You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by gojimmypi
Pages 1
Hi parmstrong3 - if you'd be able to get your workflow operational with the ESP-IDF, I suspect we could also get it working with PlatformIO.
My personal skill set is certainly stronger with the ESP-IDF, but I'd be happy to do all I can to assist with your build process, particularly as a commercial customer. After you reach out to your contact, let's arrange a time for a call to discuss your specific needs.
Thank you for your interest in wolfSSL.
Jim
Hi parmstrong3 -
Thanks for taking the new wolfSSL PlatformIO support for a test drive!
Yes, it's true there's currently a lot of room for improvement in the Espressif examples for wolfSSL. See:
https://github.com/espressif/esp-idf/issues/13966
In particular, the esp-tls layer not only adds complexity, but today when selecting wolfSSL using:
idf.py menuconfigthe examples such as esp_http_client do not work properly, as you've seen.
A fix is currently in the works, and more importantly: a vastly superior method of integrating wolfSSL into the ESP-IDF using Managed Components from the ESP Registry. You'll see in the #13966 thread, that Ivan has an excellent solution for allowing the ESP-IDF to "see" a component installed in the local project. There's a partially working example here:
https://github.com/gojimmypi/esp-idf/tree/wolfssl
(the https WIP example is in a different repo)
In the meantime, my best advice is to use wolfSSL directly instead of using the esp-tls layer. See the examples:
https://github.com/wolfSSL/wolfssl/tree … F/examples
I realize these are only using the TLS layer, but the read & writes should be easily adapted to an HTTPS example.
Here's a blog on using the Managed Components:
https://www.wolfssl.com/wolfssl-now-ava … -registry/
If you *really* want to use the eps-tls, the esp-wolfssl needs to be installed manually. As you noticed, it is no longer included in the ESP-IDF. Also note the version there is really quite stale. There's also an unintuitive setting needed, as seen in the esp-tls Kconfig file:
config ESP_TLS_USING_WOLFSSL
depends on TLS_STACK_WOLFSSL
So be sure to click the `Include wolfSSL in ESP-TLS` settings to enable the TLS_STACK_WOLFSSL. This too is currently being improved.
I'm completely confident we can get wolfSSL HTTPS working robustly, even though the Espressif examples and the ESP-IDF itself need a little bit of TLC.
Hi Adam,
That's excellent! Glad we are making progress. Now onto the OpenSSL conversion:
Are you using the same user_settings.h that we were working with when you were using the PlatformIO environment:
https://github.com/gojimmypi/wolfssl/bl … settings.h
I'm able to add that to a sample project and build successfully. I assume the error you are seeing is occurring in your codebase, outside of wolfSSL? Any additional details would be helpful, although OpenSSL is not one of my specialties. I may need to reach out for additional help on that.
Best Regards,
Jim
Hi Adam,
Oh, I see. One more change is needed. I will append the pull request.
That place where you edited the "FOUND_WOLFSSL"... add these two lines in the "if" that you just edited (the "set" and "return"):
if( FOUND_WOLFSSL )
message(STATUS "Found WOLFSSL_ROOT via Environment Variable: ${CURRENT_SEARCH_DIR}")
set(${OUTPUT_FOUND_WOLFSSL_DIRECTORY} ${CURRENT_SEARCH_DIR} PARENT_SCOPE)
return()
else()I had not noticed that even when finding the environment variable, the logic kept looking anyhow. In may case, it would find wolfSSL, but not because of the environment variable, rather where it was in the parent directory tree.
The problem was the missing "return()" once the environment variable setting was confirmed to be a wolfssl directory.
The log should now look like this:
-- USERNAME = gojimmypi
-- THIS_USER = gojimmypi
-- ************************************************************************************************
-- wolfssl component config:
-- ************************************************************************************************
-- Starting FIND_WOLFSSL_DIRECTORY
-- Found WOLFSSL_ROOT via Environment Variable: C:/test/adam/wolfssl
-- NEW Found wolfssl directory at: C:/test/adam/wolfsslLet's see if that works for you. Thank you so much for your patience. and persistence.
Cheers
Jim
Hi Adam -
Oh! An excellent find. Thank you for pointing that out. I'll get a PR together right away to fix it.
TL;DR: There's a mistake in the component cmake file:
[project]/components/wolfssl/CMakeLists.txtChange line 85 of the template CMakeLists.txt file:
https://github.com/wolfSSL/wolfssl/blob … ts.txt#L85
Specifically: replace the
if("${FOUND_WOLFSSL}")with:
if( FOUND_WOLFSSL )In more detail, Here's what I did:
In my C:\test directory, I created an "Adam" directory, and cloned wolfSSL into it:
c:\test\adam\wolfsslAlso in my C:\test directory, I created a "MyProject" directory:
c:\test\myproject.(for now, let's make sure there are no spaces in any of the paths)
I copied the contents of the sample template project:
C:\test\adam\wolfssl\IDE\Espressif\ESP-IDF\examples\template to the c:\test\myproject directory.
There should now be a VisualGDB directory, here:
C:\test\myproject\VisualGDBI used the system control panel applet to set the environment variables:
Variable Name:
WOLFSSL_ROOT
Variable Value:
C:\test\adam\wolfsslmake sure there are no embedded spaces, particularly if using commandline:
WOLFSSL_ROOT=C:\test\adam\wolfsslOpen the VisualGDB project:
C:\test\myproject\VisualGDB\wolfssl_template_IDF_v5.1_ESP32.vgdbproj(observe error at project load time)
Edit the cmake file as described above.
C:\test\myproject\components\wolfssl\CMakeLists.txtRight click and reload the project. All should be well now.
Please give that a try and let me know how it goes.
My sincere apologies for this problem. Best Regards.
Jim
edit: I've created GitHub issue 7148 to fix this.
Hi Adam -
I'm so sorry to hear you are still struggling with the setup. I'll make the instructions more clean on GitHub.
I'll also check the setup script later today.
Can you tell me the exact error you are seeing?
In the meantime, I think the best method is to use the existing examples.
I suggest:
1) Remove the wolfSSL compoenent that was installed to the ESP-IDF with the script.
2) Copy the sample project component directory tree and all files to your `[project root]/components/` directory:
https://github.com/wolfSSL/wolfssl/tree … ts/wolfssl
3) Set an environment variable called WOLFSSL_ROOT (or edit the CMakeLists.txt variable of the same name) to point to the wolfssl source.
For example if you've git-cloned wolfssl from a d:\workspace directory and used the default repo name:
WOLFSSL_ROOT="d:\workspace\wolfssl"
Or see cmake examples:
https://github.com/wolfSSL/wolfssl/blob … ts.txt#L53
Your wolfSSL user_settings.h file would then be in your:
[project]/components/wolfssl/include
Like this one:
https://github.com/wolfSSL/wolfssl/tree … sl/include
Let me know how that goes. If you still see errors, please post them here or open a GitHub issue.
Best Regards,
Jim
Hi Adam -
Good to hear about your progress and continued interest!
At the moment, I don't yet have any good instructions for VS Code & PlatformIO. But I do have a major update in the works to publish an official wolfSSL to both Ardiuno and PlatformIO sites, along with improved Arduino examples. Stay tuned. 
Would you happen to be using Windows? If so, I highly recommend the VisualGDB extension for Visual Studio. I've found it to be an incredibly productive development environment tool. Couple that with the Tigard JTAG board and there's an excellent ESP32 debugger for single step, breakpoints, variable inspection, memory & register peeking and more.
I gave a YouTube webinar last year on this topic that you may find helpful:
https://www.youtube.com/watch?v=CzwA3ZBZBZ8
Although the ESP Registry is awesome for getting started, it is not as robust as I want for ongoing development. I need to further develop the KConfig to make changes via the ESP-IDF menuconfig, as otherwise the user_settings.h file in a managed component cannot be edited.
There are some Espressif examples to help get started with the ESP-IDF here:
https://github.com/wolfSSL/wolfssl/tree … F/examples
Note in particular that wolfSSL does not need to be installed in the local project. See the CMakeLists.txt file in components/wolfssl directory.
The user_settings.h is then found in this directory:
[your project]/components/wolfssl/include
As you move forward, please note that wolfSSL offers special pre-sales support to help get your project kickstarted.
Cheers
Jim
Hi Adam -
wolfSSL is that we can tailor the SSL/TLS requirements per geographic region or client base
Indeed! That's definitely an awesome feature of wolfSSL.
The odd build problems are not a surprise. The source on PlatformIO is not official, and I cannot even confirm it is genuine wolfSSL source. Without seeing your source code, it is hard to say for sure what's going on. I'd like to help.
I'm certain the hardware random number generator is implemented for all of the ESP32 devices. I suspect he problem you are encountering is related to the user_settings.h values.
Is there a serious and compelling reason to use the Arduino platform? I'd like to again emphasize the robustness of the Espressif ESP-IDF. I noticed at project creation time that PlatformIO will use either Arduino or ESP-IDF. If you use the ESP-IDF, we'd be able to help you much more. I'll be working on improving Arduino integration, that's admittedly not great at the moment.
I'd also like to invite you to open any issues on GitHub as appropriate, including one regarding your request for Arduino support:
https://github.com/wolfSSL/wolfssl/issues
Regarding your migration from OpenSSL: we have several engineers on staff that have a great amount of experience with that. Professional engineering and consulting services are available to help you with your implementation.
I'm glad you are making progress on your evaluation and look forward to learning more.
Best Regards
Jim
Hi Adam -
How's your evaluation coming along? Will you have any customers in China? One of the things to consider is wolfSSL SM Chinese ShangMi support:
https://www.wolfssl.com/wolfssl-adds-sh … wolfcrypt/
I have that working for the ESP32, but the samples need just a little fine tuning with regards to the static sample certs.
Heads up I received approval to work on an official wolfssl repository for PlatformIO.
Status will be tracked at GitHub issue #85 for platformio/platformio-registry here:
https://github.com/platformio/platformi … /issues/85
I need to wrap up a few other items before I get started on that, but in the meantime please let me know if there's anything else I can do to help you.
Cheers
Hi gojimmypi,
Are there any plans to have an official version published by wolfSSL in the PlatformIO registry?
I'd personally like to see an official version. So far, there's been relatively little demand, particularly considering how well documented and polished the ESP-IDF is these days. The best way is to voice the desire: support@wolfssl.com
Cheers
Hi Adam -
That's excellent you've made progress!
I have added the following to platformio.ini build flags
I suggest putting them in the `user_settings.h` instead:
#define SINGLE_THREADED
#define HAVE_ECC
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_ESPIDF
#define WOLFSSL_ESP32
#define OPENSSL_EXTRA
#define OPENSSL_ALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVESI've updated my sample `user_settings.h` here:
https://github.com/gojimmypi/wolfssl/bl … ings.h#L39
I get the following error when building
#error directive: "No encryption algorithm available for default ticket encryption."
The library for wolfSSL is highly tunable. See the documentation for details on the options available:
https://www.wolfssl.com/documentation/m … ave_aesgcm
One possible solution to the error you are seeing is to turn on AESGCM in `user_settings.h` like this:
#define HAVE_AESGCMPlease let me know if that works for you.
Cheers!
Hi Adam -
I briefly took a look at using PlatformIO and the Arduino framework for an ESP32 wolfSSL project. It's an interesting environment.
The first thing that should be emphasized is that the
lib_deps =
onelife/wolfssl@^5.5.4
... and located here: https://registry.platformio.org/librari … fe/wolfssl
...is *not* an official wolfSSL source code (and in fact rather stale), and is *not* maintained by wolfSSL staff.
Still, I understand there's no other alternative there... so I've taken a look at why it does not work. I was able to quickly reproduce your error. A variety of relatively minor changes are needed - mostly file deletions & a couple of edits. I've summarized what it took here:
https://github.com/gojimmypi/wolfssl/tr … PlatformIO
Here's the included README.md for future reference & I've attached the `user_settings.h` that I used:
This is a supplementary suggestion to [this forum question] regarding PlatformIO and the wolfSSL library.
Here are some tips to get it working:
Given a VS Code `[project]` directory, these changes are needed:
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\src`
delete all the `*.i` files
delete these files:
`sp_arm32.c`
`sp_arm64.c`
`sp_armthumb.c`
`sp_c32.c`
`sp_c64.c`
`sp_cortexm.c`
`sp_dsp32.c`
`sp_x86_64.c`
`sp_cortexm.c`
(do NOT delete `sp_int.c`)
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\src\port`
Delete all of the directories EXCEPT `Atmel` and `Espressif`
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfcrypt\`
Delete `test` and `benchmark` directories
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\user_settings.h`
See the enclosed [user_settings.h](./user_settings.h) - copy it to:
`[project]\.pio\libdeps\esp32dev\wolfssl\src\user_settings.h`
## Edit `[project]\.pio\libdeps\esp32dev\wolfssl\src\wolfssl\wolfcrypt\wolf_crypt_settings.h`
Comment out the `#define FREERTOS` in the `#if defined(WOLFSSL_ESPIDF)` section, on or around line 333.
```c
#if defined(WOLFSSL_ESPIDF)
/* #define FREERTOS */
```Please give that a try and let me know how it goes.
Cheers
*edit: I've been unable to attach a file. Please see the one at the GitHub link, above.
Hi Adam -
I'm not familiar with the PlatformIO method of building a project. I definitely recommend using the ESP-IDF if at all possible. There are wolfSSL examples here:
https://github.com/wolfSSL/wolfssl/tree … /Espressif
There's also the capability of using Managed Components from the ESP Registry:
https://www.wolfssl.com/wolfssl-now-ava … -registry/
That said, I do think the Arduino projects should at least work. If there's no mechanism for including or excluding files in PlatformIO, there's always the brute force method of simply deleting all the files you don't want to be included (e.g. all the assembly language suffix "*.s" files in wolfcrypt/src)
Additionally, it's really best to use a wolfssl `user_settings.h` file. It gets included by pretty much every wolfssl source file (via wolfcrypt/settings.h) & controls which features are compiled in - such as your missing wc_GenerateSeed().
I suppose it should in theory also work to add "-D" build flags. See the example template user_settings.h:
https://github.com/wolfSSL/wolfssl/blob … settings.h
In particular, you will at least need `-DWOLFSSL_ESPIDF` and `-DWOLFSSL_ESP32` defined project-wide.
If you choose to use the user_settings.h file, I'd probably drop it in place with settings.h in wolfssl/wolfcrypt. When using the ESP-IDF instead, the file belongs in the components/wolfssl/include directory.
If you choose to use the ESP-IDF (you can still edit with VS Code) - I'll be able to help you much more. I'd still like to get the PlatformIO working, but I'll need to spend some time on that. If you can point to your example online, or something similar, that would be helpful to get me started.
Cheers
Hi Adam,
The first error:
unknown register name 'r8' in 'asm'is typically caused at compile time when *all* the files in wolfcrypt/src are attempted to be compiled. There are some assembly files there that are not appropriate on the Xtensa architecture of the ESP32-S3. Either explicitly listing files, or list exclusions would likely resolve this. I've been working on an ESP8288 makefile that addresses this topic:
https://github.com/gojimmypi/wolfssl/bl … mponent.mk
There's also an example of CMake excluding files those files here:
https://github.com/wolfSSL/wolfssl/blob … s.txt#L210
The next error, possibly also related:
#error "you need to write an os specific wc_GenerateSeed() here"typically means the compiler does not "know" that the target CPU for wolfSSL code is for the ESP32. This is often a macro definition in the user_settings.h file.
I've been meaning to give more attention to the Arduino platform. Can you provide additional details on your makefiles and the user_settings.h that you are using?
There's a GitHub issue regarding Arduino support:
https://github.com/wolfSSL/wolfssl/issues/6360
Thanks for your interest! I look forward to learning more about your project.
Pages 1
wolfSSL - Embedded SSL Library → Posts by gojimmypi
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.018 seconds (95% PHP - 5% DB) with 5 queries