mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-10 10:33:06 +02:00
Merge branch 'wolfSSL:master' into tropic01-dev
This commit is contained in:
@@ -18,7 +18,7 @@ jobs:
|
||||
matrix:
|
||||
config: [
|
||||
# Add new configs here
|
||||
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS=-DWOLFSSL_ML_KEM_USE_OLD_IDS'
|
||||
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
|
||||
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
|
||||
|
||||
@@ -96,6 +96,7 @@ CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
|
||||
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
|
||||
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
|
||||
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
|
||||
CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
CONFIG_FREERTOS_HZ
|
||||
CONFIG_FREERTOS_UNICORE
|
||||
CONFIG_IDF_TARGET
|
||||
@@ -286,6 +287,7 @@ IOTSAFE_NO_GETDATA
|
||||
IOTSAFE_SIG_8BIT_LENGTH
|
||||
KCAPI_USE_XMALLOC
|
||||
K_SERIES
|
||||
LIBWOLFSSL_CMAKE_OUTPUT
|
||||
LIBWOLFSSL_VERSION_GIT_BRANCH
|
||||
LIBWOLFSSL_VERSION_GIT_HASH
|
||||
LIBWOLFSSL_VERSION_GIT_HASH_DATE
|
||||
@@ -415,6 +417,7 @@ NO_WOLFSSL_SHA256_INTERLEAVE
|
||||
NO_WOLFSSL_SHA512_INTERLEAVE
|
||||
NO_WOLFSSL_SKIP_TRAILING_PAD
|
||||
NO_WOLFSSL_SMALL_STACK_STATIC
|
||||
NO_WOLFSSL_USE_ASM_CERT
|
||||
NO_WOLFSSL_XILINX_TAG_MALLOC
|
||||
NRF52
|
||||
NRF52_SERIES
|
||||
@@ -456,6 +459,7 @@ SHOW_CERTS
|
||||
SHOW_GEN
|
||||
SHOW_SIZES
|
||||
SHOW_SSID_AND_PASSWORD
|
||||
SHOW_WOLFSSL_BUNDLE_ERROR
|
||||
SIM_SCGC3_RNGA_MASK
|
||||
SIM_SCGC5_PORTC_MASK
|
||||
SIM_SCGC5_PORTD_MASK
|
||||
@@ -518,6 +522,8 @@ TI_DUMMY_BUILD
|
||||
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
|
||||
TSIP_RSAES_1024
|
||||
TSIP_RSAES_2048
|
||||
TSIP_RSASSA_1024
|
||||
TSIP_RSASSA_2048
|
||||
UNICODE
|
||||
USER_CA_CB
|
||||
USER_CUSTOM_SNIFFX
|
||||
|
||||
@@ -19,23 +19,62 @@
|
||||
#
|
||||
# cmake for wolfssl Espressif projects
|
||||
#
|
||||
# Version 5.7.2 Espressif ESP-IDF integration
|
||||
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
|
||||
#
|
||||
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
|
||||
#
|
||||
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
set(VERBOSE_COMPONENT_MESSAGES 1)
|
||||
|
||||
# Optional requires include:
|
||||
# set(THIS_ESP_TLS "esp-tls")
|
||||
set(THIS_ESP_TLS "")
|
||||
|
||||
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "")
|
||||
|
||||
|
||||
if(CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
else()
|
||||
# Initialize a new libwolfssl_output.h in the cmake build directory.
|
||||
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
# The next WRITE replaces a file.
|
||||
# This is here to remove any ambiguity on file removal & generation.
|
||||
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
endif()
|
||||
|
||||
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"/* libwolfssl_output.h generated by wolfssl component */\n"
|
||||
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
|
||||
"\n"
|
||||
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
|
||||
endif()
|
||||
|
||||
# Append messages with:
|
||||
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
|
||||
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
|
||||
# function: IS_ESP_IDF_COMPONENT
|
||||
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
|
||||
# otherwise 0 (false)
|
||||
function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
function( IS_ESP_IDF_COMPONENT
|
||||
RESULT)
|
||||
# NOTE: Component location is based on the location of the CMakeList.txt
|
||||
# and *not* the location of the wolfSSL source code. (which may be anywhere)
|
||||
|
||||
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
|
||||
#
|
||||
# VAR_OUTPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
|
||||
if(0)
|
||||
# Optional debug
|
||||
message(STATUS "Looking for LF in ${THIS_VAR}")
|
||||
endif()
|
||||
|
||||
# Check if the text to print in THIS_VAR is multi-line
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
list(LENGTH LINES LINE_COUNT)
|
||||
|
||||
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
|
||||
if(LINE_COUNT GREATER 1)
|
||||
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
|
||||
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
|
||||
|
||||
# Split into lines
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
foreach(LINE IN LISTS LINES)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
|
||||
endforeach()
|
||||
|
||||
# Final empty line to close the macro
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
|
||||
|
||||
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
|
||||
else()
|
||||
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
|
||||
# We should not have any, but just to be sure:
|
||||
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUTPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
|
||||
|
||||
endif()
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUTPUT} "Unknown")
|
||||
endif()
|
||||
|
||||
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
#
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
|
||||
#
|
||||
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
|
||||
# String is available at runtime in app
|
||||
#
|
||||
|
||||
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
THIS_MESSAGE )
|
||||
# Normally, we'd simply print a message:
|
||||
message(STATUS "${THIS_MESSAGE}")
|
||||
|
||||
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
|
||||
|
||||
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
|
||||
# See single instance at the end of this file.
|
||||
endfunction()
|
||||
|
||||
# Determine if this cmake file is located in the ESP-IDF component directory or not,
|
||||
# and if so, if it is being ignored (allowing the use of a local project one, instead).
|
||||
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
|
||||
@@ -77,20 +206,6 @@ else()
|
||||
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
endif()
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
if( "$ENV{IDF_PATH}" STREQUAL "" )
|
||||
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
|
||||
else()
|
||||
@@ -185,7 +300,9 @@ endif()
|
||||
# Check environment variable name EVARPARAM as [name]
|
||||
# If defined, and has a value of EVARVALUE as [value],
|
||||
# then assign a compiler definition "-D[name]=[value]"
|
||||
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
|
||||
function( ENVIRONMENT_VAR_TO_MACRO
|
||||
EVARPARAM # Environment variable parameter name
|
||||
EVARVALUE) # Environment variable value
|
||||
# If the EVARPARAM environment variable name is set to EVARVALUE,
|
||||
# set the compiler flag definition to enable CSV output.
|
||||
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
|
||||
@@ -217,7 +334,8 @@ endfunction()
|
||||
# function: IS_WOLFSSL_SOURCE
|
||||
# parameter: DIRECTORY_PARAMETER - the directory to test
|
||||
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
|
||||
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
|
||||
function( IS_WOLFSSL_SOURCE
|
||||
DIRECTORY_PARAMETER
|
||||
RESULT )
|
||||
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
|
||||
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
|
||||
@@ -233,7 +351,8 @@ endfunction()
|
||||
# Example usage:
|
||||
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
|
||||
# *********************************************************************************************
|
||||
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
function( FIND_WOLFSSL_DIRECTORY
|
||||
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
|
||||
|
||||
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
|
||||
@@ -673,9 +792,9 @@ else()
|
||||
# depending on the environment, we may need to swap backslashes with forward slashes
|
||||
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
|
||||
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
|
||||
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
|
||||
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
|
||||
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
||||
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
|
||||
)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
|
||||
|
||||
if (CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
endif()
|
||||
# reminder: we need a value for wolfSSL root first!
|
||||
if( "${WOLFSSL_ROOT}" STREQUAL "" )
|
||||
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
endif()
|
||||
|
||||
# Cert bundle in wolfSSL source unless otherwise specified later
|
||||
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
|
||||
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
|
||||
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
# Some environments may not have environment variable, so double check if we are in .pio
|
||||
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
set(IS_PLATFORMIO 0)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
|
||||
set(bundle_name "x509_crt_bundle_wolfssl")
|
||||
|
||||
# For now the certs are in the same directory
|
||||
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
get_filename_component(custom_bundle_path
|
||||
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
|
||||
list(APPEND crt_paths ${custom_bundle_path})
|
||||
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
else()
|
||||
message(STATUS "Not using a custom wolfSSL bundle path.")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
|
||||
endif()
|
||||
list(APPEND args --input ${crt_paths} -q)
|
||||
|
||||
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
message(STATUS "args ${args}")
|
||||
message(STATUS "cert_bundle ${cert_bundle}")
|
||||
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
if (IS_PLATFORMIO)
|
||||
# PlatformIO cannot generate a Certificate Bundle at build time
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
|
||||
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
|
||||
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
|
||||
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
|
||||
message(STATUS "Alternate Cert Path is relative to project.")
|
||||
else()
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
|
||||
message(STATUS "Alternate Cert Path is not relative to project.")
|
||||
endif()
|
||||
|
||||
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
|
||||
# Still, we may have an alternate location, particulatly needed for PlatformIO:
|
||||
if(IS_CERT_BUNDLE_RELATIVE_PATH)
|
||||
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
|
||||
|
||||
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
else()
|
||||
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Not using an alternate wolfSSL bundle file.")
|
||||
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Clean the path, removing any extra "./" etc.
|
||||
# Number of spaces in message strings is to align path value outputs
|
||||
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.19")
|
||||
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
|
||||
# optional fallback logic here
|
||||
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
|
||||
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
|
||||
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
|
||||
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
|
||||
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
|
||||
endif()
|
||||
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
|
||||
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
|
||||
message(STATUS "${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
|
||||
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
#
|
||||
|
||||
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
|
||||
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
|
||||
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
|
||||
#
|
||||
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
|
||||
#
|
||||
# for example:
|
||||
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
|
||||
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
|
||||
#
|
||||
message(STATUS "Confirming cert bundle exists...")
|
||||
if(EXISTS "${crt_bundle}")
|
||||
# Number of spaces is to align path value outputs
|
||||
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
|
||||
else()
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
|
||||
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
|
||||
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
|
||||
# Not PlatformIO
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
|
||||
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
|
||||
|
||||
# the wolfSSL crtificate bundle is baked into wolfSSL
|
||||
# the wolfSSL certificate bundle is baked into wolfSSL
|
||||
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
|
||||
|
||||
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
|
||||
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
|
||||
"${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(IS_PLATFORMIO)
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
endif()
|
||||
message(FATAL_ERROR "not detected")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -930,42 +1155,6 @@ endif()
|
||||
# end multiple component check
|
||||
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
|
||||
#
|
||||
# VAR_OUPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUPUT} "Unknown")
|
||||
endif()
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
execute_process(
|
||||
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
|
||||
OUTPUT_VARIABLE IS_GIT_REPO
|
||||
@@ -1049,6 +1238,14 @@ else()
|
||||
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
||||
endif()
|
||||
|
||||
# A single instance of potentially multiple cmake messages to send to app:
|
||||
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
|
||||
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
|
||||
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"\n"
|
||||
"#endif\n" )
|
||||
|
||||
message(STATUS "************************************************************************************************")
|
||||
message(STATUS "wolfSSL component config complete!")
|
||||
message(STATUS "************************************************************************************************")
|
||||
|
||||
@@ -274,10 +274,28 @@ menu "wolfSSL"
|
||||
bool "Do not use the default certificate bundle"
|
||||
endchoice
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Use alternate certificate bundle"
|
||||
help
|
||||
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
|
||||
Enable this option to specify a fixed wolfSSL certificate file path and file name.
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
|
||||
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Default certificate bundle alternate path and name"
|
||||
default "./certs/x509_crt_bundle_wolfssl"
|
||||
help
|
||||
Name of the default certificate bundle directory. Typically used only with PlatformIO.
|
||||
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
|
||||
paths are with respect to root of this project.
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Add custom certificates to the default bundle"
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
||||
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Custom certificate bundle path"
|
||||
@@ -430,6 +448,12 @@ menu "wolfSSL"
|
||||
help
|
||||
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
|
||||
|
||||
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
bool "Suppress build-time warnings for main stack size"
|
||||
default n
|
||||
help
|
||||
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
|
||||
|
||||
config ESP_WOLFSSL_TEST_LOOP
|
||||
bool "Run test apps in a loop until failure"
|
||||
default y
|
||||
|
||||
@@ -853,13 +853,18 @@
|
||||
#ifndef NO_RSA
|
||||
#define ESP32_USE_RSA_PRIMITIVE
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
/* See idf.py menuconfig for stack warning settings */
|
||||
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
|
||||
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
||||
#warning "RSA may be difficult with less than 10KB Stack "/
|
||||
#warning "RSA may be difficult with less than 10KB Stack"
|
||||
#endif
|
||||
#else
|
||||
/* Implement your own stack warning here */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* NOTE HW unreliable for small values! */
|
||||
/* threshold for performance adjustment for HW primitive use */
|
||||
/* X bits of G^X mod P greater than */
|
||||
|
||||
+275
-78
@@ -19,23 +19,62 @@
|
||||
#
|
||||
# cmake for wolfssl Espressif projects
|
||||
#
|
||||
# Version 5.7.2 Espressif ESP-IDF integration
|
||||
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
|
||||
#
|
||||
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
|
||||
#
|
||||
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
set(VERBOSE_COMPONENT_MESSAGES 1)
|
||||
|
||||
# Optional requires include:
|
||||
# set(THIS_ESP_TLS "esp-tls")
|
||||
set(THIS_ESP_TLS "")
|
||||
|
||||
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "")
|
||||
|
||||
|
||||
if(CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
else()
|
||||
# Initialize a new libwolfssl_output.h in the cmake build directory.
|
||||
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
# The next WRITE replaces a file.
|
||||
# This is here to remove any ambiguity on file removal & generation.
|
||||
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
endif()
|
||||
|
||||
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"/* libwolfssl_output.h generated by wolfssl component */\n"
|
||||
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
|
||||
"\n"
|
||||
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
|
||||
endif()
|
||||
|
||||
# Append messages with:
|
||||
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
|
||||
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
|
||||
# function: IS_ESP_IDF_COMPONENT
|
||||
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
|
||||
# otherwise 0 (false)
|
||||
function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
function( IS_ESP_IDF_COMPONENT
|
||||
RESULT)
|
||||
# NOTE: Component location is based on the location of the CMakeList.txt
|
||||
# and *not* the location of the wolfSSL source code. (which may be anywhere)
|
||||
|
||||
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
|
||||
#
|
||||
# VAR_OUTPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
|
||||
if(0)
|
||||
# Optional debug
|
||||
message(STATUS "Looking for LF in ${THIS_VAR}")
|
||||
endif()
|
||||
|
||||
# Check if the text to print in THIS_VAR is multi-line
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
list(LENGTH LINES LINE_COUNT)
|
||||
|
||||
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
|
||||
if(LINE_COUNT GREATER 1)
|
||||
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
|
||||
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
|
||||
|
||||
# Split into lines
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
foreach(LINE IN LISTS LINES)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
|
||||
endforeach()
|
||||
|
||||
# Final empty line to close the macro
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
|
||||
|
||||
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
|
||||
else()
|
||||
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
|
||||
# We should not have any, but just to be sure:
|
||||
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUTPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
|
||||
|
||||
endif()
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUTPUT} "Unknown")
|
||||
endif()
|
||||
|
||||
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
#
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
|
||||
#
|
||||
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
|
||||
# String is available at runtime in app
|
||||
#
|
||||
|
||||
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
THIS_MESSAGE )
|
||||
# Normally, we'd simply print a message:
|
||||
message(STATUS "${THIS_MESSAGE}")
|
||||
|
||||
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
|
||||
|
||||
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
|
||||
# See single instance at the end of this file.
|
||||
endfunction()
|
||||
|
||||
# Determine if this cmake file is located in the ESP-IDF component directory or not,
|
||||
# and if so, if it is being ignored (allowing the use of a local project one, instead).
|
||||
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
|
||||
@@ -77,20 +206,6 @@ else()
|
||||
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
endif()
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
if( "$ENV{IDF_PATH}" STREQUAL "" )
|
||||
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
|
||||
else()
|
||||
@@ -185,7 +300,9 @@ endif()
|
||||
# Check environment variable name EVARPARAM as [name]
|
||||
# If defined, and has a value of EVARVALUE as [value],
|
||||
# then assign a compiler definition "-D[name]=[value]"
|
||||
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
|
||||
function( ENVIRONMENT_VAR_TO_MACRO
|
||||
EVARPARAM # Environment variable parameter name
|
||||
EVARVALUE) # Environment variable value
|
||||
# If the EVARPARAM environment variable name is set to EVARVALUE,
|
||||
# set the compiler flag definition to enable CSV output.
|
||||
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
|
||||
@@ -217,7 +334,8 @@ endfunction()
|
||||
# function: IS_WOLFSSL_SOURCE
|
||||
# parameter: DIRECTORY_PARAMETER - the directory to test
|
||||
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
|
||||
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
|
||||
function( IS_WOLFSSL_SOURCE
|
||||
DIRECTORY_PARAMETER
|
||||
RESULT )
|
||||
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
|
||||
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
|
||||
@@ -233,7 +351,8 @@ endfunction()
|
||||
# Example usage:
|
||||
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
|
||||
# *********************************************************************************************
|
||||
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
function( FIND_WOLFSSL_DIRECTORY
|
||||
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
|
||||
|
||||
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
|
||||
@@ -673,9 +792,9 @@ else()
|
||||
# depending on the environment, we may need to swap backslashes with forward slashes
|
||||
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
|
||||
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
|
||||
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
|
||||
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
|
||||
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
||||
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
|
||||
)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
|
||||
|
||||
if (CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
endif()
|
||||
# reminder: we need a value for wolfSSL root first!
|
||||
if( "${WOLFSSL_ROOT}" STREQUAL "" )
|
||||
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
endif()
|
||||
|
||||
# Cert bundle in wolfSSL source unless otherwise specified later
|
||||
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
|
||||
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
|
||||
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
# Some environments may not have environment variable, so double check if we are in .pio
|
||||
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
set(IS_PLATFORMIO 0)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
|
||||
set(bundle_name "x509_crt_bundle_wolfssl")
|
||||
|
||||
# For now the certs are in the same directory
|
||||
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
get_filename_component(custom_bundle_path
|
||||
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
|
||||
list(APPEND crt_paths ${custom_bundle_path})
|
||||
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
else()
|
||||
message(STATUS "Not using a custom wolfSSL bundle path.")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
|
||||
endif()
|
||||
list(APPEND args --input ${crt_paths} -q)
|
||||
|
||||
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
message(STATUS "args ${args}")
|
||||
message(STATUS "cert_bundle ${cert_bundle}")
|
||||
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
if (IS_PLATFORMIO)
|
||||
# PlatformIO cannot generate a Certificate Bundle at build time
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
|
||||
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
|
||||
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
|
||||
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
|
||||
message(STATUS "Alternate Cert Path is relative to project.")
|
||||
else()
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
|
||||
message(STATUS "Alternate Cert Path is not relative to project.")
|
||||
endif()
|
||||
|
||||
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
|
||||
# Still, we may have an alternate location, particulatly needed for PlatformIO:
|
||||
if(IS_CERT_BUNDLE_RELATIVE_PATH)
|
||||
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
|
||||
|
||||
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
else()
|
||||
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Not using an alternate wolfSSL bundle file.")
|
||||
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Clean the path, removing any extra "./" etc.
|
||||
# Number of spaces in message strings is to align path value outputs
|
||||
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.19")
|
||||
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
|
||||
# optional fallback logic here
|
||||
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
|
||||
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
|
||||
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
|
||||
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
|
||||
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
|
||||
endif()
|
||||
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
|
||||
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
|
||||
message(STATUS "${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
|
||||
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
#
|
||||
|
||||
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
|
||||
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
|
||||
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
|
||||
#
|
||||
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
|
||||
#
|
||||
# for example:
|
||||
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
|
||||
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
|
||||
#
|
||||
message(STATUS "Confirming cert bundle exists...")
|
||||
if(EXISTS "${crt_bundle}")
|
||||
# Number of spaces is to align path value outputs
|
||||
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
|
||||
else()
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
|
||||
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
|
||||
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
|
||||
# Not PlatformIO
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
|
||||
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
|
||||
|
||||
# the wolfSSL crtificate bundle is baked into wolfSSL
|
||||
# the wolfSSL certificate bundle is baked into wolfSSL
|
||||
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
|
||||
|
||||
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
|
||||
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
|
||||
"${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(IS_PLATFORMIO)
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
endif()
|
||||
message(FATAL_ERROR "not detected")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -930,42 +1155,6 @@ endif()
|
||||
# end multiple component check
|
||||
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
|
||||
#
|
||||
# VAR_OUPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUPUT} "Unknown")
|
||||
endif()
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
execute_process(
|
||||
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
|
||||
OUTPUT_VARIABLE IS_GIT_REPO
|
||||
@@ -1049,6 +1238,14 @@ else()
|
||||
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
||||
endif()
|
||||
|
||||
# A single instance of potentially multiple cmake messages to send to app:
|
||||
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
|
||||
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
|
||||
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"\n"
|
||||
"#endif\n" )
|
||||
|
||||
message(STATUS "************************************************************************************************")
|
||||
message(STATUS "wolfSSL component config complete!")
|
||||
message(STATUS "************************************************************************************************")
|
||||
|
||||
@@ -274,10 +274,28 @@ menu "wolfSSL"
|
||||
bool "Do not use the default certificate bundle"
|
||||
endchoice
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Use alternate certificate bundle"
|
||||
help
|
||||
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
|
||||
Enable this option to specify a fixed wolfSSL certificate file path and file name.
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
|
||||
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Default certificate bundle alternate path and name"
|
||||
default "./certs/x509_crt_bundle_wolfssl"
|
||||
help
|
||||
Name of the default certificate bundle directory. Typically used only with PlatformIO.
|
||||
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
|
||||
paths are with respect to root of this project.
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Add custom certificates to the default bundle"
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
||||
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Custom certificate bundle path"
|
||||
@@ -430,6 +448,12 @@ menu "wolfSSL"
|
||||
help
|
||||
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
|
||||
|
||||
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
bool "Suppress build-time warnings for main stack size"
|
||||
default n
|
||||
help
|
||||
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
|
||||
|
||||
config ESP_WOLFSSL_TEST_LOOP
|
||||
bool "Run test apps in a loop until failure"
|
||||
default y
|
||||
|
||||
+8
-3
@@ -853,13 +853,18 @@
|
||||
#ifndef NO_RSA
|
||||
#define ESP32_USE_RSA_PRIMITIVE
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
/* See idf.py menuconfig for stack warning settings */
|
||||
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
|
||||
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
||||
#warning "RSA may be difficult with less than 10KB Stack "/
|
||||
#warning "RSA may be difficult with less than 10KB Stack"
|
||||
#endif
|
||||
#else
|
||||
/* Implement your own stack warning here */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* NOTE HW unreliable for small values! */
|
||||
/* threshold for performance adjustment for HW primitive use */
|
||||
/* X bits of G^X mod P greater than */
|
||||
|
||||
@@ -19,23 +19,62 @@
|
||||
#
|
||||
# cmake for wolfssl Espressif projects
|
||||
#
|
||||
# Version 5.7.2 Espressif ESP-IDF integration
|
||||
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
|
||||
#
|
||||
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
|
||||
#
|
||||
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
set(VERBOSE_COMPONENT_MESSAGES 1)
|
||||
|
||||
# Optional requires include:
|
||||
# set(THIS_ESP_TLS "esp-tls")
|
||||
set(THIS_ESP_TLS "")
|
||||
|
||||
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "")
|
||||
|
||||
|
||||
if(CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
else()
|
||||
# Initialize a new libwolfssl_output.h in the cmake build directory.
|
||||
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
# The next WRITE replaces a file.
|
||||
# This is here to remove any ambiguity on file removal & generation.
|
||||
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
endif()
|
||||
|
||||
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"/* libwolfssl_output.h generated by wolfssl component */\n"
|
||||
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
|
||||
"\n"
|
||||
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
|
||||
endif()
|
||||
|
||||
# Append messages with:
|
||||
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
|
||||
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
|
||||
# function: IS_ESP_IDF_COMPONENT
|
||||
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
|
||||
# otherwise 0 (false)
|
||||
function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
function( IS_ESP_IDF_COMPONENT
|
||||
RESULT)
|
||||
# NOTE: Component location is based on the location of the CMakeList.txt
|
||||
# and *not* the location of the wolfSSL source code. (which may be anywhere)
|
||||
|
||||
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
|
||||
#
|
||||
# VAR_OUTPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
|
||||
if(0)
|
||||
# Optional debug
|
||||
message(STATUS "Looking for LF in ${THIS_VAR}")
|
||||
endif()
|
||||
|
||||
# Check if the text to print in THIS_VAR is multi-line
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
list(LENGTH LINES LINE_COUNT)
|
||||
|
||||
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
|
||||
if(LINE_COUNT GREATER 1)
|
||||
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
|
||||
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
|
||||
|
||||
# Split into lines
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
foreach(LINE IN LISTS LINES)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
|
||||
endforeach()
|
||||
|
||||
# Final empty line to close the macro
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
|
||||
|
||||
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
|
||||
else()
|
||||
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
|
||||
# We should not have any, but just to be sure:
|
||||
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUTPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
|
||||
|
||||
endif()
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUTPUT} "Unknown")
|
||||
endif()
|
||||
|
||||
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
#
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
|
||||
#
|
||||
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
|
||||
# String is available at runtime in app
|
||||
#
|
||||
|
||||
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
THIS_MESSAGE )
|
||||
# Normally, we'd simply print a message:
|
||||
message(STATUS "${THIS_MESSAGE}")
|
||||
|
||||
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
|
||||
|
||||
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
|
||||
# See single instance at the end of this file.
|
||||
endfunction()
|
||||
|
||||
# Determine if this cmake file is located in the ESP-IDF component directory or not,
|
||||
# and if so, if it is being ignored (allowing the use of a local project one, instead).
|
||||
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
|
||||
@@ -77,20 +206,6 @@ else()
|
||||
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
endif()
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
if( "$ENV{IDF_PATH}" STREQUAL "" )
|
||||
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
|
||||
else()
|
||||
@@ -185,7 +300,9 @@ endif()
|
||||
# Check environment variable name EVARPARAM as [name]
|
||||
# If defined, and has a value of EVARVALUE as [value],
|
||||
# then assign a compiler definition "-D[name]=[value]"
|
||||
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
|
||||
function( ENVIRONMENT_VAR_TO_MACRO
|
||||
EVARPARAM # Environment variable parameter name
|
||||
EVARVALUE) # Environment variable value
|
||||
# If the EVARPARAM environment variable name is set to EVARVALUE,
|
||||
# set the compiler flag definition to enable CSV output.
|
||||
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
|
||||
@@ -217,7 +334,8 @@ endfunction()
|
||||
# function: IS_WOLFSSL_SOURCE
|
||||
# parameter: DIRECTORY_PARAMETER - the directory to test
|
||||
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
|
||||
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
|
||||
function( IS_WOLFSSL_SOURCE
|
||||
DIRECTORY_PARAMETER
|
||||
RESULT )
|
||||
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
|
||||
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
|
||||
@@ -233,7 +351,8 @@ endfunction()
|
||||
# Example usage:
|
||||
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
|
||||
# *********************************************************************************************
|
||||
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
function( FIND_WOLFSSL_DIRECTORY
|
||||
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
|
||||
|
||||
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
|
||||
@@ -673,9 +792,9 @@ else()
|
||||
# depending on the environment, we may need to swap backslashes with forward slashes
|
||||
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
|
||||
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
|
||||
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
|
||||
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
|
||||
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
||||
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
|
||||
)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
|
||||
|
||||
if (CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
endif()
|
||||
# reminder: we need a value for wolfSSL root first!
|
||||
if( "${WOLFSSL_ROOT}" STREQUAL "" )
|
||||
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
endif()
|
||||
|
||||
# Cert bundle in wolfSSL source unless otherwise specified later
|
||||
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
|
||||
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
|
||||
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
# Some environments may not have environment variable, so double check if we are in .pio
|
||||
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
set(IS_PLATFORMIO 0)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
|
||||
set(bundle_name "x509_crt_bundle_wolfssl")
|
||||
|
||||
# For now the certs are in the same directory
|
||||
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
get_filename_component(custom_bundle_path
|
||||
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
|
||||
list(APPEND crt_paths ${custom_bundle_path})
|
||||
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
else()
|
||||
message(STATUS "Not using a custom wolfSSL bundle path.")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
|
||||
endif()
|
||||
list(APPEND args --input ${crt_paths} -q)
|
||||
|
||||
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
message(STATUS "args ${args}")
|
||||
message(STATUS "cert_bundle ${cert_bundle}")
|
||||
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
if (IS_PLATFORMIO)
|
||||
# PlatformIO cannot generate a Certificate Bundle at build time
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
|
||||
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
|
||||
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
|
||||
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
|
||||
message(STATUS "Alternate Cert Path is relative to project.")
|
||||
else()
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
|
||||
message(STATUS "Alternate Cert Path is not relative to project.")
|
||||
endif()
|
||||
|
||||
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
|
||||
# Still, we may have an alternate location, particulatly needed for PlatformIO:
|
||||
if(IS_CERT_BUNDLE_RELATIVE_PATH)
|
||||
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
|
||||
|
||||
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
else()
|
||||
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Not using an alternate wolfSSL bundle file.")
|
||||
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Clean the path, removing any extra "./" etc.
|
||||
# Number of spaces in message strings is to align path value outputs
|
||||
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.19")
|
||||
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
|
||||
# optional fallback logic here
|
||||
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
|
||||
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
|
||||
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
|
||||
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
|
||||
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
|
||||
endif()
|
||||
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
|
||||
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
|
||||
message(STATUS "${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
|
||||
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
#
|
||||
|
||||
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
|
||||
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
|
||||
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
|
||||
#
|
||||
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
|
||||
#
|
||||
# for example:
|
||||
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
|
||||
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
|
||||
#
|
||||
message(STATUS "Confirming cert bundle exists...")
|
||||
if(EXISTS "${crt_bundle}")
|
||||
# Number of spaces is to align path value outputs
|
||||
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
|
||||
else()
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
|
||||
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
|
||||
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
|
||||
# Not PlatformIO
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
|
||||
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
|
||||
|
||||
# the wolfSSL crtificate bundle is baked into wolfSSL
|
||||
# the wolfSSL certificate bundle is baked into wolfSSL
|
||||
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
|
||||
|
||||
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
|
||||
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
|
||||
"${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(IS_PLATFORMIO)
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
endif()
|
||||
message(FATAL_ERROR "not detected")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -930,42 +1155,6 @@ endif()
|
||||
# end multiple component check
|
||||
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
|
||||
#
|
||||
# VAR_OUPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUPUT} "Unknown")
|
||||
endif()
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
execute_process(
|
||||
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
|
||||
OUTPUT_VARIABLE IS_GIT_REPO
|
||||
@@ -1049,6 +1238,14 @@ else()
|
||||
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
||||
endif()
|
||||
|
||||
# A single instance of potentially multiple cmake messages to send to app:
|
||||
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
|
||||
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
|
||||
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"\n"
|
||||
"#endif\n" )
|
||||
|
||||
message(STATUS "************************************************************************************************")
|
||||
message(STATUS "wolfSSL component config complete!")
|
||||
message(STATUS "************************************************************************************************")
|
||||
|
||||
@@ -274,10 +274,28 @@ menu "wolfSSL"
|
||||
bool "Do not use the default certificate bundle"
|
||||
endchoice
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Use alternate certificate bundle"
|
||||
help
|
||||
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
|
||||
Enable this option to specify a fixed wolfSSL certificate file path and file name.
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
|
||||
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Default certificate bundle alternate path and name"
|
||||
default "./certs/x509_crt_bundle_wolfssl"
|
||||
help
|
||||
Name of the default certificate bundle directory. Typically used only with PlatformIO.
|
||||
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
|
||||
paths are with respect to root of this project.
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Add custom certificates to the default bundle"
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
||||
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Custom certificate bundle path"
|
||||
@@ -430,6 +448,12 @@ menu "wolfSSL"
|
||||
help
|
||||
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
|
||||
|
||||
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
bool "Suppress build-time warnings for main stack size"
|
||||
default n
|
||||
help
|
||||
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
|
||||
|
||||
config ESP_WOLFSSL_TEST_LOOP
|
||||
bool "Run test apps in a loop until failure"
|
||||
default y
|
||||
|
||||
+8
-3
@@ -853,13 +853,18 @@
|
||||
#ifndef NO_RSA
|
||||
#define ESP32_USE_RSA_PRIMITIVE
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
/* See idf.py menuconfig for stack warning settings */
|
||||
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
|
||||
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
||||
#warning "RSA may be difficult with less than 10KB Stack "/
|
||||
#warning "RSA may be difficult with less than 10KB Stack"
|
||||
#endif
|
||||
#else
|
||||
/* Implement your own stack warning here */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* NOTE HW unreliable for small values! */
|
||||
/* threshold for performance adjustment for HW primitive use */
|
||||
/* X bits of G^X mod P greater than */
|
||||
|
||||
@@ -19,23 +19,62 @@
|
||||
#
|
||||
# cmake for wolfssl Espressif projects
|
||||
#
|
||||
# Version 5.7.2 Espressif ESP-IDF integration
|
||||
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
|
||||
#
|
||||
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
|
||||
#
|
||||
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
set(VERBOSE_COMPONENT_MESSAGES 1)
|
||||
|
||||
# Optional requires include:
|
||||
# set(THIS_ESP_TLS "esp-tls")
|
||||
set(THIS_ESP_TLS "")
|
||||
|
||||
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "")
|
||||
|
||||
|
||||
if(CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
else()
|
||||
# Initialize a new libwolfssl_output.h in the cmake build directory.
|
||||
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
# The next WRITE replaces a file.
|
||||
# This is here to remove any ambiguity on file removal & generation.
|
||||
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
endif()
|
||||
|
||||
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"/* libwolfssl_output.h generated by wolfssl component */\n"
|
||||
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
|
||||
"\n"
|
||||
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
|
||||
endif()
|
||||
|
||||
# Append messages with:
|
||||
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
|
||||
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
|
||||
# function: IS_ESP_IDF_COMPONENT
|
||||
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
|
||||
# otherwise 0 (false)
|
||||
function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
function( IS_ESP_IDF_COMPONENT
|
||||
RESULT)
|
||||
# NOTE: Component location is based on the location of the CMakeList.txt
|
||||
# and *not* the location of the wolfSSL source code. (which may be anywhere)
|
||||
|
||||
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
|
||||
#
|
||||
# VAR_OUTPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
|
||||
if(0)
|
||||
# Optional debug
|
||||
message(STATUS "Looking for LF in ${THIS_VAR}")
|
||||
endif()
|
||||
|
||||
# Check if the text to print in THIS_VAR is multi-line
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
list(LENGTH LINES LINE_COUNT)
|
||||
|
||||
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
|
||||
if(LINE_COUNT GREATER 1)
|
||||
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
|
||||
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
|
||||
|
||||
# Split into lines
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
foreach(LINE IN LISTS LINES)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
|
||||
endforeach()
|
||||
|
||||
# Final empty line to close the macro
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
|
||||
|
||||
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
|
||||
else()
|
||||
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
|
||||
# We should not have any, but just to be sure:
|
||||
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUTPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
|
||||
|
||||
endif()
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUTPUT} "Unknown")
|
||||
endif()
|
||||
|
||||
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
#
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
|
||||
#
|
||||
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
|
||||
# String is available at runtime in app
|
||||
#
|
||||
|
||||
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
THIS_MESSAGE )
|
||||
# Normally, we'd simply print a message:
|
||||
message(STATUS "${THIS_MESSAGE}")
|
||||
|
||||
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
|
||||
|
||||
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
|
||||
# See single instance at the end of this file.
|
||||
endfunction()
|
||||
|
||||
# Determine if this cmake file is located in the ESP-IDF component directory or not,
|
||||
# and if so, if it is being ignored (allowing the use of a local project one, instead).
|
||||
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
|
||||
@@ -77,20 +206,6 @@ else()
|
||||
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
endif()
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
if( "$ENV{IDF_PATH}" STREQUAL "" )
|
||||
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
|
||||
else()
|
||||
@@ -185,7 +300,9 @@ endif()
|
||||
# Check environment variable name EVARPARAM as [name]
|
||||
# If defined, and has a value of EVARVALUE as [value],
|
||||
# then assign a compiler definition "-D[name]=[value]"
|
||||
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
|
||||
function( ENVIRONMENT_VAR_TO_MACRO
|
||||
EVARPARAM # Environment variable parameter name
|
||||
EVARVALUE) # Environment variable value
|
||||
# If the EVARPARAM environment variable name is set to EVARVALUE,
|
||||
# set the compiler flag definition to enable CSV output.
|
||||
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
|
||||
@@ -217,7 +334,8 @@ endfunction()
|
||||
# function: IS_WOLFSSL_SOURCE
|
||||
# parameter: DIRECTORY_PARAMETER - the directory to test
|
||||
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
|
||||
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
|
||||
function( IS_WOLFSSL_SOURCE
|
||||
DIRECTORY_PARAMETER
|
||||
RESULT )
|
||||
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
|
||||
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
|
||||
@@ -233,7 +351,8 @@ endfunction()
|
||||
# Example usage:
|
||||
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
|
||||
# *********************************************************************************************
|
||||
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
function( FIND_WOLFSSL_DIRECTORY
|
||||
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
|
||||
|
||||
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
|
||||
@@ -673,9 +792,9 @@ else()
|
||||
# depending on the environment, we may need to swap backslashes with forward slashes
|
||||
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
|
||||
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
|
||||
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
|
||||
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
|
||||
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
||||
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
|
||||
)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
|
||||
|
||||
if (CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
endif()
|
||||
# reminder: we need a value for wolfSSL root first!
|
||||
if( "${WOLFSSL_ROOT}" STREQUAL "" )
|
||||
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
endif()
|
||||
|
||||
# Cert bundle in wolfSSL source unless otherwise specified later
|
||||
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
|
||||
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
|
||||
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
# Some environments may not have environment variable, so double check if we are in .pio
|
||||
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
set(IS_PLATFORMIO 0)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
|
||||
set(bundle_name "x509_crt_bundle_wolfssl")
|
||||
|
||||
# For now the certs are in the same directory
|
||||
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
get_filename_component(custom_bundle_path
|
||||
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
|
||||
list(APPEND crt_paths ${custom_bundle_path})
|
||||
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
else()
|
||||
message(STATUS "Not using a custom wolfSSL bundle path.")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
|
||||
endif()
|
||||
list(APPEND args --input ${crt_paths} -q)
|
||||
|
||||
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
message(STATUS "args ${args}")
|
||||
message(STATUS "cert_bundle ${cert_bundle}")
|
||||
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
if (IS_PLATFORMIO)
|
||||
# PlatformIO cannot generate a Certificate Bundle at build time
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
|
||||
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
|
||||
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
|
||||
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
|
||||
message(STATUS "Alternate Cert Path is relative to project.")
|
||||
else()
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
|
||||
message(STATUS "Alternate Cert Path is not relative to project.")
|
||||
endif()
|
||||
|
||||
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
|
||||
# Still, we may have an alternate location, particulatly needed for PlatformIO:
|
||||
if(IS_CERT_BUNDLE_RELATIVE_PATH)
|
||||
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
|
||||
|
||||
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
else()
|
||||
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Not using an alternate wolfSSL bundle file.")
|
||||
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Clean the path, removing any extra "./" etc.
|
||||
# Number of spaces in message strings is to align path value outputs
|
||||
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.19")
|
||||
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
|
||||
# optional fallback logic here
|
||||
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
|
||||
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
|
||||
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
|
||||
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
|
||||
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
|
||||
endif()
|
||||
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
|
||||
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
|
||||
message(STATUS "${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
|
||||
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
#
|
||||
|
||||
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
|
||||
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
|
||||
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
|
||||
#
|
||||
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
|
||||
#
|
||||
# for example:
|
||||
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
|
||||
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
|
||||
#
|
||||
message(STATUS "Confirming cert bundle exists...")
|
||||
if(EXISTS "${crt_bundle}")
|
||||
# Number of spaces is to align path value outputs
|
||||
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
|
||||
else()
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
|
||||
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
|
||||
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
|
||||
# Not PlatformIO
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
|
||||
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
|
||||
|
||||
# the wolfSSL crtificate bundle is baked into wolfSSL
|
||||
# the wolfSSL certificate bundle is baked into wolfSSL
|
||||
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
|
||||
|
||||
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
|
||||
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
|
||||
"${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(IS_PLATFORMIO)
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
endif()
|
||||
message(FATAL_ERROR "not detected")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -930,42 +1155,6 @@ endif()
|
||||
# end multiple component check
|
||||
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
|
||||
#
|
||||
# VAR_OUPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUPUT} "Unknown")
|
||||
endif()
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
execute_process(
|
||||
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
|
||||
OUTPUT_VARIABLE IS_GIT_REPO
|
||||
@@ -1049,6 +1238,14 @@ else()
|
||||
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
||||
endif()
|
||||
|
||||
# A single instance of potentially multiple cmake messages to send to app:
|
||||
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
|
||||
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
|
||||
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"\n"
|
||||
"#endif\n" )
|
||||
|
||||
message(STATUS "************************************************************************************************")
|
||||
message(STATUS "wolfSSL component config complete!")
|
||||
message(STATUS "************************************************************************************************")
|
||||
|
||||
@@ -274,10 +274,28 @@ menu "wolfSSL"
|
||||
bool "Do not use the default certificate bundle"
|
||||
endchoice
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Use alternate certificate bundle"
|
||||
help
|
||||
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
|
||||
Enable this option to specify a fixed wolfSSL certificate file path and file name.
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
|
||||
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Default certificate bundle alternate path and name"
|
||||
default "./certs/x509_crt_bundle_wolfssl"
|
||||
help
|
||||
Name of the default certificate bundle directory. Typically used only with PlatformIO.
|
||||
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
|
||||
paths are with respect to root of this project.
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Add custom certificates to the default bundle"
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
||||
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Custom certificate bundle path"
|
||||
@@ -430,6 +448,12 @@ menu "wolfSSL"
|
||||
help
|
||||
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
|
||||
|
||||
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
bool "Suppress build-time warnings for main stack size"
|
||||
default n
|
||||
help
|
||||
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
|
||||
|
||||
config ESP_WOLFSSL_TEST_LOOP
|
||||
bool "Run test apps in a loop until failure"
|
||||
default y
|
||||
|
||||
+8
-3
@@ -853,13 +853,18 @@
|
||||
#ifndef NO_RSA
|
||||
#define ESP32_USE_RSA_PRIMITIVE
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
/* See idf.py menuconfig for stack warning settings */
|
||||
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
|
||||
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
||||
#warning "RSA may be difficult with less than 10KB Stack "/
|
||||
#warning "RSA may be difficult with less than 10KB Stack"
|
||||
#endif
|
||||
#else
|
||||
/* Implement your own stack warning here */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* NOTE HW unreliable for small values! */
|
||||
/* threshold for performance adjustment for HW primitive use */
|
||||
/* X bits of G^X mod P greater than */
|
||||
|
||||
@@ -19,23 +19,62 @@
|
||||
#
|
||||
# cmake for wolfssl Espressif projects
|
||||
#
|
||||
# Version 5.7.2 Espressif ESP-IDF integration
|
||||
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
|
||||
#
|
||||
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
|
||||
#
|
||||
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
set(VERBOSE_COMPONENT_MESSAGES 1)
|
||||
|
||||
# Optional requires include:
|
||||
# set(THIS_ESP_TLS "esp-tls")
|
||||
set(THIS_ESP_TLS "")
|
||||
|
||||
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "")
|
||||
|
||||
|
||||
if(CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
else()
|
||||
# Initialize a new libwolfssl_output.h in the cmake build directory.
|
||||
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
# The next WRITE replaces a file.
|
||||
# This is here to remove any ambiguity on file removal & generation.
|
||||
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
|
||||
endif()
|
||||
|
||||
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"/* libwolfssl_output.h generated by wolfssl component */\n"
|
||||
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
|
||||
"\n"
|
||||
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
|
||||
endif()
|
||||
|
||||
# Append messages with:
|
||||
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
|
||||
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
|
||||
# function: IS_ESP_IDF_COMPONENT
|
||||
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
|
||||
# otherwise 0 (false)
|
||||
function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
function( IS_ESP_IDF_COMPONENT
|
||||
RESULT)
|
||||
# NOTE: Component location is based on the location of the CMakeList.txt
|
||||
# and *not* the location of the wolfSSL source code. (which may be anywhere)
|
||||
|
||||
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
|
||||
endif()
|
||||
endfunction()
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
|
||||
#
|
||||
# VAR_OUTPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
|
||||
if(0)
|
||||
# Optional debug
|
||||
message(STATUS "Looking for LF in ${THIS_VAR}")
|
||||
endif()
|
||||
|
||||
# Check if the text to print in THIS_VAR is multi-line
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
list(LENGTH LINES LINE_COUNT)
|
||||
|
||||
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
|
||||
if(LINE_COUNT GREATER 1)
|
||||
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
|
||||
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
|
||||
|
||||
# Split into lines
|
||||
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
|
||||
foreach(LINE IN LISTS LINES)
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
|
||||
endforeach()
|
||||
|
||||
# Final empty line to close the macro
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
|
||||
|
||||
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
|
||||
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
|
||||
else()
|
||||
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
|
||||
# We should not have any, but just to be sure:
|
||||
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUTPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
|
||||
|
||||
endif()
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUTPUT} "Unknown")
|
||||
endif()
|
||||
|
||||
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
#
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
|
||||
#
|
||||
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
|
||||
# String is available at runtime in app
|
||||
#
|
||||
|
||||
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
|
||||
THIS_MESSAGE )
|
||||
# Normally, we'd simply print a message:
|
||||
message(STATUS "${THIS_MESSAGE}")
|
||||
|
||||
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
|
||||
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
|
||||
|
||||
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
|
||||
# See single instance at the end of this file.
|
||||
endfunction()
|
||||
|
||||
# Determine if this cmake file is located in the ESP-IDF component directory or not,
|
||||
# and if so, if it is being ignored (allowing the use of a local project one, instead).
|
||||
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
|
||||
@@ -77,20 +206,6 @@ else()
|
||||
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
|
||||
endif()
|
||||
|
||||
# The scope of this CMAKE_C_FLAGS is just this component:
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
|
||||
|
||||
set(CMAKE_CURRENT_SOURCE_DIR ".")
|
||||
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
|
||||
|
||||
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
|
||||
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
|
||||
|
||||
if ( "${WOLFSSL_ROOT}" STREQUAL "")
|
||||
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
|
||||
endif()
|
||||
|
||||
if( "$ENV{IDF_PATH}" STREQUAL "" )
|
||||
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
|
||||
else()
|
||||
@@ -185,7 +300,9 @@ endif()
|
||||
# Check environment variable name EVARPARAM as [name]
|
||||
# If defined, and has a value of EVARVALUE as [value],
|
||||
# then assign a compiler definition "-D[name]=[value]"
|
||||
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
|
||||
function( ENVIRONMENT_VAR_TO_MACRO
|
||||
EVARPARAM # Environment variable parameter name
|
||||
EVARVALUE) # Environment variable value
|
||||
# If the EVARPARAM environment variable name is set to EVARVALUE,
|
||||
# set the compiler flag definition to enable CSV output.
|
||||
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
|
||||
@@ -217,7 +334,8 @@ endfunction()
|
||||
# function: IS_WOLFSSL_SOURCE
|
||||
# parameter: DIRECTORY_PARAMETER - the directory to test
|
||||
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
|
||||
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
|
||||
function( IS_WOLFSSL_SOURCE
|
||||
DIRECTORY_PARAMETER
|
||||
RESULT )
|
||||
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
|
||||
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
|
||||
@@ -233,7 +351,8 @@ endfunction()
|
||||
# Example usage:
|
||||
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
|
||||
# *********************************************************************************************
|
||||
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
function( FIND_WOLFSSL_DIRECTORY
|
||||
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
|
||||
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
|
||||
|
||||
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
|
||||
@@ -673,9 +792,9 @@ else()
|
||||
# depending on the environment, we may need to swap backslashes with forward slashes
|
||||
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
|
||||
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
if(WOLFSSL_ROOT)
|
||||
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
|
||||
endif()
|
||||
|
||||
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
|
||||
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
|
||||
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
|
||||
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
|
||||
)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
|
||||
|
||||
if (CMAKE_BUILD_EARLY_EXPANSION)
|
||||
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
|
||||
endif()
|
||||
# reminder: we need a value for wolfSSL root first!
|
||||
if( "${WOLFSSL_ROOT}" STREQUAL "" )
|
||||
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
|
||||
endif()
|
||||
|
||||
# Cert bundle in wolfSSL source unless otherwise specified later
|
||||
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
|
||||
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
|
||||
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
# Some environments may not have environment variable, so double check if we are in .pio
|
||||
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
|
||||
set(IS_PLATFORMIO 1)
|
||||
else()
|
||||
set(IS_PLATFORMIO 0)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
|
||||
set(bundle_name "x509_crt_bundle_wolfssl")
|
||||
|
||||
# For now the certs are in the same directory
|
||||
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
get_filename_component(custom_bundle_path
|
||||
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
|
||||
list(APPEND crt_paths ${custom_bundle_path})
|
||||
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
|
||||
else()
|
||||
message(STATUS "Not using a custom wolfSSL bundle path.")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
|
||||
endif()
|
||||
list(APPEND args --input ${crt_paths} -q)
|
||||
|
||||
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
message(STATUS "args ${args}")
|
||||
message(STATUS "cert_bundle ${cert_bundle}")
|
||||
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
if (IS_PLATFORMIO)
|
||||
# PlatformIO cannot generate a Certificate Bundle at build time
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
|
||||
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
|
||||
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
|
||||
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
|
||||
message(STATUS "Alternate Cert Path is relative to project.")
|
||||
else()
|
||||
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
|
||||
message(STATUS "Alternate Cert Path is not relative to project.")
|
||||
endif()
|
||||
|
||||
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
|
||||
# Still, we may have an alternate location, particulatly needed for PlatformIO:
|
||||
if(IS_CERT_BUNDLE_RELATIVE_PATH)
|
||||
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
|
||||
|
||||
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
else()
|
||||
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
message(STATUS "Not using an alternate wolfSSL bundle file.")
|
||||
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
# Clean the path, removing any extra "./" etc.
|
||||
# Number of spaces in message strings is to align path value outputs
|
||||
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
|
||||
if(${CMAKE_VERSION} VERSION_LESS "3.19")
|
||||
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
|
||||
# optional fallback logic here
|
||||
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
|
||||
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
|
||||
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
|
||||
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
|
||||
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
else()
|
||||
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
|
||||
endif()
|
||||
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
|
||||
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
|
||||
message(STATUS "${crt_bundle}")
|
||||
message(STATUS "=============================================================================================================")
|
||||
message(STATUS "=============================================================================================================")
|
||||
|
||||
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
|
||||
#
|
||||
|
||||
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
|
||||
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
|
||||
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
|
||||
#
|
||||
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
|
||||
#
|
||||
# for example:
|
||||
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
|
||||
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
|
||||
#
|
||||
message(STATUS "Confirming cert bundle exists...")
|
||||
if(EXISTS "${crt_bundle}")
|
||||
# Number of spaces is to align path value outputs
|
||||
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
|
||||
else()
|
||||
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
|
||||
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
|
||||
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
|
||||
endif()
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
|
||||
# Not PlatformIO
|
||||
# Generate bundle according to config
|
||||
# File is generated at build time, not cmake load
|
||||
add_custom_command(OUTPUT ${crt_bundle}
|
||||
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
|
||||
DEPENDS ${custom_bundle_path}
|
||||
VERBATIM)
|
||||
|
||||
if(EXISTS "${crt_bundle}")
|
||||
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
endif()
|
||||
|
||||
# Reminder the file is generated at build time, not cmake load time.
|
||||
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
|
||||
|
||||
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
|
||||
|
||||
# the wolfSSL crtificate bundle is baked into wolfSSL
|
||||
# the wolfSSL certificate bundle is baked into wolfSSL
|
||||
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
|
||||
|
||||
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
|
||||
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
|
||||
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
|
||||
"${crt_bundle}")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
if(IS_PLATFORMIO)
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
|
||||
else()
|
||||
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
|
||||
endif()
|
||||
message(FATAL_ERROR "not detected")
|
||||
endif()
|
||||
endif()
|
||||
|
||||
@@ -930,42 +1155,6 @@ endif()
|
||||
# end multiple component check
|
||||
|
||||
|
||||
#
|
||||
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
|
||||
#
|
||||
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
|
||||
#
|
||||
# VAR_OUPUT: the name of the macro to define
|
||||
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
|
||||
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
|
||||
#
|
||||
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
|
||||
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
|
||||
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
|
||||
|
||||
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
|
||||
if(${IS_VALID_VALUE})
|
||||
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
|
||||
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
|
||||
|
||||
# we'll could percolate the value to the parent for possible later use
|
||||
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
|
||||
|
||||
# but we're only using it here in this function
|
||||
set(${VAR_OUPUT} ${VAR_VALUE})
|
||||
|
||||
# we'll print what we found to the console
|
||||
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
|
||||
|
||||
# the interesting part is defining the VAR_OUPUT name a value to use in the app
|
||||
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
|
||||
else()
|
||||
# if we get here, check the execute_process command and parameters.
|
||||
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
|
||||
set(${VAR_OUPUT} "Unknown")
|
||||
endif()
|
||||
endfunction() # LIBWOLFSSL_SAVE_INFO
|
||||
|
||||
execute_process(
|
||||
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
|
||||
OUTPUT_VARIABLE IS_GIT_REPO
|
||||
@@ -1049,6 +1238,14 @@ else()
|
||||
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
||||
endif()
|
||||
|
||||
# A single instance of potentially multiple cmake messages to send to app:
|
||||
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
|
||||
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
|
||||
|
||||
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
|
||||
"\n"
|
||||
"#endif\n" )
|
||||
|
||||
message(STATUS "************************************************************************************************")
|
||||
message(STATUS "wolfSSL component config complete!")
|
||||
message(STATUS "************************************************************************************************")
|
||||
|
||||
@@ -274,10 +274,28 @@ menu "wolfSSL"
|
||||
bool "Do not use the default certificate bundle"
|
||||
endchoice
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Use alternate certificate bundle"
|
||||
help
|
||||
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
|
||||
Enable this option to specify a fixed wolfSSL certificate file path and file name.
|
||||
|
||||
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
|
||||
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Default certificate bundle alternate path and name"
|
||||
default "./certs/x509_crt_bundle_wolfssl"
|
||||
help
|
||||
Name of the default certificate bundle directory. Typically used only with PlatformIO.
|
||||
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
|
||||
paths are with respect to root of this project.
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
|
||||
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
default n
|
||||
bool "Add custom certificates to the default bundle"
|
||||
|
||||
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
|
||||
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
|
||||
string "Custom certificate bundle path"
|
||||
@@ -430,6 +448,12 @@ menu "wolfSSL"
|
||||
help
|
||||
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
|
||||
|
||||
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
|
||||
bool "Suppress build-time warnings for main stack size"
|
||||
default n
|
||||
help
|
||||
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
|
||||
|
||||
config ESP_WOLFSSL_TEST_LOOP
|
||||
bool "Run test apps in a loop until failure"
|
||||
default y
|
||||
|
||||
+8
-3
@@ -853,13 +853,18 @@
|
||||
#ifndef NO_RSA
|
||||
#define ESP32_USE_RSA_PRIMITIVE
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
|
||||
/* See idf.py menuconfig for stack warning settings */
|
||||
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
|
||||
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
|
||||
#warning "RSA may be difficult with less than 10KB Stack "/
|
||||
#warning "RSA may be difficult with less than 10KB Stack"
|
||||
#endif
|
||||
#else
|
||||
/* Implement your own stack warning here */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* NOTE HW unreliable for small values! */
|
||||
/* threshold for performance adjustment for HW primitive use */
|
||||
/* X bits of G^X mod P greater than */
|
||||
|
||||
+4
-4
@@ -244,7 +244,7 @@ void wolfSSL_TLS_client( )
|
||||
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
|
||||
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
|
||||
TSIP_ECCP256);
|
||||
TSIP_KEY_TYPE_ECDSAP256);
|
||||
if (ret != 0) {
|
||||
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
|
||||
}
|
||||
@@ -254,7 +254,7 @@ void wolfSSL_TLS_client( )
|
||||
ret = tsip_use_PublicKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
|
||||
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
|
||||
TSIP_ECCP256);
|
||||
TSIP_KEY_TYPE_ECDSAP256);
|
||||
if (ret != 0) {
|
||||
printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
|
||||
}
|
||||
@@ -289,7 +289,7 @@ void wolfSSL_TLS_client( )
|
||||
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
|
||||
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
|
||||
TSIP_RSA2048);
|
||||
TSIP_KEY_TYPE_RSA2048);
|
||||
if (ret != 0) {
|
||||
printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
|
||||
}
|
||||
@@ -298,7 +298,7 @@ void wolfSSL_TLS_client( )
|
||||
ret = tsip_use_PublicKey_buffer_TLS(ssl,
|
||||
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
|
||||
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
|
||||
TSIP_RSA2048);
|
||||
TSIP_KEY_TYPE_RSA2048);
|
||||
if (ret != 0) {
|
||||
printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
|
||||
}
|
||||
|
||||
@@ -186,95 +186,95 @@ const uint32_t encrypted_user_key_type =
|
||||
|
||||
const unsigned char ca_ecc_cert_der_sig[] =
|
||||
{
|
||||
0x80, 0x1C, 0x3A, 0xC0, 0x74, 0xC8, 0xF8, 0xB7, 0x23, 0xB0,
|
||||
0x4D, 0xEC, 0x5A, 0xA3, 0x28, 0xD9, 0x27, 0x93, 0xD2, 0xEF,
|
||||
0x48, 0xBD, 0x29, 0x99, 0x65, 0x7F, 0xCB, 0x60, 0xD3, 0xB7,
|
||||
0xFF, 0x4D, 0xC4, 0x2D, 0x07, 0x53, 0xD3, 0xF9, 0xB6, 0xE7,
|
||||
0x56, 0x25, 0x5D, 0x3E, 0x9C, 0x31, 0x1D, 0x8D, 0xA3, 0x29,
|
||||
0xA0, 0x9C, 0xFB, 0xEC, 0x91, 0xF5, 0x58, 0x14, 0x11, 0xFD,
|
||||
0x43, 0xFB, 0xA5, 0xAC, 0x70, 0xAE, 0x68, 0x89, 0x03, 0x32,
|
||||
0x82, 0x53, 0xB9, 0xE3, 0x40, 0xD4, 0x50, 0xC5, 0xB4, 0xB2,
|
||||
0x1F, 0xF6, 0x24, 0x10, 0xFE, 0x76, 0xA2, 0x1C, 0xAE, 0x01,
|
||||
0x79, 0xBF, 0xF7, 0x5A, 0x5C, 0xA9, 0x9B, 0x80, 0x02, 0x7D,
|
||||
0x24, 0x94, 0xCE, 0xFE, 0x41, 0x85, 0x1A, 0x63, 0x50, 0xD4,
|
||||
0xDE, 0xBD, 0xB4, 0x26, 0xA4, 0x13, 0xE3, 0x94, 0x0C, 0xBB,
|
||||
0xBE, 0x27, 0x0F, 0xDE, 0xF2, 0x2A, 0x0D, 0xD5, 0x79, 0x4B,
|
||||
0x7A, 0xD6, 0x3C, 0x3B, 0xED, 0x4D, 0xAB, 0xB6, 0xBD, 0x53,
|
||||
0x57, 0x9B, 0xA1, 0x69, 0x26, 0xD3, 0xDF, 0x47, 0x64, 0x4F,
|
||||
0xD5, 0xC9, 0x11, 0x35, 0xB6, 0x17, 0x6C, 0x48, 0x6E, 0xBE,
|
||||
0xCB, 0x0C, 0x63, 0x8C, 0x31, 0x45, 0x8B, 0x7F, 0x93, 0x02,
|
||||
0x7C, 0xC6, 0xD3, 0x14, 0x2F, 0x5B, 0x41, 0x72, 0x4F, 0x48,
|
||||
0xE6, 0xCC, 0x89, 0x4E, 0x31, 0x98, 0xBA, 0xBA, 0xE0, 0xAA,
|
||||
0x04, 0x68, 0xF2, 0x07, 0xF5, 0x0B, 0x1F, 0xC2, 0x21, 0x28,
|
||||
0x38, 0x44, 0xAF, 0x2C, 0x7C, 0x1B, 0x69, 0x12, 0xCC, 0x3B,
|
||||
0xF7, 0xE8, 0xC2, 0x56, 0x00, 0x10, 0x14, 0x05, 0x6F, 0x29,
|
||||
0x80, 0x7C, 0x1E, 0xB2, 0x37, 0x2C, 0xBF, 0x09, 0x77, 0xC9,
|
||||
0x1D, 0xB1, 0x13, 0x7A, 0xDC, 0x87, 0x7D, 0xF1, 0x2E, 0xBC,
|
||||
0xFC, 0x2B, 0x3D, 0x4A, 0x55, 0xD5, 0x85, 0x0C, 0xF1, 0x1D,
|
||||
0xFE, 0x80, 0x73, 0xD9, 0xB4, 0x84
|
||||
0x58, 0x3F, 0x3C, 0x27, 0x4A, 0xC0, 0xA8, 0x35, 0x31, 0xAA,
|
||||
0xB6, 0x49, 0x4C, 0x69, 0x48, 0xF6, 0x63, 0xA5, 0x2E, 0x8C,
|
||||
0xA4, 0x1E, 0xAF, 0x18, 0x14, 0x11, 0x6A, 0xF7, 0x25, 0xF2,
|
||||
0xE1, 0x82, 0x6E, 0xAA, 0x3C, 0xE2, 0x75, 0x6E, 0x81, 0x59,
|
||||
0x2E, 0xF1, 0xED, 0xDD, 0xD1, 0x1C, 0xA3, 0xE7, 0xEC, 0x89,
|
||||
0xD3, 0x19, 0x1A, 0x59, 0xEB, 0xBA, 0x1D, 0x65, 0xFD, 0x53,
|
||||
0x4A, 0x90, 0x6F, 0xA1, 0x06, 0xB3, 0x08, 0xE4, 0x00, 0xF4,
|
||||
0x91, 0x45, 0xD8, 0xC9, 0xD8, 0x30, 0x8A, 0x94, 0x9B, 0x48,
|
||||
0x60, 0x68, 0xD1, 0x09, 0x84, 0xAE, 0x51, 0xD8, 0xD8, 0x67,
|
||||
0x58, 0x58, 0x9B, 0x57, 0x9E, 0x09, 0x9D, 0x1B, 0x3B, 0x22,
|
||||
0x67, 0x6A, 0x50, 0x91, 0xF2, 0x60, 0x5E, 0x78, 0x86, 0xF9,
|
||||
0x2F, 0xF4, 0xB4, 0xAE, 0x6A, 0xF6, 0x0D, 0xAB, 0x8B, 0xF6,
|
||||
0x60, 0x47, 0x8D, 0xD4, 0xEC, 0xE6, 0x9E, 0x57, 0x6C, 0xCC,
|
||||
0x4F, 0xF5, 0xCD, 0x20, 0xD7, 0x15, 0x70, 0x50, 0x53, 0x96,
|
||||
0x84, 0x6B, 0x9A, 0x07, 0x90, 0x41, 0x14, 0x08, 0x62, 0x87,
|
||||
0xF5, 0x20, 0x0E, 0x82, 0xE2, 0x12, 0x5C, 0x1E, 0x72, 0x73,
|
||||
0xB8, 0x18, 0x90, 0xCF, 0x98, 0x14, 0xC3, 0xE6, 0xED, 0x89,
|
||||
0xA3, 0x7C, 0x67, 0x50, 0x01, 0xCC, 0x48, 0xD2, 0x6A, 0x9C,
|
||||
0x9E, 0x4D, 0x44, 0x49, 0x82, 0x5F, 0xC1, 0x2E, 0x18, 0xBE,
|
||||
0x23, 0x53, 0xCD, 0x09, 0x85, 0x16, 0x9D, 0x5F, 0x99, 0x78,
|
||||
0xA1, 0x78, 0x51, 0xC9, 0x5A, 0x3E, 0x04, 0xBE, 0xE2, 0xF5,
|
||||
0x74, 0x7E, 0x6F, 0x89, 0xD9, 0x05, 0x29, 0xC1, 0x5B, 0x57,
|
||||
0x3D, 0xE3, 0x5E, 0xB8, 0x4B, 0x93, 0x7D, 0x68, 0x78, 0xF9,
|
||||
0x88, 0x1B, 0x8E, 0x78, 0x04, 0x00, 0x54, 0x20, 0x3F, 0x0C,
|
||||
0x99, 0x11, 0x1D, 0x90, 0x2C, 0x10, 0x4C, 0xCE, 0xA3, 0x17,
|
||||
0xA7, 0xF8, 0xB4, 0xC6, 0xF8, 0x12
|
||||
};
|
||||
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
|
||||
|
||||
/* ./ca-cert.der.sign, */
|
||||
const unsigned char ca_cert_der_sig[] =
|
||||
{
|
||||
0x77, 0x62, 0x9D, 0x3D, 0x7A, 0x60, 0xF7, 0x9C, 0x7C, 0x1C,
|
||||
0xC8, 0x9D, 0x09, 0x2D, 0x98, 0xBE, 0x39, 0x25, 0x4E, 0x05,
|
||||
0xED, 0xF1, 0x93, 0xB1, 0x4B, 0x1B, 0x29, 0x2D, 0x8F, 0x3A,
|
||||
0xCA, 0x3A, 0x8F, 0x3F, 0x77, 0x61, 0xF1, 0x97, 0x05, 0x69,
|
||||
0xDC, 0x4A, 0x92, 0x52, 0x29, 0xC8, 0x26, 0x38, 0x53, 0x7A,
|
||||
0x41, 0x7C, 0x73, 0xCA, 0xA7, 0x6B, 0xD7, 0x19, 0xC4, 0x99,
|
||||
0x64, 0xCD, 0x27, 0xC9, 0x85, 0x19, 0x53, 0xD2, 0x93, 0xC5,
|
||||
0x7A, 0xE5, 0xDC, 0x88, 0xA0, 0xFB, 0xB3, 0xEB, 0x8B, 0x01,
|
||||
0xD6, 0x80, 0x9C, 0x93, 0x9D, 0x44, 0x5A, 0x17, 0x4B, 0x87,
|
||||
0x8B, 0xD1, 0x08, 0xBA, 0x82, 0x87, 0xA7, 0x69, 0x06, 0x70,
|
||||
0x67, 0x68, 0xE3, 0xD1, 0x6C, 0x05, 0x85, 0x97, 0x84, 0x6B,
|
||||
0xBF, 0xC2, 0x91, 0xBC, 0xA5, 0x32, 0x37, 0x99, 0x5C, 0xC7,
|
||||
0xE9, 0x8C, 0x4F, 0xBD, 0xFD, 0x66, 0x98, 0x38, 0xD8, 0x31,
|
||||
0x4E, 0x97, 0x57, 0x66, 0x0C, 0x1F, 0x43, 0x81, 0xC5, 0x0F,
|
||||
0xA2, 0x5A, 0xF2, 0xF6, 0x68, 0x9D, 0x97, 0xA9, 0x39, 0x42,
|
||||
0xFD, 0xCB, 0xCB, 0x29, 0x56, 0xA0, 0x49, 0x8D, 0x79, 0x40,
|
||||
0x66, 0x60, 0xC1, 0xB1, 0x99, 0xD7, 0x32, 0x06, 0x80, 0x64,
|
||||
0x43, 0x7F, 0x2B, 0x5A, 0xF7, 0xD9, 0x54, 0xF6, 0x3E, 0x2C,
|
||||
0x92, 0x6F, 0xEE, 0xCA, 0x59, 0x53, 0xC1, 0xCA, 0x3C, 0xDB,
|
||||
0xA3, 0x20, 0xF9, 0x8D, 0xEF, 0xFD, 0x8B, 0x08, 0xCE, 0x25,
|
||||
0x58, 0x16, 0x00, 0x93, 0xB6, 0xF6, 0xF8, 0x7D, 0x1C, 0x35,
|
||||
0xD2, 0x8E, 0xAE, 0x51, 0x1F, 0x08, 0x99, 0xBA, 0x63, 0x4B,
|
||||
0x05, 0x93, 0x61, 0x64, 0x40, 0x85, 0x71, 0x69, 0xBB, 0xF2,
|
||||
0xC4, 0xAE, 0x9E, 0xFB, 0x5C, 0xD1, 0x3F, 0x5F, 0x0D, 0x85,
|
||||
0xAA, 0x73, 0x23, 0x16, 0xE7, 0x13, 0x60, 0x5D, 0xF4, 0x88,
|
||||
0x34, 0xB1, 0xD2, 0xC9, 0x6B, 0xD4
|
||||
0x55, 0x93, 0xCF, 0x28, 0xF7, 0x38, 0x1E, 0xF1, 0x29, 0x5A,
|
||||
0xDE, 0x41, 0xCD, 0x83, 0x00, 0x06, 0x79, 0xB3, 0x12, 0x56,
|
||||
0xBD, 0x04, 0xCB, 0x97, 0xCC, 0xD2, 0x39, 0x3C, 0x36, 0x94,
|
||||
0x8D, 0x66, 0xB0, 0x41, 0xF4, 0xBD, 0x82, 0x8F, 0x03, 0x24,
|
||||
0x25, 0x65, 0xA1, 0x85, 0x87, 0xCE, 0x58, 0x0A, 0x45, 0xC6,
|
||||
0xB6, 0x38, 0x27, 0x44, 0x2A, 0x7A, 0x9B, 0xA2, 0x71, 0x67,
|
||||
0x92, 0xDA, 0xFD, 0x71, 0x88, 0x52, 0xF2, 0xFE, 0x61, 0x33,
|
||||
0xCB, 0x7F, 0xB4, 0x47, 0x3D, 0x60, 0xC6, 0x3A, 0x48, 0x44,
|
||||
0x6F, 0xA2, 0x16, 0x07, 0xA2, 0x94, 0x50, 0x99, 0x09, 0x7B,
|
||||
0x43, 0x04, 0xAD, 0xCA, 0x9C, 0x34, 0xD4, 0x72, 0x4B, 0x79,
|
||||
0x31, 0xE1, 0xC5, 0x6C, 0xA7, 0xB4, 0xD8, 0xED, 0x80, 0x79,
|
||||
0xBB, 0x69, 0xA0, 0xA6, 0x7A, 0x63, 0x99, 0x02, 0xF7, 0x64,
|
||||
0xF0, 0x6D, 0xBB, 0xC5, 0xDA, 0x55, 0x0D, 0x43, 0x7C, 0x30,
|
||||
0x74, 0x21, 0x05, 0x35, 0x63, 0xAD, 0x32, 0x76, 0x11, 0xA5,
|
||||
0x75, 0xF3, 0x83, 0xEE, 0x05, 0xFB, 0x91, 0x18, 0x5E, 0xCC,
|
||||
0x71, 0x49, 0x26, 0x0D, 0xE2, 0xE3, 0xB3, 0xAD, 0xFF, 0x65,
|
||||
0xA9, 0x9B, 0xF0, 0x81, 0xE1, 0x5D, 0xC3, 0x4C, 0x82, 0x83,
|
||||
0x33, 0xDA, 0xF6, 0x29, 0xC7, 0xC2, 0xA0, 0x23, 0x5D, 0xB1,
|
||||
0xCE, 0x82, 0x94, 0x49, 0xC5, 0xC0, 0xE5, 0xED, 0x3B, 0xF6,
|
||||
0x79, 0x21, 0x3B, 0xFC, 0x6D, 0xB5, 0x2A, 0xF6, 0x6D, 0xD9,
|
||||
0x4C, 0x3E, 0xBF, 0x2E, 0x13, 0xA2, 0x75, 0x93, 0x5A, 0xB4,
|
||||
0x2B, 0xF5, 0x74, 0xEF, 0xAE, 0x48, 0xFE, 0x06, 0x2D, 0x3F,
|
||||
0xA3, 0xFE, 0x1A, 0xC9, 0x45, 0x1D, 0x15, 0xC8, 0xEF, 0x95,
|
||||
0xE2, 0x6F, 0x7D, 0x1E, 0x96, 0xCD, 0x4D, 0xC5, 0x5F, 0xEB,
|
||||
0x57, 0x85, 0x54, 0xE4, 0x7F, 0xE0, 0x0F, 0xAD, 0xC3, 0xEE,
|
||||
0xBF, 0xFB, 0x43, 0xA6, 0xAB, 0x92
|
||||
};
|
||||
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
|
||||
/* ./client-cert.der.sign, */
|
||||
const unsigned char client_cert_der_sign[] =
|
||||
{
|
||||
0x21, 0x2A, 0x81, 0xFF, 0xC2, 0x4C, 0x98, 0xFF, 0xB8, 0x99,
|
||||
0xFC, 0x14, 0x07, 0xBA, 0xBD, 0x7F, 0x58, 0x0F, 0x23, 0x49,
|
||||
0x6B, 0xFA, 0x47, 0xAC, 0xF5, 0xCF, 0x7A, 0x76, 0x89, 0x07,
|
||||
0x22, 0x2F, 0x2A, 0xC5, 0x9F, 0x6D, 0x37, 0xFC, 0x7E, 0x51,
|
||||
0x55, 0x29, 0xDA, 0xF9, 0x7E, 0x30, 0x25, 0x3F, 0x38, 0xE3,
|
||||
0x5B, 0xD8, 0xD1, 0xC4, 0xE1, 0x05, 0x14, 0x5D, 0x3A, 0x8C,
|
||||
0xFC, 0x42, 0x7D, 0x38, 0x21, 0x5B, 0x0B, 0xC8, 0x6E, 0x80,
|
||||
0x35, 0xA7, 0x0B, 0xAB, 0x9E, 0x8B, 0x7F, 0x04, 0xE5, 0x43,
|
||||
0x2E, 0xFF, 0x11, 0x67, 0x04, 0xF4, 0x52, 0x52, 0xEF, 0x6C,
|
||||
0xC6, 0x30, 0x63, 0xE0, 0xAE, 0xCB, 0xD0, 0xBC, 0x7F, 0xB7,
|
||||
0x98, 0xD4, 0x08, 0x76, 0x49, 0xFF, 0x0E, 0xAF, 0x2B, 0x3B,
|
||||
0xA0, 0xFD, 0x25, 0xD5, 0x42, 0x02, 0x0A, 0xAA, 0xC0, 0x0C,
|
||||
0x5C, 0x62, 0x04, 0xD0, 0x4A, 0xE7, 0xEA, 0x26, 0x72, 0xE1,
|
||||
0x35, 0x8D, 0x47, 0x5A, 0xE6, 0x9A, 0xD5, 0x5C, 0x31, 0x79,
|
||||
0x7A, 0xEE, 0x59, 0xAD, 0x1B, 0x04, 0x2C, 0xFF, 0x74, 0x9D,
|
||||
0xA5, 0x90, 0x21, 0xCE, 0xC2, 0x04, 0x41, 0x98, 0x14, 0x27,
|
||||
0xF8, 0x35, 0xB9, 0xF5, 0x73, 0x1D, 0xAE, 0x2F, 0x8F, 0x44,
|
||||
0x79, 0xCA, 0xE7, 0x38, 0xDD, 0x15, 0x11, 0xDB, 0xA5, 0x6D,
|
||||
0xE6, 0x7F, 0x4E, 0x73, 0xE6, 0x2E, 0x98, 0xF3, 0xDD, 0x5A,
|
||||
0x34, 0x24, 0x6B, 0xAF, 0x28, 0xDC, 0x3A, 0x10, 0x0D, 0x54,
|
||||
0x86, 0x11, 0x52, 0x0F, 0x88, 0x65, 0x03, 0xE5, 0x1C, 0x04,
|
||||
0x45, 0x6B, 0x25, 0x3E, 0x8D, 0x5B, 0xD7, 0x2E, 0x33, 0x06,
|
||||
0xAA, 0x23, 0xFE, 0x1B, 0x7B, 0xE8, 0xB9, 0xA7, 0x80, 0x3F,
|
||||
0x08, 0x89, 0x6A, 0x22, 0x3F, 0xE0, 0xB8, 0xF3, 0xA4, 0x0A,
|
||||
0xC6, 0xA5, 0x51, 0xC4, 0x1A, 0x38, 0xE3, 0xD2, 0x8A, 0x1C,
|
||||
0xF1, 0xAE, 0x89, 0xFB, 0xCE, 0x9E
|
||||
0x1C, 0x3F, 0xB6, 0x72, 0x01, 0x8E, 0xAA, 0x73, 0xCC, 0xAD,
|
||||
0xA9, 0x43, 0x26, 0x1C, 0x7E, 0x3B, 0x2B, 0xE2, 0x82, 0x6D,
|
||||
0xA4, 0x89, 0xC6, 0x7A, 0x11, 0x7A, 0x41, 0xC1, 0xF6, 0x23,
|
||||
0x14, 0xD2, 0x6F, 0x3A, 0x2F, 0xD4, 0x2C, 0xA5, 0x18, 0x31,
|
||||
0x0D, 0xFB, 0x84, 0xBE, 0xF8, 0x12, 0x48, 0x41, 0x28, 0xD9,
|
||||
0xDB, 0xF9, 0x0A, 0xCF, 0x93, 0xDB, 0xC6, 0x65, 0x89, 0xDE,
|
||||
0x1D, 0x22, 0xE1, 0x0D, 0x25, 0x39, 0xD9, 0x56, 0xE2, 0xB7,
|
||||
0xE5, 0xAB, 0x6C, 0x44, 0xF8, 0xC5, 0x3B, 0x3D, 0xC6, 0x97,
|
||||
0x89, 0xAE, 0x97, 0x38, 0x03, 0x8C, 0x31, 0x36, 0x03, 0xBC,
|
||||
0xC2, 0x05, 0x28, 0x35, 0x14, 0xA8, 0xFC, 0x2B, 0x8F, 0xE0,
|
||||
0x8C, 0x85, 0xC2, 0x90, 0x5E, 0x0E, 0x75, 0xBC, 0xA0, 0xAD,
|
||||
0x24, 0x0F, 0xA3, 0x3A, 0x16, 0xB3, 0x46, 0x20, 0x9D, 0xAE,
|
||||
0x5E, 0xBF, 0x6E, 0xC1, 0x10, 0x45, 0x82, 0x8C, 0xE5, 0x6D,
|
||||
0x1A, 0xEE, 0xF9, 0x28, 0xD7, 0xC8, 0xE4, 0xA5, 0xC1, 0xD7,
|
||||
0xDD, 0x03, 0x37, 0x48, 0x87, 0x96, 0x0F, 0x17, 0x35, 0xDE,
|
||||
0xB8, 0xFB, 0x38, 0xDB, 0x64, 0x6C, 0xCB, 0xE9, 0xE0, 0x2F,
|
||||
0x17, 0xC9, 0x1B, 0xA0, 0xCB, 0xCB, 0xA9, 0xC3, 0x8F, 0x7B,
|
||||
0x4F, 0x25, 0xD8, 0xBA, 0x34, 0x6E, 0xD0, 0x60, 0x17, 0xE0,
|
||||
0x0C, 0x48, 0xBF, 0xAF, 0xC2, 0xE1, 0x0E, 0x5B, 0x56, 0x90,
|
||||
0x33, 0x13, 0x8F, 0xDA, 0x4D, 0x8D, 0xF5, 0xAF, 0x1D, 0x7A,
|
||||
0xA5, 0x2B, 0xD8, 0xBD, 0x81, 0x5A, 0xBB, 0x70, 0x8F, 0xB5,
|
||||
0xC9, 0xA5, 0xF3, 0x23, 0xA1, 0x58, 0x3D, 0xCF, 0x7D, 0x2B,
|
||||
0xFA, 0xBD, 0xF7, 0x58, 0x22, 0xF2, 0x1F, 0xC7, 0x98, 0xED,
|
||||
0x5D, 0x4F, 0x42, 0xA7, 0xC0, 0x41, 0xAC, 0xA5, 0x0B, 0x75,
|
||||
0xE6, 0xAB, 0x44, 0x42, 0x0B, 0xBC, 0x99, 0x99, 0x65, 0x21,
|
||||
0x9F, 0x53, 0xEF, 0x9A, 0x53, 0xCF
|
||||
};
|
||||
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
|
||||
|
||||
|
||||
@@ -18,8 +18,16 @@
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
|
||||
|
||||
/* This is a sample PlatformIO user_settings.h for wolfSSL
|
||||
/* Examples such as test and benchmark are known to cause watchdog timeouts.
|
||||
* Note this is often set in project Makefile:
|
||||
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
|
||||
#define WOLFSSL_ESP_NO_WATCHDOG 1
|
||||
|
||||
/* The Espressif project config file. See also sdkconfig.defaults */
|
||||
#include "sdkconfig.h"
|
||||
*
|
||||
* Do not include any wolfssl headers here
|
||||
*
|
||||
@@ -47,10 +55,9 @@
|
||||
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
|
||||
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
|
||||
|
||||
/* Experimental Kyber */
|
||||
/* Optional MLKEM (Kyber Post Quantum) */
|
||||
#if 0
|
||||
/* Kyber typically needs a minimum 10K stack */
|
||||
#define WOLFSSL_EXPERIMENTAL_SETTINGS
|
||||
#define WOLFSSL_HAVE_MLKEM
|
||||
#define WOLFSSL_WC_MLKEM
|
||||
#define WOLFSSL_SHA3
|
||||
@@ -566,18 +573,33 @@
|
||||
/* Debug options:
|
||||
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
|
||||
|
||||
optionally increase error message size for very long paths.
|
||||
#define WOLFSSL_MAX_ERROR_SZ 500
|
||||
|
||||
Turn wolfSSL debugging on/off:
|
||||
wolfSSL_Debugging_ON();
|
||||
wolfSSL_Debugging_OFF();
|
||||
|
||||
#define ESP_VERIFY_MEMBLOCK
|
||||
#define DEBUG_WOLFSSL
|
||||
#define DEBUG_WOLFSSL_VERBOSE
|
||||
#define DEBUG_WOLFSSL_SHA_MUTEX
|
||||
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
|
||||
#define WOLFSSL_DEBUG_CERT_BUNDLE
|
||||
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
|
||||
#define WOLFSSL_ESP32_CRYPT_DEBUG
|
||||
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
|
||||
#define NO_RECOVER_SOFTWARE_CALC
|
||||
#define WOLFSSL_TEST_STRAY 1
|
||||
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
|
||||
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
|
||||
#define WOLFSSL_DEBUG_MUTEX
|
||||
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
|
||||
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
|
||||
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
|
||||
#define ESP_DISABLE_HW_TASK_LOCK
|
||||
#define ESP_MONITOR_HW_TASK_LOCK
|
||||
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
|
||||
|
||||
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
|
||||
|
||||
@@ -594,7 +616,7 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
#define WOLFSSL_HW_METRICS
|
||||
#define ALT_ECC_SIZE
|
||||
|
||||
/* for test.c: */
|
||||
/* for test.c */
|
||||
/* #define HASH_SIZE_LIMIT */
|
||||
|
||||
/* Optionally turn off HW math checks */
|
||||
@@ -641,6 +663,12 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
* There are various certificate examples in this header file:
|
||||
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
|
||||
*
|
||||
* To use the sample certificates in code (not recommended for production!):
|
||||
*
|
||||
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
|
||||
* #include <wolfssl/certs_test.h>
|
||||
* #endif
|
||||
*
|
||||
* To use the sets of macros below, define *one* of these:
|
||||
*
|
||||
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
|
||||
@@ -655,10 +683,10 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
* CTX_CA_CERT_SIZE,
|
||||
* CTX_CA_CERT_TYPE);
|
||||
*
|
||||
* See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
|
||||
* See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
|
||||
*
|
||||
* In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
|
||||
* defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
|
||||
* defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
|
||||
*
|
||||
* The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
|
||||
* array size and cert type respectively.
|
||||
@@ -670,7 +698,7 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
* CTX_CLIENT_KEY_SIZE,
|
||||
* CTX_CLIENT_KEY_TYPE);
|
||||
*
|
||||
* see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
|
||||
* see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
|
||||
*
|
||||
* Similarly, the other macros are for server certificates and keys:
|
||||
* `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
|
||||
@@ -680,17 +708,17 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
* are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
|
||||
*
|
||||
* See `SSL_FILETYPE_[name]` in
|
||||
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
|
||||
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
|
||||
*
|
||||
* See Abstract Syntax Notation One (ASN.1) in:
|
||||
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
|
||||
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
|
||||
*
|
||||
* Optional SM4 Ciphers:
|
||||
*
|
||||
* Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
|
||||
* be available. See:
|
||||
* github.com/wolfSSL/wolfssl/pull/6825
|
||||
* github.com/wolfSSL/wolfsm
|
||||
* https://github.com/wolfSSL/wolfssl/pull/6825
|
||||
* https://github.com/wolfSSL/wolfsm
|
||||
*
|
||||
* Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
|
||||
*/
|
||||
@@ -703,6 +731,7 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
|
||||
/* Conditional macros used in wolfSSL TLS client and server examples */
|
||||
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
|
||||
#include <wolfssl/certs_test_sm.h>
|
||||
#define CTX_CA_CERT root_sm2
|
||||
#define CTX_CA_CERT_SIZE sizeof_root_sm2
|
||||
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM
|
||||
@@ -720,7 +749,11 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
#ifdef USE_CERT_BUFFERS_1024
|
||||
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
|
||||
#endif
|
||||
|
||||
/* Be sure to include in app when using example certs: */
|
||||
#include <wolfssl/certs_test.h>
|
||||
|
||||
#define USE_CERT_BUFFERS_256
|
||||
#define CTX_CA_CERT ca_cert_der_2048
|
||||
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
|
||||
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
||||
@@ -743,6 +776,11 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
#ifdef USE_CERT_BUFFERS_2048
|
||||
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
|
||||
#endif
|
||||
|
||||
/* Be sure to include in app when using example certs: */
|
||||
#include <wolfssl/certs_test.h>
|
||||
|
||||
#define USE_CERT_BUFFERS_256
|
||||
#define CTX_CA_CERT ca_cert_der_1024
|
||||
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
|
||||
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
|
||||
@@ -788,3 +826,11 @@ Turn on timer debugging (used when CPU cycles not available)
|
||||
#else
|
||||
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
|
||||
#endif
|
||||
/* See settings.h for some of the possible hardening options:
|
||||
*
|
||||
* #define NO_ESPIDF_DEFAULT
|
||||
* #define WC_NO_CACHE_RESISTANT
|
||||
* #define WC_AES_BITSLICED
|
||||
* #define HAVE_AES_ECB
|
||||
* #define HAVE_AES_DIRECT
|
||||
*/
|
||||
|
||||
+5
-8
@@ -2618,19 +2618,16 @@ static int Dtls13RtxIsTrackedByRn(const Dtls13RtxRecord* r, w64wrapper epoch,
|
||||
static int Dtls13KeyUpdateAckReceived(WOLFSSL* ssl)
|
||||
{
|
||||
int ret;
|
||||
w64Increment(&ssl->dtls13Epoch);
|
||||
|
||||
/* Epoch wrapped up */
|
||||
if (w64IsZero(ssl->dtls13Epoch))
|
||||
return BAD_STATE_E;
|
||||
|
||||
ret = DeriveTls13Keys(ssl, update_traffic_key, ENCRYPT_SIDE_ONLY, 1);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13NewEpoch(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
w64Increment(&ssl->dtls13Epoch);
|
||||
|
||||
/* Epoch wrapped up */
|
||||
if (w64IsZero(ssl->dtls13Epoch))
|
||||
return BAD_STATE_E;
|
||||
|
||||
return Dtls13SetEpochKeys(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY);
|
||||
}
|
||||
|
||||
@@ -3557,6 +3557,9 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
|
||||
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
|
||||
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
|
||||
cbInfo->side = side;
|
||||
#elif defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
|
||||
cbInfo->key_side = side;
|
||||
#endif
|
||||
ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
|
||||
}
|
||||
|
||||
@@ -6155,6 +6155,12 @@ int wolfSSL_Init(void)
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_Init");
|
||||
|
||||
#if defined(LIBWOLFSSL_CMAKE_OUTPUT)
|
||||
WOLFSSL_MSG(LIBWOLFSSL_CMAKE_OUTPUT);
|
||||
#else
|
||||
WOLFSSL_MSG("No extra wolfSSL cmake messages found");
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_MUTEX_INITIALIZER
|
||||
if (inits_count_mutex_valid == 0) {
|
||||
#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
|
||||
|
||||
@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
|
||||
/* RFC 8446 4.2.4 states trusted_ca_keys is not used
|
||||
in TLS 1.3. */
|
||||
if (IsAtLeastTLSv1_3(ssl->version)) {
|
||||
return EXT_NOT_ALLOWED;
|
||||
break;
|
||||
}
|
||||
else
|
||||
#endif
|
||||
|
||||
+37
-45
@@ -1623,9 +1623,42 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
|
||||
goto end;
|
||||
|
||||
if (ssl->options.dtls) {
|
||||
w64wrapper epochNumber;
|
||||
ret = Dtls13DeriveSnKeys(ssl, provision);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
goto end;
|
||||
|
||||
switch (secret) {
|
||||
case early_data_key:
|
||||
epochNumber = w64From32(0, DTLS13_EPOCH_EARLYDATA);
|
||||
break;
|
||||
case handshake_key:
|
||||
epochNumber = w64From32(0, DTLS13_EPOCH_HANDSHAKE);
|
||||
break;
|
||||
case traffic_key:
|
||||
case no_key:
|
||||
epochNumber = w64From32(0, DTLS13_EPOCH_TRAFFIC0);
|
||||
break;
|
||||
case update_traffic_key:
|
||||
if (side == ENCRYPT_SIDE_ONLY) {
|
||||
epochNumber = ssl->dtls13Epoch;
|
||||
}
|
||||
else if (side == DECRYPT_SIDE_ONLY) {
|
||||
epochNumber = ssl->dtls13PeerEpoch;
|
||||
}
|
||||
else {
|
||||
ret = BAD_STATE_E;
|
||||
goto end;
|
||||
}
|
||||
w64Increment(&epochNumber);
|
||||
break;
|
||||
default:
|
||||
ret = BAD_STATE_E;
|
||||
goto end;
|
||||
}
|
||||
ret = Dtls13NewEpoch(ssl, epochNumber, side);
|
||||
if (ret != 0)
|
||||
goto end;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_DTLS13 */
|
||||
@@ -4083,15 +4116,6 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
|
||||
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
|
||||
return ret;
|
||||
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
if (ssl->options.dtls) {
|
||||
ret = Dtls13NewEpoch(
|
||||
ssl, w64From32(0x0, DTLS13_EPOCH_EARLYDATA), ENCRYPT_SIDE_ONLY);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS13 */
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -5118,6 +5142,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
/* Force client hello version 1.2 to work for static RSA. */
|
||||
ssl->chVersion.minor = TLSv1_2_MINOR;
|
||||
ssl->version.minor = TLSv1_2_MINOR;
|
||||
ssl->options.tls1_3 = 0;
|
||||
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
if (ssl->options.dtls) {
|
||||
@@ -5218,6 +5243,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (ssl->options.dtls) {
|
||||
ssl->chVersion.minor = DTLSv1_2_MINOR;
|
||||
ssl->version.minor = DTLSv1_2_MINOR;
|
||||
ssl->options.tls1_3 = 0;
|
||||
ret = Dtls13ClientDoDowngrade(ssl);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -5231,6 +5257,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
return VERSION_ERROR;
|
||||
}
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
ssl->options.tls1_3 = 0;
|
||||
return DoServerHello(ssl, input, inOutIdx, helloSz);
|
||||
#else
|
||||
SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);
|
||||
@@ -6296,17 +6323,6 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
|
||||
return ret;
|
||||
|
||||
ssl->keys.encryptionOn = 1;
|
||||
|
||||
#ifdef WOLFSSL_DTLS13
|
||||
if (ssl->options.dtls) {
|
||||
ret = Dtls13NewEpoch(ssl,
|
||||
w64From32(0x0, DTLS13_EPOCH_EARLYDATA),
|
||||
DECRYPT_SIDE_ONLY);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
}
|
||||
#endif /* WOLFSSL_DTLS13 */
|
||||
|
||||
ssl->earlyData = process_early_data;
|
||||
}
|
||||
else
|
||||
@@ -7604,11 +7620,6 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
|
||||
w64wrapper epochHandshake = w64From32(0, DTLS13_EPOCH_HANDSHAKE);
|
||||
ssl->dtls13Epoch = epochHandshake;
|
||||
|
||||
ret = Dtls13NewEpoch(
|
||||
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13SetEpochKeys(
|
||||
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
@@ -11194,11 +11205,6 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
||||
ssl->dtls13Epoch = epochTraffic0;
|
||||
ssl->dtls13PeerEpoch = epochTraffic0;
|
||||
|
||||
ret = Dtls13NewEpoch(
|
||||
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13SetEpochKeys(
|
||||
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
@@ -11236,11 +11242,6 @@ static int SendTls13Finished(WOLFSSL* ssl)
|
||||
ssl->dtls13Epoch = epochTraffic0;
|
||||
ssl->dtls13PeerEpoch = epochTraffic0;
|
||||
|
||||
ret = Dtls13NewEpoch(
|
||||
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13SetEpochKeys(
|
||||
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
@@ -11440,10 +11441,6 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
|
||||
if (ssl->options.dtls) {
|
||||
w64Increment(&ssl->dtls13PeerEpoch);
|
||||
|
||||
ret = Dtls13NewEpoch(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13SetEpochKeys(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
@@ -12859,11 +12856,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
ssl->dtls13Epoch = epochHandshake;
|
||||
ssl->dtls13PeerEpoch = epochHandshake;
|
||||
|
||||
ret = Dtls13NewEpoch(
|
||||
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
ret = Dtls13SetEpochKeys(
|
||||
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
|
||||
if (ret != 0)
|
||||
|
||||
+123
@@ -51,6 +51,12 @@
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifdef __linux__
|
||||
#include <unistd.h>
|
||||
#include <sys/wait.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/ssl.h> /* compatibility layer */
|
||||
#include <wolfssl/error-ssl.h>
|
||||
|
||||
@@ -19069,6 +19075,14 @@ static int test_wc_PKCS12_create_once(int keyEncType, int certEncType)
|
||||
static int test_wc_PKCS12_create(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
|
||||
#if !defined(NO_RC4) && !defined(NO_SHA)
|
||||
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
|
||||
#endif
|
||||
#if !defined(NO_DES3) && !defined(NO_SHA)
|
||||
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES, PBE_SHA1_DES));
|
||||
#endif
|
||||
#if !defined(NO_DES3) && !defined(NO_SHA)
|
||||
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES3, PBE_SHA1_DES3));
|
||||
#endif
|
||||
@@ -32741,6 +32755,59 @@ static int test_wolfSSL_check_domain(void)
|
||||
}
|
||||
|
||||
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
|
||||
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
!defined(WOLFSSL_SYS_CA_CERTS)
|
||||
static const char* dn = NULL;
|
||||
static int test_wolfSSL_check_domain_basic_client_ctx(WOLFSSL_CTX* ctx)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
ExpectIntEQ(wolfSSL_CTX_load_system_CA_certs(ctx), WOLFSSL_SUCCESS);
|
||||
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
ExpectIntEQ(wolfSSL_check_domain_name(ssl, dn), WOLFSSL_SUCCESS);
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
static int test_wolfSSL_check_domain_basic(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
test_ssl_cbf func_cb_client;
|
||||
test_ssl_cbf func_cb_server;
|
||||
|
||||
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
|
||||
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
|
||||
|
||||
func_cb_client.ctx_ready = &test_wolfSSL_check_domain_basic_client_ctx;
|
||||
|
||||
dn = "invalid.com";
|
||||
func_cb_client.ssl_ready = &test_wolfSSL_check_domain_basic_client_ssl;
|
||||
|
||||
/* Expect to fail */
|
||||
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
|
||||
&func_cb_server, NULL), -1001);
|
||||
|
||||
dn = "example.com";
|
||||
|
||||
/* Expect to succeed */
|
||||
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
|
||||
&func_cb_server, NULL), TEST_SUCCESS);
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#else
|
||||
static int test_wolfSSL_check_domain_basic(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
|
||||
|
||||
static int test_wolfSSL_X509_get_X509_PUBKEY(void)
|
||||
{
|
||||
@@ -33142,6 +33209,59 @@ static int test_wolfSSL_RAND(void)
|
||||
}
|
||||
|
||||
|
||||
static int test_wolfSSL_RAND_poll(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
|
||||
#if defined(OPENSSL_EXTRA) && defined(__linux__)
|
||||
byte seed[16] = {0};
|
||||
byte randbuf[8] = {0};
|
||||
int pipefds[2] = {0};
|
||||
pid_t pid = 0;
|
||||
|
||||
XMEMSET(seed, 0, sizeof(seed));
|
||||
|
||||
/* No global methods set. */
|
||||
ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
|
||||
|
||||
ExpectIntEQ(pipe(pipefds), 0);
|
||||
pid = fork();
|
||||
ExpectIntGE(pid, 0);
|
||||
if (pid == 0)
|
||||
{
|
||||
ssize_t n_written = 0;
|
||||
|
||||
/* Child process. */
|
||||
close(pipefds[0]);
|
||||
RAND_poll();
|
||||
RAND_bytes(randbuf, sizeof(randbuf));
|
||||
n_written = write(pipefds[1], randbuf, sizeof(randbuf));
|
||||
close(pipefds[1]);
|
||||
exit(n_written == sizeof(randbuf) ? 0 : 1);
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Parent process. */
|
||||
word64 childrand64 = 0;
|
||||
int waitstatus = 0;
|
||||
|
||||
close(pipefds[1]);
|
||||
ExpectIntEQ(RAND_poll(), 1);
|
||||
ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1);
|
||||
ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)), sizeof(childrand64));
|
||||
ExpectBufNE(randbuf, &childrand64, sizeof(randbuf));
|
||||
close(pipefds[0]);
|
||||
waitpid(pid, &waitstatus, 0);
|
||||
}
|
||||
RAND_cleanup();
|
||||
|
||||
ExpectIntEQ(RAND_egd(NULL), -1);
|
||||
#endif
|
||||
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
|
||||
static int test_wolfSSL_PKCS8_Compat(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
@@ -67671,6 +67791,7 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfSSL_RAND_set_rand_method),
|
||||
TEST_DECL(test_wolfSSL_RAND_bytes),
|
||||
TEST_DECL(test_wolfSSL_RAND),
|
||||
TEST_DECL(test_wolfSSL_RAND_poll),
|
||||
|
||||
/* BN compatibility API */
|
||||
TEST_DECL(test_wolfSSL_BN_CTX),
|
||||
@@ -67742,6 +67863,7 @@ TEST_CASE testCases[] = {
|
||||
#endif
|
||||
|
||||
TEST_DECL(test_wolfSSL_check_domain),
|
||||
TEST_DECL(test_wolfSSL_check_domain_basic),
|
||||
TEST_DECL(test_wolfSSL_cert_cb),
|
||||
TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers),
|
||||
TEST_DECL(test_wolfSSL_ciphersuite_auth),
|
||||
@@ -68274,6 +68396,7 @@ TEST_CASE testCases[] = {
|
||||
TEST_DECL(test_wolfSSL_inject),
|
||||
TEST_DECL(test_wolfSSL_dtls_cid_parse),
|
||||
TEST_DECL(test_dtls13_epochs),
|
||||
TEST_DECL(test_dtls_rtx_across_epoch_change),
|
||||
TEST_DECL(test_dtls13_ack_order),
|
||||
TEST_DECL(test_dtls_version_checking),
|
||||
TEST_DECL(test_ocsp_status_callback),
|
||||
|
||||
@@ -1313,3 +1313,73 @@ int test_records_span_network_boundaries(void)
|
||||
}
|
||||
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
!defined(WOLFSSL_NO_TLS12) */
|
||||
|
||||
int test_dtls_rtx_across_epoch_change(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS)
|
||||
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
|
||||
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
|
||||
struct test_memio_ctx test_ctx;
|
||||
|
||||
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
|
||||
|
||||
/* Setup DTLS contexts */
|
||||
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
|
||||
wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method),
|
||||
0);
|
||||
|
||||
/* CH0 */
|
||||
wolfSSL_SetLoggingPrefix("client:");
|
||||
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
|
||||
|
||||
/* HRR */
|
||||
wolfSSL_SetLoggingPrefix("server:");
|
||||
ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ);
|
||||
|
||||
/* CH1 */
|
||||
wolfSSL_SetLoggingPrefix("client:");
|
||||
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
|
||||
|
||||
/* SH ... FINISHED */
|
||||
wolfSSL_SetLoggingPrefix("server:");
|
||||
ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ);
|
||||
|
||||
/* we should have now SH ... FINISHED messages in the buffer*/
|
||||
ExpectIntGE(test_ctx.c_msg_count, 2);
|
||||
|
||||
/* drop everything but the SH */
|
||||
while (test_ctx.c_msg_count > 1 && EXPECT_SUCCESS()) {
|
||||
ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, test_ctx.c_msg_count - 1), 0);
|
||||
}
|
||||
|
||||
/* Read the SH */
|
||||
wolfSSL_SetLoggingPrefix("client:");
|
||||
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
|
||||
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
|
||||
|
||||
/* trigger client timeout */
|
||||
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
|
||||
/* this should have triggered a rtx */
|
||||
ExpectIntGT(test_ctx.s_msg_count, 0);
|
||||
|
||||
/* finish the handshake */
|
||||
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
|
||||
|
||||
/* Test communication works correctly */
|
||||
ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
|
||||
|
||||
/* Cleanup */
|
||||
wolfSSL_free(ssl_c);
|
||||
wolfSSL_CTX_free(ctx_c);
|
||||
wolfSSL_free(ssl_s);
|
||||
wolfSSL_CTX_free(ctx_s);
|
||||
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(WOLFSSL_DTLS13) */
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
@@ -36,4 +36,5 @@ int test_dtls13_longer_length(void);
|
||||
int test_dtls13_short_read(void);
|
||||
int test_records_span_network_boundaries(void);
|
||||
int test_dtls_record_cross_boundaries(void);
|
||||
int test_dtls_rtx_across_epoch_change(void);
|
||||
#endif /* TESTS_API_DTLS_H */
|
||||
|
||||
@@ -16665,6 +16665,7 @@ int test_mldsa_pkcs8(void)
|
||||
defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \
|
||||
(!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
|
||||
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
|
||||
|
||||
WOLFSSL_CTX* ctx = NULL;
|
||||
@@ -16685,9 +16686,15 @@ int test_mldsa_pkcs8(void)
|
||||
int oidSum;
|
||||
int keySz;
|
||||
} test_variant[] = {
|
||||
#ifndef WOLFSSL_NO_ML_DSA_44
|
||||
{WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE},
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_65
|
||||
{WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE},
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_ML_DSA_87
|
||||
{WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}
|
||||
#endif
|
||||
};
|
||||
|
||||
(void) pemSz;
|
||||
|
||||
@@ -51,7 +51,7 @@
|
||||
-v 3
|
||||
-H exitWithRet
|
||||
|
||||
# server TLSv1.2
|
||||
# server TLSv1.2
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||
-H exitWithRet
|
||||
@@ -60,7 +60,7 @@
|
||||
-v 4
|
||||
-H exitWithRet
|
||||
|
||||
# server TLSv1.2
|
||||
# server TLSv1.2
|
||||
-v 3
|
||||
-l ECDHE-RSA-AES256-GCM-SHA384
|
||||
-H exitWithRet
|
||||
@@ -119,3 +119,10 @@
|
||||
-7 3
|
||||
-s
|
||||
-l ECDHE-PSK-AES128-GCM-SHA256
|
||||
|
||||
# server TLSv1.3
|
||||
-v 4
|
||||
|
||||
# client downgrade with trusted ca
|
||||
-v d
|
||||
-5
|
||||
|
||||
@@ -132,6 +132,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
|
||||
wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \
|
||||
wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \
|
||||
wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \
|
||||
wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py \
|
||||
wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \
|
||||
wolfcrypt/src/port/Espressif/README.md \
|
||||
wolfcrypt/src/port/arm/cryptoCell.c \
|
||||
|
||||
+61
-35
@@ -1760,6 +1760,51 @@ exit_pk12par:
|
||||
}
|
||||
|
||||
|
||||
/* Helper function to get parameters for key and cert encryptions */
|
||||
static int wc_PKCS12_get_enc_params(int inAlgo, int* vPKCS, int* outAlgo,
|
||||
int* blkOid, int* hmacOid)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
if (inAlgo == PBE_SHA1_RC4_128) {
|
||||
*vPKCS = 1; /* PKCS#12 */
|
||||
*outAlgo = PBE_SHA1_RC4_128;
|
||||
*blkOid = 0; /* Unused */
|
||||
*hmacOid = 0; /* Use SHA1 as default */
|
||||
}
|
||||
else if (inAlgo == PBE_SHA1_DES) {
|
||||
*vPKCS = PKCS5;
|
||||
*outAlgo = PBES1_SHA1_DES;
|
||||
*blkOid = 0; /* Unused */
|
||||
*hmacOid = 0; /* Use SHA1 as default */
|
||||
}
|
||||
else if (inAlgo == PBE_SHA1_DES3) {
|
||||
*vPKCS = 1; /* PKCS#12 */
|
||||
*outAlgo = PBE_SHA1_DES3;
|
||||
*blkOid = 0; /* Unused */
|
||||
*hmacOid = 0; /* Use SHA1 as default */
|
||||
}
|
||||
else if (inAlgo == PBE_AES256_CBC) {
|
||||
*vPKCS = PKCS5;
|
||||
*outAlgo = PBES2;
|
||||
*blkOid = AES256CBCb;
|
||||
*hmacOid = HMAC_SHA256_OID;
|
||||
}
|
||||
else if (inAlgo == PBE_AES128_CBC) {
|
||||
*vPKCS = PKCS5;
|
||||
*outAlgo = PBES2;
|
||||
*blkOid = AES128CBCb;
|
||||
*hmacOid = HMAC_SHA256_OID;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Unsupported algorithm for PKCS12 encryption");
|
||||
ret = ALGO_ID_E;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* Helper function to shroud keys.
|
||||
*
|
||||
* pkcs12 structure to use with shrouding key
|
||||
@@ -1781,15 +1826,15 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
{
|
||||
void* heap;
|
||||
word32 tmpIdx = 0;
|
||||
int vPKCS = 1; /* PKCS#12 default set to 1 */
|
||||
word32 sz;
|
||||
word32 totalSz = 0;
|
||||
int ret;
|
||||
byte* pkcs8Key = NULL;
|
||||
|
||||
/* The blkOid and hmacOid are only valid for PKCS#5v2 (PBES2) */
|
||||
int vPKCS = -1;
|
||||
int outAlgo = -1;
|
||||
int blkOid = 0;
|
||||
int hmacOid = 0; /* If 0, use the default HMAC algorithm */
|
||||
int hmacOid = 0;
|
||||
|
||||
if (outSz == NULL || pkcs12 == NULL || rng == NULL || key == NULL ||
|
||||
pass == NULL) {
|
||||
@@ -1826,25 +1871,13 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
else {
|
||||
WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag");
|
||||
|
||||
/* Need to handle PKCS#5v1/v2 (=non-PKCS#12v1) encryptions */
|
||||
if (vAlgo == PBE_SHA1_DES) {
|
||||
vPKCS = PKCS5;
|
||||
vAlgo = 10;
|
||||
}
|
||||
else if (vAlgo == PBE_AES256_CBC) {
|
||||
vPKCS = PKCS5;
|
||||
vAlgo = PBES2;
|
||||
blkOid = AES256CBCb;
|
||||
hmacOid = HMAC_SHA256_OID;
|
||||
}
|
||||
else if (vAlgo == PBE_AES128_CBC) {
|
||||
vPKCS = PKCS5;
|
||||
vAlgo = PBES2;
|
||||
blkOid = AES128CBCb;
|
||||
hmacOid = HMAC_SHA256_OID;
|
||||
if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid,
|
||||
&hmacOid)) < 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = TraditionalEnc_ex(key, keySz, pkcs8Key, &sz, pass, passSz,
|
||||
vPKCS, vAlgo, blkOid, NULL, 0, itt, hmacOid, rng, heap);
|
||||
vPKCS, outAlgo, blkOid, NULL, 0, itt, hmacOid, rng, heap);
|
||||
}
|
||||
if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
|
||||
*outSz = sz + MAX_LENGTH_SZ + 1;
|
||||
@@ -2084,7 +2117,6 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
const char* pass, int passSz, int iter, int type)
|
||||
{
|
||||
void* heap;
|
||||
int vPKCS = 1; /* PKCS#12 is always set to 1 */
|
||||
int ret;
|
||||
byte* tmp;
|
||||
word32 idx = 0;
|
||||
@@ -2092,6 +2124,9 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
word32 length = 0;
|
||||
word32 tmpSz;
|
||||
word32 encSz;
|
||||
|
||||
int vPKCS = -1;
|
||||
int outAlgo = -1;
|
||||
int blkOid = 0;
|
||||
int hmacOid = 0;
|
||||
|
||||
@@ -2111,23 +2146,14 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
if (type == WC_PKCS12_ENCRYPTED_DATA) {
|
||||
word32 outerSz = 0;
|
||||
|
||||
/* Need to handle PKCS#5v1/v2 (=non-PKCS#12v1) encryptions */
|
||||
if (vAlgo == PBE_AES256_CBC) {
|
||||
vPKCS = PKCS5;
|
||||
vAlgo = PBES2;
|
||||
blkOid = AES256CBCb;
|
||||
hmacOid = HMAC_SHA256_OID;
|
||||
}
|
||||
else if (vAlgo == PBE_AES128_CBC) {
|
||||
vPKCS = PKCS5;
|
||||
vAlgo = PBES2;
|
||||
blkOid = AES128CBCb;
|
||||
hmacOid = HMAC_SHA256_OID;
|
||||
if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid,
|
||||
&hmacOid)) < 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
encSz = contentSz;
|
||||
if ((ret = EncryptContent(NULL, contentSz, NULL, &encSz,
|
||||
pass, passSz, vPKCS, vAlgo, blkOid, NULL, 0, iter, hmacOid,
|
||||
pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid,
|
||||
rng, heap)) < 0) {
|
||||
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
|
||||
return ret;
|
||||
@@ -2180,7 +2206,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
|
||||
}
|
||||
|
||||
if ((ret = EncryptContent(content, contentSz, tmp, &encSz,
|
||||
pass, passSz, vPKCS, vAlgo, blkOid, NULL, 0, iter, hmacOid,
|
||||
pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid,
|
||||
rng, heap)) < 0) {
|
||||
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return ret;
|
||||
|
||||
@@ -31,6 +31,11 @@
|
||||
#include "sdkconfig.h" /* programmatically generated from sdkconfig */
|
||||
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
|
||||
|
||||
#if HAVE_LIBWOLFSSL_OUTPUT_HEADER
|
||||
/* see wolfssl component CMakeLists.txt that may have generated this: */
|
||||
#include "libwolfssl_output.h"
|
||||
#endif
|
||||
|
||||
/* Espressif */
|
||||
#include <esp_log.h>
|
||||
#include <esp_err.h>
|
||||
@@ -647,6 +652,16 @@ int ShowExtendedSystemInfo(void)
|
||||
LIBWOLFSSL_VERSION_HEX);
|
||||
#endif
|
||||
|
||||
#if defined(LIBWOLFSSL_CMAKE_OUTPUT)
|
||||
/* For some environments such as PlatformIO that may hide CMake output,
|
||||
* we can have important messages propagated to the app: */
|
||||
ESP_LOGI(TAG, "----------------------------------------------------------");
|
||||
ESP_LOGI(TAG, "LIBWOLFSSL_CMAKE_OUTPUT:%s", LIBWOLFSSL_CMAKE_OUTPUT);
|
||||
ESP_LOGI(TAG, "----------------------------------------------------------");
|
||||
#else
|
||||
ESP_LOGW(TAG, "LIBWOLFSSL_CMAKE_OUTPUT: No cmake messages detected");
|
||||
#endif
|
||||
|
||||
/* some interesting settings are target specific (ESP32, -C3, -S3, etc */
|
||||
#if defined(CONFIG_IDF_TARGET_ESP32)
|
||||
/* ESP_RSA_MULM_BITS should be set to at least 16 for ESP32 */
|
||||
|
||||
@@ -31,6 +31,13 @@
|
||||
/* Reminder: settings.h pulls in user_settings.h */
|
||||
/* Do not explicitly include user_settings.h here. */
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
|
||||
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
|
||||
|
||||
#ifndef SHOW_WOLFSSL_BUNDLE_ERROR
|
||||
#define SHOW_WOLFSSL_BUNDLE_ERROR(X) ESP_LOGV(TAG, \
|
||||
"SHOW_WOLFSSL_BUNDLE_ERROR not enabled, details suppressed.");
|
||||
#endif
|
||||
|
||||
/* Espressif */
|
||||
#include <esp_log.h>
|
||||
@@ -91,6 +98,8 @@ esp_err_t esp_crt_bundle_attach(void *conf)
|
||||
/* Bundle debug may come from user_settings.h and/or sdkconfig.h */
|
||||
#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
|
||||
defined( WOLFSSL_DEBUG_CERT_BUNDLE)
|
||||
/* someplace to store result of wc_ErrorString(err, string) */
|
||||
char last_esp_crt_bundle_error[WOLFSSL_MAX_ERROR_SZ];
|
||||
/* We'll only locally check this one: */
|
||||
#undef WOLFSSL_DEBUG_CERT_BUNDLE
|
||||
#define WOLFSSL_DEBUG_CERT_BUNDLE
|
||||
@@ -173,12 +182,16 @@ esp_err_t esp_crt_bundle_attach(void *conf)
|
||||
|
||||
/* A "Certificate Bundle" is this array of [size] + [x509 CA List]
|
||||
* certs that the client trusts: */
|
||||
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
|
||||
asm("_binary_x509_crt_bundle_wolfssl_start");
|
||||
|
||||
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
|
||||
asm("_binary_x509_crt_bundle_wolfssl_end");
|
||||
#if !defined(NO_WOLFSSL_USE_ASM_CERT)
|
||||
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
|
||||
asm("_binary_x509_crt_bundle_wolfssl_start");
|
||||
|
||||
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
|
||||
asm("_binary_x509_crt_bundle_wolfssl_end");
|
||||
#else
|
||||
extern const unsigned char _binary_x509_crt_bundle_wolfssl_start[];
|
||||
extern const unsigned char _binary_x509_crt_bundle_wolfssl_end[];
|
||||
#endif
|
||||
/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF.
|
||||
* TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification).
|
||||
* For now, it is here: */
|
||||
@@ -453,7 +466,8 @@ static CB_INLINE int cert_manager_load(int preverify,
|
||||
}
|
||||
}
|
||||
else {
|
||||
ESP_LOGE(TAG, "Failed to load CA");
|
||||
ESP_LOGE(TAG, "Failed to load CA, ret = %d", ret);
|
||||
SHOW_WOLFSSL_BUNDLE_ERROR(ret);
|
||||
}
|
||||
|
||||
/* We don't free the issue and subject, as they are
|
||||
@@ -861,6 +875,7 @@ static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
|
||||
if (ret == WOLFSSL_FAILURE) {
|
||||
ESP_LOGW(TAG, "Warning: found a matching cert, but not added "
|
||||
"to the Certificate Manager. error: %d", ret);
|
||||
SHOW_WOLFSSL_BUNDLE_ERROR(ret);
|
||||
}
|
||||
else {
|
||||
ESP_LOGCBI(TAG, "New CA added to the Certificate Manager.");
|
||||
@@ -1338,15 +1353,15 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
|
||||
|
||||
/* If all is ok, proceed with initialization of Certificate Bundle */
|
||||
if (ret == ESP_OK) {
|
||||
/* This is the maximum region that is allowed to access */
|
||||
ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
|
||||
ESP_LOGV(TAG, "Bundle Size %d", bundle_size);
|
||||
bundle_end = x509_bundle + bundle_size;
|
||||
ESP_LOGV(TAG, "Bundle End 0x%x", (intptr_t)bundle_end);
|
||||
/* This is the maximum region that is allowed to access */
|
||||
ESP_LOGCBI(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
|
||||
ESP_LOGCBI(TAG, "Bundle End 0x%x", (intptr_t)bundle_end);
|
||||
ESP_LOGCBI(TAG, "Bundle Size %u bytes", bundle_size);
|
||||
cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET;
|
||||
|
||||
for (i = 0; i < num_certs; i++) {
|
||||
ESP_LOGV(TAG, "Init Cert %d", i);
|
||||
ESP_LOGCBI(TAG, "Init Cert %d", i);
|
||||
if (cur_crt + CRT_HEADER_OFFSET > bundle_end) {
|
||||
ESP_LOGE(TAG, "Invalid certificate bundle current offset");
|
||||
_esp_crt_bundle_is_valid = ESP_FAIL;
|
||||
@@ -1357,24 +1372,46 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
|
||||
crts[i] = cur_crt;
|
||||
|
||||
#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
|
||||
ESP_LOGE("err", "Error: not IS_WOLFSSL_CERT_BUNDLE_FORMAT");
|
||||
/* For reference only */
|
||||
size_t name_len = cur_crt[0] << 8 | cur_crt[1];
|
||||
size_t key_len = cur_crt[2] << 8 | cur_crt[3];
|
||||
cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len;
|
||||
#else
|
||||
cert_len = cur_crt[0] << 8 | cur_crt[1];
|
||||
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
|
||||
ESP_LOGCBI(TAG, "- This certificate at 0x%x, length: %u",
|
||||
(intptr_t)cur_crt, cert_len);
|
||||
|
||||
/* TODO: optional gate out serial check for performance. */
|
||||
/* Useful only for custom cert bundle, known to have no zeros. */
|
||||
if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
|
||||
cert_len) > 0) {
|
||||
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
|
||||
defined( WOLFSSL_ASN_ALLOW_0_SERIAL) || \
|
||||
defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \
|
||||
defined( WOLFSSL_NO_ASN_STRICT)
|
||||
if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
|
||||
cert_len) > 0) {
|
||||
ESP_LOGW(TAG, "Warning: found zero value for serial number in "
|
||||
"certificate #%d", i);
|
||||
ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in "
|
||||
"serial number.");
|
||||
}
|
||||
#endif
|
||||
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL)
|
||||
ESP_LOGCBW(TAG, "Allowing zero serial in certificate config.");
|
||||
#elif defined( WOLFSSL_ASN_ALLOW_0_SERIAL)
|
||||
ESP_LOGCBW(TAG, "Allowing zero serial in certificate setting.");
|
||||
#elif defined(CONFIG_WOLFSSL_NO_ASN_STRICT)
|
||||
ESP_LOGCBW(TAG, "Allowing zero serial, no ASN Strict config.");
|
||||
#elif defined( WOLFSSL_NO_ASN_STRICT)
|
||||
ESP_LOGCBW(TAG, "Allowing zero serial, no ASN Strict setting.");
|
||||
#else
|
||||
/* Unless explicitly allowed, wolfSSL will reject zero serial */
|
||||
ESP_LOGW(TAG, "Certificate has zero serial number!");
|
||||
#endif /* zero serial check message, why allowed per setting */
|
||||
#else
|
||||
/* we don't allow zero serial, expect wolfssl error later */
|
||||
ESP_LOGE(TAG, "ERROR: Strict ASN and found zero value for "
|
||||
"serial number in certificate #%d", i);
|
||||
#endif /* zero serial check */
|
||||
} /* wolfssl_is_zero_serial_number */
|
||||
|
||||
/* look at next cert */
|
||||
cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len);
|
||||
#endif
|
||||
} /* for certs 0 to num_certs - 1 in the order found */
|
||||
@@ -1427,25 +1464,52 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
|
||||
esp_err_t esp_crt_bundle_attach(void *conf)
|
||||
{
|
||||
esp_err_t ret = ESP_OK;
|
||||
size_t bundle_size = 0;
|
||||
ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach");
|
||||
/* If no bundle has been set by the user,
|
||||
* then use the bundle embedded in the binary */
|
||||
#ifdef PLATFORMIO
|
||||
ESP_LOGCBW(TAG, "Found PLATFORMIO, beware of alternate cert bundles.");
|
||||
#endif
|
||||
if (s_crt_bundle.crts == NULL) {
|
||||
ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary.");
|
||||
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x",
|
||||
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_start);
|
||||
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
|
||||
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
|
||||
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_end);
|
||||
ret = wolfssl_esp_crt_bundle_init(
|
||||
x509_crt_imported_bundle_wolfssl_bin_start,
|
||||
(x509_crt_imported_bundle_wolfssl_bin_end
|
||||
- x509_crt_imported_bundle_wolfssl_bin_start));
|
||||
if ((intptr_t)x509_crt_imported_bundle_wolfssl_bin_end <
|
||||
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_start) {
|
||||
ESP_LOGE(TAG, "Imported bundle end less than starting address");
|
||||
ret = ESP_FAIL;
|
||||
}
|
||||
else {
|
||||
bundle_size = (x509_crt_imported_bundle_wolfssl_bin_end
|
||||
- x509_crt_imported_bundle_wolfssl_bin_start);
|
||||
if (bundle_size == 0) {
|
||||
ESP_LOGE(TAG, "Imported bundle size is zero. Empty?");
|
||||
ret = ESP_FAIL;
|
||||
}
|
||||
else {
|
||||
ESP_LOGCBI(TAG, "Importing x509 wolfSSL bundle, %u bytes",
|
||||
bundle_size);
|
||||
ret = wolfssl_esp_crt_bundle_init(
|
||||
x509_crt_imported_bundle_wolfssl_bin_start,
|
||||
bundle_size);
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.",
|
||||
(intptr_t)s_crt_bundle.crts);
|
||||
}
|
||||
|
||||
if (((uintptr_t)x509_crt_imported_bundle_wolfssl_bin_start % 4) == 0) {
|
||||
ESP_LOGCBI(TAG, "Confirmed alignment x509_crt_imported_bundle_wolfssl");
|
||||
}
|
||||
else {
|
||||
ESP_LOGCBI(TAG, "Not aligned: x509_crt_imported_bundle_wolfssl");
|
||||
}
|
||||
|
||||
if (ret == ESP_OK) {
|
||||
if (conf) {
|
||||
wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf;
|
||||
|
||||
@@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# pio_install_cryptography.py
|
||||
#
|
||||
# Copyright (C) 2006-2024 wolfSSL Inc.
|
||||
#
|
||||
# This file is part of wolfSSL.
|
||||
#
|
||||
# wolfSSL is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# wolfSSL is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
#
|
||||
# Import("env")
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
# Function to install a package
|
||||
def install(package):
|
||||
subprocess.check_call([sys.executable, "-m", "pip", "install", package])
|
||||
|
||||
try:
|
||||
# Check if cryptography is installed
|
||||
import cryptography
|
||||
except ImportError:
|
||||
# If not installed, install it
|
||||
print("cryptography package not found. Installing...")
|
||||
install("cryptography")
|
||||
@@ -254,7 +254,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
||||
if (ret == 0) {
|
||||
TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
|
||||
RsaKey* key = info->pk.rsakg.key;
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1) || \
|
||||
(defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1)
|
||||
if (info->pk.rsakg.size == 1024) {
|
||||
/* export generated public key to the RsaKey structure */
|
||||
ret = wc_RsaPublicKeyDecodeRaw(
|
||||
@@ -266,7 +267,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
|
||||
);
|
||||
}
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if (defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1) || \
|
||||
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)
|
||||
if (info->pk.rsakg.size == 2048) {
|
||||
/* export generated public key to the RsaKey structure */
|
||||
ret = wc_RsaPublicKeyDecodeRaw(
|
||||
@@ -824,11 +826,13 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
|
||||
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
|
||||
|
||||
if (cbInfo->session_key_set == 1) {
|
||||
switch(cbInfo->key_side) {
|
||||
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
|
||||
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
|
||||
|
||||
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
|
||||
switch(cbInfo->side) {
|
||||
#endif
|
||||
case 1:/* ENCRYPT_SIDE_ONLY */
|
||||
ssl->encrypt.setup = 1;
|
||||
break;
|
||||
@@ -841,7 +845,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
|
||||
break;
|
||||
default:break;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = 0;
|
||||
wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished);
|
||||
wolfSSL_SetTlsFinishedCtx(ssl, cbInfo);
|
||||
|
||||
@@ -372,7 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
|
||||
if ((ret = tsip_hw_lock()) == 0) {
|
||||
switch (tuc->wrappedKeyType) {
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
#if defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1
|
||||
case TSIP_KEY_TYPE_RSA1024:
|
||||
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
|
||||
&hashData,
|
||||
@@ -390,7 +390,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
|
||||
case TSIP_KEY_TYPE_RSA2048:
|
||||
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
|
||||
&hashData,
|
||||
|
||||
@@ -2425,7 +2425,8 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
|
||||
switch (keyType) {
|
||||
|
||||
#if !defined(NO_RSA)
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if ((defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1) || \
|
||||
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
|
||||
case TSIP_KEY_TYPE_RSA2048:
|
||||
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
|
||||
tuc->ClientRsa2048PubKey_set = 0;
|
||||
@@ -3231,15 +3232,13 @@ int wc_tsip_generateSessionKey(
|
||||
if (enc) {
|
||||
enc->aes->ctx.keySize = ssl->specs.key_size;
|
||||
enc->aes->ctx.setup = 1;
|
||||
/* ready for use */
|
||||
enc->setup = 1;
|
||||
/* ready-for-use flag will be set when SetKeySide() is called */
|
||||
}
|
||||
/* set up key size and marked ready */
|
||||
if (dec) {
|
||||
dec->aes->ctx.keySize = ssl->specs.key_size;
|
||||
dec->aes->ctx.setup = 1;
|
||||
/* ready for use */
|
||||
dec->setup = 1;
|
||||
/* ready-for-use flag will be set when SetKeySide() is called */
|
||||
}
|
||||
|
||||
if (ctx->tsip_cipher ==
|
||||
@@ -3706,7 +3705,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
}
|
||||
|
||||
switch (tuc->wrappedKeyType) {
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
#if defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1
|
||||
case TSIP_KEY_TYPE_RSA1024:
|
||||
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
|
||||
WOLFSSL_MSG("tsip rsa private key 1024 not set");
|
||||
@@ -3714,7 +3713,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
|
||||
case TSIP_KEY_TYPE_RSA2048:
|
||||
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
|
||||
WOLFSSL_MSG("tsip rsa private key 2048 not set");
|
||||
@@ -3731,9 +3730,11 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
|
||||
if (ret == 0) {
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
/* since TSIP driver adds ASN.1 input data uses raw digest */
|
||||
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
|
||||
hashData.data_type = 1;
|
||||
sigData.pdata = (uint8_t*)info->pk.rsa.in;
|
||||
hashData.data_length= ssl->buffers.digest.length;
|
||||
hashData.data_type = 1; /* hashed data */
|
||||
sigData.pdata = (uint8_t*)info->pk.rsa.out;
|
||||
sigData.data_length = 0; /* signature size will be returned here */
|
||||
#else
|
||||
hashData.pdata = (uint8_t*)info->pk.rsa.in;
|
||||
@@ -3744,7 +3745,8 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
#endif
|
||||
if ((ret = tsip_hw_lock()) == 0) {
|
||||
switch (tuc->wrappedKeyType) {
|
||||
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
|
||||
#if (defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1) && \
|
||||
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
|
||||
case TSIP_KEY_TYPE_RSA1024:
|
||||
err = R_TSIP_RsassaPkcs1024SignatureGenerate(
|
||||
&hashData, &sigData,
|
||||
@@ -3757,7 +3759,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
|
||||
case TSIP_KEY_TYPE_RSA2048:
|
||||
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
|
||||
&hashData, &sigData,
|
||||
@@ -3849,15 +3851,18 @@ int tsip_VerifyRsaPkcsCb(
|
||||
|
||||
if (ret == 0) {
|
||||
sigData.pdata = (uint8_t*)sig;
|
||||
sigData.data_length = sigSz;
|
||||
/* Since TSITP driver handles ASN.1 internally,
|
||||
* the expected data is raw hash.
|
||||
*/
|
||||
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
|
||||
hashData.data_type = 1; /* hash value */
|
||||
|
||||
if ((ret = tsip_hw_lock()) == 0) {
|
||||
|
||||
switch (tuc->wrappedKeyType) {
|
||||
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
|
||||
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
|
||||
case TSIP_KEY_TYPE_RSA2048:
|
||||
sigData.data_length = 256;
|
||||
err = R_TSIP_RsassaPkcs2048SignatureVerification(
|
||||
&sigData, &hashData,
|
||||
&tuc->Rsa2048PublicKeyIdx,
|
||||
|
||||
@@ -46814,8 +46814,10 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
|
||||
byte* sig = NULL;
|
||||
#else
|
||||
dilithium_key key[1];
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
byte sig[DILITHIUM_MAX_SIG_SIZE];
|
||||
#endif
|
||||
#endif
|
||||
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
|
||||
word32 sigLen;
|
||||
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
|
||||
|
||||
@@ -90,6 +90,16 @@ extern "C" {
|
||||
#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *)
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
|
||||
defined( WOLFSSL_DEBUG_CERT_BUNDLE)
|
||||
/* Default WOLFSSL_MAX_ERROR_SZ assigned in settings.h or user_settings.h */
|
||||
extern char last_esp_crt_bundle_error[WOLFSSL_MAX_ERROR_SZ];
|
||||
#define SHOW_WOLFSSL_BUNDLE_ERROR(THIS_ERR) \
|
||||
{ \
|
||||
wc_ErrorString(THIS_ERR, last_esp_crt_bundle_error); \
|
||||
ESP_LOGE(TAG,"%s", last_esp_crt_bundle_error); \
|
||||
}
|
||||
#endif
|
||||
typedef struct wolfssl_ssl_config wolfssl_ssl_config;
|
||||
|
||||
struct wolfssl_ssl_config
|
||||
|
||||
@@ -164,7 +164,8 @@ typedef struct TsipUserCtx {
|
||||
#ifdef WOLFSSL_RENESAS_TSIP_TLS
|
||||
/* 0:working as a TLS client, 1: as a server */
|
||||
byte side;
|
||||
|
||||
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
|
||||
byte key_side;
|
||||
/* public key index for verification of RootCA cert */
|
||||
uint32_t user_key_id;
|
||||
|
||||
|
||||
@@ -455,6 +455,10 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* Important build-time configuration messages may be saved.
|
||||
* Enable DEBUG_WOLFSSL and see wolfSSL_Init() for display. */
|
||||
#define LIBWOLFSSL_CMAKE_OUTPUT ""
|
||||
|
||||
/* ---------------------------------------------------------------------------
|
||||
* Dual Algorithm Certificate Required Features.
|
||||
* ---------------------------------------------------------------------------
|
||||
|
||||
Reference in New Issue
Block a user