feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge remote-tracking branch 'origin/master' into InitSuites_Orderadj

Browse Source
This commit is contained in:
aidan garske
2024-11-18 10:07:10 -08:00
parent 74e161e437 bc6881974d
commit b79423fae9
1122 changed files with 70638 additions and 25511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/async.yml vendored
View File

@ -36,7 +36,7 @@ jobs:
./configure ${{ matrix.config }}
make check
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then

11
.github/workflows/curl.yml vendored
View File

@ -26,11 +26,14 @@ jobs:
configure: --enable-curl
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-curl
path: build-dir
path: build-dir.tgz
retention-days: 5
test_curl:
@ -54,7 +57,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-curl
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1
@ -67,4 +72,4 @@ jobs:
- name: Test curl
working-directory: curl
run: make -j test-ci
run: make -j $(nproc) test-ci

18
.github/workflows/cyrus-sasl.yml vendored
View File

@ -29,11 +29,14 @@ jobs:
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sasl
path: build-dir
path: build-dir.tgz
retention-days: 5
sasl_check:
@ -60,7 +63,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-sasl
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
@ -88,4 +93,11 @@ jobs:
working-directory: sasl
run: |
make -j -C utils testsuite saslpasswd2
$GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
$GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done

1
.github/workflows/disabled/haproxy.yml vendored
View File

@ -57,4 +57,3 @@ jobs:
- name: Test HaProxy
working-directory: haproxy
run: make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest

6
.github/workflows/disabled/hostap.yml vendored
View File

@ -181,7 +181,7 @@ jobs:
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
# necessary for cherry pick step
@ -210,7 +210,7 @@ jobs:
done
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
@ -220,7 +220,7 @@ jobs:
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config

10
.github/workflows/docker-OpenWrt.yml vendored
View File

@ -28,11 +28,15 @@ jobs:
- uses: actions/checkout@v4
- name: Compile libwolfssl.so
run: ./autogen.sh && ./configure --enable-all && make
# 2024-08-05 - Something broke in the actions. They are no longer following links.
- name: tar libwolfssl.so
working-directory: src/.libs
run: tar -zcf libwolfssl.tgz libwolfssl.so*
- name: Upload libwolfssl.so
uses: actions/upload-artifact@v4
with:
name: openwrt-libwolfssl.so
path: src/.libs/libwolfssl.so
path: src/.libs/libwolfssl.tgz
retention-days: 5
compile_container:
name: Compile container
@ -50,7 +54,9 @@ jobs:
- uses: actions/download-artifact@v4
with:
name: openwrt-libwolfssl.so
path: Docker/OpenWrt/.
path: .
- name: untar libwolfssl.so
run: tar -xf libwolfssl.tgz -C Docker/OpenWrt
- name: Build but dont push
uses: docker/build-push-action@v5
with:

9
.github/workflows/grpc.yml vendored
View File

@ -27,11 +27,14 @@ jobs:
configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-grpc
path: build-dir
path: build-dir.tgz
retention-days: 5
grpc_check:
@ -65,7 +68,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-grpc
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

11
.github/workflows/hitch.yml vendored
View File

@ -27,11 +27,14 @@ jobs:
configure: --enable-hitch
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
path: build-dir.tgz
retention-days: 5
hitch_check:
@ -53,7 +56,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-hitch
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
@ -100,4 +105,4 @@ jobs:
working-directory: ./hitch
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
make check
make check

19
.github/workflows/hostap-vm.yml vendored
View File

@ -24,7 +24,7 @@ jobs:
wolf_extra_config: --disable-tls13
- build_id: hostap-vm-build2
wolf_extra_config: >-
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-wpas-dpp --enable-brainpool --with-eccminsz=192
--enable-tlsv10 --enable-oldtls
name: Build wolfSSL
runs-on: ubuntu-latest
@ -52,11 +52,14 @@ jobs:
${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.build_id }}
path: build-dir
path: build-dir.tgz
retention-days: 5
build_uml_linux:
@ -84,7 +87,7 @@ jobs:
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: torvalds/linux
repository: torvalds/linux
path: linux
- name: Compile linux
@ -178,7 +181,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: ${{ matrix.config.build_id }}
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
@ -194,7 +199,7 @@ jobs:
- name: Checkout hostap
uses: actions/checkout@v4
with:
repository: julek-wolfssl/hostap-mirror
repository: julek-wolfssl/hostap-mirror
path: hostap
ref: ${{ matrix.config.hostap_ref }}
@ -228,7 +233,7 @@ jobs:
fi
- if: ${{ matrix.hostapd }}
name: Setup hostapd config file
name: Setup hostapd config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \
hostap/hostapd/.config
@ -238,7 +243,7 @@ jobs:
EOF
- if: ${{ matrix.wpa_supplicant }}
name: Setup wpa_supplicant config file
name: Setup wpa_supplicant config file
run: |
cp wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \
hostap/wpa_supplicant/.config

10
.github/workflows/ipmitool.yml vendored
View File

@ -30,11 +30,14 @@ jobs:
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ipmitool
path: build-dir
path: build-dir.tgz
retention-days: 5
build_ipmitool:
@ -50,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-ipmitool
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
@ -74,4 +79,3 @@ jobs:
run: |
ldd src/ipmitool | grep wolfssl
ldd src/ipmievd | grep wolfssl

9
.github/workflows/jwt-cpp.yml vendored
View File

@ -29,11 +29,14 @@ jobs:
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-jwt-cpp
path: build-dir
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
@ -56,7 +59,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-jwt-cpp
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

9
.github/workflows/krb5.yml vendored
View File

@ -31,11 +31,14 @@ jobs:
configure: --enable-krb CC='gcc -fsanitize=address'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
path: build-dir.tgz
retention-days: 5
krb5_check:
@ -54,7 +57,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-krb5
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

9
.github/workflows/libssh2.yml vendored
View File

@ -28,11 +28,14 @@ jobs:
check: false # config is already tested in many other PRB's
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
path: build-dir.tgz
retention-days: 5
libssh2_check:
@ -51,7 +54,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-libssh2
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Build and test libssh2
uses: wolfSSL/actions-build-autotools-project@v1

9
.github/workflows/libvncserver.yml vendored
View File

@ -29,11 +29,14 @@ jobs:
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-libvncserver
path: build-dir
path: build-dir.tgz
retention-days: 5
build_libvncserver:
@ -49,7 +52,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-libvncserver
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

9
.github/workflows/memcached.yml vendored
View File

@ -28,11 +28,14 @@ jobs:
- name: Bundle Docker entry point
run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
path: build-dir.tgz
retention-days: 5
memcached_check:
@ -50,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-memcached
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

98
.github/workflows/mosquitto.yml vendored Normal file
View File

@ -0,0 +1,98 @@
name: mosquitto Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-mosquitto
path: build-dir.tgz
retention-days: 5
mosquitto_check:
strategy:
fail-fast: false
matrix:
ref: [ 2.0.18 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-mosquitto
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
sudo pip install --upgrade psutil
- name: Checkout mosquitto
uses: actions/checkout@v4
with:
repository: eclipse/mosquitto
ref: v${{ matrix.ref }}
path: mosquitto
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir
- name: Run mosquitto tests
working-directory: ./mosquitto
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi

2
.github/workflows/multi-arch.yml vendored
View File

@ -51,7 +51,7 @@ jobs:
CFLAGS: ${{ matrix.CFLAGS }}
QEMU_LD_PREFIX: /usr/${{ matrix.HOST }}
run: ./autogen.sh && ./configure --host=${{ matrix.HOST }} --enable-all --disable-examples ${{ matrix.EXTRA_OPTS }} && make
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f config.log ] ; then

11
.github/workflows/net-snmp.yml vendored
View File

@ -27,11 +27,14 @@ jobs:
configure: --enable-net-snmp
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-net-snmp
path: build-dir
path: build-dir.tgz
retention-days: 5
net-snmp_check:
@ -52,8 +55,10 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-net-snmp
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:

13
.github/workflows/nginx.yml vendored
View File

@ -33,11 +33,14 @@ jobs:
configure: --enable-nginx ${{ env.wolf_debug_flags }}
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
path: build-dir.tgz
retention-days: 5
nginx_check:
@ -93,7 +96,7 @@ jobs:
stream_ssl_preread.t stream_ssl_realip.t stream_ssl_session_reuse.t stream_ssl.t
stream_ssl_variables.t stream_ssl_verify_client.t stream_upstream_zone_ssl.t
upstream_zone_ssl.t uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
uwsgi_ssl.t uwsgi_ssl_verify.t
uwsgi_ssl.t uwsgi_ssl_verify.t
# Following tests do not pass with sanitizer on (with OpenSSL too)
sanitize-not-ok: >-
grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
@ -111,7 +114,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-nginx
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |
@ -216,4 +221,4 @@ jobs:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
prove ${{ matrix.sanitize-ok }}

4
.github/workflows/no-malloc.yml vendored
View File

@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC"',
'--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024"',
]
name: make check
runs-on: ubuntu-latest
@ -35,7 +35,7 @@ jobs:
make
./wolfcrypt/test/testwolfcrypt
- name: Print errors
- name: Print errors
if: ${{ failure() }}
run: |
if [ -f test-suite.log ] ; then

91
.github/workflows/ntp.yml vendored Normal file
View File

@ -0,0 +1,91 @@
name: ntp Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-ntp
path: build-dir.tgz
retention-days: 5
ntp_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 4.2.8p15 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-ntp
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
# Avoid DoS'ing ntp site so cache the tar.gz
- name: Check if we have ntp
uses: actions/cache@v4
id: cache
with:
path: ntp-${{ matrix.ref }}.tar.gz
key: ntp-${{ matrix.ref }}.tar.gz
- name: Download ntp
if: steps.cache.outputs.cache-hit != 'true'
run: |
wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz
- name: Extract ntp
run: |
tar -xf ntp-${{ matrix.ref }}.tar.gz
- name: Build and test ntp
working-directory: ntp-${{ matrix.ref }}
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch
./bootstrap
./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir
make -j
make -j check

89
.github/workflows/openldap.yml vendored Normal file
View File

@ -0,0 +1,89 @@
name: openldap Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-openldap CPPFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openldap
path: build-dir.tgz
retention-days: 5
openldap_check:
strategy:
fail-fast: false
matrix:
include:
# List of releases to test
- osp_ref: 2.5.13
git_ref: OPENLDAP_REL_ENG_2_5_13
name: ${{ matrix.osp_ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-openldap
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout openldap
uses: actions/checkout@v4
with:
repository: openldap/openldap
path: openldap
ref: ${{ matrix.git_ref }}
- name: Build and test OpenLDAP
working-directory: openldap
run: |
export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH
patch -p1 < $GITHUB_WORKSPACE/osp/openldap/${{ matrix.osp_ref }}/openldap-${{ matrix.osp_ref }}.patch
rm aclocal.m4
autoreconf -ivf
./configure --with-tls=wolfssl --disable-bdb --disable-hdb \
CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include \
-I$GITHUB_WORKSPACE/build-dir/include/wolfssl \
-L$GITHUB_WORKSPACE/build-dir/lib"
make -j depend
make -j
make -j check

13
.github/workflows/openssh.yml vendored
View File

@ -26,14 +26,17 @@ jobs:
path: wolfssl
configure: >-
--enable-openssh --enable-dsa --with-max-rsa-bits=8192
--enable-intelasm --enable-sp-asm
--enable-intelasm --enable-sp-asm CFLAGS="-DRSA_MIN_SIZE=1024"
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
path: build-dir.tgz
retention-days: 5
openssh_check:
@ -51,7 +54,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-openssh
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
@ -69,7 +74,7 @@ jobs:
configure: --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-rpath=-Wl,-rpath=
check: false
# make tests take >20 minutes. Consider limiting?
# make tests take >20 minutes. Consider limiting?
- name: Run tests
working-directory: ./openssh
run: |

9
.github/workflows/openvpn.yml vendored
View File

@ -27,11 +27,14 @@ jobs:
configure: --enable-openvpn
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
path: build-dir.tgz
retention-days: 5
openvpn_check:
@ -50,7 +53,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-openvpn
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Install dependencies
run: |

13
.github/workflows/os-check.yml vendored
View File

@ -25,14 +25,19 @@ jobs:
'--enable-all --enable-asn=original',
'--enable-harden-tls',
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
--enable-opensslextra --enable-sessioncerts
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
'--enable-all --enable-secure-renegotiation',
'--enable-all --enable-haproxy --enable-quic',
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
'--enable-dtls --enable-dtls13 --enable-earlydata
--enable-session-ticket --enable-psk
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
'--enable-experimental --enable-kyber --enable-dtls --enable-dtls13
--enable-dtls-frag-ch',
'--enable-all --enable-dtls13 --enable-dtls-frag-ch',
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
--enable-dtls-mtu',
]
name: make check
runs-on: ${{ matrix.os }}

16
.github/workflows/packaging.yml vendored
View File

@ -37,8 +37,9 @@ jobs:
- name: Build wolfSSL .deb
run: make deb-docker
- name: Build wolfSSL .rpm
run: make rpm-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built
run: |
@ -47,8 +48,9 @@ jobs:
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi

9
.github/workflows/pam-ipmi.yml vendored
View File

@ -30,11 +30,14 @@ jobs:
# Don't run tests as this config is tested in many other places
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-pam-ipmi
path: build-dir
path: build-dir.tgz
retention-days: 5
build_pam-ipmi:
@ -58,7 +61,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-pam-ipmi
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4

114
.github/workflows/rng-tools.yml vendored Normal file
View File

@ -0,0 +1,114 @@
name: rng-tools Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-rng-tools
path: build-dir.tgz
retention-days: 5
rng-tools_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 6.16 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-rng-tools
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout jitterentropy-library
uses: actions/checkout@v4
with:
repository: smuellerDD/jitterentropy-library
path: jitterentropy-library
ref: v3.5.0
- name: Build jitterentropy-library
working-directory: jitterentropy-library
run: make -j
- name: Build rng-tools
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: nhorman/rng-tools
ref: v${{ matrix.ref }}
path: rng-tools
patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch
configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir
check: false
- name: Testing rng-tools
id: testing
working-directory: rng-tools
run: |
# Retry up to five times
for i in {1..5}; do
TEST_RES=0
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$?
if [ "$TEST_RES" -eq "0" ]; then
break
fi
done
if [ "$TEST_RES" -ne "0" ]; then
exit $TEST_RES
fi
- name: Print logs
if: ${{ failure() && steps.testing.outcome == 'failure' }}
working-directory: rng-tools/tests
run: cat test-suite.log

11
.github/workflows/socat.yml vendored
View File

@ -25,12 +25,15 @@ jobs:
configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS'
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-socat
path: build-dir
retention-days: 3
path: build-dir.tgz
retention-days: 5
socat_check:
@ -49,7 +52,9 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-socat
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz

97
.github/workflows/sssd.yml vendored Normal file
View File

@ -0,0 +1,97 @@
name: sssd Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DWOLFSSL_NO_ASN_STRICT
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-sssd
path: build-dir.tgz
retention-days: 5
sssd_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.9.1 ]
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
container:
image: quay.io/sssd/ci-client-devel:ubuntu-latest
env:
LD_LIBRARY_PATH: /usr/local/lib
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc
- name: Setup env
run: |
ln -s samba-4.0/ldb.h /usr/include/ldb.h
ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h
ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h
ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h
ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-sssd
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Build and test sssd
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: SSSD/sssd
ref: ${{ matrix.ref }}
path: sssd
patch-file: $GITHUB_WORKSPACE/osp/sssd/${{ matrix.ref }}.patch
configure: >-
--without-samba --without-nfsv4-idmapd-plugin --with-oidc-child=no
--without-manpages WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
check: true

11
.github/workflows/stunnel.yml vendored
View File

@ -27,11 +27,14 @@ jobs:
configure: --enable-stunnel
install: true
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
path: build-dir.tgz
retention-days: 5
stunnel_check:
@ -50,8 +53,10 @@ jobs:
uses: actions/download-artifact@v4
with:
name: wolf-install-stunnel
path: build-dir
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:

14
.gitignore vendored
View File

@ -413,6 +413,14 @@ user_settings_asm.h
/IDE/Espressif/**/sdkconfig
/IDE/Espressif/**/sdkconfig.old
# ESP8266 RTOS SDK has a slightly different sdkconfig filename to exclude:
/IDE/Espressif/**/sdkconfig.debug
/IDE/Espressif/**/sdkconfig.release
# Always include Espressif makefiles (typically only used for ESP8266)
!/IDE/Espressif/**/Makefile
!/IDE/Espressif/**/component.mk
# MPLAB
/IDE/MPLABX16/wolfssl.X/dist/default/
/IDE/MPLABX16/wolfssl.X/.generated_files
@ -434,6 +442,12 @@ debian/changelog
debian/control
*.deb
# Ada/Alire files
wrapper/Ada/alire/
wrapper/Ada/config/
wrapper/Ada/lib/
wrapper/Ada/obj/
# PlatformIO
/**/.pio
/**/.vscode/.browse.c_cpp.db*

30
CMakeLists.txt
View File

@ -945,13 +945,29 @@ if(WOLFSSL_ECC)
endif()
endif()
# TODO: - ECC custom curves
# - Compressed key
# TODO: - Compressed key
# - FP ECC, fixed point cache ECC
# - ECC encrypt
# - PSK
# - Single PSK identity
# ECC custom curves
add_option("WOLFSSL_ECCCUSTCURVES"
"Enable ECC Custom Curves (default: disabled)"
"no" "yes;no;all")
if(WOLFSSL_ECCCUSTCURVES)
if("${WOLFSSL_ECCCUSTCURVES}" STREQUAL "all")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR2")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_SECPR3")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_BRAINPOOL")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_KOBLITZ")
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECC_CDH")
endif()
list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_CUSTOM_CURVES")
endif()
# CURVE25519
set(WOLFSSL_CURVE25519_SMALL "no")
add_option("WOLFSSL_CURVE25519"
@ -1877,6 +1893,10 @@ add_option("WOLFSSL_CRYPTOCB"
"Enable crypto callbacks (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_CRYPTOCB_NO_SW_TEST"
"Disable crypto callback SW testing (default: disabled)"
"no" "yes;no")
add_option("WOLFSSL_PKCALLBACKS"
"Enable public key callbacks (default: disabled)"
"no" "yes;no")
@ -2080,6 +2100,10 @@ if(WOLFSSL_CRYPTOCB)
list(APPEND WOLFSSL_DEFINITIONS "-DWOLF_CRYPTO_CB")
endif()
if(WOLFSSL_CRYPTOCB_NO_SW_TEST)
list(APPEND WOLFSSL_DEFINITIONS "-DWC_TEST_NO_CRYPTOCB_SW_TEST")
endif()
# Public Key Callbacks
if(WOLFSSL_PKCALLBACKS)
list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PK_CALLBACKS")
@ -2335,7 +2359,7 @@ endif()
foreach(DEF IN LISTS WOLFSSL_DEFINITIONS)
string(REGEX MATCH "^(-D)?([^=]+)(=(.*))?$" DEF_MATCH ${DEF})
if (DEFINED CMAKE_MATCH_4)
if (NOT "${CMAKE_MATCH_4}" STREQUAL "")
set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})
# message("set(${CMAKE_MATCH_2} ${CMAKE_MATCH_4})")
else()

32
ChangeLog.md
View File

@ -220,7 +220,7 @@ fixed this omission in several PRs for this release.
* [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949.
* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854.
* [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029.
@ -874,9 +874,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
## Enhancements
* DTLSv1.3: Do HRR Cookie exchange by default
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API
* Update ide win10 build files to add missing sp source files
* Improve Workbench docs
* Improve EVP support for CHACHA20_POLY1305
* Improve `wc_SetCustomExtension` documentation
* RSA-PSS with OCSP and add simple OCSP response DER verify test case
@ -884,23 +884,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Don't over-allocate memory for DTLS fragments
* Add WOLFSSL_ATECC_TFLXTLS for Atmel port
* SHA-3 performance improvements with x86_64 assembly
* Add code to fallback to S/W if TSIP cannot handle
* Add code to fallback to S/W if TSIP cannot handle
* Improves entropy with VxWorks
* Make time in milliseconds 64-bits for longer session ticket lives
* Support for setting cipher list with bytes
* wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements
* Add to RSAES-OAEP key parsing for pkcs7
* Add missing DN nid to work with PrintName()
* SP int: default to 16 bit word size when NO_64BIT defined
* SP int: default to 16 bit word size when NO_64BIT defined
* Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached
* Detect when certificate's RSA public key size is too big and fail on loading of certificate
## Fixes
* Fix for async with OCSP non-blocking in `ProcessPeerCerts`
* Fixes for building with 32-bit and socket size sign/unsigned mismatch
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix Windows CMakeList compiler options
* TLS 1.3 Middle-Box compat: fix missing brace
* Configuration consistency fixes for RSA keys and way to force disable of private keys
* Fix for Aarch64 Mac M1 SP use
* Fix build errors and warnings for MSVC with DTLS 1.3
* Fix HMAC compat layer function for SHA-1
@ -908,9 +908,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including:
* Check return from call to wc_Time
* SP math: fix build configuration with opensslall
* Fix for async session tickets
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* SP int mp_init_size fixes when SP_WORD_SIZE == 8
* Ed. function to make public key now checks for if the private key flag is set
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash
* Fix for building with PSK only
* Set correct types in wolfSSL_sk_*_new functions
* Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS
@ -1024,7 +1024,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb
* Update SP math all to not use sp_int_word when SQR_MUL_ASM is available
### SP Math Fixes
* Fixes for constant time with div function
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile
* Fix for div_word when not using div function
* Fixes for user settings with SP ASM and ED/Curve25519 small
* Additional Wycheproof tests ran and fixes
@ -1204,7 +1204,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Math Library Fixes
* Sanity check with SP math that ECC points ordinates are not greater than modulus length
* Additional sanity checks that _sp_add_d does not error due to overflow
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests
* TFM fp_div_2_ct rework to avoid potential overflow
### Misc.
@ -1445,7 +1445,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including:
###### PORT Fixes
* Building with Android wpa_supplicant and KeyStore
* Setting initial value of CA certificate with TSIP enabled
* Cryptocell ECC build fix and fix with RSA disabled
* Cryptocell ECC build fix and fix with RSA disabled
* IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation
###### Math Library Fixes
@ -1584,7 +1584,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including:
- SSL_SESSION_has_ticket()
- SSL_SESSION_get_ticket_lifetime_hint()
- DIST_POINT_new
- DIST_POINT_free
- DIST_POINT_free
- DIST_POINTS_free
- CRL_DIST_POINTS_free
- sk_DIST_POINT_push
@ -1747,7 +1747,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including:
### Vulnerabilities
* [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report.
### New Feature Additions
###### New Product

4
Docker/Dockerfile
View File

@ -40,10 +40,12 @@ RUN cd /opt/sources && git clone --single-branch https://github.com/cisco/hash-s
# Install pkixssh to /opt/pkixssh for X509 interop testing with wolfSSH
RUN mkdir /var/empty
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-14.1.1.tar.gz | tar xzf - && cd pkixssh-14.1.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install
# Install udp/tcp-proxy
RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/.
# Install libbacktrace
RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install
# Allow non-root to use tcpdump (will need NET_RAW and NET_ADMIN capability when running the container)
RUN setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/tcpdump

33
Docker/buildAndPush.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/..; pwd)
@ -18,18 +18,37 @@ docker build -t wolfssl/wolfssl-builder:${CUR_DATE} ${DOCKER_BUILD_OPTIONS} "${W
docker tag wolfssl/testing-cross-compiler:${CUR_DATE} wolfssl/testing-cross-compiler:latest
if [ $? -eq 0 ]; then
echo "Pushing containers to DockerHub"
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker push wolfssl/wolfssl-builder:${CUR_DATE} && docker push wolfssl/wolfssl-builder:latest && \
docker push wolfssl/testing-cross-compiler:${CUR_DATE} && docker push wolfssl/testing-cross-compiler:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfssl-builder failed. Continuing"
((NUM_FAILURES++))
fi
echo "Building wolfssl/wolfCLU:${CUR_DATE}"
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU" && \
docker buildx build --pull --push --build-arg DUMMY=${CUR_DATE} -t wolfssl/wolfclu:latest --platform=linux/amd64,linux/arm64,linux/arm/v7 "${WOLFSSL_DIR}/Docker/wolfCLU"
if [ $? -ne 0 ]; then
DOCKER_ARGS="--pull --build-arg DUMMY=${CUR_DATE} --platform=linux/amd64,linux/arm64,linux/arm/v7 ${WOLFSSL_DIR}/Docker/wolfCLU"
docker buildx build -t wolfssl/wolfclu:${CUR_DATE} ${DOCKER_ARGS} && \
docker buildx build -t wolfssl/wolfclu:latest ${DOCKER_ARGS}
if [ $? -eq 0 ]; then
echo "Push containers to DockerHub [y/N]? "
read val
if [ "$val" = "y" ]; then
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:${CUR_DATE} && \
docker buildx build ${DOCKER_ARGS} --push -t wolfssl/wolfclu:latest
if [ $? -ne 0 ]; then
echo "Warning: push failed. Continuing"
((NUM_FAILURES++))
fi
fi
else
echo "Warning: Build wolfssl/wolfclu failed. Continuing"
((NUM_FAILURES++))
fi

2
Docker/run.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
echo "Running with \"${*}\"..."

2
Docker/wolfCLU/Dockerfile
View File

@ -3,7 +3,7 @@ FROM ubuntu as BUILDER
ARG DEPS_WOLFSSL="build-essential autoconf libtool zlib1g-dev libuv1-dev libpam0g-dev git libpcap-dev libcurl4-openssl-dev bsdmainutils netcat-traditional iputils-ping bubblewrap"
RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \
&& apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} \
&& apt install -y ${DEPS_WOLFSSL} \
&& apt clean -y && rm -rf /var/lib/apt/lists/*
ARG NUM_CPU=16

2
Docker/wolfCLU/README.md
View File

@ -1,6 +1,6 @@
This is a small container that has wolfCLU installed for quick access. To build your own run the following:
```
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
docker build --pull --build-arg DUMMY=$(date +%s) -t wolfclu .
```
To run the container, you can use:

2
Docker/yocto/buildAndPush.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Assume we're in wolfssl/Docker/yocto
WOLFSSL_DIR=$(builtin cd ${BASH_SOURCE%/*}/../..; pwd)

2
IDE/ARDUINO/Arduino_README_prepend.md
View File

@ -10,4 +10,6 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

6
IDE/ARDUINO/README.md
View File

@ -27,7 +27,7 @@ This option will allow wolfSSL to be installed directly using the native Arduino
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
@ -55,8 +55,8 @@ from within the `wolfssl/IDE/ARDUINO` directory:
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`

2
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@ -1,6 +1,6 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

4
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@ -13,7 +13,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client
@ -35,7 +35,7 @@ press the reset button or power cycle the Arduino before making a connection.
Here's one possible script to test the server from a command-line client:
```bash
#!/bin/bash
#!/usr/bin/env bash
echo "client log " > client_log.txt
counter=1
THIS_ERR=0

2
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@ -1,6 +1,6 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

36
IDE/ARDUINO/wolfssl-arduino.sh
View File

@ -20,7 +20,7 @@
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; Theres a space, no comma, and a period after "Inc."
# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
@ -29,7 +29,7 @@
ROOT_DIR="/wolfssl"
# The Arduino Version will initially have a suffix appended during fine tuning stage.
WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3"
WOLFSSL_VERSION_ARUINO_SUFFIX=""
# For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp"
# Do not set to empty string, as copy will fail with this: CP_CMD=""
@ -65,6 +65,11 @@ if ! [ "$CP_CMD" = "cp " ]; then
fi
fi
if [ "$ROOT_DIR" = "" ]; then
echo "ERROR: ROOT_DIR cannot be blank"
exit 1
fi
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
@ -84,6 +89,11 @@ if [ $# -gt 0 ]; then
if [ "$THIS_OPERATION" = "INSTALL" ]; then
THIS_INSTALL_DIR=$2
if [ "$THIS_INSTALL_DIR" = "/" ]; then
echo "ERROR: THIS_INSTALL_DIR cannot be /"
exit 1
fi
echo "Install is active."
if [ "$THIS_INSTALL_DIR" = "" ]; then
@ -300,20 +310,22 @@ echo ""
# Note we should have exited above if a problem was encountered,
# as we'll never want to install a bad library.
if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
# Show the user_settings.h revision string:
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Config:"
echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h"
# Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
# Show the user_settings.h revision string:
grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
echo ""
echo "Install:"
echo "Installing to local directory:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1

4
IDE/AURIX/Cpu0_Main.c
View File

@ -1,6 +1,6 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);

2
IDE/AURIX/README.md
View File

@ -9,7 +9,7 @@ Tested Platform:
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.

2
IDE/AURIX/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/wolf_main.c
View File

@ -1,6 +1,6 @@
/* wolf_main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

7
IDE/CRYPTOCELL/main.c
View File

@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -18,8 +18,8 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
@ -63,4 +63,3 @@ int main(void)
return 0;
}

3
IDE/CRYPTOCELL/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@ -401,6 +401,7 @@ extern "C" {
/* prototypes for user heap override functions */
/* Note: Realloc only required for normal math */
/* Note2: XFREE(NULL) must be properly handled */
#include <stddef.h> /* for size_t */
extern void *myMalloc(size_t n, void* heap, int type);
extern void myFree(void *p, void* heap, int type);

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@ -1,6 +1,6 @@
/* deos_malloc.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@ -1,6 +1,6 @@
/* tls_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@ -1,6 +1,6 @@
/* tls_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@ -1,6 +1,6 @@
/* client_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@ -1,6 +1,6 @@
/* client_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@ -1,6 +1,6 @@
/* server_wolfssl.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@ -1,6 +1,6 @@
/* server_wolfssl.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/user_settings.h
View File

@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
View File

@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/SIFIVE/README.md
View File

@ -1 +1 @@
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.

8
IDE/Espressif/ESP-IDF/README.md
View File

@ -1,6 +1,6 @@
# ESP-IDF Port
These Espressif examples have been created and tested with the latest stable release branch of
These Espressif examples have been created and tested with the latest stable release branch of
[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
@ -140,7 +140,7 @@ See the specific examples for additional details.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
@ -169,7 +169,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
## Configuration
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
## Configuration (Legacy IDF install)
@ -183,7 +183,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
For question please email [support@wolfssl.com]
Note: This is tested with :
Note: This is tested with :
- OS: Ubuntu 20.04.3 LTS
- Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
- Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)

2
IDE/Espressif/ESP-IDF/compileAllExamples.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
#
# testing script: compileAllExamples
#

2
IDE/Espressif/ESP-IDF/dummy_config_h
View File

@ -1,6 +1,6 @@
/* config.h - dummy
*
* Copyright (C) 2006-2023 wolfSSL Inc.
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

10
IDE/Espressif/ESP-IDF/examples/README.md
View File

@ -12,7 +12,7 @@ These are the core examples for wolfSSL:
- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
## Other Espressif wolfSSL Examples
@ -44,7 +44,7 @@ TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
```
TLS1.2 Linux Server
TLS1.2 Linux Server
```
./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
```
@ -71,11 +71,11 @@ There's an additional example that uses wolfSSL installed as a component to the
## Installing wolfSSL for Espressif projects
[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
wolfSSL to be installed.
If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)

7
IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
View File

@ -1,10 +1,13 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.2
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
# add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@ -68,6 +71,8 @@ else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_template)

2
IDE/Espressif/ESP-IDF/examples/template/README.md
View File

@ -11,7 +11,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
### Files Included
- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
- See [components/wolfssl/include](./components/wolfssl/include/user_settings.h) directory to edit the wolfSSL `user_settings.h`.

630
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
View File

@ -1,34 +1,160 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# cmake for wolfssl Espressif projects
#
# Version 5.6.0.011 for detect test/benchmark
# Version 5.7.2 Espressif ESP-IDF integration
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
set(VERBOSE_COMPONENT_MESSAGES 1)
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
# Normalize the paths to remove any trailing slashes
get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH)
get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
# Check if the test path starts with the IDF_PATH
string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
if(${pos} EQUAL 0)
message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
set(${RESULT} 1 PARENT_SCOPE)
else()
message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
set(${RESULT} 0 PARENT_SCOPE)
endif()
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
if( IS_WOLSSL_ESP_IDF_COMPONENT )
message(STATUS "This wolfSSL is a component in ESP-IDF.")
if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
idf_component_register()
message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
return()
endif()
endif()
if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
# nothing to do
else()
# Only forward slashes, or double backslashes are supported.
# By the time we get here the sdkconfig file has a value for wolfSSL source code root.
string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Don't include lwip requirement for benchmark and test apps.
if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
endif()
# find the user name to search for possible "wolfssl-username"
message(STATUS "USERNAME = $ENV{USERNAME}")
@ -51,6 +177,25 @@ else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# ENVIRONMENT_VAR_TO_MACRO
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
else()
if(DEFINED ENV{${EVARPARAM}})
message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
else()
message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
endif()
endif()
endfunction()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@ -68,7 +213,8 @@ endif()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
else()
@ -76,27 +222,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
endif()
endfunction()
# *********************************************************************************************
# function: FIND_WOLFSSL_DIRECTORY
# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
#
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
# The parameter is empty, so we certainly need to search.
# First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
# Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
else()
message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
# If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
# This wolfSSL component CMakeLists.txt may be found EITHER in:
# 1) local project component
# 2) ESP-IDF share components
# We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
# That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
# Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
endif() # check environment var blank
else()
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif() # parameter empty
# Check to see if we found a path in environment or config settings, above.
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "Source for wolfSSL not specified in path nor config settings.")
# We'll continue the search by recursing up the directory tree, below.
else()
# Setting found! Does it contain a valid path?
string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
if(WIN32)
message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
endif()
message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
endif()
endif()
# we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@ -114,16 +304,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
return()
endif()
# Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
if( THIS_USER )
# Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
#if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl-master"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
@ -143,7 +364,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
# when the search directory is empty, we'll give up
# When the parent is current directory, cannot go any further. We didn't find wolfssl.
# When the search directory is empty, we'll give up.
set(CURRENT_SEARCH_DIR "")
endif()
endwhile()
@ -154,17 +376,52 @@ endfunction()
# Example usage:
#
# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
#
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check for environment variable that may be assigned to macros
ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
# esp_timer
# driver # this will typically only be needed for wolfSSL benchmark
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
@ -173,48 +430,99 @@ else()
message(STATUS "wolfssl component config:")
message(STATUS "************************************************************************************************")
if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
# There's no esp_timer, no driver components for the ESP8266
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
if(FOUND_WOLFSSL)
message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
else()
# WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
"Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
# Abort CMake after fatal error.
endif()
else()
message(STATUS "NEW wolfssl directory not found.")
message(STATUS "Source code for wolfSSL still not found.")
message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
# Try to allow a more intuitive error that the source code was not found in cmake:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
message(STATUS "Failed: wolfssl source code directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
"Try setting WOLFSSL_ROOT environment variable or git clone.")
message(STATUS "")
message(STATUS "")
message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
message(STATUS "")
message(STATUS "")
# Abort CMake after fatal error. (or not?)
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
# During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
set(USE_LOCAL_TEST_BENCH 0)
if(NOT USE_LOCAL_TEST_BENCH)
if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
endif()
endif()
message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
"\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
) # COMPONENT_SRCDIRS
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h may be in the local project.
# TODO check if exists and possibly set to ESP-IDF
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
file(GLOB EXCLUDE_ASM *.S)
file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@ -237,11 +545,12 @@ else()
message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
message(STATUS "")
message(STATUS "**************************************************************************************")
message(STATUS "")
message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@ -291,6 +600,7 @@ else()
message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
"${WOLFSSL_ROOT}/include/user_settings.h "
" (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
# Abort CMake after fatal error.
else()
# we won't overwrite an existing user settings file, just note that we already have one:
if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@ -347,7 +657,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@ -360,13 +672,14 @@ else()
message(STATUS "Could not find RTOS path")
endif()
endif()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"./include" # this is the location of local project wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
"${THIS_IDF_PATH}/components/esp_event/include"
@ -374,7 +687,7 @@ else()
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
# Optionally include cryptoauthlib if present
if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
endif()
@ -383,7 +696,7 @@ else()
list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
# Some files are known to be included elsewhere, or not used for Espressif
set(COMPONENT_SRCEXCLUDE
"\"${WOLFSSL_ROOT}/src/bio.c\""
"\"${WOLFSSL_ROOT}/src/conf.c\""
@ -399,6 +712,8 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@ -409,6 +724,7 @@ else()
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
"\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
"\"${EXCLUDE_ASM}\""
)
@ -430,22 +746,140 @@ else()
# see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
#
set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
)
# some optional diagnostics
if (1)
if(WOLFSSL_ROOT)
# Only register the component if we found wolfSSL source.
# This is important to allow Cmake to finish to completion, otherwise the UI
# may not be able to display the Kconfig settings to fix a bad or missing source.
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
# Register the component simply to allow CMake to complete, but there's no wolfSSL source.
# Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
idf_component_register()
message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
endif()
# function(WOLFSSL_INIT_CERT_BUNDLE)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE)
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
endif()
list(APPEND args --input ${crt_paths} -q)
message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
message(STATUS "crt_bundle ${crt_bundle}")
message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
# target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
endif()
# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
if ( ("${_variableName}" STREQUAL "bootloader_binary_files")
OR ("${_variableName}" STREQUAL "Component paths")
OR ("${_variableName}" STREQUAL "component_targets")
OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
OR ("${_variableName}" STREQUAL "val")
OR ("${_variableName}" MATCHES "^__idf_")
)
# Truncate the displayed value:
string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
else()
message(STATUS "${_variableName}=${${_variableName}}")
endif()
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
@ -453,6 +887,12 @@ else()
endif()
# target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
endif()
endif() # CMAKE_BUILD_EARLY_EXPANSION
@ -508,31 +948,77 @@ endfunction() # LIBWOLFSSL_SAVE_INFO
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT)
set (git_cmd "git")
message(STATUS "Adding macro definitions:")
# LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
"show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
endif()
# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
# Flag not found, append it
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
endif()
if(WOLFSSL_ROOT)
message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
# PlatformIO does not process script from from the Espressif cmake process.
# We need to know where wolfSSL source code was found, so save it in the
# PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}")
message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
file(WRITE "tada.txt" "${WOLFSSL_ROOT}\n")
# See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
if(CONFIG_ESP_TLS_USING_WOLFSSL)
message(STATUS "wolfSSL will be used for ESP-TLS")
else()
message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
endif()
else()
message(STATUS "")
message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
message(STATUS "")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "ERROR: Could not find wolfSSL Source Code")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")

498
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig Normal file
View File

@ -0,0 +1,498 @@
# Kconfig template
#
# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for esp-idf integration
# Kconfig Format Rules
#
# See:
# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
#
# Format rules for Kconfig files are as follows:
#
# Option names in any menus should have consistent prefixes. The prefix
# currently should have at least 3 characters.
#
# The unit of indentation should be 4 spaces. All sub-items belonging to a
# parent item are indented by one level deeper. For example, menu is indented
# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
# text under help by 12 spaces.
#
# No trailing spaces are allowed at the end of the lines.
#
# The maximum length of options is NOT 50 characters as documented.
# kconfcheck will complain that options should be 40 at most.
#
# Fix option lengths first. Superflous errors on other lines may occur.
#
# The maximum length of lines is 120 characters.
#
# python -m kconfcheck <path_to_kconfig_file>
#
# ---------------------------------------------------------------------------------------------------------------------
# Begin main wolfSSL configuration menu
# ---------------------------------------------------------------------------------------------------------------------
# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
menu "wolfSSL"
menu "Hardening"
config ESP_WOLFSSL_WC_NO_HARDEN
bool "Disable wolfSSL hardening"
default n
help
Sets WC_NO_HARDEN
config ESP_WOLFSSL_TFM_TIMING_RESISTANT
bool "Enable TFM Timing Resistant Code"
default n
help
Sets TFM_TIMING_RESISTANT.
endmenu # Hardening
config ESP_WOLFSSL_ENABLE_BENCHMARK
bool "Enable wolfSSL Benchmark Library"
default n
help
Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
menu "Benchmark Debug"
config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
bool "Enable benchmark timing debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
bool "Enable benchmark timer debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Turn on timer debugging (used when CPU cycles not available)
endmenu # Benchmark Debug
# -----------------------------------------------------------------------------------------------------------------
# wolfCrypt Test
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ENABLE_TEST
bool "Enable wolfCrypt Test Library"
default n
help
Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
menu "wolfCrypt tests"
config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
bool "Enable wolfCrypt Test Options"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables HAVE_WOLFCRYPT_TEST_OPTIONS
config TEST_ESPIDF_ALL_WOLFSSL
bool "Enable all features to use in tests"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables TEST_ESPIDF_ALL_WOLFSSL
endmenu # wolfCrypt tests
# -----------------------------------------------------------------------------------------------------------------
# Apple HomeKit Options
# -----------------------------------------------------------------------------------------------------------------
menu "Apple HomeKit"
config WOLFSSL_APPLE_HOMEKIT
bool "Enable Apple HomeKit options"
default n
help
Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
endmenu # Apple HomeKit
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_DISABLE_MY_ECC
bool "Disable ECC in my project"
default "n"
help
ECC is enabled by default. Select this option to disable.
config ESP_WOLFSSL_ENABLE_MY_USE_RSA
bool "Enable RSA in my project"
default "n"
help
RSA is disabled by default. Select this option to enable.
config ESP_WOLFSSL_BENCHMARK
bool "Enable wolfSSL Benchmark"
default n
help
Enables user settings relevant to benchmark code
config ESP_TLS_USING_WOLFSSL_SPECIFIED
bool "Use the specified wolfssl for ESP-TLS"
default Y
help
Includes wolfSSL from specified directory (not using esp-wolfssl).
config ESP_WOLFSSL_NO_USE_FAST_MATH
bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
select ESP_WOLFSSL_NO_HW
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
menu "Protocol Config"
config WOLFSSL_HAVE_ALPN
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
config WOLFSSL_ALLOW_TLS13
bool "Allow TLS 1.3"
default y
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_ALLOW_TLS12
bool "Allow TLS 1.2"
default n
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_HAVE_TLS_EXTENSIONS
bool "Enable TLS Extensions"
default y
help
Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
config WOLFSSL_ALT_CERT_CHAINS
bool "Enable Alternate Certificate Chains"
default n
help
The option relaxes the default strict wolfSSL certificate chain processing. This
will typically need to be enabled when loading only a CA file. Typically solves
the -188 ASN_NO_SIGNER_E error. Use with caution.
config WOLFSSL_HAVE_OCSP
bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
default n
help
Sets HAVE_OCSP
endmenu # Protocol Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config TLS_STACK_WOLFSSL
# Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
bool
default n
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
menu "wolfSSL ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
menu "Certificate Bundle"
depends on ESP_TLS_USING_WOLFSSL
config WOLFSSL_CERTIFICATE_BUNDLE
bool "Enable trusted root certificate bundle"
default y if ESP_TLS_USING_WOLFSSL
default n
depends on ESP_TLS_USING_WOLFSSL
help
Enable support for large number of default root certificates
When enabled this option allows user to store default as well
as customer specific root certificates in compressed format rather
than storing full certificate. For the root certificates the public key and the subject name
will be stored.
config WOLFSSL_NO_ASN_STRICT
bool "Relax Certificate ASN Strict Checks"
default n
depends on ESP_TLS_USING_WOLFSSL
help
Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
it is recommended to NOT enable this.
config WOLFSSL_ASN_ALLOW_0_SERIAL
bool "Allow cert missing an ASN Serial Number"
default y
depends on ESP_TLS_USING_WOLFSSL
help
Although not recommended, there may be certificates in the bundle that are missing
a serial number. This option allows the missing value without having to fully
disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
bool "Default certificate bundle options"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
bool "Use the full default certificate bundle"
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
bool "Use only the most common certificates from the default bundles"
help
Use only the most common certificates from the default bundles, reducing the size with 50%,
while still having around 99% coverage.
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
help
Name of the custom certificate directory or file. This path is evaluated
relative to the project root directory.
config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
bool "Add deprecated root certificates"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
help
Include the deprecated list of root certificates in the bundle.
This list gets updated when a certificate is removed from the Mozilla's
NSS root certificate store. This config can be enabled if you would like
to ensure that none of the certificates that were deployed in the product
are affected because of the update to bundle. In turn, enabling this
config keeps expired, retracted certificates in the bundle and it may
pose a security risk.
- Deprecated cert list may grow based based on sync with upstream bundle
- Deprecated certs would be be removed in ESP-IDF (next) major release
config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
int "Maximum no of certificates allowed in certificate bundle"
default 200
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
endmenu
endmenu # wolfSSL ESP-TLS
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
bool "Modify default hardware acceleration settings"
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
Typically used for debugging, analysis, or optimizations. The default
hardware acceleration features can be each manually adjusted.
menu "wolfSSL Hardware Acceleration"
config ESP_WOLFSSL_NO_ESP32_CRYPT
bool "Disable all ESP32 Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
Consider disabling FASTMATH (other libraries are faster in software and smaller)
config ESP_WOLFSSL_NO_HW_AES
bool "Disable all ESP32 AES Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.When selected defines: NO_HW_AES
config ESP_WOLFSSL_NO_HW_HASH
bool "Disable all ESP32 SHA Hash Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
config ESP_WOLFSSL_NO_HW_RSA_PRI
bool "Disable all ESP32 RSA Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
bool "Disable all ESP32 Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.
Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Experimental Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Debug Options"
config ESP_WOLFSSL_DEBUG_WOLFSSL
bool "Enable wolfSSL Debugging"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Customization"
config CUSTOM_SETTING_WOLFSSL_ROOT
string "Enter a path for wolfSSL source code"
default "~/workspace/wolfssl"
help
This option lets you specify a directory for the wolfSSL source code (typically a git clone).
Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
(e.g., C:\\myfolder\\mysubfolder).
endmenu # wolfSSL Customization
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Component Config"
config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
bool "Ignore the ESP-IDF component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
config IGNORE_LOCAL_WOLFSSL_COMPONENT
bool "Ignore the local component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the local project components directory.
Requires wolfssl as a ESP-IDF component.
endmenu # Component Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Utility Config"
config USE_WOLFSSL_ESP_SDK_TIME
bool "Enable wolfSSL time helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
config USE_WOLFSSL_ESP_SDK_WIFI
bool "Enable wolfSSL WiFi helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
endmenu # Utility Config
endmenu # wolfSSL
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfSSH"
config ESP_ENABLE_WOLFSSH
bool "Enable wolfSSH options"
default n
help
Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
config ESP_WOLFSSL_DEBUG_WOLFSSH
bool "Enable wolfSSH debugging"
default n
help
Enable wolfSSH debugging macro. See user_settings.h
endmenu # wolfSSH
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfMQTT"
config ESP_ENABLE_WOLFMQTT
bool "Enable wolfMQTT options"
default n
help
Enables WOLFMQTT
config ESP_WOLFSSL_DEBUG_WOLFMQTT
bool "Enable wolfMQTT debugging"
default n
help
Enable wolfMQTT debugging macro. See user_settings.h
endmenu # wolfMQTT
# ---------------------------------------------------------------------------------------------------------------------

503
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@ -1,4 +1,4 @@
/* user_settings.h
/* wolfssl-component include/user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
@ -18,19 +18,52 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here
* Do not include any wolfssl headers here.
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
* ensure all examples match. The template example is the reference.
*/
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* Naming convention: (see also esp32-crypt.h for the reference source).
*
* CONFIG_
* This prefix indicates the setting came from the sdkconfig / Kconfig.
*
* May or may not be related to wolfSSL.
*
* The name after this prefix must exactly match that in the Kconfig file.
*
* WOLFSSL_
* Typical of many, but not all wolfSSL macro names.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* May or may not have a corresponding sdkconfig / Kconfig control.
*
* ESP_WOLFSSL_
* These are NOT valid wolfSSL macro names. These are names only used in
* the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
* suffix added. See next section.
*
* CONFIG_ESP_WOLFSSL_
* This is a wolfSSL-specific macro that has been defined in the ESP-IDF
* via the sdkconfig / menuconfig. Any text after this prefix should
* exactly match an existing wolfSSL macro name.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* These macros may also be specific to only the project or environment,
* and possibly not used anywhere else in the wolfSSL libraries.
*/
/* The Espressif sdkconfig will have chipset info.
**
@ -46,33 +79,228 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
#define NO_ESP_SDK_WIFI
/* Test various user_settings between applications by selecting example apps
* in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
/* Turn on messages that are useful to see only in examples. */
#define WOLFSSL_EXAMPLE_VERBOSITY
/* wolfSSL Examples: set macros used in example applications.
*
* These Settings NOT available in ESP-IDF (e.g. esp-tls)
*
* Any settings needed by ESP-IDF components should be explicitly set,
* and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
*
* ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfSSH Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfMQTT Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfTPM Examples */
#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
/* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Apple HomeKit Examples */
#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* See https://github.com/AchimPieters/esp32-homekit-demo */
/* no example selected */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
/* We'll assume the app needs to use wolfSSL sdk lib function */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Other applications detected by cmake */
#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
/* The wolfSSL Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#elif defined(APP_ESP_HTTP_CLIENT)
/* The ESP-IDF Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#else
#ifdef WOLFSSL_ESPIDF
/* #warning "App config undetected" */
#endif
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#if 0
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define NO_SESSION_CACHE
#endif
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
#define USE_CERT_BUFFERS_2048
/* The Espressif sdkconfig will have chipset info.
**
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
** CONFIG_IDF_TARGET_ESP32S3
** CONFIG_IDF_TARGET_ESP32C3
** CONFIG_IDF_TARGET_ESP32C6
*/
/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#endif /* Apple HomeKit settings */
/* Used by ESP-IDF components: */
#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
/* The ESP-TLS */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#endif
/* Optionally enable some wolfSSH settings */
#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
/* optional debug */
/* #undef DEBUG_WOLFSSH */
/* #define DEBUG_WOLFSSH */
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/*
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*
* following ifdef detection only for syntax highlighting:
*/
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32
#ifdef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESPWROOM32SE
#endif
#ifdef WOLFSSL_ESP8266
#undef WOLFSSL_ESP8266
#endif
#ifdef WOLFSSL_ESP32
#undef WOLFSSL_ESP32
#endif
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
#define SINGLE_THREADED
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
@ -92,9 +320,6 @@
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
/* #define WOLFSSL_NOSHA512_256 */
@ -109,14 +334,33 @@
#define BENCH_EMBEDDED
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_HKDF
/* May be required */
#ifndef HAVE_AEAD
#endif
/* Required for ECC */
#define HAVE_SUPPORTED_CURVES
/* Required for RSA */
#define WC_RSA_PSS
/* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */
#if defined(HAVE_FFDHE_2048) || \
defined(HAVE_FFDHE_3072) || \
defined(HAVE_FFDHE_4096) || \
defined(HAVE_FFDHE_6144) || \
defined(HAVE_FFDHE_8192)
#else
/* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
#endif
#endif
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#define NO_FILESYSTEM
@ -133,29 +377,64 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* Some known low-memory devices have features not enabled by default. */
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
/* #define WOLFSSL_SHA3 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#endif
#define HAVE_ED25519
#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
#define MY_USE_ECC 0
#define MY_USE_RSA 1
#else
#define MY_USE_ECC 1
#define MY_USE_RSA 0
#endif
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* We can use either or both ECC and RSA, but must use at least one. */
#if MY_USE_ECC || MY_USE_RSA
#if MY_USE_ECC
/* ---- ECDSA / ECC ---- */
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_SHA512
/*
#define HAVE_ECC384
#define CURVE25519_SMALL
*/
#else
#define WOLFSSH_NO_ECC
/* WOLFSSH_NO_ECDSA is typically defined automatically,
* here for clarity: */
#define WOLFSSH_NO_ECDSA
#endif
#if MY_USE_RSA
/* ---- RSA ----- */
/* #define RSA_LOW_MEM */
/* DH disabled by default, needed if ECDSA/ECC also turned off */
#define HAVE_DH
#else
#define WOLFSSH_NO_RSA
#endif
#else
#error "Either RSA or ECC must be enabled"
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* #Optional HAVE_PKCS7 */
/* #define HAVE_PKCS7 */
@ -208,7 +487,7 @@
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
@ -217,6 +496,14 @@
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
/* Just syntax highlighting to check math libraries: */
#if defined(SP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_FAST_MATH) || \
defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
@ -224,18 +511,32 @@
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#define HAVE_SESSION_TICKET
#ifndef NO_SESSION_CACHE
#define HAVE_SESSION_TICKET
#endif
/* #define HAVE_HASHDRBG */
#if 0
/* Example for additional cert functions */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_CERT_TEXT
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
#endif
#define WOLFSSL_ASN_TEMPLATE
@ -255,10 +556,62 @@
--enable-asn-template
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings, possible cipher suites:
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
TLS13-SM4-GCM-SM3
TLS13-SM4-CCM-SM3
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
"TLS13-SM4-CCM-SM3:"
*/
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#define HAVE_POLY1305
#define HAVE_CHACHA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#else
/* default settings */
#define USE_CERT_BUFFERS_2048
#endif
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
@ -435,18 +788,30 @@
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
@ -458,7 +823,8 @@ Turn on timer debugging (used when CPU cycles not available)
*/
/* Pause in a loop rather than exit. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE
/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
#define WOLFSSL_HW_METRICS
@ -507,6 +873,12 @@ Turn on timer debugging (used when CPU cycles not available)
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@ -584,7 +956,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -605,7 +978,8 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
@ -629,3 +1003,34 @@ Turn on timer debugging (used when CPU cycles not available)
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/

123
IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,123 @@
# Kconfig main
#
# Copyright (C) 2006-2024 wolfSSL Inc. All rights reserved.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example wolfSSL Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hellow World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_APPLE_HOMEKIT
bool "Apple HomeKit for the ESP32"
help
See AchimPieters/esp32-homekit-demo on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config WOLFSSL_TARGET_HOST
string "Target host"
default "127.0.0.1"
help
host address for the example to connect
config WOLFSSL_TARGET_PORT
int "Target port"
default 11111
help
host port for the example to connect
endmenu

5
IDE/Espressif/ESP-IDF/examples/template/main/main.c
View File

@ -50,6 +50,11 @@ void app_main(void)
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
int ret = 0;
#endif
#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
#endif
ESP_LOGI(TAG, "Hello wolfSSL!");
#ifdef HAVE_VERSION_EXTENDED_INFO

5
IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
View File

@ -1,6 +1,11 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
# Set the known example app config to TLS Client (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
#
# Default main stack size
#

8
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
View File

@ -62,10 +62,10 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
## ESP-IDF Commandline
1. `idf.py menuconfig` to configure the program.
1. `idf.py menuconfig` to configure the program.
1-1. Example Configuration ->
BENCH_ARG : argument that you want to use. Default is "-lng 0"
BENCH_ARG : argument that you want to use. Default is "-lng 0"
The list of argument can be find in help.
When you want to run the benchmark program
@ -110,9 +110,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
## Example Output
Note the default wolfSSL `user_settings.h` is configured by default to be the most
Note the default wolfSSL `user_settings.h` is configured by default to be the most
compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
for help in optimizing for your particular application, or see the
for help in optimizing for your particular application, or see the
[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`:

26
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@ -1,21 +1,21 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# cmake for wolfssl Espressif projects
#

4
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024

2
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
View File

@ -19,7 +19,7 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
endif()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
INCLUDE_DIRS "."
"./include")
#

105
IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
View File

@ -39,6 +39,10 @@
#
PROJECT_NAME := wolfssl_client
# Optionally include component source when print path (needs work to then properly build)
#
# include components/wolfssl/component.mk
MY_PRIVATE_CONFIG ?= n
USE_MY_PRIVATE_WSL_CONFIG ?= n
USE_MY_PRIVATE_MAC_CONFIG ?= n
@ -52,76 +56,76 @@ USE_MY_PRIVATE_WINDOWS_CONFIG ?= n
$(info ************* wolfssl_client *************)
ifeq ($(MY_PRIVATE_CONFIG),y)
CFLAGS += -DMY_PRIVATE_CONFIG
$(info Enabled MY_PRIVATE_CONFIG")
CFLAGS += -DMY_PRIVATE_CONFIG
$(info Enabled MY_PRIVATE_CONFIG")
endif
# Check for Windows environment variable: USE_MY_PRIVATE_WINDOWS_CONFIG
ifeq ($(USE_MY_PRIVATE_WINDOWS_CONFIG),y)
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := /workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
$(info Using private config file for: Windows)
endif
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := /workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_WINDOWS_CONFIG
$(info Using private config file for: Windows)
endif
endif
# Check for WSL environment variable: USE_MY_PRIVATE_WSL_CONFIG
ifeq ($(USE_MY_PRIVATE_WSL_CONFIG),y)
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
$(info Using private config file for: WSL)
endif
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := /mnt/c/workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_WSL_CONFIG
$(info Using private config file for: WSL)
endif
endif
# Check for Linux environment variable: USE_MY_PRIVATE_LINUX_CONFIG
ifeq ($(USE_MY_PRIVATE_LINUX_CONFIG),y)
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := ~/workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
$(info Using private config file for: Linux)
endif
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := ~/workspace/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_LINUX_CONFIG
$(info Using private config file for: Linux)
endif
endif
# Check for Mac environment variable: USE_MY_PRIVATE_MAC_CONFIG
ifeq ($(USE_MY_PRIVATE_MAC_CONFIG),y)
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := ~/Documents/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
$(info Using private config file for: Mac)
endif
# This hard coded MY_CONFIG_FILE value must match that in the header file.
MY_CONFIG_FILE := ~/Documents/my_private_config.h
ifeq ($(wildcard $(MY_CONFIG_FILE)),)
$(info File does not exist: $(MY_CONFIG_FILE))
else
CFLAGS += -DUSE_MY_PRIVATE_MAC_CONFIG
$(info Using private config file for: Mac)
endif
endif
ifneq ($(OS),MY_PRIVATE_CONFIG)
CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
CFLAGS += -DMY_PRIVATE_CONFIG="$(MY_PRIVATE_CONFIG)"
else
ifeq ($(OS),Linux)
CFLAGS += -DOS_LINUX
endif
ifeq ($(OS),Windows_NT)
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
endif
ifeq ($(OS),Darwin)
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
endif
ifneq (,$(findstring MINGW,$(OS)))
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
endif
ifneq (,$(findstring CYGWIN,$(OS)))
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
endif
ifeq ($(OS),Linux)
CFLAGS += -DOS_LINUX
endif
ifeq ($(OS),Windows_NT)
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_WINDOWS
endif
ifeq ($(OS),Darwin)
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_APPLE
endif
ifneq (,$(findstring MINGW,$(OS)))
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_MINGW
endif
ifneq (,$(findstring CYGWIN,$(OS)))
CFLAGS += -DWOLFSSL_MAKE_SYSTEM_NAME_CYGWIN
endif
endif
# It is essential that the build process sees the WOLFSSL_USER_SETTINGS
@ -132,3 +136,4 @@ EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_
# The Standard Espressif IDF include:
include $(IDF_PATH)/make/project.mk

88
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
View File

@ -56,23 +56,23 @@ Difficulty flashing:
1. `idf.py menuconfig` to config the project
1-1. Example Configuration ->
1-1. Example Configuration ->
Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
1-2. Example Connection Configuration ->
WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI Password: WIFI password, and default is "mypassword"
Note: the example program uses 11111 port. If you want to use different port
Note: the example program uses 11111 port. If you want to use different port
, you need to modify DEFAULT_PORT definition in the code.
When you want to test the wolfSSL client
1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
2. You can use <wolfssl>/examples/server/server program for test.
1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
2. You can use <wolfssl>/examples/server/server program for test.
e.g. Launch ./examples/server/server -v 4 -b -i -d
@ -83,11 +83,75 @@ Reminder that we build with `make` and not `cmake` in VisualGDB.
Build files will be created in `[project directory]\build`
## ESP-IDF make Commandline (version 3.5 or earlier for the ESP8266)
See notes below if building a project in a directory other than the examples.
Problems?
- Try deleting any existing `sdkconfig` file and/or `./build` directory to start fresh.
- Be sure the RTOS SDK is installed and properly configured.
## ESP-IDF `make` Commandline (version 3.5 or earlier for the ESP8266)
In-place example build:
```bash
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client
make clean
make
```
When building a in a *different directory*, for example assuming the `wolfssl_client` in the wolfssl examples
directory is copied to the `C:\test\demo` directory in Windows. (aka ` /mnt/c/test/demo` in WSL),
with a clone of wolfSSL `master` branch in `C:\workspace\wolfssl-master`:
```bash
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
```
Modify the project `./components/wolfssl/component.mk` file. Adjust `WOLFSSL_ROOT` setting, in this case to a value of:
`WOLFSSL_ROOT := ../../../../workspace/wolfssl-master`
Ensure the path is *relative* to the project `component.mk` file location and *not* absolute.
Note the location of the component makefile in this case is `c:\test\demo\components\wolfssl\component.mk`.
Thus we need to navigate up 4 parents to the root of `C:\` to find `/mnt/c` in WSL.
Proceed to run `make` from the project directory as usual:
```bash
# setup environment as needed
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
# copy and navigate to project directory
mkdir -p /mnt/c/test/demo
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
cd /mnt/c/test/demo
# Clean
rm -rf ./build
rm sdkconfig
make clean
# Edit ./components/wolfssl/component.mk and set WOLFSSL_ROOT value
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# build the example project
make
```
When using `make` there should be details in the build log to indicate
the assigned path, and the equivalent, fully-qualified path of `WOLFSSL_ROOT`.
```
export IDF_PATH=~/esp/ESP8266_RTOS_SDK
************* wolfssl_client *************
*********** wolfssl component ************
WOLFSSL_ROOT defined: ../../../../workspace/wolfssl-master
WOLFSSL_ROOT actual: /mnt/c/workspace/wolfssl-master
********** end wolfssl component **********
```
@ -158,7 +222,7 @@ Command:
```
cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
idf.py flash -p /dev/ttyS19 -b 115200 monitor
```

138
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
View File

@ -49,7 +49,7 @@ make clean && make
### Others...
```
# Success: Linux Client to ESP32 Server TLS1.2
# Success: Linux Client to ESP32 Server TLS1.2
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@ -81,7 +81,7 @@ be the same as the Linux server files.
| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem |
| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C |
| emdedded:
| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2 |
@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
I (636) spi_flash: detected chip: generic
I (639) spi_flash: flash io: dio
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
size in the binary image header.
I (657) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14725) wolfssl: Point Formats extension to write
W (14735) wolfio: ssl->wflags = 0
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
W (14775) wolfio: sz = 87
I (14775) wolfssl: Shrinking output buffer
I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
I (14795) wolfssl: growing output buffer
I (14805) internal.c: GrowOutputBuffer ok
W (14815) wolfio: ssl->wflags = 0
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
W (15135) wolfio: sz = 747
I (15135) wolfssl: Shrinking output buffer
I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
I (15925) wolfssl: growing output buffer
I (15925) internal.c: GrowOutputBuffer ok
W (15925) wolfio: ssl->wflags = 0
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
W (15995) wolfio: sz = 154
I (16005) wolfssl: Shrinking output buffer
I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
I (16035) wolfssl: growing output buffer
I (16035) internal.c: GrowOutputBuffer ok
W (16045) wolfio: ssl->wflags = 0
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
W (16045) wolfio: sz = 9
I (16055) wolfssl: Embed Send error
I (16055) wolfssl: Connection reset
@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
E (16145) tls_server: ERROR: failed to read
I (16145) wolfssl: Client sends:
I (16145) wolfssl:
I (16145) wolfssl:
I (16155) wolfssl: wolfSSL Entering wolfSSL_write
I (16155) wolfssl: handshake not complete, trying to finish
I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
I (16175) wolfssl: wolfSSL Entering ReinitSSL
W (16185) wolfio: ssl->wflags = 0
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
W (16185) wolfio: sz = 9
I (16195) wolfssl: Embed Send error
I (16195) wolfssl: General error

26
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
View File

@ -1,21 +1,21 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# cmake for wolfssl Espressif projects
#

66
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
View File

@ -18,7 +18,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
#
$(info *********** wolfssl component ************)
#
# Component Makefile
#
#
@ -48,14 +50,57 @@
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
# Note that 4 source files created by autogen are excluded here.
#
# See these files commented out, below. Adjust as needed for your application:
#
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
# In the wolfSSL GitHub examples for Espressif:
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here:
# The root is 7 directories up from here (the location of of this component.mk):
WOLFSSL_ROOT := ../../../../../../..
# To set the location of a different location, it is best to use relative paths.
#
# Set WOLFSSL_ROOT to a relative path from the current component directory.
# For example, if the wolfssl_client is copied from the examples to test:
#
# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
#
# we run make in /mnt/c/test/demo
# component is in /mnt/c/test/demo/components/wolfssl
# wolfssl is in /mnt/c/workspace/wolfssl-master
#
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[currect directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# Optional CFLAGS (make works without these; for reference only)
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := .
@ -64,7 +109,6 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
@ -120,7 +164,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@ -144,7 +188,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@ -176,7 +220,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@ -213,8 +257,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
@ -246,5 +290,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
##
## wolfcrypt
##
# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
$(info ********** end wolfssl component **********)

4
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@ -297,8 +297,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
/* see user_settings PROJECT_DH for HAVE_DH and HAVE_FFDHE_2048 */
#ifndef NO_DH
ret = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
if (ret != WOLFSSL_SUCCESS) {
ret_i = wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits);
if (ret_i != WOLFSSL_SUCCESS) {
ESP_LOGE(TAG, "Error setting minimum DH key size");
}
#endif

10
IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
View File

@ -20,18 +20,18 @@ The Example contains a wolfSSL simple server.
1. `idf.py menuconfig` to configure the project
1-1. Example Connection Configuration ->
WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI Password : WIFI password, and default is "mypassword"
When you want to test the wolfSSL simple server demo
1. `idf.py -p <PORT> flash` to compile the code and load the firmware
2. `idf.py monitor` to see the context. The assigned IP address can be found in output message.
3. Once the server connects to the wifi, it is waiting for client request.
3. Once the server connects to the wifi, it is waiting for client request.
("Waiting for a connection..." message will be displayed.)
4. You can use <wolfssl>/examples/client to test the server
4. You can use <wolfssl>/examples/client to test the server
e.g ./example/client/client -h xx.xx.xx
See the README.md file in the upper level 'examples' directory for more information about examples.

138
IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
View File

@ -49,7 +49,7 @@ make clean && make
### Others...
```
# Success: Linux Client to ESP32 Server TLS1.2
# Success: Linux Client to ESP32 Server TLS1.2
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@ -81,7 +81,7 @@ be the same as the Linux server files.
| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem |
| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C |
| emdedded:
| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2 |
@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
I (636) spi_flash: detected chip: generic
I (639) spi_flash: flash io: dio
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
size in the binary image header.
I (657) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14725) wolfssl: Point Formats extension to write
W (14735) wolfio: ssl->wflags = 0
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
W (14775) wolfio: sz = 87
I (14775) wolfssl: Shrinking output buffer
I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
I (14795) wolfssl: growing output buffer
I (14805) internal.c: GrowOutputBuffer ok
W (14815) wolfio: ssl->wflags = 0
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
W (15135) wolfio: sz = 747
I (15135) wolfssl: Shrinking output buffer
I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
I (15925) wolfssl: growing output buffer
I (15925) internal.c: GrowOutputBuffer ok
W (15925) wolfio: ssl->wflags = 0
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
W (15995) wolfio: sz = 154
I (16005) wolfssl: Shrinking output buffer
I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
I (16035) wolfssl: growing output buffer
I (16035) internal.c: GrowOutputBuffer ok
W (16045) wolfio: ssl->wflags = 0
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
W (16045) wolfio: sz = 9
I (16055) wolfssl: Embed Send error
I (16055) wolfssl: Connection reset
@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
E (16145) tls_server: ERROR: failed to read
I (16145) wolfssl: Client sends:
I (16145) wolfssl:
I (16145) wolfssl:
I (16155) wolfssl: wolfSSL Entering wolfSSL_write
I (16155) wolfssl: handshake not complete, trying to finish
I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
I (16175) wolfssl: wolfSSL Entering ReinitSSL
W (16185) wolfio: ssl->wflags = 0
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
W (16185) wolfio: sz = 9
I (16195) wolfssl: Embed Send error
I (16195) wolfssl: General error

26
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
View File

@ -1,21 +1,21 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# cmake for wolfssl Espressif projects
#

4
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
View File

@ -132,7 +132,7 @@
#define WOLFSSL_SHA384
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* Some known low-memory devices have features not enabled by default. */
/* Some known low-memory devices have features not enabled by default. */
#else
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
@ -140,7 +140,7 @@
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#define HAVE_ECC

2
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk
View File

@ -1,3 +1,3 @@
#
# Main Makefile. This is basically the same as a component makefile.
#
#

12
IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md
View File

@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
## ESP Registry
The easiest way to get started with wolfSSL is by using the
The easiest way to get started with wolfSSL is by using the
[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples.
```
@ -24,10 +24,10 @@ No wolfSSL setup is needed. You may need to adjust your specific COM port. The d
## ESP-IDF Commandline
1. `idf.py menuconfig` to configure the program.
1. `idf.py menuconfig` to configure the program.
1-1. Example Configuration ->
TEST_ARG : argument that you want to use. Default is "-lng 0"
TEST_ARG : argument that you want to use. Default is "-lng 0"
The list of argument can be find in help.
When you want to run the test program
@ -60,16 +60,16 @@ idf.py set-target esp32s3
idf.py erase-flash -p /dev/ttyS24 -b 115200
# start with a low upload speed, then increase as found operational
idf.py
idf.py
# build and flash, in this example to COM24
idf.py build flash -p /dev/ttyS24 -b 115200 monitor
```
## Example Output
Note the default wolfSSL `user_settings.h` is configured by default to be the most
Note the default wolfSSL `user_settings.h` is configured by default to be the most
compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
for help in optimizing for your particular application, or see the
for help in optimizing for your particular application, or see the
[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`:

26
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
View File

@ -1,21 +1,21 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# cmake for wolfssl Espressif projects
#

4
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
View File

@ -705,7 +705,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
@ -726,7 +726,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
/* Be sure to include in app when using example certs: */
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024

2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
#
# testAll.sh [keyword suffix]
#

2
IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
#
# Syntax:
# ./testMonitor.sh <example_name> <target> <keyword>

8
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/README.md
View File

@ -12,10 +12,10 @@ Open the VisualGDB Visual Studio Project file in the VisualGDB directory and cli
## ESP-IDF Commandline
1. `idf.py menuconfig` to configure the program.
1. `idf.py menuconfig` to configure the program.
1-1. Example Configuration ->
TEST_ARG : argument that you want to use. Default is "-lng 0"
TEST_ARG : argument that you want to use. Default is "-lng 0"
The list of argument can be find in help.
When you want to run the test program
@ -46,9 +46,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
## Example Output
Note the default wolfSSL `user_settings.h` is configured by default to be the most
Note the default wolfSSL `user_settings.h` is configured by default to be the most
compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
for help in optimizing for your particular application, or see the
for help in optimizing for your particular application, or see the
[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`:

6
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/component.mk
View File

@ -1,8 +1,8 @@
#
# Main component makefile.
#
# This Makefile can be left empty. By default, it will take the sources in the
# src/ directory, compile them and link them into lib(subdirectory_name).a
# This Makefile can be left empty. By default, it will take the sources in the
# src/ directory, compile them and link them into lib(subdirectory_name).a
# in the build directory. This behaviour is entirely configurable,
# please read the ESP-IDF documents if you need to do this.
#
#

2
IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/component.mk
View File

@ -1,3 +1,3 @@
#
# Main Makefile. This is basically the same as a component makefile.
#
#

Some files were not shown because too many files have changed in this diff Show More