Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into OE8-CHECK-IN

Browse Source
This commit is contained in:
Kaleb Himes
2025-04-14 15:24:28 -06:00
committed by GitHub
parent 2d01363e57 43e68add96
commit 6b66149edb
1711 changed files with 266926 additions and 88826 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
IDE/ARDUINO/Arduino_README_prepend.md
View File

@@ -4,12 +4,46 @@ This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/)
The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/).
See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/) for publishing status.
Instructions for installing and using libraries can be found in the [Arduino docs](https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries/).
## wolfSSL Configuration
As described in the [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## wolfSSL Examples
Additional wolfSSL examples can be found at:
- https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO
- https://github.com/wolfSSL/wolfssl/tree/master/examples
- https://github.com/wolfSSL/wolfssl-examples/
## Arduino Releases
The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
This release of wolfSSL is version [5.7.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.6-stable).
The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable)
See GitHub for [all Arduino wolfSSL releases](https://github.com/wolfSSL/Arduino-wolfSSL/releases).
See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.
The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update.
The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed.

45
IDE/ARDUINO/README.md
View File

@@ -2,18 +2,49 @@
See the [example sketches](./sketches/README.md):
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md)
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md)
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
Bare-bones templates:
- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
- [sketches/template](./sketches/template/README.md) multiple file example.
Functional examples:
- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
When publishing a new version to the Arduino Registry, be sure to edit `WOLFSSL_VERSION_ARUINO_SUFFIX` in the `wolfssl-arduino.sh` script.
## Getting Started
See [Getting Started with wolfSSL on Arduino](https://www.wolfssl.com/getting-started-with-wolfssl-on-arduino/), wolfSSL features are enabled and disabled in the `user_settings.h` file.
The `user_settings.h` file is found in the `<Arduino>/libraries/wolfssl/src` directory.
For Windows this is typically `C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src`
For Mac: `~/Documents/Arduino/libraries/wolfssl/src`
For Linux: `~/Arduino/libraries/wolfssl/src`
Tips for success:
- The `WOLFSSL_USER_SETTINGS` macro must be defined project-wide. (see [wolfssl.h](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/wolfssl.h))
- Apply any customizations only to `user_settings.h`; Do not edit wolfSSL `settings.h` or `configh.h` files.
- Do not explicitly include `user_settings.h` in any source file.
- For every source file that uses wolfssl, include `wolfssl/wolfcrypt/settings.h` before any other wolfSSL include, typically via `#include "wolfssl.h"`.
- See the [wolfSSL docs](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html) for details on build configuration macros.
## Boards
Many of the supported boards are natively built-in to the [Arduino IDE Board Manager](https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-board-manager/)
and by adding [additional cores](https://docs.arduino.cc/learn/starting-guide/cores/) as needed.
STM32 Support can be added by including this link in the "Additional Boards Managers URLs" field
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started) .
from [stm32duino/Arduino_Core_STM32](https://github.com/stm32duino/Arduino_Core_STM32?tab=readme-ov-file#getting-started).
```
https://github.com/stm32duino/BoardManagerFiles/raw/main/package_stmicroelectronics_index.json
@@ -27,7 +58,7 @@ This option will allow wolfSSL to be installed directly using the native Arduino
## Manually Reformatting wolfSSL as a Compatible Arduino Library
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
Use [this](./wolfssl-arduino.sh) shell script that will re-organize the wolfSSL library to be
compatible with [Arduino Library Specification](https://arduino.github.io/arduino-cli/0.35/library-specification/)
for projects that use Arduino IDE 1.5.0 or newer.
@@ -42,7 +73,7 @@ from within the `wolfssl/IDE/ARDUINO` directory:
1. `./wolfssl-arduino.sh`
- Creates an Arduino Library directory structure in the local `wolfSSL` directory of `IDE/ARDUINO`.
- You can add your own `user_settings.h`, or copy/rename the [default](../../examples/configs/user_settings_arduino.h).
- You can add your own `user_settings.h`, or copy/rename the [default](https://github.com/wolfSSL/wolfssl/blob/master/examples/configs/user_settings_arduino.h).
2. `./wolfssl-arduino.sh INSTALL` (The most common option)
- Creates an Arduino Library in the local `wolfSSL` directory
@@ -55,8 +86,8 @@ from within the `wolfssl/IDE/ARDUINO` directory:
3. `./wolfssl-arduino.sh INSTALL /path/to/repository` (Used to update [arduino-wolfSSL](https://github.com/wolfSSL/arduino-wolfSSL))
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/repository`
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
- Adds the [default](../../examples/configs/user_settings_arduino.h) as `user_settings.h`.
4. `./wolfssl-arduino.sh INSTALL /path/to/any/other/directory`
- Creates an Arduino Library in `wolfSSL` directory
- Copies that directory contents to the specified `/path/to/any/other/directory`

24
IDE/ARDUINO/include.am
View File

@@ -2,16 +2,32 @@
# included from Top Level Makefile.am
# All paths should be given relative to the root
# Library files:
EXTRA_DIST+= IDE/ARDUINO/README.md
# There's an Arduino-specific Arduino_README_prepend.md that will be prepended to wolfSSL README.md
# Not to be confused with the interim PREPENDED_README.md that is created by script.
EXTRA_DIST+= IDE/ARDUINO/Arduino_README_prepend.md
# Core library files
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.cpp
EXTRA_DIST+= IDE/ARDUINO/keywords.txt
EXTRA_DIST+= IDE/ARDUINO/library.properties.template
# Sketch Examples
EXTRA_DIST+= IDE/ARDUINO/sketches/README.md
# wolfssl_client example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
# wolfssl_server example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
# wolfssl_version example sketch
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/README.md
EXTRA_DIST+= IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
EXTRA_DIST+= IDE/ARDUINO/wolfssl.h
# Publishing script, either local install or to github.com/wolfSSL/Arduino-wolfSSL clone directory.
EXTRA_DIST+= IDE/ARDUINO/wolfssl-arduino.sh

71
IDE/ARDUINO/sketches/README.md
View File

@@ -1,12 +1,75 @@
# wolfSSL Arduino Examples
There are currently two example Arduino sketches:
There are currently five example Arduino sketches:
* [wolfssl_client](./wolfssl_client/README.md): Basic TLS listening client.
* [wolfssl_server](./wolfssl_server/README.md): Basic TLS server.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
* `template`: Reference template wolfSSL example, including optional VisualGDB project files.
* `wolfssl_AES_CTR`: Basic AES CTR Encryption / Decryption example.
* `wolfssl_client`: Basic TLS listening client.
* `wolfssl_server`: Basic TLS server.
* `wolfssl_version`: Bare-bones wolfSSL example.
Examples have been most recently confirmed operational on the
[Arduino IDE](https://www.arduino.cc/en/software) 2.2.1.
For examples on other platforms, see the [IDE directory](https://github.com/wolfssl/wolfssl/tree/master/IDE).
Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
Additional wolfssl examples can be found at [wolfSSL/wolfssl-examples](https://github.com/wolfSSL/wolfssl-examples/).
## Using wolfSSL
The typical include will look something like this:
```
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must appear before any other wolfSSL include.
*/
#include <wolfssl.h>
/* settings.h is typically included in wolfssl.h, but here as a reminder: */
#include <wolfssl/wolfcrypt/settings.h>
/* Any other wolfSSL includes follow:*
#include <wolfssl/version.h>
```
## Configuring wolfSSL
See the `user_settings.h` in the Arduino library `wolfssl/src` directory. For Windows users this is typically:
```
C:\Users\%USERNAME%\Documents\Arduino\libraries\wolfssl\src
```
WARNING: Changes to the library `user_settings.h` file will be lost when upgrading wolfSSL using the Arduino IDE.
## Troubleshooting
If compile problems are encountered, for example:
```
ctags: cannot open temporary file : File exists
exit status 1
Compilation error: exit status 1
```
Try deleting the Arduino cache directory:
```
C:\Users\%USERNAME%\AppData\Local\arduino\sketches
```
For VisualGDB users, delete the project `.vs`, `Output`, and `TraceReports` directories.
## More Information
For more details, see [IDE/ARDUINO/README.md](https://github.com/wolfSSL/wolfssl/blob/master/IDE/ARDUINO/README.md)

10
IDE/ARDUINO/sketches/wolfssl_client/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Listening Client
Open the [wolfssl_client.ino](./wolfssl_client.ino) file in the Arduino IDE.
Open the `wolfssl_client.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as:

894
IDE/ARDUINO/sketches/wolfssl_client/wolfssl_client.ino
View File

@@ -1,894 +0,0 @@
/* wolfssl_client.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 0
/* Edit this with your other TLS host server address to connect to: */
#define WOLFSSL_TLS_SERVER_HOST "192.168.1.39"
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
#define WOLFSSL_CLIENT_EXAMPLE
/* #define WOLFSSL_SERVER_EXAMPLE */
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
static const char host[] PROGMEM = WOLFSSL_TLS_SERVER_HOST; /* server to connect to */
static const int port PROGMEM = WOLFSSL_PORT; /* port on server to connect to */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Client IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
Serial.print(F(" Configured Server Host to connect to: "));
Serial.println(host);
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_client_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl client method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_CLIENT_CERT,
CTX_CLIENT_CERT_SIZE,
CTX_CLIENT_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_certificate_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private client key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_CLIENT_KEY,
CTX_CLIENT_KEY_SIZE,
CTX_CLIENT_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.println(F("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
ret = wolfSSL_CTX_load_verify_buffer(ctx,
CTX_CA_CERT,
CTX_CA_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.println(F("Success: load_verify CTX_CA_CERT"));
}
else {
Serial.println(F("Error: wolfSSL_CTX_load_verify_buffer failed: "));
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Client Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
Serial.println(F("Completed Arduino setup!"));
/* See companion wolfssl_server.ino code; server begins listening here
* https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO/sketches/wolfssl_server
* Any other server will work. See also:
* https://github.com/wolfSSL/wolfssl/tree/master/examples/client
*/
/* See companion wolfssl_server.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char reply[80];
char msg[32] = "hello wolfssl!";
const char* cipherName;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int total_input = 0;
int msgSz = 0;
int input = 0;
int ret = 0;
int err = 0;
msgSz = (int)strlen(msg);
Serial.println(F(""));
Serial.println(F("Starting Arduino loop() ..."));
if (reconnect) {
reconnect--;
/* WiFi client returns true if connection succeeds, false if not. */
/* Wired client returns int (1,-1,-2,-3,-4) for connection status. */
Serial.print(F("Connecting to "));
Serial.print(host);
Serial.print(F(":"));
Serial.println(port);
/* can also use: IPAddress server(192,168,1,37); */
Serial.println(F("Here we go..."));
ret = client.connect(host, port);
Serial.println(F("Ok, checking..."));
if (ret > 0) {
Serial.println(F("Connected!"));
/* initialize wolfSSL */
ret = wolfSSL_Init();
error_check(ret, false, F("calling wolfSSL_Init") );
/* create secure connection object. see setup for ctx certs. */
Serial.println(F("Calling ssl = wolfSSL_new(ctx)"));
ssl = wolfSSL_new(ctx);
error_check_ssl(ssl, 0, true, F("Create WOLFSSL object from ctx"));
Serial.print(F("Connecting to wolfSSL TLS Secure Server..."));
do {
err = 0; /* reset error */
Serial.println(F("wolfSSL_connect ..."));
ret = wolfSSL_connect(ssl);
Serial.print("wolfSSL_connect return result =");
Serial.println(ret);
if ((ret != WOLFSSL_SUCCESS) && (ret != WC_PENDING_E)) {
Serial.println(F("Failed connection, checking error."));
err = error_check_ssl(ssl, ret, true,
F("Create WOLFSSL object from ctx"));
Serial.print("err =");
Serial.println(err);
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println(F("Connected!"));
Serial.print(F("SSL version is "));
Serial.println(wolfSSL_get_version(ssl));
cipherName = wolfSSL_get_cipher(ssl);
Serial.print(F("SSL cipher suite is "));
Serial.println(cipherName);
/* see test.h
* TODO: test.h needs a little bit of Arduino work for these:
showPeerEx(ssl, lng_index);
showPeerPEM(ssl);
*/
Serial.print(F("Sending secure message to server: "));
Serial.println(msg);
ret = wolfSSL_write(ssl, msg, msgSz);
if (ret == msgSz) {
Serial.print(F("Waiting for Server response..."));
while (!client.available()) {
/* wait for data */
delay(1); /* 1 ms delay */
}
Serial.print(F("Reading response.."));
/* read data */
do {
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (ret < 0) {
error_check_ssl(ssl, ret, false,
F("during TLS Read"));
}
else {
Serial.print(PROGRESS_DOT);
}
} while (err == WC_PENDING_E);
Serial.println();
Serial.println();
Serial.println(reply); /* typically: I hear you fa shizzle! */
Serial.println();
} /* wolfSSL_write message size matched */
else {
error_check_ssl(ssl, ret, false,
F("during TLS Write"));
} /* any wolfSSL_write message size mismatch is an error */
Serial.print(F("Shutting down.."));
do {
delay(1);
Serial.print(PROGRESS_DOT);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ( (ret == WOLFSSL_SHUTDOWN_NOT_DONE)
&& (retry_shutdown > 0)
); /* There may be pending data, so wait until done. */
Serial.println();
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println(F("Warning! Shutdown did not properly complete."));
}
wolfSSL_free(ssl);
client.stop();
Serial.println(F("Connection complete."));
if (REPEAT_CONNECTION) {
reconnect = RECONNECT_ATTEMPTS;
}
else {
reconnect = 0;
}
} /* client.connect(host, port) */
else {
Serial.println(F("Problem sending message. Trying to reconnect..."));
}
}
delay(1000);
if ((reconnect > 0) && (REPEAT_CONNECTION)) {
Serial.println(F("Arduino loop repeating..."));
Serial.println();
}
else {
printf("wow");
Serial.println(F("Done!"));
while(1) {
/* wait forever */
}
}
#if defined(MEMORY_STRESS_TEST)
if (mem_ctr < MEMORY_STRESS_ITERATIONS) {
/* reminder: mem_ctr == 0 is MEMORY_STRESS_INITIAL allocation */
mem_ctr++;
Serial.print(F("Memory stress increment: "));
Serial.print(mem_ctr);
Serial.print(F(". Allocating addition memory (bytes): "));
Serial.println(MEMORY_STRESS_BLOCK_SIZE);
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_BLOCK_SIZE);
show_memory();
}
#endif
} /* Arduino loop repeats */

12
IDE/ARDUINO/sketches/wolfssl_server/README.md
View File

@@ -1,6 +1,14 @@
# Arduino Basic TLS Server
Open the [wolfssl_server.ino](./wolfssl_server.ino) file in the Arduino IDE.
Open the `wolfssl_server.ino` file in the Arduino IDE.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
If using WiFi, be sure to set `ssid` and `password` values.
May need "Ethernet by Various" library to be installed. Tested with v2.0.2 and v2.8.1.
See the `#define WOLFSSL_TLS_SERVER_HOST` to set your own server address.
Other IDE products are also supported, such as:
@@ -13,7 +21,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co
## Connect with an Arduino Sketch
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino).
## Connect with Linux Client

838
IDE/ARDUINO/sketches/wolfssl_server/wolfssl_server.ino
View File

@@ -1,838 +0,0 @@
/* wolfssl_server.ino
*
* Copyright (C) 2006-2024 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*
Tested with:
1) Intel Galileo acting as the Client, with a laptop acting as a server using
the server example provided in examples/server.
Legacy Arduino v1.86 was used to compile and program the Galileo
2) Espressif ESP32 WiFi
3) Arduino Due, Nano33 IoT, Nano RP-2040
*/
/*
* Note to code editors: the Arduino client and server examples are edited in
* parallel for side-by-side comparison between examples.
*/
/* If you have a private include, define it here, otherwise edit WiFi params */
#define MY_PRIVATE_CONFIG "/workspace/my_private_config.h"
/* set REPEAT_CONNECTION to a non-zero value to continually run the example. */
#define REPEAT_CONNECTION 1
/* Edit this with your other TLS host server address to connect to: */
/* #define WOLFSSL_TLS_SERVER_HOST "192.168.1.34" */
/* wolfssl TLS examples communicate on port 11111 */
#define WOLFSSL_PORT 11111
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* We'll wait up to 2000 milliseconds to properly shut down connection */
#define SHUTDOWN_DELAY_MS 2000
/* Number of times to retry connection. */
#define RECONNECT_ATTEMPTS 20
/* Optional stress test. Define to consume memory until exhausted: */
/* #define MEMORY_STRESS_TEST */
/* Choose client or server example, not both. */
/* #define WOLFSSL_CLIENT_EXAMPLE */
#define WOLFSSL_SERVER_EXAMPLE
#if defined(MY_PRIVATE_CONFIG)
/* the /workspace directory may contain a private config
* excluded from GitHub with items such as WiFi passwords */
#include MY_PRIVATE_CONFIG
static const char* ssid PROGMEM = MY_ARDUINO_WIFI_SSID;
static const char* password PROGMEM = MY_ARDUINO_WIFI_PASSWORD;
#else
/* when using WiFi capable boards: */
static const char* ssid PROGMEM = "your_SSID";
static const char* password PROGMEM = "your_PASSWORD";
#endif
#define BROADCAST_ADDRESS "255.255.255.255"
/* There's an optional 3rd party NTPClient library by Fabrice Weinberg.
* If it is installed, uncomment define USE_NTP_LIB here: */
/* #define USE_NTP_LIB */
#ifdef USE_NTP_LIB
#include <NTPClient.h>
#endif
#include <wolfssl.h>
/* Important: make sure settings.h appears before any other wolfSSL headers */
#include <wolfssl/wolfcrypt/settings.h>
/* Reminder: settings.h includes user_settings.h
* For ALL project wolfSSL settings, see:
* [your path]/Arduino\libraries\wolfSSL\src\user_settings.h */
#include <wolfssl/ssl.h>
#include <wolfssl/certs_test.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
/* Define DEBUG_WOLFSSL in user_settings.h for more verbose logging. */
#if defined(DEBUG_WOLFSSL)
#define PROGRESS_DOT F("")
#else
#define PROGRESS_DOT F(".")
#endif
/* Convert a macro to a string */
#define xstr(x) str(x)
#define str(x) #x
/* optional board-specific networking includes */
#if defined(ESP32)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
/* Ensure the F() flash macro is defined */
#ifndef F
#define F
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ESP8266)
#define USING_WIFI
#include <ESP8266WiFi.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAM_DUE)
#include <SPI.h>
/* There's no WiFi/Ethernet on the Due. Requires Ethernet Shield.
/* Needs "Ethernet by Various" library to be installed. Tested with V2.0.2 */
#include <Ethernet.h>
EthernetClient client;
EthernetClient server(WOLFSSL_PORT);
#elif defined(ARDUINO_SAMD_NANO_33_IOT)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h> /* Needs Arduino WiFiNINA library installed manually */
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(ARDUINO_ARCH_RP2040)
#define USING_WIFI
#include <SPI.h>
#include <WiFiNINA.h>
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#elif defined(USING_WIFI)
#define USING_WIFI
#include <WiFi.h>
#include <WiFiUdp.h>
#ifdef USE_NTP_LIB
WiFiUDP ntpUDP;
#endif
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
/* TODO
#elif defined(OTHER_BOARD)
*/
#else
#define USING_WIFI
WiFiClient client;
WiFiServer server(WOLFSSL_PORT);
#endif
/* Only for syntax highlighters to show interesting options enabled: */
#if defined(HAVE_SNI) \
|| defined(HAVE_MAX_FRAGMENT) \
|| defined(HAVE_TRUSTED_CA) \
|| defined(HAVE_TRUNCATED_HMAC) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
|| defined(HAVE_SUPPORTED_CURVES) \
|| defined(HAVE_ALPN) \
|| defined(HAVE_SESSION_TICKET) \
|| defined(HAVE_SECURE_RENEGOTIATION) \
|| defined(HAVE_SERVER_RENEGOTIATION_INFO)
#endif
/* we expect our IP address from DHCP */
static WOLFSSL_CTX* ctx = NULL;
static WOLFSSL* ssl = NULL;
static char* wc_error_message = (char*)malloc(80 + 1);
static char errBuf[80];
#if defined(MEMORY_STRESS_TEST)
#define MEMORY_STRESS_ITERATIONS 100
#define MEMORY_STRESS_BLOCK_SIZE 1024
#define MEMORY_STRESS_INITIAL (4*1024)
static char* memory_stress[MEMORY_STRESS_ITERATIONS]; /* typically 1K per item */
static int mem_ctr = 0;
#endif
static int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
static int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
static int reconnect = RECONNECT_ATTEMPTS;
static int lng_index PROGMEM = 0; /* 0 = English */
#if defined(__arm__)
#include <malloc.h>
extern char _end;
extern "C" char *sbrk(int i);
static char *ramstart=(char *)0x20070000;
static char *ramend=(char *)0x20088000;
#endif
/*****************************************************************************/
/* fail_wait - in case of unrecoverable error */
/*****************************************************************************/
int fail_wait(void) {
show_memory();
Serial.println(F("Failed. Halt."));
while (1) {
delay(1000);
}
return 0;
}
/*****************************************************************************/
/* show_memory() to optionally view during debugging. */
/*****************************************************************************/
int show_memory(void)
{
#if defined(__arm__)
struct mallinfo mi = mallinfo();
char *heapend=sbrk(0);
register char * stack_ptr asm("sp");
#if defined(DEBUG_WOLFSSL_VERBOSE)
Serial.print(" arena=");
Serial.println(mi.arena);
Serial.print(" ordblks=");
Serial.println(mi.ordblks);
Serial.print(" uordblks=");
Serial.println(mi.uordblks);
Serial.print(" fordblks=");
Serial.println(mi.fordblks);
Serial.print(" keepcost=");
Serial.println(mi.keepcost);
#endif
#if defined(DEBUG_WOLFSSL) || defined(MEMORY_STRESS_TEST)
Serial.print("Estimated free memory: ");
Serial.print(stack_ptr - heapend + mi.fordblks);
Serial.println(F(" bytes"));
#endif
#if (0)
/* Experimental: not supported on all devices: */
Serial.print("RAM Start %lx\n", (unsigned long)ramstart);
Serial.print("Data/Bss end %lx\n", (unsigned long)&_end);
Serial.print("Heap End %lx\n", (unsigned long)heapend);
Serial.print("Stack Ptr %lx\n",(unsigned long)stack_ptr);
Serial.print("RAM End %lx\n", (unsigned long)ramend);
Serial.print("Heap RAM Used: ",mi.uordblks);
Serial.print("Program RAM Used ",&_end - ramstart);
Serial.print("Stack RAM Used ",ramend - stack_ptr);
Serial.print("Estimated Free RAM: %d\n\n",stack_ptr - heapend + mi.fordblks);
#endif
#else
Serial.println(F("show_memory() not implemented for this platform"));
#endif
return 0;
}
/*****************************************************************************/
/* EthernetSend() to send a message string. */
/*****************************************************************************/
int EthernetSend(WOLFSSL* ssl, char* message, int sz, void* ctx) {
int sent = 0;
(void)ssl;
(void)ctx;
sent = client.write((byte*)message, sz);
return sent;
}
/*****************************************************************************/
/* EthernetReceive() to receive a reply string. */
/*****************************************************************************/
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
int ret = 0;
(void)ssl;
(void)ctx;
while (client.available() > 0 && ret < sz) {
reply[ret++] = client.read();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_hardware() */
/*****************************************************************************/
int setup_hardware(void) {
int ret = 0;
#if defined(ARDUINO_SAMD_NANO_33_IOT)
Serial.println(F("Detected known tested and working Arduino Nano 33 IoT"));
#elif defined(ARDUINO_ARCH_RP2040)
Serial.println(F("Detected known tested and working Arduino RP-2040"));
#elif defined(__arm__) && defined(ID_TRNG) && defined(TRNG)
/* need to manually turn on random number generator on Arduino Due, etc. */
pmc_enable_periph_clk(ID_TRNG);
trng_enable(TRNG);
Serial.println(F("Enabled ARM TRNG"));
#endif
show_memory();
randomSeed(analogRead(0));
return ret;
}
/*****************************************************************************/
/* Arduino setup_datetime() */
/* The device needs to have a valid date within the valid range of certs. */
/*****************************************************************************/
int setup_datetime(void) {
int ret = 0;
int ntp_tries = 20;
/* we need a date in the range of cert expiration */
#ifdef USE_NTP_LIB
#if defined(ESP32)
NTPClient timeClient(ntpUDP, "pool.ntp.org");
timeClient.begin();
timeClient.update();
delay(1000);
while (!timeClient.isTimeSet() && (ntp_tries > 0)) {
timeClient.forceUpdate();
Serial.println(F("Waiting for NTP update"));
delay(2000);
ntp_tries--;
}
if (ntp_tries <= 0) {
Serial.println(F("Warning: gave up waiting on NTP"));
}
Serial.println(timeClient.getFormattedTime());
Serial.println(timeClient.getEpochTime());
#endif
#endif
#if defined(ESP32)
/* see esp32-hal-time.c */
ntp_tries = 5;
/* Replace "pool.ntp.org" with your preferred NTP server */
configTime(0, 0, "pool.ntp.org");
/* Wait for time to be set */
while ((time(nullptr) <= 100000) && ntp_tries > 0) {
Serial.println(F("Waiting for time to be set..."));
delay(2000);
ntp_tries--;
}
#endif
return ret;
} /* setup_datetime */
/*****************************************************************************/
/* Arduino setup_network() */
/*****************************************************************************/
int setup_network(void) {
int ret = 0;
#if defined(USING_WIFI)
int status = WL_IDLE_STATUS;
/* The ESP8266 & ESP32 support both AP and STA. We'll use STA: */
#if defined(ESP8266) || defined(ESP32)
WiFi.mode(WIFI_STA);
#else
String fv;
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
/* don't continue if no network */
while (true) ;
}
fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
#endif
Serial.print(F("Connecting to WiFi "));
Serial.print(ssid);
status = WiFi.begin(ssid, password);
while (status != WL_CONNECTED) {
delay(1000);
Serial.print(F("."));
Serial.print(status);
status = WiFi.status();
}
Serial.println(F(" Connected!"));
#else
/* Newer Ethernet shields have a
* MAC address printed on a sticker on the shield */
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
IPAddress ip(192, 168, 1, 42);
IPAddress myDns(192, 168, 1, 1);
Ethernet.init(10); /* Most Arduino shields */
/* Ethernet.init(5); * MKR ETH Shield */
/* Ethernet.init(0); * Teensy 2.0 */
/* Ethernet.init(20); * Teensy++ 2.0 */
/* Ethernet.init(15); * ESP8266 with Adafruit FeatherWing Ethernet */
/* Ethernet.init(33); * ESP32 with Adafruit FeatherWing Ethernet */
Serial.println(F("Initialize Ethernet with DHCP:"));
if (Ethernet.begin(mac) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
/* Check for Ethernet hardware present */
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println(F("Ethernet shield was not found."));
while (true) {
delay(1); /* do nothing */
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println(F("Ethernet cable is not connected."));
}
/* try to configure using IP address instead of DHCP : */
Ethernet.begin(mac, ip, myDns);
}
else {
Serial.print(F(" DHCP assigned IP "));
Serial.println(Ethernet.localIP());
}
/* We'll assume the Ethernet connection is ready to go. */
#endif
Serial.println(F("********************************************************"));
Serial.print(F(" wolfSSL Example Server IP = "));
#if defined(USING_WIFI)
Serial.println(WiFi.localIP());
#else
Serial.println(Ethernet.localIP());
#endif
/* In server mode, there's no host definition. */
/* See companion example: wolfssl_client.ino */
Serial.println(F("********************************************************"));
Serial.println(F("Setup network complete."));
return ret;
}
/*****************************************************************************/
/* Arduino setup_wolfssl() */
/*****************************************************************************/
int setup_wolfssl(void) {
int ret = 0;
WOLFSSL_METHOD* method;
/* Show a revision of wolfssl user_settings.h file in use when available: */
#if defined(WOLFSSL_USER_SETTINGS_ID)
Serial.print(F("WOLFSSL_USER_SETTINGS_ID: "));
Serial.println(F(WOLFSSL_USER_SETTINGS_ID));
#else
Serial.println(F("No WOLFSSL_USER_SETTINGS_ID found."));
#endif
#if defined(NO_WOLFSSL_SERVER)
Serial.println(F("wolfSSL server code disabled to save space."));
#endif
#if defined(NO_WOLFSSL_CLIENT)
Serial.println(F("wolfSSL client code disabled to save space."));
#endif
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
Serial.println(F("wolfSSL Debugging is On!"));
#else
Serial.println(F("wolfSSL Debugging is Off! (enable with DEBUG_WOLFSSL)"));
#endif
/* See ssl.c for TLS cache settings. Larger cache = use more RAM. */
#if defined(NO_SESSION_CACHE)
Serial.println(F("wolfSSL TLS NO_SESSION_CACHE"));
#elif defined(MICRO_SESSION_CACHEx)
Serial.println(F("wolfSSL TLS MICRO_SESSION_CACHE"));
#elif defined(SMALL_SESSION_CACHE)
Serial.println(F("wolfSSL TLS SMALL_SESSION_CACHE"));
#elif defined(MEDIUM_SESSION_CACHE)
Serial.println(F("wolfSSL TLS MEDIUM_SESSION_CACHE"));
#elif defined(BIG_SESSION_CACHE)
Serial.println(F("wolfSSL TLS BIG_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#elif defined(HUGE_SESSION_CACHE)
Serial.println(F("wolfSSL TLS HUGE_SESSION_CACHE"));
#else
Serial.println(F("WARNING: Unknown or no TLS session cache setting."));
/* See wolfssl/src/ssl.c for amount of memory used.
* It is best on embedded devices to choose a TLS session cache size. */
#endif
ret = wolfSSL_Init();
if (ret == WOLFSSL_SUCCESS) {
Serial.println("Successfully called wolfSSL_Init");
}
else {
Serial.println("ERROR: wolfSSL_Init failed");
}
/* See companion server example with wolfSSLv23_server_method here.
* method = wolfSSLv23_client_method()); SSL 3.0 - TLS 1.3.
* method = wolfTLSv1_2_client_method(); only TLS 1.2
* method = wolfTLSv1_3_client_method(); only TLS 1.3
*
* see Arduino\libraries\wolfssl\src\user_settings.h */
Serial.println("Here we go!");
method = wolfSSLv23_server_method();
if (method == NULL) {
Serial.println(F("unable to get wolfssl server method"));
fail_wait();
}
ctx = wolfSSL_CTX_new(method);
if (ctx == NULL) {
Serial.println(F("unable to get ctx"));
fail_wait();
}
return ret;
}
/*****************************************************************************/
/* Arduino setup_certificates() */
/*****************************************************************************/
int setup_certificates(void) {
int ret = 0;
Serial.println(F("Initializing certificates..."));
show_memory();
/* Use built-in validation, No verification callback function: */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
/* Certificate */
Serial.println("Initializing certificates...");
ret = wolfSSL_CTX_use_certificate_buffer(ctx,
CTX_SERVER_CERT,
CTX_SERVER_CERT_SIZE,
CTX_CA_CERT_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use certificate: ");
Serial.println(xstr(CTX_SERVER_CERT));
}
else {
Serial.print("Error: wolfSSL_CTX_use_certificate_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
/* Setup private server key */
ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
CTX_SERVER_KEY,
CTX_SERVER_KEY_SIZE,
CTX_SERVER_KEY_TYPE);
if (ret == WOLFSSL_SUCCESS) {
Serial.print("Success: use private key buffer: ");
Serial.println(xstr(CTX_SERVER_KEY));
}
else {
Serial.print("Error: wolfSSL_CTX_use_PrivateKey_buffer failed: ");
wc_ErrorString(ret, wc_error_message);
Serial.println(wc_error_message);
fail_wait();
}
return ret;
} /* Arduino setup */
/*****************************************************************************/
/*****************************************************************************/
/* Arduino setup() */
/*****************************************************************************/
/*****************************************************************************/
void setup(void) {
int i = 0;
Serial.begin(SERIAL_BAUD);
while (!Serial && (i < 10)) {
/* wait for serial port to connect. Needed for native USB port only */
delay(1000);
i++;
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL TLS Server Example Startup."));
/* define DEBUG_WOLFSSL in wolfSSL user_settings.h for diagnostics */
#if defined(DEBUG_WOLFSSL)
wolfSSL_Debugging_ON();
#endif
/* Optionally pre-allocate a large block of memory for testing */
#if defined(MEMORY_STRESS_TEST)
Serial.println(F("WARNING: Memory Stress Test Active!"));
Serial.print(F("Allocating extra memory: "));
Serial.print(MEMORY_STRESS_INITIAL);
Serial.println(F(" bytes..."));
memory_stress[mem_ctr] = (char*)malloc(MEMORY_STRESS_INITIAL);
show_memory();
#endif
setup_hardware();
setup_network();
setup_datetime();
setup_wolfssl();
setup_certificates();
/* Initialize wolfSSL using callback functions. */
wolfSSL_SetIOSend(ctx, EthernetSend);
wolfSSL_SetIORecv(ctx, EthernetReceive);
#if defined THIS_USER_SETTINGS_VERSION
Serial.print(F("This user_settings.h version:"))
Serial.println(THIS_USER_SETTINGS_VERSION)
#endif
/* Start the server
* See https://www.arduino.cc/reference/en/libraries/ethernet/server.begin/
*/
Serial.println(F("Completed Arduino setup()"));
server.begin();
Serial.println("Begin Server... (waiting for remote client to connect)");
/* See companion wolfssl_client.ino code */
return;
} /* Arduino setup */
/*****************************************************************************/
/* wolfSSL error_check() */
/*****************************************************************************/
int error_check(int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int ret = 0;
if (this_ret == WOLFSSL_SUCCESS) {
Serial.print(F("Success: "));
Serial.println(message);
}
else {
Serial.print(F("ERROR: return = "));
Serial.print(this_ret);
Serial.print(F(": "));
Serial.println(message);
Serial.println(wc_GetErrorString(this_ret));
if (halt_on_error) {
fail_wait();
}
}
show_memory();
return ret;
} /* error_check */
/*****************************************************************************/
/* wolfSSL error_check_ssl */
/* Parameters: */
/* ssl is the current WOLFSSL object pointer */
/* halt_on_error set to true to suspend operations for critical error */
/* message is expected to be a memory-efficient F("") macro string */
/*****************************************************************************/
int error_check_ssl(WOLFSSL* ssl, int this_ret, bool halt_on_error,
const __FlashStringHelper* message) {
int err = 0;
if (ssl == NULL) {
Serial.println(F("ssl is Null; Unable to allocate SSL object?"));
#ifndef DEBUG_WOLFSSL
Serial.println(F("Define DEBUG_WOLFSSL in user_settings.h for more."));
#else
Serial.println(F("See wolfssl/wolfcrypt/error-crypt.h for codes."));
#endif
Serial.print(F("ERROR: "));
Serial.println(message);
show_memory();
if (halt_on_error) {
fail_wait();
}
}
else {
err = wolfSSL_get_error(ssl, this_ret);
if (err == WOLFSSL_SUCCESS) {
Serial.print(F("Success m: "));
Serial.println(message);
}
else {
if (err < 0) {
wolfSSL_ERR_error_string(err, errBuf);
Serial.print(F("WOLFSSL Error: "));
Serial.print(err);
Serial.print(F("; "));
Serial.println(errBuf);
}
else {
Serial.println(F("Success: ssl object."));
}
}
}
return err;
}
/*****************************************************************************/
/*****************************************************************************/
/* Arduino loop() */
/*****************************************************************************/
/*****************************************************************************/
void loop() {
char errBuf[80] = "(no error";
char reply[80] = "(no reply)";
const char msg[] = "I hear you fa shizzle!";
const char* cipherName;
int input = 0;
int replySz = 0;
int retry_shutdown = SHUTDOWN_DELAY_MS; /* max try, once per millisecond */
int ret = 0;
IPAddress broadcast_address(255, 255, 255, 255);
/* Listen for incoming client requests. */
client = server.available();
if (client) {
Serial.println("Have Client");
while (!client.connected()) {
/* wait for the client to actually connect */
delay(10);
}
Serial.print("Client connected from remote IP: ");
Serial.println(client.remoteIP());
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
Serial.println("Unable to allocate SSL object");
fail_wait();
}
ret = wolfSSL_accept(ssl);
if (ret != WOLFSSL_SUCCESS) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Accept Error: ");
Serial.println(errBuf);
}
cipherName = wolfSSL_get_cipher(ssl);
Serial.print("SSL cipher suite is ");
Serial.println(cipherName);
Serial.print("Server Read: ");
while (!client.available()) {
/* wait for data */
}
/* read data */
while (wolfSSL_pending(ssl)) {
input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
if (input < 0) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Read Error: ");
Serial.println(errBuf);
break;
}
else if (input > 0) {
replySz = input;
reply[input] = '\0';
Serial.print(reply);
}
else {
Serial.println("<end of reply, input == 0>");
}
}
/* Write our message into reply buffer to send */
memset(reply, 0, sizeof(reply));
memcpy(reply, msg, sizeof(msg));
replySz = strnlen(reply, sizeof(reply));
Serial.println("Sending reply...");
if ((wolfSSL_write(ssl, reply, replySz)) != replySz) {
ret = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(ret, errBuf);
Serial.print("TLS Write Error: ");
Serial.println(errBuf);
}
else {
Serial.println("Reply sent!");
}
Serial.println("Shutdown!");
do {
delay(1);
retry_shutdown--;
ret = wolfSSL_shutdown(ssl);
} while ((ret == WOLFSSL_SHUTDOWN_NOT_DONE) && (retry_shutdown > 0));
if (retry_shutdown <= 0) {
/* if wolfSSL_free is called before properly shutting down the
* ssl object, undesired results may occur. */
Serial.println("Warning! Shutdown did not properly complete.");
}
wolfSSL_free(ssl);
Serial.println("Connection complete.");
if (REPEAT_CONNECTION) {
Serial.println();
Serial.println("Waiting for next connection.");
}
else {
client.stop();
Serial.println("Done!");
while (1) {
/* wait forever if not repeating */
delay(100);
}
}
}
else {
/* Serial.println("Client not connected. Trying again..."); */
}
delay(100);
} /* Arduino loop repeats */

2
IDE/ARDUINO/sketches/wolfssl_version/README.md
View File

@@ -1,3 +1,5 @@
# Arduino Basic Hello World
This example simply compiles in wolfSSL and shows the current version number.
NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499

24
IDE/ARDUINO/sketches/wolfssl_version/wolfssl_version.ino
View File

@@ -1,24 +0,0 @@
#include <Arduino.h>
#include <wolfssl.h>
#include <wolfssl/version.h>
/* Choose a monitor serial baud rate: 9600, 14400, 19200, 57600, 74880, etc. */
#define SERIAL_BAUD 115200
/* Arduino setup */
void setup() {
Serial.begin(SERIAL_BAUD);
while (!Serial) {
/* wait for serial port to connect. Needed for native USB port only */
}
Serial.println(F(""));
Serial.println(F(""));
Serial.println(F("wolfSSL setup complete!"));
}
/* Arduino main application loop. */
void loop() {
Serial.print("wolfSSL Version: ");
Serial.println(LIBWOLFSSL_VERSION_STRING);
delay(60000);
}

33
IDE/ARDUINO/wolfssl-arduino.cpp Normal file
View File

@@ -0,0 +1,33 @@
/* wolfssl-arduino.cpp
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <Arduino.h>
#include "wolfssl.h"
/* Function to allow wolfcrypt to use Arduino Serial.print for debug messages.
* See wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s)
{
/* Reminder: Serial.print is only available in C++ */
Serial.println(F(s));
return 0;
};

101
IDE/ARDUINO/wolfssl-arduino.sh
View File

@@ -20,7 +20,7 @@
# Reminder there's typically no $USER for GitHub actions, but:
# ROOT_DIR="/mnt/c/Users/$USER/Documents/Arduino/libraries"
#
# The company name is "wolfSSL Inc."; Theres a space, no comma, and a period after "Inc."
# The company name is "wolfSSL Inc."; There's a space, no comma, and a period after "Inc."
# The Arduino library name is "wolfssl" (all lower case)
# The Arduino library directory name is "wolfssl" (all lower case)
# The Arduino library include file is "wolfssl.h" (all lower case)
@@ -70,6 +70,9 @@ if [ "$ROOT_DIR" = "" ]; then
exit 1
fi
ARDUINO_ROOT="$HOME/Arduino/libraries"
# Check environment
if [ -n "$WSL_DISTRO_NAME" ]; then
# we found a non-blank WSL environment distro name
@@ -78,8 +81,6 @@ if [ -n "$WSL_DISTRO_NAME" ]; then
if echo "$current_path" | grep -Eq "^$pattern"; then
# if we are in WSL and shared Windows file system, 'ln' does not work.
ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
else
ARDUINO_ROOT="$HOME/Arduino/libraries"
fi
fi
echo "The Arduino library root is: $ARDUINO_ROOT"
@@ -106,21 +107,31 @@ if [ $# -gt 0 ]; then
else
echo "Installing to $THIS_INSTALL_DIR"
if [ -d "$THIS_INSTALL_DIR/.git" ];then
echo "Target is a GitHub repository."
echo "Target is a GitHub root repository."
THIS_INSTALL_IS_GITHUB="true"
else
echo "Target is NOT a GitHub repository."
echo "Target is NOT a GitHub root directory repository. (e.g. not wolfssl/Arduino-wolfssl)"
fi
fi
else
echo "Error: not a valid operation: $THIS_OPERATION"
exit 1
fi
else
echo "INSTALL parameter not specified. Installing to ROOT_DIR=$ROOT_DIR"
fi
ROOT_SRC_DIR="${ROOT_DIR}/src"
EXAMPLES_DIR="${ROOT_DIR}/examples"
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
EXTRA_EXAMPLES_DIR="${WOLFSSL_EXAMPLES_ROOT}/Arduino"
echo "EXTRA_EXAMPLES_DIR=$EXTRA_EXAMPLES_DIR"
else
echo "There are additional examples at https://github.com/wolfSSL/wolfssl-examples"
echo "Set WOLFSSL_EXAMPLES_ROOT to your local directory to include those examples."
fi
WOLFSSL_SRC="${ROOT_SRC_DIR}/src"
WOLFSSL_HEADERS="${ROOT_SRC_DIR}/wolfssl"
WOLFCRYPT_ROOT="${ROOT_SRC_DIR}/wolfcrypt"
@@ -141,8 +152,16 @@ OPENSSL_DIR_TOP="${WOLFSSL_HEADERS_TOP}/openssl"
WOLFSSL_VERSION=$(grep -i "LIBWOLFSSL_VERSION_STRING" ${TOP_DIR}/wolfssl/version.h | cut -d '"' -f 2)
if [ "$WOLFSSL_VERSION" = "" ]; then
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
exit 1
echo "Current user: [$USER]"
if [ "$USER" = "" ] || [ "$USER" = "runner" ]; then
# Typically when there's no user, it is a GitHub workflow. It is not guaranteed to be "runner"
echo "No USER found, no version.h found. Setting Version text to [GitHub] for assumed workflow."
WOLFSSL_VERSION="GitHub"
else
echo "ERROR: Could not find wolfSSL Version in ${TOP_DIR}/wolfssl/version.h"
echo "Check autogen.sh and configure"
exit 1
fi
else
echo "Found wolfSSL version $WOLFSSL_VERSION"
echo "# WOLFSSL_VERSION_ARUINO_SUFFIX $WOLFSSL_VERSION_ARUINO_SUFFIX"
@@ -235,26 +254,46 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
$CP_CMD "${OPENSSL_DIR_TOP}"/* ."${OPENSSL_DIR}" || exit 1
# Finally, copy the Arduino-specific wolfssl library files into place: [lib]/src
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h
$CP_CMD ./wolfssl.h ".${ROOT_SRC_DIR}"/wolfssl.h || exit 1
$CP_CMD ./wolfssl-arduino.cpp ".${ROOT_SRC_DIR}"/wolfssl-arduino.cpp || exit 1
unset NO_ARDUINO_EXAMPLES
echo "Copy examples...."
# Copy examples
mkdir -p ".${ROOT_SRC_DIR}"/examples
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD ./sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD ./sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
echo "Copy template example...."
mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/template.ino ".${EXAMPLES_DIR}"/template/template.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/README.md ".${EXAMPLES_DIR}"/template/README.md || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.c ".${EXAMPLES_DIR}"/template/wolfssl_helper.c || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_helper.h ".${EXAMPLES_DIR}"/template/wolfssl_helper.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/wolfssl_library.h ".${EXAMPLES_DIR}"/template/wolfssl_library/wolfssl_library.h || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/template/wolfssl_library/src/wolfssl_library.cpp ".${EXAMPLES_DIR}"/template/wolfssl_library/src/wolfssl_library.cpp || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD ./sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD ./sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_AES_CTR example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD ./sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD ./sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
echo "Copy wolfssl_client example...."
mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md ".${EXAMPLES_DIR}"/wolfssl_client/README.md || exit 1
echo "Copy wolfssl_server example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_server
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md ".${EXAMPLES_DIR}"/wolfssl_server/README.md || exit 1
echo "Copy wolfssl_version example...."
mkdir -p .${EXAMPLES_DIR}/wolfssl_version
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
$CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md ".${EXAMPLES_DIR}"/wolfssl_version/README.md || exit 1
else
NO_ARDUINO_EXAMPLES=1
fi
else
echo "ERROR: You must be in the IDE/ARDUINO directory to run this script"
exit 1
@@ -273,6 +312,8 @@ fi
# as an Arduino-specific README.md file.
VERSION_PLACEHOLDER="\${WOLFSSL_VERSION}"
ARDUINO_VERSION_SUFFIX_PLACEHOLDER="\${WOLFSSL_VERSION_ARUINO_SUFFIX}"
# This is the SOURCE to prepend. Note the OUTPUT is PREPENDED_README.md later copied to README.md
PREPEND_FILE="Arduino_README_prepend.md"
PROPERTIES_FILE_TEMPLATE="library.properties.template"
sed s/"$VERSION_PLACEHOLDER"/"$WOLFSSL_VERSION"/ "$PREPEND_FILE" > "$PREPEND_FILE.tmp"
@@ -325,12 +366,24 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
echo "Removing workspace library directory: .$ROOT_DIR"
rm -rf ".$ROOT_DIR"
else
echo "Installing to local directory:"
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
echo "Installing to local directory:"
if [ "$THIS_INSTALL_DIR" = "" ]; then
echo "mv .$ROOT_DIR $ARDUINO_ROOT"
mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
else
echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
mkdir -p "$THIS_INSTALL_DIR" || exit 1
cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
fi
fi
fi
if [ -n "$NO_ARDUINO_EXAMPLES" ]; then
echo ""
echo "WARNING: No examples copied. Set WOLFSSL_EXAMPLES_ROOT as appropriate."
echo ""
fi
echo "Done!"

26
IDE/ARDUINO/wolfssl.h
View File

@@ -1,6 +1,6 @@
/* wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -22,18 +22,28 @@
/* Edit with caution. This is an Arduino-library specific header for wolfSSL */
#ifndef WOLFSSL_USER_SETTINGS
/* Should already be defined in settings.h for #if defined(ARDUINO) */
#define WOLFSSL_USER_SETTINGS
#endif
#include <Arduino.h>
/* wolfSSL user_settings.h must be included from settings.h */
/* wolfSSL user_settings.h must be included from settings.h
* Make all configurations changes in user_settings.h
* Do not edit wolfSSL `settings.h` or `config.h` files.
* Do not explicitly include user_settings.h in any source code.
* Each Arduino sketch that uses wolfSSL must have: #include "wolfssl.h"
* C/C++ source files can use: #include <wolfssl/wolfcrypt/settings.h>
* The wolfSSL "settings.h" must be included in each source file using wolfSSL.
* The wolfSSL "settings.h" must be listed before any other wolfSSL include.
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
int wolfSSL_Arduino_Serial_Print(const char *const s)
{
/* See wolfssl/wolfcrypt/logging.c */
Serial.println(F(s));
return 0;
};
#ifndef WOLFSSL_ARDUINO_H
#define WOLFSSL_ARDUINO_H
/* Declare a helper function to be used in wolfssl/wolfcrypt/logging.c */
int wolfSSL_Arduino_Serial_Print(const char* const s);
#endif /* WOLFSSL_ARDUINO_H */

4
IDE/AURIX/Cpu0_Main.c
View File

@@ -1,6 +1,6 @@
/* Cpu0_Main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -63,7 +63,7 @@ int fputc(int ch, FILE *f)
if (ch == (int)'\n') {
int chcr = (int)'\r';
count = 1;
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
IfxAsclin_Asc_write(&g_asc, &chcr, &count, TIME_INFINITE);
}
count = 1;
IfxAsclin_Asc_write(&g_asc, &ch, &count, TIME_INFINITE);

2
IDE/AURIX/README.md
View File

@@ -9,7 +9,7 @@ Tested Platform:
## Running wolfCrypt on TriCore
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
1) Add the wolfSSL source and headers to `Libraries/wolfssl`.
- Only the following folders are required: `src`, `wolfcrypt` and `wolfssl`.
- See script to help with producing bundle here: https://github.com/wolfSSL/wolfssl/blob/master/scripts/makedistsmall.sh
2) Add `WOLFSSL_USER_SETTINGS` to the Preprocessing symbols list. C/C++ Build -> Settings -> TASKING C/C++ Compiler -> Preprocessing.

2
IDE/AURIX/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/AURIX/wolf_main.c
View File

@@ -1,6 +1,6 @@
/* wolf_main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

7
IDE/CRYPTOCELL/main.c
View File

@@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,8 +18,8 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
#include <wolfcrypt/benchmark/benchmark.h>
@@ -63,4 +63,3 @@ int main(void)
return 0;
}

2
IDE/CRYPTOCELL/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/deos_malloc.c
View File

@@ -1,6 +1,6 @@
/* deos_malloc.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/tls_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* tls_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/DEOS/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/client_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* client_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.c
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/server_wolfssl.h
View File

@@ -1,6 +1,6 @@
/* server_wolfssl.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_setting.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/RTTHREAD/wolfssl_test.c
View File

@@ -1,6 +1,6 @@
/* wolfsslRunTests.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/ECLIPSE/SIFIVE/README.md
View File

@@ -1 +1 @@
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.
This folder has moved to `IDE/RISCV/SIFIVE-HIFIVE1`.

47
IDE/Espressif/ESP-IDF/README.md
View File

@@ -1,11 +1,12 @@
# ESP-IDF Port
These Espressif examples have been created and tested with the latest stable release branch of
[ESP-IDF V5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html).
These Espressif examples have been created and tested with the latest stable release branch of
ESP-IDF v5.2, v5.3 and the master branch
See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html).
The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended.
Espressif has [a list of all ESP-IDF versions](Espressifversions.html).
See the latest Espressif Migration Guides.
## Examples
@@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below.
### File: `sdkconfig.h`
The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig`
file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html)
file at [build](Espressif api-guides/build-system.html)
time, should be included before any other files.
### File: `user_settings.h`
@@ -101,7 +102,7 @@ of your source code, particularly before the `#include <wolfssl/wolfcrypt/settin
## Requirements
1. [ESP-IDF development framework](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/)
1. [ESP-IDF development framework](https://github.com/espressif/esp-idf)
## wolfSSL as an Espressif component
@@ -113,7 +114,7 @@ There are various methods available for using wolfSSL as a component:
## Espressif Managed Components
Visit https://components.espressif.com/components/wolfssl/wolfssl and see the instructions. Typically:
Visit https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ and see the instructions. Typically:
```
idf.py add-dependency "wolfssl/wolfssl^5.6.0-stable"
@@ -140,10 +141,18 @@ See the specific examples for additional details.
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
1. Run `setup.sh` at _/path/to_`/wolfssl/IDE/Espressif/ESP-IDF/` to deploy files into ESP-IDF tree
2. Find Wolfssl files at _/path/to/esp_`/esp-idf/components/wolfssl/`
3. Find [Example Programs](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) under _/path/to/esp_`/esp-idf/examples/protocols/wolfssl_xxx` (where xxx is the project name)
```
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
. $WRK_IDF_PATH/export.sh
./setup.sh
```
## Setup for Windows
This is an alternate method for installation. It is recommended to use the new `CMakeLists.txt` to point to wolfSSL source code.
@@ -169,7 +178,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
## Configuration
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`.
## Configuration (Legacy IDF install)
@@ -183,13 +192,13 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre
For question please email [support@wolfssl.com]
Note: This is tested with :
Note: This is tested with :
- OS: Ubuntu 20.04.3 LTS
- Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715
- Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777)
- WSL 1 Ubuntu 22.04.3 LTS
- ESP-IDF: ESP-IDF v5.1
- SoC Module : all those supported in ESP-IDF v5.1
- ESP-IDF: ESP-IDF v5.2
- SoC Module : all those supported in ESP-IDF v5.2
## JTAG Debugging Notes
@@ -226,3 +235,15 @@ ftdi layout_signal nSRST -data 0x0020
reset_config srst_push_pull trst_push_pull
```
## Windows long paths
Check "Long Paths Enabled" in Windows registry.
Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1.
The operation requires Administrator privileges. Command:
```powershell
powershell -Command "&{ Start-Process -FilePath reg 'ADD HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f' -Verb runAs}"
```

2
IDE/Espressif/ESP-IDF/README_32se.md
View File

@@ -10,7 +10,7 @@ Including the following examples:
The `user_settings.h` file enables some of the hardened settings.
## Requirements
1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/
1. ESP-IDF development framework: https://github.com/espressif/esp-idf
2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib

2
IDE/Espressif/ESP-IDF/dummy_config_h
View File

@@ -1,6 +1,6 @@
/* config.h - dummy
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

2
IDE/Espressif/ESP-IDF/dummy_test_paths.h
View File

@@ -1,6 +1,6 @@
/* wolfcrypt/test/test_paths.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*

17
IDE/Espressif/ESP-IDF/examples/README.md
View File

@@ -12,7 +12,7 @@ These are the core examples for wolfSSL:
- [TLS Client](./wolfssl_client/README.md). See also [CLI Client](https://github.com/wolfSSL/wolfssl/tree/master/examples/client) and [more TLS examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/tls).
- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
- [TLS Server](./wolfssl_server/README.md). See also [CLI Server](https://github.com/wolfSSL/wolfssl/tree/master/examples/server)
## Other Espressif wolfSSL Examples
@@ -44,7 +44,7 @@ TLS1.3 Linux Client to Linux Server: `TLS_AES_128_GCM_SHA256` (default)
./examples/client/client -v 4 -h 127.0.0.1 -p 11111 -A ./certs/ca-cert.pem
```
TLS1.2 Linux Server
TLS1.2 Linux Server
```
./examples/server/server -v 3 -b -d -p 11111 -c ./certs/server-cert.pem -k ./certs/server-key.pem
```
@@ -71,14 +71,14 @@ There's an additional example that uses wolfSSL installed as a component to the
## Installing wolfSSL for Espressif projects
[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
[Core examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
have a local `components/wolfssl` directory with a special CMakeFile.txt that does not require
wolfSSL to be installed.
If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux)
and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux).
The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl)
The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/)
also installs source code locally, instead of pointing to a source repository.
## VisualGDB
@@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've
- esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058)
See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf).
See also the `ESP-FAQ Handbook`.

91
IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
View File

@@ -1,10 +1,19 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -22,34 +31,63 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -64,10 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_template)
message(STATUS "end project")

14
IDE/Espressif/ESP-IDF/examples/template/Makefile Normal file
View File

@@ -0,0 +1,14 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
CFLAGS += -DWOLFSSL_USER_SETTINGS
# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
PROJECT_NAME := wolfssl_template
include $(IDF_PATH)/make/project.mk

12
IDE/Espressif/ESP-IDF/examples/template/README.md
View File

@@ -7,11 +7,11 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
### Prerequisites
It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed.
It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed.
### Files Included
- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
- [main.c](./main/main.c) with a simple call to an Espressif library (`ESP_LOGI`) and a call to a wolfSSL library (`esp_ShowExtendedSystemInfo`) .
- See [components/wolfssl/include](./components/wolfssl/include/user_settings.h) directory to edit the wolfSSL `user_settings.h`.
@@ -19,7 +19,7 @@ It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-
- The [components/wolfssl/CMakeLists.txt](./components/wolfssl/CMakeLists.txt) typically does not need to be changed.
- Optional [VisualGDB Project](./VisualGDB/wolfssl_template_IDF_v5.1_ESP32.vgdbproj) for Visual Studio using ESP32 and ESP-IDF v5.1.
- Optional [VisualGDB Project](./VisualGDB/README.md) for Visual Studio using ESP32 and ESP-IDF v5.2. See also [template](../template/VisualGDB/README.md) for other devices.
- Edit the project [CMakeLists.txt](./CMakeLists.txt) to optionally point this project's wolfSSL component source code at a different directory:
@@ -30,12 +30,12 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source")
## Getting Started:
Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html).
Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html).
Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory.
```
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
echo "Run export.sh from ${WRK_IDF_PATH}"
. ${WRK_IDF_PATH}/export.sh
@@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200
idf.py flash -p /dev/ttyS19 -b 115200 monitor
```
Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html).
Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html).
## Other Examples:

644
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -19,18 +19,148 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.6.0.011 for detect test/benchmark
# Version 5.7.2 Espressif ESP-IDF integration
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
# find the user name to search for possible "wolfssl-username"
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
# Normalize the paths to remove any trailing slashes
get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH)
get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
# Check if the test path starts with the IDF_PATH
string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
if(${pos} EQUAL 0)
message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
set(${RESULT} 1 PARENT_SCOPE)
else()
message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
set(${RESULT} 0 PARENT_SCOPE)
endif()
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
if( IS_WOLSSL_ESP_IDF_COMPONENT )
message(STATUS "This wolfSSL is a component in ESP-IDF.")
if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
idf_component_register()
message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
return()
endif()
endif()
if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
# nothing to do
else()
# Only forward slashes, or double backslashes are supported.
# By the time we get here the sdkconfig file has a value for wolfSSL source code root.
string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Don't include lwip requirement for benchmark and test apps.
if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# ENVIRONMENT_VAR_TO_MACRO
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
else()
if(DEFINED ENV{${EVARPARAM}})
message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
else()
message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
endif()
endif()
endfunction()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
endif()
endfunction()
# *********************************************************************************************
# function: FIND_WOLFSSL_DIRECTORY
# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
#
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
# The parameter is empty, so we certainly need to search.
# First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
# Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
else()
message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
# If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
# This wolfSSL component CMakeLists.txt may be found EITHER in:
# 1) local project component
# 2) ESP-IDF share components
# We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
# That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
# Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
endif() # check environment var blank
else()
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif() # parameter empty
# Check to see if we found a path in environment or config settings, above.
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "Source for wolfSSL not specified in path nor config settings.")
# We'll continue the search by recursing up the directory tree, below.
else()
# Setting found! Does it contain a valid path?
string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
if(WIN32)
message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
endif()
message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
endif()
endif()
# we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
return()
endif()
# Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
if( THIS_USER )
# Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
#if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl-master"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
# when the search directory is empty, we'll give up
# When the parent is current directory, cannot go any further. We didn't find wolfssl.
# When the search directory is empty, we'll give up.
set(CURRENT_SEARCH_DIR "")
endif()
endwhile()
@@ -154,17 +380,64 @@ endfunction()
# Example usage:
#
# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
#
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check for environment variable that may be assigned to macros
ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES for esp8266:")
message(STATUS "THIS_INCLUDE_DRIVER: '${THIS_INCLUDE_DRIVER}'")
message(STATUS "THIS_INCLUDE_TIMER: '${THIS_INCLUDE_TIMER}'")
message(STATUS "Early expansion INCLUDE for esp8266:")
message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
set(THIS_ESP_TLS "")
set(THIS_INCLUDE_DRIVER "")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_PTHREAD "pthread")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_ESP_TLS "esp-tls")
set(THIS_INCLUDE_DRIVER "driver")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_PTHREAD "")
# Let the app know that we've included the esp-tls component requirement.
# This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
# esp_timer
# driver # this will typically only be needed for wolfSSL benchmark
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_PTHREAD}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
@@ -173,48 +446,99 @@ else()
message(STATUS "wolfssl component config:")
message(STATUS "************************************************************************************************")
if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
# There's no esp_timer, no driver components for the ESP8266
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
if(FOUND_WOLFSSL)
message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
else()
# WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
"Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
# Abort CMake after fatal error.
endif()
else()
message(STATUS "NEW wolfssl directory not found.")
message(STATUS "Source code for wolfSSL still not found.")
message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
# Try to allow a more intuitive error that the source code was not found in cmake:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
message(STATUS "Failed: wolfssl source code directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
"Try setting WOLFSSL_ROOT environment variable or git clone.")
message(STATUS "")
message(STATUS "")
message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
message(STATUS "")
message(STATUS "")
# Abort CMake after fatal error. (or not?)
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
# During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
set(USE_LOCAL_TEST_BENCH 0)
if(NOT USE_LOCAL_TEST_BENCH)
if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
endif()
endif()
message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
"\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
) # COMPONENT_SRCDIRS
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h may be in the local project.
# TODO check if exists and possibly set to ESP-IDF
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
file(GLOB EXCLUDE_ASM *.S)
file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
message(STATUS "")
message(STATUS "**************************************************************************************")
message(STATUS "")
message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -291,6 +616,7 @@ else()
message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
"${WOLFSSL_ROOT}/include/user_settings.h "
" (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
# Abort CMake after fatal error.
else()
# we won't overwrite an existing user settings file, just note that we already have one:
if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,13 +688,14 @@ else()
message(STATUS "Could not find RTOS path")
endif()
endif()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"./include" # this is the location of local project wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
"${THIS_IDF_PATH}/components/esp_event/include"
@@ -374,7 +703,7 @@ else()
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
# Optionally include cryptoauthlib if present
if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
endif()
@@ -383,7 +712,7 @@ else()
list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
# Some files are known to be included elsewhere, or not used for Espressif
set(COMPONENT_SRCEXCLUDE
"\"${WOLFSSL_ROOT}/src/bio.c\""
"\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,6 +728,8 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -409,6 +740,7 @@ else()
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
"\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
"\"${EXCLUDE_ASM}\""
)
@@ -430,22 +762,144 @@ else()
# see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
#
set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
)
# some optional diagnostics
if (1)
if(WOLFSSL_ROOT)
# Only register the component if we found wolfSSL source.
# This is important to allow Cmake to finish to completion, otherwise the UI
# may not be able to display the Kconfig settings to fix a bad or missing source.
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
# Register the component simply to allow CMake to complete, but there's no wolfSSL source.
# Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
idf_component_register()
message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
endif()
# function(WOLFSSL_INIT_CERT_BUNDLE)
if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
endif()
list(APPEND args --input ${crt_paths} -q)
message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
message(STATUS "crt_bundle ${crt_bundle}")
message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
# target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
endif()
# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
if ( ("${_variableName}" STREQUAL "bootloader_binary_files")
OR ("${_variableName}" STREQUAL "Component paths")
OR ("${_variableName}" STREQUAL "component_targets")
OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
OR ("${_variableName}" STREQUAL "val")
OR ("${_variableName}" MATCHES "^__idf_")
)
# Truncate the displayed value:
string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
else()
message(STATUS "${_variableName}=${${_variableName}}")
endif()
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
@@ -453,6 +907,12 @@ else()
endif()
# target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
endif()
endif() # CMAKE_BUILD_EARLY_EXPANSION
@@ -498,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -506,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")
# LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
"show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
endif()
# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
# Flag not found, append it
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
endif()
if(WOLFSSL_ROOT)
message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
# PlatformIO does not process script from from the Espressif cmake process.
# We need to know where wolfSSL source code was found, so save it in the
# PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}")
message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
# See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
if(CONFIG_ESP_TLS_USING_WOLFSSL)
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
else()
message(STATUS "wolfSSL will be used for ESP-TLS")
endif()
else()
message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
endif()
else()
message(STATUS "")
message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
message(STATUS "")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "ERROR: Could not find wolfSSL Source Code")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")

523
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig Normal file
View File

@@ -0,0 +1,523 @@
# Kconfig template
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for esp-idf integration
# Kconfig Format Rules
#
# See:
# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
#
# Format rules for Kconfig files are as follows:
#
# Option names in any menus should have consistent prefixes. The prefix
# currently should have at least 3 characters.
#
# The unit of indentation should be 4 spaces. All sub-items belonging to a
# parent item are indented by one level deeper. For example, menu is indented
# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
# text under help by 12 spaces.
#
# No trailing spaces are allowed at the end of the lines.
#
# The maximum length of options is NOT 50 characters as documented.
# kconfcheck will complain that options should be 40 at most.
#
# Fix option lengths first. Superfluous errors on other lines may occur.
#
# The maximum length of lines is 120 characters.
#
# python -m kconfcheck <path_to_kconfig_file>
#
# ---------------------------------------------------------------------------------------------------------------------
# Begin main wolfSSL configuration menu
# ---------------------------------------------------------------------------------------------------------------------
# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
menu "wolfSSL"
menu "Hardening"
config ESP_WOLFSSL_WC_NO_HARDEN
bool "Disable wolfSSL hardening"
default n
help
Sets WC_NO_HARDEN
config ESP_WOLFSSL_TFM_TIMING_RESISTANT
bool "Enable TFM Timing Resistant Code"
default n
help
Sets TFM_TIMING_RESISTANT.
endmenu # Hardening
config ESP_WOLFSSL_ENABLE_BENCHMARK
bool "Enable wolfSSL Benchmark Library"
default n
help
Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
menu "Benchmark Debug"
config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
bool "Enable benchmark timing debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
bool "Enable benchmark timer debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Turn on timer debugging (used when CPU cycles not available)
endmenu # Benchmark Debug
# -----------------------------------------------------------------------------------------------------------------
# wolfCrypt Test
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ENABLE_TEST
bool "Enable wolfCrypt Test Library"
default n
help
Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
menu "wolfCrypt tests"
config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
bool "Enable wolfCrypt Test Options"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables HAVE_WOLFCRYPT_TEST_OPTIONS
config TEST_ESPIDF_ALL_WOLFSSL
bool "Enable all features to use in tests"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables TEST_ESPIDF_ALL_WOLFSSL
endmenu # wolfCrypt tests
# -----------------------------------------------------------------------------------------------------------------
# Apple HomeKit Options
# -----------------------------------------------------------------------------------------------------------------
menu "Apple HomeKit"
config WOLFSSL_APPLE_HOMEKIT
bool "Enable Apple HomeKit options"
default n
help
Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
endmenu # Apple HomeKit
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_DISABLE_MY_ECC
bool "Disable ECC in my project"
default "n"
help
ECC is enabled by default. Select this option to disable.
config ESP_WOLFSSL_ENABLE_MY_USE_RSA
bool "Enable RSA in my project"
default "n"
help
RSA is disabled by default. Select this option to enable.
config ESP_WOLFSSL_BENCHMARK
bool "Enable wolfSSL Benchmark"
default n
help
Enables user settings relevant to benchmark code
config ESP_TLS_USING_WOLFSSL_SPECIFIED
bool "Use the specified wolfssl for ESP-TLS"
default Y
help
Includes wolfSSL from specified directory (not using esp-wolfssl).
config ESP_WOLFSSL_NO_USE_FAST_MATH
bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
select ESP_WOLFSSL_NO_HW
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
menu "Protocol Config"
config WOLFSSL_HAVE_ALPN
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
config WOLFSSL_ALLOW_TLS13
bool "Allow TLS 1.3"
default y
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_ALLOW_TLS12
bool "Allow TLS 1.2"
default n
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_HAVE_TLS_EXTENSIONS
bool "Enable TLS Extensions"
default y
help
Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
config WOLFSSL_ALT_CERT_CHAINS
bool "Enable Alternate Certificate Chains"
default n
help
The option relaxes the default strict wolfSSL certificate chain processing. This
will typically need to be enabled when loading only a CA file. Typically solves
the -188 ASN_NO_SIGNER_E error. Use with caution.
config WOLFSSL_HAVE_OCSP
bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
default n
help
Sets HAVE_OCSP
endmenu # Protocol Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config TLS_STACK_WOLFSSL
# Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
bool
default n
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
menu "wolfSSL ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
menu "Certificate Bundle"
depends on ESP_TLS_USING_WOLFSSL
config WOLFSSL_CERTIFICATE_BUNDLE
bool "Enable trusted root certificate bundle"
default y if ESP_TLS_USING_WOLFSSL
default n
depends on ESP_TLS_USING_WOLFSSL
help
Enable support for large number of default root certificates
When enabled this option allows user to store default as well
as customer specific root certificates in compressed format rather
than storing full certificate. For the root certificates the public key and the subject name
will be stored.
config WOLFSSL_NO_ASN_STRICT
bool "Relax Certificate ASN Strict Checks"
default n
depends on ESP_TLS_USING_WOLFSSL
help
Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
it is recommended to NOT enable this.
config WOLFSSL_ASN_ALLOW_0_SERIAL
bool "Allow cert missing an ASN Serial Number"
default y
depends on ESP_TLS_USING_WOLFSSL
help
Although not recommended, there may be certificates in the bundle that are missing
a serial number. This option allows the missing value without having to fully
disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
bool "Default certificate bundle options"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
bool "Use the full default certificate bundle"
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
bool "Use only the most common certificates from the default bundles"
help
Use only the most common certificates from the default bundles, reducing the size with 50%,
while still having around 99% coverage.
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
help
Name of the custom certificate directory or file. This path is evaluated
relative to the project root directory.
config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
bool "Add deprecated root certificates"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
help
Include the deprecated list of root certificates in the bundle.
This list gets updated when a certificate is removed from the Mozilla's
NSS root certificate store. This config can be enabled if you would like
to ensure that none of the certificates that were deployed in the product
are affected because of the update to bundle. In turn, enabling this
config keeps expired, retracted certificates in the bundle and it may
pose a security risk.
- Deprecated cert list may grow based based on sync with upstream bundle
- Deprecated certs would be be removed in ESP-IDF (next) major release
config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
int "Maximum no of certificates allowed in certificate bundle"
default 200
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
endmenu
endmenu # wolfSSL ESP-TLS
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
bool "Modify default hardware acceleration settings"
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
Typically used for debugging, analysis, or optimizations. The default
hardware acceleration features can be each manually adjusted.
menu "wolfSSL Hardware Acceleration"
config ESP_WOLFSSL_NO_ESP32_CRYPT
bool "Disable all ESP32 Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
Consider disabling FASTMATH (other libraries are faster in software and smaller)
config ESP_WOLFSSL_NO_HW_AES
bool "Disable all ESP32 AES Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.When selected defines: NO_HW_AES
config ESP_WOLFSSL_NO_HW_HASH
bool "Disable all ESP32 SHA Hash Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
config ESP_WOLFSSL_NO_HW_RSA_PRI
bool "Disable all ESP32 RSA Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
bool "Disable all ESP32 Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.
Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
bool "Enable debugging of RSA Multiplication operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
multiplication operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
bool "Enable debugging of RSA Modular operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
modular math operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Experimental Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Debug Options"
config ESP_WOLFSSL_DEBUG_WOLFSSL
bool "Enable wolfSSL Debugging"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Customization"
config CUSTOM_SETTING_WOLFSSL_ROOT
string "Enter a path for wolfSSL source code"
default "~/workspace/wolfssl"
help
This option lets you specify a directory for the wolfSSL source code (typically a git clone).
Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
(e.g., C:\\myfolder\\mysubfolder).
endmenu # wolfSSL Customization
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Component Config"
config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
bool "Ignore the ESP-IDF component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
config IGNORE_LOCAL_WOLFSSL_COMPONENT
bool "Ignore the local component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the local project components directory.
Requires wolfssl as a ESP-IDF component.
endmenu # Component Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Utility Config"
config USE_WOLFSSL_ESP_SDK_TIME
bool "Enable wolfSSL time helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
config USE_WOLFSSL_ESP_SDK_WIFI
bool "Enable wolfSSL WiFi helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
endmenu # Utility Config
endmenu # wolfSSL
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfSSH"
config ESP_ENABLE_WOLFSSH
bool "Enable wolfSSH options"
default n
help
Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
config ESP_WOLFSSL_DEBUG_WOLFSSH
bool "Enable wolfSSH debugging"
default n
help
Enable wolfSSH debugging macro. See user_settings.h
endmenu # wolfSSH
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfMQTT"
config ESP_ENABLE_WOLFMQTT
bool "Enable wolfMQTT options"
default n
help
Enables WOLFMQTT
config ESP_WOLFSSL_DEBUG_WOLFMQTT
bool "Enable wolfMQTT debugging"
default n
help
Enable wolfMQTT debugging macro. See user_settings.h
endmenu # wolfMQTT
# ---------------------------------------------------------------------------------------------------------------------

162
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md Normal file
View File

@@ -0,0 +1,162 @@
# wolfSSL Espressif Component
This is the directory for wolfSSL as an Espressif ESP-IDF component.
Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
## Directory Contents
This directory must contain, at a minimum:
- `CMakeLists.txt`
- `./include/user_settings.h`
The directory should also contain:
- `Kconfig`
- `component.mk`
The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
- A hard-coded `WOLFSSL_ROOT` cmake variable.
- `WOLFSSL_ROOT` Environment Variable
- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
- Any parent directories, up to the root (if this directory is a project component)
While recursing up the directory tree, the following names of wolfSSL directories will be considered:
- `wolfssl-[current user name]`
- `wolfssl-master`
- `wolfssl`
## Getting Started
See the `Espressif Getting Started Guide`.
```
# Set environment variable to ESP-IDF location
# For example, VisualGDB in WSL
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
# Or wherever the ESP-IDF is installed:
WRK_IDF_PATH=~/esp/esp-idf
echo "Run export.sh from ${WRK_IDF_PATH}"
. ${WRK_IDF_PATH}/export.sh
cd [your project]
idf.py menuconfig
```
Enable wolfSSL to be used in the ESP-TLS:
```
Component config --->
ESP-TLS --->
Choose SSL/TLS library for ESP-TLS (See help for more Info)
(X) wolfSSL (License info in wolfSSL directory README)
```
Adjust wolfSSL settings, such as path to source code as needed:
```
Component config --->
wolfSSL --->
[*] Include wolfSSL in ESP-TLS
[*] Use the specified wolfssl for ESP-TLS
(~/workspace/wolfssl) Enter a path for wolfSSL source code
```
## Configuration
All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
before any other wolfSSL headers, like this:
```c
/* ESP-IDF */
#include <esp_log.h>
#include "sdkconfig.h"
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#if defined(WOLFSSL_USER_SETTINGS)
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ESPIDF)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#endif
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
```
## Examples
See the wolfSSL examples:
- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
## Platforms
The ESP-IDF wolfSSL is also available for PlatformIO:
- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
The wolfSSL library can also be used for Espressif with Arduino:
- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
## Additional Information
- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
- [wolfSSL Products](https://www.wolfssl.com/products/)
- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
- [More...](https://www.wolfssl.com/?s=espressif)
## Contact
Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
## Licensing and Support
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)

306
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk Normal file
View File

@@ -0,0 +1,306 @@
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
$(info *********** wolfssl component ************)
#
# Component Makefile
#
#
# The Espressif Managed Components are only for newer versions of the ESP-IDF
# Typically only for ESP32[-x] targets and only for ESP-IDF v4.3 or later:
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-component-manager.html
# https://components.espressif.com/
#
# Usage:
#
# make flash
#
# make flash ESPPORT=/dev/ttyS55
#
# make flash ESPBAUD=9600
#
# make monitor ESPPORT=COM1
#
# make monitor ESPPORT=/dev/ttyS55 MONITORBAUD=115200
#
# export ESPPORT=/dev/ttyS55
#
# https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html
#
# Although the project should define WOLFSSL_USER_SETTINGS, we'll also
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
# Note that 4 source files created by autogen are excluded here.
#
# See these files commented out, below. Adjust as needed for your application:
#
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
# In the wolfSSL GitHub examples for Espressif:
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here (the location of of this component.mk):
#
WOLFSSL_ROOT ?= ../../../../../../..
THIS_DIR := $(shell pwd)
WOLFSSL_ROOT_OBJ := $(THIS_DIR)
# When running make from commandline or VisualGDB, the current path varies:
ifeq ("$(VISUALGDB_DIR)","")
# current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
else
# current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
endif
# To set the location of a different location, it is best to use relative paths.
#
# Set WOLFSSL_ROOT to a relative path from the current component directory.
# For example, if the wolfssl_client is copied from the examples to test:
#
# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
#
# we run make in /mnt/c/test/demo
# component is in /mnt/c/test/demo/components/wolfssl
# wolfssl is in /mnt/c/workspace/wolfssl-master
#
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[current directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# Optional CFLAGS (make works without these; for reference only)
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
$(info THIS_DIR defined: $(THIS_DIR))
$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
# wolfSSL
COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
# wolfcrypt
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
# Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
##
## wolfSSL
##
## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
##
# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # part of ssl.c, omitted to avoid "does not need to be compiled separately"
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
# COMPONENT_OBJS += src/ssl_asn1.o
# COMPONENT_OBJS += src/ssl_bn.o
# COMPONENT_OBJS += src/ssl_certman.o
# COMPONENT_OBJS += src/ssl_crypto.o
# COMPONENT_OBJS += src/ssl_misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o # part of ssl.c
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
##
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
##
## Espressif
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
##
## wolfcrypt benchmark (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
##
## wolfcrypt test (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
$(info ********** end wolfssl component **********)

576
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
/* wolfssl-component include/user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,19 +18,57 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* Examples such as test and benchmark are known to cause watchdog timeouts.
* Note this is often set in project Makefile:
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
#define WOLFSSL_ESP_NO_WATCHDOG 1
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here
* Do not include any wolfssl headers here.
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
* ensure all examples match. The template example is the reference.
*/
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* Naming convention: (see also esp32-crypt.h for the reference source).
*
* CONFIG_
* This prefix indicates the setting came from the sdkconfig / Kconfig.
*
* May or may not be related to wolfSSL.
*
* The name after this prefix must exactly match that in the Kconfig file.
*
* WOLFSSL_
* Typical of many, but not all wolfSSL macro names.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* May or may not have a corresponding sdkconfig / Kconfig control.
*
* ESP_WOLFSSL_
* These are NOT valid wolfSSL macro names. These are names only used in
* the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
* suffix added. See next section.
*
* CONFIG_ESP_WOLFSSL_
* This is a wolfSSL-specific macro that has been defined in the ESP-IDF
* via the sdkconfig / menuconfig. Any text after this prefix should
* exactly match an existing wolfSSL macro name.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* These macros may also be specific to only the project or environment,
* and possibly not used anywhere else in the wolfSSL libraries.
*/
/* The Espressif sdkconfig will have chipset info.
**
@@ -46,33 +84,264 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
#define NO_ESP_SDK_WIFI
/* Test various user_settings between applications by selecting example apps
* in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
/* Turn on messages that are useful to see only in examples. */
#define WOLFSSL_EXAMPLE_VERBOSITY
/* Paths can be long, ensure the entire value printed during debug */
#define WOLFSSL_MAX_ERROR_SZ 500
/* wolfSSL Examples: set macros used in example applications.
*
* These Settings NOT available in ESP-IDF (e.g. esp-tls)
*
* Any settings needed by ESP-IDF components should be explicitly set,
* and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
*
* ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfSSH Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfMQTT Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfTPM Examples */
#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
/* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Apple HomeKit Examples */
#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* See https://github.com/AchimPieters/esp32-homekit-demo */
/* no example selected */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
/* We'll assume the app needs to use wolfSSL sdk lib function */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Other applications detected by cmake */
#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
/* The wolfSSL Version of the client example */
#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
/* Less memory available, so smaller key sizes: */
#define FP_MAX_BITS (4096 * 2)
#else
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#elif defined(APP_ESP_HTTP_CLIENT)
/* The ESP-IDF Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#else
#ifdef WOLFSSL_ESPIDF
/* #warning "App config undetected" */
#endif
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#if 0
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define NO_SESSION_CACHE
#endif
#endif
/* Enable AES for all examples */
#ifdef NO_AES
#warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
#else
#define WOLFSSL_AES
#define WOLFSSL_AES_COUNTER
/* Typically only needed for wolfssl_test, see docs. */
#define WOLFSSL_AES_DIRECT
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
#define USE_CERT_BUFFERS_2048
/* The Espressif sdkconfig will have chipset info.
**
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
** CONFIG_IDF_TARGET_ESP32S3
** CONFIG_IDF_TARGET_ESP32C3
** CONFIG_IDF_TARGET_ESP32C6
*/
/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#endif /* Apple HomeKit settings */
/* Used by ESP-IDF components: */
#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
/* The ESP-TLS */
#ifndef FP_MAX_BITS
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP8266)
/* Optionally set smaller size here */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#else
#define FP_MAX_BITS (4096 * 2)
#endif
#endif
#define HAVE_ALPN
#ifndef CONFIG_IDF_TARGET_ESP8266
/* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
* API for SNI will not be seen in the components/esp-tls layer.
* Only enable SNI for non-ESP8266 targets by default: */
#define HAVE_SNI
#endif
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#endif
/* Optionally enable some wolfSSH settings */
#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
/* Enable wolfSSH. Espressif examples need a few more settings, below */
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
/* optional debug */
/* #undef DEBUG_WOLFSSH */
/* #define DEBUG_WOLFSSH */
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/*
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*
* following ifdef detection only for syntax highlighting:
*/
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32
#ifdef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESPWROOM32SE
#endif
#ifdef WOLFSSL_ESP8266
#undef WOLFSSL_ESP8266
#endif
#ifdef WOLFSSL_ESP32
#undef WOLFSSL_ESP32
#endif
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
#define SINGLE_THREADED
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
@@ -92,9 +361,6 @@
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
/* #define WOLFSSL_NOSHA512_256 */
@@ -109,14 +375,43 @@
#define BENCH_EMBEDDED
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_HKDF
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
/* May be required */
#ifndef HAVE_AEAD
#endif
/* Required for ECC */
#define HAVE_SUPPORTED_CURVES
/* Required for RSA */
#define WC_RSA_PSS
/* TLS 1.3 normally requires HAVE_FFDHE */
#if defined(HAVE_FFDHE_2048) || \
defined(HAVE_FFDHE_3072) || \
defined(HAVE_FFDHE_4096) || \
defined(HAVE_FFDHE_6144) || \
defined(HAVE_FFDHE_8192)
#else
#define HAVE_FFDHE_2048
/* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
/* Optionally set smaller size here */
#ifdef HAVE_FFDHE_4096
/* this size may be problematic on the C2 */
#endif
#define HAVE_FFDHE_2048
#else
#define HAVE_FFDHE_4096
#endif
#define NO_FILESYSTEM
@@ -133,29 +428,64 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* Some known low-memory devices have features not enabled by default. */
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
/* #define WOLFSSL_SHA3 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#endif
#define HAVE_ED25519
#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
#define MY_USE_ECC 0
#define MY_USE_RSA 1
#else
#define MY_USE_ECC 1
#define MY_USE_RSA 0
#endif
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* We can use either or both ECC and RSA, but must use at least one. */
#if MY_USE_ECC || MY_USE_RSA
#if MY_USE_ECC
/* ---- ECDSA / ECC ---- */
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_SHA512
/*
#define HAVE_ECC384
#define CURVE25519_SMALL
*/
#else
#define WOLFSSH_NO_ECC
/* WOLFSSH_NO_ECDSA is typically defined automatically,
* here for clarity: */
#define WOLFSSH_NO_ECDSA
#endif
#if MY_USE_RSA
/* ---- RSA ----- */
/* #define RSA_LOW_MEM */
/* DH disabled by default, needed if ECDSA/ECC also turned off */
#define HAVE_DH
#else
#define WOLFSSH_NO_RSA
#endif
#else
#error "Either RSA or ECC must be enabled"
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* #Optional HAVE_PKCS7 */
/* #define HAVE_PKCS7 */
@@ -198,8 +528,11 @@
/* #define XTIME time */
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x349F00
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
@@ -208,7 +541,7 @@
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
@@ -217,6 +550,14 @@
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
/* Just syntax highlighting to check math libraries: */
#if defined(SP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_FAST_MATH) || \
defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
@@ -224,18 +565,32 @@
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#define HAVE_SESSION_TICKET
#ifndef NO_SESSION_CACHE
#define HAVE_SESSION_TICKET
#endif
/* #define HAVE_HASHDRBG */
#if 0
/* Example for additional cert functions */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_CERT_TEXT
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
#endif
#define WOLFSSL_ASN_TEMPLATE
@@ -255,10 +610,62 @@
--enable-asn-template
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings, possible cipher suites:
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
TLS13-SM4-GCM-SM3
TLS13-SM4-CCM-SM3
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
"TLS13-SM4-CCM-SM3:"
*/
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#define HAVE_POLY1305
#define HAVE_CHACHA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#else
/* default settings */
#define USE_CERT_BUFFERS_2048
#endif
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
@@ -380,12 +787,16 @@
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
/* Consider using the ESP32-C2/C3/C6 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#ifndef FP_MAX_BITS
/* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#endif
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -397,7 +808,7 @@
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW accleration */
/* Anything else encountered, disable HW acceleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -435,18 +846,33 @@
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn wolfSSL debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
@@ -458,7 +884,8 @@ Turn on timer debugging (used when CPU cycles not available)
*/
/* Pause in a loop rather than exit. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE
/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
#define WOLFSSL_HW_METRICS
@@ -507,6 +934,12 @@ Turn on timer debugging (used when CPU cycles not available)
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@@ -584,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
@@ -605,6 +1039,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
@@ -629,3 +1064,34 @@ Turn on timer debugging (used when CPU cycles not available)
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/

52
IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt
View File

@@ -1,35 +1,43 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.0
# v1.2
#
# wolfssl template
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
# `driver` component not available for ESP8266
SET(THIS_PRIV_REQUIRES_DRIVER "")
else()
SET(THIS_PRIV_REQUIRES_DRIVER "driver")
endif()
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -43,10 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
"./include")
"./include"
PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
"${MAIN_WOLFSSL_COMPONENT_NAME}"
)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -76,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -100,3 +129,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

112
IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild Normal file
View File

@@ -0,0 +1,112 @@
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example wolfSSL Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config WOLFSSL_TARGET_HOST
string "Target host"
default "127.0.0.1"
help
host address for the example to connect
config WOLFSSL_TARGET_PORT
int "Target port"
default 11111
help
host port for the example to connect
endmenu

23
IDE/Espressif/ESP-IDF/examples/template/main/component.mk Normal file
View File

@@ -0,0 +1,23 @@
#
# Main component makefile.
#
# This Makefile can be left empty. By default, it will take the sources in the
# src/ directory, compile them and link them into lib(subdirectory_name).a
# in the build directory. This behavior is entirely configurable,
# please read the ESP-IDF documents if you need to do this.
#
# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
ifeq ("$(VISUALGDB_DIR)","")
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
else
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
COMPONENT_SRCDIRS := .
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
# Ensure main.c gets compiled
COMPONENT_OBJS := main.o
endif

5
IDE/Espressif/ESP-IDF/examples/template/main/include/main.h
View File

@@ -1,6 +1,6 @@
/* template main.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,7 +18,10 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _MAIN_H_
#define _MAIN_H_
void app_main(void);
#endif

7
IDE/Espressif/ESP-IDF/examples/template/main/main.c
View File

@@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -50,6 +50,11 @@ void app_main(void)
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
int ret = 0;
#endif
#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
#endif
ESP_LOGI(TAG, "Hello wolfSSL!");
#ifdef HAVE_VERSION_EXTENDED_INFO

136
IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults
View File

@@ -1,25 +1,155 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# See separate sdkconfig.defaults.esp8266
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size
# Default main stack size. See user_settings.h
#
# This is typically way bigger than needed for stack size. See user_settings.h
# This is typically bigger than needed for stack size.
# Units are words, not bytes. See user_settings.h
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size for older ESP-IDF versions
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
#
# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
CONFIG_NEWLIB_NANO_FORMAT=n
#
# Watchdog Timers
#
# We don't want to have the watchdog timeout during tests & benchmarks
#
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU0=n
CONFIG_ESP_TASK_WDT_CHECK_IDLE_TASK_CPU1=n
# Panic & Watchdog
CONFIG_ESP_INT_WDT_TIMEOUT_MS=10000
CONFIG_ESP_TASK_WDT_EN=n
CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
CONFIG_ESP_INT_WDT=n
# ESP8266 Watchdog:
CONFIG_TASK_WDT=n
CONFIG_TASK_WDT_PANIC=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max CPU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=n
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
# CONFIG_MBEDTLS_TLS_SERVER=n
# CONFIG_MBEDTLS_TLS_CLIENT=n
# CONFIG_MBEDTLS_HARDWARE_AES=n
# CONFIG_MBEDTLS_HARDWARE_MPI=n
# CONFIG_MBEDTLS_HARDWARE_SHA=n
# CONFIG_MBEDTLS_ROM_MD5=n
# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
# CONFIG_MBEDTLS_SSL_ALPN=n
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
# CONFIG_MBEDTLS_TLS_ENABLED=n
# CONFIG_MBEDTLS_TLS_DISABLED=y
#
# Compiler options
#
CONFIG_COMPILER_OPTIMIZATION_DEFAULT=y
# CONFIG_COMPILER_OPTIMIZATION_SIZE is not set
# CONFIG_COMPILER_OPTIMIZATION_PERF is not set
# CONFIG_COMPILER_OPTIMIZATION_NONE is not set
CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_ENABLE=y
# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT is not set
# CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_DISABLE is not set
CONFIG_COMPILER_FLOAT_LIB_FROM_GCCLIB=y
CONFIG_COMPILER_OPTIMIZATION_ASSERTION_LEVEL=2
# CONFIG_COMPILER_OPTIMIZATION_CHECKS_SILENT is not set
CONFIG_COMPILER_HIDE_PATHS_MACROS=y
# CONFIG_COMPILER_CXX_EXCEPTIONS is not set
# CONFIG_COMPILER_CXX_RTTI is not set
# CONFIG_COMPILER_STACK_CHECK_MODE_NONE is not set
CONFIG_COMPILER_STACK_CHECK_MODE_NORM=y
# CONFIG_COMPILER_STACK_CHECK_MODE_STRONG is not set
# CONFIG_COMPILER_STACK_CHECK_MODE_ALL is not set
CONFIG_COMPILER_STACK_CHECK=y
# CONFIG_COMPILER_WARN_WRITE_STRINGS is not set
# CONFIG_COMPILER_SAVE_RESTORE_LIBCALLS is not set
# CONFIG_COMPILER_DISABLE_GCC12_WARNINGS is not set
# CONFIG_COMPILER_DUMP_RTL_FILES is not set
# end of Compiler options
# We don't know that the min is actually v2,
# but this is the earliest tested.
CONFIG_ESP32C3_REV_MIN_2=y
#
# Partition Table

30
IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 Normal file
View File

@@ -0,0 +1,30 @@
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y
# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
CONFIG_ESP_TLS_USING_WOLFSSL=n
CONFIG_TLS_STACK_WOLFSSL=n
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=y
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# ESP8266 Watchdog:
CONFIG_TASK_WDT=n
CONFIG_TASK_WDT_PANIC=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y

131
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
View File

@@ -1,11 +1,19 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
# Optional no watchdog typically used for test & benchmark
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -20,22 +28,121 @@ add_compile_options(-DWOLFSSL_ESP_NO_WATCHDOG=1)
# Linux: ~/workspace
# Windows: C:\workspace
#
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# Optionally specify a location for wolfSSL component source code
# set(WOLFSSL_ROOT "c:/mydir/wolfssl" )
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
#
#if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
# message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
# set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
#else()
# message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
#endif()
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_benchmark)
message(STATUS "end project")

4
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile
View File

@@ -4,9 +4,11 @@
#
CFLAGS += -DWOLFSSL_USER_SETTINGS
# Some of the tests are CPU intenstive, so we'll force the watchdog timer off.
# There's an espressif NO_WATCHDOG; we don't use it, as it is reset by sdkconfig.
EXTRA_CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG
CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1
PROJECT_NAME := wolfssl_benchmark
include $(IDF_PATH)/make/project.mk

46
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md
View File

@@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
## Espressif ESP Component Registry
See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl)
See the wolfSSL namespace and additional details:
https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/
## Windows COM Port
@@ -38,9 +39,7 @@ using the VisualGDB extension.
The naming convention for project files is: `[project name]_IDF_[Version]_[chipset].vgdbproj`. The solution files (filename[.sln]) often will contain shortcuts to commonly used source and configuration files used by the respective project.
-------- |------------- |------------- |
ChipSet | ESP-IDF v4.4 | ESP-IDF v5.1 |
ChipSet | ESP-IDF v4.4 | ESP-IDF v5.2 |
-------- |------------- |------------- |
ESP32 | x | |
ESP32-S2 | | |
@@ -62,11 +61,12 @@ See the [feature request](https://sysprogs.com/w/forums/topic/feature-request-sh
## ESP-IDF Commandline
1. `idf.py menuconfig` to configure the program.
1. `idf.py menuconfig` to configure the program.
1-1. Example Configuration ->
BENCH_ARG : argument that you want to use. Default is "-lng 0"
The list of argument can be find in help.
BENCH_ARG : argument that you want to use. Default is "-lng 0"
The list of arguments can be found in help. See [benchmark/README.md](https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/benchmark/README.md)
Features to be benchmarked are enabled in the `user_settings.h`.
When you want to run the benchmark program
@@ -89,14 +89,34 @@ git fetch
git pull
git submodule update --init --recursive
cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
# pick your workspace location
# cd ~/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
# cd /mnt/c/workspace/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
# cd /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark
# Pick ESP-IDF install directory, this one for v5.1 in VisualGDB
# The ESP8266 uses a completely different toolchain:
WRK_IDF_PATH=/mnt/c/SysGCC/esp8266/rtos-sdk/v3.4
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.1
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
# Pick ESP-IDF toolchain install directory
WRK_IDF_PATH=~/esp/esp-idf
# ESP-IDF v4.x uses toolchain v8.4
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-8.4/esp-idf/v4.4.1
# ESP-IDF v5.0 with toolchain v12.4
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
# ESP-IDF v5.0 to v5.2.1 uses toolchain v12.4
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.0
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.1
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-12.4/esp-idf/v5.2.1
# The most recent version:
# ESP-IDF v5.2 uses toolchain v13.2
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
. $WRK_IDF_PATH/export.sh
# Set target SoC
@@ -110,9 +130,9 @@ idf.py build flash -p /dev/ttyS20 -b 115200 monitor
## Example Output
Note the default wolfSSL `user_settings.h` is configured by default to be the most
Note the default wolfSSL `user_settings.h` is configured by default to be the most
compatible across the widest ranges of targets. Contact wolfSSL at support@wolfssl.com
for help in optimizing for your particular application, or see the
for help in optimizing for your particular application, or see the
[docs](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html).
Compiled and flashed with `idf.py build flash -p /dev/ttyS7 -b 115200 monitor`:

433
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -19,17 +19,67 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.7.0 template update + THIS_IDF_PATH
# Version 5.7.2 Espressif ESP-IDF integration
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
# Normalize the paths to remove any trailing slashes
get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH)
get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
# Check if the test path starts with the IDF_PATH
string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
if(${pos} EQUAL 0)
message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
set(${RESULT} 1 PARENT_SCOPE)
else()
message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
set(${RESULT} 0 PARENT_SCOPE)
endif()
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
if( IS_WOLSSL_ESP_IDF_COMPONENT )
message(STATUS "This wolfSSL is a component in ESP-IDF.")
if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
idf_component_register()
message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
return()
endif()
endif()
if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
# nothing to do
else()
# Only forward slashes, or double backslashes are supported.
# By the time we get here the sdkconfig file has a value for wolfSSL source code root.
string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
@@ -42,7 +92,7 @@ if ( "${WOLFSSL_ROOT}" STREQUAL "")
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
@@ -52,28 +102,28 @@ if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
@@ -106,10 +156,11 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
endif()
# find the user name to search for possible "wolfssl-username"
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -130,6 +181,25 @@ else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# ENVIRONMENT_VAR_TO_MACRO
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
else()
if(DEFINED ENV{${EVARPARAM}})
message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
else()
message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
endif()
endif()
endfunction()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -147,7 +217,8 @@ endif()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
else()
@@ -166,26 +237,56 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
# The parameter is empty, so we certainly need to search.
# First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
else()
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable:")
# Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
endif()
endif()
message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
# If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
# This wolfSSL component CMakeLists.txt may be found EITHER in:
# 1) local project component
# 2) ESP-IDF share components
# We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
# That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
# Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
endif() # check environment var blank
else()
get_filename_component(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" ABSOLUTE)
message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif() # parameter empty
# Check to see if we found a path in environment or config settings, above.
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "Source for wolfSSL not specified in path nor config settings.")
# We'll continue the search by recursing up the directory tree, below.
else()
# Setting found! Does it contain a valid path?
string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via prior specification.")
message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()
message(FATAL_ERROR "WOLFSSL_ROOT Variable defined, but path not found: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if(WIN32)
message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
endif()
message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
endif()
endif()
@@ -286,6 +387,11 @@ endfunction()
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check for environment variable that may be assigned to macros
ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
@@ -302,15 +408,25 @@ endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
message(STATUS "Early expansion EXCLUDES for esp8266:")
message(STATUS "THIS_INCLUDE_DRIVER: '${THIS_INCLUDE_DRIVER}'")
message(STATUS "THIS_INCLUDE_TIMER: '${THIS_INCLUDE_TIMER}'")
message(STATUS "Early expansion INCLUDE for esp8266:")
message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
set(THIS_ESP_TLS "")
set(THIS_INCLUDE_DRIVER "")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_PTHREAD "pthread")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_ESP_TLS "esp-tls")
set(THIS_INCLUDE_DRIVER "driver")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_PTHREAD "")
# Let the app know that we've included the esp-tls component requirement.
# This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
@@ -318,8 +434,10 @@ if(CMAKE_BUILD_EARLY_EXPANSION)
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
${THIS_INCLUDE_TIMER}
${THIS_INCLUDE_DRIVER} # this will typically only be needed for wolfSSL benchmark
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_PTHREAD}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
@@ -328,6 +446,15 @@ else()
message(STATUS "wolfssl component config:")
message(STATUS "************************************************************************************************")
if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
# There's no esp_timer, no driver components for the ESP8266
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
@@ -341,7 +468,9 @@ else()
# Abort CMake after fatal error.
endif()
else()
message(STATUS "Searching for wolfSL source code...")
message(STATUS "Source code for wolfSSL still not found.")
message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
@@ -349,11 +478,18 @@ else()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
message(STATUS "Failed: wolfssl directory not found.")
# Try to allow a more intuitive error that the source code was not found in cmake:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
message(STATUS "Failed: wolfssl source code directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
# Abort CMake after fatal error.
message(STATUS "")
message(STATUS "")
message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
message(STATUS "")
message(STATUS "")
# Abort CMake after fatal error. (or not?)
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
@@ -379,22 +515,24 @@ else()
endif()
endif()
message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
"\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
) # COMPONENT_SRCDIRS
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h is in the local project.
# wolfSSL user_settings.h may be in the local project.
# TODO check if exists and possibly set to ESP-IDF
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
@@ -427,8 +565,7 @@ else()
message(STATUS "**************************************************************************************")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
# Abort CMake after fatal error.
message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -536,7 +673,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -552,7 +691,7 @@ else()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"./include" # this is the location of local project wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
@@ -601,6 +740,7 @@ else()
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
"\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
"\"${EXCLUDE_ASM}\""
)
@@ -622,15 +762,120 @@ else()
# see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
#
set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
if(WOLFSSL_ROOT)
# Only register the component if we found wolfSSL source.
# This is important to allow Cmake to finish to completion, otherwise the UI
# may not be able to display the Kconfig settings to fix a bad or missing source.
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
# Register the component simply to allow CMake to complete, but there's no wolfSSL source.
# Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
idf_component_register()
message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
endif()
# function(WOLFSSL_INIT_CERT_BUNDLE)
if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
endif()
list(APPEND args --input ${crt_paths} -q)
message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
message(STATUS "crt_bundle ${crt_bundle}")
message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
# target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
endif()
# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
@@ -662,6 +907,12 @@ else()
endif()
# target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
endif()
endif() # CMAKE_BUILD_EARLY_EXPANSION
@@ -707,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -715,35 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")
# LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
"show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")
endif()
# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
# Flag not found, append it
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
endif()
if(WOLFSSL_ROOT)
message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
# PlatformIO does not process script from from the Espressif cmake process.
# We need to know where wolfSSL source code was found, so save it in the
# PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}")
message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
# See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
if(CONFIG_ESP_TLS_USING_WOLFSSL)
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
else()
message(STATUS "wolfSSL will be used for ESP-TLS")
endif()
else()
message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
endif()
else()
message(STATUS "")
message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
message(STATUS "")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "ERROR: Could not find wolfSSL Source Code")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")

523
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig Normal file
View File

@@ -0,0 +1,523 @@
# Kconfig template
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for esp-idf integration
# Kconfig Format Rules
#
# See:
# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
#
# Format rules for Kconfig files are as follows:
#
# Option names in any menus should have consistent prefixes. The prefix
# currently should have at least 3 characters.
#
# The unit of indentation should be 4 spaces. All sub-items belonging to a
# parent item are indented by one level deeper. For example, menu is indented
# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
# text under help by 12 spaces.
#
# No trailing spaces are allowed at the end of the lines.
#
# The maximum length of options is NOT 50 characters as documented.
# kconfcheck will complain that options should be 40 at most.
#
# Fix option lengths first. Superfluous errors on other lines may occur.
#
# The maximum length of lines is 120 characters.
#
# python -m kconfcheck <path_to_kconfig_file>
#
# ---------------------------------------------------------------------------------------------------------------------
# Begin main wolfSSL configuration menu
# ---------------------------------------------------------------------------------------------------------------------
# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
menu "wolfSSL"
menu "Hardening"
config ESP_WOLFSSL_WC_NO_HARDEN
bool "Disable wolfSSL hardening"
default n
help
Sets WC_NO_HARDEN
config ESP_WOLFSSL_TFM_TIMING_RESISTANT
bool "Enable TFM Timing Resistant Code"
default n
help
Sets TFM_TIMING_RESISTANT.
endmenu # Hardening
config ESP_WOLFSSL_ENABLE_BENCHMARK
bool "Enable wolfSSL Benchmark Library"
default n
help
Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
menu "Benchmark Debug"
config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
bool "Enable benchmark timing debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
bool "Enable benchmark timer debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Turn on timer debugging (used when CPU cycles not available)
endmenu # Benchmark Debug
# -----------------------------------------------------------------------------------------------------------------
# wolfCrypt Test
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ENABLE_TEST
bool "Enable wolfCrypt Test Library"
default n
help
Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
menu "wolfCrypt tests"
config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
bool "Enable wolfCrypt Test Options"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables HAVE_WOLFCRYPT_TEST_OPTIONS
config TEST_ESPIDF_ALL_WOLFSSL
bool "Enable all features to use in tests"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables TEST_ESPIDF_ALL_WOLFSSL
endmenu # wolfCrypt tests
# -----------------------------------------------------------------------------------------------------------------
# Apple HomeKit Options
# -----------------------------------------------------------------------------------------------------------------
menu "Apple HomeKit"
config WOLFSSL_APPLE_HOMEKIT
bool "Enable Apple HomeKit options"
default n
help
Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
endmenu # Apple HomeKit
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_DISABLE_MY_ECC
bool "Disable ECC in my project"
default "n"
help
ECC is enabled by default. Select this option to disable.
config ESP_WOLFSSL_ENABLE_MY_USE_RSA
bool "Enable RSA in my project"
default "n"
help
RSA is disabled by default. Select this option to enable.
config ESP_WOLFSSL_BENCHMARK
bool "Enable wolfSSL Benchmark"
default n
help
Enables user settings relevant to benchmark code
config ESP_TLS_USING_WOLFSSL_SPECIFIED
bool "Use the specified wolfssl for ESP-TLS"
default Y
help
Includes wolfSSL from specified directory (not using esp-wolfssl).
config ESP_WOLFSSL_NO_USE_FAST_MATH
bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
select ESP_WOLFSSL_NO_HW
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
menu "Protocol Config"
config WOLFSSL_HAVE_ALPN
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
config WOLFSSL_ALLOW_TLS13
bool "Allow TLS 1.3"
default y
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_ALLOW_TLS12
bool "Allow TLS 1.2"
default n
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_HAVE_TLS_EXTENSIONS
bool "Enable TLS Extensions"
default y
help
Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
config WOLFSSL_ALT_CERT_CHAINS
bool "Enable Alternate Certificate Chains"
default n
help
The option relaxes the default strict wolfSSL certificate chain processing. This
will typically need to be enabled when loading only a CA file. Typically solves
the -188 ASN_NO_SIGNER_E error. Use with caution.
config WOLFSSL_HAVE_OCSP
bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
default n
help
Sets HAVE_OCSP
endmenu # Protocol Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config TLS_STACK_WOLFSSL
# Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
bool
default n
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
menu "wolfSSL ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
menu "Certificate Bundle"
depends on ESP_TLS_USING_WOLFSSL
config WOLFSSL_CERTIFICATE_BUNDLE
bool "Enable trusted root certificate bundle"
default y if ESP_TLS_USING_WOLFSSL
default n
depends on ESP_TLS_USING_WOLFSSL
help
Enable support for large number of default root certificates
When enabled this option allows user to store default as well
as customer specific root certificates in compressed format rather
than storing full certificate. For the root certificates the public key and the subject name
will be stored.
config WOLFSSL_NO_ASN_STRICT
bool "Relax Certificate ASN Strict Checks"
default n
depends on ESP_TLS_USING_WOLFSSL
help
Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
it is recommended to NOT enable this.
config WOLFSSL_ASN_ALLOW_0_SERIAL
bool "Allow cert missing an ASN Serial Number"
default y
depends on ESP_TLS_USING_WOLFSSL
help
Although not recommended, there may be certificates in the bundle that are missing
a serial number. This option allows the missing value without having to fully
disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
bool "Default certificate bundle options"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
bool "Use the full default certificate bundle"
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
bool "Use only the most common certificates from the default bundles"
help
Use only the most common certificates from the default bundles, reducing the size with 50%,
while still having around 99% coverage.
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
help
Name of the custom certificate directory or file. This path is evaluated
relative to the project root directory.
config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
bool "Add deprecated root certificates"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
help
Include the deprecated list of root certificates in the bundle.
This list gets updated when a certificate is removed from the Mozilla's
NSS root certificate store. This config can be enabled if you would like
to ensure that none of the certificates that were deployed in the product
are affected because of the update to bundle. In turn, enabling this
config keeps expired, retracted certificates in the bundle and it may
pose a security risk.
- Deprecated cert list may grow based based on sync with upstream bundle
- Deprecated certs would be be removed in ESP-IDF (next) major release
config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
int "Maximum no of certificates allowed in certificate bundle"
default 200
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
endmenu
endmenu # wolfSSL ESP-TLS
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
bool "Modify default hardware acceleration settings"
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
Typically used for debugging, analysis, or optimizations. The default
hardware acceleration features can be each manually adjusted.
menu "wolfSSL Hardware Acceleration"
config ESP_WOLFSSL_NO_ESP32_CRYPT
bool "Disable all ESP32 Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
Consider disabling FASTMATH (other libraries are faster in software and smaller)
config ESP_WOLFSSL_NO_HW_AES
bool "Disable all ESP32 AES Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.When selected defines: NO_HW_AES
config ESP_WOLFSSL_NO_HW_HASH
bool "Disable all ESP32 SHA Hash Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
config ESP_WOLFSSL_NO_HW_RSA_PRI
bool "Disable all ESP32 RSA Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
bool "Disable all ESP32 Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.
Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
bool "Enable debugging of RSA Multiplication operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
multiplication operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
bool "Enable debugging of RSA Modular operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
modular math operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Experimental Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Debug Options"
config ESP_WOLFSSL_DEBUG_WOLFSSL
bool "Enable wolfSSL Debugging"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Customization"
config CUSTOM_SETTING_WOLFSSL_ROOT
string "Enter a path for wolfSSL source code"
default "~/workspace/wolfssl"
help
This option lets you specify a directory for the wolfSSL source code (typically a git clone).
Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
(e.g., C:\\myfolder\\mysubfolder).
endmenu # wolfSSL Customization
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Component Config"
config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
bool "Ignore the ESP-IDF component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
config IGNORE_LOCAL_WOLFSSL_COMPONENT
bool "Ignore the local component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the local project components directory.
Requires wolfssl as a ESP-IDF component.
endmenu # Component Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Utility Config"
config USE_WOLFSSL_ESP_SDK_TIME
bool "Enable wolfSSL time helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
config USE_WOLFSSL_ESP_SDK_WIFI
bool "Enable wolfSSL WiFi helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
endmenu # Utility Config
endmenu # wolfSSL
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfSSH"
config ESP_ENABLE_WOLFSSH
bool "Enable wolfSSH options"
default n
help
Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
config ESP_WOLFSSL_DEBUG_WOLFSSH
bool "Enable wolfSSH debugging"
default n
help
Enable wolfSSH debugging macro. See user_settings.h
endmenu # wolfSSH
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfMQTT"
config ESP_ENABLE_WOLFMQTT
bool "Enable wolfMQTT options"
default n
help
Enables WOLFMQTT
config ESP_WOLFSSL_DEBUG_WOLFMQTT
bool "Enable wolfMQTT debugging"
default n
help
Enable wolfMQTT debugging macro. See user_settings.h
endmenu # wolfMQTT
# ---------------------------------------------------------------------------------------------------------------------

162
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md Normal file
View File

@@ -0,0 +1,162 @@
# wolfSSL Espressif Component
This is the directory for wolfSSL as an Espressif ESP-IDF component.
Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
## Directory Contents
This directory must contain, at a minimum:
- `CMakeLists.txt`
- `./include/user_settings.h`
The directory should also contain:
- `Kconfig`
- `component.mk`
The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
- A hard-coded `WOLFSSL_ROOT` cmake variable.
- `WOLFSSL_ROOT` Environment Variable
- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
- Any parent directories, up to the root (if this directory is a project component)
While recursing up the directory tree, the following names of wolfSSL directories will be considered:
- `wolfssl-[current user name]`
- `wolfssl-master`
- `wolfssl`
## Getting Started
See the `Espressif Getting Started Guide`.
```
# Set environment variable to ESP-IDF location
# For example, VisualGDB in WSL
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
# Or wherever the ESP-IDF is installed:
WRK_IDF_PATH=~/esp/esp-idf
echo "Run export.sh from ${WRK_IDF_PATH}"
. ${WRK_IDF_PATH}/export.sh
cd [your project]
idf.py menuconfig
```
Enable wolfSSL to be used in the ESP-TLS:
```
Component config --->
ESP-TLS --->
Choose SSL/TLS library for ESP-TLS (See help for more Info)
(X) wolfSSL (License info in wolfSSL directory README)
```
Adjust wolfSSL settings, such as path to source code as needed:
```
Component config --->
wolfSSL --->
[*] Include wolfSSL in ESP-TLS
[*] Use the specified wolfssl for ESP-TLS
(~/workspace/wolfssl) Enter a path for wolfSSL source code
```
## Configuration
All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
before any other wolfSSL headers, like this:
```c
/* ESP-IDF */
#include <esp_log.h>
#include "sdkconfig.h"
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#if defined(WOLFSSL_USER_SETTINGS)
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ESPIDF)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#endif
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
```
## Examples
See the wolfSSL examples:
- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
## Platforms
The ESP-IDF wolfSSL is also available for PlatformIO:
- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
The wolfSSL library can also be used for Espressif with Arduino:
- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
## Additional Information
- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
- [wolfSSL Products](https://www.wolfssl.com/products/)
- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
- [More...](https://www.wolfssl.com/?s=espressif)
## Contact
Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
## Licensing and Support
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)

378
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -18,6 +18,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
$(info *********** wolfssl component ************)
#
# Component Makefile
#
@@ -48,193 +50,257 @@
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
# In the wolfSSL GitHub examples for Espressif,
# the root is 7 directories up from here:
WOLFSSL_ROOT := ../../../../../../../
# Note that 4 source files created by autogen are excluded here.
#
# See these files commented out, below. Adjust as needed for your application:
#
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
# In the wolfSSL GitHub examples for Espressif:
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here (the location of of this component.mk):
#
WOLFSSL_ROOT ?= ../../../../../../..
THIS_DIR := $(shell pwd)
WOLFSSL_ROOT_OBJ := $(THIS_DIR)
# When running make from commandline or VisualGDB, the current path varies:
ifeq ("$(VISUALGDB_DIR)","")
# current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
else
# current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
endif
# To set the location of a different location, it is best to use relative paths.
#
# Set WOLFSSL_ROOT to a relative path from the current component directory.
# For example, if the wolfssl_client is copied from the examples to test:
#
# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
#
# we run make in /mnt/c/test/demo
# component is in /mnt/c/test/demo/components/wolfssl
# wolfssl is in /mnt/c/workspace/wolfssl-master
#
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[current directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# Optional CFLAGS (make works without these; for reference only)
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
$(info THIS_DIR defined: $(THIS_DIR))
$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT).
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfssl/wolfcrypt/port/Espressif
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
# wolfSSL
COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)/src
# WOLFSSL_ROOT := ""
COMPONENT_SRCDIRS := $(WOLFSSL_ROOT)src
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src/port/atmel
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/benchmark
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/test
COMPONENT_SRCDIRS += include
# wolfcrypt
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)wolfcrypt/src/aes_gcm_x86_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)src/bio.o
# Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
##
## wolfSSL
##
COMPONENT_OBJS := $(WOLFSSL_ROOT)src/bio.o
# COMPONENT_OBJS += src/conf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ocsp.o
# COMPONENT_OBJS += src/pk.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/ssl.o
## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
##
# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # part of ssl.c, omitted to avoid "does not need to be compiled separately"
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
# COMPONENT_OBJS += src/ssl_asn1.o
# COMPONENT_OBJS += src/ssl_bn.o
# COMPONENT_OBJS += src/ssl_certman.o
# COMPONENT_OBJS += src/ssl_crypto.o
# COMPONENT_OBJS += src/ssl_misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)src/wolfio.o
# COMPONENT_OBJS += src/x509.o
# COMPONENT_OBJS += src/x509_str.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o # part of ssl.c
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
##
## wolfcrypt
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/asn.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/async.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/camellia.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/chacha20_poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/coding.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/compress.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cpuid.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/cryptocb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/curve448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/des3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dh.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dilithium.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/dsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/eccsi.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ecc_fp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/evp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/falcon.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fe_operations.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/fips_test.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ge_operations.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/hpke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/integer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/kdf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/logging.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/md5.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/memory.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs12.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pkcs7.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/pwdbased.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/random.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sakke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/selftest.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sha512.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/signature.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_armthumb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_c64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_cortexm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_dsp32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_int.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_armthumb.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_c64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_cortexm.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_sm2_x86_64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/sp_x86_64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wc_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_first.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfcrypt_last.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/wolfmath.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/coding.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/compress.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/cryptocb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/curve448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/des3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dh.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dilithium.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/dsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/eccsi.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ecc_fp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_operations.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/fips_test.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_low_mem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ge_operations.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/hpke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/integer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/kdf.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/logging.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/md5.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/memory.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/random.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/signature.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/siphash.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm3.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sm4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sphincs.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_armthumb.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_cortexm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_dsp32.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_arm64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_armthumb.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c32.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_c64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_cortexm.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_sm2_x86_64.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
##
## Espressif
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_mp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp32_util.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_mp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp32_util.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.o
##
## wolfcrypt benchmark (optional)
## wolfcrypt benchmark (needed for this benchmark example)
##
COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/benchmark/benchmark.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
##
## wolfcrypt test (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/test/test.o
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
##
## wolfcrypt
##
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
$(info ********** end wolfssl component **********)

699
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
/* wolfssl-component include/user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,19 +18,57 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* Examples such as test and benchmark are known to cause watchdog timeouts.
* Note this is often set in project Makefile:
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
#define WOLFSSL_ESP_NO_WATCHDOG 1
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here
* Do not include any wolfssl headers here.
*
* When editing this file:
* ensure wolfssl_test and wolfssl_benchmark settings match.
* ensure all examples match. The template example is the reference.
*/
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* Naming convention: (see also esp32-crypt.h for the reference source).
*
* CONFIG_
* This prefix indicates the setting came from the sdkconfig / Kconfig.
*
* May or may not be related to wolfSSL.
*
* The name after this prefix must exactly match that in the Kconfig file.
*
* WOLFSSL_
* Typical of many, but not all wolfSSL macro names.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* May or may not have a corresponding sdkconfig / Kconfig control.
*
* ESP_WOLFSSL_
* These are NOT valid wolfSSL macro names. These are names only used in
* the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
* suffix added. See next section.
*
* CONFIG_ESP_WOLFSSL_
* This is a wolfSSL-specific macro that has been defined in the ESP-IDF
* via the sdkconfig / menuconfig. Any text after this prefix should
* exactly match an existing wolfSSL macro name.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* These macros may also be specific to only the project or environment,
* and possibly not used anywhere else in the wolfSSL libraries.
*/
/* The Espressif sdkconfig will have chipset info.
**
@@ -46,33 +84,264 @@
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
#define NO_ESP_SDK_WIFI
/* Test various user_settings between applications by selecting example apps
* in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
/* Turn on messages that are useful to see only in examples. */
#define WOLFSSL_EXAMPLE_VERBOSITY
/* Paths can be long, ensure the entire value printed during debug */
#define WOLFSSL_MAX_ERROR_SZ 500
/* wolfSSL Examples: set macros used in example applications.
*
* These Settings NOT available in ESP-IDF (e.g. esp-tls)
*
* Any settings needed by ESP-IDF components should be explicitly set,
* and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
*
* ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfSSH Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfMQTT Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfTPM Examples */
#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
/* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Apple HomeKit Examples */
#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* See https://github.com/AchimPieters/esp32-homekit-demo */
/* no example selected */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
/* We'll assume the app needs to use wolfSSL sdk lib function */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Other applications detected by cmake */
#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
/* The wolfSSL Version of the client example */
#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
/* Less memory available, so smaller key sizes: */
#define FP_MAX_BITS (4096 * 2)
#else
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#elif defined(APP_ESP_HTTP_CLIENT)
/* The ESP-IDF Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#else
#ifdef WOLFSSL_ESPIDF
/* #warning "App config undetected" */
#endif
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#if 0
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define NO_SESSION_CACHE
#endif
#endif
/* Enable AES for all examples */
#ifdef NO_AES
#warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
#else
#define WOLFSSL_AES
#define WOLFSSL_AES_COUNTER
/* Typically only needed for wolfssl_test, see docs. */
#define WOLFSSL_AES_DIRECT
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
#define USE_CERT_BUFFERS_2048
/* The Espressif sdkconfig will have chipset info.
**
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
** CONFIG_IDF_TARGET_ESP32S3
** CONFIG_IDF_TARGET_ESP32C3
** CONFIG_IDF_TARGET_ESP32C6
*/
/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#endif /* Apple HomeKit settings */
/* Used by ESP-IDF components: */
#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
/* The ESP-TLS */
#ifndef FP_MAX_BITS
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP8266)
/* Optionally set smaller size here */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#else
#define FP_MAX_BITS (4096 * 2)
#endif
#endif
#define HAVE_ALPN
#ifndef CONFIG_IDF_TARGET_ESP8266
/* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
* API for SNI will not be seen in the components/esp-tls layer.
* Only enable SNI for non-ESP8266 targets by default: */
#define HAVE_SNI
#endif
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#endif
/* Optionally enable some wolfSSH settings */
#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
/* Enable wolfSSH. Espressif examples need a few more settings, below */
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
/* optional debug */
/* #undef DEBUG_WOLFSSH */
/* #define DEBUG_WOLFSSH */
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/*
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
* WOLFSSL_ESP8266
*
* following ifdef detection only for syntax highlighting:
*/
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32
#ifdef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESPWROOM32SE
#endif
#ifdef WOLFSSL_ESP8266
#undef WOLFSSL_ESP8266
#endif
#ifdef WOLFSSL_ESP32
#undef WOLFSSL_ESP32
#endif
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */
#define SINGLE_THREADED
/* SMALL_SESSION_CACHE saves a lot of RAM for ClientCache and SessionCache.
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
@@ -92,130 +361,6 @@
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* Uncommon settings for testing only */
#define TEST_ESPIDF_ALL_WOLFSSL
#ifdef TEST_ESPIDF_ALL_WOLFSSL
#define WOLFSSL_MD2
#define HAVE_BLAKE2
#define HAVE_BLAKE2B
#define HAVE_BLAKE2S
#define WC_RC2
#define WOLFSSL_ALLOW_RC4
#define HAVE_POLY1305
#define WOLFSSL_AES_128
#define WOLFSSL_AES_OFB
#define WOLFSSL_AES_CFB
#define WOLFSSL_AES_XTS
/* #define WC_SRTP_KDF */
/* TODO Causes failure with Espressif AES HW Enabled */
/* #define HAVE_AES_ECB */
/* #define HAVE_AESCCM */
/* TODO sanity check when missing HAVE_AES_ECB */
#define WOLFSSL_WOLFSSH
#define HAVE_AESGCM
#define WOLFSSL_AES_COUNTER
#define HAVE_FFDHE
#define HAVE_FFDHE_2048
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* TODO Full size SRP is disabled on the ESP8266 at this time.
* Low memory issue? */
#define WOLFCRYPT_HAVE_SRP
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#elif defined(CONFIG_IDF_TARGET_ESP32) || \
defined(CONFIG_IDF_TARGET_ESP32S2) || \
defined(CONFIG_IDF_TARGET_ESP32S3)
/* TODO: SRP Not enabled, known to fail on this target
* See https://github.com/wolfSSL/wolfssl/issues/7210 */
#elif defined(CONFIG_IDF_TARGET_ESP32C3) || \
defined(CONFIG_IDF_TARGET_ESP32H2)
/* SRP Known to be working on this target::*/
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#else
/* For everything else, give a try and see if SRP working: */
#define WOLFCRYPT_HAVE_SRP
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_DH
/* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled.
* Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */
/* #define HAVE_CAMELLIA */
/* DSA requires old SHA */
#define HAVE_DSA
/* Needs SHA512 ? */
#define HAVE_HPKE
/* Not for Espressif? */
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP32H2) || \
defined(CONFIG_IDF_TARGET_ESP8266)
#if defined(CONFIG_IDF_TARGET_ESP8266)
#undef HAVE_ECC
#undef HAVE_ECC_CDH
#undef HAVE_CURVE25519
/* TODO does CHACHA also need alignment? Failing on ESP8266
* See SHA256 __attribute__((aligned(4))); and WC_SHA256_ALIGN */
#ifdef HAVE_CHACHA
#error "HAVE_CHACHA not supported on ESP8266"
#endif
#ifdef HAVE_XCHACHA
#error "HAVE_XCHACHA not supported on ESP8266"
#endif
#else
#define HAVE_XCHACHA
#define HAVE_CHACHA
/* TODO Not enabled at this time, needs further testing:
* #define WC_SRTP_KDF
* #define HAVE_COMP_KEY
* #define WOLFSSL_HAVE_XMSS
*/
#endif
/* TODO AES-EAX not working on this platform */
/* Optionally disable DH
* #undef HAVE_DH
* #undef HAVE_FFDHE
*/
/* ECC_SHAMIR out of memory on ESP32-C2 during ECC */
#ifndef HAVE_ECC
#define ECC_SHAMIR
#endif
#else
#define WOLFSSL_AES_EAX
#define ECC_SHAMIR
#endif
/* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */
/* #define WOLFSSL_CAAM */
/* #define WOLFSSL_CAAM_BLOB */
#define WOLFSSL_AES_SIV
#define WOLFSSL_CMAC
#define WOLFSSL_CERT_PIV
/* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */
/* #define HAVE_SCRYPT */
#define SCRYPT_TEST_ALL
#define HAVE_X963_KDF
#endif
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
/* #define WOLFSSL_NOSHA512_256 */
@@ -230,14 +375,43 @@
#define BENCH_EMBEDDED
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_HKDF
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
/* May be required */
#ifndef HAVE_AEAD
#endif
/* Required for ECC */
#define HAVE_SUPPORTED_CURVES
/* Required for RSA */
#define WC_RSA_PSS
/* TLS 1.3 normally requires HAVE_FFDHE */
#if defined(HAVE_FFDHE_2048) || \
defined(HAVE_FFDHE_3072) || \
defined(HAVE_FFDHE_4096) || \
defined(HAVE_FFDHE_6144) || \
defined(HAVE_FFDHE_8192)
#else
#define HAVE_FFDHE_2048
/* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
/* Optionally set smaller size here */
#ifdef HAVE_FFDHE_4096
/* this size may be problematic on the C2 */
#endif
#define HAVE_FFDHE_2048
#else
#define HAVE_FFDHE_4096
#endif
#define NO_FILESYSTEM
@@ -254,32 +428,67 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* ED25519 requires SHA512 */
#define HAVE_ED25519
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* Some known low-memory devices have features not enabled by default. */
/* TODO determine low memory configuration for ECC. */
#else
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
/* #define WOLFSSL_SHA3 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#endif
#define HAVE_ED25519
#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
#define MY_USE_ECC 0
#define MY_USE_RSA 1
#else
#define MY_USE_ECC 1
#define MY_USE_RSA 0
#endif
/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
/* We can use either or both ECC and RSA, but must use at least one. */
#if MY_USE_ECC || MY_USE_RSA
#if MY_USE_ECC
/* ---- ECDSA / ECC ---- */
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_SHA512
/*
#define HAVE_ECC384
#define CURVE25519_SMALL
*/
#else
#define WOLFSSH_NO_ECC
/* WOLFSSH_NO_ECDSA is typically defined automatically,
* here for clarity: */
#define WOLFSSH_NO_ECDSA
#endif
#if MY_USE_RSA
/* ---- RSA ----- */
/* #define RSA_LOW_MEM */
/* DH disabled by default, needed if ECDSA/ECC also turned off */
#define HAVE_DH
#else
#define WOLFSSH_NO_RSA
#endif
#else
#error "Either RSA or ECC must be enabled"
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* #Optional HAVE_PKCS7 */
#define HAVE_PKCS7
/* #define HAVE_PKCS7 */
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
@@ -319,8 +528,11 @@
/* #define XTIME time */
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x349F00
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
@@ -329,7 +541,7 @@
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
@@ -338,6 +550,14 @@
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
/* Just syntax highlighting to check math libraries: */
#if defined(SP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_FAST_MATH) || \
defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
@@ -345,18 +565,32 @@
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#define HAVE_SESSION_TICKET
#ifndef NO_SESSION_CACHE
#define HAVE_SESSION_TICKET
#endif
/* #define HAVE_HASHDRBG */
#if 0
/* Example for additional cert functions */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_CERT_TEXT
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
#endif
#define WOLFSSL_ASN_TEMPLATE
@@ -376,10 +610,62 @@
--enable-asn-template
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings, possible cipher suites:
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
TLS13-SM4-GCM-SM3
TLS13-SM4-CCM-SM3
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
"TLS13-SM4-CCM-SM3:"
*/
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#define HAVE_POLY1305
#define HAVE_CHACHA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#else
/* default settings */
#define USE_CERT_BUFFERS_2048
#endif
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
@@ -501,12 +787,16 @@
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
/* Consider using the ESP32-C2/C3/C6 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#ifndef FP_MAX_BITS
/* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#endif
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -518,7 +808,7 @@
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW accleration */
/* Anything else encountered, disable HW acceleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -556,18 +846,33 @@
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn wolfSSL debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
@@ -579,7 +884,8 @@ Turn on timer debugging (used when CPU cycles not available)
*/
/* Pause in a loop rather than exit. */
#define WOLFSSL_ESPIDF_ERROR_PAUSE
/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
#define WOLFSSL_HW_METRICS
@@ -628,6 +934,12 @@ Turn on timer debugging (used when CPU cycles not available)
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@@ -705,6 +1017,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
@@ -726,6 +1039,7 @@ Turn on timer debugging (used when CPU cycles not available)
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
@@ -750,3 +1064,34 @@ Turn on timer debugging (used when CPU cycles not available)
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/

70
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt
View File

@@ -1,11 +1,44 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.2
#
# wolfssl benchmark test
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(COMPONENT_SRCS "main.c")
set(COMPONENT_ADD_INCLUDEDIRS ".")
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
# `driver` component not available for ESP8266
SET(THIS_PRIV_REQUIRES_DRIVER "")
else()
SET(THIS_PRIV_REQUIRES_DRIVER "driver")
endif()
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PATH}/components/wolfssl/" )
@@ -18,9 +51,22 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
INCLUDE_DIRS "."
"./include")
INCLUDE_DIRS "."
"./include"
PRIV_REQUIRES "${THIS_PRIV_REQUIRES_DRIVER}"
"${MAIN_WOLFSSL_COMPONENT_NAME}"
)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -50,15 +96,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -74,3 +129,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

99
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild
View File

@@ -1,5 +1,102 @@
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config BENCH_ARGV
string "Arguments for benchmark test"
default "-lng 0"
@@ -22,7 +119,7 @@ config BENCH_ARGV
-lng <num> Display benchmark result by specified language.
0: English, 1: Japanese
<num> Size of block in bytes
e.g -lng 1
e.g sha

14
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk
View File

@@ -7,3 +7,17 @@
# please read the ESP-IDF documents if you need to do this.
#
# (Uses default behavior of compiling all source files in directory, adding 'include' to include path.)
# We'll add the explicit lines only for old SDK requirements (e.h. ESP8266)
ifeq ("$(VISUALGDB_DIR)","")
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL) )
else
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL) )
COMPONENT_SRCDIRS := .
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
# Ensure main.c gets compiled
COMPONENT_OBJS := main.o
endif

11
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h
View File

@@ -1,6 +1,6 @@
/* benchmark main.h
/* wolfssl_benchmark main.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -19,12 +19,9 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _MAIN_
#define _MAIN_
#ifndef _MAIN_H_
#define _MAIN_H_
void app_main(void);
/* see wolfssl/wolfcrypt/benchmark/benchmark.h */
extern void wolf_benchmark_task();
#endif

96
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c
View File

@@ -1,6 +1,6 @@
/* benchmark main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -27,20 +27,27 @@
/* The wolfSSL user_settings.h file is automatically included by the settings.h
* file and should never be explicitly included in any other source files.
* The settings.h should also be listed above wolfssl library include files. */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#ifndef WOLFSSL_ESPIDF
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#if defined(WOLFSSL_USER_SETTINGS)
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ESPIDF)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/benchmark/benchmark.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#endif
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/benchmark/benchmark.h>
/* Hardware; include after other libraries,
* particularly after freeRTOS from settings.h */
#include <driver/uart.h>
@@ -152,6 +159,7 @@ char* __argv[WOLFSSL_BENCH_ARGV_MAX_ARGUMENTS];
int construct_argv()
{
#define ARG_BUFF_SIZE 16
int cnt = 0;
int i = 0;
int len = 0;
@@ -212,15 +220,16 @@ int construct_argv()
/* entry point */
void app_main(void)
{
int stack_start = 0;
uart_config_t uart_config = {
.baud_rate = THIS_MONITOR_UART_BAUD_DATE,
.data_bits = UART_DATA_8_BITS,
.parity = UART_PARITY_DISABLE,
.stop_bits = UART_STOP_BITS_1,
};
int stack_start = 0;
word32 loops = 0;
esp_err_t ret = 0;
stack_start = esp_sdk_stack_pointer();
/* uart_set_pin(UART_NUM_0, TX_PIN, RX_PIN,
@@ -270,7 +279,7 @@ void app_main(void)
ESP_LOGI(TAG, "NO_CRYPT_BENCHMARK defined, skipping wolf_benchmark_task")
#else
/* although wolfCrypt_Init() may be explicitly called above,
/* Although wolfCrypt_Init() may be explicitly called above,
** note it is still always called in wolf_benchmark_task.
*/
stack_start = uxTaskGetStackHighWaterMark(NULL);
@@ -278,36 +287,41 @@ void app_main(void)
do {
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
wolf_benchmark_task(); /* TODO capture return value! */
#ifdef WOLFSSL_BENCH_ARGV
ret = benchmark_test(__argv);
#else
ret = benchmark_test(NULL);
#endif
ESP_LOGI(TAG, "Stack used: %d\n",
stack_start - uxTaskGetStackHighWaterMark(NULL));
#if defined(WOLFSSL_HW_METRICS) && defined(WOLFSSL_HAS_METRICS)
esp_hw_show_metrics();
#endif
} while (BENCHMARK_LOOP);
/* Reminder: wolfCrypt_Cleanup should always be called at completion,
esp_hw_show_metrics();
loops++; /* count of the number of tests run before fail. */
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
ESP_LOGI(TAG, "loops = %d", loops);
} while (BENCHMARK_LOOP && (ret == 0));
/* Reminder: wolfCrypt_Cleanup() should always be called at completion,
** and is called in wolf_benchmark_task(). */
#if defined BENCHMARK_LOOP && (BENCHMARK_LOOP == 1)
/* If BENCHMARK_LOOP enabled and we get here, there was likely an error. */
ESP_LOGI(TAG, "Benchmark loops completed: %d", loops);
#endif
#if defined(SINGLE_THREADED)
/* need stack monitor for single thread */
#else
ESP_LOGI(TAG, "Stack HWM: %d\n", uxTaskGetStackHighWaterMark(NULL));
#endif
/* note wolfCrypt_Cleanup() should always be called when finished.
** This is called at the end of wolf_test_task();
*/
#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_ESP32_CRYPT_RSA_PRI)
esp_hw_show_mp_metrics();
#endif
#ifdef INCLUDE_uxTaskGetStackHighWaterMark
ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
ESP_LOGI(TAG, "Stack HWM: %d", uxTaskGetStackHighWaterMark(NULL));
ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
- (uxTaskGetStackHighWaterMark(NULL)));
ESP_LOGI(TAG, "Stack used: %d", CONFIG_ESP_MAIN_TASK_STACK_SIZE
- (uxTaskGetStackHighWaterMark(NULL)));
#endif
#ifdef WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE
@@ -318,19 +332,19 @@ void app_main(void)
ESP_LOGE(TAG, WOLFSSL_ESPIDF_VERBOSE_EXIT_MESSAGE("Failed!", ret));
}
#elif defined(WOLFSSL_ESPIDF_EXIT_MESSAGE)
ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
ESP_LOGI(TAG, WOLFSSL_ESPIDF_EXIT_MESSAGE);
#else
ESP_LOGI(TAG, "\n\nDone!\n\n"
"If running from idf.py monitor, press twice: Ctrl+]");
#endif
/* after the test, we'll just wait */
/* After completion, we'll just wait */
while (1) {
/* do something other than nothing to help next program/debug session*/
#ifndef SINGLE_THREADED
vTaskDelay(1000);
#if defined(SINGLE_THREADED)
while (1);
#else
vTaskDelay(60000);
#endif
}
} /* done while */
#endif /* NO_CRYPT_BENCHMARK */
} /* main */
}

62
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv
View File

@@ -1,31 +1,31 @@
# to view: idf.py partition-table
#
# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 24K,
phy_init,data, phy, 0xf000, 4K,
factory, app, factory, 0x10000, 1500K,
# For other settings, see:
# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
#
# Here is the summary printed for the "Single factory app, no OTA" configuration:
#
# # ESP-IDF Partition Table
# # Name, Type, SubType, Offset, Size, Flags
# nvs, data, nvs, 0x9000, 0x6000,
# phy_init, data, phy, 0xf000, 0x1000,
# factory, app, factory, 0x10000, 1M,
#
#
# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
#
# # ESP-IDF Partition Table
# # Name, Type, SubType, Offset, Size, Flags
# nvs, data, nvs, 0x9000, 0x4000,
# otadata, data, ota, 0xd000, 0x2000,
# phy_init, data, phy, 0xf000, 0x1000,
# factory, app, factory, 0x10000, 1M,
# ota_0, app, ota_0, 0x110000, 1M,
# ota_1, app, ota_1, 0x210000, 1M,
# to view: idf.py partition-table
#
# ESP-IDF Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 24K,
phy_init,data, phy, 0xf000, 4K,
factory, app, factory, 0x10000, 1500K,
# For other settings, see:
# https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/partition-tables.html#creating-custom-tables
#
# Here is the summary printed for the "Single factory app, no OTA" configuration:
#
# # ESP-IDF Partition Table
# # Name, Type, SubType, Offset, Size, Flags
# nvs, data, nvs, 0x9000, 0x6000,
# phy_init, data, phy, 0xf000, 0x1000,
# factory, app, factory, 0x10000, 1M,
#
#
# Here is the summary printed for the "Factory app, two OTA definitions" configuration:
#
# # ESP-IDF Partition Table
# # Name, Type, SubType, Offset, Size, Flags
# nvs, data, nvs, 0x9000, 0x4000,
# otadata, data, ota, 0xd000, 0x2000,
# phy_init, data, phy, 0xf000, 0x1000,
# factory, app, factory, 0x10000, 1M,
# ota_0, app, ota_0, 0x110000, 1M,
# ota_1, app, ota_1, 0x210000, 1M,
Can't render this file because it contains an unexpected character in line 13 and column 39.

78
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults
View File

@@ -1,18 +1,34 @@
# Set the known example app config to template example (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# See separate sdkconfig.defaults.esp8266
# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
CONFIG_BENCH_ARGV="-lng 0"
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size. See user_settings.h
#
# This is typically bigger than needed for stack size.
# Units are words, not bytes. See user_settings.h
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=28672
# Legacy stack size for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=28672
#
# Benchmark must not have CONFIG_NEWLIB_NANO_FORMAT enabled
@@ -30,6 +46,10 @@ CONFIG_ESP_TASK_WDT_EN=n
CONFIG_ESP_SYSTEM_PANIC_PRINT_HALT=y
CONFIG_ESP_INT_WDT=n
# ESP8266 Watchdog:
CONFIG_TASK_WDT=n
CONFIG_TASK_WDT_PANIC=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
@@ -45,6 +65,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max CPU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=n
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
@@ -52,6 +102,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
# CONFIG_MBEDTLS_TLS_SERVER=n
# CONFIG_MBEDTLS_TLS_CLIENT=n
# CONFIG_MBEDTLS_HARDWARE_AES=n
# CONFIG_MBEDTLS_HARDWARE_MPI=n
# CONFIG_MBEDTLS_HARDWARE_SHA=n
# CONFIG_MBEDTLS_ROM_MD5=n
# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
# CONFIG_MBEDTLS_SSL_ALPN=n
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
# CONFIG_MBEDTLS_TLS_ENABLED=n
# CONFIG_MBEDTLS_TLS_DISABLED=y
#
# Compiler options
#

30
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 Normal file
View File

@@ -0,0 +1,30 @@
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y
# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
CONFIG_ESP_TLS_USING_WOLFSSL=n
CONFIG_TLS_STACK_WOLFSSL=n
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=y
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# ESP8266 Watchdog:
CONFIG_TASK_WDT=n
CONFIG_TASK_WDT_PANIC=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y

90
IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
View File

@@ -1,10 +1,19 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -22,45 +31,63 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_client)
message(STATUS "end project")

2
IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile
View File

@@ -1,6 +1,6 @@
# ESP8266 Project Makefile for wolfssl_client
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#

26
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md
View File

@@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t
## Quick Start
Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html)
for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html)
for the ESP8266.
Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266.
Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266)
and set the various parameters for the target device, along with local WiFi settings:
@@ -49,30 +47,30 @@ Difficulty flashing:
* Check that quality USB cables are being used.
* Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable.
* Review board specifications: some require manual boot mode via on-board buttons.
* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf)
* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`.
## ESP-IDF Commandline v5.x
1. `idf.py menuconfig` to config the project
1-1. Example Configuration ->
1-1. Example Configuration ->
Target host ip address : the host that you want to connect to.(default is 127.0.0.1)
1-2. Example Connection Configuration ->
WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI SSID: your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI Password: WIFI password, and default is "mypassword"
Note: the example program uses 11111 port. If you want to use different port
Note: the example program uses 11111 port. If you want to use different port
, you need to modify DEFAULT_PORT definition in the code.
When you want to test the wolfSSL client
1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
2. You can use <wolfssl>/examples/server/server program for test.
1. `idf.py -p <PORT> flash` and then `idf.py monitor` to load the firmware and see the context
2. You can use <wolfssl>/examples/server/server program for test.
e.g. Launch ./examples/server/server -v 4 -b -i -d
@@ -127,8 +125,8 @@ export IDF_PATH=~/esp/ESP8266_RTOS_SDK
export PATH="$PATH:$HOME/esp/xtensa-lx106-elf/bin"
# copy and navigate to project directory
mkdir -p /mnt/c/test/demo
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
mkdir -p /mnt/c/test/demo
cp -r /mnt/c/workspace/wolfssl-master/IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
cd /mnt/c/test/demo
# Clean

140
IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md
View File

@@ -49,7 +49,7 @@ make clean && make
### Others...
```
# Success: Linux Client to ESP32 Server TLS1.2
# Success: Linux Client to ESP32 Server TLS1.2
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem |
| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C |
| emdedded:
| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2 |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
I (636) spi_flash: detected chip: generic
I (639) spi_flash: flash io: dio
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
size in the binary image header.
I (657) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
I (755) wifi:wifi firmware version: 0d470ef
I (755) wifi:wifi certification version: v7.0
I (755) wifi:config NVS flash: enabled
I (755) wifi:config nano formating: disabled
I (755) wifi:config nano formatting: disabled
I (755) wifi:Init data frame dynamic rx buffer num: 32
I (765) wifi:Init management frame dynamic rx buffer num: 32
I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14725) wolfssl: Point Formats extension to write
W (14735) wolfio: ssl->wflags = 0
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
W (14775) wolfio: sz = 87
I (14775) wolfssl: Shrinking output buffer
I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
I (14795) wolfssl: growing output buffer
I (14805) internal.c: GrowOutputBuffer ok
W (14815) wolfio: ssl->wflags = 0
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
W (15135) wolfio: sz = 747
I (15135) wolfssl: Shrinking output buffer
I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
I (15925) wolfssl: growing output buffer
I (15925) internal.c: GrowOutputBuffer ok
W (15925) wolfio: ssl->wflags = 0
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
W (15995) wolfio: sz = 154
I (16005) wolfssl: Shrinking output buffer
I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
I (16035) wolfssl: growing output buffer
I (16035) internal.c: GrowOutputBuffer ok
W (16045) wolfio: ssl->wflags = 0
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
W (16045) wolfio: sz = 9
I (16055) wolfssl: Embed Send error
I (16055) wolfssl: Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
E (16145) tls_server: ERROR: failed to read
I (16145) wolfssl: Client sends:
I (16145) wolfssl:
I (16145) wolfssl:
I (16155) wolfssl: wolfSSL Entering wolfSSL_write
I (16155) wolfssl: handshake not complete, trying to finish
I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
I (16175) wolfssl: wolfSSL Entering ReinitSSL
W (16185) wolfio: ssl->wflags = 0
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
W (16185) wolfio: sz = 9
I (16195) wolfssl: Embed Send error
I (16195) wolfssl: General error

650
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -19,18 +19,148 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.6.0.011 for detect test/benchmark
# Version 5.7.2 Espressif ESP-IDF integration
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
# find the user name to search for possible "wolfssl-username"
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
# Normalize the paths to remove any trailing slashes
get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH)
get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
# Check if the test path starts with the IDF_PATH
string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
if(${pos} EQUAL 0)
message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
set(${RESULT} 1 PARENT_SCOPE)
else()
message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
set(${RESULT} 0 PARENT_SCOPE)
endif()
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
if( IS_WOLSSL_ESP_IDF_COMPONENT )
message(STATUS "This wolfSSL is a component in ESP-IDF.")
if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
idf_component_register()
message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
return()
endif()
endif()
if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
# nothing to do
else()
# Only forward slashes, or double backslashes are supported.
# By the time we get here the sdkconfig file has a value for wolfSSL source code root.
string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Don't include lwip requirement for benchmark and test apps.
if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# ENVIRONMENT_VAR_TO_MACRO
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
else()
if(DEFINED ENV{${EVARPARAM}})
message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
else()
message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
endif()
endif()
endfunction()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
endif()
endfunction()
# *********************************************************************************************
# function: FIND_WOLFSSL_DIRECTORY
# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
#
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
# The parameter is empty, so we certainly need to search.
# First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
# Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
else()
message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
# If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
# This wolfSSL component CMakeLists.txt may be found EITHER in:
# 1) local project component
# 2) ESP-IDF share components
# We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
# That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
# Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
endif() # check environment var blank
else()
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif() # parameter empty
# Check to see if we found a path in environment or config settings, above.
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "Source for wolfSSL not specified in path nor config settings.")
# We'll continue the search by recursing up the directory tree, below.
else()
# Setting found! Does it contain a valid path?
string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
if(WIN32)
message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
endif()
message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
endif()
endif()
# we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
return()
endif()
# Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
if( THIS_USER )
# Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
#if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl-master"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
# when the search directory is empty, we'll give up
# When the parent is current directory, cannot go any further. We didn't find wolfssl.
# When the search directory is empty, we'll give up.
set(CURRENT_SEARCH_DIR "")
endif()
endwhile()
@@ -154,17 +380,64 @@ endfunction()
# Example usage:
#
# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
#
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check for environment variable that may be assigned to macros
ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES for esp8266:")
message(STATUS "THIS_INCLUDE_DRIVER: '${THIS_INCLUDE_DRIVER}'")
message(STATUS "THIS_INCLUDE_TIMER: '${THIS_INCLUDE_TIMER}'")
message(STATUS "Early expansion INCLUDE for esp8266:")
message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
set(THIS_ESP_TLS "")
set(THIS_INCLUDE_DRIVER "")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_PTHREAD "pthread")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_ESP_TLS "esp-tls")
set(THIS_INCLUDE_DRIVER "driver")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_PTHREAD "")
# Let the app know that we've included the esp-tls component requirement.
# This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
# esp_timer
# driver # this will typically only be needed for wolfSSL benchmark
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_PTHREAD}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
@@ -173,48 +446,99 @@ else()
message(STATUS "wolfssl component config:")
message(STATUS "************************************************************************************************")
if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
# There's no esp_timer, no driver components for the ESP8266
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
if(FOUND_WOLFSSL)
message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
else()
# WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
"Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
# Abort CMake after fatal error.
endif()
else()
message(STATUS "NEW wolfssl directory not found.")
message(STATUS "Source code for wolfSSL still not found.")
message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
# Try to allow a more intuitive error that the source code was not found in cmake:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
message(STATUS "Failed: wolfssl source code directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
"Try setting WOLFSSL_ROOT environment variable or git clone.")
message(STATUS "")
message(STATUS "")
message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
message(STATUS "")
message(STATUS "")
# Abort CMake after fatal error. (or not?)
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
# During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
set(USE_LOCAL_TEST_BENCH 0)
if(NOT USE_LOCAL_TEST_BENCH)
if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
endif()
endif()
message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
"\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
) # COMPONENT_SRCDIRS
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h may be in the local project.
# TODO check if exists and possibly set to ESP-IDF
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
file(GLOB EXCLUDE_ASM *.S)
file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
message(STATUS "")
message(STATUS "**************************************************************************************")
message(STATUS "")
message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -291,6 +616,7 @@ else()
message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
"${WOLFSSL_ROOT}/include/user_settings.h "
" (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
# Abort CMake after fatal error.
else()
# we won't overwrite an existing user settings file, just note that we already have one:
if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +688,22 @@ else()
message(STATUS "Could not find RTOS path")
endif()
endif()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"./include" # this is the location of local project wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
${THIS_IDF_PATH}/components/esp_event/include
${THIS_IDF_PATH}/components/esp_netif/include
${THIS_IDF_PATH}/components/esp_wifi/include
"${THIS_IDF_PATH}/components/esp_event/include"
"${THIS_IDF_PATH}/components/esp_netif/include"
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
# Optionally include cryptoauthlib if present
if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
endif()
@@ -399,8 +728,8 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +740,7 @@ else()
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
"\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
"\"${EXCLUDE_ASM}\""
)
@@ -432,22 +762,144 @@ else()
# see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
#
set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
)
# some optional diagnostics
if (1)
if(WOLFSSL_ROOT)
# Only register the component if we found wolfSSL source.
# This is important to allow Cmake to finish to completion, otherwise the UI
# may not be able to display the Kconfig settings to fix a bad or missing source.
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
# Register the component simply to allow CMake to complete, but there's no wolfSSL source.
# Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
idf_component_register()
message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
endif()
# function(WOLFSSL_INIT_CERT_BUNDLE)
if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
endif()
list(APPEND args --input ${crt_paths} -q)
message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
message(STATUS "crt_bundle ${crt_bundle}")
message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
# target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
endif()
# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
if ( ("${_variableName}" STREQUAL "bootloader_binary_files")
OR ("${_variableName}" STREQUAL "Component paths")
OR ("${_variableName}" STREQUAL "component_targets")
OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
OR ("${_variableName}" STREQUAL "val")
OR ("${_variableName}" MATCHES "^__idf_")
)
# Truncate the displayed value:
string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
else()
message(STATUS "${_variableName}=${${_variableName}}")
endif()
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
@@ -455,6 +907,12 @@ else()
endif()
# target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
endif()
endif() # CMAKE_BUILD_EARLY_EXPANSION
@@ -500,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -508,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")
# LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
"show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
endif()
# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
# Flag not found, append it
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
endif()
if(WOLFSSL_ROOT)
message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
# PlatformIO does not process script from from the Espressif cmake process.
# We need to know where wolfSSL source code was found, so save it in the
# PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}")
message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
# See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
if(CONFIG_ESP_TLS_USING_WOLFSSL)
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
else()
message(STATUS "wolfSSL will be used for ESP-TLS")
endif()
else()
message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
endif()
else()
message(STATUS "")
message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
message(STATUS "")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "ERROR: Could not find wolfSSL Source Code")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")

523
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig Normal file
View File

@@ -0,0 +1,523 @@
# Kconfig template
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for esp-idf integration
# Kconfig Format Rules
#
# See:
# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
#
# Format rules for Kconfig files are as follows:
#
# Option names in any menus should have consistent prefixes. The prefix
# currently should have at least 3 characters.
#
# The unit of indentation should be 4 spaces. All sub-items belonging to a
# parent item are indented by one level deeper. For example, menu is indented
# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
# text under help by 12 spaces.
#
# No trailing spaces are allowed at the end of the lines.
#
# The maximum length of options is NOT 50 characters as documented.
# kconfcheck will complain that options should be 40 at most.
#
# Fix option lengths first. Superfluous errors on other lines may occur.
#
# The maximum length of lines is 120 characters.
#
# python -m kconfcheck <path_to_kconfig_file>
#
# ---------------------------------------------------------------------------------------------------------------------
# Begin main wolfSSL configuration menu
# ---------------------------------------------------------------------------------------------------------------------
# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
menu "wolfSSL"
menu "Hardening"
config ESP_WOLFSSL_WC_NO_HARDEN
bool "Disable wolfSSL hardening"
default n
help
Sets WC_NO_HARDEN
config ESP_WOLFSSL_TFM_TIMING_RESISTANT
bool "Enable TFM Timing Resistant Code"
default n
help
Sets TFM_TIMING_RESISTANT.
endmenu # Hardening
config ESP_WOLFSSL_ENABLE_BENCHMARK
bool "Enable wolfSSL Benchmark Library"
default n
help
Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
menu "Benchmark Debug"
config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
bool "Enable benchmark timing debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
bool "Enable benchmark timer debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Turn on timer debugging (used when CPU cycles not available)
endmenu # Benchmark Debug
# -----------------------------------------------------------------------------------------------------------------
# wolfCrypt Test
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ENABLE_TEST
bool "Enable wolfCrypt Test Library"
default n
help
Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
menu "wolfCrypt tests"
config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
bool "Enable wolfCrypt Test Options"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables HAVE_WOLFCRYPT_TEST_OPTIONS
config TEST_ESPIDF_ALL_WOLFSSL
bool "Enable all features to use in tests"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables TEST_ESPIDF_ALL_WOLFSSL
endmenu # wolfCrypt tests
# -----------------------------------------------------------------------------------------------------------------
# Apple HomeKit Options
# -----------------------------------------------------------------------------------------------------------------
menu "Apple HomeKit"
config WOLFSSL_APPLE_HOMEKIT
bool "Enable Apple HomeKit options"
default n
help
Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
endmenu # Apple HomeKit
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_DISABLE_MY_ECC
bool "Disable ECC in my project"
default "n"
help
ECC is enabled by default. Select this option to disable.
config ESP_WOLFSSL_ENABLE_MY_USE_RSA
bool "Enable RSA in my project"
default "n"
help
RSA is disabled by default. Select this option to enable.
config ESP_WOLFSSL_BENCHMARK
bool "Enable wolfSSL Benchmark"
default n
help
Enables user settings relevant to benchmark code
config ESP_TLS_USING_WOLFSSL_SPECIFIED
bool "Use the specified wolfssl for ESP-TLS"
default Y
help
Includes wolfSSL from specified directory (not using esp-wolfssl).
config ESP_WOLFSSL_NO_USE_FAST_MATH
bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
select ESP_WOLFSSL_NO_HW
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
menu "Protocol Config"
config WOLFSSL_HAVE_ALPN
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
config WOLFSSL_ALLOW_TLS13
bool "Allow TLS 1.3"
default y
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_ALLOW_TLS12
bool "Allow TLS 1.2"
default n
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_HAVE_TLS_EXTENSIONS
bool "Enable TLS Extensions"
default y
help
Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
config WOLFSSL_ALT_CERT_CHAINS
bool "Enable Alternate Certificate Chains"
default n
help
The option relaxes the default strict wolfSSL certificate chain processing. This
will typically need to be enabled when loading only a CA file. Typically solves
the -188 ASN_NO_SIGNER_E error. Use with caution.
config WOLFSSL_HAVE_OCSP
bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
default n
help
Sets HAVE_OCSP
endmenu # Protocol Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config TLS_STACK_WOLFSSL
# Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
bool
default n
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
menu "wolfSSL ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
menu "Certificate Bundle"
depends on ESP_TLS_USING_WOLFSSL
config WOLFSSL_CERTIFICATE_BUNDLE
bool "Enable trusted root certificate bundle"
default y if ESP_TLS_USING_WOLFSSL
default n
depends on ESP_TLS_USING_WOLFSSL
help
Enable support for large number of default root certificates
When enabled this option allows user to store default as well
as customer specific root certificates in compressed format rather
than storing full certificate. For the root certificates the public key and the subject name
will be stored.
config WOLFSSL_NO_ASN_STRICT
bool "Relax Certificate ASN Strict Checks"
default n
depends on ESP_TLS_USING_WOLFSSL
help
Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
it is recommended to NOT enable this.
config WOLFSSL_ASN_ALLOW_0_SERIAL
bool "Allow cert missing an ASN Serial Number"
default y
depends on ESP_TLS_USING_WOLFSSL
help
Although not recommended, there may be certificates in the bundle that are missing
a serial number. This option allows the missing value without having to fully
disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
bool "Default certificate bundle options"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
bool "Use the full default certificate bundle"
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
bool "Use only the most common certificates from the default bundles"
help
Use only the most common certificates from the default bundles, reducing the size with 50%,
while still having around 99% coverage.
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
help
Name of the custom certificate directory or file. This path is evaluated
relative to the project root directory.
config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
bool "Add deprecated root certificates"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
help
Include the deprecated list of root certificates in the bundle.
This list gets updated when a certificate is removed from the Mozilla's
NSS root certificate store. This config can be enabled if you would like
to ensure that none of the certificates that were deployed in the product
are affected because of the update to bundle. In turn, enabling this
config keeps expired, retracted certificates in the bundle and it may
pose a security risk.
- Deprecated cert list may grow based based on sync with upstream bundle
- Deprecated certs would be be removed in ESP-IDF (next) major release
config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
int "Maximum no of certificates allowed in certificate bundle"
default 200
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
endmenu
endmenu # wolfSSL ESP-TLS
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
bool "Modify default hardware acceleration settings"
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
Typically used for debugging, analysis, or optimizations. The default
hardware acceleration features can be each manually adjusted.
menu "wolfSSL Hardware Acceleration"
config ESP_WOLFSSL_NO_ESP32_CRYPT
bool "Disable all ESP32 Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
Consider disabling FASTMATH (other libraries are faster in software and smaller)
config ESP_WOLFSSL_NO_HW_AES
bool "Disable all ESP32 AES Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.When selected defines: NO_HW_AES
config ESP_WOLFSSL_NO_HW_HASH
bool "Disable all ESP32 SHA Hash Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
config ESP_WOLFSSL_NO_HW_RSA_PRI
bool "Disable all ESP32 RSA Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
bool "Disable all ESP32 Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.
Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
bool "Enable debugging of RSA Multiplication operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
multiplication operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
bool "Enable debugging of RSA Modular operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
modular math operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Experimental Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Debug Options"
config ESP_WOLFSSL_DEBUG_WOLFSSL
bool "Enable wolfSSL Debugging"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Customization"
config CUSTOM_SETTING_WOLFSSL_ROOT
string "Enter a path for wolfSSL source code"
default "~/workspace/wolfssl"
help
This option lets you specify a directory for the wolfSSL source code (typically a git clone).
Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
(e.g., C:\\myfolder\\mysubfolder).
endmenu # wolfSSL Customization
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Component Config"
config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
bool "Ignore the ESP-IDF component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
config IGNORE_LOCAL_WOLFSSL_COMPONENT
bool "Ignore the local component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the local project components directory.
Requires wolfssl as a ESP-IDF component.
endmenu # Component Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Utility Config"
config USE_WOLFSSL_ESP_SDK_TIME
bool "Enable wolfSSL time helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
config USE_WOLFSSL_ESP_SDK_WIFI
bool "Enable wolfSSL WiFi helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
endmenu # Utility Config
endmenu # wolfSSL
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfSSH"
config ESP_ENABLE_WOLFSSH
bool "Enable wolfSSH options"
default n
help
Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
config ESP_WOLFSSL_DEBUG_WOLFSSH
bool "Enable wolfSSH debugging"
default n
help
Enable wolfSSH debugging macro. See user_settings.h
endmenu # wolfSSH
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfMQTT"
config ESP_ENABLE_WOLFMQTT
bool "Enable wolfMQTT options"
default n
help
Enables WOLFMQTT
config ESP_WOLFSSL_DEBUG_WOLFMQTT
bool "Enable wolfMQTT debugging"
default n
help
Enable wolfMQTT debugging macro. See user_settings.h
endmenu # wolfMQTT
# ---------------------------------------------------------------------------------------------------------------------

162
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md Normal file
View File

@@ -0,0 +1,162 @@
# wolfSSL Espressif Component
This is the directory for wolfSSL as an Espressif ESP-IDF component.
Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
## Directory Contents
This directory must contain, at a minimum:
- `CMakeLists.txt`
- `./include/user_settings.h`
The directory should also contain:
- `Kconfig`
- `component.mk`
The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
- A hard-coded `WOLFSSL_ROOT` cmake variable.
- `WOLFSSL_ROOT` Environment Variable
- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
- Any parent directories, up to the root (if this directory is a project component)
While recursing up the directory tree, the following names of wolfSSL directories will be considered:
- `wolfssl-[current user name]`
- `wolfssl-master`
- `wolfssl`
## Getting Started
See the `Espressif Getting Started Guide`.
```
# Set environment variable to ESP-IDF location
# For example, VisualGDB in WSL
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
# Or wherever the ESP-IDF is installed:
WRK_IDF_PATH=~/esp/esp-idf
echo "Run export.sh from ${WRK_IDF_PATH}"
. ${WRK_IDF_PATH}/export.sh
cd [your project]
idf.py menuconfig
```
Enable wolfSSL to be used in the ESP-TLS:
```
Component config --->
ESP-TLS --->
Choose SSL/TLS library for ESP-TLS (See help for more Info)
(X) wolfSSL (License info in wolfSSL directory README)
```
Adjust wolfSSL settings, such as path to source code as needed:
```
Component config --->
wolfSSL --->
[*] Include wolfSSL in ESP-TLS
[*] Use the specified wolfssl for ESP-TLS
(~/workspace/wolfssl) Enter a path for wolfSSL source code
```
## Configuration
All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
before any other wolfSSL headers, like this:
```c
/* ESP-IDF */
#include <esp_log.h>
#include "sdkconfig.h"
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#if defined(WOLFSSL_USER_SETTINGS)
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ESPIDF)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#endif
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
```
## Examples
See the wolfSSL examples:
- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
## Platforms
The ESP-IDF wolfSSL is also available for PlatformIO:
- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
The wolfSSL library can also be used for Espressif with Arduino:
- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
## Additional Information
- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
- [wolfSSL Products](https://www.wolfssl.com/products/)
- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
- [More...](https://www.wolfssl.com/?s=espressif)
## Contact
Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
## Licensing and Support
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)

76
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -20,7 +20,7 @@
$(info *********** wolfssl component ************)
#
#
# Component Makefile
#
#
@@ -66,7 +66,19 @@ CFLAGS +=-DWOLFSSL_USER_SETTINGS
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here (the location of of this component.mk):
WOLFSSL_ROOT := ../../../../../../..
#
WOLFSSL_ROOT ?= ../../../../../../..
THIS_DIR := $(shell pwd)
WOLFSSL_ROOT_OBJ := $(THIS_DIR)
# When running make from commandline or VisualGDB, the current path varies:
ifeq ("$(VISUALGDB_DIR)","")
# current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
else
# current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
endif
# To set the location of a different location, it is best to use relative paths.
#
@@ -82,7 +94,7 @@ WOLFSSL_ROOT := ../../../../../../..
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[currect directory]/components/wolfssl`.
# in `[current directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
@@ -92,14 +104,16 @@ WOLFSSL_ROOT := ../../../../../../..
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
$(info THIS_DIR defined: $(THIS_DIR))
$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
@@ -109,6 +123,7 @@ COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
@@ -122,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
##
## wolfSSL
##
COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
# COMPONENT_OBJS += src/conf.o
## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
##
# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # part of ssl.c, omitted to avoid "does not need to be compiled separately"
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
# COMPONENT_OBJS += src/pk.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -154,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
# COMPONENT_OBJS += src/x509.o
# COMPONENT_OBJS += src/x509_str.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o # part of ssl.c
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
##
## wolfcrypt
@@ -188,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_kyber.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -251,8 +266,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
@@ -276,21 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
##
## wolfcrypt benchmark (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
##
## wolfcrypt test (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
##
## wolfcrypt
##
## COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
$(info ********** end wolfssl component **********)

649
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
/* wolfssl-component include/user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,21 +18,202 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
/* This user_settings.h is for Espressif ESP-IDF */
/* Examples such as test and benchmark are known to cause watchdog timeouts.
* Note this is often set in project Makefile:
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
#define WOLFSSL_ESP_NO_WATCHDOG 1
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
/* #define DEBUG_WOLFSSL */
/* #define DEBUG_WOLFSSL_VERBOSE */
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here.
*
* When editing this file:
* ensure all examples match. The template example is the reference.
*/
/* Naming convention: (see also esp32-crypt.h for the reference source).
*
* CONFIG_
* This prefix indicates the setting came from the sdkconfig / Kconfig.
*
* May or may not be related to wolfSSL.
*
* The name after this prefix must exactly match that in the Kconfig file.
*
* WOLFSSL_
* Typical of many, but not all wolfSSL macro names.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* May or may not have a corresponding sdkconfig / Kconfig control.
*
* ESP_WOLFSSL_
* These are NOT valid wolfSSL macro names. These are names only used in
* the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
* suffix added. See next section.
*
* CONFIG_ESP_WOLFSSL_
* This is a wolfSSL-specific macro that has been defined in the ESP-IDF
* via the sdkconfig / menuconfig. Any text after this prefix should
* exactly match an existing wolfSSL macro name.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* These macros may also be specific to only the project or environment,
* and possibly not used anywhere else in the wolfSSL libraries.
*/
/* The Espressif sdkconfig will have chipset info.
**
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
** CONFIG_IDF_TARGET_ESP32S3
** CONFIG_IDF_TARGET_ESP32C3
** CONFIG_IDF_TARGET_ESP32C6
*/
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* Test various user_settings between applications by selecting example apps
* in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
/* Turn on messages that are useful to see only in examples. */
#define WOLFSSL_EXAMPLE_VERBOSITY
/* Paths can be long, ensure the entire value printed during debug */
#define WOLFSSL_MAX_ERROR_SZ 500
/* wolfSSL Examples: set macros used in example applications.
*
* These Settings NOT available in ESP-IDF (e.g. esp-tls)
*
* Any settings needed by ESP-IDF components should be explicitly set,
* and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
*
* ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfSSH Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfMQTT Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfTPM Examples */
#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
/* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Apple HomeKit Examples */
#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* See https://github.com/AchimPieters/esp32-homekit-demo */
/* no example selected */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
/* We'll assume the app needs to use wolfSSL sdk lib function */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Other applications detected by cmake */
#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
/* The wolfSSL Version of the client example */
#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
/* Less memory available, so smaller key sizes: */
#define FP_MAX_BITS (4096 * 2)
#else
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#elif defined(APP_ESP_HTTP_CLIENT)
/* The ESP-IDF Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#else
#ifdef WOLFSSL_ESPIDF
/* #warning "App config undetected" */
#endif
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#if 0
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
@@ -42,6 +223,17 @@
#endif
#endif
/* Enable AES for all examples */
#ifdef NO_AES
#warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
#else
#define WOLFSSL_AES
#define WOLFSSL_AES_COUNTER
/* Typically only needed for wolfssl_test, see docs. */
#define WOLFSSL_AES_DIRECT
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
@@ -58,14 +250,76 @@
** CONFIG_IDF_TARGET_ESP32C6
*/
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#endif /* Apple HomeKit settings */
/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
#define NO_ESP_SDK_WIFI
/* Used by ESP-IDF components: */
#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
/* The ESP-TLS */
#ifndef FP_MAX_BITS
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP8266)
/* Optionally set smaller size here */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#else
#define FP_MAX_BITS (4096 * 2)
#endif
#endif
#define HAVE_ALPN
#ifndef CONFIG_IDF_TARGET_ESP8266
/* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
* API for SNI will not be seen in the components/esp-tls layer.
* Only enable SNI for non-ESP8266 targets by default: */
#define HAVE_SNI
#endif
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#endif
/* Optionally enable some wolfSSH settings */
#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
/* Enable wolfSSH. Espressif examples need a few more settings, below */
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
/* optional debug */
/* #undef DEBUG_WOLFSSH */
/* #define DEBUG_WOLFSSH */
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/*
* ONE of these Espressif chipsets should be defined:
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
@@ -84,11 +338,28 @@
#endif
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
#define SINGLE_THREADED
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate, try NO_SESSION_CACHE. */
#define MICRO_SESSION_CACHE
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
#define NO_SESSION_CACHE
/* Small Stack uses more heap. */
#define WOLFSSL_SMALL_STACK
/* Full debugging turned off, but show malloc failure detail */
/* #define DEBUG_WOLFSSL */
#define DEBUG_WOLFSSL_MALLOC
/* See test.c that sets cert buffers; we'll set them here: */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
@@ -103,19 +374,44 @@
#define BENCH_EMBEDDED
#define WOLFSSL_SMALL_STACK
#define HAVE_ECC
#define RSA_LOW_MEM
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_HKDF
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
/* May be required */
#ifndef HAVE_AEAD
#endif
/* Required for ECC */
#define HAVE_SUPPORTED_CURVES
/* Required for RSA */
#define WC_RSA_PSS
/* TLS 1.3 normally requires HAVE_FFDHE */
#if defined(HAVE_FFDHE_2048) || \
defined(HAVE_FFDHE_3072) || \
defined(HAVE_FFDHE_4096) || \
defined(HAVE_FFDHE_6144) || \
defined(HAVE_FFDHE_8192)
#else
#define HAVE_FFDHE_2048
/* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
/* Optionally set smaller size here */
#ifdef HAVE_FFDHE_4096
/* this size may be problematic on the C2 */
#endif
#define HAVE_FFDHE_2048
#else
#define HAVE_FFDHE_4096
#endif
#define NO_FILESYSTEM
@@ -132,30 +428,72 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* Some known low-memory devices have features not enabled by default. */
/* TODO determine low memory configuration for ECC. */
#else
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* #define WOLFSSL_SHA3 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#endif
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519
#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
#define MY_USE_ECC 0
#define MY_USE_RSA 1
#else
#define MY_USE_ECC 1
#define MY_USE_RSA 0
#endif
/* We can use either or both ECC and RSA, but must use at least one. */
#if MY_USE_ECC || MY_USE_RSA
#if MY_USE_ECC
/* ---- ECDSA / ECC ---- */
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_SHA512
/*
#define HAVE_ECC384
#define CURVE25519_SMALL
*/
#else
#define WOLFSSH_NO_ECC
/* WOLFSSH_NO_ECDSA is typically defined automatically,
* here for clarity: */
#define WOLFSSH_NO_ECDSA
#endif
#if MY_USE_RSA
/* ---- RSA ----- */
/* #define RSA_LOW_MEM */
/* DH disabled by default, needed if ECDSA/ECC also turned off */
#define HAVE_DH
#else
#define WOLFSSH_NO_RSA
#endif
#else
#error "Either RSA or ECC must be enabled"
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* when you want to use pkcs7 */
/* #Optional HAVE_PKCS7 */
/* #define HAVE_PKCS7 */
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
#define NO_PBKDF2
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
@@ -175,25 +513,11 @@
/* #define CUSTOM_SLOT_ALLOCATION */
#endif
/* RSA primitive specific definition */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Define USE_FAST_MATH and SMALL_STACK */
#define ESP32_USE_RSA_PRIMITIVE
/* WC_NO_CACHE_RESISTANT: slower but more secure */
/* #define WC_NO_CACHE_RESISTANT */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
/* TFM_TIMING_RESISTANT: slower but more secure */
/* #define TFM_TIMING_RESISTANT */
/* #define WOLFSSL_ATECC508A_DEBUG */
@@ -204,23 +528,40 @@
/* #define XTIME time */
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x249F00
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
#define HASH_SIZE_LIMIT /* for test.c */
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
/* USE_FAST_MATH is default */
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
/***** Use Integer Heap Math *****/
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
/* Just syntax highlighting to check math libraries: */
#if defined(SP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_FAST_MATH) || \
defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
@@ -230,13 +571,26 @@
/* #define HAVE_HASHDRBG */
#if 0
/* Example for additional cert functions */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_CERT_TEXT
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
#endif
#define WOLFSSL_ASN_TEMPLATE
@@ -256,11 +610,66 @@
--enable-asn-template
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings, possible cipher suites:
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
TLS13-SM4-GCM-SM3
TLS13-SM4-CCM-SM3
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
"TLS13-SM4-CCM-SM3:"
*/
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#define HAVE_POLY1305
#define HAVE_CHACHA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#else
/* default settings */
#define USE_CERT_BUFFERS_2048
#endif
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@@ -378,12 +787,16 @@
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
/* Consider using the ESP32-C2/C3/C6 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#ifndef FP_MAX_BITS
/* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#endif
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -395,7 +808,7 @@
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW accleration */
/* Anything else encountered, disable HW acceleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -403,29 +816,84 @@
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */
/* RSA primitive specific definition, listed AFTER the Chipset detection */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Consider USE_FAST_MATH and SMALL_STACK */
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#endif
#endif
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#endif
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn wolfSSL debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
*/
#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
/* Pause in a loop rather than exit. */
/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
#define WOLFSSL_HW_METRICS
/* #define HASH_SIZE_LIMIT */ /* for test.c */
/* for test.c */
/* #define HASH_SIZE_LIMIT */
/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
/* Optionally turn off HW math checks */
/* #define NO_HW_MATH_TEST */
/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -466,6 +934,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@@ -543,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -562,6 +1039,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -584,3 +1064,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/

54
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt
View File

@@ -1,35 +1,43 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.0
# v1.2
#
# wolfssl client test
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
# `driver` component not available for ESP8266
SET(THIS_PRIV_REQUIRES_DRIVER "")
else()
SET(THIS_PRIV_REQUIRES_DRIVER "driver")
endif()
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
wifi_connect.c
time_helper.c
client-tls.c
INCLUDE_DIRS "."
"./include")
#
"./include"
PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
"${THIS_PRIV_REQUIRES_DRIVER}"
nvs_flash
protocol_examples_common)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

99
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild
View File

@@ -1,4 +1,101 @@
menu "Example Configuration"
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example wolfSSL Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config WOLFSSL_TARGET_HOST
string "Target host"

40
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c
View File

@@ -1,6 +1,6 @@
/* client-tls.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,6 +18,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include "client-tls.h"
/* Espressif FreeRTOS */
@@ -36,11 +37,13 @@
/* wolfSSL */
#include <wolfssl/wolfcrypt/settings.h>
/* This project not yet using the library */
#undef USE_WOLFSSL_ESP_SDK_WIFI
#include <wolfssl/ssl.h>
#if defined(WOLFSSL_WC_KYBER)
#include <wolfssl/wolfcrypt/kyber.h>
#include <wolfssl/wolfcrypt/wc_kyber.h>
#if defined(WOLFSSL_WC_MLKEM)
#include <wolfssl/wolfcrypt/mlkem.h>
#include <wolfssl/wolfcrypt/wc_mlkem.h>
#endif
#if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
#include <wolfssl/certs_test.h>
@@ -204,7 +207,6 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
size_t len;
wolfSSL_Debugging_ON();
WOLFSSL_ENTER(TLS_SMP_CLIENT_TASK_NAME);
doPeerCheck = 1;
@@ -238,8 +240,8 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
/* Create and initialize WOLFSSL_CTX */
ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); /* SSL 3.0 - TLS 1.3. */
/* options: */
/* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); only TLS 1.2 */
/* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); only TLS 1.3 */
/* ctx = wolfSSL_CTX_new(wolfSSLv1_2_client_method()); only TLS 1.2 */
/* ctx = wolfSSL_CTX_new(wolfSSLv1_3_client_method()); only TLS 1.3 */
/* wolfSSL_CTX_NoTicketTLSv12(); */
/* wolfSSL_NoTicketTLSv12(); */
if (ctx == NULL) {
@@ -305,11 +307,11 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
/* no peer check */
if (doPeerCheck == 0) {
ESP_LOGW(TAG, "doPeerCheck == 0");
ESP_LOGW(TAG, "doPeerCheck == 0; WOLFSSL_VERIFY_NONE");
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
}
else {
ESP_LOGW(TAG, "doPeerCheck != 0");
ESP_LOGI(TAG, "doPeerCheck != 0");
WOLFSSL_MSG("Loading... our cert");
/* load our certificate */
ret_i = wolfSSL_CTX_use_certificate_chain_buffer_format(ctx,
@@ -395,22 +397,22 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGI(TAG, "tls_smp_client_task heap @ %p = %d",
&this_heap, this_heap);
#endif
#if defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_MLKEM)
#if defined(WOLFSSL_KYBER1024)
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL5");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
#elif defined(WOLFSSL_KYBER768)
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL3");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL3);
#elif defined(WOLFSSL_KYBER512)
/* This will typically be a low memory situation, such as ESP8266 */
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is enabled, setting key share: "
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is enabled, setting key share: "
"WOLFSSL_P256_KYBER_LEVEL1");
ret_i = wolfSSL_UseKeyShare(ssl, WOLFSSL_P256_KYBER_LEVEL1);
#else
ESP_LOGW(TAG, "WOLFSSL_HAVE_KYBER enabled but no key size available.");
ESP_LOGW(TAG, "WOLFSSL_HAVE_MLKEM enabled but no key size available.");
ret_i = ESP_FAIL;
#endif
if (ret_i == WOLFSSL_SUCCESS) {
@@ -420,7 +422,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
ESP_LOGE(TAG, "UseKeyShare Kyber failed");
}
#else
ESP_LOGI(TAG, "WOLFSSL_HAVE_KYBER is not enabled");
ESP_LOGI(TAG, "WOLFSSL_HAVE_MLKEM is not enabled");
#endif
}
@@ -460,6 +462,9 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args)
}
ESP_LOGI(TAG, "Connect to wolfSSL server...");
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
ret_i = wolfSSL_connect(ssl);
#ifdef DEBUG_WOLFSSL
this_heap = esp_get_free_heap_size();
@@ -570,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
#else
xTaskHandle _handle;
#endif
/* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */
/* See Espressif api-reference/system/freertos_idf.html#functions */
if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) {
/* Observed approximately 6KB limit for the RTOS task stack size.
* Reminder parameter is bytes, not words as with generic FreeRTOS. */
@@ -582,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args)
#endif
/* Note that despite vanilla FreeRTOS using WORDS for a parameter,
* Espressif uses BYTES for the task stack size here.
* See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */
* Espressif uses BYTES for the task stack size here. */
ret = xTaskCreate(tls_smp_client_task,
TLS_SMP_CLIENT_TASK_NAME,
TLS_SMP_CLIENT_TASK_BYTES,

14
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
View File

@@ -1,6 +1,6 @@
/* client-tls.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -29,9 +29,9 @@
/* See main/Kconfig.projbuild for default configuration settings */
#ifdef CONFIG_WOLFSSL_TARGET_HOST
#define TLS_SMP_TARGET_HOST "192.168.1.36"
#define TLS_SMP_TARGET_HOST CONFIG_WOLFSSL_TARGET_HOST
#else
#define TLS_SMP_TARGET_HOST "192.168.1.41"
#define TLS_SMP_TARGET_HOST "192.168.1.37"
#endif
#ifdef CONFIG_WOLFSSL_TARGET_PORT
@@ -44,7 +44,7 @@
/* Reminder: Vanilla FreeRTOS is words, Espressif is bytes. */
#if defined(WOLFSSL_ESP8266)
#if defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_MLKEM)
/* Minimum ESP8266 stack size = 10K with Kyber.
* Note there's a maximum not far away as Kyber needs heap
* and the total DRAM is typically only 80KB total. */
@@ -54,12 +54,12 @@
#define TLS_SMP_CLIENT_TASK_BYTES (6 * 1024)
#endif
#else
#if defined(WOLFSSL_HAVE_KYBER)
#if defined(WOLFSSL_HAVE_MLKEM)
/* Minimum ESP32 stack size = 12K with Kyber enabled. */
#define TLS_SMP_CLIENT_TASK_BYTES (12 * 1024)
#else
/* Minimum ESP32 stack size = 8K without Kyber */
#define TLS_SMP_CLIENT_TASK_BYTES (8 * 1024)
#define TLS_SMP_CLIENT_TASK_BYTES (10 * 1024)
#endif
#endif
@@ -87,7 +87,7 @@ WOLFSSL_ESP_TASK tls_smp_client_task(void* args);
/* init will create an RTOS task, otherwise server is simply function call. */
#if defined(SINGLE_THREADED)
/* no init neded */
/* no init needed */
#else
WOLFSSL_ESP_TASK tls_smp_client_init(void* args);
#endif

5
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h
View File

@@ -1,6 +1,6 @@
/* wolfssl_client main.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,7 +18,10 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _MAIN_H_
#define _MAIN_H_
void app_main(void);
#endif

6
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h
View File

@@ -1,6 +1,6 @@
/* time_helper.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -24,8 +24,8 @@
#ifndef _TIME_HELPER_H_
#define _TIME_HELPER_H_
/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
* See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
* release v5.0 See Espressif api-reference/system/system_time
*/
#ifdef __cplusplus

18
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h
View File

@@ -1,6 +1,6 @@
/* wifi_connect.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -103,23 +103,29 @@
** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
*/
#if defined(CONFIG_ESP_WIFI_SSID)
/* tyically from ESP32 with ESP-IDF v4 ot v5 */
/* tyically from ESP32 with ESP-IDF v4 to v5 */
#define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID
#elif defined(CONFIG_EXAMPLE_WIFI_SSID)
/* tyically from ESP8266 rtos-sdk/v3.4 */
/* typically from ESP8266 rtos-sdk/v3.4 */
#define EXAMPLE_ESP_WIFI_SSID CONFIG_EXAMPLE_WIFI_SSID
#else
#define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
/* See new esp-sdk-lib.h helpers: */
#ifndef EXAMPLE_ESP_WIFI_SSID
#define EXAMPLE_ESP_WIFI_SSID "MYSSID_WIFI_CONNECT"
#endif
#endif
#if defined(CONFIG_ESP_WIFI_PASSWORD)
/* tyically from ESP32 with ESP-IDF v4 or v5 */
#define EXAMPLE_ESP_WIFI_PASS CONFIG_ESP_WIFI_PASSWORD
#elif defined(CONFIG_EXAMPLE_WIFI_SSID)
/* tyically from ESP8266 rtos-sdk/v3.4 */
/* typically from ESP8266 rtos-sdk/v3.4 */
#define EXAMPLE_ESP_WIFI_PASS CONFIG_EXAMPLE_WIFI_PASSWORD
#else
#define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
/* See new esp-sdk-lib.h helpers: */
#ifndef EXAMPLE_ESP_WIFI_PASS
#define EXAMPLE_ESP_WIFI_PASS "MYPASSWORD_WIFI_CONNECT"
#endif
#endif
#endif

48
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c
View File

@@ -1,6 +1,6 @@
/* main.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -28,22 +28,32 @@
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
/* This project not yet using the library */
#undef USE_WOLFSSL_ESP_SDK_WIFI
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
/* this project */
#include "client-tls.h"
#include "time_helper.h"
#ifndef CONFIG_IDF_TARGET_ESP32H2
#ifdef CONFIG_IDF_TARGET_ESP32H2
/* There's no WiFi on ESP32-H2.
* For wired ethernet, see:
* https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32/TLS13-ENC28J60-client */
#else
#include "wifi_connect.h"
/*
* Note ModBus TCP cannot be disabled on ESP8266 tos-sdk/v3.4
@@ -123,8 +133,12 @@ void my_atmel_free(int slotId)
/* Entry for FreeRTOS */
void app_main(void)
{
#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark
int stack_start = 0;
#endif
#if !defined(SINGLE_THREADED)
int this_heap = 0;
#endif
esp_err_t ret = 0;
ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
@@ -132,7 +146,10 @@ void app_main(void)
ESP_LOGI(TAG, "---------------------- BEGIN MAIN ----------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
ESP_LOGI(TAG, "--------------------------------------------------------");
#ifdef ESP_SDK_MEM_LIB_VERSION
#if !defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
ESP_LOGW(TAG, "Warning: Example wolfSSL misconfigured? Check menuconfig.");
#endif
#if defined(ESP_SDK_MEM_LIB_VERSION) && defined(DEBUG_WOLFSSL)
sdk_init_meminfo();
#endif
#ifdef ESP_TASK_MAIN_STACK
@@ -155,7 +172,7 @@ void app_main(void)
* the minimum free stack space there has been (in bytes not words, unlike
* vanilla FreeRTOS) since the task started. The smaller the returned
* number the closer the task has come to overflowing its stack.
* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html
* see Espressif api-reference/system/freertos_idf
*/
stack_start = uxTaskGetStackHighWaterMark(NULL);
#ifdef ESP_SDK_MEM_LIB_VERSION
@@ -172,7 +189,15 @@ void app_main(void)
#ifdef HAVE_VERSION_EXTENDED_INFO
esp_ShowExtendedSystemInfo();
#endif
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_OFF();
#endif
#ifdef CONFIG_IDF_TARGET_ESP32H2
ESP_LOGE(TAG, "No WiFi on the ESP32-H2 and ethernet not yet supported");
while (1) {
vTaskDelay(60000);
}
#endif
/* Set time for cert validation.
* Some lwIP APIs, including SNTP functions, are not thread safe. */
ret = set_time(); /* need to setup NTP before WiFi */
@@ -267,7 +292,6 @@ void app_main(void)
- (uxTaskGetStackHighWaterMark(NULL))
);
ESP_LOGI(TAG, "Starting TLS Client task ...\n");
ESP_LOGI(TAG, "main tls_smp_client_init heap @ %p = %d",
&this_heap, this_heap);
tls_smp_client_init(args);

40
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c
View File

@@ -1,6 +1,6 @@
/* time_helper.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -19,12 +19,30 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* See https://tf.nist.gov/tf-cgi/servers.cgi */
/* common Espressif time_helper v5.6.6.001 */
#include "sdkconfig.h"
/* common Espressif time_helper */
#include "time_helper.h"
#include "sdkconfig.h"
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
/* This project not yet using the library */
#undef USE_WOLFSSL_ESP_SDK_WIFI
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
#include <esp_log.h>
#include <esp_idf_version.h>
@@ -41,8 +59,8 @@
/* TODO Consider non ESP-IDF environments */
#endif
/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0
* See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues
/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from
* release v5.0. See: Espressif api-reference/system/system_time
*/
/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */
@@ -186,7 +204,7 @@ int set_time_from_string(const char* time_buffer)
int quote_offset = 0;
int ret = 0;
/* perform some basic sanity checkes */
/* perform some basic sanity checks */
ret = probably_valid_time_string(time_buffer);
if (ret == ESP_OK) {
/* we are expecting the string to be encapsulated in single quotes */
@@ -200,7 +218,7 @@ int set_time_from_string(const char* time_buffer)
&day, &hour, &minute, &second, &year, &offset);
if (ret == 8) {
/* we found a match for all componets */
/* we found a match for all components */
const char *months[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
@@ -264,7 +282,7 @@ int set_time(void)
esp_show_current_datetime();
#ifdef LIBWOLFSSL_VERSION_GIT_HASH_DATE
/* initialy set a default approximate time from recent git commit */
/* initially set a default approximate time from recent git commit */
ESP_LOGI(TAG, "Found git hash date, attempting to set system date: %s",
LIBWOLFSSL_VERSION_GIT_HASH_DATE);
set_time_from_string(LIBWOLFSSL_VERSION_GIT_HASH_DATE"\0");
@@ -285,7 +303,7 @@ int set_time(void)
if (NTP_SERVER_COUNT) {
/* next, let's setup NTP time servers
*
* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization
* see Espressif api-reference/system/system_time
*
* WARNING: do not set operating mode while SNTP client is running!
*/

30
IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c
View File

@@ -1,6 +1,6 @@
/* wifi_connect.c
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -31,12 +31,22 @@
#include <esp_wifi.h>
/* wolfSSL */
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
/* This project not yet using the library */
#undef USE_WOLFSSL_ESP_SDK_WIFI
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
/* When there's too little heap, WiFi quietly refuses to connect */
@@ -137,7 +147,7 @@ int wifi_init_sta(void)
};
/* Setting a password implies station will connect to all security modes including WEP/WPA.
* However these modes are deprecated and not advisable to be used. Incase your Access point
* However these modes are deprecated and not advisable to be used. In case your Access point
* doesn't support WPA2, these mode can be enabled by commenting below line */
if (strlen((char *)wifi_config.sta.password)) {
@@ -198,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
ESP_LOGI(TAG, "got ip:%s",
ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip));
#endif
/* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */
/* see Espressif api-reference/system/freertos_idf */
xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
break;
case SYSTEM_EVENT_STA_DISCONNECTED:
@@ -315,7 +325,7 @@ int wifi_init_sta(void)
.ssid = EXAMPLE_ESP_WIFI_SSID,
.password = EXAMPLE_ESP_WIFI_PASS,
/* Authmode threshold resets to WPA2 as default if password matches
* WPA2 standards (pasword len => 8). If you want to connect the
* WPA2 standards (password len => 8). If you want to connect the
* device to deprecated WEP/WPA networks, Please set the threshold
* value WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK and set the password with
* length and format matching to WIFI_AUTH_WEP/WIFI_AUTH_WPA_PSK

71
IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults
View File

@@ -1,18 +1,31 @@
# Set the known example app config to TLS Client (see user_settings.h)
CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT=y
# CONFIG_EXAMPLE_WIFI_SSID="myssid"
# CONFIG_EXAMPLE_WIFI_PASSWORD="mypassword"
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=y
# sdkconfig.defaults for ESP8266 + ESP32
# Note that during the build process, settings from sdkconfig.defaults will not override those already in sdkconfig.
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#custom-sdkconfig-defaults
CONFIG_BENCH_ARGV="-lng 0"
# See separate sdkconfig.defaults.esp8266
# FreeRTOS ticks at 1ms interval
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
CONFIG_ESP32_DEFAULT_CPU_FREQ_240=y
#
# Default main stack size. See user_settings.h
#
# This is typically bigger than needed for stack size.
# Units are words, not bytes. See user_settings.h
#
# For wolfSSL SMALL_STACK, 3072 bytes should be sufficient for benchmark app.
# When using RSA, assign at least 10500 bytes, otherwise 5500 usually works for others
# We set this to 28672 for use in the "test everything possible" in the wolfssl_test app.
CONFIG_ESP_MAIN_TASK_STACK_SIZE=10500
# Legacy stack size for older ESP-IDF versions
# Legacy stack size name for older ESP-IDF versions
CONFIG_MAIN_TASK_STACK_SIZE=10500
#
@@ -50,6 +63,36 @@ CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max CPU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
# Enable wolfSSL TLS in esp-tls
# CONFIG_ESP_TLS_USING_WOLFSSL=y
# CONFIG_TLS_STACK_WOLFSSL=y
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=y
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=n
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# Some wolfSSL helpers
CONFIG_USE_WOLFSSL_ESP_SDK_TIME=n
# CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS is not set
CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# Performance
# CONFIG_COMPILER_OPTIMIZATION_PERF=y
# Set max COU frequency (falls back as needed for lower maximum)
CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
@@ -57,6 +100,26 @@ CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_240=y
CONFIG_FREERTOS_UNICORE=y
CONFIG_FREERTOS_HZ=1000
# Ensure mbedTLS options are disabled
# CONFIG_MBEDTLS_TLS_SERVER_AND_CLIENT=n
# CONFIG_MBEDTLS_TLS_CLIENT_ONLY=n
# CONFIG_MBEDTLS_TLS_SERVER=n
# CONFIG_MBEDTLS_TLS_CLIENT=n
# CONFIG_MBEDTLS_HARDWARE_AES=n
# CONFIG_MBEDTLS_HARDWARE_MPI=n
# CONFIG_MBEDTLS_HARDWARE_SHA=n
# CONFIG_MBEDTLS_ROM_MD5=n
# CONFIG_MBEDTLS_SSL_RENEGOTIATION=n
# CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=n
# CONFIG_MBEDTLS_SSL_PROTO_GMTSSL1_1=n
# CONFIG_MBEDTLS_SSL_ALPN=n
# CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS=n
# CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS=n
# The same-name config is used for both WiFi and client/server TLS, so we cannot disable:
# CONFIG_MBEDTLS_TLS_ENABLED=n
# CONFIG_MBEDTLS_TLS_DISABLED=y
#
# Compiler options
#

7
IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 Normal file
View File

@@ -0,0 +1,7 @@
#
# Main XTAL Config
#
CONFIG_XTAL_FREQ_26=y
# CONFIG_XTAL_FREQ_40 is not set
CONFIG_XTAL_FREQ=26
# end of Main XTAL Config

30
IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 Normal file
View File

@@ -0,0 +1,30 @@
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y
# Enable wolfSSL TLS in esp-tls (not yet supported in RTOS SDK 3.4
CONFIG_ESP_TLS_USING_WOLFSSL=n
CONFIG_TLS_STACK_WOLFSSL=n
# Bundles take up flash space and are disabled unless otherwise known to be needed
CONFIG_WOLFSSL_CERTIFICATE_BUNDLE=n
# CONFIG_ESP_WOLFSSL_SMALL_CERT_VERIFY=y
# CONFIG_ESP_TLS_INSECURE=y
# Disable mbedTLS
CONFIG_ESP_TLS_USING_MBEDTLS=y
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n
# ESP8266 Memory
CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y
CONFIG_HEAP_DISABLE_IRAM=y
# ESP8266 Watchdog:
CONFIG_TASK_WDT=n
CONFIG_TASK_WDT_PANIC=n
# ESP8266 WDT
# CONFIG_ESP_PANIC_PRINT_REBOOT is not set
CONFIG_ESP_PANIC_PRINT_REBOOT=n
CONFIG_ESP_PANIC_PRINT_HALT=y

90
IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
View File

@@ -1,10 +1,19 @@
# wolfSSL Espressif Example Project CMakeLists.txt
# v1.0
# v1.3
#
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
cmake_minimum_required(VERSION 3.16)
# Optional no watchdog typically used for test & benchmark
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
else()
add_compile_definitions(WOLFSSL_ESP_NO_WATCHDOG=1)
endif()
# The wolfSSL CMake file should be able to find the source code.
# Otherwise, assign an environment variable or set it here:
#
@@ -22,45 +31,63 @@ cmake_minimum_required(VERSION 3.16)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
# End optional WOLFSSL_CMAKE_SYSTEM_NAME
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
string(REPLACE "\\" "/" PROTOCOL_EXAMPLES_DIR "$ENV{IDF_PATH}/examples/common_components/protocol_examples_common")
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
message(STATUS "could not find USER or USERNAME")
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USERNAME}")
endif()
else()
# the bash user is not blank, so we'll use it.
set(THIS_USER "$ENV{USER}")
endif()
message(STATUS "THIS_USER = ${THIS_USER}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
message(STATUS "Checking for wolfSSL as Managed Component or not... ${CMAKE_HOME_DIRECTORY}")
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
@@ -75,22 +102,47 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXI
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
# A standard project component (not a Managed Component)
message(STATUS "No conflicting wolfSSL components found.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
# The official Managed Component called wolfssl from the wolfssl user.
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/gojimmypi__mywolfssl")
# There is a known gojimmypi staging component available for anyone:
message(STATUS "No conflicting wolfSSL components found as a gojimmypi staging Managed Component.")
elseif(EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
# Other users with permissions might publish their own mywolfssl staging Managed Component
message(STATUS "No conflicting wolfSSL components found as a Managed Component.")
set(WOLFSSL_PATH "${CMAKE_HOME_DIRECTORY}/managed_components/${THIS_USER}__mywolfssl")
else()
message(STATUS "WARNING: wolfssl component directory not found.")
endif()
# message(STATUS "EXTRA_COMPONENT_DIRS WOLFSSL_PATH: ${WOLFSSL_PATH}")
# list(APPEND EXTRA_COMPONENT_DIRS ${WOLFSSL_PATH})
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
# Not only is a project-level "set(COMPONENTS" not needed here, this will cause
# an unintuitive error about Unknown CMake command "esptool_py_flash_project_args".
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message("Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message("NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
if(0)
message(STATUS "Begin optional PROTOCOL_EXAMPLES_DIR include")
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set (PROTOCOL_EXAMPLES_DIR $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
if (EXISTS "${PROTOCOL_EXAMPLES_DIR}")
message(STATUS "Found PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DFOUND_PROTOCOL_EXAMPLES_DIR")
else()
message(STATUS "NOT FOUND: PROTOCOL_EXAMPLES_DIR=${PROTOCOL_EXAMPLES_DIR}")
endif()
message(STATUS "End optional PROTOCOL_EXAMPLES_DIR include")
endif()
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(wolfssl_server)
message(STATUS "end project")

14
IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md
View File

@@ -20,18 +20,18 @@ The Example contains a wolfSSL simple server.
1. `idf.py menuconfig` to configure the project
1-1. Example Connection Configuration ->
WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI SSID : your own WIFI, which is connected to the Internet.(default is "myssid")
WIFI Password : WIFI password, and default is "mypassword"
When you want to test the wolfSSL simple server demo
1. `idf.py -p <PORT> flash` to compile the code and load the firmware
2. `idf.py monitor` to see the context. The assigned IP address can be found in output message.
3. Once the server connects to the wifi, it is waiting for client request.
3. Once the server connects to the wifi, it is waiting for client request.
("Waiting for a connection..." message will be displayed.)
4. You can use <wolfssl>/examples/client to test the server
4. You can use <wolfssl>/examples/client to test the server
e.g ./example/client/client -h xx.xx.xx
See the README.md file in the upper level 'examples' directory for more information about examples.
@@ -39,7 +39,7 @@ See the README.md file in the upper level 'examples' directory for more informat
```
# . /mnt/c/SysGCC/esp32/esp-idf/master/export.sh
. /mnt/c/SysGCC/esp32/esp-idf/v5.1/export.sh
. /mnt/c/SysGCC/esp32/esp-idf/v5.2/export.sh
cd /mnt/c/workspace/wolfssl-$USER/IDE/Espressif/ESP-IDF/examples/wolfssl_server
# optionally erase
@@ -82,7 +82,7 @@ After the server exits, remove the port proxy forward:
netsh interface portproxy delete v4tov4 listenport=11111 listenaddress=0.0.0.0
```
Cipers to consider
Ciphers to consider
```
TLS13-AES128-GCM-SHA256:

140
IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md
View File

@@ -49,7 +49,7 @@ make clean && make
### Others...
```
# Success: Linux Client to ESP32 Server TLS1.2
# Success: Linux Client to ESP32 Server TLS1.2
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-GCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
./examples/client/client -h 192.168.1.113 -v 3 -l ECDHE-ECDSA-SM4-CCM-SM3 -c ./certs/sm2/client-sm2.pem -k ./certs/sm2/client-sm2-priv.pem -A ./certs/sm2/root-sm2.pem -C
@@ -81,7 +81,7 @@ be the same as the Linux server files.
| Usage | Certificate | Key | Certificate Authority file, default ./certs/client-cert.pem |
| ----- | ---------------------------------- | ----------------------------------- | --------------------------------- |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| server | -c ./certs/sm2/server-sm2.pem | -k ./certs/sm2/server-sm2-priv.pem | -A ./certs/sm2/client-sm2.pem -V |
| client | -c ./certs/sm2/client-sm2.pem | -k ./certs/sm2/client-sm2-priv.pem | -A ./certs/sm2/root-sm2.pem -C |
| emdedded:
| server | wolfSSL_CTX_use_certificate_buffer<br/> server_sm2 | wolfSSL_CTX_use_PrivateKey_buffer<br/> server_sm2_priv | wolfSSL_CTX_load_verify_buffer<br/> client-sm2 |
@@ -156,7 +156,7 @@ I (622) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (628) heap_init: At 40094DC8 len 0000B238 (44 KiB): IRAM
I (636) spi_flash: detected chip: generic
I (639) spi_flash: flash io: dio
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
W (643) spi_flash: Detected size(4096k) larger than the size in the binary image header(2048k). Using the
size in the binary image header.
I (657) cpu_start: Starting scheduler on PRO CPU.
I (0) cpu_start: Starting scheduler on APP CPU.
@@ -167,7 +167,7 @@ I (735) system_api: read default base MAC address from EFUSE
I (755) wifi:wifi firmware version: 0d470ef
I (755) wifi:wifi certification version: v7.0
I (755) wifi:config NVS flash: enabled
I (755) wifi:config nano formating: disabled
I (755) wifi:config nano formatting: disabled
I (755) wifi:Init data frame dynamic rx buffer num: 32
I (765) wifi:Init management frame dynamic rx buffer num: 32
I (765) wifi:Init management short buffer num: 32
@@ -358,12 +358,12 @@ I (14715) internal.c: GrowOutputBuffer ok
I (14715) wolfssl: wolfSSL Entering wolfSSL_get_options
I (14725) wolfssl: Point Formats extension to write
W (14735) wolfio: ssl->wflags = 0
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
I (14735) wolfio: 16 03 03 00 52 02 00 00 4e 03 03 af 87 e2 58 57
I (14735) wolfio: 73 c3 c1 35 1a 59 39 b2 03 9d 14 03 e0 b8 fb e8
I (14745) wolfio: 9d 5b 9c 44 4f 57 4e 47 52 44 01 20 85 77 75 20
I (14755) wolfio: 95 dd 00 e2 91 f8 42 33 f8 61 3f 1f de 81 15 58
I (14755) wolfio: 23 0c e7 1e 71 e6 10 e5 67 23 e0 40 e0 11 00 00
I (14765) wolfio: 06 00 0b 00 02 01 00
W (14775) wolfio: sz = 87
I (14775) wolfssl: Shrinking output buffer
I (14775) wolfssl: wolfSSL Leaving SendServerHello, return 0
@@ -372,53 +372,53 @@ I (14795) wolfssl: wolfSSL Entering SendCertificate
I (14795) wolfssl: growing output buffer
I (14805) internal.c: GrowOutputBuffer ok
W (14815) wolfio: ssl->wflags = 0
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
I (14815) wolfio: 16 03 03 02 e6 0b 00 02 e2 00 02 df 00 02 dc 30
I (14815) wolfio: 82 02 d8 30 82 02 7e a0 03 02 01 02 02 01 01 30
I (14825) wolfio: 0a 06 08 2a 81 1c cf 55 01 83 75 30 81 ac 31 0b
I (14835) wolfio: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06
I (14835) wolfio: 03 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30
I (14845) wolfio: 0e 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31
I (14855) wolfio: 14 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53
I (14855) wolfio: 4c 5f 73 6d 32 31 0f 30 0d 06 03 55 04 0b 0c 06
I (14865) wolfio: 43 41 2d 73 6d 32 31 18 30 16 06 03 55 04 03 0c
I (14875) wolfio: 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e 63 6f 6d
I (14875) wolfio: 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16
I (14885) wolfio: 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c 2e 63 6f
I (14895) wolfio: 6d 31 17 30 15 06 0a 09 92 26 89 93 f2 2c 64 01
I (14895) wolfio: 01 0c 07 77 6f 6c 66 53 53 4c 30 1e 17 0d 32 33
I (14905) wolfio: 30 32 31 35 30 36 32 33 30 37 5a 17 0d 32 35 31
I (14915) wolfio: 31 31 31 30 36 32 33 30 37 5a 30 81 b0 31 0b 30
I (14915) wolfio: 09 06 03 55 04 06 13 02 55 53 31 10 30 0e 06 03
I (14925) wolfio: 55 04 08 0c 07 4d 6f 6e 74 61 6e 61 31 10 30 0e
I (14935) wolfio: 06 03 55 04 07 0c 07 42 6f 7a 65 6d 61 6e 31 14
I (14945) wolfio: 30 12 06 03 55 04 0a 0c 0b 77 6f 6c 66 53 53 4c
I (14945) wolfio: 5f 73 6d 32 31 13 30 11 06 03 55 04 0b 0c 0a 53
I (14955) wolfio: 65 72 76 65 72 2d 73 6d 32 31 18 30 16 06 03 55
I (14965) wolfio: 04 03 0c 0f 77 77 77 2e 77 6f 6c 66 73 73 6c 2e
I (14965) wolfio: 63 6f 6d 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01
I (14975) wolfio: 09 01 16 10 69 6e 66 6f 40 77 6f 6c 66 73 73 6c
I (14985) wolfio: 2e 63 6f 6d 31 17 30 15 06 0a 09 92 26 89 93 f2
I (14985) wolfio: 2c 64 01 01 0c 07 77 6f 6c 66 53 53 4c 30 5a 30
I (14995) wolfio: 14 06 08 2a 81 1c cf 55 01 82 2d 06 08 2a 81 1c
I (15005) wolfio: cf 55 01 82 2d 03 42 00 04 94 70 2b 46 e4 5e 0f
I (15005) wolfio: 41 fb 8f 2d 34 0a 41 40 19 5e fb d4 1d 11 ac fa
I (15015) wolfio: f5 93 37 c6 fa 87 08 f7 16 1f 2c ce 30 40 9d 4f
I (15025) wolfio: a6 2a 0a a1 d6 95 33 c3 a6 03 98 e6 8d 05 34 b0
I (15025) wolfio: 97 0c de a4 c7 cf 53 8f d1 a3 81 89 30 81 86 30
I (15035) wolfio: 1d 06 03 55 1d 0e 04 16 04 14 67 ae 60 ff 7e 1b
I (15045) wolfio: 0f 95 ae 1f 82 59 f2 6c 56 2d 93 ef 17 32 30 1f
I (15045) wolfio: 06 03 55 1d 23 04 18 30 16 80 14 47 0a 48 7e bb
I (15055) wolfio: 02 a8 5a 26 57 2b 19 a9 7b 61 8b 7f 5d 99 6e 30
I (15065) wolfio: 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0e 06
I (15075) wolfio: 03 55 1d 0f 01 01 ff 04 04 03 02 03 a8 30 13 06
I (15075) wolfio: 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07
I (15085) wolfio: 03 01 30 11 06 09 60 86 48 01 86 f8 42 01 01 04
I (15095) wolfio: 04 03 02 06 40 30 0a 06 08 2a 81 1c cf 55 01 83
I (15095) wolfio: 75 03 48 00 30 45 02 20 1b ca 94 28 7f f6 b2 0d
I (15105) wolfio: 31 43 50 e1 d5 34 17 dd af 3a de 81 06 67 9a b3
I (15115) wolfio: 06 22 7e 64 ec fd 0e b9 02 21 00 a1 48 a8 32 d1
I (15115) wolfio: 05 09 6b 1c eb 89 12 66 d8 38 a1 c4 5c 89 09 0f
I (15125) wolfio: fd e9 c0 3b 1d fb cd b5 4c 31 68
W (15135) wolfio: sz = 747
I (15135) wolfssl: Shrinking output buffer
I (15135) wolfssl: wolfSSL Leaving SendCertificate, return 0
@@ -440,16 +440,16 @@ I (15915) wolfssl: wolfSSL Entering SendHandshakeMsg
I (15925) wolfssl: growing output buffer
I (15925) internal.c: GrowOutputBuffer ok
W (15925) wolfio: ssl->wflags = 0
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
I (15935) wolfio: 16 03 03 00 95 0c 00 00 91 03 00 29 41 04 fd f5
I (15935) wolfio: 5e 74 15 30 1d f3 84 ae a5 69 96 a9 5b dd 27 b3
I (15945) wolfio: 00 7d 40 3a 59 93 93 6f 4d 1f 62 dc 60 48 34 1f
I (15955) wolfio: a8 1d 34 b8 76 8f 8b 27 4a 1b 77 64 8e 2e d5 27
I (15955) wolfio: 03 95 8b 9d a5 ed a4 a6 b9 40 1b ea aa 10 07 08
I (15965) wolfio: 00 48 30 46 02 21 00 cb 89 61 e9 21 f9 c6 4d ad
I (15975) wolfio: aa e7 f1 3f 6f 27 46 f0 35 ec 45 4e 8a ae f3 ac
I (15985) wolfio: 7c c0 cf 68 11 44 e2 02 21 00 f6 40 5c bc 66 5a
I (15985) wolfio: 74 1e 92 5d 9a 03 75 e7 7f 16 c2 b3 c8 fe 8d 5c
I (15995) wolfio: 63 35 36 da 61 38 76 dc 4e d6
W (15995) wolfio: sz = 154
I (16005) wolfssl: Shrinking output buffer
I (16005) wolfssl: wolfSSL Leaving SendServerKeyExchange, return 0
@@ -459,7 +459,7 @@ I (16025) wolfssl: wolfSSL Entering SendServerHelloDone
I (16035) wolfssl: growing output buffer
I (16035) internal.c: GrowOutputBuffer ok
W (16045) wolfio: ssl->wflags = 0
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
I (16045) wolfio: 16 03 03 00 04 0e 00 00 00
W (16045) wolfio: sz = 9
I (16055) wolfssl: Embed Send error
I (16055) wolfssl: Connection reset
@@ -479,14 +479,14 @@ I (16125) wolfssl: User calling wolfSSL_read in error state, not allowed
I (16135) wolfssl: wolfSSL Leaving wolfSSL_read_internal, return -308
E (16145) tls_server: ERROR: failed to read
I (16145) wolfssl: Client sends:
I (16145) wolfssl:
I (16145) wolfssl:
I (16155) wolfssl: wolfSSL Entering wolfSSL_write
I (16155) wolfssl: handshake not complete, trying to finish
I (16165) wolfssl: wolfSSL Entering wolfSSL_negotiate
I (16165) wolfssl: wolfSSL Entering wolfSSL_accept
I (16175) wolfssl: wolfSSL Entering ReinitSSL
W (16185) wolfio: ssl->wflags = 0
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
I (16185) wolfio: 16 03 03 00 04 0e 00 00 00
W (16185) wolfio: sz = 9
I (16195) wolfssl: Embed Send error
I (16195) wolfssl: General error

652
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -19,18 +19,148 @@
#
# cmake for wolfssl Espressif projects
#
# Version 5.6.0.011 for detect test/benchmark
# Version 5.7.2 Espressif ESP-IDF integration
#
# See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html
#
message(STATUS "Begin wolfssl ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
cmake_minimum_required(VERSION 3.16)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
# find the user name to search for possible "wolfssl-username"
set(VERBOSE_COMPONENT_MESSAGES 1)
# Optional requires include:
# set(THIS_ESP_TLS "esp-tls")
set(THIS_ESP_TLS "")
# function: IS_ESP_IDF_COMPONENT
# output: RESULT = 1 (true) if this component is located in the ESP-IDF components
# otherwise 0 (false)
function( IS_ESP_IDF_COMPONENT RESULT )
# NOTE: Component location is based on the location of the CMakeList.txt
# and *not* the location of the wolfSSL source code. (which may be anywhere)
# Normalize the paths to remove any trailing slashes
get_filename_component(NORMALIZED_IDF_PATH "${IDF_PATH}" REALPATH)
get_filename_component(NORMALIZED_TEST_PATH "${COMPONENT_DIR}" REALPATH)
# Check if the test path starts with the IDF_PATH
string(FIND "${NORMALIZED_TEST_PATH}" "${NORMALIZED_IDF_PATH}" pos)
if(${pos} EQUAL 0)
message(STATUS "${COMPONENT_DIR} is within IDF_PATH.")
set(${RESULT} 1 PARENT_SCOPE)
else()
message(STATUS "${COMPONENT_DIR} is not within IDF_PATH.")
set(${RESULT} 0 PARENT_SCOPE)
endif()
endfunction()
# Determine if this cmake file is located in the ESP-IDF component directory or not,
# and if so, if it is being ignored (allowing the use of a local project one, instead).
IS_ESP_IDF_COMPONENT( IS_WOLSSL_ESP_IDF_COMPONENT )
if( IS_WOLSSL_ESP_IDF_COMPONENT )
message(STATUS "This wolfSSL is a component in ESP-IDF.")
if ( CONFIG_IGNORE_ESP_IDF_WOLFSSL_COMPONENT )
idf_component_register()
message(STATUS "Warning: wolfSSL component in ESP-IDF is being ignored.")
return()
endif()
endif()
if( "${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}" STREQUAL "" )
# nothing to do
else()
# Only forward slashes, or double backslashes are supported.
# By the time we get here the sdkconfig file has a value for wolfSSL source code root.
string(REPLACE "\\" "/" CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
message(STATUS "Cleaned wolfssl path: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
endif()
# The scope of this CMAKE_C_FLAGS is just this component:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CURRENT_SOURCE_DIR ".")
# set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
# Optionally set your source to wolfSSL in your project CMakeLists.txt like this:
# set(WOLFSSL_ROOT "c:/test/my_wolfssl" )
if ( "${WOLFSSL_ROOT}" STREQUAL "")
set(WOLFSSL_ROOT "$ENV{WOLFSSL_ROOT}" )
endif()
if( "$ENV{IDF_PATH}" STREQUAL "" )
message(FATAL_ERROR "IDF_PATH Environment variable not set!")
else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# Optional compiler definitions to help with system name detection (typically printed by app diagnostics)
if(VERBOSE_COMPONENT_MESSAGES)
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message(STATUS "Detected Apple")
endif()
endif() # End optional WOLFSSL_CMAKE_SYSTEM_NAME
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check that there are not conflicting wolfSSL components
# The ESP Registry Component will be in ./managed_components/wolfssl__wolfssl
# The local component wolfSSL directory will be in ./components/wolfssl
if( EXISTS "${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" AND EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl" )
# These exclude statements don't seem to be honored by the $ENV{IDF_PATH}/tools/cmake/project.cmake'
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl" EXCLUDE_FROM_ALL)
# add_subdirectory("${CMAKE_HOME_DIRECTORY}/managed_components/wolfssl__wolfssl/include" EXCLUDE_FROM_ALL)
# So we'll error out and let the user decide how to proceed:
message(WARNING "\nFound wolfSSL components in\n"
"./managed_components/wolfssl__wolfssl\n"
"and\n"
"./components/wolfssl\n"
"in project directory: \n"
"${CMAKE_HOME_DIRECTORY}")
message(FATAL_ERROR "\nPlease use either the ESP Registry Managed Component or the wolfSSL component directory but not both.\n"
"If removing the ./managed_components/wolfssl__wolfssl directory, remember to also remove "
"or rename the idf_component.yml file typically found in ./main/")
else()
message(STATUS "No conflicting wolfSSL components found.")
endif()
# Don't include lwip requirement for benchmark and test apps.
if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test") )
message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
else()
# benchmark and test do not need wifi, everything else probably does:
set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
endif()
# Find the user name to search for possible "wolfssl-username"
# Reminder: Windows is %USERNAME%, Linux is $USER
message(STATUS "USERNAME = $ENV{USERNAME}")
if( "$ENV{USER}" STREQUAL "" ) # the bash user
if( "$ENV{USERNAME}" STREQUAL "" ) # the Windows user
@@ -51,6 +181,25 @@ else()
string(REPLACE "\\" "/" THIS_IDF_PATH "$ENV{IDF_PATH}")
endif()
# ENVIRONMENT_VAR_TO_MACRO
# Check environment variable name EVARPARAM as [name]
# If defined, and has a value of EVARVALUE as [value],
# then assign a compiler definition "-D[name]=[value]"
function(ENVIRONMENT_VAR_TO_MACRO EVARPARAM EVARVALUE)
# If the EVARPARAM environment variable name is set to EVARVALUE,
# set the compiler flag definition to enable CSV output.
if ( "$ENV{${EVARPARAM}}" STREQUAL "${EVARVALUE}")
message(STATUS "Appending compile definition: -D${EVARPARAM}=${EVARVALUE}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D${EVARPARAM}=${EVARVALUE}")
else()
if(DEFINED ENV{${EVARPARAM}})
message(STATUS "Environment variable ${EVARPARAM} detected but set to $ENV{${EVARPARAM}}, not appending compile definition.")
else()
message(STATUS "Environment variable ${EVARPARAM} not detected, not appending compile definition.")
endif()
endif()
endfunction()
# COMPONENT_NAME = wolfssl
# The component name is the directory name. "No feature to change this".
# See https://github.com/espressif/esp-idf/issues/8978#issuecomment-1129892685
@@ -68,7 +217,8 @@ endif()
# function: IS_WOLFSSL_SOURCE
# parameter: DIRECTORY_PARAMETER - the directory to test
# output: RESULT = contains contents of DIRECTORY_PARAMETER for wolfssl directory, otherwise blank.
function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
function( IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER
RESULT )
if (EXISTS "${DIRECTORY_PARAMETER}/wolfcrypt/src")
set(${RESULT} "${DIRECTORY_PARAMETER}" PARENT_SCOPE)
else()
@@ -76,27 +226,71 @@ function(IS_WOLFSSL_SOURCE DIRECTORY_PARAMETER RESULT)
endif()
endfunction()
# *********************************************************************************************
# function: FIND_WOLFSSL_DIRECTORY
# parameter: OUTPUT_FOUND_WOLFSSL_DIRECTORY contains root of source code, otherwise blank
#
# Example usage:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
# *********************************************************************************************
function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY")
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
message(STATUS "Starting FIND_WOLFSSL_DIRECTORY: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
if ( "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}" STREQUAL "" )
# The parameter is empty, so we certainly need to search.
# First, see if there's an environment variable. This takes highest priority (unless already found as hard-coded, above)
set(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}")
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "The WOLFSSL_ROOT environment variable is not set. Searching...")
# Next, if not found, see if wolfSSL was selected for ESP-TLS Kconfig
if(CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT)
set(CURRENT_SEARCH_DIR ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
message(STATUS "WOLFSSL_ROOT found in sdkconfig/KConfig: ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
else()
message(STATUS "wolfSSL not defined in [Component Config] [wolfssl]. Continuing search...")
# If not specified as a search hint in OUTPUT_FOUND_WOLFSSL_DIRECTORY:
# This wolfSSL component CMakeLists.txt may be found EITHER in:
# 1) local project component
# 2) ESP-IDF share components
# We'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
# That option might find wolfSSL source code as a copy in the component directory (e.g. Managed Components)
# Unless cmake is in the ESP-IDF, in which case it is unlikely to find wolfSSL source in any parent.
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
message(STATUS "CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
string(LENGTH ${CURRENT_SEARCH_DIR} CURRENT_SEARCH_DIR_LENGTH)
endif() # CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT
endif() # check environment var blank
else()
get_filename_component(CURRENT_SEARCH_DIR "$ENV{WOLFSSL_ROOT}" ABSOLUTE)
message(STATUS "Parameter found for FIND_WOLFSSL_DIRECTORY")
message(STATUS "Setting wolfSSL search directory to: ${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
set(CURRENT_SEARCH_DIR "${${OUTPUT_FOUND_WOLFSSL_DIRECTORY}}")
endif() # parameter empty
# Check to see if we found a path in environment or config settings, above.
if( "${CURRENT_SEARCH_DIR}" STREQUAL "" )
message(STATUS "Source for wolfSSL not specified in path nor config settings.")
# We'll continue the search by recursing up the directory tree, below.
else()
# Setting found! Does it contain a valid path?
string(REPLACE "\\" "/" CURRENT_SEARCH_DIR ${CURRENT_SEARCH_DIR})
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" ABSOLUTE)
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR}" FOUND_WOLFSSL)
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
message(STATUS "Found wolfSSL source code via setting: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()
message(FATAL_ERROR "WOLFSSL_ROOT Environment Variable defined, but path not found:")
message(STATUS "$ENV{WOLFSSL_ROOT}")
if(WIN32)
message(STATUS "When specifying a path for Windows, use forward slahes, or double backslashes.")
endif()
message(STATUS "CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ${CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT}")
message(STATUS "WOLFSSL_ROOT Variable defined, but source code not found: ${CURRENT_SEARCH_DIR}")
endif()
endif()
# we'll start in the CMAKE_CURRENT_SOURCE_DIR, typically [something]/projectname/components/wolfssl
message(STATUS "CMAKE_CURRENT_SOURCE_DIR = ${CMAKE_CURRENT_SOURCE_DIR}")
get_filename_component(CURRENT_SEARCH_DIR "${CMAKE_CURRENT_SOURCE_DIR}" ABSOLUTE)
@@ -114,16 +308,47 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
return()
endif()
# Maintain CURRENT_SEARCH_DIR, but check various suffixes with CURRENT_SEARCH_DIR_ALT
if( THIS_USER )
# Check for "wolfssl-[username]" subdirectory as we recurse up the directory tree
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-${THIS_USER})
message(STATUS "Looking in ${CURRENT_SEARCH_DIR}")
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
#if(EXISTS ${CURRENT_SEARCH_DIR_ALT} AND IS_DIRECTORY ${CURRENT_SEARCH_DIR_ALT} AND EXISTS "${CURRENT_SEARCH_DIR_ALT}/wolfcrypt/src")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR_ALT} PARENT_SCOPE)
message(STATUS "Found wolfssl in user-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl-master"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl-master)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in master-suffix CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
if ( FOUND_WOLFSSL )
# if we already found the source, skip attempt of "wolfssl"
else()
set(CURRENT_SEARCH_DIR_ALT ${CURRENT_SEARCH_DIR}/wolfssl)
message(STATUS "Looking in ${CURRENT_SEARCH_DIR_ALT}")
IS_WOLFSSL_SOURCE("${CURRENT_SEARCH_DIR_ALT}" FOUND_WOLFSSL )
if ( FOUND_WOLFSSL )
message(STATUS "Found wolfssl in CURRENT_SEARCH_DIR_ALT = ${CURRENT_SEARCH_DIR_ALT}")
set(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR_ALT}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
endif()
endif()
@@ -143,7 +368,8 @@ function(FIND_WOLFSSL_DIRECTORY OUTPUT_FOUND_WOLFSSL_DIRECTORY)
get_filename_component(CURRENT_SEARCH_DIR "${CURRENT_SEARCH_DIR}" DIRECTORY)
message(STATUS "Next CURRENT_SEARCH_DIR = ${CURRENT_SEARCH_DIR}")
if( "${PRIOR_SEARCH_DIR}" STREQUAL "${CURRENT_SEARCH_DIR}" )
# when the search directory is empty, we'll give up
# When the parent is current directory, cannot go any further. We didn't find wolfssl.
# When the search directory is empty, we'll give up.
set(CURRENT_SEARCH_DIR "")
endif()
endwhile()
@@ -154,17 +380,64 @@ endfunction()
# Example usage:
#
# Simply find the WOLFSSL_DIRECTORY by searching parent directories:
# FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
#
message(STATUS "CONFIG_TARGET_PLATFORM = ${CONFIG_TARGET_PLATFORM}")
# Check for environment variable that may be assigned to macros
ENVIRONMENT_VAR_TO_MACRO("GENERATE_MACHINE_PARSEABLE_REPORT" "1")
ENVIRONMENT_VAR_TO_MACRO("WOLFSSL_BENCHMARK_FIXED_CSV" "1")
# Optional variable inspection
if (0)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
message(STATUS "")
endif()
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
# There's no esp_timer, no driver components for the ESP8266
message(STATUS "Early expansion EXCLUDES for esp8266:")
message(STATUS "THIS_INCLUDE_DRIVER: '${THIS_INCLUDE_DRIVER}'")
message(STATUS "THIS_INCLUDE_TIMER: '${THIS_INCLUDE_TIMER}'")
message(STATUS "Early expansion INCLUDE for esp8266:")
message(STATUS "THIS_INCLUDE_PTHREAD: '${THIS_INCLUDE_PTHREAD}'")
set(THIS_ESP_TLS "")
set(THIS_INCLUDE_DRIVER "")
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_PTHREAD "pthread")
else()
message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
set(THIS_ESP_TLS "esp-tls")
set(THIS_INCLUDE_DRIVER "driver")
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_PTHREAD "")
# Let the app know that we've included the esp-tls component requirement.
# This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
endif()
if(CMAKE_BUILD_EARLY_EXPANSION)
message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
idf_component_register(
REQUIRES "${COMPONENT_REQUIRES}"
PRIV_REQUIRES # esp_hw_support
# esp_timer
# driver # this will typically only be needed for wolfSSL benchmark
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_PTHREAD}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
@@ -173,48 +446,99 @@ else()
message(STATUS "wolfssl component config:")
message(STATUS "************************************************************************************************")
if ( "${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
# There's no esp_timer, no driver components for the ESP8266
set(THIS_INCLUDE_TIMER "")
set(THIS_INCLUDE_DRIVER "")
else()
set(THIS_INCLUDE_TIMER "esp_timer")
set(THIS_INCLUDE_DRIVER "driver")
endif()
# search for wolfSSL
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
if(WOLFSSL_ROOT)
message(STATUS "NEW Found wolfssl directory at: ${WOLFSSL_ROOT}")
IS_WOLFSSL_SOURCE("${WOLFSSL_ROOT}" FOUND_WOLFSSL)
if(FOUND_WOLFSSL)
message(STATUS "Found WOLFSSL_ROOT via CMake specification.")
else()
# WOLFSSL_ROOT Path specified in CMakeLists.txt is not a valid path
message(FATAL_ERROR "WOLFSSL_ROOT CMake Variable defined, but path not found: ${WOLFSSL_ROOT}\n"
"Try correcting WOLFSSL_ROOT in your project CMakeFile.txt or setting environment variable.")
# Abort CMake after fatal error.
endif()
else()
message(STATUS "NEW wolfssl directory not found.")
message(STATUS "Source code for wolfSSL still not found.")
message(STATUS "Searching from project home: ${CMAKE_HOME_DIRECTORY} ...")
set(WOLFSSL_ROOT "${CMAKE_HOME_DIRECTORY}")
FIND_WOLFSSL_DIRECTORY(WOLFSSL_ROOT)
endif()
if(WOLFSSL_ROOT)
message(STATUS "Confirmed wolfssl directory at: ${WOLFSSL_ROOT}")
else()
# Try to allow a more intuitive error that the source code was not found in cmake:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_WARNING_SOURCE_NOT_FOUND")
message(STATUS "Failed: wolfssl source code directory not found.")
# Abort. We need wolfssl _somewhere_.
message(FATAL_ERROR "Could not find wolfssl in ${WOLFSSL_ROOT}.\n"
"Try setting WOLFSSL_ROOT environment variable or git clone.")
message(STATUS "")
message(STATUS "")
message(STATUS "Could not find wolfssl in any parent directory named wolfssl-${THIS_USER}, wolfssl-master, or wolfssl.\n"
"Try setting WOLFSSL_ROOT environment variable, cmake variable in project, copy source, or use managed components.")
message(STATUS "")
message(STATUS "")
# Abort CMake after fatal error. (or not?)
endif()
set(INCLUDE_PATH ${WOLFSSL_ROOT})
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/src/")
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_benchmark" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( ${CMAKE_PROJECT_NAME} STREQUAL "wolfssl_test" )
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
# During regression tests, optionally copy source locally and use: set(USE_LOCAL_TEST_BENCH 1)
set(USE_LOCAL_TEST_BENCH 0)
if(NOT USE_LOCAL_TEST_BENCH)
if( "${CMAKE_PROJECT_NAME}" STREQUAL "hello-world" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/benchmark")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/benchmark")
endif()
if( "${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_test" )
message(STATUS "Include ${WOLFSSL_ROOT}/wolfcrypt/test")
set(WOLFSSL_EXTRA_PROJECT_DIR "${WOLFSSL_ROOT}/wolfcrypt/test")
endif()
endif()
message(STATUS "WOLFSSL_EXTRA_PROJECT_DIR = ${WOLFSSL_EXTRA_PROJECT_DIR}")
set(COMPONENT_SRCDIRS "\"${WOLFSSL_ROOT}/src/\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/port/atmel\""
"\"${WOLFSSL_EXTRA_PROJECT_DIR}\""
) # COMPONENT_SRCDIRS
message(STATUS "This COMPONENT_SRCDIRS = ${COMPONENT_SRCDIRS}")
# wolfSSL user_settings.h may be in the local project.
# TODO check if exists and possibly set to ESP-IDF
set(WOLFSSL_PROJECT_DIR "${CMAKE_HOME_DIRECTORY}/components/wolfssl")
add_definitions(-DWOLFSSL_USER_SETTINGS_DIR="${WOLFSSL_PROJECT_DIR}/include/user_settings.h")
string(REPLACE "/" "//" STR_WOLFSSL_PROJECT_DIR "${WOLFSSL_PROJECT_DIR}")
add_compile_definitions(WOLFSSL_USER_SETTINGS_DIR="${STR_WOLFSSL_PROJECT_DIR}/include/user_settings.h")
message(STATUS "Added definition for user_settings.h: -DWOLFSSL_USER_SETTINGS_DIR=\"${STR_WOLFSSL_PROJECT_DIR}//include//user_settings.h\"")
# Espressif may take several passes through this makefile. Check to see if we found IDF
string(COMPARE EQUAL "${PROJECT_SOURCE_DIR}" "" WOLFSSL_FOUND_IDF)
# get a list of all wolfcrypt assembly files; we'll exclude them as they don't target Xtensa
file(GLOB EXCLUDE_ASM *.S)
file(GLOB_RECURSE EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
file(GLOB EXCLUDE_ASM ${CMAKE_SOURCE_DIR} "${WOLFSSL_ROOT}/wolfcrypt/src/*.S")
message(STATUS "IDF_PATH = $ENV{IDF_PATH}")
message(STATUS "PROJECT_SOURCE_DIR = ${PROJECT_SOURCE_DIR}")
@@ -237,11 +561,12 @@ else()
message(STATUS "Remove either the local project component: ${WOLFSSL_PROJECT_DIR} ")
message(STATUS "or the Espressif shared component installed at: $ENV{IDF_PATH}/components/wolfssl/ ")
message(STATUS "")
message(FATAL_ERROR "Please use wolfSSL in either local project or Espressif components, but not both.")
message(STATUS "")
message(STATUS "**************************************************************************************")
message(STATUS "")
message(STATUS "Please use wolfSSL in either local project or Espressif components, but not both.")
# Optional: if you change the above FATAL_ERROR to STATUS you can warn at runtime with this macro definition:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
@@ -291,6 +616,7 @@ else()
message(FATAL_ERROR "Found stray wolfSSL user_settings.h in "
"${WOLFSSL_ROOT}/include/user_settings.h "
" (please move it to ${WOLFSSL_PROJECT_DIR}/include/user_settings.h )")
# Abort CMake after fatal error.
else()
# we won't overwrite an existing user settings file, just note that we already have one:
if( EXISTS "${WOLFSSL_PROJECT_DIR}/include/user_settings.h" )
@@ -347,7 +673,9 @@ else()
# depending on the environment, we may need to swap backslashes with forward slashes
string(REPLACE "\\" "/" RTOS_IDF_PATH "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos")
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
if(WOLFSSL_ROOT)
string(REPLACE "\\" "/" WOLFSSL_ROOT ${WOLFSSL_ROOT})
endif()
if(IS_DIRECTORY "${RTOS_IDF_PATH}")
message(STATUS "Found current RTOS path: ${RTOS_IDF_PATH}")
@@ -360,21 +688,22 @@ else()
message(STATUS "Could not find RTOS path")
endif()
endif()
message(STATUS "THIS_IDF_PATH = $THIS_IDF_PATH")
# wolfSSL-specific include directories
set(COMPONENT_ADD_INCLUDEDIRS
"./include" # this is the location of wolfssl user_settings.h
"./include" # this is the location of local project wolfssl user_settings.h
"\"${WOLFSSL_ROOT}/\""
"\"${WOLFSSL_ROOT}/wolfssl/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\""
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/port/Espressif\""
"\"${RTOS_IDF_PATH}/\""
# wolfSSL release after v5.7 includes WiFi, time, and mem/debug helpers
${THIS_IDF_PATH}/components/esp_event/include
${THIS_IDF_PATH}/components/esp_netif/include
${THIS_IDF_PATH}/components/esp_wifi/include
"${THIS_IDF_PATH}/components/esp_event/include"
"${THIS_IDF_PATH}/components/esp_netif/include"
"${THIS_IDF_PATH}/components/esp_wifi/include"
)
# Optionally include cryptoauthlib if present
if(IS_DIRECTORY ${IDF_PATH}/components/cryptoauthlib)
list(APPEND COMPONENT_ADD_INCLUDEDIRS "../cryptoauthlib/lib")
endif()
@@ -383,7 +712,7 @@ else()
list(APPEND COMPONENT_ADD_INCLUDEDIRS "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/\"")
# Some files are known to be included elsewhere, or not used for Espressif
set(COMPONENT_SRCEXCLUDE
"\"${WOLFSSL_ROOT}/src/bio.c\""
"\"${WOLFSSL_ROOT}/src/conf.c\""
@@ -399,8 +728,8 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_sess.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/ext_kyber.c\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt/ext_kyber.h\"" # external non-wolfssl Kyber disabled by default
"\"${WOLFSSL_ROOT}/wolfcrypt/src/evp.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/misc.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_arm32.c\""
@@ -411,6 +740,7 @@ else()
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_cortexm.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64.c\""
"\"${WOLFSSL_ROOT}/wolfcrypt/src/sp_sm2_x86_64_asm.S\""
"\"${WOLFSSL_ROOT}/examples\"" # Examples are distributed in Managed Components, but not part of a project.
"\"${EXCLUDE_ASM}\""
)
@@ -432,22 +762,144 @@ else()
# see https://docs.espressif.com/projects/esp-idf/en/stable/esp32/migration-guides/release-5.x/build-system.html?highlight=space%20path
#
set(EXTRA_COMPONENT_DIRS "${COMPONENT_SRCDIRS}")
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES esp_timer driver # this will typically only be needed for wolfSSL benchmark
)
# some optional diagnostics
if (1)
if(WOLFSSL_ROOT)
# Only register the component if we found wolfSSL source.
# This is important to allow Cmake to finish to completion, otherwise the UI
# may not be able to display the Kconfig settings to fix a bad or missing source.
idf_component_register(
SRC_DIRS "${COMPONENT_SRCDIRS}"
INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
REQUIRES "${COMPONENT_REQUIRES}"
EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
PRIV_REQUIRES
"${THIS_ESP_TLS}"
"${THIS_INCLUDE_TIMER}"
"${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
)
else()
# Register the component simply to allow CMake to complete, but there's no wolfSSL source.
# Expect many other errors, but the project should at least be loadable and UI can edit Kconfig settings.
idf_component_register()
message(STATUS "Warning: wolfSSL component not registered as no source code found (WOLFSSL_ROOT is blank)")
endif()
# function(WOLFSSL_INIT_CERT_BUNDLE)
if( CONFIG_WOLFSSL_CERTIFICATE_BUNDLE
AND NOT CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
AND NOT ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266")
)
if (CMAKE_BUILD_EARLY_EXPANSION)
message(ERROR "Bundle Cert initialization must occur during CMAKE_BUILD_EARLY_EXPANSION")
endif()
# reminder: we need a value for wolfSSL root first!
if( "${WOLFSSL_ROOT}" STREQUAL "" )
message(ERROR "Certificate bundles need a value for WOLFSSL_ROOT")
endif()
set(WOLFSSL_ESP_CRT_BUNDLE_DIR ${WOLFSSL_ROOT}/wolfcrypt/src/port/Espressif/esp_crt_bundle)
message(STATUS "WOLFSSL_ESP_CRT_BUNDLE_DIR=${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
if(EXISTS "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
set(bundle_name "x509_crt_bundle_wolfssl")
# For now the certs are in the same directory
set(DEFAULT_CRT_DIR "${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
# Generate custom certificate bundle using the generate_cert_bundle utility
set(GENERATE_CERT_BUNDLEPY ${python} ${WOLFSSL_ESP_CRT_BUNDLE_DIR}/gen_crt_bundle.py)
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
elseif(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_all.pem ${DEFAULT_CRT_DIR}/cacrt_local.pem)
list(APPEND args --filter ${DEFAULT_CRT_DIR}/cmn_crt_authorities.csv)
endif()
# Add deprecated root certs if enabled. This config is not visible if the default cert
# bundle is not selected
if(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST)
list(APPEND crt_paths ${DEFAULT_CRT_DIR}/cacrt_deprecated.pem)
endif()
if(CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE)
get_filename_component(custom_bundle_path
${CONFIG_WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH} ABSOLUTE BASE_DIR "${project_dir}")
list(APPEND crt_paths ${custom_bundle_path})
message(STATUS "Using a custom wolfSSL bundle path: ${custom_bundle_path}")
else()
message(STATUS "Not using a custom wolfSSL bundle path.")
endif()
list(APPEND args --input ${crt_paths} -q)
message(STATUS "CMAKE_CURRENT_BINARY_DIR: ${CMAKE_CURRENT_BINARY_DIR}")
get_filename_component(crt_bundle
${bundle_name}
ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
message(STATUS "Setting up bundle generate: ${GENERATE_CERT_BUNDLEPY} ${args}")
message(STATUS "Depends on custom bundle path: ${custom_bundle_path}")
message(STATUS "crt_bundle ${crt_bundle}")
message(STATUS "COMPONENT_LIB ${COMPONENT_LIB}")
message(STATUS "GENERATE_CERT_BUNDLEPY ${GENERATE_CERT_BUNDLEPY}")
message(STATUS "args ${args}")
message(STATUS "cert_bundle ${cert_bundle}")
# Generate bundle according to config
# File is generated at build time, not cmake load
add_custom_command(OUTPUT ${crt_bundle}
COMMAND ${GENERATE_CERT_BUNDLEPY} ARGS ${args}
DEPENDS ${custom_bundle_path}
VERBATIM)
if(EXISTS "${crt_bundle}")
message(STATUS "Bundle file exists from prior build: ${crt_bundle}")
else()
message(STATUS "Bundle file expected during next build: ${crt_bundle}")
endif()
# Reminder the file is generated at build time, not cmake load time.
message(STATUS "wolfSSL Cert Bundle File to be created at build time in: ${crt_bundle}")
add_custom_target(custom_wolfssl_bundle DEPENDS ${cert_bundle})
# the wolfSSL crtificate bundle is baked into wolfSSL
add_dependencies(${COMPONENT_LIB} custom_wolfssl_bundle)
# COMPONENT_LIB may vary: __idf_wolfssl, __idf_esp_wolfssl, etc
# target_add_binary_data(__idf_wolfssl ${crt_bundle} BINARY)
target_add_binary_data(${COMPONENT_LIB} ${crt_bundle} BINARY)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_CLEAN_FILES
"${crt_bundle}")
else()
message(STATUS "WARNING: CONFIG_WOLFSSL_CERTIFICATE_BUNDLE enabled but directory not found: ${WOLFSSL_ESP_CRT_BUNDLE_DIR}")
endif()
endif()
# endfunction() # WOLFSSL_INIT_CERT_BUNDLE
# Some optional diagnostics. Verbose ones are truncated.
if (VERBOSE_COMPONENT_MESSAGES)
get_cmake_property(_variableNames VARIABLES)
list (SORT _variableNames)
message(STATUS "")
message(STATUS "ALL VARIABLES BEGIN")
message(STATUS "")
foreach (_variableName ${_variableNames})
message(STATUS "${_variableName}=${${_variableName}}")
if ( ("${_variableName}" STREQUAL "bootloader_binary_files")
OR ("${_variableName}" STREQUAL "Component paths")
OR ("${_variableName}" STREQUAL "component_targets")
OR ("${_variableName}" STREQUAL "__COMPONENT_TARGETS")
OR ("${_variableName}" STREQUAL "CONFIGS_LIST")
OR ("${_variableName}" STREQUAL "__CONFIG_VARIABLES")
OR ("${_variableName}" STREQUAL "val")
OR ("${_variableName}" MATCHES "^__idf_")
)
# Truncate the displayed value:
string(SUBSTRING "${${_variableName}}" 0 70 truncatedValue)
message(STATUS "${_variableName} = ${truncatedValue} ... (truncated)")
else()
message(STATUS "${_variableName}=${${_variableName}}")
endif()
endforeach()
message(STATUS "")
message(STATUS "ALL VARIABLES END")
@@ -455,6 +907,12 @@ else()
endif()
# target_sources(wolfssl PRIVATE "\"${WOLFSSL_ROOT}/wolfssl/\"" "\"${WOLFSSL_ROOT}/wolfssl/wolfcrypt\"")
message(STATUS "DETECTED_PROJECT_NAME=${CMAKE_PROJECT_NAME}")
message(STATUS "COMPONENT_TARGET=${COMPONENT_TARGET}")
target_compile_definitions(${COMPONENT_TARGET} PRIVATE DETECTED_PROJECT_NAME="${CMAKE_PROJECT_NAME}")
if( "${CMAKE_PROJECT_NAME}" STREQUAL "esp_http_client_example" )
target_compile_definitions(${COMPONENT_TARGET} PRIVATE APP_ESP_HTTP_CLIENT_EXAMPLE="y")
endif()
endif() # CMAKE_BUILD_EARLY_EXPANSION
@@ -500,7 +958,7 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
@@ -508,33 +966,89 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# create some programmatic #define values that will be used by ShowExtendedSystemInfo().
# see wolfcrypt\src\port\Espressif\esp32_utl.c
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND WOLFSSL_ROOT AND (IS_GIT_REPO STREQUAL "true"))
set (git_cmd "git")
message(STATUS "Adding macro definitions:")
# LIBWOLFSSL_VERSION_GIT_ORIGIN: git config --get remote.origin.url
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "config" "--get" "remote.origin.url"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_ORIGIN "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_BRANCH: git rev-parse --abbrev-ref HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--abbrev-ref" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_BRANCH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH: git rev-parse HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_SHORT_HASH: git rev-parse --short HEAD
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "rev-parse" "--short" "HEAD"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_SHORT_HASH "${TMP_OUT}" "${TMP_RES}")
# LIBWOLFSSL_VERSION_GIT_HASH_DATE git show --no-patch --no-notes --pretty=\'\%cd\'
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd} "show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
execute_process(WORKING_DIRECTORY ${WOLFSSL_ROOT} COMMAND ${git_cmd}
"show" "--no-patch" "--no-notes" "--pretty=\'\%cd\'"
OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH_DATE "${TMP_OUT}" "${TMP_RES}")
message(STATUS "************************************************************************************************")
message(STATUS "wolfssl component config complete!")
message(STATUS "************************************************************************************************")
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_WOLFSSL_ROOT "${WOLFSSL_ROOT}" "${TMP_RES}")
endif()
# Ensure flag "-DWOLFSSL_ESPIDF" is already in CMAKE_C_FLAGS if not yet found from project
string(FIND "${CMAKE_C_FLAGS}" "-DWOLFSSL_ESPIDF" FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF)
if(FLAG_ALRREADY_FOUND_WOLFSSL_ESPIDF EQUAL -1)
# Flag not found, append it
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESPIDF")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
endif()
if(WOLFSSL_ROOT)
message(STATUS "Using wolfSSL in ${WOLFSSL_ROOT}")
# PlatformIO does not process script from from the Espressif cmake process.
# We need to know where wolfSSL source code was found, so save it in the
# PIO_WOLFSSL_ROOT environment variable to later be read by extra_script.py
set(ENV{PIO_WOLFSSL_ROOT} "${WOLFSSL_ROOT}")
message(STATUS "PIO_WOLFSSL_ROOT = $ENV{PIO_WOLFSSL_ROOT}")
message(STATUS "PLATFORMIO_BUILD_DIR = $ENV{PLATFORMIO_BUILD_DIR}")
# See esp-tls Kconfig; menu "ESP-TLS", ESP_TLS_LIBRARY_CHOOSE
if(CONFIG_ESP_TLS_USING_WOLFSSL)
if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
message(STATUS "This version of wolfSSL is not supported on the ESP8266 esp-tls at this time. Check ESP-TLS config")
else()
message(STATUS "wolfSSL will be used for ESP-TLS")
endif()
else()
message(STATUS "WARNING: wolfSSL NOT selected for ESP-TLS. Features and performance will be limited.")
endif()
else()
message(STATUS "")
message(STATUS "Consider setting WOLFSSL_ROOT environment variable, use Kconfig setting, or set manually in this cmake file, above.")
message(STATUS "")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "ERROR: Could not find wolfSSL Source Code")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
message(STATUS "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
endif()
message(STATUS "************************************************************************************************")
message(STATUS "wolfSSL component config complete!")
message(STATUS "************************************************************************************************")

523
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig Normal file
View File

@@ -0,0 +1,523 @@
# Kconfig template
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for esp-idf integration
# Kconfig Format Rules
#
# See:
# https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html
#
# Format rules for Kconfig files are as follows:
#
# Option names in any menus should have consistent prefixes. The prefix
# currently should have at least 3 characters.
#
# The unit of indentation should be 4 spaces. All sub-items belonging to a
# parent item are indented by one level deeper. For example, menu is indented
# by 0 spaces, config menu by 4 spaces, help in config by 8 spaces, and the
# text under help by 12 spaces.
#
# No trailing spaces are allowed at the end of the lines.
#
# The maximum length of options is NOT 50 characters as documented.
# kconfcheck will complain that options should be 40 at most.
#
# Fix option lengths first. Superfluous errors on other lines may occur.
#
# The maximum length of lines is 120 characters.
#
# python -m kconfcheck <path_to_kconfig_file>
#
# ---------------------------------------------------------------------------------------------------------------------
# Begin main wolfSSL configuration menu
# ---------------------------------------------------------------------------------------------------------------------
# See ESP-IDF esp-tls component for config TLS_STACK_WOLFSSL
menu "wolfSSL"
menu "Hardening"
config ESP_WOLFSSL_WC_NO_HARDEN
bool "Disable wolfSSL hardening"
default n
help
Sets WC_NO_HARDEN
config ESP_WOLFSSL_TFM_TIMING_RESISTANT
bool "Enable TFM Timing Resistant Code"
default n
help
Sets TFM_TIMING_RESISTANT.
endmenu # Hardening
config ESP_WOLFSSL_ENABLE_BENCHMARK
bool "Enable wolfSSL Benchmark Library"
default n
help
Enables wolfcrypt/benchmark/benchmark.c code for benchmark metrics. Disables NO_CRYPT_BENCHMARK.
menu "Benchmark Debug"
config ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING
bool "Enable benchmark timing debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Enable wolfssl debug for benchmark metric timing (CPU Cycles, RTOS ticks, etc).
config ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG
bool "Enable benchmark timer debug"
depends on ESP_WOLFSSL_ENABLE_BENCHMARK
default n
help
Turn on timer debugging (used when CPU cycles not available)
endmenu # Benchmark Debug
# -----------------------------------------------------------------------------------------------------------------
# wolfCrypt Test
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ENABLE_TEST
bool "Enable wolfCrypt Test Library"
default n
help
Enables wolfcrypt/test/test.c code for testing. Disables NO_CRYPT_TEST.
menu "wolfCrypt tests"
config WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS
bool "Enable wolfCrypt Test Options"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables HAVE_WOLFCRYPT_TEST_OPTIONS
config TEST_ESPIDF_ALL_WOLFSSL
bool "Enable all features to use in tests"
depends on ESP_WOLFSSL_ENABLE_TEST
default n
help
Enables TEST_ESPIDF_ALL_WOLFSSL
endmenu # wolfCrypt tests
# -----------------------------------------------------------------------------------------------------------------
# Apple HomeKit Options
# -----------------------------------------------------------------------------------------------------------------
menu "Apple HomeKit"
config WOLFSSL_APPLE_HOMEKIT
bool "Enable Apple HomeKit options"
default n
help
Enables FP_MAX_BITS (8192 * 2), SRP, ChaCha, Poly1305, Base64 encoding needed for Apple HomeKit.
endmenu # Apple HomeKit
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_DISABLE_MY_ECC
bool "Disable ECC in my project"
default "n"
help
ECC is enabled by default. Select this option to disable.
config ESP_WOLFSSL_ENABLE_MY_USE_RSA
bool "Enable RSA in my project"
default "n"
help
RSA is disabled by default. Select this option to enable.
config ESP_WOLFSSL_BENCHMARK
bool "Enable wolfSSL Benchmark"
default n
help
Enables user settings relevant to benchmark code
config ESP_TLS_USING_WOLFSSL_SPECIFIED
bool "Use the specified wolfssl for ESP-TLS"
default Y
help
Includes wolfSSL from specified directory (not using esp-wolfssl).
config ESP_WOLFSSL_NO_USE_FAST_MATH
bool "Disable FAST_MATH library and all ESP32 Hardware Acceleration"
select ESP_WOLFSSL_NO_HW
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
menu "Protocol Config"
config WOLFSSL_HAVE_ALPN
bool "Enable ALPN (Application Layer Protocol Negotiation) in wolfSSL"
default y
config WOLFSSL_ALLOW_TLS13
bool "Allow TLS 1.3"
default y
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_ALLOW_TLS12
bool "Allow TLS 1.2"
default n
help
Allow TLS to fallback to TLS1.2. Memory footprint will likely be larger for TLS1.2.
When disabled HTTPS and MQTT over TLS connections will fail if TLS1.3 not accepted.
config WOLFSSL_HAVE_TLS_EXTENSIONS
bool "Enable TLS Extensions"
default y
help
Sets HAVE_TLS_EXTENSIONS which is needed for TLS 1.3, SNI, ALPN, and more.
config WOLFSSL_ALT_CERT_CHAINS
bool "Enable Alternate Certificate Chains"
default n
help
The option relaxes the default strict wolfSSL certificate chain processing. This
will typically need to be enabled when loading only a CA file. Typically solves
the -188 ASN_NO_SIGNER_E error. Use with caution.
config WOLFSSL_HAVE_OCSP
bool "Enable OCSP (Online Certificate Status Protocol) in wolfSSL"
default n
help
Sets HAVE_OCSP
endmenu # Protocol Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config TLS_STACK_WOLFSSL
# Invisible option that locks TLS_STACK_WOLFSSL to ESP_TLS_USING_WOLFSSL
bool
default n
select FREERTOS_ENABLE_BACKWARD_COMPATIBILITY
help
Includes wolfSSL in ESP-TLS so that it can be compiled with wolfSSL as its SSL/TLS library.
Enabled when wolfSSL is selected in ESP_TLS_LIBRARY_CHOOSE.
menu "wolfSSL ESP-TLS"
depends on ESP_TLS_USING_WOLFSSL
menu "Certificate Bundle"
depends on ESP_TLS_USING_WOLFSSL
config WOLFSSL_CERTIFICATE_BUNDLE
bool "Enable trusted root certificate bundle"
default y if ESP_TLS_USING_WOLFSSL
default n
depends on ESP_TLS_USING_WOLFSSL
help
Enable support for large number of default root certificates
When enabled this option allows user to store default as well
as customer specific root certificates in compressed format rather
than storing full certificate. For the root certificates the public key and the subject name
will be stored.
config WOLFSSL_NO_ASN_STRICT
bool "Relax Certificate ASN Strict Checks"
default n
depends on ESP_TLS_USING_WOLFSSL
help
Allows sub-optimal certificate ASN checks. Unless using a bundle with known issues,
it is recommended to NOT enable this.
config WOLFSSL_ASN_ALLOW_0_SERIAL
bool "Allow cert missing an ASN Serial Number"
default y
depends on ESP_TLS_USING_WOLFSSL
help
Although not recommended, there may be certificates in the bundle that are missing
a serial number. This option allows the missing value without having to fully
disable strict ASN checking with WOLFSSL_NO_ASN_STRICT.
choice WOLFSSL_DEFAULT_CERTIFICATE_BUNDLE
bool "Default certificate bundle options"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_FULL
bool "Use the full default certificate bundle"
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_CMN
bool "Use only the most common certificates from the default bundles"
help
Use only the most common certificates from the default bundles, reducing the size with 50%,
while still having around 99% coverage.
config WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
bool "Do not use the default certificate bundle"
endchoice
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
default n
bool "Add custom certificates to the default bundle"
config WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE_PATH
depends on WOLFSSL_CUSTOM_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
string "Custom certificate bundle path"
help
Name of the custom certificate directory or file. This path is evaluated
relative to the project root directory.
config WOLFSSL_CERTIFICATE_BUNDLE_DEPRECATED_LIST
bool "Add deprecated root certificates"
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL && !WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE
help
Include the deprecated list of root certificates in the bundle.
This list gets updated when a certificate is removed from the Mozilla's
NSS root certificate store. This config can be enabled if you would like
to ensure that none of the certificates that were deployed in the product
are affected because of the update to bundle. In turn, enabling this
config keeps expired, retracted certificates in the bundle and it may
pose a security risk.
- Deprecated cert list may grow based based on sync with upstream bundle
- Deprecated certs would be be removed in ESP-IDF (next) major release
config WOLFSSL_CERTIFICATE_BUNDLE_MAX_CERTS
int "Maximum no of certificates allowed in certificate bundle"
default 200
depends on WOLFSSL_CERTIFICATE_BUNDLE && ESP_TLS_USING_WOLFSSL
endmenu
endmenu # wolfSSL ESP-TLS
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
config ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
bool "Modify default hardware acceleration settings"
default n
help
When disabling all hardware acceleration for smaller memory footprint,
disabling TFM fast math provides faster wolfSSL software algorithms in an
even smaller flash memory footprint.
Typically used for debugging, analysis, or optimizations. The default
hardware acceleration features can be each manually adjusted.
menu "wolfSSL Hardware Acceleration"
config ESP_WOLFSSL_NO_ESP32_CRYPT
bool "Disable all ESP32 Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_AES
select ESP_WOLFSSL_NO_HW_HASH
select ESP_WOLFSSL_NO_HW_RSA_PRI
select ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_ESP32_CRYPT.
Consider disabling FASTMATH (other libraries are faster in software and smaller)
config ESP_WOLFSSL_NO_HW_AES
bool "Disable all ESP32 AES Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.When selected defines: NO_HW_AES
config ESP_WOLFSSL_NO_HW_HASH
bool "Disable all ESP32 SHA Hash Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_HASH
config ESP_WOLFSSL_NO_HW_RSA_PRI
bool "Disable all ESP32 RSA Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
select ESP_WOLFSSL_NO_HW_PRI_MP_MUL
select ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
select ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI
config ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL
bool "Disable all ESP32 Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MP_MUL
config ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD
bool "Disable all ESP32 Modular Multiplication Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default. When selected defines: NO_HW_RSA_PRI_MULMOD
config ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD
bool "Disable all ESP32 RSA Exponential Math Hardware Acceleration"
depends on ESP_WOLFSSL_ALT_HARDWARE_ACCELERATION
default n
help
Hardware acceleration enabled by default.
Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
bool "Enable debugging of RSA Multiplication operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
multiplication operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
bool "Enable debugging of RSA Modular operand length"
default n
help
Prints an esp log warning to the default console UART when one of the
modular math operands exceeds the maximum size supported by hardware,
requiring fallback to software. This can be helpful to pick key sizes
when performance is critical. See also metrics for counting instances.
endmenu # wolfSSL Hardware Acceleration
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Experimental Options"
config ESP_WOLFSSL_EXPERIMENTAL_SETTINGS
bool "Enable wolfSSL Experimental Settings"
default n
help
Enables experimental settings for wolfSSL. See documentation.
config ESP_WOLFSSL_ENABLE_KYBER
bool "Enable wolfSSL Kyber"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
endmenu # wolfSSL Experimental Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Debug Options"
config ESP_WOLFSSL_DEBUG_WOLFSSL
bool "Enable wolfSSL Debugging"
default n
help
Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
config ESP_WOLFSSL_TEST_LOOP
bool "Run test apps in a loop until failure"
default y
help
Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
endmenu # wolfSSL Debug Options
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "wolfSSL Customization"
config CUSTOM_SETTING_WOLFSSL_ROOT
string "Enter a path for wolfSSL source code"
default "~/workspace/wolfssl"
help
This option lets you specify a directory for the wolfSSL source code (typically a git clone).
Enter the path using forward slashes (e.g., C:/myfolder/mysubfolder) or double backslashes
(e.g., C:\\myfolder\\mysubfolder).
endmenu # wolfSSL Customization
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Component Config"
config IGNORE_ESP_IDF_WOLFSSL_COMPONENT
bool "Ignore the ESP-IDF component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the esp-idf/components directory. Requires wolfssl as a local component.
config IGNORE_LOCAL_WOLFSSL_COMPONENT
bool "Ignore the local component of wolfSSL (if present)"
default n
help
Ignores wolfSSL present in the local project components directory.
Requires wolfssl as a ESP-IDF component.
endmenu # Component Config
# -----------------------------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------
menu "Utility Config"
config USE_WOLFSSL_ESP_SDK_TIME
bool "Enable wolfSSL time helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
config USE_WOLFSSL_ESP_SDK_WIFI
bool "Enable wolfSSL WiFi helper functions"
default n
help
Enables use of various time and date setting functions found in the esp-sdk-lib.h file.
endmenu # Utility Config
endmenu # wolfSSL
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfSSH"
config ESP_ENABLE_WOLFSSH
bool "Enable wolfSSH options"
default n
help
Enables WOLFSSH_TERM, WOLFSSL_KEY_GEN, WOLFSSL_PTHREADS, WOLFSSH_TEST_SERVER, WOLFSSH_TEST_THREADING
config ESP_WOLFSSL_DEBUG_WOLFSSH
bool "Enable wolfSSH debugging"
default n
help
Enable wolfSSH debugging macro. See user_settings.h
endmenu # wolfSSH
# ---------------------------------------------------------------------------------------------------------------------
# ---------------------------------------------------------------------------------------------------------------------
menu "wolfMQTT"
config ESP_ENABLE_WOLFMQTT
bool "Enable wolfMQTT options"
default n
help
Enables WOLFMQTT
config ESP_WOLFSSL_DEBUG_WOLFMQTT
bool "Enable wolfMQTT debugging"
default n
help
Enable wolfMQTT debugging macro. See user_settings.h
endmenu # wolfMQTT
# ---------------------------------------------------------------------------------------------------------------------

162
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md Normal file
View File

@@ -0,0 +1,162 @@
# wolfSSL Espressif Component
This is the directory for wolfSSL as an Espressif ESP-IDF component.
Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/).
Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls)
to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl))
The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the
`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code.
## Directory Contents
This directory must contain, at a minimum:
- `CMakeLists.txt`
- `./include/user_settings.h`
The directory should also contain:
- `Kconfig`
- `component.mk`
The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/),
or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF).
Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order:
- A hard-coded `WOLFSSL_ROOT` cmake variable.
- `WOLFSSL_ROOT` Environment Variable
- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option.
- Any parent directories, up to the root (if this directory is in the ESP-IDF components)
- Any parent directories, up to the root (if this directory is a project component)
While recursing up the directory tree, the following names of wolfSSL directories will be considered:
- `wolfssl-[current user name]`
- `wolfssl-master`
- `wolfssl`
## Getting Started
See the `Espressif Getting Started Guide`.
```
# Set environment variable to ESP-IDF location
# For example, VisualGDB in WSL
WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2
WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master
# Or wherever the ESP-IDF is installed:
WRK_IDF_PATH=~/esp/esp-idf
echo "Run export.sh from ${WRK_IDF_PATH}"
. ${WRK_IDF_PATH}/export.sh
cd [your project]
idf.py menuconfig
```
Enable wolfSSL to be used in the ESP-TLS:
```
Component config --->
ESP-TLS --->
Choose SSL/TLS library for ESP-TLS (See help for more Info)
(X) wolfSSL (License info in wolfSSL directory README)
```
Adjust wolfSSL settings, such as path to source code as needed:
```
Component config --->
wolfSSL --->
[*] Include wolfSSL in ESP-TLS
[*] Use the specified wolfssl for ESP-TLS
(~/workspace/wolfssl) Enter a path for wolfSSL source code
```
## Configuration
All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file.
The `user_settings.h` file should not be included directly. Instead, `#include <wolfssl/wolfcrypt/settings.h>`
before any other wolfSSL headers, like this:
```c
/* ESP-IDF */
#include <esp_log.h>
#include "sdkconfig.h"
/* wolfSSL */
/* Always include wolfcrypt/settings.h before any other wolfSSL file. */
/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
#if defined(WOLFSSL_USER_SETTINGS)
#include <wolfssl/wolfcrypt/settings.h>
#if defined(WOLFSSL_ESPIDF)
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfcrypt/test/test.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
#error "Problem with wolfSSL user_settings. " \
"Check components/wolfssl/include " \
"and confirm WOLFSSL_USER_SETTINGS is defined, " \
"typically in the component CMakeLists.txt"
#endif
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
```
## Examples
See the wolfSSL examples:
- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples)
- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32)
- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples)
- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif)
- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples)
## Platforms
The ESP-IDF wolfSSL is also available for PlatformIO:
- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl)
- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging)
The wolfSSL library can also be used for Espressif with Arduino:
- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/)
- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL)
## Additional Information
- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/)
- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/)
- [wolfSSL Products](https://www.wolfssl.com/products/)
- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/)
- [More...](https://www.wolfssl.com/?s=espressif)
## Contact
Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub.
## Licensing and Support
wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available.
See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247
View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance)

126
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk
View File

@@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2024 wolfSSL Inc.
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
@@ -18,6 +18,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
$(info *********** wolfssl component ************)
#
# Component Makefile
#
@@ -48,21 +50,80 @@
# define it here:
CFLAGS +=-DWOLFSSL_USER_SETTINGS
# Note that 4 source files created by autogen are excluded here.
#
# See these files commented out, below. Adjust as needed for your application:
#
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# NOTICE: the WOLFSSL_ROOT setting MUST be relative!
# See https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-guides/build-system.html?highlight=must+relative#optional-component-specific-variables
# In the wolfSSL GitHub examples for Espressif:
# https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples
# When this wolfssl component.mk makefile is in [project]/components/wolfssl
# The root is 7 directories up from here:
WOLFSSL_ROOT := ../../../../../../..
# The root is 7 directories up from here (the location of of this component.mk):
#
WOLFSSL_ROOT ?= ../../../../../../..
THIS_DIR := $(shell pwd)
WOLFSSL_ROOT_OBJ := $(THIS_DIR)
# NOTE: The wolfSSL include diretory (e.g. user_settings.h) is
# When running make from commandline or VisualGDB, the current path varies:
ifeq ("$(VISUALGDB_DIR)","")
# current path is typically /mnt/c/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/wolfssl
$(info VISUALGDB_DIR build not detected. shell: $(shell echo $$SHELL))
else
# current path is typically /C/workspace/wolfssl-gojimmypi/IDE/Espressif/ESP-IDF/examples/wolfssl_test/build/Debug/wolfssl
$(info Detected VisualGDB in: $(VISUALGDB_DIR) shell: $(shell echo $$SHELL))
endif
# To set the location of a different location, it is best to use relative paths.
#
# Set WOLFSSL_ROOT to a relative path from the current component directory.
# For example, if the wolfssl_client is copied from the examples to test:
#
# cp -r /IDE/Espressif/ESP-IDF/examples/wolfssl_client/* /mnt/c/test/demo
#
# we run make in /mnt/c/test/demo
# component is in /mnt/c/test/demo/components/wolfssl
# wolfssl is in /mnt/c/workspace/wolfssl-master
#
# "/mnt/c" is 4 directories up:
# 2 for `./test/demo` from where we run `make`, plus
# 2 more from the location of `component.mk` located
# in `[current directory]/components/wolfssl`.
#
# Thus we need 4 parent reference to find the relative path to wolfSSL:
# WOLFSSL_ROOT := ../../../../workspace/wolfssl-master
# Optional CFLAGS (make works without these; for reference only)
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt
# CFLAGS += -I$(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
abs_WOLFSSL_ROOT := $(shell realpath $(WOLFSSL_ROOT))
# print-wolfssl-path-value:
# @echo "WOLFSSL_ROOT defined: $(WOLFSSL_ROOT)"
# @echo "WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT)"
$(info WOLFSSL_ROOT defined: $(WOLFSSL_ROOT))
$(info WOLFSSL_ROOT actual: $(abs_WOLFSSL_ROOT))
$(info THIS_DIR defined: $(THIS_DIR))
$(info WOLFSSL_ROOT_OBJ defined: $(WOLFSSL_ROOT_OBJ))
# NOTE: The wolfSSL include directory (e.g. user_settings.h) is
# located HERE in THIS project, and *not* in the wolfSSL root.
COMPONENT_ADD_INCLUDEDIRS := ./include
COMPONENT_ADD_INCLUDEDIRS := .
COMPONENT_ADD_INCLUDEDIRS += include
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/.
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt
COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfssl/wolfcrypt/port/Espressif
# COMPONENT_ADD_INCLUDEDIRS += $ENV(IDF_PATH)/components/freertos/include/freertos
# COMPONENT_ADD_INCLUDEDIRS += "$ENV(IDF_PATH)/soc/esp32s3/include/soc"
@@ -76,27 +137,27 @@ COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/atmel
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_x86_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT)/src/bio.o
COMPONENT_OBJEXCLUDE := $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/evp.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/misc.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/sha512_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/fe_x25519_asm.o
COMPONENT_OBJEXCLUDE += $(WOLFSSL_ROOT_OBJ)/wolfcrypt/src/aes_gcm_x86_asm.o
##
## wolfSSL
##
COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o
# COMPONENT_OBJS += src/conf.o
## reminder object files may end up in `./build` or `build/debug` or `build/release`, depending on build environment & settings.
##
# COMPONENT_OBJS := $(WOLFSSL_ROOT)/src/bio.o # part of ssl.c, omitted to avoid "does not need to be compiled separately"
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/conf.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/crl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/dtls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/internal.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/keys.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ocsp.o
# COMPONENT_OBJS += src/pk.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/pk.o # part of ssl.c
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/quic.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/sniffer.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
@@ -108,8 +169,8 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/ssl.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/tls13.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/wolfio.o
# COMPONENT_OBJS += src/x509.o
# COMPONENT_OBJS += src/x509_str.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509.o # part of ssl.c
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/src/x509_str.o # part of ssl.c
##
## wolfcrypt
@@ -118,7 +179,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/aes.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/arc4.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/asn.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/async.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/blake2s.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/camellia.o
@@ -142,7 +203,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed25519.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ed448.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/error.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/evp.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)wolfcrypt/src/ext_kyber.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ext_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/falcon.o
@@ -174,7 +235,7 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rc2.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/rsa.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sakke.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/selftest.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha256.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/sha3.o
@@ -205,14 +266,14 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/srp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/tfm.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_dsp.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_kyber_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_poly.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_lms.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_pkcs11.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wc_xmss.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_first.o # autogen exclusion
# COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfcrypt_last.o # autogen exclusion
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.o
COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.o
@@ -230,19 +291,16 @@ COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.
##
## wolfcrypt benchmark (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/benchmark
##
## wolfcrypt test (optional)
##
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## COMPONENT_OBJS += $(WOLFSSL_ROOT)/wolfcrypt/test/test.o
## COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test
## COMPONENT_ADD_INCLUDEDIRS += $(WOLFSSL_ROOT)/wolfcrypt/test/include
##
## wolfcrypt
##
# COMPONENT_PRIV_INCLUDEDIRS += $(PROJECT_PATH)/components/wolfssl/include
COMPONENT_SRCDIRS += $(WOLFSSL_ROOT)wolfcrypt/src
$(info ********** end wolfssl component **********)

654
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
View File

@@ -1,6 +1,6 @@
/* user_settings.h
/* wolfssl-component include/user_settings.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
@@ -18,29 +18,222 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#define WOLFSSL_ESPIDF_COMPONENT_VERSION 0x01
/* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.6.6-01 */
/* This user_settings.h is for Espressif ESP-IDF */
/* Examples such as test and benchmark are known to cause watchdog timeouts.
* Note this is often set in project Makefile:
* CFLAGS += -DWOLFSSL_ESP_NO_WATCHDOG=1 */
#define WOLFSSL_ESP_NO_WATCHDOG 1
/* The Espressif project config file. See also sdkconfig.defaults */
#include "sdkconfig.h"
#define DEBUG_WOLFSSL
/* #define DEBUG_WOLFSSL_VERBOSE */
/* This user_settings.h is for Espressif ESP-IDF
*
* Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
*
* Do not include any wolfssl headers here.
*
* When editing this file:
* ensure all examples match. The template example is the reference.
*/
/* Naming convention: (see also esp32-crypt.h for the reference source).
*
* CONFIG_
* This prefix indicates the setting came from the sdkconfig / Kconfig.
*
* May or may not be related to wolfSSL.
*
* The name after this prefix must exactly match that in the Kconfig file.
*
* WOLFSSL_
* Typical of many, but not all wolfSSL macro names.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* May or may not have a corresponding sdkconfig / Kconfig control.
*
* ESP_WOLFSSL_
* These are NOT valid wolfSSL macro names. These are names only used in
* the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_"
* suffix added. See next section.
*
* CONFIG_ESP_WOLFSSL_
* This is a wolfSSL-specific macro that has been defined in the ESP-IDF
* via the sdkconfig / menuconfig. Any text after this prefix should
* exactly match an existing wolfSSL macro name.
*
* Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc.
*
* These macros may also be specific to only the project or environment,
* and possibly not used anywhere else in the wolfSSL libraries.
*/
/* The Espressif sdkconfig will have chipset info.
**
** Some possible values:
**
** CONFIG_IDF_TARGET_ESP32
** CONFIG_IDF_TARGET_ESP32S2
** CONFIG_IDF_TARGET_ESP32S3
** CONFIG_IDF_TARGET_ESP32C3
** CONFIG_IDF_TARGET_ESP32C6
*/
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* Test various user_settings between applications by selecting example apps
* in `idf.py menuconfig` for Example wolfSSL Configuration settings: */
/* Turn on messages that are useful to see only in examples. */
#define WOLFSSL_EXAMPLE_VERBOSITY
/* Paths can be long, ensure the entire value printed during debug */
#define WOLFSSL_MAX_ERROR_SZ 500
/* wolfSSL Examples: set macros used in example applications.
*
* These Settings NOT available in ESP-IDF (e.g. esp-tls)
*
* Any settings needed by ESP-IDF components should be explicitly set,
* and not by these example-specific settings via CONFIG_WOLFSSL_EXAMPLE_n
*
* ESP-IDF settings should be Kconfig "CONFIG_[name]" values when possible. */
#if defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TEST)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_test */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define TEST_ESPIDF_ALL_WOLFSSL
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_BENCHMARK)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark */
/* We don't use WiFi, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_CLIENT)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_client */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_TLS_SERVER)
/* See https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/wolfssl_server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfSSH Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER)
/* See https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples/wolfssh_echoserver */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP32/ESP32-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER)
/* See https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif/ESP8266/ESP8266-SSH-Server */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfMQTT Examples */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/wolfmqtt_template */
#define USE_WOLFSSL_ESP_SDK_WIFI
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT)
/* See https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples/AWS_IoT_MQTT */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* wolfTPM Examples */
#elif defined(CONFIG_WOLFTPM_EXAMPLE_NAME_ESPRESSIF)
/* See https://github.com/wolfSSL/wolfTPM/tree/master/IDE/Espressif */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Apple HomeKit Examples */
#elif defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* See https://github.com/AchimPieters/esp32-homekit-demo */
/* no example selected */
#elif defined(CONFIG_WOLFSSL_EXAMPLE_NAME_NONE)
/* We'll assume the app needs to use wolfSSL sdk lib function */
#define USE_WOLFSSL_ESP_SDK_WIFI
/* Other applications detected by cmake */
#elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
/* The wolfSSL Version of the client example */
#if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
/* Less memory available, so smaller key sizes: */
#define FP_MAX_BITS (4096 * 2)
#else
#define FP_MAX_BITS (8192 * 2)
#endif
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#elif defined(APP_ESP_HTTP_CLIENT)
/* The ESP-IDF Version */
#define FP_MAX_BITS (8192 * 2)
#define HAVE_ALPN
#define HAVE_SNI
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define OPENSSL_EXTRA
#ifndef WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_VERIFY_CB
#endif
#ifndef WOLFSSL_VERIFY_CB_ALL_CERTS
#define WOLFSSL_VERIFY_CB_ALL_CERTS
#endif
#ifndef KEEP_PEER_CERT
#define KEEP_PEER_CERT
#endif
#else
#ifdef WOLFSSL_ESPIDF
/* #warning "App config undetected" */
#endif
/* the code is older or does not have application name defined. */
#endif /* Example wolfSSL Configuration app settings */
/* Experimental Kyber */
#if 0
#ifdef CONFIG_WOLFSSL_ENABLE_KYBER
/* Kyber typically needs a minimum 10K stack */
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#define WOLFSSL_HAVE_MLKEM
#define WOLFSSL_WC_MLKEM
#define WOLFSSL_SHA3
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* With limited RAM, we'll disable some of the Kyber sizes: */
#define WOLFSSL_NO_KYBER1024
#define WOLFSSL_NO_KYBER768
#define NO_SESSION_CACHE
#endif
#endif
/* Enable AES for all examples */
#ifdef NO_AES
#warning "Found NO_AES, wolfSSL AES Cannot be enabled. Check config."
#else
#define WOLFSSL_AES
#define WOLFSSL_AES_COUNTER
/* Typically only needed for wolfssl_test, see docs. */
#define WOLFSSL_AES_DIRECT
#endif
/* Pick a cert buffer size: */
/* #define USE_CERT_BUFFERS_2048 */
/* #define USE_CERT_BUFFERS_1024 */
@@ -57,14 +250,76 @@
** CONFIG_IDF_TARGET_ESP32C6
*/
#undef WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF
/* Optionally enable Apple HomeKit from compiler directive or Kconfig setting */
#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT)
/* SRP is known to need 8K; slow on some devices */
#define FP_MAX_BITS (8192 * 2)
#define WOLFCRYPT_HAVE_SRP
#define HAVE_CHACHA
#define HAVE_POLY1305
#define WOLFSSL_BASE64_ENCODE
#endif /* Apple HomeKit settings */
/* We don't use WiFi helpers yet, so don't compile in the esp-sdk-lib WiFi */
#define NO_ESP_SDK_WIFI
/* Used by ESP-IDF components: */
#if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
/* The ESP-TLS */
#ifndef FP_MAX_BITS
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684) || \
defined(CONFIG_IDF_TARGET_ESP8266)
/* Optionally set smaller size here */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#else
#define FP_MAX_BITS (4096 * 2)
#endif
#endif
#define HAVE_ALPN
#ifndef CONFIG_IDF_TARGET_ESP8266
/* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL
* API for SNI will not be seen in the components/esp-tls layer.
* Only enable SNI for non-ESP8266 targets by default: */
#define HAVE_SNI
#endif
#define OPENSSL_EXTRA_X509_SMALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#endif
/* Optionally enable some wolfSSH settings */
#if defined(ESP_ENABLE_WOLFSSH) || defined(CONFIG_ESP_ENABLE_WOLFSSH)
/* Enable wolfSSH. Espressif examples need a few more settings, below */
#undef WOLFSSL_WOLFSSH
#define WOLFSSL_WOLFSSH
/* The default SSH Windows size is massive for an embedded target.
* Limit it: */
#define DEFAULT_WINDOW_SZ 2000
/* These may be defined in cmake for other examples: */
#undef WOLFSSH_TERM
#define WOLFSSH_TERM
/* optional debug */
/* #undef DEBUG_WOLFSSH */
/* #define DEBUG_WOLFSSH */
#undef WOLFSSL_KEY_GEN
#define WOLFSSL_KEY_GEN
#undef WOLFSSL_PTHREADS
#define WOLFSSL_PTHREADS
#define WOLFSSH_TEST_SERVER
#define WOLFSSH_TEST_THREADING
#endif /* ESP_ENABLE_WOLFSSH */
/* Not yet using WiFi lib, so don't compile in the esp-sdk-lib WiFi helpers: */
/* #define USE_WOLFSSL_ESP_SDK_WIFI */
/*
* ONE of these Espressif chipsets should be defined:
* ONE of these Espressif chip families will be detected from sdkconfig:
*
* WOLFSSL_ESP32
* WOLFSSL_ESPWROOM32SE
@@ -83,11 +338,28 @@
#endif
/* See below for chipset detection from sdkconfig.h */
/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
#define SINGLE_THREADED
/* Small session cache saves a lot of RAM for ClientCache and SessionCache.
* Memory requirement is about 5KB, otherwise 20K is needed when not specified.
* If extra small footprint is needed, try MICRO_SESSION_CACHE (< 1K)
* When really desperate, try NO_SESSION_CACHE. */
#define MICRO_SESSION_CACHE
* When really desperate or no TLS used, try NO_SESSION_CACHE. */
#define NO_SESSION_CACHE
/* Small Stack uses more heap. */
#define WOLFSSL_SMALL_STACK
/* Full debugging turned off, but show malloc failure detail */
/* #define DEBUG_WOLFSSL */
#define DEBUG_WOLFSSL_MALLOC
/* See test.c that sets cert buffers; we'll set them here: */
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_2048
/* RSA_LOW_MEM: Half as much memory but twice as slow. */
#define RSA_LOW_MEM
/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
@@ -102,19 +374,44 @@
#define BENCH_EMBEDDED
#define WOLFSSL_SMALL_STACK
#define HAVE_ECC
#define RSA_LOW_MEM
/* TLS 1.3 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES
#ifdef CONFIG_WOLFSSL_ALLOW_TLS13
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_HKDF
#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB
/* May be required */
#ifndef HAVE_AEAD
#endif
/* Required for ECC */
#define HAVE_SUPPORTED_CURVES
/* Required for RSA */
#define WC_RSA_PSS
/* TLS 1.3 normally requires HAVE_FFDHE */
#if defined(HAVE_FFDHE_2048) || \
defined(HAVE_FFDHE_3072) || \
defined(HAVE_FFDHE_4096) || \
defined(HAVE_FFDHE_6144) || \
defined(HAVE_FFDHE_8192)
#else
#define HAVE_FFDHE_2048
/* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
#endif
#endif
#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
defined(CONFIG_IDF_TARGET_ESP8684)
/* Optionally set smaller size here */
#ifdef HAVE_FFDHE_4096
/* this size may be problematic on the C2 */
#endif
#define HAVE_FFDHE_2048
#else
#define HAVE_FFDHE_4096
#endif
#define NO_FILESYSTEM
@@ -131,30 +428,72 @@
/* when you want to use SHA384 */
#define WOLFSSL_SHA384
#if defined(CONFIG_IDF_TARGET_ESP8266)
/* Some features not enabled for ESP8266: */
#if defined(CONFIG_IDF_TARGET_ESP8266) || \
defined(CONFIG_IDF_TARGET_ESP32C2)
/* Some known low-memory devices have features not enabled by default. */
/* TODO determine low memory configuration for ECC. */
#else
/* when you want to use SHA512 */
#define WOLFSSL_SHA512
/* when you want to use SHA3 */
#define WOLFSSL_SHA3
/* #define WOLFSSL_SHA3 */
/* ED25519 requires SHA512 */
#define HAVE_ED25519
#endif
#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519
#if defined(CONFIG_IDF_TARGET_ESP8266) || defined(CONFIG_IDF_TARGET_ESP32C2)
#define MY_USE_ECC 0
#define MY_USE_RSA 1
#else
#define MY_USE_ECC 1
#define MY_USE_RSA 0
#endif
/* We can use either or both ECC and RSA, but must use at least one. */
#if MY_USE_ECC || MY_USE_RSA
#if MY_USE_ECC
/* ---- ECDSA / ECC ---- */
#define HAVE_ECC
#define HAVE_CURVE25519
#define HAVE_ED25519
#define WOLFSSL_SHA512
/*
#define HAVE_ECC384
#define CURVE25519_SMALL
*/
#else
#define WOLFSSH_NO_ECC
/* WOLFSSH_NO_ECDSA is typically defined automatically,
* here for clarity: */
#define WOLFSSH_NO_ECDSA
#endif
#if MY_USE_RSA
/* ---- RSA ----- */
/* #define RSA_LOW_MEM */
/* DH disabled by default, needed if ECDSA/ECC also turned off */
#define HAVE_DH
#else
#define WOLFSSH_NO_RSA
#endif
#else
#error "Either RSA or ECC must be enabled"
#endif
/* Optional OpenSSL compatibility */
/* #define OPENSSL_EXTRA */
/* when you want to use pkcs7 */
/* #Optional HAVE_PKCS7 */
/* #define HAVE_PKCS7 */
#if defined(HAVE_PKCS7)
/* HAVE_PKCS7 may enable HAVE_PBKDF2 see settings.h */
#define NO_PBKDF2
#define HAVE_AES_KEYWRAP
#define HAVE_X963_KDF
#define WOLFSSL_AES_DIRECT
@@ -174,25 +513,11 @@
/* #define CUSTOM_SLOT_ALLOCATION */
#endif
/* RSA primitive specific definition */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Define USE_FAST_MATH and SMALL_STACK */
#define ESP32_USE_RSA_PRIMITIVE
/* WC_NO_CACHE_RESISTANT: slower but more secure */
/* #define WC_NO_CACHE_RESISTANT */
#if defined(CONFIG_IDF_TARGET_ESP32)
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
/* TFM_TIMING_RESISTANT: slower but more secure */
/* #define TFM_TIMING_RESISTANT */
/* #define WOLFSSL_ATECC508A_DEBUG */
@@ -203,37 +528,69 @@
/* #define XTIME time */
/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT 0x249F00
/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
* Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
#ifndef ESP_RSA_TIMEOUT_CNT
#define ESP_RSA_TIMEOUT_CNT 0xFF0000
#endif
#define HASH_SIZE_LIMIT /* for test.c */
/* hash limit for test.c */
#define HASH_SIZE_LIMIT
/* USE_FAST_MATH is default */
#define USE_FAST_MATH
/***** Use SP_MATH *****/
/* #undef USE_FAST_MATH */
/* #undef USE_FAST_MATH */
/* #define SP_MATH */
/* #define WOLFSSL_SP_MATH_ALL */
/* #define WOLFSSL_SP_RISCV32 */
/***** Use Integer Heap Math *****/
/* #undef USE_FAST_MATH */
/* #define USE_INTEGER_HEAP_MATH */
/* Just syntax highlighting to check math libraries: */
#if defined(SP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_INTEGER_HEAP_MATH) || \
defined(USE_FAST_MATH) || \
defined(WOLFSSL_SP_MATH_ALL) || \
defined(WOLFSSL_SP_RISCV32)
#endif
#define WOLFSSL_SMALL_STACK
#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */
#define HAVE_SESSION_TICKET
#ifndef NO_SESSION_CACHE
#define HAVE_SESSION_TICKET
#endif
/* #define HAVE_HASHDRBG */
#if 0
/* Example for additional cert functions */
#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS
#define WOLFSSL_CERT_TEXT
#define WOLFSSL_CERT_TEXT
/* command-line options
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/
#endif
#define WOLFSSL_ASN_TEMPLATE
@@ -253,11 +610,66 @@
--enable-asn-template
*/
/* optional SM4 Ciphers. See https://github.com/wolfSSL/wolfsm */
/*
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/
#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
/* SM settings, possible cipher suites:
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
TLS13-SM4-GCM-SM3
TLS13-SM4-CCM-SM3
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CBC-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-GCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "ECDHE-ECDSA-SM4-CCM-SM3"
#define WOLFSSL_ESP32_CIPHER_SUITE "TLS13-SM4-GCM-SM3:" \
"TLS13-SM4-CCM-SM3:"
*/
#undef WOLFSSL_BASE16
#define WOLFSSL_BASE16 /* required for WOLFSSL_SM2 */
#undef WOLFSSL_SM4_ECB
#define WOLFSSL_SM4_ECB
#undef WOLFSSL_SM4_CBC
#define WOLFSSL_SM4_CBC
#undef WOLFSSL_SM4_CTR
#define WOLFSSL_SM4_CTR
#undef WOLFSSL_SM4_GCM
#define WOLFSSL_SM4_GCM
#undef WOLFSSL_SM4_CCM
#define WOLFSSL_SM4_CCM
#define HAVE_POLY1305
#define HAVE_CHACHA
#undef HAVE_AESGCM
#define HAVE_AESGCM
#else
/* default settings */
#define USE_CERT_BUFFERS_2048
#endif
/* Chipset detection from sdkconfig.h
* Default is HW enabled unless turned off.
* Uncomment lines to force SW instead of HW acceleration */
#if defined(CONFIG_IDF_TARGET_ESP32)
#if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
#define WOLFSSL_ESP32
/* Alternatively, if there's an ECC Secure Element present: */
/* #define WOLFSSL_ESPWROOM32SE */
/* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
/* #define NO_ESP32_CRYPT */
/* #define NO_WOLFSSL_ESP32_CRYPT_HASH */
@@ -375,12 +787,16 @@
#define WOLFSSL_ESP8266
/* There's no hardware encryption on the ESP8266 */
/* Consider using the ESP32-C2/C3/C6
* See https://www.espressif.com/en/products/socs/esp32-c2 */
/* Consider using the ESP32-C2/C3/C6 */
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
#define NO_WOLFSSL_ESP32_CRYPT_AES
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#ifndef FP_MAX_BITS
/* FP_MAX_BITS matters in wolfssl_test, not just TLS setting. */
/* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
#define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
#endif
/***** END CONFIG_IDF_TARGET_ESP266 *****/
#elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -392,7 +808,7 @@
/***** END CONFIG_IDF_TARGET_ESP8684 *****/
#else
/* Anything else encountered, disable HW accleration */
/* Anything else encountered, disable HW acceleration */
#warning "Unexpected CONFIG_IDF_TARGET_NN value"
#define NO_ESP32_CRYPT
#define NO_WOLFSSL_ESP32_CRYPT_HASH
@@ -400,29 +816,84 @@
#define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */
/* RSA primitive specific definition, listed AFTER the Chipset detection */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
/* Consider USE_FAST_MATH and SMALL_STACK */
#ifndef NO_RSA
#define ESP32_USE_RSA_PRIMITIVE
#if defined(CONFIG_IDF_TARGET_ESP32)
#ifdef CONFIG_ESP_MAIN_TASK_STACK_SIZE
#if CONFIG_ESP_MAIN_TASK_STACK_SIZE < 10500
#warning "RSA may be difficult with less than 10KB Stack "/
#endif
#endif
/* NOTE HW unreliable for small values! */
/* threshold for performance adjustment for HW primitive use */
/* X bits of G^X mod P greater than */
#undef ESP_RSA_EXPT_XBITS
#define ESP_RSA_EXPT_XBITS 32
/* X and Y of X * Y mod P greater than */
#undef ESP_RSA_MULM_BITS
#define ESP_RSA_MULM_BITS 16
#endif
#endif
#endif
/* Debug options:
See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
optionally increase error message size for very long paths.
#define WOLFSSL_MAX_ERROR_SZ 500
Turn wolfSSL debugging on/off:
wolfSSL_Debugging_ON();
wolfSSL_Debugging_OFF();
#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_DEBUG_IGNORE_ASN_TIME
#define WOLFSSL_DEBUG_CERT_BUNDLE
#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_MUTEX
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
#define ESP_DISABLE_HW_TASK_LOCK
#define ESP_MONITOR_HW_TASK_LOCK
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
See wolfcrypt/benchmark/benchmark.c for debug and other settings:
Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc)
#define DEBUG_WOLFSSL_BENCHMARK_TIMING
Turn on timer debugging (used when CPU cycles not available)
#define WOLFSSL_BENCHMARK_TIMER_DEBUG
*/
#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
/* Pause in a loop rather than exit. */
/* #define WOLFSSL_ESPIDF_ERROR_PAUSE */
/* #define WOLFSSL_ESP32_HW_LOCK_DEBUG */
#define WOLFSSL_HW_METRICS
/* #define HASH_SIZE_LIMIT */ /* for test.c */
/* for test.c */
/* #define HASH_SIZE_LIMIT */
/* #define NO_HW_MATH_TEST */ /* Optionally turn off HW math checks */
/* Optionally turn off HW math checks */
/* #define NO_HW_MATH_TEST */
/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
@@ -463,6 +934,12 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
* There are various certificate examples in this header file:
* https://github.com/wolfSSL/wolfssl/blob/master/wolfssl/certs_test.h
*
* To use the sample certificates in code (not recommended for production!):
*
* #if defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_1024)
* #include <wolfssl/certs_test.h>
* #endif
*
* To use the sets of macros below, define *one* of these:
*
* USE_CERT_BUFFERS_1024 - ECC 1024 bit encoded ASN1
@@ -540,6 +1017,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define WOLFSSL_BASE16
#else
#if defined(USE_CERT_BUFFERS_2048)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_2048
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_2048
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -559,6 +1039,9 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#define CTX_CLIENT_KEY_TYPE WOLFSSL_FILETYPE_ASN1
#elif defined(USE_CERT_BUFFERS_1024)
#define USE_CERT_BUFFERS_256
/* Be sure to include in app when using example certs: */
/* #include <wolfssl/certs_test.h> */
#define CTX_CA_CERT ca_cert_der_1024
#define CTX_CA_CERT_SIZE sizeof_ca_cert_der_1024
#define CTX_CA_CERT_TYPE WOLFSSL_FILETYPE_ASN1
@@ -581,3 +1064,34 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
#error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
#endif
#endif /* Conditional key and cert constant names */
/******************************************************************************
** Sanity Checks
******************************************************************************/
#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE)
#if defined(WOLFCRYPT_HAVE_SRP)
#if defined(FP_MAX_BITS)
#if FP_MAX_BITS < (8192 * 2)
#define ESP_SRP_MINIMUM_STACK_8K (24 * 1024)
#else
#define ESP_SRP_MINIMUM_STACK_8K (28 * 1024)
#endif
#else
#error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP."
#endif
#if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK)
#warning "WOLFCRYPT_HAVE_SRP enabled with small stack size"
#endif
#endif
#else
#warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!"
#endif
/* See settings.h for some of the possible hardening options:
*
* #define NO_ESPIDF_DEFAULT
* #define WC_NO_CACHE_RESISTANT
* #define WC_AES_BITSLICED
* #define HAVE_AES_ECB
* #define HAVE_AES_DIRECT
*/

54
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt
View File

@@ -1,35 +1,43 @@
# wolfSSL Espressif Example Project/main CMakeLists.txt
# v1.0
# v1.2
#
# wolfssl server test
#
message(STATUS "Begin wolfSSL main CMakeLists.txt")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
# `driver` component not available for ESP8266
SET(THIS_PRIV_REQUIRES_DRIVER "")
else()
SET(THIS_PRIV_REQUIRES_DRIVER "driver")
endif()
if(WIN32)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WINDOWS")
message("Detected Windows")
message(STATUS "Detected Windows")
endif()
if(CMAKE_HOST_UNIX)
message("Detected UNIX")
message(STATUS "Detected UNIX")
endif()
if(APPLE)
message("Detected APPLE")
message(STATUS "Detected APPLE")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND EXISTS "/proc/sys/fs/binfmt_misc/WSLInterop")
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_WSL")
message("Detected WSL")
message(STATUS "Detected WSL")
endif()
if(CMAKE_HOST_UNIX AND (NOT APPLE) AND (NOT WIN32))
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_LINUX")
message("Detected Linux")
message(STATUS "Detected Linux")
endif()
if(APPLE)
# Windows-specific configuration here
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_SYSTEM_NAME_APPLE")
message("Detected Apple")
message(STATUS "Detected Apple")
endif()
set (git_cmd "git")
@@ -43,14 +51,26 @@ if( EXISTS "${CMAKE_HOME_DIRECTORY}/components/wolfssl/" AND EXISTS "$ENV{IDF_PA
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_MULTI_INSTALL_WARNING")
endif()
# The wolfSL component name is named "mywolfssl" on the staging site for Managed Components.
if( NOT EXISTS "../components/wolfssl" AND ("$ENV{IDF_COMPONENT_REGISTRY_URL}" STREQUAL "https://components-staging.espressif.com") )
message(STATUS "WARNING: Using a staging instance of wolfssl.")
set(MAIN_WOLFSSL_COMPONENT_NAME "mywolfssl")
else()
message(STATUS "Using release wolfssl component.")
set(MAIN_WOLFSSL_COMPONENT_NAME "wolfssl")
endif()
## register_component()
idf_component_register(SRCS main.c
wifi_connect.c
time_helper.c
server-tls.c
INCLUDE_DIRS "."
"./include")
#
"./include"
PRIV_REQUIRES "${MAIN_WOLFSSL_COMPONENT_NAME}"
"${THIS_PRIV_REQUIRES_DRIVER}"
nvs_flash
protocol_examples_common)
#
# LIBWOLFSSL_SAVE_INFO(VAR_OUPUT THIS_VAR VAR_RESULT)
@@ -80,15 +100,24 @@ function ( LIBWOLFSSL_SAVE_INFO VAR_OUPUT THIS_VAR VAR_RESULT )
message(STATUS "Found ${VAR_OUPUT}=${VAR_VALUE}")
# the interesting part is defining the VAR_OUPUT name a value to use in the app
add_definitions(-D${VAR_OUPUT}=\"${VAR_VALUE}\")
add_compile_definitions(${VAR_OUPUT}=\"${VAR_VALUE}\")
else()
# if we get here, check the execute_process command and parameters.
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT")
message(STATUS "LIBWOLFSSL_SAVE_INFO encountered a non-zero VAR_RESULT.")
message(STATUS "Setting ${VAR_OUPUT} to \"Unknown\"")
set(${VAR_OUPUT} "Unknown")
endif()
endfunction() # LIBWOLFSSL_SAVE_INFO
if(NOT CMAKE_BUILD_EARLY_EXPANSION)
execute_process(
COMMAND ${git_cmd} "rev-parse" "--is-inside-work-tree"
OUTPUT_VARIABLE IS_GIT_REPO
OUTPUT_STRIP_TRAILING_WHITESPACE
ERROR_QUIET
)
# Save some project-specific details. Repo may be different than component, or may not even be a repo at all:
if(NOT CMAKE_BUILD_EARLY_EXPANSION AND (IS_GIT_REPO STREQUAL "true"))
# LIBWOLFSSL_VERSION_GIT_HASH
execute_process(COMMAND ${git_cmd} "rev-parse" "HEAD" OUTPUT_VARIABLE TMP_OUT RESULT_VARIABLE TMP_RES ERROR_QUIET )
LIBWOLFSSL_SAVE_INFO(LIBWOLFSSL_VERSION_GIT_HASH "${TMP_OUT}" "${TMP_RES}")
@@ -104,3 +133,4 @@ endif()
message(STATUS "")
message(STATUS "End wolfSSL main CMakeLists.txt")

107
IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild
View File

@@ -1,9 +1,112 @@
menu "Example Configuration"
# Kconfig main
#
# Copyright (C) 2006-2025 wolfSSL Inc.
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
#
# Kconfig File Version 5.7.2.001 for wolfssl_template
menu "Example wolfSSL Configuration"
choice WOLFSSL_EXAMPLE_CHOOSE
prompt "Choose Example (See wolfssl/include/user_settings.h)"
default WOLFSSL_EXAMPLE_NAME_NONE
help
The user settings file can be adjusted to specific wolfSSL examples.
config WOLFSSL_EXAMPLE_NAME_TEMPLATE
bool "wolfSSL Template"
help
The sample template app compiles in wolfSSL and prints the current wolfSSL Version. Nothing more.
config WOLFSSL_EXAMPLE_NAME_TEST
bool "wolfSSL Test"
help
This app tests all cryptographic functions currently enabled. See also Benchmark performance app.
config WOLFSSL_EXAMPLE_NAME_BENCHMARK
bool "wolfSSL Benchmark"
help
Benchmark performance app. See also cryptographic test.
config WOLFSSL_EXAMPLE_NAME_TLS_CLIENT
bool "TLS Client"
help
TLS Client Example app. Needs WiFi and a listening server on port 11111.
config WOLFSSL_EXAMPLE_NAME_TLS_SERVER
bool "TLS Server"
help
TLS Server Example app. Needs WiFi. More interesting with a TLS client using port 11111.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE
bool "SSH Template App"
help
Bare-bones Hello World app that only compiles in wolfSSL and wolfSSH.
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFSSH_ECHOSERVER
bool "SSH Echo Server"
help
See wolfSSL/wolfssh on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP32_SSH_SERVER
bool "SSH to UART Server for the ESP32"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_ESP8266_SSH_SERVER
bool "SSH to UART Server for the ESP8266"
help
See wolfSSL/wolfssh-examples on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_TEMPLATE
bool "MQTT Template"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFSSL_EXAMPLE_NAME_WOLFMQTT_AWS_IOT_MQTT
bool "MQTT AWS IoT"
help
See wolfSSL/wolfmqtt on GitHub.
config WOLFTPM_EXAMPLE_NAME_ESPRESSIF
bool "TPM Test Example for the ESP32"
help
See wolfSSL/wolfTPM on GitHub.
config WOLFSSL_EXAMPLE_NAME_NONE
bool "Other"
help
A specific example app is not defined.
endchoice
config WOLFSSL_TARGET_HOST
string "Target host"
default "127.0.0.1"
help
host address for the example to connect
config WOLFSSL_TARGET_PORT
int "Target port"
default 11111
help
Host listening port for the example to connect.
host port for the example to connect
endmenu

Some files were not shown because too many files have changed in this diff Show More