LMS
# - dual-certs
# AES-CBC
add_option("WOLFSSL_AESCBC"
@ -1451,6 +1544,15 @@ add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no")
set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")
add_option(WOLFSSL_EX_DATA
"Enable app data (default: disabled)"
"no" "yes;no")
if (WOLFSSL_EX_DATA)
list(APPEND WOLFSSL_DEFINITIONS
"-DHAVE_EX_DATA")
endif()
# Supported elliptic curves extensions
add_option("WOLFSSL_SUPPORTED_CURVES"
"Enable Supported Elliptic Curves (default: enabled)"
@ -2114,34 +2216,46 @@ else()
endif()
set(OPTION_FILE "${WOLFSSL_OUTPUT_BASE}/wolfssl/options.h")
# sccache
add_option("ENABLE_SCCACHE"
"Enable sccache (default: disabled)"
"no" "yes;no")
if (ENABLE_SCCACHE AND (NOT WOLFSSL_SCCACHE_ALREADY_SET_FLAG))
find_program(SCCACHE sccache REQUIRED)
if(SCCACHE)
message(STATUS "Enable sccache")
if(CMAKE_C_COMPILER_LAUNCHER)
set(CMAKE_C_COMPILER_LAUNCHER "${CMAKE_C_COMPILER_LAUNCHER}" "${SCCACHE}")
else()
set(CMAKE_C_COMPILER_LAUNCHER "${SCCACHE}")
endif()
if(CMAKE_CXX_COMPILER_LAUNCHER)
set(CMAKE_CXX_COMPILER_LAUNCHER "${CMAKE_CXX_COMPILER_LAUNCHER}" "${SCCACHE}")
else()
set(CMAKE_CXX_COMPILER_LAUNCHER "${SCCACHE}")
endif()
if (MSVC)
if(CMAKE_BUILD_TYPE STREQUAL "Debug")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG}")
elseif(CMAKE_BUILD_TYPE STREQUAL "Release")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
elseif(CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")
string(REPLACE "/Zi" "/Z7" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}")
string(REPLACE "/Zi" "/Z7" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}")
endif()
endif()
set(WOLFSSL_SCCACHE_ALREADY_SET_FLAG ON)
endif()
endif()
file(REMOVE ${OPTION_FILE})
file(APPEND ${OPTION_FILE} "/* wolfssl options.h\n")
file(APPEND ${OPTION_FILE} " * generated from configure options\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " * Copyright (C) 2006-2023 wolfSSL Inc.\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " * This file is part of wolfSSL. (formerly known as CyaSSL)\n")
file(APPEND ${OPTION_FILE} " *\n")
file(APPEND ${OPTION_FILE} " */\n\n")
file(APPEND ${OPTION_FILE} "#ifndef WOLFSSL_OPTIONS_H\n")
file(APPEND ${OPTION_FILE} "#define WOLFSSL_OPTIONS_H\n\n\n")
file(APPEND ${OPTION_FILE} "#ifdef __cplusplus\n")
file(APPEND ${OPTION_FILE} "extern \"C\" {\n")
file(APPEND ${OPTION_FILE} "#endif\n\n")
add_to_options_file("${WOLFSSL_DEFINITIONS}" "${OPTION_FILE}")
# CMAKE_C_FLAGS is just a string of space-separated flags to pass to the C
# compiler. We need to replace those spaces with semicolons in order to treat it
# as a CMake list.
string(REPLACE " " ";" CMAKE_C_FLAGS_LIST "${CMAKE_C_FLAGS}")
add_to_options_file("${CMAKE_C_FLAGS_LIST}" "${OPTION_FILE}")
file(APPEND ${OPTION_FILE} "\n#ifdef __cplusplus\n")
file(APPEND ${OPTION_FILE} "}\n")
file(APPEND ${OPTION_FILE} "#endif\n\n\n")
file(APPEND ${OPTION_FILE} "#endif /* WOLFSSL_OPTIONS_H */\n\n")
####################################################
# Library Target
####################################################
@ -2219,6 +2333,20 @@ if(WOLFSSL_ARIA)
message(STATUS "ARIA Check: WOLFSSL_LINK_LIBS = ${WOLFSSL_LINK_LIBS}")
endif()
foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF})
if (NOT "${CMAKE_MATCH_4}" STREQUAL "")
set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})
# message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})")
else()
set(${CMAKE_MATCH_2} 1)
# message("set(${CMAKE_MATCH_2} 1)")
endif()
endforeach()
# If new build options are added please update the cmake/options.h.in
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/options.h.in ${OPTION_FILE})
set_target_properties(wolfssl
PROPERTIES
SOVERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}
@ -2317,7 +2445,7 @@ if(WOLFSSL_EXAMPLES)
PROPERTY RUNTIME_OUTPUT_DIRECTORY
${WOLFSSL_OUTPUT_BASE}/examples/echoserver)
if(NOT WIN32)
if(NOT WIN32 AND NOT WOLFSSL_SINGLE_THREADED)
# Build TLS benchmark example
add_executable(tls_bench
${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c)

108
ChangeLog.md
View File

@ -1,3 +1,111 @@
# wolfSSL Release 5.7.2 (July 08, 2024)
Release 5.7.2 has been developed according to wolfSSL's development and QA
process (see link below) and successfully passed the quality criteria.
https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance
NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
## Vulnerabilities
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24.
Fixed https://github.com/wolfSSL/wolfssl/pull/7020
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute)
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing.
Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702
## New Feature Additions
* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622)
* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569)
* Added CUDA support for AES encryption (PR 7436)
* Added support for gRPC (PR 7445)
* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608)
* Added crypto callback for SHA-3 (PR 7670)
* Support for Infineon Modus Toolbox with wolfSSL (PR 7369)
* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590)
* C# wrapper SNI support added (PR 7610)
* Quantum-safe algorithm support added to the Linux kernel module (PR 7574)
* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589)
* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424)
* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542)
## Enhancements and Optimizations
* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578)
* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393)
* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379)
* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667)
* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612)
* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594)
* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380)
* Improvements for Renesas RZ support (PR 7474)
* Improvements to dual algorithm certificates for post-quantum keys (PR 7286)
* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430)
* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446)
* Changed subject name comparison to match different upper and lower cases (PR 7420)
* Support for DTLS 1.3 downgrade when using PSK (PR 7367)
* Update to static memory build for more generic memory pools used (PR 7418)
* Improved performance of Kyber C implementation (PR 7654)
* Support for ECC_CACHE_CURVE with no malloc (PR 7490)
* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634)
* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362)
* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319)
* Cortex-M inline assembly labels with unique number appended (PR 7649)
* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372)
* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386)
* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315)
* Added stubs required for latest nginx (1.25.5) (PR 7449)
* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552)
* Added PQ files for Windows (PR 7419)
* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597)
* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557)
* Exposed DTLS in Ada wrapper and updated examples (PR 7397)
* Added additional minimum TLS extension size sanity checks (PR 7602)
* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535)
* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599)
* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295)
* XCODE support for v5.2.3 of the FIPS module (PR 7140)
* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191)
## Fixes
* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report
* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389)
* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431)
* Fixed use of %rip with SHA-256 x64 assembly (PR 7409)
* Fixed OCSP response message build for DTLS (PR 7671)
* Handled edge case in wc_ecc_mulmod() with zero (PR 7532)
* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375)
* Added sanity check on record header with QUIC use (PR 7638)
* Added sanity check for empty directory strings in X.509 when parsing (PR 7669)
* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625)
* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693)
* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577)
* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388)
* Added sanity check that the ed25519 signature is smaller than the order (PR 7513)
* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581)
# wolfSSL Release 5.7.0 (Mar 20, 2024)
Release 5.7.0 has been developed according to wolfSSL's development and QA

8
Docker/Dockerfile
View File

@ -6,10 +6,10 @@ USER root
# Set timezone to UTC
RUN ln -snf /usr/share/zoneinfo/UTC /etc/localtime && echo UTC > /etc/timezone
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev libuv1-dev libpam0g-dev valgrind git linux-headers-generic gcc-multilib g++-multilib libpcap-dev bubblewrap gdb iputils-ping lldb bsdmainutils netcat-traditional binutils-arm-linux-gnueabi binutils-aarch64-linux-gnu"
ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git"
ARG DEPS_UDP_PROXY="wget libevent-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev"
ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq"
ARG DEPS_TOOLS="ccache clang-tidy maven"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \
@ -40,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
# Install udp/tcp-proxy
RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
# Install libbacktrace
RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump

2
Docker/Dockerfile.cross-compiler
View File

@ -3,7 +3,7 @@ FROM $DOCKER_BASE_IMAGE
USER root
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu"
ARG DEPS_TESTING="gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gcc-powerpc64-linux-gnu gcc-arm-none-eabi"
RUN DEBIAN_FRONTEND=noninteractive apt update \
&& apt install -y ${DEPS_TESTING} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*

25
Docker/buildAndPush.sh
View File

@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W
docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
((NUM_FAILURES++))
fi
echo "Building wolfssl/wolfCLU:${CUR_DATE}"
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
if [ $? -eq 0 ]; then
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfclu failed. Continuing"
((NUM_FAILURES++))
fi

4
Docker/wolfCLU/Dockerfile
View File

@ -1,9 +1,9 @@
ARG DOCKER_BASE_IMAGE=ubuntu
FROM ubuntu as BUILDER
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat iputils-ping bubblewrap"
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
&& apt install -y ${DEPS_WOLFSSL} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
ARG NUM_CPU=16

4
Docker/yocto/Dockerfile
View File

@ -19,7 +19,9 @@ WORKDIR /opt/poky
ARG YOCTO_VERSION=kirkstone
RUN git checkout -t origin/${YOCTO_VERSION} -b ${YOCTO_VERSION} && git pull
RUN git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
# This arg is to be able to force a rebuild starting from this line
ARG DUMMY=date
RUN DUMMY=${DUMMY} git clone --single-branch --branch=master https://github.com/wolfssl/meta-wolfssl.git && \
/bin/bash -c "source oe-init-build-env" && \
echo 'IMAGE_INSTALL:append = " wolfssl wolfclu wolfssh wolfmqtt wolftpm wolfclu "' >> /opt/poky/build/conf/local.conf && \
sed -i '/\/opt\/poky\/meta-poky \\/a \\t/opt/poky/meta-wolfssl \\' /opt/poky/build/conf/bblayers.conf

4
Docker/yocto/buildAndPush.sh
View File

@ -11,9 +11,9 @@ fi
NUM_FAILURES=0
CUR_DATE=$(date -u +%F)
for ver in kirkstone dunfell; do
for ver in kirkstone langdale scarthgap; do
echo "Building wolfssl/yocto:${ver}-${CUR_DATE} as ${DOCKER_BUILD_OPTIONS}"
docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
docker build -t wolfssl/yocto:${ver}-${CUR_DATE} --build-arg YOCTO_VERSION=${ver} --build-arg BUILD_DATE=${CUR_DATE} -f Dockerfile "${WOLFSSL_DIR}/Docker/yocto" && \
docker tag wolfssl/yocto:${ver}-${CUR_DATE} wolfssl/yocto:${ver}-latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"

2
IDE/ARDUINO/Arduino_README_prepend.md
View File

@ -10,4 +10,6 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

2
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@ -1,6 +1,6 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@ -1,6 +1,6 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

24
IDE/ARDUINO/wolfssl-arduino.sh
View File

@ -29,7 +29,7 @@
ROOT_DIR="/wolfssl"
# The Arduino Version will initially have a suffix appended during fine tuning stage.
WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
WOLFSSL_VERSION_ARUINO_SUFFIX=""
# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
# Do not set to empty string, as copy will fail with this: CP_CMD=""
@ -65,6 +65,11 @@ if ! [ "$CP_CMD" = "cp " ]; then
fi
fi
if [ "$ROOT_DIR" = "" ]; then
echo "ERROR: ROOT_DIR cannot be blank"
exit 1
fi
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
@ -84,6 +89,11 @@ if [ $# -gt 0 ]; then
if [ "$THIS_OPERATION" = "INSTALL" ]; then
THIS_INSTALL_DIR=$2
if [ "$THIS_INSTALL_DIR" = "/" ]; then
echo "ERROR: THIS_INSTALL_DIR cannot be /"
exit 1
fi
echo "Install is active."
if [ "$THIS_INSTALL_DIR" = "" ]; then
@ -300,10 +310,6 @@ echo ""
# Note we should have exited above if a problem was encountered,
# as we'll never want to install a bad library.
if [ "$THIS_OPERATION" = "INSTALL" ]; then
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
else
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
@ -313,7 +319,13 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
echo "Install:"
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Installing to local directory:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1

2
IDE/AURIX/Cpu0_Main.c
View File

@ -1,6 +1,6 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/wolf_main.c
View File

@ -1,6 +1,6 @@
/* wolf_main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/CRYPTOCELL/main.c
View File

@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

3
IDE/CRYPTOCELL/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -401,6 +401,7 @@ extern "C" {
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
/* Note2: XFREE(NULL) must be properly handled */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@ -1,6 +1,6 @@
/* deos_malloc.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

4
IDE/ECLIPSE/DEOS/deos_wolfssl/.project
View File

@ -240,9 +240,9 @@
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_operations.c</locationURI>
</link>
<link>
<name>wolfcrypt/src/fe_x25519_128.i</name>
<name>wolfcrypt/src/fe_x25519_128.h</name>
<type>1</type>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.i</locationURI>
<locationURI>WOLFSSL_ROOT/wolfcrypt/src/fe_x25519_128.h</locationURI>
</link>
<link>
<name>wolfcrypt/src/fp_mont_small.i</name>

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@ -1,6 +1,6 @@
/* tls_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@ -1,6 +1,6 @@
/* tls_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/README.md
View File

@ -40,7 +40,7 @@ The folder hierarchy is the same as the wolfSSL folders with an exception of the
4. Right click on each folders, add or link all the source code in the corresponding folder in wolfSSL.
5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
5. Remove non-C platform dependent files from your build. At the moment, only aes_asm.asm, aes_gcm_asm.asm, aes_xts_asm.asm and aes_asm.s must be removed from your wolfssl/wolfcrypt/src folder.
6. In your C/C++ compiler preprocessor settings, add the wolfSSL directories to your include paths.
Here's an example of the paths that must be added.

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@ -1,6 +1,6 @@
/* client_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@ -1,6 +1,6 @@
/* client_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@ -1,6 +1,6 @@
/* server_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@ -1,6 +1,6 @@
/* server_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
View File

@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

30
IDE/Espressif/ESP-IDF/README.md
View File

@ -1,8 +1,8 @@
# ESP-IDF Port
These Espressif examples have been created and tested with the latest stable release branch of
[ESP-IDF V5.1](https://docs.espressif.com/projects/esp-idf/en/release-v5.1/esp32/get-started/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended.
[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
@ -44,6 +44,28 @@ default configuration items in the wolfssl `settings.h`. With the latest version
wolfSSL, some of these defaults can be disabled with `NO_ESPIDF_DEFAULT` and customized
in your project `user_settings.h` as desired.
The `user_settings.h` include file should not be explicitly included in an project source files. Be
sure to include `settings.h` (which pulls in `user_settings.h`) before any other wolfSSL include files.
A new project should also include a compiler option suc as `CFLAGS +=-DWOLFSSL_USER_SETTINGS"` to ensure
the `user_settings.h` is included properly. See the [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/main/main.c).
```
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
```
See the respective project directory:
`[project-dir]/components/wolfssl/user_settings.h`
@ -116,7 +138,7 @@ See the specific examples for additional details.
## Setup for Linux (wolfSSL local copy)
This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
@ -124,7 +146,7 @@ This is a legacy method for installation. It is recommended to use the new `CMak
## Setup for Windows
This is a legacy method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run ESP-IDF Command Prompt (cmd.exe) or Run ESP-IDF PowerShell Environment
2. Run `setup_win.bat` at `.\IDE\Espressif\ESP-IDF\`

2
IDE/Espressif/ESP-IDF/dummy_config_h
View File

@ -1,6 +1,6 @@
/* config.h - dummy
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/Espressif/ESP-IDF/dummy_test_paths.h
View File

@ -1,6 +1,6 @@
/* wolfcrypt/test/test_paths.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

4
IDE/Espressif/ESP-IDF/examples/README.md
View File

@ -10,9 +10,9 @@ These are the core examples for wolfSSL:
- [Test](./wolfssl_test/README.md)
- [TLS Client](./wolfssl_client/README.md)
- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
- [TLS Server](./wolfssl_server/README.md)
- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
## Other Espressif wolfSSL Examples

6
IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj
View File

@ -18,7 +18,7 @@
<ToolchainID>
<ID>com.visualgdb.xtensa-esp32-elf</ID>
<Version>
<GCC>12.2.0</GCC>
<GCC>13.2.0</GCC>
<GDB>12.1</GDB>
<Revision>1</Revision>
</Version>
@ -67,8 +67,8 @@
<EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
<ESPIDFExtension>
<IDFCheckout>
<Version>release/v5.1</Version>
<Subdirectory>esp-idf/v5.1</Subdirectory>
<Version>release/v5.2</Version>
<Subdirectory>esp-idf/v5.2</Subdirectory>
<Type>ESPIDF</Type>
</IDFCheckout>
<COMPort>COM37</COMPort>

18
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@ -45,6 +45,11 @@ else()
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
@ -158,8 +163,8 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
esp_timer
driver # this will typically only be needed for wolfSSL benchmark
# esp_timer
# driver # this will typically only be needed for wolfSSL benchmark
)
else()
@ -363,6 +368,10 @@ else()
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
"${THIS_IDF_PATH}/components/esp_event/include"
"${THIS_IDF_PATH}/components/esp_netif/include"
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
@ -384,7 +393,10 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""

299
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -19,12 +19,22 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This user_settings.h is for Espressif ESP-IDF */
#include <sdkconfig.h>
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
*/
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* The Espressif sdkconfig will have chipset info.
**
** Possible values:
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
@ -36,18 +46,54 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
#define NO_ESP_SDK_WIFI
/* Experimental Kyber */
#if 0
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#endif
/*
* choose ONE of these Espressif chips to define:
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*/
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
#define NO_SESSION_CACHE
/* Small Stack uses more heap. */
#define WOLFSSL_SMALL_STACK
/* Full debugging turned off, but show malloc failure detail */
/* #define DEBUG_WOLFSSL */
#define DEBUG_WOLFSSL_MALLOC
/* See test.c that sets cert buffers; we'll set them here: */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
#define WOLFSSL_ESP32
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
@ -61,7 +107,6 @@
/* #define NO_OLD_TLS */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048
/* TLS 1.3 */
#define WOLFSSL_TLS13
@ -79,7 +124,9 @@
#define HAVE_AESGCM
#define WOLFSSL_RIPEMD
/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
/* #define WOLFSSL_RIPEMD */
/* when you want to use SHA224 */
#define WOLFSSL_SHA224
@ -92,22 +139,31 @@
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* Reminder: ED25519 requires SHA512 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#endif
#define HAVE_ED25519
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* when you want to use pkcs7 */
/* #Optional HAVE_PKCS7 */
/* #define HAVE_PKCS7 */
#define HAVE_PKCS7
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
#define NO_PBKDF2
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
@ -127,27 +183,11 @@
/* #define CUSTOM_SLOT_ALLOCATION */
#endif
/* RSA primitive specific definition */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Define USE_FAST_MATH and SMALL_STACK */
#define ESP32_USE_RSA_PRIMITIVE
/* WC_NO_CACHE_RESISTANT: slower but more secure */
/* #define WC_NO_CACHE_RESISTANT */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#define RSA_LOW_MEM
/* TFM_TIMING_RESISTANT: slower but more secure */
/* #define TFM_TIMING_RESISTANT */
/* #define WOLFSSL_ATECC508A_DEBUG */
@ -159,9 +199,10 @@
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x249F00
#define ESP_RSA_TIMEOUT_CNT 0x349F00
#define HASH_SIZE_LIMIT /* for test.c */
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
/* USE_FAST_MATH is default */
#define USE_FAST_MATH
@ -170,6 +211,7 @@
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
/***** Use Integer Heap Math *****/
/* #undef USE_FAST_MATH */
@ -205,7 +247,7 @@
#undef WOLFSSL_SYS_CA_CERTS
*/
/*
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
@ -213,10 +255,14 @@
--enable-asn-template
*/
/* Default is HW enabled unless turned off.
** Uncomment these lines to force SW instead of HW acceleration */
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -234,6 +280,7 @@
/***** END CONFIG_IDF_TARGET_ESP32 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S2)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -246,6 +293,7 @@
/***** END CONFIG_IDF_TARGET_ESP32S2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S3)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -259,6 +307,7 @@
#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
#define WOLFSSL_ESP32
/* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
* single QFN 4x4 mm package. Out of released documentation, Technical
* Reference Manual as well as ESP-IDF Programming Guide is applicable
@ -284,6 +333,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C3)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
@ -301,6 +351,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C3 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C6)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
@ -317,6 +368,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C6 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32H2)
#define WOLFSSL_ESP32
/* wolfSSL Hardware Acceleration not yet implemented */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@ -325,21 +377,63 @@
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO: Revisit ESP8266 */
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
/* There's no Hardware Acceleration available on ESP8684 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW accleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */
/* RSA primitive specific definition, listed AFTER the Chipset detection */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Consider USE_FAST_MATH and SMALL_STACK */
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#endif
#endif
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#endif
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
@ -353,14 +447,26 @@
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define ESP_DISABLE_HW_TASK_LOCK
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
*/
#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
/* Pause in a loop rather than exit. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE
#define WOLFSSL_HW_METRICS
/* #define HASH_SIZE_LIMIT */ /* for test.c */
/* for test.c */
/* #define HASH_SIZE_LIMIT */
/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
/* Optionally turn off HW math checks */
/* #define NO_HW_MATH_TEST */
/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
@ -383,8 +489,8 @@
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
#define WOLFSSL_PUBLIC_MP /* used by benchmark */
#define USE_CERT_BUFFERS_2048
/* used by benchmark: */
#define WOLFSSL_PUBLIC_MP
/* when turning on ECC508 / ECC608 support
#define WOLFSSL_ESPWROOM32SE
@ -393,12 +499,75 @@
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
* examples such as the client and server for certs stored in header files.
*
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
* USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
* WOLFSSL_SM[2,3,4] - SM Ciphers
*
* For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
* wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
*
* ret = wolfSSL_CTX_load_verify_buffer(ctx,
* CTX_CA_CERT,
* CTX_CA_CERT_SIZE,
* CTX_CA_CERT_TYPE);
*
* See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
*
* In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
* defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
* array size and cert type respectively.
*
* Similarly for loading the private client key:
*
* ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
* CTX_CLIENT_KEY,
* CTX_CLIENT_KEY_SIZE,
* CTX_CLIENT_KEY_TYPE);
*
* see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
*
* Similarly, the other macros are for server certificates and keys:
* `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
*
* The certificate and key names are typically `static const unsigned char`
* arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
* are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
*
* See `SSL_FILETYPE_[name]` in
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
*
* See Abstract Syntax Notation One (ASN.1) in:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
*
* Optional SM4 Ciphers:
*
* Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
* be available. See:
* https://github.com/wolfSSL/wolfssl/pull/6825
* https://github.com/wolfSSL/wolfsm
*
* Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
*/
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
/* Conditional macros used in wolfSSL TLS client and server examples */
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
#include <wolfssl/certs_test_sm.h>
#define CTX_CA_CERT root_sm2
@ -414,15 +583,49 @@
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16
#else
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_2048
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_2048
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_CERT client_cert_der_2048
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_2048
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_CERT client_cert_der_1024
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_1024
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_1024
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_1024
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#else
/* Optionally define custom cert arrays, sizes, and types here */
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */

2
IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
View File

@ -1,6 +1,6 @@
/* template main.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

35
IDE/Espressif/ESP-IDF/examples/template/main/main.c
View File

@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -23,7 +23,22 @@
#include <esp_log.h>
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
/* project */
#include "main.h"
@ -32,18 +47,32 @@ static const char* const TAG = "My Project";
void app_main(void)
{
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
int ret = 0;
#endif
ESP_LOGI(TAG, "Hello wolfSSL!");
#ifdef HAVE_VERSION_EXTENDED_INFO
esp_ShowExtendedSystemInfo();
ret = esp_ShowExtendedSystemInfo();
#endif
#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
esp_hw_show_metrics();
ret += esp_hw_show_metrics();
#endif
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
if (ret == 0) {
ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
}
else {
ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
}
#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
#else
ESP_LOGI(TAG, "\n\nDone!"
"If running from idf.py monitor, press twice: Ctrl+]\n\n"
"WOLFSSL_COMPLETE\n" /* exit keyword for wolfssl_monitor.py */
);
#endif
}

20
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
View File

@ -5,6 +5,7 @@
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.16)
add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@ -21,13 +22,20 @@ cmake_minimum_required(VERSION 3.16)
#
# Optionally specify a location for wolfSSL component source code
# set(WOLFSSL_ROOT "c:/test/blogtest/wolfssl" )
# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
#
#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
#else()
# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
#endif()
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
set(COMPONENTS
main
wolfssl
) # set components
project(wolfssl_benchmark)

7
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
View File

@ -3,9 +3,10 @@
# project subdirectory.
#
PROJECT_NAME := wolfssl_benchmark
CFLAGS += -DWOLFSSL_USER_SETTINGS
# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
PROJECT_NAME := wolfssl_benchmark
include $(IDF_PATH)/make/project.mk

7
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
View File

@ -19,6 +19,13 @@ other local port to `COM20` as needed:
change port com20=com23
```
## Bulk Testing
If you have a test jig with multiple ESP32 devices and you'd like to run this wolfcrypt benchmark on all of them, check out
the `testAll.sh` and `testMonitor.sh` scripts in the [../wolfssl_test](../wolfssl_test/README.md) directory. Copy those
bash script files to this project. See the `esp32[NN]_PORT` and `esp32[NN]_PUTTY` settings in `testMonitor.sh` that will
be machine-specific.
## VisualGDB
Open the VisualGDB Visual Studio Project file in the VisualGDB directory and click the "Start" button.

10
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.vgdbproj
View File

@ -18,9 +18,9 @@
<ToolchainID>
<ID>com.visualgdb.xtensa-esp32-elf</ID>
<Version>
<GCC>11.2.0</GCC>
<GDB>9.2.90</GDB>
<Revision>2</Revision>
<GCC>13.2.0</GCC>
<GDB>12.1</GDB>
<Revision>1</Revision>
</Version>
</ToolchainID>
<RelativeSourceDirectory>..</RelativeSourceDirectory>
@ -67,8 +67,8 @@
<EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
<ESPIDFExtension>
<IDFCheckout>
<Version>release/v5.0</Version>
<Subdirectory>esp-idf/v5.0</Subdirectory>
<Version>release/v5.2</Version>
<Subdirectory>esp-idf/v5.2</Subdirectory>
<Type>ESPIDF</Type>
</IDFCheckout>
<COMPort>COM20</COMPort>

281
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@ -19,16 +19,95 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.6.0.011 for detect test/benchmark
# Version 5.7.0 template update + THIS_IDF_PATH
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
cmake_minimum_required(VERSION 3.16)
set(VERBOSE_COMPONENT_MESSAGES 1)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Don't include lwip requirement for benchmark and test apps.
if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
endif()
# find the user name to search for possible "wolfssl-username"
message(STATUS "USERNAME = $ENV{USERNAME}")
@ -45,6 +124,11 @@ else()
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
@ -71,11 +155,17 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
endif()
endfunction()
# *********************************************************************************************
# function: FIND_WOLFSSL_DIRECTORY
# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
#
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
@ -83,14 +173,22 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
endif()
endif()
else()
get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via prior specification.")
else()
message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif()
endif()
# we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
@ -109,16 +207,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
return()
endif()
# Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
if( THIS_USER )
# Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
#if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl-master"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
@ -138,7 +267,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
# when the search directory is empty, we'll give up
# When the parent is current directory, cannot go any further. We didn't find wolfssl.
# When the search directory is empty, we'll give up.
set(CURRENT_SEARCH_DIR "")
endif()
endwhile()
@ -149,17 +279,47 @@ endfunction()
# Example usage:
#
# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
#
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
esp_timer
driver # this will typically only be needed for wolfSSL benchmark
${THIS_INCLUDE_TIMER}
${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
)
else()
@ -171,25 +331,53 @@ else()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
if(FOUND_WOLFSSL)
message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
else()
message(STATUS "NEW wolfssl directory not found.")
# WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
"Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
# Abort CMake after fatal error.
endif()
else()
message(STATUS "Searching for wolfSL source code...")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
message(STATUS "Failed: wolfssl directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
"Try setting WOLFSSL_ROOT environment variable or git clone.")
message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
# Abort CMake after fatal error.
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
# During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
set(USE_LOCAL_TEST_BENCH 0)
if(NOT USE_LOCAL_TEST_BENCH)
if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
endif()
endif()
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
@ -200,16 +388,19 @@ else()
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h is in the local project.
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
# add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
file(GLOB EXCLUDE_ASM *.S)
file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@ -232,11 +423,13 @@ else()
message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
message(STATUS "")
message(STATUS "**************************************************************************************")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
# Abort CMake after fatal error.
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@ -286,6 +479,7 @@ else()
message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
"${WOLFSSL_ROOT}/include/user_settings.h "
" (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
# Abort CMake after fatal error.
else()
# we won't overwrite an existing user settings file, just note that we already have one:
if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@ -355,17 +549,22 @@ else()
message(STATUS "Could not find RTOS path")
endif()
endif()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
"${THIS_IDF_PATH}/components/esp_event/include"
"${THIS_IDF_PATH}/components/esp_netif/include"
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
# Optionally include cryptoauthlib if present
if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
endif()
@ -374,7 +573,7 @@ else()
list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
# Some files are known to be included elsewhere, or not used for Espressif
set(COMPONENT_SRCEXCLUDE
"\"${WOLFSSL_ROOT}/src/bio.c\""
"\"${WOLFSSL_ROOT}/src/conf.c\""
@ -384,9 +583,14 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@ -423,17 +627,34 @@ else()
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
PRIV_REQUIRES
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
# some optional diagnostics
if (1)
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
if ( ("${_variableName}" STREQUAL "bootloader_binary_files")
OR ("${_variableName}" STREQUAL "Component paths")
OR ("${_variableName}" STREQUAL "component_targets")
OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
OR ("${_variableName}" STREQUAL "val")
OR ("${_variableName}" MATCHES "^__idf_")
)
# Truncate the displayed value:
string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
else()
message(STATUS "${_variableName}=${${_variableName}}")
endif()
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
@ -520,6 +741,8 @@ if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")

232
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@ -17,24 +17,224 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
#
# Component Makefile
#
#
# The Espressif Managed Components are only for newer versions of the ESP-IDF
# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
# https://components.espressif.com/
#
# Usage:
#
# make flash
#
# make flash ESPPORT=/dev/ttyS55
#
# make flash ESPBAUD=9600
#
# make monitor ESPPORT=COM1
#
# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
#
# export ESPPORT=/dev/ttyS55
#
# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
#
COMPONENT_ADD_INCLUDEDIRS := . ./include
COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/components/freertos/include/freertos"
# COMPONENT_ADD_INCLUDEDIRS += "$ENV{IDF_PATH}/soc/esp32s3/include/soc"
COMPONENT_SRCDIRS := src wolfcrypt/src
COMPONENT_SRCDIRS += wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += wolfcrypt/src/port/atmel
COMPONENT_SRCDIRS += wolfcrypt/benchmark
COMPONENT_SRCDIRS += wolfcrypt/test
# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
COMPONENT_OBJEXCLUDE := wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += src/bio.o
# In the wolfSSL GitHub examples for Espressif,
# the root is 7 directories up from here:
WOLFSSL_ROOT := ../../../../../../../
# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
# WOLFSSL_ROOT := ""
COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
COMPONENT_SRCDIRS += include
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
##
## wolfSSL
##
COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
# COMPONENT_OBJS += src/conf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
# COMPONENT_OBJS += src/pk.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
# COMPONENT_OBJS += src/ssl_asn1.o
# COMPONENT_OBJS += src/ssl_bn.o
# COMPONENT_OBJS += src/ssl_certman.o
# COMPONENT_OBJS += src/ssl_crypto.o
# COMPONENT_OBJS += src/ssl_misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
# COMPONENT_OBJS += src/x509.o
# COMPONENT_OBJS += src/x509_str.o
##
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
##
## Espressif
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
##
## wolfcrypt benchmark (optional)
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
##
## wolfcrypt test (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
##
## wolfcrypt
##
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src

404
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -19,12 +19,22 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This user_settings.h is for Espressif ESP-IDF */
#include <sdkconfig.h>
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
*/
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* The Espressif sdkconfig will have chipset info.
**
** Possible values:
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
@ -36,18 +46,175 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
#define NO_ESP_SDK_WIFI
/* Experimental Kyber */
#if 0
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#endif
/*
* choose ONE of these Espressif chips to define:
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*/
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32
/* See below for chipset detection from sdkconfig.h */
#define WOLFSSL_ESP32
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
#define NO_SESSION_CACHE
/* Small Stack uses more heap. */
#define WOLFSSL_SMALL_STACK
/* Full debugging turned off, but show malloc failure detail */
/* #define DEBUG_WOLFSSL */
#define DEBUG_WOLFSSL_MALLOC
/* See test.c that sets cert buffers; we'll set them here: */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* Uncommon settings for testing only */
#define TEST_ESPIDF_ALL_WOLFSSL
#ifdef TEST_ESPIDF_ALL_WOLFSSL
#define WOLFSSL_MD2
#define HAVE_BLAKE2
#define HAVE_BLAKE2B
#define HAVE_BLAKE2S
#define WC_RC2
#define WOLFSSL_ALLOW_RC4
#define HAVE_POLY1305
#define WOLFSSL_AES_128
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_CFB
#define WOLFSSL_AES_XTS
/* #define WC_SRTP_KDF */
/* TODO Causes failure with Espressif AES HW Enabled */
/* #define HAVE_AES_ECB */
/* #define HAVE_AESCCM */
/* TODO sanity check when missing HAVE_AES_ECB */
#define WOLFSSL_WOLFSSH
#define HAVE_AESGCM
#define WOLFSSL_AES_COUNTER
#define HAVE_FFDHE
#define HAVE_FFDHE_2048
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO Full size SRP is disabled on the ESP8266 at this time.
* Low memory issue? */
#define WOLFCRYPT_HAVE_SRP
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#elif defined(CONFIG_IDF_TARGET_ESP32) || \
defined(CONFIG_IDF_TARGET_ESP32S2) || \
defined(CONFIG_IDF_TARGET_ESP32S3)
/* TODO: SRP Not enabled, known to fail on this target
* See https://github.com/wolfSSL/wolfssl/issues/7210 */
#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
defined(CONFIG_IDF_TARGET_ESP32H2)
/* SRP Known to be working on this target::*/
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#else
/* For everything else, give a try and see if SRP working: */
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_DH
/* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
* Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
/* #define HAVE_CAMELLIA */
/* DSA requires old SHA */
#define HAVE_DSA
/* Needs SHA512 ? */
#define HAVE_HPKE
/* Not for Espressif? */
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP32H2) || \
defined(CONFIG_IDF_TARGET_ESP8266)
#if defined(CONFIG_IDF_TARGET_ESP8266)
#undef HAVE_ECC
#undef HAVE_ECC_CDH
#undef HAVE_CURVE25519
/* TODO does CHACHA also need alignment? Failing on ESP8266
* See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
#ifdef HAVE_CHACHA
#error "HAVE_CHACHA not supported on ESP8266"
#endif
#ifdef HAVE_XCHACHA
#error "HAVE_XCHACHA not supported on ESP8266"
#endif
#else
#define HAVE_XCHACHA
#define HAVE_CHACHA
/* TODO Not enabled at this time, needs further testing:
* #define WC_SRTP_KDF
* #define HAVE_COMP_KEY
* #define WOLFSSL_HAVE_XMSS
*/
#endif
/* TODO AES-EAX not working on this platform */
/* Optionally disable DH
* #undef HAVE_DH
* #undef HAVE_FFDHE
*/
/* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
#ifndef HAVE_ECC
#define ECC_SHAMIR
#endif
#else
#define WOLFSSL_AES_EAX
#define ECC_SHAMIR
#endif
/* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
/* #define WOLFSSL_CAAM */
/* #define WOLFSSL_CAAM_BLOB */
#define WOLFSSL_AES_SIV
#define WOLFSSL_CMAC
#define WOLFSSL_CERT_PIV
/* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
/* #define HAVE_SCRYPT */
#define SCRYPT_TEST_ALL
#define HAVE_X963_KDF
#endif
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
@ -61,7 +228,6 @@
/* #define NO_OLD_TLS */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048
/* TLS 1.3 */
#define WOLFSSL_TLS13
@ -79,7 +245,9 @@
#define HAVE_AESGCM
#define WOLFSSL_RIPEMD
/* Optional RIPEMD: RACE Integrity Primitives Evaluation Message Digest */
/* #define WOLFSSL_RIPEMD */
/* when you want to use SHA224 */
#define WOLFSSL_SHA224
@ -95,24 +263,34 @@
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#endif
#define HAVE_ED25519
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* when you want to use pkcs7 */
/* #define HAVE_PKCS7 */
/* #Optional HAVE_PKCS7 */
#define HAVE_PKCS7
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
#define NO_PBKDF2
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
#endif
/* when you want to use aes counter mode */
/* when you want to use AES counter mode */
/* #define WOLFSSL_AES_DIRECT */
/* #define WOLFSSL_AES_COUNTER */
@ -126,27 +304,11 @@
/* #define CUSTOM_SLOT_ALLOCATION */
#endif
/* rsa primitive specific definition */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Define USE_FAST_MATH and SMALL_STACK */
#define ESP32_USE_RSA_PRIMITIVE
/* WC_NO_CACHE_RESISTANT: slower but more secure */
/* #define WC_NO_CACHE_RESISTANT */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#define RSA_LOW_MEM
/* TFM_TIMING_RESISTANT: slower but more secure */
/* #define TFM_TIMING_RESISTANT */
/* #define WOLFSSL_ATECC508A_DEBUG */
@ -206,7 +368,7 @@
#undef WOLFSSL_SYS_CA_CERTS
*/
/*
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
@ -214,10 +376,14 @@
--enable-asn-template
*/
/* Default is HW enabled unless turned off.
** Uncomment these lines to force SW instead of HW acceleration */
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -235,6 +401,7 @@
/***** END CONFIG_IDF_TARGET_ESP32 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S2)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -247,6 +414,7 @@
/***** END CONFIG_IDF_TARGET_ESP32S2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32S3)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@ -260,6 +428,7 @@
#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
#define WOLFSSL_ESP32
/* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
* single QFN 4x4 mm package. Out of released documentation, Technical
* Reference Manual as well as ESP-IDF Programming Guide is applicable
@ -285,6 +454,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C3)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
@ -302,6 +472,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C3 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32C6)
#define WOLFSSL_ESP32
/* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
@ -318,6 +489,7 @@
/***** END CONFIG_IDF_TARGET_ESP32C6 *****/
#elif defined(CONFIG_IDF_TARGET_ESP32H2)
#define WOLFSSL_ESP32
/* wolfSSL Hardware Acceleration not yet implemented */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@ -326,7 +498,11 @@
/***** END CONFIG_IDF_TARGET_ESP32H2 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO: Revisit ESP8266 */
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
@ -343,13 +519,42 @@
#else
/* Anything else encountered, disable HW accleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */
/* RSA primitive specific definition, listed AFTER the Chipset detection */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Consider USE_FAST_MATH and SMALL_STACK */
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#endif
#endif
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#endif
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
@ -363,6 +568,14 @@
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define ESP_DISABLE_HW_TASK_LOCK
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
*/
/* Pause in a loop rather than exit. */
@ -396,8 +609,9 @@
** [Z = X * Y mod M] in esp_mp_mulmod() */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
#define WOLFSSL_PUBLIC_MP /* used by benchmark */
#define USE_CERT_BUFFERS_2048
/* used by benchmark: */
#define WOLFSSL_PUBLIC_MP
/* when turning on ECC508 / ECC608 support
#define WOLFSSL_ESPWROOM32SE
@ -406,12 +620,75 @@
#define ATCA_WOLFSSL
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm
/***************************** Certificate Macros *****************************
*
* The section below defines macros used in typically all of the wolfSSL
* examples such as the client and server for certs stored in header files.
*
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
* USE_CERT_BUFFERS_2048 - RSA 2048 bit encoded ASN1
* WOLFSSL_SM[2,3,4] - SM Ciphers
*
* For example: define USE_CERT_BUFFERS_2048 to use CA Certs used in this
* wolfSSL function for the `ca_cert_der_2048` buffer, size and types:
*
* ret = wolfSSL_CTX_load_verify_buffer(ctx,
* CTX_CA_CERT,
* CTX_CA_CERT_SIZE,
* CTX_CA_CERT_TYPE);
*
* See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
*
* In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
* defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
* array size and cert type respectively.
*
* Similarly for loading the private client key:
*
* ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
* CTX_CLIENT_KEY,
* CTX_CLIENT_KEY_SIZE,
* CTX_CLIENT_KEY_TYPE);
*
* see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
*
* Similarly, the other macros are for server certificates and keys:
* `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
*
* The certificate and key names are typically `static const unsigned char`
* arrays. The [NAME]_size are typically `sizeof([array name])`, and the types
* are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
*
* See `SSL_FILETYPE_[name]` in
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
*
* See Abstract Syntax Notation One (ASN.1) in:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
*
* Optional SM4 Ciphers:
*
* Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
* be available. See:
* https://github.com/wolfSSL/wolfssl/pull/6825
* https://github.com/wolfSSL/wolfsm
*
* Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
*/
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
/* Conditional macros used in wolfSSL TLS client and server examples */
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
#include <wolfssl/certs_test_sm.h>
#define CTX_CA_CERT root_sm2
@ -427,24 +704,49 @@
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16
#else
#define USE_CERT_BUFFERS_2048
#define USE_CERT_BUFFERS_256
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_2048
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_2048
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_2048
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/
#define CTX_CLIENT_CERT client_cert_der_2048
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_2048
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_2048
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_2048
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_CERT client_cert_der_1024
#define CTX_CLIENT_CERT_SIZE sizeof_client_cert_der_1024
#define CTX_CLIENT_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_CLIENT_KEY client_key_der_1024
#define CTX_CLIENT_KEY_SIZE sizeof_client_key_der_1024
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_CERT server_cert_der_1024
#define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_1024
#define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
#define CTX_SERVER_KEY server_key_der_1024
#define CTX_SERVER_KEY_SIZE sizeof_server_key_der_1024
#define CTX_SERVER_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#else
/* Optionally define custom cert arrays, sizes, and types here */
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */

3
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
View File

@ -3,6 +3,7 @@
#
# This Makefile can be left empty. By default, it will take the sources in the
# src/ directory, compile them and link them into lib(subdirectory_name).a
# in the build directory. This behaviour is entirely configurable,
# in the build directory. This behavior is entirely configurable,
# please read the ESP-IDF documents if you need to do this.
#
# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)

2
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
View File

@ -1,6 +1,6 @@
/* benchmark main.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

73
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
View File

@ -1,6 +1,6 @@
/* benchmark main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -20,8 +20,8 @@
*/
/* ESP-IDF */
#include <esp_log.h>
#include "sdkconfig.h"
#include <esp_log.h>
/* wolfSSL */
/* The wolfSSL user_settings.h file is automatically included by the settings.h
@ -29,6 +29,7 @@
* The settings.h should also be listed above wolfssl library include files. */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#ifndef WOLFSSL_ESPIDF
#error "Problem with wolfSSL user_settings. " \
@ -40,10 +41,24 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/benchmark/benchmark.h>
/* Hardware; include after other libraries,
* particularly after freeRTOS from settings.h */
#include <driver/uart.h>
/* set to 0 for one benchmark,
** set to 1 for continuous benchmark loop */
#define BENCHMARK_LOOP 0
#define THIS_MONITOR_UART_RX_BUFFER_SIZE 200
#ifdef CONFIG_ESP8266_XTAL_FREQ_26
/* 26MHz crystal: 74880 bps */
#define THIS_MONITOR_UART_BAUD_DATE 74880
#else
/* 40MHz crystal: 115200 bps */
#define THIS_MONITOR_UART_BAUD_DATE 115200
#endif
/* check BENCH_ARGV in sdkconfig to determine need to set WOLFSSL_BENCH_ARGV */
#ifdef CONFIG_BENCH_ARGV
#define WOLFSSL_BENCH_ARGV CONFIG_BENCH_ARGV
@ -199,17 +214,42 @@ void app_main(void)
{
int stack_start = 0;
uart_config_t uart_config = {
.baud_rate = THIS_MONITOR_UART_BAUD_DATE,
.data_bits = UART_DATA_8_BITS,
.parity = UART_PARITY_DISABLE,
.stop_bits = UART_STOP_BITS_1,
};
esp_err_t ret = 0;
stack_start = esp_sdk_stack_pointer();
/* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
* UART_PIN_NO_CHANGE, UART_PIN_NO_CHANGE); */
/* Some targets may need to have UART speed set, such as ESP8266 */
ESP_LOGI(TAG, "UART init");
uart_param_config(UART_NUM_0, &uart_config);
uart_driver_install(UART_NUM_0,
THIS_MONITOR_UART_RX_BUFFER_SIZE, 0, 0, NULL, 0);
ESP_LOGI(TAG, "---------------- wolfSSL Benchmark Example -------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "Stack Start: 0x%x", stack_start);
#ifdef WOLFSSL_ESP_NO_WATCHDOG
ESP_LOGW(TAG, "Found WOLFSSL_ESP_NO_WATCHDOG, disabling...");
esp_DisableWatchdog();
#endif
#if defined(HAVE_VERSION_EXTENDED_INFO) && defined(WOLFSSL_HAS_METRICS)
esp_ShowExtendedSystemInfo();
#endif
/* all platforms: stack high water mark check */
ESP_LOGI(TAG, "app_main CONFIG_BENCH_ARGV = %s", WOLFSSL_BENCH_ARGV);
/* when using atecc608a on esp32-wroom-32se */
@ -238,7 +278,7 @@ void app_main(void)
do {
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
wolf_benchmark_task();
wolf_benchmark_task(); /* TODO capture return value! */
ESP_LOGI(TAG, "Stack used: %d\n",
stack_start - uxTaskGetStackHighWaterMark(NULL));
@ -255,8 +295,33 @@ void app_main(void)
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
#endif
#ifdef WOLFSSL_ESPIDF_EXIT_MESSAGE
/* note wolfCrypt_Cleanup() should always be called when finished.
** This is called at the end of wolf_test_task();
*/
#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
esp_hw_show_mp_metrics();
#endif
#ifdef INCLUDE_uxTaskGetStackHighWaterMark
ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
- (uxTaskGetStackHighWaterMark(NULL)));
#endif
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
if (ret == 0) {
ESP_LOGI(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Success!", ret));
}
else {
ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
}
#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
#else
ESP_LOGI(TAG, "\n\nDone!\n\n"
"If running from idf.py monitor, press twice: Ctrl+]");
#endif
/* after the test, we'll just wait */

65
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
View File

@ -1,34 +1,87 @@
# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
CONFIG_BENCH_ARGV="-lng 0"
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size
# Default main stack size. See user_settings.h
#
# This is typically way bigger than needed for stack size. See user_settings.h
#
CONFIG_ESP_MAIN_TASK_STACK_SIZE=55500
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=55500
CONFIG_MAIN_TASK_STACK_SIZE=10500
#
# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
CONFIG_NEWLIB_NANO_FORMAT=n
#
# Watchdog Timers
#
# We don't want to have the watchdog timeout during tests
# We don't want to have the watchdog timeout during tests & benchmarks
#
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
# Panic & Watchdog
CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
CONFIG_ESP_TASK_WDT_EN=n
CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
CONFIG_ESP_INT_WDT=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
#
# Compiler options
#
CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
CONFIG_COMPILER_HIDE_PATHS_MACROS=y
# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
# CONFIG_COMPILER_CXX_RTTI is not set
# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
CONFIG_COMPILER_STACK_CHECK=y
# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
# CONFIG_COMPILER_DUMP_RTL_FILES is not set
# end of Compiler options
# We don't know that the min is actually v2,
# but this is the earliest tested.
CONFIG_ESP32C3_REV_MIN_2=y
#
# Partition Table

5
IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
View File

@ -39,6 +39,10 @@
#
PROJECT_NAME := wolfssl_client
# Optionally include component source when print path (needs work to then properly build)
#
# include components/wolfssl/component.mk
MY_PRIVATE_CONFIG ?= n
USE_MY_PRIVATE_WSL_CONFIG ?= n
USE_MY_PRIVATE_MAC_CONFIG ?= n
@ -132,3 +136,4 @@ EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_
# The Standard Espressif IDF include:
include $(IDF_PATH)/make/project.mk

101
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
View File

@ -83,11 +83,75 @@ Reminder that we build with `make` and not `cmake` in VisualGDB.
Build files will be created in `[project directory]\build`
## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266)
See notes below if building a project in a directory other than the examples.
Problems?
- Try deleting any existing `sdkconfig` file and/or `./build` directory to start fresh.
- Be sure the RTOS SDK is installed and properly configured.
## ESP-IDF `make` Commandline (version 3.5 or earlier for the ESP8266)
In-place example build:
```bash
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client
make clean
make
```
When building a in a *different directory*, for example assuming the `wolfssl_client` in the wolfssl examples
directory is copied to the `C:\test\demo` directory in Windows. (aka ` /mnt/c/test/demo` in WSL),
with a clone of wolfSSL `master` branch in `C:\workspace\wolfssl-master`:
```bash
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
```
Modify the project `./components/wolfssl/component.mk` file. Adjust `WOLFSSL_ROOT` setting, in this case to a value of:
`WOLFSSL_ROOT := ../../../../workspace/wolfssl-master`
Ensure the path is *relative* to the project `component.mk` file location and *not* absolute.
Note the location of the component makefile in this case is `c:\test\demo\components\wolfssl\component.mk`.
Thus we need to navigate up 4 parents to the root of `C:\` to find `/mnt/c` in WSL.
Proceed to run `make` from the project directory as usual:
```bash
# setup environment as needed
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
# copy and navigate to project directory
mkdir -p /mnt/c/test/demo
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
cd /mnt/c/test/demo
# Clean
rm -rf ./build
rm sdkconfig
make clean
# Edit ./components/wolfssl/component.mk and set WOLFSSL_ROOT value
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# build the example project
make
```
When using `make` there should be details in the build log to indicate
the assigned path, and the equivalent, fully-qualified path of `WOLFSSL_ROOT`.
```
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
************* wolfssl_client *************
*********** wolfssl component ************
WOLFSSL_ROOT defined: ../../../../workspace/wolfssl-master
WOLFSSL_ROOT actual: /mnt/c/workspace/wolfssl-master
********** end wolfssl component **********
```
@ -158,7 +222,7 @@ Command:
```
cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
idf.py flash -p /dev/ttyS19 -b 115200 monitor
```
@ -185,4 +249,33 @@ I hear you fa shizzle!
./examples/server/server -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/server-sm2.pem -k ./certs/sm2/server-sm2-priv.pem -A ./certs/sm2/client-sm2.pem -V
```
#### Linux Client using Kyber to ESP32 Server
```
# Ensure build with Kyber enabled:
# ./configure --enable-kyber=all --enable-experimental && make
./examples/client/client -h 192.168.1.38 -v 4 -l TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
```
#### ESP32 Client to WSL Linux Server
In Windows Powershell, (elevated permissions) forward the port _after_ starting the listening server:
```bash
netsh interface portproxy add v4tov4 listenport=11111 listenaddress=0.0.0.0 connectport=11111 connectaddress=127.0.0.1
```
After the server exits, remove the port proxy forward:
```bash
netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
```
For additional information, see [Accessing network applications with WSL](https://learn.microsoft.com/en-us/windows/wsl/networking).
## Additional Information
See the README.md file in the upper level 'examples' directory for [more information about examples](../README.md).

6
IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_client_IDF_v5_ESP32.vgdbproj
View File

@ -18,7 +18,7 @@
<ToolchainID>
<ID>com.visualgdb.xtensa-esp32-elf</ID>
<Version>
<GCC>12.2.0</GCC>
<GCC>13.2.0</GCC>
<GDB>12.1</GDB>
<Revision>1</Revision>
</Version>
@ -67,8 +67,8 @@
<EnableFastUpToDateCheck>true</EnableFastUpToDateCheck>
<ESPIDFExtension>
<IDFCheckout>
<Version>release/v5.1</Version>
<Subdirectory>esp-idf/v5.1</Subdirectory>
<Version>release/v5.2</Version>
<Subdirectory>esp-idf/v5.2</Subdirectory>
<Type>ESPIDF</Type>
</IDFCheckout>
<COMPort>COM19</COMPort>

18
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@ -45,6 +45,11 @@ else()
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
@ -363,6 +368,10 @@ else()
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
${THIS_IDF_PATH}/components/esp_event/include
${THIS_IDF_PATH}/components/esp_netif/include
${THIS_IDF_PATH}/components/esp_wifi/include
)
@ -374,7 +383,7 @@ else()
list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
# Some files are known to be included elsewhere, or not used for Espressif
set(COMPONENT_SRCEXCLUDE
"\"${WOLFSSL_ROOT}/src/bio.c\""
"\"${WOLFSSL_ROOT}/src/conf.c\""
@ -384,9 +393,14 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_load.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_p7p12.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""

76
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2023 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@ -18,6 +18,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
$(info *********** wolfssl component ************)
#
# Component Makefile
#
@ -48,17 +50,61 @@
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
# Note that 4 source files created by autogen are excluded here.
#
# See these files commented out, below. Adjust as needed for your application:
#
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
# In the wolfSSL GitHub examples for Espressif:
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here:
# The root is 7 directories up from here (the location of of this component.mk):
WOLFSSL_ROOT := ../../../../../../..
# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
# To set the location of a different location, it is best to use relative paths.
#
# Set WOLFSSL_ROOT to a relative path from the current component directory.
# For example, if the wolfssl_client is copied from the examples to test:
#
# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
#
# we run make in /mnt/c/test/demo
# component is in /mnt/c/test/demo/components/wolfssl
# wolfssl is in /mnt/c/workspace/wolfssl-master
#
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[currect directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# Optional CFLAGS (make works without these; for reference only)
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := ./include
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
@ -118,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@ -142,15 +188,15 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
@ -174,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@ -211,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
@ -223,6 +269,9 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
##
## wolfcrypt benchmark (optional)
@ -241,4 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
##
## wolfcrypt
##
# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
$(info ********** end wolfssl component **********)

76
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
View File

@ -22,9 +22,30 @@
/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
/* This user_settings.h is for Espressif ESP-IDF */
#include <sdkconfig.h>
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#include "sdkconfig.h"
/* #define DEBUG_WOLFSSL */
/* #define DEBUG_WOLFSSL_VERBOSE */
/* Experimental Kyber */
#if 0
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define NO_SESSION_CACHE
#endif
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
#define USE_CERT_BUFFERS_2048
/* The Espressif sdkconfig will have chipset info.
**
@ -40,23 +61,34 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
#define NO_ESP_SDK_WIFI
/*
* ONE of these Espressif chipsets should be defined:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*
* following ifdef detection only for syntax highlighting:
*/
#ifdef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESPWROOM32SE
#endif
#ifdef WOLFSSL_ESP8266
#undef WOLFSSL_ESP8266
#endif
#ifdef WOLFSSL_ESP32
#undef WOLFSSL_ESP32
#endif
/* See below for chipset detection from sdkconfig.h */
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desparate, try NO_SESSION_CACHE. */
#define SMALL_SESSION_CACHE
* When really desperate, try NO_SESSION_CACHE. */
#define MICRO_SESSION_CACHE
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
@ -70,7 +102,7 @@
/* #define NO_OLD_TLS */
#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048
#define WOLFSSL_SMALL_STACK
#define HAVE_ECC
#define RSA_LOW_MEM
@ -100,25 +132,36 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* Some known low-memory devices have features not enabled by default. */
#else
/* when you want to use SHA512 */
/* #define WOLFSSL_SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
/* #define WOLFSSL_SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
/* #define HAVE_ED25519 */
#define HAVE_ED25519
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* when you want to use pkcs7 */
/* #define HAVE_PKCS7 */
#if defined(HAVE_PKCS7)
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
#endif
/* when you want to use aes counter mode */
/* when you want to use AES counter mode */
/* #define WOLFSSL_AES_DIRECT */
/* #define WOLFSSL_AES_COUNTER */
@ -181,7 +224,9 @@
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#ifndef NO_SESSION_CACHE
#define HAVE_SESSION_TICKET
#endif
/* #define HAVE_HASHDRBG */
@ -359,6 +404,7 @@
#endif /* CONFIG_IDF_TARGET Check */
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
@ -379,7 +425,7 @@
/* #define HASH_SIZE_LIMIT */ /* for test.c */
/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */
/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
@ -402,8 +448,8 @@
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */
#define WOLFSSL_PUBLIC_MP /* used by benchmark */
#define USE_CERT_BUFFERS_2048
/* used by benchmark: */
#define WOLFSSL_PUBLIC_MP
/* when turning on ECC508 / ECC608 support
#define WOLFSSL_ESPWROOM32SE
@ -497,7 +543,6 @@
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#include <wolfssl/certs_test.h>
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@ -517,7 +562,6 @@
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#include <wolfssl/certs_test.h>
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1

148
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@ -38,6 +38,13 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#if defined(WOLFSSL_WC_KYBER)
#include <wolfssl/wolfcrypt/kyber.h>
#include <wolfssl/wolfcrypt/wc_kyber.h>
#endif
#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
#include <wolfssl/certs_test.h>
#endif
#ifdef WOLFSSL_TRACK_MEMORY
#include <wolfssl/wolfcrypt/mem_track.h>
#endif
@ -180,18 +187,23 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
struct hostent *hp;
struct ip4_addr *ip4_addr;
int ret_i; /* interim return values */
int err; /* interim return values */
int sockfd;
int doPeerCheck;
int sendGet;
#ifdef DEBUG_WOLFSSL
int this_heap = 0;
#endif
#ifndef NO_DH
int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS;
#endif
size_t len;
/* declare wolfSSL objects */
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
size_t len;
wolfSSL_Debugging_ON();
WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
@ -286,7 +298,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
/* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
#ifndef NO_DH
ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
if (ret != SSL_SUCCESS) {
if (ret != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "Error setting minimum DH key size");
}
#endif
@ -304,24 +316,28 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret_i != SSL_SUCCESS) {
ESP_LOGE(TAG, "ERROR: failed to load chain %d, "
if (ret_i != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "ERROR: failed to load our cert chain %d, "
"please check the file.", ret_i);
}
/* Load client certificates into WOLFSSL_CTX */
WOLFSSL_MSG("Loading...cert");
WOLFSSL_MSG("Loading... CA cert");
ret_i = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret_i != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "ERROR: failed to load CA cert %d, "
"please check the file.\n", ret_i) ;
}
WOLFSSL_MSG("Loading... our key");
ret_i = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if(ret_i != SSL_SUCCESS) {
wolfSSL_CTX_free(ctx) ; ctx = NULL ;
if (ret_i != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "ERROR: failed to load key %d, "
"please check the file.\n", ret_i) ;
}
@ -354,8 +370,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
"Connecting to server....%s (port:%d)",
TLS_SMP_TARGET_HOST,
TLS_SMP_DEFAULT_PORT);
WOLFSSL_MSG(buff);
printf("%s\n", buff);
ESP_LOGI(TAG, "%s\n", buff);
if ((ret_i = connect(sockfd,
(struct sockaddr *)&servAddr,
@ -363,6 +378,10 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGE(TAG, "ERROR: failed to connect ret=%d\n", ret_i);
}
#if defined(WOLFSSL_EXPERIMENTAL_SETTINGS)
ESP_LOGW(TAG, "WOLFSSL_EXPERIMENTAL_SETTINGS is enabled");
#endif
WOLFSSL_MSG("Create a WOLFSSL object");
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
@ -372,6 +391,36 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
#ifdef DEBUG_WOLFSSL
ESP_LOGI(TAG, "\nCreated WOLFSSL object:");
ShowCiphers(ssl);
this_heap = esp_get_free_heap_size();
ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
&this_heap, this_heap);
#endif
#if defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_KYBER1024)
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL5");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
#elif defined(WOLFSSL_KYBER768)
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL3");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
#elif defined(WOLFSSL_KYBER512)
/* This will typically be a low memory situation, such as ESP8266 */
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL1");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
#else
ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
ret_i = ESP_FAIL;
#endif
if (ret_i == WOLFSSL_SUCCESS) {
ESP_LOGI(TAG, "UseKeyShare Kyber success");
}
else {
ESP_LOGE(TAG, "UseKeyShare Kyber failed");
}
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
#endif
}
@ -396,7 +445,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
atmel_set_slot_allocator(my_atmel_alloc, my_atmel_free);
#endif
#endif
#ifdef DEBUG_WOLFSSL
this_heap = esp_get_free_heap_size();
ESP_LOGI(TAG, "tls_smp_client_task heap(2) @ %p = %d",
&this_heap, this_heap);
#endif
/* Attach wolfSSL to the socket */
ret_i = wolfSSL_set_fd(ssl, sockfd);
if (ret_i == WOLFSSL_SUCCESS) {
@ -406,42 +459,86 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGE(TAG, "ERROR: failed wolfSSL_set_fd. Error: %d\n", ret_i);
}
WOLFSSL_MSG("Connect to wolfSSL on the server side");
/* Connect to wolfSSL on the server side */
ESP_LOGI(TAG, "Connect to wolfSSL server...");
ret_i = wolfSSL_connect(ssl);
if (wolfSSL_connect(ssl) == SSL_SUCCESS) {
#ifdef DEBUG_WOLFSSL
this_heap = esp_get_free_heap_size();
ESP_LOGI(TAG, "tls_smp_client_task heap(3) @ %p = %d",
&this_heap, this_heap);
#endif
if (ret_i == WOLFSSL_SUCCESS) {
#ifdef DEBUG_WOLFSSL
ShowCiphers(ssl);
#endif
ESP_LOGI(TAG, "Connect success! Sending message...");
/* Get a message for the server from stdin */
WOLFSSL_MSG("Message for server: ");
memset(buff, 0, sizeof(buff));
if (sendGet) {
printf("SSL connect ok, sending GET...\n");
len = XSTRLEN(sndMsg);
strncpy(buff, sndMsg, len);
buff[len] = '\0';
}
else {
sprintf(buff, "message from esp32 tls client\n");
sprintf(buff, "Hello from Espressif wolfSSL TLS client!\n");
len = strnlen(buff, sizeof(buff));
}
buff[len] = '\0';
ESP_LOGI(TAG, "SSL connect ok, sending message:\n\n%s\n", buff);
/* Send the message to the server */
if (wolfSSL_write(ssl, buff, len) != len) {
do {
err = 0; /* reset error */
ret_i = wolfSSL_write(ssl, buff, len);
if (ret_i <= 0) {
err = wolfSSL_get_error(ssl, 0);
}
} while (err == WOLFSSL_ERROR_WANT_WRITE ||
err == WOLFSSL_ERROR_WANT_READ);
if (ret_i != len) {
ESP_LOGE(TAG, "ERROR: failed to write\n");
}
else {
ESP_LOGI(TAG, "Message sent! Awaiting response...");
}
/* Read the server data into our buff array */
memset(buff, 0, sizeof(buff));
if (wolfSSL_read(ssl, buff, sizeof(buff) - 1) == -1) {
do {
err = 0; /* reset error */
ret_i =wolfSSL_read(ssl, buff, sizeof(buff));
if (ret_i <= 0) {
err = wolfSSL_get_error(ssl, 0);
}
} while ((err == WOLFSSL_ERROR_WANT_READ) ||
(err == WOLFSSL_ERROR_WANT_WRITE) );
if (ret_i < 0) {
ESP_LOGE(TAG, "ERROR: failed to read\n");
}
/* Print to stdout any data the server sends */
printf("Server: ");
printf("%s\n", buff);
/* Show any data the server sends */
ESP_LOGI(TAG, "Server response: \n\n%s\n", buff);
ret_i = wolfSSL_shutdown(ssl);
while (ret_i == WOLFSSL_SHUTDOWN_NOT_DONE) {
ret_i = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
if (ret_i == WOLFSSL_SUCCESS) {
ESP_LOGI(TAG, "Bidirectional shutdown complete\n");
break;
}
else if (ret_i != WOLFSSL_SHUTDOWN_NOT_DONE) {
ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
break;
}
}
if (ret_i != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "Bidirectional shutdown failed\n");
}
} /* wolfSSL_connect(ssl) == WOLFSSL_SUCCESS) */
else {
ESP_LOGE(TAG, "ERROR: failed to connect to wolfSSL. "
"Error: %d\n", ret_i);
@ -450,8 +547,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ShowCiphers(ssl);
#endif
/* Cleanup and return */
wolfSSL_free(ssl); /* Free the wolfSSL object */
ESP_LOGI(TAG, "Cleanup and exit");
wolfSSL_free(ssl); /* Release the wolfSSL object memory */
wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */
wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */
close(sockfd); /* Close the connection to the server */
@ -476,7 +573,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
/* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */
if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
/* Observed approximately 6KB limit for the RTOS task stack size.
* Reminder parameter is bytes, not words as with generic FreeeRTOS. */
* Reminder parameter is bytes, not words as with generic FreeRTOS. */
ESP_LOGW(TAG, "Warning: TLS_SMP_CLIENT_TASK_BYTES < 6KB");
}
#ifndef WOLFSSL_SMALL_STACK
@ -485,7 +582,8 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
#endif
/* Note that despite vanilla FreeRTOS using WORDS for a parameter,
* Espressif uses BYTES for the task stack size here: */
* Espressif uses BYTES for the task stack size here.
* See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
ret = xTaskCreate(tls_smp_client_task,
TLS_SMP_CLIENT_TASK_NAME,
TLS_SMP_CLIENT_TASK_BYTES,

20
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
View File

@ -29,9 +29,9 @@
/* See main/Kconfig.projbuild for default configuration settings */
#ifdef CONFIG_WOLFSSL_TARGET_HOST
#define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST
#define TLS_SMP_TARGET_HOST "192.168.1.36"
#else
#define TLS_SMP_TARGET_HOST "192.168.1.37"
#define TLS_SMP_TARGET_HOST "192.168.1.41"
#endif
#ifdef CONFIG_WOLFSSL_TARGET_PORT
@ -44,10 +44,24 @@
/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
#if defined(WOLFSSL_ESP8266)
#define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
#if defined(WOLFSSL_HAVE_KYBER)
/* Minimum ESP8266 stack size = 10K with Kyber.
* Note there's a maximum not far away as Kyber needs heap
* and the total DRAM is typically only 80KB total. */
#define TLS_SMP_CLIENT_TASK_BYTES (11 * 1024)
#else
/* Minimum ESP8266 stack size = 6K without Kyber */
#define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
#endif
#else
#if defined(WOLFSSL_HAVE_KYBER)
/* Minimum ESP32 stack size = 12K with Kyber enabled. */
#define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
#else
/* Minimum ESP32 stack size = 8K without Kyber */
#define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
#endif
#endif
#define TLS_SMP_CLIENT_TASK_PRIORITY 8

Some files were not shown because too many files have changed in this diff Show More