You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by gojimmypi
Pages 1
Hello Gabriel,
That's excellent! Glad you have it working.
Note that wolfSSL has many different configuration options to tune for performance, size, etc. See the docs:
https://www.wolfssl.com/documentation/m … ter02.html
If you decide to include OpenSSL in your analysis, there's a wolfSSL compatibility layer:
https://www.wolfssl.com/documentation/m … ter13.html
Best of luck with your project! Please let me know if I can help in any way.
Jim
Hello Gabriel,
Thank you for providing the source code and additional details.
Now that I see what you are doing, perhaps this will help.
I placed your code in my `wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples`directory so that wolfSSL source code would be found in a parent directory. Alternatively, the `WOLFSSL_ROOT` environment variable can be set, as described above. From your log, you probably don't need to move your code.
Please try adding these two lines to the `CryptoAPI` component `CmakeLists.txt` in `esp32-crypto-api\components\CryptoAPI`:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWOLFSSL_USER_SETTINGS")There are still a few compile errors, indirectly related to wolfSSL that can be readily addressed, but otherwise successful:
Error enumeration value 'RSA' not handled in switch wolfssl_IDF_v5.2_ESP32 C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\esp32-crypto-api\components\CryptoAPI\src\WolfsslModule.cpp 98
Error 'ret' may be used uninitialized wolfssl_IDF_v5.2_ESP32 C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\esp32-crypto-api\components\CryptoAPI\src\WolfsslModule.cpp 399
Error 'cert_type' may be used uninitialized wolfssl_IDF_v5.2_ESP32 C:\workspace\wolfssl-gojimmypi\IDE\Espressif\ESP-IDF\examples\esp32-crypto-api\components\CryptoAPI\src\WolfsslModule.cpp 488 The message you asked about is informative and otherwise ok:
C:/Users/myuser/Documents/CryptoAPI/components/wolfssl is not within IDF_PATH.It only indicates that the wolfSSL is not an ESP-IDF component.
Please let me know how that goes.
Best Regards,
Jim
Hello gabriel and thank you for your interest in wolfSSL.
It does appear that your local project component directory is correctly structured.
Without seeing your source code, it is difficult to say exactly what the root cause of the problem may be, but I do have some suggestions for you.
I started with the bare-bones Espressif template example here:
https://github.com/wolfSSL/wolfssl/tree … s/template
Using your example of needing`wc_InitRsaKey()`, the `ed25519.h` file needs to be included.
The two most important things to remember:
1) `WOLFSSL_USER_SETTINGS` needs to be defined. See the first line in the `template/main/CMakeLists.txt`:
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_USER_SETTINGS")2) It is important to include the wolfssl/wolfcrypt/settings.h files before any other wolfSSL includes.
#ifdef WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>
#ifndef WOLFSSL_ESPIDF
#warning "Problem with wolfSSL user_settings."
#warning "Check components/wolfssl/include"
#endif
#include <wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h>
#else
/* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */
/* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */
#error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\
CFLAGS +=-DWOLFSSL_USER_SETTINGS"
#endif
#include <wolfssl/wolfcrypt/ed25519.h>Then I added these two lines to `void app_main(void)` int `main.c`:
ed25519_key key;
wc_ed25519_init(&key);I was able to confirm the template example would compile.
If you try these steps and the file still cannot be found, please reply with the CMake output, in particular the sections that include the `WOLFSSL_ROOT` keyword. Ensure you are using a recent CMakeLists.txt, such as the one on the example template `components/wolfssl` directory. There should be something like this in the log:
-- Starting FIND_WOLFSSL_DIRECTORY:
-- The WOLFSSL_ROOT environment variable is not set. Searching...
-- WOLFSSL_ROOT found in sdkconfig/KConfig: ~/workspace/wolfssl
-- CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT sdkconfig setting = ~/workspace/wolfssl
-- WOLFSSL_ROOT Variable defined, but source code not found: C:/Users/<user>/workspace/wolfssl
-- CMAKE_CURRENT_SOURCE_DIR = .After the lines of search, there should be an indication of the wolfSSL directory found:
-- Found wolfssl in CURRENT_SEARCH_DIR = C:/workspace/wolfssl-<user>
-- Found WOLFSSL_ROOT via CMake specification.You may consider setting an environment variable `WOLFSSL_ROOT` that points your wolfSSL source code directory if your directory structure is such that wolfSSL is not in a parent directory from your project. Moving your project into the wolfSSL directory structure is also an option.
There's additional information and a link to a YouTube video on Getting Started with wolfSSL on the ESP32 here:
https://github.com/wolfSSL/wolfssl/tree … /Espressif
If these tips don't help, it would be great if you could supply a small reproducer app sample so I can further assist you.
Please let me know how it goes. Thank you.
Jim
Hi gabriel,
I've done PQ on the ESP32, but only the key share part, and prior to the recent NIST approvals. See X/Tweet thread:
https://x.com/gojimmypi/status/1772675517482705379
I also wrote this blog: https://www.wolfssl.com/post-quantum-ke … sif-esp32/ that might help.
In the tweet thread there's this example code:
ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_P521_KYBER_LEVEL5);
if (ret == SSL_SUCCESS) {
ESP_LOGI(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 success");
}
else {
ESP_LOGE(TAG, "UseKeyShare WOLFSSL_P521_KYBER_LEVEL5 failed");
}and this optional config for user_settings.h
#if 1
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_HAVE_KYBER
#define WOLFSSL_WC_KYBER
#endifHere's a copy of the client code from the tweet thread:
$ ./examples/client/client -h 192.168.1.38 -v 4 -l TLS_AES_128_GCM_SHA256 --pqc KYBER_LEVEL5
Using Post-Quantum KEM: KYBER_LEVEL5
SSL version is TLSv1.3
SSL cipher suite is TLS_AES_128_GCM_SHA256
I hear you fa shizzle!
gojimmypi:/mnt/c/workspace/wolfssl-masterI've been meaning to reach out to Anthony to see what might be different now that NIST has PQ out of "experimental mode". That will depend on the specific version of wolfSSL you are using.
I, too went down the road of liboqs. I don't recall where I saw that, but it is not needed for wolfSSL PQ.
p.s. there's a failly significant upgrade in a recent PR that adds wolfSSL support to the esp-tls layer:
https://github.com/wolfSSL/wolfssl/pull/7936
Good luck with your project! Let us know how it goes & if you encounter any problems.
Cheers
Hi parmstrong3 - if you'd be able to get your workflow operational with the ESP-IDF, I suspect we could also get it working with PlatformIO.
My personal skill set is certainly stronger with the ESP-IDF, but I'd be happy to do all I can to assist with your build process, particularly as a commercial customer. After you reach out to your contact, let's arrange a time for a call to discuss your specific needs.
Thank you for your interest in wolfSSL.
Jim
Hi parmstrong3 -
Thanks for taking the new wolfSSL PlatformIO support for a test drive!
Yes, it's true there's currently a lot of room for improvement in the Espressif examples for wolfSSL. See:
https://github.com/espressif/esp-idf/issues/13966
In particular, the esp-tls layer not only adds complexity, but today when selecting wolfSSL using:
idf.py menuconfigthe examples such as esp_http_client do not work properly, as you've seen.
A fix is currently in the works, and more importantly: a vastly superior method of integrating wolfSSL into the ESP-IDF using Managed Components from the ESP Registry. You'll see in the #13966 thread, that Ivan has an excellent solution for allowing the ESP-IDF to "see" a component installed in the local project. There's a partially working example here:
https://github.com/gojimmypi/esp-idf/tree/wolfssl
(the https WIP example is in a different repo)
In the meantime, my best advice is to use wolfSSL directly instead of using the esp-tls layer. See the examples:
https://github.com/wolfSSL/wolfssl/tree … F/examples
I realize these are only using the TLS layer, but the read & writes should be easily adapted to an HTTPS example.
Here's a blog on using the Managed Components:
https://www.wolfssl.com/wolfssl-now-ava … -registry/
If you *really* want to use the eps-tls, the esp-wolfssl needs to be installed manually. As you noticed, it is no longer included in the ESP-IDF. Also note the version there is really quite stale. There's also an unintuitive setting needed, as seen in the esp-tls Kconfig file:
config ESP_TLS_USING_WOLFSSL
depends on TLS_STACK_WOLFSSL
So be sure to click the `Include wolfSSL in ESP-TLS` settings to enable the TLS_STACK_WOLFSSL. This too is currently being improved.
I'm completely confident we can get wolfSSL HTTPS working robustly, even though the Espressif examples and the ESP-IDF itself need a little bit of TLC.
Hi Adam,
That's excellent! Glad we are making progress. Now onto the OpenSSL conversion:
Are you using the same user_settings.h that we were working with when you were using the PlatformIO environment:
https://github.com/gojimmypi/wolfssl/bl … settings.h
I'm able to add that to a sample project and build successfully. I assume the error you are seeing is occurring in your codebase, outside of wolfSSL? Any additional details would be helpful, although OpenSSL is not one of my specialties. I may need to reach out for additional help on that.
Best Regards,
Jim
Hi Adam,
Oh, I see. One more change is needed. I will append the pull request.
That place where you edited the "FOUND_WOLFSSL"... add these two lines in the "if" that you just edited (the "set" and "return"):
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()I had not noticed that even when finding the environment variable, the logic kept looking anyhow. In may case, it would find wolfSSL, but not because of the environment variable, rather where it was in the parent directory tree.
The problem was the missing "return()" once the environment variable setting was confirmed to be a wolfssl directory.
The log should now look like this:
-- USERNAME = gojimmypi
-- THIS_USER = gojimmypi
-- ************************************************************************************************
-- wolfssl component config:
-- ************************************************************************************************
-- Starting FIND_WOLFSSL_DIRECTORY
-- Found WOLFSSL_ROOT via Environment Variable: C:/test/adam/wolfssl
-- NEW Found wolfssl directory at: C:/test/adam/wolfsslLet's see if that works for you. Thank you so much for your patience. and persistence.
Cheers
Jim
Hi Adam -
Oh! An excellent find. Thank you for pointing that out. I'll get a PR together right away to fix it.
TL;DR: There's a mistake in the component cmake file:
[project]/components/wolfssl/CMakeLists.txtChange line 85 of the template CMakeLists.txt file:
https://github.com/wolfSSL/wolfssl/blob … ts.txt#L85
Specifically: replace the
if("${FOUND_WOLFSSL}")with:
if( FOUND_WOLFSSL )In more detail, Here's what I did:
In my C:\test directory, I created an "Adam" directory, and cloned wolfSSL into it:
c:\test\adam\wolfsslAlso in my C:\test directory, I created a "MyProject" directory:
c:\test\myproject.(for now, let's make sure there are no spaces in any of the paths)
I copied the contents of the sample template project:
C:\test\adam\wolfssl\IDE\Espressif\ESP-IDF\examples\template to the c:\test\myproject directory.
There should now be a VisualGDB directory, here:
C:\test\myproject\VisualGDBI used the system control panel applet to set the environment variables:
Variable Name:
WOLFSSL_ROOT
Variable Value:
C:\test\adam\wolfsslmake sure there are no embedded spaces, particularly if using commandline:
WOLFSSL_ROOT=C:\test\adam\wolfsslOpen the VisualGDB project:
C:\test\myproject\VisualGDB\wolfssl_template_IDF_v5.1_ESP32.vgdbproj(observe error at project load time)
Edit the cmake file as described above.
C:\test\myproject\components\wolfssl\CMakeLists.txtRight click and reload the project. All should be well now.
Please give that a try and let me know how it goes.
My sincere apologies for this problem. Best Regards.
Jim
edit: I've created GitHub issue 7148 to fix this.
Hi Adam -
I'm so sorry to hear you are still struggling with the setup. I'll make the instructions more clean on GitHub.
I'll also check the setup script later today.
Can you tell me the exact error you are seeing?
In the meantime, I think the best method is to use the existing examples.
I suggest:
1) Remove the wolfSSL compoenent that was installed to the ESP-IDF with the script.
2) Copy the sample project component directory tree and all files to your `[project root]/components/` directory:
https://github.com/wolfSSL/wolfssl/tree … ts/wolfssl
3) Set an environment variable called WOLFSSL_ROOT (or edit the CMakeLists.txt variable of the same name) to point to the wolfssl source.
For example if you've git-cloned wolfssl from a d:\workspace directory and used the default repo name:
WOLFSSL_ROOT="d:\workspace\wolfssl"
Or see cmake examples:
https://github.com/wolfSSL/wolfssl/blob … ts.txt#L53
Your wolfSSL user_settings.h file would then be in your:
[project]/components/wolfssl/include
Like this one:
https://github.com/wolfSSL/wolfssl/tree … sl/include
Let me know how that goes. If you still see errors, please post them here or open a GitHub issue.
Best Regards,
Jim
Hi Adam -
Good to hear about your progress and continued interest!
At the moment, I don't yet have any good instructions for VS Code & PlatformIO. But I do have a major update in the works to publish an official wolfSSL to both Ardiuno and PlatformIO sites, along with improved Arduino examples. Stay tuned. 
Would you happen to be using Windows? If so, I highly recommend the VisualGDB extension for Visual Studio. I've found it to be an incredibly productive development environment tool. Couple that with the Tigard JTAG board and there's an excellent ESP32 debugger for single step, breakpoints, variable inspection, memory & register peeking and more.
I gave a YouTube webinar last year on this topic that you may find helpful:
https://www.youtube.com/watch?v=CzwA3ZBZBZ8
Although the ESP Registry is awesome for getting started, it is not as robust as I want for ongoing development. I need to further develop the KConfig to make changes via the ESP-IDF menuconfig, as otherwise the user_settings.h file in a managed component cannot be edited.
There are some Espressif examples to help get started with the ESP-IDF here:
https://github.com/wolfSSL/wolfssl/tree … F/examples
Note in particular that wolfSSL does not need to be installed in the local project. See the CMakeLists.txt file in components/wolfssl directory.
The user_settings.h is then found in this directory:
[your project]/components/wolfssl/include
As you move forward, please note that wolfSSL offers special pre-sales support to help get your project kickstarted.
Cheers
Jim
Hi Adam -
wolfSSL is that we can tailor the SSL/TLS requirements per geographic region or client base
Indeed! That's definitely an awesome feature of wolfSSL.
The odd build problems are not a surprise. The source on PlatformIO is not official, and I cannot even confirm it is genuine wolfSSL source. Without seeing your source code, it is hard to say for sure what's going on. I'd like to help.
I'm certain the hardware random number generator is implemented for all of the ESP32 devices. I suspect he problem you are encountering is related to the user_settings.h values.
Is there a serious and compelling reason to use the Arduino platform? I'd like to again emphasize the robustness of the Espressif ESP-IDF. I noticed at project creation time that PlatformIO will use either Arduino or ESP-IDF. If you use the ESP-IDF, we'd be able to help you much more. I'll be working on improving Arduino integration, that's admittedly not great at the moment.
I'd also like to invite you to open any issues on GitHub as appropriate, including one regarding your request for Arduino support:
https://github.com/wolfSSL/wolfssl/issues
Regarding your migration from OpenSSL: we have several engineers on staff that have a great amount of experience with that. Professional engineering and consulting services are available to help you with your implementation.
I'm glad you are making progress on your evaluation and look forward to learning more.
Best Regards
Jim
Hi Adam -
How's your evaluation coming along? Will you have any customers in China? One of the things to consider is wolfSSL SM Chinese ShangMi support:
https://www.wolfssl.com/wolfssl-adds-sh … wolfcrypt/
I have that working for the ESP32, but the samples need just a little fine tuning with regards to the static sample certs.
Heads up I received approval to work on an official wolfssl repository for PlatformIO.
Status will be tracked at GitHub issue #85 for platformio/platformio-registry here:
https://github.com/platformio/platformi … /issues/85
I need to wrap up a few other items before I get started on that, but in the meantime please let me know if there's anything else I can do to help you.
Cheers
Hi gojimmypi,
Are there any plans to have an official version published by wolfSSL in the PlatformIO registry?
I'd personally like to see an official version. So far, there's been relatively little demand, particularly considering how well documented and polished the ESP-IDF is these days. The best way is to voice the desire: support@wolfssl.com
Cheers
Hi Adam -
That's excellent you've made progress!
I have added the following to platformio.ini build flags
I suggest putting them in the `user_settings.h` instead:
#define SINGLE_THREADED
#define HAVE_ECC
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_ESPIDF
#define WOLFSSL_ESP32
#define OPENSSL_EXTRA
#define OPENSSL_ALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVESI've updated my sample `user_settings.h` here:
https://github.com/gojimmypi/wolfssl/bl … ings.h#L39
I get the following error when building
#error directive: "No encryption algorithm available for default ticket encryption."
The library for wolfSSL is highly tunable. See the documentation for details on the options available:
https://www.wolfssl.com/documentation/m … ave_aesgcm
One possible solution to the error you are seeing is to turn on AESGCM in `user_settings.h` like this:
#define HAVE_AESGCMPlease let me know if that works for you.
Cheers!
Hi Adam -
I briefly took a look at using PlatformIO and the Arduino framework for an ESP32 wolfSSL project. It's an interesting environment.
The first thing that should be emphasized is that the
lib_deps =
onelife/wolfssl@^5.5.4
... and located here: https://registry.platformio.org/librari … fe/wolfssl
...is *not* an official wolfSSL source code (and in fact rather stale), and is *not* maintained by wolfSSL staff.
Still, I understand there's no other alternative there... so I've taken a look at why it does not work. I was able to quickly reproduce your error. A variety of relatively minor changes are needed - mostly file deletions & a couple of edits. I've summarized what it took here:
https://github.com/gojimmypi/wolfssl/tr … PlatformIO
Here's the included README.md for future reference & I've attached the `user_settings.h` that I used:
This is a supplementary suggestion to [this forum question] regarding PlatformIO and the wolfSSL library.
Here are some tips to get it working:
Given a VS Code `[project]` directory, these changes are needed:
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\src`
delete all the `*.i` files
delete these files:
`sp_arm32.c`
`sp_arm64.c`
`sp_armthumb.c`
`sp_c32.c`
`sp_c64.c`
`sp_cortexm.c`
`sp_dsp32.c`
`sp_x86_64.c`
`sp_cortexm.c`
(do NOT delete `sp_int.c`)
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\src\port`
Delete all of the directories EXCEPT `Atmel` and `Espressif`
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\`
Delete `test` and `benchmark` directories
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\user_settings.h`
See the enclosed [user_settings.h](./user_settings.h) - copy it to:
`[project]\.pio\libdeps\esp32dev\wolfssl\src\user_settings.h`
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfssl\wolfcrypt\wolf_crypt_settings.h`
Comment out the `#define FREERTOS` in the `#if defined(WOLFSSL_ESPIDF)` section, on or around line 333.
```c
#if defined(WOLFSSL_ESPIDF)
/* #define FREERTOS */
```Please give that a try and let me know how it goes.
Cheers
*edit: I've been unable to attach a file. Please see the one at the GitHub link, above.
Hi Adam -
I'm not familiar with the PlatformIO method of building a project. I definitely recommend using the ESP-IDF if at all possible. There are wolfSSL examples here:
https://github.com/wolfSSL/wolfssl/tree … /Espressif
There's also the capability of using Managed Components from the ESP Registry:
https://www.wolfssl.com/wolfssl-now-ava … -registry/
That said, I do think the Arduino projects should at least work. If there's no mechanism for including or excluding files in PlatformIO, there's always the brute force method of simply deleting all the files you don't want to be included (e.g. all the assembly language suffix "*.s" files in wolfcrypt/src)
Additionally, it's really best to use a wolfssl `user_settings.h` file. It gets included by pretty much every wolfssl source file (via wolfcrypt/settings.h) & controls which features are compiled in - such as your missing wc_GenerateSeed().
I suppose it should in theory also work to add "-D" build flags. See the example template user_settings.h:
https://github.com/wolfSSL/wolfssl/blob … settings.h
In particular, you will at least need `-DWOLFSSL_ESPIDF` and `-DWOLFSSL_ESP32` defined project-wide.
If you choose to use the user_settings.h file, I'd probably drop it in place with settings.h in wolfssl/wolfcrypt. When using the ESP-IDF instead, the file belongs in the components/wolfssl/include directory.
If you choose to use the ESP-IDF (you can still edit with VS Code) - I'll be able to help you much more. I'd still like to get the PlatformIO working, but I'll need to spend some time on that. If you can point to your example online, or something similar, that would be helpful to get me started.
Cheers
Hi Adam,
The first error:
unknown register name 'r8' in 'asm'is typically caused at compile time when *all* the files in wolfcrypt/src are attempted to be compiled. There are some assembly files there that are not appropriate on the Xtensa architecture of the ESP32-S3. Either explicitly listing files, or list exclusions would likely resolve this. I've been working on an ESP8288 makefile that addresses this topic:
https://github.com/gojimmypi/wolfssl/bl … mponent.mk
There's also an example of CMake excluding files those files here:
https://github.com/wolfSSL/wolfssl/blob … s.txt#L210
The next error, possibly also related:
#error "you need to write an os specific wc_GenerateSeed() here"typically means the compiler does not "know" that the target CPU for wolfSSL code is for the ESP32. This is often a macro definition in the user_settings.h file.
I've been meaning to give more attention to the Arduino platform. Can you provide additional details on your makefiles and the user_settings.h that you are using?
There's a GitHub issue regarding Arduino support:
https://github.com/wolfSSL/wolfssl/issues/6360
Thanks for your interest! I look forward to learning more about your project.
Pages 1
wolfSSL - Embedded SSL Library → Posts by gojimmypi
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.017 seconds (95% PHP - 5% DB) with 4 queries