Merge branch 'wolfSSL:master' into tropic01-dev

This commit is contained in:
kosmax871
2025-06-11 21:07:15 +02:00
committed by GitHub
42 changed files with 2188 additions and 631 deletions
+1 -1
View File
@@ -18,7 +18,7 @@ jobs:
matrix:
config: [
# Add new configs here
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS=-DWOLFSSL_ML_KEM_USE_OLD_IDS'
'--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
'--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
+6
View File
@@ -96,6 +96,7 @@ CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
CONFIG_FREERTOS_HZ
CONFIG_FREERTOS_UNICORE
CONFIG_IDF_TARGET
@@ -286,6 +287,7 @@ IOTSAFE_NO_GETDATA
IOTSAFE_SIG_8BIT_LENGTH
KCAPI_USE_XMALLOC
K_SERIES
LIBWOLFSSL_CMAKE_OUTPUT
LIBWOLFSSL_VERSION_GIT_BRANCH
LIBWOLFSSL_VERSION_GIT_HASH
LIBWOLFSSL_VERSION_GIT_HASH_DATE
@@ -415,6 +417,7 @@ NO_WOLFSSL_SHA256_INTERLEAVE
NO_WOLFSSL_SHA512_INTERLEAVE
NO_WOLFSSL_SKIP_TRAILING_PAD
NO_WOLFSSL_SMALL_STACK_STATIC
NO_WOLFSSL_USE_ASM_CERT
NO_WOLFSSL_XILINX_TAG_MALLOC
NRF52
NRF52_SERIES
@@ -456,6 +459,7 @@ SHOW_CERTS
SHOW_GEN
SHOW_SIZES
SHOW_SSID_AND_PASSWORD
SHOW_WOLFSSL_BUNDLE_ERROR
SIM_SCGC3_RNGA_MASK
SIM_SCGC5_PORTC_MASK
SIM_SCGC5_PORTD_MASK
@@ -518,6 +522,8 @@ TI_DUMMY_BUILD
TLS13_RSA_PSS_SIGN_CB_NO_PREHASH
TSIP_RSAES_1024
TSIP_RSAES_2048
TSIP_RSASSA_1024
TSIP_RSASSA_2048
UNICODE
USER_CA_CB
USER_CUSTOM_SNIFFX
@@ -19,23 +19,62 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.2 Espressif ESP-IDF integration
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
set(LIBWOLFSSL_CMAKE_OUTPUT "")
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
else()
# Initialize a new libwolfssl_output.h in the cmake build directory.
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
# The next WRITE replaces a file.
# This is here to remove any ambiguity on file removal & generation.
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
endif()
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"/* libwolfssl_output.h generated by wolfssl component */\n"
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
"\n"
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
endif()
# Append messages with:
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
function( IS_ESP_IDF_COMPONENT
RESULT)
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
endif()
endfunction()
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
#
# VAR_OUTPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
if(${IS_VALID_VALUE})
if(0)
# Optional debug
message(STATUS "Looking for LF in ${THIS_VAR}")
endif()
# Check if the text to print in THIS_VAR is multi-line
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
list(LENGTH LINES LINE_COUNT)
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
if(LINE_COUNT GREATER 1)
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
# Split into lines
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
foreach(LINE IN LISTS LINES)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
endforeach()
# Final empty line to close the macro
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
else()
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
# We should not have any, but just to be sure:
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUTPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
endif()
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUTPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
#
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
#
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
# String is available at runtime in app
#
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
THIS_MESSAGE )
# Normally, we'd simply print a message:
message(STATUS "${THIS_MESSAGE}")
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
# See single instance at the end of this file.
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
@@ -77,20 +206,6 @@ else()
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
@@ -185,7 +300,9 @@ endif()
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
function( ENVIRONMENT_VAR_TO_MACRO
EVARPARAM # Environment variable parameter name
EVARVALUE) # Environment variable value
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
@@ -217,7 +334,8 @@ endfunction()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
function( IS_WOLFSSL_SOURCE
DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
@@ -233,7 +351,8 @@ endfunction()
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
function( FIND_WOLFSSL_DIRECTORY
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
@@ -673,9 +792,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
# Cert bundle in wolfSSL source unless otherwise specified later
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
set(IS_PLATFORMIO 1)
else()
# Some environments may not have environment variable, so double check if we are in .pio
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
set(IS_PLATFORMIO 1)
else()
set(IS_PLATFORMIO 0)
endif()
endif()
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
endif()
list(APPEND args --input ${crt_paths} -q)
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if (IS_PLATFORMIO)
# PlatformIO cannot generate a Certificate Bundle at build time
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
else()
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
message(STATUS "Alternate Cert Path is relative to project.")
else()
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
message(STATUS "Alternate Cert Path is not relative to project.")
endif()
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
# Still, we may have an alternate location, particulatly needed for PlatformIO:
if(IS_CERT_BUNDLE_RELATIVE_PATH)
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
else()
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Not using an alternate wolfSSL bundle file.")
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
endif()
endif()
# Clean the path, removing any extra "./" etc.
# Number of spaces in message strings is to align path value outputs
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
if(${CMAKE_VERSION} VERSION_LESS "3.19")
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
# optional fallback logic here
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
else()
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
endif()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
message(STATUS "${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
#
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
#
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
#
# for example:
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
#
message(STATUS "Confirming cert bundle exists...")
if(EXISTS "${crt_bundle}")
# Number of spaces is to align path value outputs
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
else()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
endif()
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
# Not PlatformIO
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
# the wolfSSL certificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(IS_PLATFORMIO)
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
message(FATAL_ERROR "not detected")
endif()
endif()
@@ -930,42 +1155,6 @@ endif()
# end multiple component check
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
@@ -1049,6 +1238,14 @@ else()
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
# A single instance of potentially multiple cmake messages to send to app:
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"\n"
"#endif\n" )
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")
@@ -274,10 +274,28 @@ menu "wolfSSL"
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Use alternate certificate bundle"
help
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
Enable this option to specify a fixed wolfSSL certificate file path and file name.
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Default certificate bundle alternate path and name"
default "./certs/x509_crt_bundle_wolfssl"
help
Name of the default certificate bundle directory. Typically used only with PlatformIO.
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
paths are with respect to root of this project.
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
bool "Suppress build-time warnings for main stack size"
default n
help
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
@@ -853,13 +853,18 @@
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
/* See idf.py menuconfig for stack warning settings */
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#warning "RSA may be difficult with less than 10KB Stack"
#endif
#else
/* Implement your own stack warning here */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
@@ -19,23 +19,62 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.2 Espressif ESP-IDF integration
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
set(LIBWOLFSSL_CMAKE_OUTPUT "")
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
else()
# Initialize a new libwolfssl_output.h in the cmake build directory.
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
# The next WRITE replaces a file.
# This is here to remove any ambiguity on file removal & generation.
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
endif()
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"/* libwolfssl_output.h generated by wolfssl component */\n"
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
"\n"
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
endif()
# Append messages with:
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
function( IS_ESP_IDF_COMPONENT
RESULT)
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
endif()
endfunction()
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
#
# VAR_OUTPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
if(${IS_VALID_VALUE})
if(0)
# Optional debug
message(STATUS "Looking for LF in ${THIS_VAR}")
endif()
# Check if the text to print in THIS_VAR is multi-line
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
list(LENGTH LINES LINE_COUNT)
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
if(LINE_COUNT GREATER 1)
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
# Split into lines
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
foreach(LINE IN LISTS LINES)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
endforeach()
# Final empty line to close the macro
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
else()
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
# We should not have any, but just to be sure:
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUTPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
endif()
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUTPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
#
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
#
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
# String is available at runtime in app
#
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
THIS_MESSAGE )
# Normally, we'd simply print a message:
message(STATUS "${THIS_MESSAGE}")
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
# See single instance at the end of this file.
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
@@ -77,20 +206,6 @@ else()
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
@@ -185,7 +300,9 @@ endif()
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
function( ENVIRONMENT_VAR_TO_MACRO
EVARPARAM # Environment variable parameter name
EVARVALUE) # Environment variable value
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
@@ -217,7 +334,8 @@ endfunction()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
function( IS_WOLFSSL_SOURCE
DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
@@ -233,7 +351,8 @@ endfunction()
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
function( FIND_WOLFSSL_DIRECTORY
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
@@ -673,9 +792,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
# Cert bundle in wolfSSL source unless otherwise specified later
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
set(IS_PLATFORMIO 1)
else()
# Some environments may not have environment variable, so double check if we are in .pio
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
set(IS_PLATFORMIO 1)
else()
set(IS_PLATFORMIO 0)
endif()
endif()
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
endif()
list(APPEND args --input ${crt_paths} -q)
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if (IS_PLATFORMIO)
# PlatformIO cannot generate a Certificate Bundle at build time
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
else()
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
message(STATUS "Alternate Cert Path is relative to project.")
else()
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
message(STATUS "Alternate Cert Path is not relative to project.")
endif()
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
# Still, we may have an alternate location, particulatly needed for PlatformIO:
if(IS_CERT_BUNDLE_RELATIVE_PATH)
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
else()
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Not using an alternate wolfSSL bundle file.")
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
endif()
endif()
# Clean the path, removing any extra "./" etc.
# Number of spaces in message strings is to align path value outputs
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
if(${CMAKE_VERSION} VERSION_LESS "3.19")
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
# optional fallback logic here
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
else()
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
endif()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
message(STATUS "${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
#
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
#
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
#
# for example:
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
#
message(STATUS "Confirming cert bundle exists...")
if(EXISTS "${crt_bundle}")
# Number of spaces is to align path value outputs
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
else()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
endif()
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
# Not PlatformIO
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
# the wolfSSL certificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(IS_PLATFORMIO)
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
message(FATAL_ERROR "not detected")
endif()
endif()
@@ -930,42 +1155,6 @@ endif()
# end multiple component check
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
@@ -1049,6 +1238,14 @@ else()
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
# A single instance of potentially multiple cmake messages to send to app:
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"\n"
"#endif\n" )
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")
@@ -274,10 +274,28 @@ menu "wolfSSL"
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Use alternate certificate bundle"
help
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
Enable this option to specify a fixed wolfSSL certificate file path and file name.
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Default certificate bundle alternate path and name"
default "./certs/x509_crt_bundle_wolfssl"
help
Name of the default certificate bundle directory. Typically used only with PlatformIO.
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
paths are with respect to root of this project.
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
bool "Suppress build-time warnings for main stack size"
default n
help
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
@@ -853,13 +853,18 @@
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
/* See idf.py menuconfig for stack warning settings */
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#warning "RSA may be difficult with less than 10KB Stack"
#endif
#else
/* Implement your own stack warning here */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
@@ -19,23 +19,62 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.2 Espressif ESP-IDF integration
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
set(LIBWOLFSSL_CMAKE_OUTPUT "")
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
else()
# Initialize a new libwolfssl_output.h in the cmake build directory.
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
# The next WRITE replaces a file.
# This is here to remove any ambiguity on file removal & generation.
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
endif()
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"/* libwolfssl_output.h generated by wolfssl component */\n"
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
"\n"
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
endif()
# Append messages with:
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
function( IS_ESP_IDF_COMPONENT
RESULT)
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
endif()
endfunction()
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
#
# VAR_OUTPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
if(${IS_VALID_VALUE})
if(0)
# Optional debug
message(STATUS "Looking for LF in ${THIS_VAR}")
endif()
# Check if the text to print in THIS_VAR is multi-line
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
list(LENGTH LINES LINE_COUNT)
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
if(LINE_COUNT GREATER 1)
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
# Split into lines
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
foreach(LINE IN LISTS LINES)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
endforeach()
# Final empty line to close the macro
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
else()
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
# We should not have any, but just to be sure:
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUTPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
endif()
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUTPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
#
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
#
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
# String is available at runtime in app
#
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
THIS_MESSAGE )
# Normally, we'd simply print a message:
message(STATUS "${THIS_MESSAGE}")
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
# See single instance at the end of this file.
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
@@ -77,20 +206,6 @@ else()
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
@@ -185,7 +300,9 @@ endif()
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
function( ENVIRONMENT_VAR_TO_MACRO
EVARPARAM # Environment variable parameter name
EVARVALUE) # Environment variable value
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
@@ -217,7 +334,8 @@ endfunction()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
function( IS_WOLFSSL_SOURCE
DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
@@ -233,7 +351,8 @@ endfunction()
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
function( FIND_WOLFSSL_DIRECTORY
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
@@ -673,9 +792,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
# Cert bundle in wolfSSL source unless otherwise specified later
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
set(IS_PLATFORMIO 1)
else()
# Some environments may not have environment variable, so double check if we are in .pio
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
set(IS_PLATFORMIO 1)
else()
set(IS_PLATFORMIO 0)
endif()
endif()
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
endif()
list(APPEND args --input ${crt_paths} -q)
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if (IS_PLATFORMIO)
# PlatformIO cannot generate a Certificate Bundle at build time
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
else()
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
message(STATUS "Alternate Cert Path is relative to project.")
else()
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
message(STATUS "Alternate Cert Path is not relative to project.")
endif()
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
# Still, we may have an alternate location, particulatly needed for PlatformIO:
if(IS_CERT_BUNDLE_RELATIVE_PATH)
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
else()
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Not using an alternate wolfSSL bundle file.")
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
endif()
endif()
# Clean the path, removing any extra "./" etc.
# Number of spaces in message strings is to align path value outputs
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
if(${CMAKE_VERSION} VERSION_LESS "3.19")
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
# optional fallback logic here
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
else()
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
endif()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
message(STATUS "${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
#
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
#
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
#
# for example:
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
#
message(STATUS "Confirming cert bundle exists...")
if(EXISTS "${crt_bundle}")
# Number of spaces is to align path value outputs
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
else()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
endif()
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
# Not PlatformIO
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
# the wolfSSL certificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(IS_PLATFORMIO)
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
message(FATAL_ERROR "not detected")
endif()
endif()
@@ -930,42 +1155,6 @@ endif()
# end multiple component check
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
@@ -1049,6 +1238,14 @@ else()
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
# A single instance of potentially multiple cmake messages to send to app:
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"\n"
"#endif\n" )
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")
@@ -274,10 +274,28 @@ menu "wolfSSL"
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Use alternate certificate bundle"
help
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
Enable this option to specify a fixed wolfSSL certificate file path and file name.
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Default certificate bundle alternate path and name"
default "./certs/x509_crt_bundle_wolfssl"
help
Name of the default certificate bundle directory. Typically used only with PlatformIO.
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
paths are with respect to root of this project.
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
bool "Suppress build-time warnings for main stack size"
default n
help
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
@@ -853,13 +853,18 @@
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
/* See idf.py menuconfig for stack warning settings */
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#warning "RSA may be difficult with less than 10KB Stack"
#endif
#else
/* Implement your own stack warning here */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
@@ -19,23 +19,62 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.2 Espressif ESP-IDF integration
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
set(LIBWOLFSSL_CMAKE_OUTPUT "")
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
else()
# Initialize a new libwolfssl_output.h in the cmake build directory.
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
# The next WRITE replaces a file.
# This is here to remove any ambiguity on file removal & generation.
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
endif()
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"/* libwolfssl_output.h generated by wolfssl component */\n"
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
"\n"
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
endif()
# Append messages with:
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
function( IS_ESP_IDF_COMPONENT
RESULT)
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
endif()
endfunction()
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
#
# VAR_OUTPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
if(${IS_VALID_VALUE})
if(0)
# Optional debug
message(STATUS "Looking for LF in ${THIS_VAR}")
endif()
# Check if the text to print in THIS_VAR is multi-line
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
list(LENGTH LINES LINE_COUNT)
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
if(LINE_COUNT GREATER 1)
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
# Split into lines
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
foreach(LINE IN LISTS LINES)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
endforeach()
# Final empty line to close the macro
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
else()
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
# We should not have any, but just to be sure:
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUTPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
endif()
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUTPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
#
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
#
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
# String is available at runtime in app
#
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
THIS_MESSAGE )
# Normally, we'd simply print a message:
message(STATUS "${THIS_MESSAGE}")
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
# See single instance at the end of this file.
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
@@ -77,20 +206,6 @@ else()
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
@@ -185,7 +300,9 @@ endif()
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
function( ENVIRONMENT_VAR_TO_MACRO
EVARPARAM # Environment variable parameter name
EVARVALUE) # Environment variable value
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
@@ -217,7 +334,8 @@ endfunction()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
function( IS_WOLFSSL_SOURCE
DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
@@ -233,7 +351,8 @@ endfunction()
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
function( FIND_WOLFSSL_DIRECTORY
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
@@ -673,9 +792,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
# Cert bundle in wolfSSL source unless otherwise specified later
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
set(IS_PLATFORMIO 1)
else()
# Some environments may not have environment variable, so double check if we are in .pio
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
set(IS_PLATFORMIO 1)
else()
set(IS_PLATFORMIO 0)
endif()
endif()
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
endif()
list(APPEND args --input ${crt_paths} -q)
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if (IS_PLATFORMIO)
# PlatformIO cannot generate a Certificate Bundle at build time
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
else()
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
message(STATUS "Alternate Cert Path is relative to project.")
else()
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
message(STATUS "Alternate Cert Path is not relative to project.")
endif()
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
# Still, we may have an alternate location, particulatly needed for PlatformIO:
if(IS_CERT_BUNDLE_RELATIVE_PATH)
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
else()
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Not using an alternate wolfSSL bundle file.")
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
endif()
endif()
# Clean the path, removing any extra "./" etc.
# Number of spaces in message strings is to align path value outputs
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
if(${CMAKE_VERSION} VERSION_LESS "3.19")
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
# optional fallback logic here
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
else()
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
endif()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
message(STATUS "${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
#
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
#
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
#
# for example:
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
#
message(STATUS "Confirming cert bundle exists...")
if(EXISTS "${crt_bundle}")
# Number of spaces is to align path value outputs
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
else()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
endif()
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
# Not PlatformIO
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
# the wolfSSL certificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(IS_PLATFORMIO)
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
message(FATAL_ERROR "not detected")
endif()
endif()
@@ -930,42 +1155,6 @@ endif()
# end multiple component check
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
@@ -1049,6 +1238,14 @@ else()
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
# A single instance of potentially multiple cmake messages to send to app:
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"\n"
"#endif\n" )
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")
@@ -274,10 +274,28 @@ menu "wolfSSL"
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Use alternate certificate bundle"
help
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
Enable this option to specify a fixed wolfSSL certificate file path and file name.
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Default certificate bundle alternate path and name"
default "./certs/x509_crt_bundle_wolfssl"
help
Name of the default certificate bundle directory. Typically used only with PlatformIO.
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
paths are with respect to root of this project.
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
bool "Suppress build-time warnings for main stack size"
default n
help
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
@@ -853,13 +853,18 @@
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
/* See idf.py menuconfig for stack warning settings */
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#warning "RSA may be difficult with less than 10KB Stack"
#endif
#else
/* Implement your own stack warning here */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
@@ -19,23 +19,62 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.2 Espressif ESP-IDF integration
# Version 5.8.0 Espressif ESP-IDF + PlatformIO integration (2)
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/workspace/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# LIBWOLFSSL_CMAKE_OUTPUT can be printed at runtime
set(LIBWOLFSSL_CMAKE_OUTPUT "")
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "Skipping libwolfssl_output.h update during CMAKE_BUILD_EARLY_EXPANSION")
else()
# Initialize a new libwolfssl_output.h in the cmake build directory.
if( EXISTS "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
# The next WRITE replaces a file.
# This is here to remove any ambiguity on file removal & generation.
file(REMOVE "${CMAKE_BINARY_DIR}/libwolfssl_output.h")
endif()
file(WRITE "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"/* libwolfssl_output.h generated by wolfssl component */\n"
"#ifndef _LIBWOLFSSL_OUTPUT_H_\n"
"\n"
"#define _LIBWOLFSSL_OUTPUT_H_\n\n")
endif()
# Append messages with:
# LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n"message" "0")
# See function: APPEND_LIBWOLFSSL_CMAKE_OUTPUT
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
function( IS_ESP_IDF_COMPONENT
RESULT)
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
@@ -55,6 +94,96 @@ function( IS_ESP_IDF_COMPONENT RESULT )
endif()
endfunction()
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUTPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUTPUT
#
# VAR_OUTPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUTPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUTPUT
if(${IS_VALID_VALUE})
if(0)
# Optional debug
message(STATUS "Looking for LF in ${THIS_VAR}")
endif()
# Check if the text to print in THIS_VAR is multi-line
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
list(LENGTH LINES LINE_COUNT)
# Save var to "libwolfssl_output.h" header if multi-line, otherwise a simple compile def
if(LINE_COUNT GREATER 1)
message(STATUS "Setting HAVE_LIBWOLFSSL_OUTPUT_HEADER=1 for ${VAR_OUTPUT}")
add_compile_definitions(HAVE_LIBWOLFSSL_OUTPUT_HEADER=1)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#undef ${VAR_OUTPUT}\n")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "#define ${VAR_OUTPUT} \\\n")
# Split into lines
string(REPLACE "\n" ";" LINES "${THIS_VAR}")
foreach(LINE IN LISTS LINES)
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\"${LINE}\\n\" \\\n")
endforeach()
# Final empty line to close the macro
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h" "\n")
message(STATUS "COMPONENT_LIB=${COMPONENT_LIB}")
target_include_directories(${COMPONENT_LIB} PRIVATE "${CMAKE_BINARY_DIR}")
else()
message(STATUS "No HAS_LIBWOLFSSL_OUTPUT_HEADER")
# We should not have any, but just to be sure:
# Strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE "${THIS_VAR}")
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUTPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUTPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUTPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUTPUT name a value to use in the app
add_compile_definitions(${VAR_OUTPUT}=\"${VAR_VALUE}\")
endif()
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUTPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
#
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT(THIS_MESSAGE OUTPUT_VALUE)
#
# Append the text in THIS_MESSAGE to LIBWOLFSSL_CMAKE_OUTPUT.
# String is available at runtime in app
#
function( APPEND_LIBWOLFSSL_CMAKE_OUTPUT
THIS_MESSAGE )
# Normally, we'd simply print a message:
message(STATUS "${THIS_MESSAGE}")
# But here we'll pass the entire LIBWOLFSSL_CMAKE_OUTPUT as a string definition to the app
set(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}\n${THIS_MESSAGE}" PARENT_SCOPE)
# We don't call LIBWOLFSSL_SAVE_INFO here as it would add duplicate definitions
# See single instance at the end of this file.
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
@@ -77,20 +206,6 @@ else()
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
@@ -185,7 +300,9 @@ endif()
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
function( ENVIRONMENT_VAR_TO_MACRO
EVARPARAM # Environment variable parameter name
EVARVALUE) # Environment variable value
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
@@ -217,7 +334,8 @@ endfunction()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
function( IS_WOLFSSL_SOURCE
DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
@@ -233,7 +351,8 @@ endfunction()
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
function( FIND_WOLFSSL_DIRECTORY
OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
@@ -673,9 +792,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -789,16 +908,35 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("wolfSSL Certificate Bundles Enabled")
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
message(FATAL_ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
message(FATAL_ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
# Cert bundle in wolfSSL source unless otherwise specified later
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(DEFINED ENV{PLATFORMIO_PROJECT_DIR})
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO")
set(IS_PLATFORMIO 1)
else()
# Some environments may not have environment variable, so double check if we are in .pio
if("${CMAKE_BINARY_DIR}" MATCHES "/\\.pio/")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Detected PlatformIO via CMAKE_BINARY_DIR")
set(IS_PLATFORMIO 1)
else()
set(IS_PLATFORMIO 0)
endif()
endif()
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}" OR IS_PLATFORMIO)
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Special processing for wolfSSL Certificate Bundles")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
@@ -824,9 +962,9 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Not using a custom wolfSSL bundle path")
endif()
list(APPEND args --input ${crt_paths} -q)
@@ -843,25 +981,107 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if (IS_PLATFORMIO)
# PlatformIO cannot generate a Certificate Bundle at build time
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("PlatformIO is using a predefined bundle rather than generating one")
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
if ( "${WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "" OR "$(WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE)" STREQUAL "n")
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Alternate Certificate Bundle Path and Name not enabled, assuming [project]/certs/x509_crt_bundle_wolfssl")
# Reminder this CMakeLists.txt should be in [project]/components/wolfssl, so ./certs is two directories up
set(crt_bundle_option "../../certs/x509_crt_bundle_wolfssl")
else()
string(SUBSTRING "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}" 0 2 CERT_PATH_FIRST_TWO)
if(CERT_PATH_FIRST_TWO STREQUAL "./" OR CERT_PATH_FIRST_TWO STREQUAL ".\\")
set(IS_CERT_BUNDLE_RELATIVE_PATH 1)
message(STATUS "Alternate Cert Path is relative to project.")
else()
set(IS_CERT_BUNDLE_RELATIVE_PATH 0)
message(STATUS "Alternate Cert Path is not relative to project.")
endif()
# The cert bundle is not a standard cert, so we con't add to the crt_paths.
# Still, we may have an alternate location, particulatly needed for PlatformIO:
if(IS_CERT_BUNDLE_RELATIVE_PATH)
message(STATUS "CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME = ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Relative alternate_bundle_path: ${alternate_bundle_path}")
SET(crt_bundle_option "${CMAKE_SOURCE_DIR}/${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
else()
message(STATUS "alternate_bundle_path: ${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
message(STATUS "Not using an alternate wolfSSL bundle file.")
SET(crt_bundle_option "${CONFIG_WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME}")
endif()
endif()
# Clean the path, removing any extra "./" etc.
# Number of spaces in message strings is to align path value outputs
message(STATUS "This crt_bundle_option value: ${crt_bundle_option}")
if(${CMAKE_VERSION} VERSION_LESS "3.19")
message("WARNING: CMake version is ${CMAKE_VERSION} ? file(REAL_PATH ...) is not supported. Falling back to manual path normalization.")
# optional fallback logic here
get_filename_component(crt_bundle_file_component "${crt_bundle_option}" ABSOLUTE)
message(STATUS "Interim crt_bundle_file_component: ${crt_bundle_file_component}")
file(TO_CMAKE_PATH "${crt_bundle_file_component}" crt_bundle)
message(STATUS "TO_CMAKE_PATH crt_bundle result: ${crt_bundle}")
# set(crt_bundle "C:/workspace/pio_wolfssl-upstream-test-wolfssl_cert_bundle/esp32-c6/certs/x509_crt_bundle_wolfssl")
else()
file(REAL_PATH "${crt_bundle_option}" crt_bundle)
endif()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Certificate Bundle: ${crt_bundle}")
message(STATUS "This cleaned crt_bundle value: ${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
message(STATUS "Reminder: platformio.ini will need this value set for board_build.embed_files =")
message(STATUS "${crt_bundle}")
message(STATUS "=============================================================================================================")
message(STATUS "=============================================================================================================")
# e.g. SET(crt_bundle "C:/workspace/pio_wolfssl/esp32-c6/certs/x509_crt_bundle_wolfssl")
#
# Normally x509_crt_bundle_wolfssl built by python script called from cmake.
# See https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py
# Reminder ESP-IDF scripts are NOT called from CMake for PlatformIO builds.
#
# The easiest way to generate the default file is to build with ESP-IDF and copy the files to [project]/main
#
# for example:
# build\VisualGDB\Debug\x509_crt_bundle_wolfssl.s
# build\VisualGDB\Debug\esp-idf\wolfssl\x509_crt_bundle_wolfssl
#
message(STATUS "Confirming cert bundle exists...")
if(EXISTS "${crt_bundle}")
# Number of spaces is to align path value outputs
message(STATUS "Bundle file found for PlatformIO: ${crt_bundle}")
else()
APPEND_LIBWOLFSSL_CMAKE_OUTPUT("ERROR: Failed to find bundle file found for PlatformIO: ${crt_bundle}")
message(STATUS "Check for entry in platformio.ini: board_build.embed_files = certs/x509_crt_bundle_wolfssl ")
message(FATAL_ERROR "WOLFSSL_CERTIFICATE_BUNDLE is enabled for PlatformIO, but predefined file not found: ${crt_bundle}")
endif()
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
# APPEND_LIBWOLFSSL_CMAKE_OUTPUT("Generate bundle: ${GENERATE_CERT_BUNDLEPY} ${args}")
# Not PlatformIO
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${crt_bundle})
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
# the wolfSSL certificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
@@ -871,7 +1091,12 @@ if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(IS_PLATFORMIO)
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but cannot be generated in PlatformmIO")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
message(FATAL_ERROR "not detected")
endif()
endif()
@@ -930,42 +1155,6 @@ endif()
# end multiple component check
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
#
# Save the THIS_VAR as a string in a macro called VAR_OUPUT
#
# VAR_OUPUT: the name of the macro to define
# THIS_VAR: the OUTPUT_VARIABLE result from a execute_process()
# VAR_RESULT: the RESULT_VARIABLE from a execute_process(); "0" if successful.
#
function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
# is the RESULT_VARIABLE output value 0? If so, IS_VALID_VALUE is true.
string(COMPARE EQUAL "${VAR_RESULT}" "0" IS_VALID_VALUE)
# if we had a successful operation, save the THIS_VAR in VAR_OUPUT
if(${IS_VALID_VALUE})
# strip newline chars in THIS_VAR parameter and save in VAR_VALUE
string(REPLACE "\n" "" VAR_VALUE ${THIS_VAR})
# we'll could percolate the value to the parent for possible later use
# set(${VAR_OUPUT} ${VAR_VALUE} PARENT_SCOPE)
# but we're only using it here in this function
set(${VAR_OUPUT} ${VAR_VALUE})
# we'll print what we found to the console
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
@@ -1049,6 +1238,14 @@ else()
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
# A single instance of potentially multiple cmake messages to send to app:
message(STATUS "LIBWOLFSSL_CMAKE_OUTPUT: ${LIBWOLFSSL_CMAKE_OUTPUT}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_CMAKE_OUTPUT "${LIBWOLFSSL_CMAKE_OUTPUT}" "0")
file(APPEND "${CMAKE_BINARY_DIR}/libwolfssl_output.h"
"\n"
"#endif\n" )
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")
@@ -274,10 +274,28 @@ menu "wolfSSL"
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Use alternate certificate bundle"
help
Typically only used for PlatformIO which cannot generate a certificate bundle at build time.
Enable this option to specify a fixed wolfSSL certificate file path and file name.
config WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE_PATH_AND_NAME
depends on WOLFSSL_ALTERNATE_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Default certificate bundle alternate path and name"
default "./certs/x509_crt_bundle_wolfssl"
help
Name of the default certificate bundle directory. Typically used only with PlatformIO.
Reminder PlatformIO cannot generate a bundle from cmake python script call. Relative
paths are with respect to root of this project.
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
@@ -430,6 +448,12 @@ menu "wolfSSL"
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING
bool "Suppress build-time warnings for main stack size"
default n
help
Useful only when wolfSSL is running in main task. See FreeRTOS stack size for custom tasks.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
@@ -853,13 +853,18 @@
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
/* See idf.py menuconfig for stack warning settings */
#if !defined(CONFIG_ESP_WOLFSSL_NO_STACK_SIZE_BUILD_WARNING)
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#warning "RSA may be difficult with less than 10KB Stack"
#endif
#else
/* Implement your own stack warning here */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
@@ -244,7 +244,7 @@ void wolfSSL_TLS_client( )
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_private_key,
sizeof(g_key_block_data.encrypted_user_ecc256_private_key),
TSIP_ECCP256);
TSIP_KEY_TYPE_ECDSAP256);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer_TLS\n");
}
@@ -254,7 +254,7 @@ void wolfSSL_TLS_client( )
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_ecc256_public_key,
sizeof(g_key_block_data.encrypted_user_ecc256_public_key),
TSIP_ECCP256);
TSIP_KEY_TYPE_ECDSAP256);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer_TLS\n");
}
@@ -289,7 +289,7 @@ void wolfSSL_TLS_client( )
ret = tsip_use_PrivateKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_private_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_private_key),
TSIP_RSA2048);
TSIP_KEY_TYPE_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PrivateKey_buffer_TLS :%d\n", ret);
}
@@ -298,7 +298,7 @@ void wolfSSL_TLS_client( )
ret = tsip_use_PublicKey_buffer_TLS(ssl,
(const char*)g_key_block_data.encrypted_user_rsa2048_public_key,
sizeof(g_key_block_data.encrypted_user_rsa2048_public_key),
TSIP_RSA2048);
TSIP_KEY_TYPE_RSA2048);
if (ret != 0) {
printf("ERROR tsip_use_PublicKey_buffer_TLS: %d\n", ret);
}
@@ -186,95 +186,95 @@ const uint32_t encrypted_user_key_type =
const unsigned char ca_ecc_cert_der_sig[] =
{
0x80, 0x1C, 0x3A, 0xC0, 0x74, 0xC8, 0xF8, 0xB7, 0x23, 0xB0,
0x4D, 0xEC, 0x5A, 0xA3, 0x28, 0xD9, 0x27, 0x93, 0xD2, 0xEF,
0x48, 0xBD, 0x29, 0x99, 0x65, 0x7F, 0xCB, 0x60, 0xD3, 0xB7,
0xFF, 0x4D, 0xC4, 0x2D, 0x07, 0x53, 0xD3, 0xF9, 0xB6, 0xE7,
0x56, 0x25, 0x5D, 0x3E, 0x9C, 0x31, 0x1D, 0x8D, 0xA3, 0x29,
0xA0, 0x9C, 0xFB, 0xEC, 0x91, 0xF5, 0x58, 0x14, 0x11, 0xFD,
0x43, 0xFB, 0xA5, 0xAC, 0x70, 0xAE, 0x68, 0x89, 0x03, 0x32,
0x82, 0x53, 0xB9, 0xE3, 0x40, 0xD4, 0x50, 0xC5, 0xB4, 0xB2,
0x1F, 0xF6, 0x24, 0x10, 0xFE, 0x76, 0xA2, 0x1C, 0xAE, 0x01,
0x79, 0xBF, 0xF7, 0x5A, 0x5C, 0xA9, 0x9B, 0x80, 0x02, 0x7D,
0x24, 0x94, 0xCE, 0xFE, 0x41, 0x85, 0x1A, 0x63, 0x50, 0xD4,
0xDE, 0xBD, 0xB4, 0x26, 0xA4, 0x13, 0xE3, 0x94, 0x0C, 0xBB,
0xBE, 0x27, 0x0F, 0xDE, 0xF2, 0x2A, 0x0D, 0xD5, 0x79, 0x4B,
0x7A, 0xD6, 0x3C, 0x3B, 0xED, 0x4D, 0xAB, 0xB6, 0xBD, 0x53,
0x57, 0x9B, 0xA1, 0x69, 0x26, 0xD3, 0xDF, 0x47, 0x64, 0x4F,
0xD5, 0xC9, 0x11, 0x35, 0xB6, 0x17, 0x6C, 0x48, 0x6E, 0xBE,
0xCB, 0x0C, 0x63, 0x8C, 0x31, 0x45, 0x8B, 0x7F, 0x93, 0x02,
0x7C, 0xC6, 0xD3, 0x14, 0x2F, 0x5B, 0x41, 0x72, 0x4F, 0x48,
0xE6, 0xCC, 0x89, 0x4E, 0x31, 0x98, 0xBA, 0xBA, 0xE0, 0xAA,
0x04, 0x68, 0xF2, 0x07, 0xF5, 0x0B, 0x1F, 0xC2, 0x21, 0x28,
0x38, 0x44, 0xAF, 0x2C, 0x7C, 0x1B, 0x69, 0x12, 0xCC, 0x3B,
0xF7, 0xE8, 0xC2, 0x56, 0x00, 0x10, 0x14, 0x05, 0x6F, 0x29,
0x80, 0x7C, 0x1E, 0xB2, 0x37, 0x2C, 0xBF, 0x09, 0x77, 0xC9,
0x1D, 0xB1, 0x13, 0x7A, 0xDC, 0x87, 0x7D, 0xF1, 0x2E, 0xBC,
0xFC, 0x2B, 0x3D, 0x4A, 0x55, 0xD5, 0x85, 0x0C, 0xF1, 0x1D,
0xFE, 0x80, 0x73, 0xD9, 0xB4, 0x84
0x58, 0x3F, 0x3C, 0x27, 0x4A, 0xC0, 0xA8, 0x35, 0x31, 0xAA,
0xB6, 0x49, 0x4C, 0x69, 0x48, 0xF6, 0x63, 0xA5, 0x2E, 0x8C,
0xA4, 0x1E, 0xAF, 0x18, 0x14, 0x11, 0x6A, 0xF7, 0x25, 0xF2,
0xE1, 0x82, 0x6E, 0xAA, 0x3C, 0xE2, 0x75, 0x6E, 0x81, 0x59,
0x2E, 0xF1, 0xED, 0xDD, 0xD1, 0x1C, 0xA3, 0xE7, 0xEC, 0x89,
0xD3, 0x19, 0x1A, 0x59, 0xEB, 0xBA, 0x1D, 0x65, 0xFD, 0x53,
0x4A, 0x90, 0x6F, 0xA1, 0x06, 0xB3, 0x08, 0xE4, 0x00, 0xF4,
0x91, 0x45, 0xD8, 0xC9, 0xD8, 0x30, 0x8A, 0x94, 0x9B, 0x48,
0x60, 0x68, 0xD1, 0x09, 0x84, 0xAE, 0x51, 0xD8, 0xD8, 0x67,
0x58, 0x58, 0x9B, 0x57, 0x9E, 0x09, 0x9D, 0x1B, 0x3B, 0x22,
0x67, 0x6A, 0x50, 0x91, 0xF2, 0x60, 0x5E, 0x78, 0x86, 0xF9,
0x2F, 0xF4, 0xB4, 0xAE, 0x6A, 0xF6, 0x0D, 0xAB, 0x8B, 0xF6,
0x60, 0x47, 0x8D, 0xD4, 0xEC, 0xE6, 0x9E, 0x57, 0x6C, 0xCC,
0x4F, 0xF5, 0xCD, 0x20, 0xD7, 0x15, 0x70, 0x50, 0x53, 0x96,
0x84, 0x6B, 0x9A, 0x07, 0x90, 0x41, 0x14, 0x08, 0x62, 0x87,
0xF5, 0x20, 0x0E, 0x82, 0xE2, 0x12, 0x5C, 0x1E, 0x72, 0x73,
0xB8, 0x18, 0x90, 0xCF, 0x98, 0x14, 0xC3, 0xE6, 0xED, 0x89,
0xA3, 0x7C, 0x67, 0x50, 0x01, 0xCC, 0x48, 0xD2, 0x6A, 0x9C,
0x9E, 0x4D, 0x44, 0x49, 0x82, 0x5F, 0xC1, 0x2E, 0x18, 0xBE,
0x23, 0x53, 0xCD, 0x09, 0x85, 0x16, 0x9D, 0x5F, 0x99, 0x78,
0xA1, 0x78, 0x51, 0xC9, 0x5A, 0x3E, 0x04, 0xBE, 0xE2, 0xF5,
0x74, 0x7E, 0x6F, 0x89, 0xD9, 0x05, 0x29, 0xC1, 0x5B, 0x57,
0x3D, 0xE3, 0x5E, 0xB8, 0x4B, 0x93, 0x7D, 0x68, 0x78, 0xF9,
0x88, 0x1B, 0x8E, 0x78, 0x04, 0x00, 0x54, 0x20, 0x3F, 0x0C,
0x99, 0x11, 0x1D, 0x90, 0x2C, 0x10, 0x4C, 0xCE, 0xA3, 0x17,
0xA7, 0xF8, 0xB4, 0xC6, 0xF8, 0x12
};
const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig);
/* ./ca-cert.der.sign, */
const unsigned char ca_cert_der_sig[] =
{
0x77, 0x62, 0x9D, 0x3D, 0x7A, 0x60, 0xF7, 0x9C, 0x7C, 0x1C,
0xC8, 0x9D, 0x09, 0x2D, 0x98, 0xBE, 0x39, 0x25, 0x4E, 0x05,
0xED, 0xF1, 0x93, 0xB1, 0x4B, 0x1B, 0x29, 0x2D, 0x8F, 0x3A,
0xCA, 0x3A, 0x8F, 0x3F, 0x77, 0x61, 0xF1, 0x97, 0x05, 0x69,
0xDC, 0x4A, 0x92, 0x52, 0x29, 0xC8, 0x26, 0x38, 0x53, 0x7A,
0x41, 0x7C, 0x73, 0xCA, 0xA7, 0x6B, 0xD7, 0x19, 0xC4, 0x99,
0x64, 0xCD, 0x27, 0xC9, 0x85, 0x19, 0x53, 0xD2, 0x93, 0xC5,
0x7A, 0xE5, 0xDC, 0x88, 0xA0, 0xFB, 0xB3, 0xEB, 0x8B, 0x01,
0xD6, 0x80, 0x9C, 0x93, 0x9D, 0x44, 0x5A, 0x17, 0x4B, 0x87,
0x8B, 0xD1, 0x08, 0xBA, 0x82, 0x87, 0xA7, 0x69, 0x06, 0x70,
0x67, 0x68, 0xE3, 0xD1, 0x6C, 0x05, 0x85, 0x97, 0x84, 0x6B,
0xBF, 0xC2, 0x91, 0xBC, 0xA5, 0x32, 0x37, 0x99, 0x5C, 0xC7,
0xE9, 0x8C, 0x4F, 0xBD, 0xFD, 0x66, 0x98, 0x38, 0xD8, 0x31,
0x4E, 0x97, 0x57, 0x66, 0x0C, 0x1F, 0x43, 0x81, 0xC5, 0x0F,
0xA2, 0x5A, 0xF2, 0xF6, 0x68, 0x9D, 0x97, 0xA9, 0x39, 0x42,
0xFD, 0xCB, 0xCB, 0x29, 0x56, 0xA0, 0x49, 0x8D, 0x79, 0x40,
0x66, 0x60, 0xC1, 0xB1, 0x99, 0xD7, 0x32, 0x06, 0x80, 0x64,
0x43, 0x7F, 0x2B, 0x5A, 0xF7, 0xD9, 0x54, 0xF6, 0x3E, 0x2C,
0x92, 0x6F, 0xEE, 0xCA, 0x59, 0x53, 0xC1, 0xCA, 0x3C, 0xDB,
0xA3, 0x20, 0xF9, 0x8D, 0xEF, 0xFD, 0x8B, 0x08, 0xCE, 0x25,
0x58, 0x16, 0x00, 0x93, 0xB6, 0xF6, 0xF8, 0x7D, 0x1C, 0x35,
0xD2, 0x8E, 0xAE, 0x51, 0x1F, 0x08, 0x99, 0xBA, 0x63, 0x4B,
0x05, 0x93, 0x61, 0x64, 0x40, 0x85, 0x71, 0x69, 0xBB, 0xF2,
0xC4, 0xAE, 0x9E, 0xFB, 0x5C, 0xD1, 0x3F, 0x5F, 0x0D, 0x85,
0xAA, 0x73, 0x23, 0x16, 0xE7, 0x13, 0x60, 0x5D, 0xF4, 0x88,
0x34, 0xB1, 0xD2, 0xC9, 0x6B, 0xD4
0x55, 0x93, 0xCF, 0x28, 0xF7, 0x38, 0x1E, 0xF1, 0x29, 0x5A,
0xDE, 0x41, 0xCD, 0x83, 0x00, 0x06, 0x79, 0xB3, 0x12, 0x56,
0xBD, 0x04, 0xCB, 0x97, 0xCC, 0xD2, 0x39, 0x3C, 0x36, 0x94,
0x8D, 0x66, 0xB0, 0x41, 0xF4, 0xBD, 0x82, 0x8F, 0x03, 0x24,
0x25, 0x65, 0xA1, 0x85, 0x87, 0xCE, 0x58, 0x0A, 0x45, 0xC6,
0xB6, 0x38, 0x27, 0x44, 0x2A, 0x7A, 0x9B, 0xA2, 0x71, 0x67,
0x92, 0xDA, 0xFD, 0x71, 0x88, 0x52, 0xF2, 0xFE, 0x61, 0x33,
0xCB, 0x7F, 0xB4, 0x47, 0x3D, 0x60, 0xC6, 0x3A, 0x48, 0x44,
0x6F, 0xA2, 0x16, 0x07, 0xA2, 0x94, 0x50, 0x99, 0x09, 0x7B,
0x43, 0x04, 0xAD, 0xCA, 0x9C, 0x34, 0xD4, 0x72, 0x4B, 0x79,
0x31, 0xE1, 0xC5, 0x6C, 0xA7, 0xB4, 0xD8, 0xED, 0x80, 0x79,
0xBB, 0x69, 0xA0, 0xA6, 0x7A, 0x63, 0x99, 0x02, 0xF7, 0x64,
0xF0, 0x6D, 0xBB, 0xC5, 0xDA, 0x55, 0x0D, 0x43, 0x7C, 0x30,
0x74, 0x21, 0x05, 0x35, 0x63, 0xAD, 0x32, 0x76, 0x11, 0xA5,
0x75, 0xF3, 0x83, 0xEE, 0x05, 0xFB, 0x91, 0x18, 0x5E, 0xCC,
0x71, 0x49, 0x26, 0x0D, 0xE2, 0xE3, 0xB3, 0xAD, 0xFF, 0x65,
0xA9, 0x9B, 0xF0, 0x81, 0xE1, 0x5D, 0xC3, 0x4C, 0x82, 0x83,
0x33, 0xDA, 0xF6, 0x29, 0xC7, 0xC2, 0xA0, 0x23, 0x5D, 0xB1,
0xCE, 0x82, 0x94, 0x49, 0xC5, 0xC0, 0xE5, 0xED, 0x3B, 0xF6,
0x79, 0x21, 0x3B, 0xFC, 0x6D, 0xB5, 0x2A, 0xF6, 0x6D, 0xD9,
0x4C, 0x3E, 0xBF, 0x2E, 0x13, 0xA2, 0x75, 0x93, 0x5A, 0xB4,
0x2B, 0xF5, 0x74, 0xEF, 0xAE, 0x48, 0xFE, 0x06, 0x2D, 0x3F,
0xA3, 0xFE, 0x1A, 0xC9, 0x45, 0x1D, 0x15, 0xC8, 0xEF, 0x95,
0xE2, 0x6F, 0x7D, 0x1E, 0x96, 0xCD, 0x4D, 0xC5, 0x5F, 0xEB,
0x57, 0x85, 0x54, 0xE4, 0x7F, 0xE0, 0x0F, 0xAD, 0xC3, 0xEE,
0xBF, 0xFB, 0x43, 0xA6, 0xAB, 0x92
};
const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig);
/* ./client-cert.der.sign, */
const unsigned char client_cert_der_sign[] =
{
0x21, 0x2A, 0x81, 0xFF, 0xC2, 0x4C, 0x98, 0xFF, 0xB8, 0x99,
0xFC, 0x14, 0x07, 0xBA, 0xBD, 0x7F, 0x58, 0x0F, 0x23, 0x49,
0x6B, 0xFA, 0x47, 0xAC, 0xF5, 0xCF, 0x7A, 0x76, 0x89, 0x07,
0x22, 0x2F, 0x2A, 0xC5, 0x9F, 0x6D, 0x37, 0xFC, 0x7E, 0x51,
0x55, 0x29, 0xDA, 0xF9, 0x7E, 0x30, 0x25, 0x3F, 0x38, 0xE3,
0x5B, 0xD8, 0xD1, 0xC4, 0xE1, 0x05, 0x14, 0x5D, 0x3A, 0x8C,
0xFC, 0x42, 0x7D, 0x38, 0x21, 0x5B, 0x0B, 0xC8, 0x6E, 0x80,
0x35, 0xA7, 0x0B, 0xAB, 0x9E, 0x8B, 0x7F, 0x04, 0xE5, 0x43,
0x2E, 0xFF, 0x11, 0x67, 0x04, 0xF4, 0x52, 0x52, 0xEF, 0x6C,
0xC6, 0x30, 0x63, 0xE0, 0xAE, 0xCB, 0xD0, 0xBC, 0x7F, 0xB7,
0x98, 0xD4, 0x08, 0x76, 0x49, 0xFF, 0x0E, 0xAF, 0x2B, 0x3B,
0xA0, 0xFD, 0x25, 0xD5, 0x42, 0x02, 0x0A, 0xAA, 0xC0, 0x0C,
0x5C, 0x62, 0x04, 0xD0, 0x4A, 0xE7, 0xEA, 0x26, 0x72, 0xE1,
0x35, 0x8D, 0x47, 0x5A, 0xE6, 0x9A, 0xD5, 0x5C, 0x31, 0x79,
0x7A, 0xEE, 0x59, 0xAD, 0x1B, 0x04, 0x2C, 0xFF, 0x74, 0x9D,
0xA5, 0x90, 0x21, 0xCE, 0xC2, 0x04, 0x41, 0x98, 0x14, 0x27,
0xF8, 0x35, 0xB9, 0xF5, 0x73, 0x1D, 0xAE, 0x2F, 0x8F, 0x44,
0x79, 0xCA, 0xE7, 0x38, 0xDD, 0x15, 0x11, 0xDB, 0xA5, 0x6D,
0xE6, 0x7F, 0x4E, 0x73, 0xE6, 0x2E, 0x98, 0xF3, 0xDD, 0x5A,
0x34, 0x24, 0x6B, 0xAF, 0x28, 0xDC, 0x3A, 0x10, 0x0D, 0x54,
0x86, 0x11, 0x52, 0x0F, 0x88, 0x65, 0x03, 0xE5, 0x1C, 0x04,
0x45, 0x6B, 0x25, 0x3E, 0x8D, 0x5B, 0xD7, 0x2E, 0x33, 0x06,
0xAA, 0x23, 0xFE, 0x1B, 0x7B, 0xE8, 0xB9, 0xA7, 0x80, 0x3F,
0x08, 0x89, 0x6A, 0x22, 0x3F, 0xE0, 0xB8, 0xF3, 0xA4, 0x0A,
0xC6, 0xA5, 0x51, 0xC4, 0x1A, 0x38, 0xE3, 0xD2, 0x8A, 0x1C,
0xF1, 0xAE, 0x89, 0xFB, 0xCE, 0x9E
0x1C, 0x3F, 0xB6, 0x72, 0x01, 0x8E, 0xAA, 0x73, 0xCC, 0xAD,
0xA9, 0x43, 0x26, 0x1C, 0x7E, 0x3B, 0x2B, 0xE2, 0x82, 0x6D,
0xA4, 0x89, 0xC6, 0x7A, 0x11, 0x7A, 0x41, 0xC1, 0xF6, 0x23,
0x14, 0xD2, 0x6F, 0x3A, 0x2F, 0xD4, 0x2C, 0xA5, 0x18, 0x31,
0x0D, 0xFB, 0x84, 0xBE, 0xF8, 0x12, 0x48, 0x41, 0x28, 0xD9,
0xDB, 0xF9, 0x0A, 0xCF, 0x93, 0xDB, 0xC6, 0x65, 0x89, 0xDE,
0x1D, 0x22, 0xE1, 0x0D, 0x25, 0x39, 0xD9, 0x56, 0xE2, 0xB7,
0xE5, 0xAB, 0x6C, 0x44, 0xF8, 0xC5, 0x3B, 0x3D, 0xC6, 0x97,
0x89, 0xAE, 0x97, 0x38, 0x03, 0x8C, 0x31, 0x36, 0x03, 0xBC,
0xC2, 0x05, 0x28, 0x35, 0x14, 0xA8, 0xFC, 0x2B, 0x8F, 0xE0,
0x8C, 0x85, 0xC2, 0x90, 0x5E, 0x0E, 0x75, 0xBC, 0xA0, 0xAD,
0x24, 0x0F, 0xA3, 0x3A, 0x16, 0xB3, 0x46, 0x20, 0x9D, 0xAE,
0x5E, 0xBF, 0x6E, 0xC1, 0x10, 0x45, 0x82, 0x8C, 0xE5, 0x6D,
0x1A, 0xEE, 0xF9, 0x28, 0xD7, 0xC8, 0xE4, 0xA5, 0xC1, 0xD7,
0xDD, 0x03, 0x37, 0x48, 0x87, 0x96, 0x0F, 0x17, 0x35, 0xDE,
0xB8, 0xFB, 0x38, 0xDB, 0x64, 0x6C, 0xCB, 0xE9, 0xE0, 0x2F,
0x17, 0xC9, 0x1B, 0xA0, 0xCB, 0xCB, 0xA9, 0xC3, 0x8F, 0x7B,
0x4F, 0x25, 0xD8, 0xBA, 0x34, 0x6E, 0xD0, 0x60, 0x17, 0xE0,
0x0C, 0x48, 0xBF, 0xAF, 0xC2, 0xE1, 0x0E, 0x5B, 0x56, 0x90,
0x33, 0x13, 0x8F, 0xDA, 0x4D, 0x8D, 0xF5, 0xAF, 0x1D, 0x7A,
0xA5, 0x2B, 0xD8, 0xBD, 0x81, 0x5A, 0xBB, 0x70, 0x8F, 0xB5,
0xC9, 0xA5, 0xF3, 0x23, 0xA1, 0x58, 0x3D, 0xCF, 0x7D, 0x2B,
0xFA, 0xBD, 0xF7, 0x58, 0x22, 0xF2, 0x1F, 0xC7, 0x98, 0xED,
0x5D, 0x4F, 0x42, 0xA7, 0xC0, 0x41, 0xAC, 0xA5, 0x0B, 0x75,
0xE6, 0xAB, 0x44, 0x42, 0x0B, 0xBC, 0x99, 0x99, 0x65, 0x21,
0x9F, 0x53, 0xEF, 0x9A, 0x53, 0xCF
};
const int sizeof_client_cert_der_sign = sizeof(client_cert_der_sign);
+56 -10
View File
@@ -18,8 +18,16 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* This is a sample PlatformIO user_settings.h for wolfSSL
/* Examples such as test and benchmark are known to cause watchdog timeouts.
* Note this is often set in project Makefile:
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
#define WOLFSSL_ESP_NO_WATCHDOG 1
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
*
* Do not include any wolfssl headers here
*
@@ -47,10 +55,9 @@
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/* Experimental Kyber */
/* Optional MLKEM (Kyber Post Quantum) */
#if 0
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
@@ -566,18 +573,33 @@
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn wolfSSL debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
@@ -594,7 +616,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_HW_METRICS
#define ALT_ECC_SIZE
/* for test.c: */
/* for test.c */
/* #define HASH_SIZE_LIMIT */
/* Optionally turn off HW math checks */
@@ -641,6 +663,12 @@ Turn on timer debugging (used when CPU cycles not available)
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@@ -655,10 +683,10 @@ Turn on timer debugging (used when CPU cycles not available)
* CTX_CA_CERT_SIZE,
* CTX_CA_CERT_TYPE);
*
* See www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
* See https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_load_verify_buffer
*
* In this case the CTX_CA_CERT will be defined as `ca_cert_der_2048` as
* defined here: github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
* defined here: https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* The CTX_CA_CERT_SIZE and CTX_CA_CERT_TYPE are similarly used to reference
* array size and cert type respectively.
@@ -670,7 +698,7 @@ Turn on timer debugging (used when CPU cycles not available)
* CTX_CLIENT_KEY_SIZE,
* CTX_CLIENT_KEY_TYPE);
*
* see www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
* see https://www.wolfssl.com/documentation/manuals/wolfssl/group__CertsKeys.html#function-wolfssl_ctx_use_privatekey_buffer
*
* Similarly, the other macros are for server certificates and keys:
* `CTX_SERVER_CERT` and `CTX_SERVER_KEY` are available.
@@ -680,17 +708,17 @@ Turn on timer debugging (used when CPU cycles not available)
* are the known wolfSSL encoding type integers (e.g. WOLFSSL_FILETYPE_PEM).
*
* See `SSL_FILETYPE_[name]` in
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/ssl.h
*
* See Abstract Syntax Notation One (ASN.1) in:
* github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/wolfcrypt/asn.h
*
* Optional SM4 Ciphers:
*
* Although the SM ciphers are shown here, the `certs_test_sm.h` may not yet
* be available. See:
* github.com/wolfSSL/wolfssl/pull/6825
* github.com/wolfSSL/wolfsm
* https://github.com/wolfSSL/wolfssl/pull/6825
* https://github.com/wolfSSL/wolfsm
*
* Uncomment these 3 macros to enable the SM Ciphers and use the macros below.
*/
@@ -703,6 +731,7 @@ Turn on timer debugging (used when CPU cycles not available)
/* Conditional macros used in wolfSSL TLS client and server examples */
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
#include <wolfssl/certs_test_sm.h>
#define CTX_CA_CERT root_sm2
#define CTX_CA_CERT_SIZE sizeof_root_sm2
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_PEM
@@ -720,7 +749,11 @@ Turn on timer debugging (used when CPU cycles not available)
#ifdef USE_CERT_BUFFERS_1024
#error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -743,6 +776,11 @@ Turn on timer debugging (used when CPU cycles not available)
#ifdef USE_CERT_BUFFERS_2048
#error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
#endif
/* Be sure to include in app when using example certs: */
#include <wolfssl/certs_test.h>
#define USE_CERT_BUFFERS_256
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -788,3 +826,11 @@ Turn on timer debugging (used when CPU cycles not available)
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/
+5 -8
View File
@@ -2618,19 +2618,16 @@ static int Dtls13RtxIsTrackedByRn(const Dtls13RtxRecord* r, w64wrapper epoch,
static int Dtls13KeyUpdateAckReceived(WOLFSSL* ssl)
{
int ret;
w64Increment(&ssl->dtls13Epoch);
/* Epoch wrapped up */
if (w64IsZero(ssl->dtls13Epoch))
return BAD_STATE_E;
ret = DeriveTls13Keys(ssl, update_traffic_key, ENCRYPT_SIDE_ONLY, 1);
if (ret != 0)
return ret;
ret = Dtls13NewEpoch(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
w64Increment(&ssl->dtls13Epoch);
/* Epoch wrapped up */
if (w64IsZero(ssl->dtls13Epoch))
return BAD_STATE_E;
return Dtls13SetEpochKeys(ssl, ssl->dtls13Epoch, ENCRYPT_SIDE_ONLY);
}
+3
View File
@@ -3557,6 +3557,9 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
#if defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
cbInfo->side = side;
#elif defined(WOLFSSL_RENESAS_TSIP_TLS)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
cbInfo->key_side = side;
#endif
ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
}
+6
View File
@@ -6155,6 +6155,12 @@ int wolfSSL_Init(void)
WOLFSSL_ENTER("wolfSSL_Init");
#if defined(LIBWOLFSSL_CMAKE_OUTPUT)
WOLFSSL_MSG(LIBWOLFSSL_CMAKE_OUTPUT);
#else
WOLFSSL_MSG("No extra wolfSSL cmake messages found");
#endif
#ifndef WOLFSSL_MUTEX_INITIALIZER
if (inits_count_mutex_valid == 0) {
#if WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS
+1 -1
View File
@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
/* RFC 8446 4.2.4 states trusted_ca_keys is not used
in TLS 1.3. */
if (IsAtLeastTLSv1_3(ssl->version)) {
return EXT_NOT_ALLOWED;
break;
}
else
#endif
+37 -45
View File
@@ -1623,9 +1623,42 @@ int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store)
goto end;
if (ssl->options.dtls) {
w64wrapper epochNumber;
ret = Dtls13DeriveSnKeys(ssl, provision);
if (ret != 0)
return ret;
goto end;
switch (secret) {
case early_data_key:
epochNumber = w64From32(0, DTLS13_EPOCH_EARLYDATA);
break;
case handshake_key:
epochNumber = w64From32(0, DTLS13_EPOCH_HANDSHAKE);
break;
case traffic_key:
case no_key:
epochNumber = w64From32(0, DTLS13_EPOCH_TRAFFIC0);
break;
case update_traffic_key:
if (side == ENCRYPT_SIDE_ONLY) {
epochNumber = ssl->dtls13Epoch;
}
else if (side == DECRYPT_SIDE_ONLY) {
epochNumber = ssl->dtls13PeerEpoch;
}
else {
ret = BAD_STATE_E;
goto end;
}
w64Increment(&epochNumber);
break;
default:
ret = BAD_STATE_E;
goto end;
}
ret = Dtls13NewEpoch(ssl, epochNumber, side);
if (ret != 0)
goto end;
}
#endif /* WOLFSSL_DTLS13 */
@@ -4083,15 +4116,6 @@ static int WritePSKBinders(WOLFSSL* ssl, byte* output, word32 idx)
if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
return ret;
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
ret = Dtls13NewEpoch(
ssl, w64From32(0x0, DTLS13_EPOCH_EARLYDATA), ENCRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
}
#endif /* WOLFSSL_DTLS13 */
}
#endif
@@ -5118,6 +5142,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Force client hello version 1.2 to work for static RSA. */
ssl->chVersion.minor = TLSv1_2_MINOR;
ssl->version.minor = TLSv1_2_MINOR;
ssl->options.tls1_3 = 0;
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
@@ -5218,6 +5243,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->options.dtls) {
ssl->chVersion.minor = DTLSv1_2_MINOR;
ssl->version.minor = DTLSv1_2_MINOR;
ssl->options.tls1_3 = 0;
ret = Dtls13ClientDoDowngrade(ssl);
if (ret != 0)
return ret;
@@ -5231,6 +5257,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return VERSION_ERROR;
}
#ifndef WOLFSSL_NO_TLS12
ssl->options.tls1_3 = 0;
return DoServerHello(ssl, input, inOutIdx, helloSz);
#else
SendAlert(ssl, alert_fatal, wolfssl_alert_protocol_version);
@@ -6296,17 +6323,6 @@ static int CheckPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 helloSz,
return ret;
ssl->keys.encryptionOn = 1;
#ifdef WOLFSSL_DTLS13
if (ssl->options.dtls) {
ret = Dtls13NewEpoch(ssl,
w64From32(0x0, DTLS13_EPOCH_EARLYDATA),
DECRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
}
#endif /* WOLFSSL_DTLS13 */
ssl->earlyData = process_early_data;
}
else
@@ -7604,11 +7620,6 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl)
w64wrapper epochHandshake = w64From32(0, DTLS13_EPOCH_HANDSHAKE);
ssl->dtls13Epoch = epochHandshake;
ret = Dtls13NewEpoch(
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
return ret;
ret = Dtls13SetEpochKeys(
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
@@ -11194,11 +11205,6 @@ static int SendTls13Finished(WOLFSSL* ssl)
ssl->dtls13Epoch = epochTraffic0;
ssl->dtls13PeerEpoch = epochTraffic0;
ret = Dtls13NewEpoch(
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
return ret;
ret = Dtls13SetEpochKeys(
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
@@ -11236,11 +11242,6 @@ static int SendTls13Finished(WOLFSSL* ssl)
ssl->dtls13Epoch = epochTraffic0;
ssl->dtls13PeerEpoch = epochTraffic0;
ret = Dtls13NewEpoch(
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
return ret;
ret = Dtls13SetEpochKeys(
ssl, epochTraffic0, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
@@ -11440,10 +11441,6 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
if (ssl->options.dtls) {
w64Increment(&ssl->dtls13PeerEpoch);
ret = Dtls13NewEpoch(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
ret = Dtls13SetEpochKeys(ssl, ssl->dtls13PeerEpoch, DECRYPT_SIDE_ONLY);
if (ret != 0)
return ret;
@@ -12859,11 +12856,6 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->dtls13Epoch = epochHandshake;
ssl->dtls13PeerEpoch = epochHandshake;
ret = Dtls13NewEpoch(
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
return ret;
ret = Dtls13SetEpochKeys(
ssl, epochHandshake, ENCRYPT_AND_DECRYPT_SIDE);
if (ret != 0)
+123
View File
@@ -51,6 +51,12 @@
#endif
#include <stdlib.h>
#ifdef __linux__
#include <unistd.h>
#include <sys/wait.h>
#endif
#include <wolfssl/ssl.h> /* compatibility layer */
#include <wolfssl/error-ssl.h>
@@ -19069,6 +19075,14 @@ static int test_wc_PKCS12_create_once(int keyEncType, int certEncType)
static int test_wc_PKCS12_create(void)
{
EXPECT_DECLS;
EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
#if !defined(NO_RC4) && !defined(NO_SHA)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
#endif
#if !defined(NO_DES3) && !defined(NO_SHA)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES, PBE_SHA1_DES));
#endif
#if !defined(NO_DES3) && !defined(NO_SHA)
EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES3, PBE_SHA1_DES3));
#endif
@@ -32741,6 +32755,59 @@ static int test_wolfSSL_check_domain(void)
}
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_SYS_CA_CERTS)
static const char* dn = NULL;
static int test_wolfSSL_check_domain_basic_client_ctx(WOLFSSL_CTX* ctx)
{
EXPECT_DECLS;
ExpectIntEQ(wolfSSL_CTX_load_system_CA_certs(ctx), WOLFSSL_SUCCESS);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
return EXPECT_RESULT();
}
static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl)
{
EXPECT_DECLS;
ExpectIntEQ(wolfSSL_check_domain_name(ssl, dn), WOLFSSL_SUCCESS);
return EXPECT_RESULT();
}
static int test_wolfSSL_check_domain_basic(void)
{
EXPECT_DECLS;
test_ssl_cbf func_cb_client;
test_ssl_cbf func_cb_server;
XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
func_cb_client.ctx_ready = &test_wolfSSL_check_domain_basic_client_ctx;
dn = "invalid.com";
func_cb_client.ssl_ready = &test_wolfSSL_check_domain_basic_client_ssl;
/* Expect to fail */
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), -1001);
dn = "example.com";
/* Expect to succeed */
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_SUCCESS);
return EXPECT_RESULT();
}
#else
static int test_wolfSSL_check_domain_basic(void)
{
EXPECT_DECLS;
return EXPECT_RESULT();
}
#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
static int test_wolfSSL_X509_get_X509_PUBKEY(void)
{
@@ -33142,6 +33209,59 @@ static int test_wolfSSL_RAND(void)
}
static int test_wolfSSL_RAND_poll(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && defined(__linux__)
byte seed[16] = {0};
byte randbuf[8] = {0};
int pipefds[2] = {0};
pid_t pid = 0;
XMEMSET(seed, 0, sizeof(seed));
/* No global methods set. */
ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
ExpectIntEQ(pipe(pipefds), 0);
pid = fork();
ExpectIntGE(pid, 0);
if (pid == 0)
{
ssize_t n_written = 0;
/* Child process. */
close(pipefds[0]);
RAND_poll();
RAND_bytes(randbuf, sizeof(randbuf));
n_written = write(pipefds[1], randbuf, sizeof(randbuf));
close(pipefds[1]);
exit(n_written == sizeof(randbuf) ? 0 : 1);
}
else
{
/* Parent process. */
word64 childrand64 = 0;
int waitstatus = 0;
close(pipefds[1]);
ExpectIntEQ(RAND_poll(), 1);
ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1);
ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)), sizeof(childrand64));
ExpectBufNE(randbuf, &childrand64, sizeof(randbuf));
close(pipefds[0]);
waitpid(pid, &waitstatus, 0);
}
RAND_cleanup();
ExpectIntEQ(RAND_egd(NULL), -1);
#endif
return EXPECT_RESULT();
}
static int test_wolfSSL_PKCS8_Compat(void)
{
EXPECT_DECLS;
@@ -67671,6 +67791,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_RAND_set_rand_method),
TEST_DECL(test_wolfSSL_RAND_bytes),
TEST_DECL(test_wolfSSL_RAND),
TEST_DECL(test_wolfSSL_RAND_poll),
/* BN compatibility API */
TEST_DECL(test_wolfSSL_BN_CTX),
@@ -67742,6 +67863,7 @@ TEST_CASE testCases[] = {
#endif
TEST_DECL(test_wolfSSL_check_domain),
TEST_DECL(test_wolfSSL_check_domain_basic),
TEST_DECL(test_wolfSSL_cert_cb),
TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers),
TEST_DECL(test_wolfSSL_ciphersuite_auth),
@@ -68274,6 +68396,7 @@ TEST_CASE testCases[] = {
TEST_DECL(test_wolfSSL_inject),
TEST_DECL(test_wolfSSL_dtls_cid_parse),
TEST_DECL(test_dtls13_epochs),
TEST_DECL(test_dtls_rtx_across_epoch_change),
TEST_DECL(test_dtls13_ack_order),
TEST_DECL(test_dtls_version_checking),
TEST_DECL(test_ocsp_status_callback),
+70
View File
@@ -1313,3 +1313,73 @@ int test_records_span_network_boundaries(void)
}
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
!defined(WOLFSSL_NO_TLS12) */
int test_dtls_rtx_across_epoch_change(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS)
WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
struct test_memio_ctx test_ctx;
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
/* Setup DTLS contexts */
ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method),
0);
/* CH0 */
wolfSSL_SetLoggingPrefix("client:");
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
/* HRR */
wolfSSL_SetLoggingPrefix("server:");
ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ);
/* CH1 */
wolfSSL_SetLoggingPrefix("client:");
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
/* SH ... FINISHED */
wolfSSL_SetLoggingPrefix("server:");
ExpectIntEQ(wolfSSL_accept(ssl_s), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ);
/* we should have now SH ... FINISHED messages in the buffer*/
ExpectIntGE(test_ctx.c_msg_count, 2);
/* drop everything but the SH */
while (test_ctx.c_msg_count > 1 && EXPECT_SUCCESS()) {
ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, test_ctx.c_msg_count - 1), 0);
}
/* Read the SH */
wolfSSL_SetLoggingPrefix("client:");
ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ);
/* trigger client timeout */
ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS);
/* this should have triggered a rtx */
ExpectIntGT(test_ctx.s_msg_count, 0);
/* finish the handshake */
ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
/* Test communication works correctly */
ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS);
/* Cleanup */
wolfSSL_free(ssl_c);
wolfSSL_CTX_free(ctx_c);
wolfSSL_free(ssl_s);
wolfSSL_CTX_free(ctx_s);
#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
defined(WOLFSSL_DTLS13) */
return EXPECT_RESULT();
}
+1
View File
@@ -36,4 +36,5 @@ int test_dtls13_longer_length(void);
int test_dtls13_short_read(void);
int test_records_span_network_boundaries(void);
int test_dtls_record_cross_boundaries(void);
int test_dtls_rtx_across_epoch_change(void);
#endif /* TESTS_API_DTLS_H */
+7
View File
@@ -16665,6 +16665,7 @@ int test_mldsa_pkcs8(void)
defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \
(!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
!defined(WOLFSSL_DILITHIUM_NO_ASN1)
WOLFSSL_CTX* ctx = NULL;
@@ -16685,9 +16686,15 @@ int test_mldsa_pkcs8(void)
int oidSum;
int keySz;
} test_variant[] = {
#ifndef WOLFSSL_NO_ML_DSA_44
{WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE},
#endif
#ifndef WOLFSSL_NO_ML_DSA_65
{WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE},
#endif
#ifndef WOLFSSL_NO_ML_DSA_87
{WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE}
#endif
};
(void) pemSz;
+9 -2
View File
@@ -51,7 +51,7 @@
-v 3
-H exitWithRet
# server TLSv1.2
# server TLSv1.2
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
-H exitWithRet
@@ -60,7 +60,7 @@
-v 4
-H exitWithRet
# server TLSv1.2
# server TLSv1.2
-v 3
-l ECDHE-RSA-AES256-GCM-SHA384
-H exitWithRet
@@ -119,3 +119,10 @@
-7 3
-s
-l ECDHE-PSK-AES128-GCM-SHA256
# server TLSv1.3
-v 4
# client downgrade with trusted ca
-v d
-5
+1
View File
@@ -132,6 +132,7 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_deprecated.pem \
wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c \
wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py \
wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py \
wolfcrypt/src/port/Espressif/esp_crt_bundle/cacrt_local.pem \
wolfcrypt/src/port/Espressif/README.md \
wolfcrypt/src/port/arm/cryptoCell.c \
+61 -35
View File
@@ -1760,6 +1760,51 @@ exit_pk12par:
}
/* Helper function to get parameters for key and cert encryptions */
static int wc_PKCS12_get_enc_params(int inAlgo, int* vPKCS, int* outAlgo,
int* blkOid, int* hmacOid)
{
int ret = 0;
if (inAlgo == PBE_SHA1_RC4_128) {
*vPKCS = 1; /* PKCS#12 */
*outAlgo = PBE_SHA1_RC4_128;
*blkOid = 0; /* Unused */
*hmacOid = 0; /* Use SHA1 as default */
}
else if (inAlgo == PBE_SHA1_DES) {
*vPKCS = PKCS5;
*outAlgo = PBES1_SHA1_DES;
*blkOid = 0; /* Unused */
*hmacOid = 0; /* Use SHA1 as default */
}
else if (inAlgo == PBE_SHA1_DES3) {
*vPKCS = 1; /* PKCS#12 */
*outAlgo = PBE_SHA1_DES3;
*blkOid = 0; /* Unused */
*hmacOid = 0; /* Use SHA1 as default */
}
else if (inAlgo == PBE_AES256_CBC) {
*vPKCS = PKCS5;
*outAlgo = PBES2;
*blkOid = AES256CBCb;
*hmacOid = HMAC_SHA256_OID;
}
else if (inAlgo == PBE_AES128_CBC) {
*vPKCS = PKCS5;
*outAlgo = PBES2;
*blkOid = AES128CBCb;
*hmacOid = HMAC_SHA256_OID;
}
else {
WOLFSSL_MSG("Unsupported algorithm for PKCS12 encryption");
ret = ALGO_ID_E;
}
return ret;
}
/* Helper function to shroud keys.
*
* pkcs12 structure to use with shrouding key
@@ -1781,15 +1826,15 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
{
void* heap;
word32 tmpIdx = 0;
int vPKCS = 1; /* PKCS#12 default set to 1 */
word32 sz;
word32 totalSz = 0;
int ret;
byte* pkcs8Key = NULL;
/* The blkOid and hmacOid are only valid for PKCS#5v2 (PBES2) */
int vPKCS = -1;
int outAlgo = -1;
int blkOid = 0;
int hmacOid = 0; /* If 0, use the default HMAC algorithm */
int hmacOid = 0;
if (outSz == NULL || pkcs12 == NULL || rng == NULL || key == NULL ||
pass == NULL) {
@@ -1826,25 +1871,13 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
else {
WOLFSSL_MSG("creating PKCS12 Shrouded Key Bag");
/* Need to handle PKCS#5v1/v2 (=non-PKCS#12v1) encryptions */
if (vAlgo == PBE_SHA1_DES) {
vPKCS = PKCS5;
vAlgo = 10;
}
else if (vAlgo == PBE_AES256_CBC) {
vPKCS = PKCS5;
vAlgo = PBES2;
blkOid = AES256CBCb;
hmacOid = HMAC_SHA256_OID;
}
else if (vAlgo == PBE_AES128_CBC) {
vPKCS = PKCS5;
vAlgo = PBES2;
blkOid = AES128CBCb;
hmacOid = HMAC_SHA256_OID;
if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid,
&hmacOid)) < 0) {
return ret;
}
ret = TraditionalEnc_ex(key, keySz, pkcs8Key, &sz, pass, passSz,
vPKCS, vAlgo, blkOid, NULL, 0, itt, hmacOid, rng, heap);
vPKCS, outAlgo, blkOid, NULL, 0, itt, hmacOid, rng, heap);
}
if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
*outSz = sz + MAX_LENGTH_SZ + 1;
@@ -2084,7 +2117,6 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
const char* pass, int passSz, int iter, int type)
{
void* heap;
int vPKCS = 1; /* PKCS#12 is always set to 1 */
int ret;
byte* tmp;
word32 idx = 0;
@@ -2092,6 +2124,9 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
word32 length = 0;
word32 tmpSz;
word32 encSz;
int vPKCS = -1;
int outAlgo = -1;
int blkOid = 0;
int hmacOid = 0;
@@ -2111,23 +2146,14 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
if (type == WC_PKCS12_ENCRYPTED_DATA) {
word32 outerSz = 0;
/* Need to handle PKCS#5v1/v2 (=non-PKCS#12v1) encryptions */
if (vAlgo == PBE_AES256_CBC) {
vPKCS = PKCS5;
vAlgo = PBES2;
blkOid = AES256CBCb;
hmacOid = HMAC_SHA256_OID;
}
else if (vAlgo == PBE_AES128_CBC) {
vPKCS = PKCS5;
vAlgo = PBES2;
blkOid = AES128CBCb;
hmacOid = HMAC_SHA256_OID;
if ((ret = wc_PKCS12_get_enc_params(vAlgo, &vPKCS, &outAlgo, &blkOid,
&hmacOid)) < 0) {
return ret;
}
encSz = contentSz;
if ((ret = EncryptContent(NULL, contentSz, NULL, &encSz,
pass, passSz, vPKCS, vAlgo, blkOid, NULL, 0, iter, hmacOid,
pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid,
rng, heap)) < 0) {
if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
return ret;
@@ -2180,7 +2206,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
}
if ((ret = EncryptContent(content, contentSz, tmp, &encSz,
pass, passSz, vPKCS, vAlgo, blkOid, NULL, 0, iter, hmacOid,
pass, passSz, vPKCS, outAlgo, blkOid, NULL, 0, iter, hmacOid,
rng, heap)) < 0) {
XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
+15
View File
@@ -31,6 +31,11 @@
#include "sdkconfig.h" /* programmatically generated from sdkconfig */
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#if HAVE_LIBWOLFSSL_OUTPUT_HEADER
/* see wolfssl component CMakeLists.txt that may have generated this: */
#include "libwolfssl_output.h"
#endif
/* Espressif */
#include <esp_log.h>
#include <esp_err.h>
@@ -647,6 +652,16 @@ int ShowExtendedSystemInfo(void)
LIBWOLFSSL_VERSION_HEX);
#endif
#if defined(LIBWOLFSSL_CMAKE_OUTPUT)
/* For some environments such as PlatformIO that may hide CMake output,
* we can have important messages propagated to the app: */
ESP_LOGI(TAG, "----------------------------------------------------------");
ESP_LOGI(TAG, "LIBWOLFSSL_CMAKE_OUTPUT:%s", LIBWOLFSSL_CMAKE_OUTPUT);
ESP_LOGI(TAG, "----------------------------------------------------------");
#else
ESP_LOGW(TAG, "LIBWOLFSSL_CMAKE_OUTPUT: No cmake messages detected");
#endif
/* some interesting settings are target specific (ESP32, -C3, -S3, etc */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* ESP_RSA_MULM_BITS should be set to at least 16 for ESP32 */
@@ -31,6 +31,13 @@
/* Reminder: settings.h pulls in user_settings.h */
/* Do not explicitly include user_settings.h here. */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#ifndef SHOW_WOLFSSL_BUNDLE_ERROR
#define SHOW_WOLFSSL_BUNDLE_ERROR(X) ESP_LOGV(TAG, \
"SHOW_WOLFSSL_BUNDLE_ERROR not enabled, details suppressed.");
#endif
/* Espressif */
#include <esp_log.h>
@@ -91,6 +98,8 @@ esp_err_t esp_crt_bundle_attach(void *conf)
/* Bundle debug may come from user_settings.h and/or sdkconfig.h */
#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
defined( WOLFSSL_DEBUG_CERT_BUNDLE)
/* someplace to store result of wc_ErrorString(err, string) */
char last_esp_crt_bundle_error[WOLFSSL_MAX_ERROR_SZ];
/* We'll only locally check this one: */
#undef WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE
@@ -173,12 +182,16 @@ esp_err_t esp_crt_bundle_attach(void *conf)
/* A "Certificate Bundle" is this array of [size] + [x509 CA List]
* certs that the client trusts: */
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
asm("_binary_x509_crt_bundle_wolfssl_start");
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
asm("_binary_x509_crt_bundle_wolfssl_end");
#if !defined(NO_WOLFSSL_USE_ASM_CERT)
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_start[]
asm("_binary_x509_crt_bundle_wolfssl_start");
extern const uint8_t x509_crt_imported_bundle_wolfssl_bin_end[]
asm("_binary_x509_crt_bundle_wolfssl_end");
#else
extern const unsigned char _binary_x509_crt_bundle_wolfssl_start[];
extern const unsigned char _binary_x509_crt_bundle_wolfssl_end[];
#endif
/* This crt_bundle_t type must match other providers in esp-tls from ESP-IDF.
* TODO: Move to common header in ESP-IDF. (requires ESP-IDF modification).
* For now, it is here: */
@@ -453,7 +466,8 @@ static CB_INLINE int cert_manager_load(int preverify,
}
}
else {
ESP_LOGE(TAG, "Failed to load CA");
ESP_LOGE(TAG, "Failed to load CA, ret = %d", ret);
SHOW_WOLFSSL_BUNDLE_ERROR(ret);
}
/* We don't free the issue and subject, as they are
@@ -861,6 +875,7 @@ static CB_INLINE int wolfssl_ssl_conf_verify_cb_no_signer(int preverify,
if (ret == WOLFSSL_FAILURE) {
ESP_LOGW(TAG, "Warning: found a matching cert, but not added "
"to the Certificate Manager. error: %d", ret);
SHOW_WOLFSSL_BUNDLE_ERROR(ret);
}
else {
ESP_LOGCBI(TAG, "New CA added to the Certificate Manager.");
@@ -1338,15 +1353,15 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
/* If all is ok, proceed with initialization of Certificate Bundle */
if (ret == ESP_OK) {
/* This is the maximum region that is allowed to access */
ESP_LOGV(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
ESP_LOGV(TAG, "Bundle Size %d", bundle_size);
bundle_end = x509_bundle + bundle_size;
ESP_LOGV(TAG, "Bundle End 0x%x", (intptr_t)bundle_end);
/* This is the maximum region that is allowed to access */
ESP_LOGCBI(TAG, "Bundle Start 0x%x", (intptr_t)x509_bundle);
ESP_LOGCBI(TAG, "Bundle End 0x%x", (intptr_t)bundle_end);
ESP_LOGCBI(TAG, "Bundle Size %u bytes", bundle_size);
cur_crt = x509_bundle + BUNDLE_HEADER_OFFSET;
for (i = 0; i < num_certs; i++) {
ESP_LOGV(TAG, "Init Cert %d", i);
ESP_LOGCBI(TAG, "Init Cert %d", i);
if (cur_crt + CRT_HEADER_OFFSET > bundle_end) {
ESP_LOGE(TAG, "Invalid certificate bundle current offset");
_esp_crt_bundle_is_valid = ESP_FAIL;
@@ -1357,24 +1372,46 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
crts[i] = cur_crt;
#ifndef IS_WOLFSSL_CERT_BUNDLE_FORMAT
ESP_LOGE("err", "Error: not IS_WOLFSSL_CERT_BUNDLE_FORMAT");
/* For reference only */
size_t name_len = cur_crt[0] << 8 | cur_crt[1];
size_t key_len = cur_crt[2] << 8 | cur_crt[3];
cur_crt = cur_crt + CRT_HEADER_OFFSET + name_len + key_len;
#else
cert_len = cur_crt[0] << 8 | cur_crt[1];
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
ESP_LOGCBI(TAG, "- This certificate at 0x%x, length: %u",
(intptr_t)cur_crt, cert_len);
/* TODO: optional gate out serial check for performance. */
/* Useful only for custom cert bundle, known to have no zeros. */
if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
cert_len) > 0) {
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) || \
defined( WOLFSSL_ASN_ALLOW_0_SERIAL) || \
defined(CONFIG_WOLFSSL_NO_ASN_STRICT) || \
defined( WOLFSSL_NO_ASN_STRICT)
if (wolfssl_is_zero_serial_number(cur_crt + CRT_HEADER_OFFSET,
cert_len) > 0) {
ESP_LOGW(TAG, "Warning: found zero value for serial number in "
"certificate #%d", i);
ESP_LOGW(TAG, "Enable WOLFSSL_NO_ASN_STRICT to allow zero in "
"serial number.");
}
#endif
#if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL)
ESP_LOGCBW(TAG, "Allowing zero serial in certificate config.");
#elif defined( WOLFSSL_ASN_ALLOW_0_SERIAL)
ESP_LOGCBW(TAG, "Allowing zero serial in certificate setting.");
#elif defined(CONFIG_WOLFSSL_NO_ASN_STRICT)
ESP_LOGCBW(TAG, "Allowing zero serial, no ASN Strict config.");
#elif defined( WOLFSSL_NO_ASN_STRICT)
ESP_LOGCBW(TAG, "Allowing zero serial, no ASN Strict setting.");
#else
/* Unless explicitly allowed, wolfSSL will reject zero serial */
ESP_LOGW(TAG, "Certificate has zero serial number!");
#endif /* zero serial check message, why allowed per setting */
#else
/* we don't allow zero serial, expect wolfssl error later */
ESP_LOGE(TAG, "ERROR: Strict ASN and found zero value for "
"serial number in certificate #%d", i);
#endif /* zero serial check */
} /* wolfssl_is_zero_serial_number */
/* look at next cert */
cur_crt = cur_crt + (CRT_HEADER_OFFSET + cert_len);
#endif
} /* for certs 0 to num_certs - 1 in the order found */
@@ -1427,25 +1464,52 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle,
esp_err_t esp_crt_bundle_attach(void *conf)
{
esp_err_t ret = ESP_OK;
size_t bundle_size = 0;
ESP_LOGCBI(TAG, "Enter esp_crt_bundle_attach");
/* If no bundle has been set by the user,
* then use the bundle embedded in the binary */
#ifdef PLATFORMIO
ESP_LOGCBW(TAG, "Found PLATFORMIO, beware of alternate cert bundles.");
#endif
if (s_crt_bundle.crts == NULL) {
ESP_LOGCBI(TAG, "No bundle set by user; using the embedded binary.");
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_start 0x%x",
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_start);
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
ESP_LOGCBI(TAG, "x509_crt_imported_bundle_wolfssl_bin_end 0x%x",
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_end);
ret = wolfssl_esp_crt_bundle_init(
x509_crt_imported_bundle_wolfssl_bin_start,
(x509_crt_imported_bundle_wolfssl_bin_end
- x509_crt_imported_bundle_wolfssl_bin_start));
if ((intptr_t)x509_crt_imported_bundle_wolfssl_bin_end <
(intptr_t)x509_crt_imported_bundle_wolfssl_bin_start) {
ESP_LOGE(TAG, "Imported bundle end less than starting address");
ret = ESP_FAIL;
}
else {
bundle_size = (x509_crt_imported_bundle_wolfssl_bin_end
- x509_crt_imported_bundle_wolfssl_bin_start);
if (bundle_size == 0) {
ESP_LOGE(TAG, "Imported bundle size is zero. Empty?");
ret = ESP_FAIL;
}
else {
ESP_LOGCBI(TAG, "Importing x509 wolfSSL bundle, %u bytes",
bundle_size);
ret = wolfssl_esp_crt_bundle_init(
x509_crt_imported_bundle_wolfssl_bin_start,
bundle_size);
}
}
}
else {
ESP_LOGCBI(TAG, "Cert bundle set by user at 0x%x.",
(intptr_t)s_crt_bundle.crts);
}
if (((uintptr_t)x509_crt_imported_bundle_wolfssl_bin_start % 4) == 0) {
ESP_LOGCBI(TAG, "Confirmed alignment x509_crt_imported_bundle_wolfssl");
}
else {
ESP_LOGCBI(TAG, "Not aligned: x509_crt_imported_bundle_wolfssl");
}
if (ret == ESP_OK) {
if (conf) {
wolfssl_ssl_config *ssl_conf = (wolfssl_ssl_config *)conf;
@@ -0,0 +1,37 @@
#!/usr/bin/env python
#
# pio_install_cryptography.py
#
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Import("env")
import subprocess
import sys
# Function to install a package
def install(package):
subprocess.check_call([sys.executable, "-m", "pip", "install", package])
try:
# Check if cryptography is installed
import cryptography
except ImportError:
# If not installed, install it
print("cryptography package not found. Installing...")
install("cryptography")
+7 -3
View File
@@ -254,7 +254,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
if (ret == 0) {
TsipUserCtx* tsipCtx = (TsipUserCtx*)ctx;
RsaKey* key = info->pk.rsakg.key;
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
#if (defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1) || \
(defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1)
if (info->pk.rsakg.size == 1024) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
@@ -266,7 +267,8 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
);
}
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if (defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1) || \
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1)
if (info->pk.rsakg.size == 2048) {
/* export generated public key to the RsaKey structure */
ret = wc_RsaPublicKeyDecodeRaw(
@@ -824,11 +826,13 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
if (cbInfo->session_key_set == 1) {
switch(cbInfo->key_side) {
#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
switch(cbInfo->side) {
#endif
case 1:/* ENCRYPT_SIDE_ONLY */
ssl->encrypt.setup = 1;
break;
@@ -841,7 +845,7 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
break;
default:break;
}
#endif
ret = 0;
wolfSSL_CTX_SetTlsFinishedCb(ssl->ctx, Renesas_cmn_TlsFinished);
wolfSSL_SetTlsFinishedCtx(ssl, cbInfo);
@@ -372,7 +372,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
#if defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureVerification(&sigData,
&hashData,
@@ -390,7 +390,7 @@ int wc_tsip_RsaVerifyPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureVerification(&sigData,
&hashData,
+18 -13
View File
@@ -2425,7 +2425,8 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
switch (keyType) {
#if !defined(NO_RSA)
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if ((defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1) || \
(defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
case TSIP_KEY_TYPE_RSA2048:
#if defined(WOLFSSL_RENESAS_TSIP_TLS)
tuc->ClientRsa2048PubKey_set = 0;
@@ -3231,15 +3232,13 @@ int wc_tsip_generateSessionKey(
if (enc) {
enc->aes->ctx.keySize = ssl->specs.key_size;
enc->aes->ctx.setup = 1;
/* ready for use */
enc->setup = 1;
/* ready-for-use flag will be set when SetKeySide() is called */
}
/* set up key size and marked ready */
if (dec) {
dec->aes->ctx.keySize = ssl->specs.key_size;
dec->aes->ctx.setup = 1;
/* ready for use */
dec->setup = 1;
/* ready-for-use flag will be set when SetKeySide() is called */
}
if (ctx->tsip_cipher ==
@@ -3706,7 +3705,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
#if defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1
case TSIP_KEY_TYPE_RSA1024:
if (tuc->keyflgs_crypt.bits.rsapri1024_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 1024 not set");
@@ -3714,7 +3713,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
if (tuc->keyflgs_crypt.bits.rsapri2048_key_set != 1) {
WOLFSSL_MSG("tsip rsa private key 2048 not set");
@@ -3731,9 +3730,11 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
if (ret == 0) {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* since TSIP driver adds ASN.1 input data uses raw digest */
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
hashData.data_type = 1;
sigData.pdata = (uint8_t*)info->pk.rsa.in;
hashData.data_length= ssl->buffers.digest.length;
hashData.data_type = 1; /* hashed data */
sigData.pdata = (uint8_t*)info->pk.rsa.out;
sigData.data_length = 0; /* signature size will be returned here */
#else
hashData.pdata = (uint8_t*)info->pk.rsa.in;
@@ -3744,7 +3745,8 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
#endif
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_1024) && TSIP_RSAES_1024 == 1
#if (defined(TSIP_RSASSA_1024) && TSIP_RSASSA_1024 == 1) && \
defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
case TSIP_KEY_TYPE_RSA1024:
err = R_TSIP_RsassaPkcs1024SignatureGenerate(
&hashData, &sigData,
@@ -3757,7 +3759,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
}
break;
#endif
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
err = R_TSIP_RsassaPkcs2048SignatureGenerate(
&hashData, &sigData,
@@ -3849,15 +3851,18 @@ int tsip_VerifyRsaPkcsCb(
if (ret == 0) {
sigData.pdata = (uint8_t*)sig;
sigData.data_length = sigSz;
/* Since TSITP driver handles ASN.1 internally,
* the expected data is raw hash.
*/
hashData.pdata = (uint8_t*)ssl->buffers.digest.buffer;
hashData.data_type = 1; /* hash value */
if ((ret = tsip_hw_lock()) == 0) {
switch (tuc->wrappedKeyType) {
#if defined(TSIP_RSAES_2048) && TSIP_RSAES_2048 == 1
#if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
case TSIP_KEY_TYPE_RSA2048:
sigData.data_length = 256;
err = R_TSIP_RsassaPkcs2048SignatureVerification(
&sigData, &hashData,
&tuc->Rsa2048PublicKeyIdx,
+2
View File
@@ -46814,8 +46814,10 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
byte* sig = NULL;
#else
dilithium_key key[1];
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
byte sig[DILITHIUM_MAX_SIG_SIZE];
#endif
#endif
#ifndef WOLFSSL_DILITHIUM_NO_SIGN
word32 sigLen;
byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
@@ -90,6 +90,16 @@ extern "C" {
#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *)
#include <wolfssl/ssl.h>
#if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) || \
defined( WOLFSSL_DEBUG_CERT_BUNDLE)
/* Default WOLFSSL_MAX_ERROR_SZ assigned in settings.h or user_settings.h */
extern char last_esp_crt_bundle_error[WOLFSSL_MAX_ERROR_SZ];
#define SHOW_WOLFSSL_BUNDLE_ERROR(THIS_ERR) \
{ \
wc_ErrorString(THIS_ERR, last_esp_crt_bundle_error); \
ESP_LOGE(TAG,"%s", last_esp_crt_bundle_error); \
}
#endif
typedef struct wolfssl_ssl_config wolfssl_ssl_config;
struct wolfssl_ssl_config
@@ -164,7 +164,8 @@ typedef struct TsipUserCtx {
#ifdef WOLFSSL_RENESAS_TSIP_TLS
/* 0:working as a TLS client, 1: as a server */
byte side;
/* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
byte key_side;
/* public key index for verification of RootCA cert */
uint32_t user_key_id;
+4
View File
@@ -455,6 +455,10 @@
#endif
#endif
/* Important build-time configuration messages may be saved.
* Enable DEBUG_WOLFSSL and see wolfSSL_Init() for display. */
#define LIBWOLFSSL_CMAKE_OUTPUT ""
/* ---------------------------------------------------------------------------
* Dual Algorithm Certificate Required Features.
* ---------------------------------------------------------------------------