1 Reply by AdamHeavens

(6 replies, posted in wolfSSL)

Is there a difference for 5.7.6 as a managed component in regards to where the user_settings.h needs to be located it is currently in  the root folder of our application? But I wonder if it is not being picked up?

Go to forum: wolfSSL

2 Reply by AdamHeavens

(6 replies, posted in wolfSSL)

Thanks,

We had this working when importing as a component, it only fails as a managed component. I have changed the order to how we had it previously and double checked the user_settings.h is the same as the example provided.

#define WOLFSSL_USER_SETTINGS
#include <wolfssl/wolfcrypt/settings.h>

#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/bio.h>
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/x509.h>
#include <wolfssl/openssl/x509v3.h>
#include <wolfssl/openssl/ec.h>

#include <wolfssl/wolfcrypt/ecc.h>

Which after a full clean, gives me this error again in esp32-crypt.h

Error esp32/rom/aes.h: No such file or directory PlugStreamCP_ESP32S3

I can resolve that by editing it to, as per another post.

#ifndef NO_AES
    #if ESP_IDF_VERSION_MAJOR >= 4
        #include "rom/aes.h"

We are using ESP_IDF 5.4

Which allows it to progress but then I get the following errors & more without options.h

Error    'NID_X9_62_prime256v1' was not declared in this scope 
Error    'NID_secp256k1' was not declared in this scope  
Error    'NID_secp384r1' was not declared in this scope
Error    'NID_secp521r1' was not declared in this scope
Error    'NID_brainpoolP256r1' was not declared in this scope
Error    'NID_brainpoolP384r1' was not declared in this scope
Error    'NID_brainpoolP512r1' was not declared in this scope

Seems like the managed component might not be ready yet for 5.4, I can go back to 5.6.0. But was hoping to use a more recent version if possible.

Thanks

Adam

Go to forum: wolfSSL

3 Topic by AdamHeavens

(6 replies, posted in wolfSSL)

Hi,

I am trying to migrate our project to ESP-IDF managed component of wolfSSL to remove the external library requirement and bring the wolfSSL library upto date.

I have worked through most issues but I am getting

'MAX_EX_DATA' was not declared in this scope; did you mean 'HAVE_EX_DATA'?

I suspect it may be down to the order of the includes or a missing define. This is what I am using

#define WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>

#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/err.h>
#include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/rand.h>
#include <wolfssl/openssl/x509v3.h>

If I don't include options.h at the top then I get a number of issues compiling against the openssl compatibility.

This is my user_settings.h

/* user_settings.h
 *
 * Copyright (C) 2006-2023 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */

/* This user_settings.h is for Espressif ESP-IDF */
#include <sdkconfig.h>

/* The Espressif sdkconfig will have chipset info.
**
** Possible values:
**
**   CONFIG_IDF_TARGET_ESP32
**   CONFIG_IDF_TARGET_ESP32S2
**   CONFIG_IDF_TARGET_ESP32S3
**   CONFIG_IDF_TARGET_ESP32C3
**   CONFIG_IDF_TARGET_ESP32C6
*/

#undef  WOLFSSL_ESPIDF
#define WOLFSSL_ESPIDF

#define HAVE_EX_DATA

/*
 * choose ONE of these Espressif chips to define:
 *
 * WOLFSSL_ESP32
 * WOLFSSL_ESPWROOM32SE
 * WOLFSSL_ESP8266
 */
#undef WOLFSSL_ESPWROOM32SE
#undef WOLFSSL_ESP8266
#undef WOLFSSL_ESP32

#define WOLFSSL_ESP32

/* optionally turn off SHA512/224 SHA512/256 */
/* #define WOLFSSL_NOSHA512_224 */
/* #define WOLFSSL_NOSHA512_256 */

/* when you want to use SINGLE THREAD. Note Default ESP-IDF is FreeRTOS */
/* #define SINGLE_THREADED */

/* When you don't want to use the old SHA */
/* #define NO_SHA */
/* #define NO_OLD_TLS */

#define BENCH_EMBEDDED
#define USE_CERT_BUFFERS_2048

/* TLS 1.3                                 */
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define WC_RSA_PSS
#define HAVE_HKDF
#define HAVE_AEAD
#define HAVE_SUPPORTED_CURVES

#define WOLFSSL_BENCHMARK_FIXED_UNITS_KB

#define NO_FILESYSTEM

#define NO_OLD_TLS

#define HAVE_AESGCM

#define WOLFSSL_RIPEMD
/* when you want to use SHA224 */
#define WOLFSSL_SHA224

/* when you want to use SHA384 */
#define WOLFSSL_SHA384

/* when you want to use SHA512 */
#define WOLFSSL_SHA512

/* when you want to use SHA3 */
#define WOLFSSL_SHA3

#define HAVE_ED25519 /* ED25519 requires SHA512 */

#define HAVE_ECC
#define HAVE_CURVE25519
#define CURVE25519_SMALL
#define HAVE_ED25519
#define HAVE_PEM

/* Optional OPENSSL compatibility */
#define OPENSSL_EXTRA
//#define WOLFSSL_OPENSSL_EXTRA

/* when you want to use pkcs7 */
/* #define HAVE_PKCS7 */

#define HAVE_PKCS7

#if defined(HAVE_PKCS7)
    #define HAVE_AES_KEYWRAP
    #define HAVE_X963_KDF
    #define WOLFSSL_AES_DIRECT
#endif

/* when you want to use AES counter mode */
/* #define WOLFSSL_AES_DIRECT */
/* #define WOLFSSL_AES_COUNTER */

/* esp32-wroom-32se specific definition */
#if defined(WOLFSSL_ESPWROOM32SE)
    #define WOLFSSL_ATECC508A
    #define HAVE_PK_CALLBACKS
    /* when you want to use a custom slot allocation for ATECC608A */
    /* unless your configuration is unusual, you can use default   */
    /* implementation.                                             */
    /* #define CUSTOM_SLOT_ALLOCATION                              */
#endif

/* RSA primitive specific definition */
#if defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE)
    /* Define USE_FAST_MATH and SMALL_STACK                        */
    #define ESP32_USE_RSA_PRIMITIVE

    #if defined(CONFIG_IDF_TARGET_ESP32)

        /* NOTE HW unreliable for small values! */
        /* threshold for performance adjustment for HW primitive use   */
        /* X bits of G^X mod P greater than                            */
        #undef  ESP_RSA_EXPT_XBITS
        #define ESP_RSA_EXPT_XBITS 32

        /* X and Y of X * Y mod P greater than                         */
        #undef  ESP_RSA_MULM_BITS
        #define ESP_RSA_MULM_BITS  16

    #endif
#endif

#define RSA_LOW_MEM

/* #define WOLFSSL_ATECC508A_DEBUG         */

/* date/time                               */
/* if it cannot adjust time in the device, */
/* enable macro below                      */
/* #define NO_ASN_TIME */
/* #define XTIME time */


/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
#define ESP_RSA_TIMEOUT_CNT    0x249F00

#define HASH_SIZE_LIMIT /* for test.c */

/* USE_FAST_MATH is default */
#define USE_FAST_MATH

/*****      Use SP_MATH      *****/
/* #undef USE_FAST_MATH          */
/* #define SP_MATH               */
/* #define WOLFSSL_SP_MATH_ALL   */

/***** Use Integer Heap Math *****/
/* #undef USE_FAST_MATH          */
/* #define USE_INTEGER_HEAP_MATH */


#define WOLFSSL_SMALL_STACK


#define HAVE_VERSION_EXTENDED_INFO
/* #define HAVE_WC_INTROSPECTION */

#define  HAVE_SESSION_TICKET

/* #define HAVE_HASHDRBG */

#define WOLFSSL_KEY_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_SYS_CA_CERTS


#define WOLFSSL_CERT_TEXT

#define WOLFSSL_ASN_TEMPLATE

/*
#undef  WOLFSSL_KEY_GEN
#undef  WOLFSSL_CERT_REQ
#undef  WOLFSSL_CERT_GEN
#undef  WOLFSSL_CERT_EXT
#undef  WOLFSSL_SYS_CA_CERTS
*/

/*
--enable-keygen
--enable-certgen
--enable-certreq
--enable-certext
--enable-asn-template
*/

/* Default is HW enabled unless turned off.
** Uncomment these lines to force SW instead of HW acceleration */

#if defined(CONFIG_IDF_TARGET_ESP32)
    /* wolfSSL HW Acceleration supported on ESP32. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */

    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224 /* no SHA224 HW on ESP32  */

    #undef  ESP_RSA_MULM_BITS
    #define ESP_RSA_MULM_BITS 16 /* TODO add compile-time warning */
    /***** END CONFIG_IDF_TARGET_ESP32 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32S2)
    /* wolfSSL HW Acceleration supported on ESP32-S2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
    /* Note: There's no AES192 HW on the ESP32-S2; falls back to SW */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES     */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
    /***** END CONFIG_IDF_TARGET_ESP32S2 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32S3)
    /* wolfSSL HW Acceleration supported on ESP32-S3. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH            */
    /* Note: There's no AES192 HW on the ESP32-S3; falls back to SW */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
    /***** END CONFIG_IDF_TARGET_ESP32S3 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32C2) || \
      defined(CONFIG_IDF_TARGET_ESP8684)
    /* ESP8684 is essentially ESP32-C2 chip + flash embedded together in a
     * single QFN 4x4 mm package. Out of released documentation, Technical
     * Reference Manual as well as ESP-IDF Programming Guide is applicable
     * to both ESP32-C2 and ESP8684.
     *
     * See: [url]https://www.esp32.com/viewtopic.php?f=5&t=27926#:~:text=ESP8684%20is%20essentially%20ESP32%2DC2,both%20ESP32%2DC2%20and%20ESP8684.[/url] */

    /* wolfSSL HW Acceleration supported on ESP32-C2. Uncomment to disable: */
    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */

    /* These are defined automatically in esp32-crypt.h, here for clarity    */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C2  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C2  */

    /* There's no AES or RSA/Math accelerator on the ESP32-C2
     * Auto defined with NO_WOLFSSL_ESP32_CRYPT_RSA_PRI, for clarity: */
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD
    /***** END CONFIG_IDF_TARGET_ESP32C2 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32C3)
    /* wolfSSL HW Acceleration supported on ESP32-C3. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */ /* to disable all SHA HW   */

    /* These are defined automatically in esp32-crypt.h, here for clarity:  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */

    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
    /***** END CONFIG_IDF_TARGET_ESP32C3 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32C6)
    /* wolfSSL HW Acceleration supported on ESP32-C6. Uncomment to disable: */

    /*  #define NO_ESP32_CRYPT                 */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_HASH    */
    /*  These are defined automatically in esp32-crypt.h, here for clarity:  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA384    /* no SHA384 HW on C6  */
    #define NO_WOLFSSL_ESP32_CRYPT_HASH_SHA512    /* no SHA512 HW on C6  */

    /*  #define NO_WOLFSSL_ESP32_CRYPT_AES             */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI         */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD  */
    /*  #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */
    /***** END CONFIG_IDF_TARGET_ESP32C6 *****/

#elif defined(CONFIG_IDF_TARGET_ESP32H2)
    /*  wolfSSL Hardware Acceleration not yet implemented */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
    /***** END CONFIG_IDF_TARGET_ESP32H2 *****/

#elif defined(CONFIG_IDF_TARGET_ESP8266)
    /*  TODO: Revisit ESP8266 */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
    /***** END CONFIG_IDF_TARGET_ESP266 *****/
#else
    /* Anything else encountered, disable HW accleration */
    #define NO_ESP32_CRYPT
    #define NO_WOLFSSL_ESP32_CRYPT_HASH
    #define NO_WOLFSSL_ESP32_CRYPT_AES
    #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
#endif /* CONFIG_IDF_TARGET Check */

/* Debug options:

#define ESP_VERIFY_MEMBLOCK
#define DEBUG_WOLFSSL
#define DEBUG_WOLFSSL_VERBOSE
#define DEBUG_WOLFSSL_SHA_MUTEX
#define WOLFSSL_ESP32_CRYPT_DEBUG
#define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
#define NO_RECOVER_SOFTWARE_CALC
#define WOLFSSL_TEST_STRAY 1
#define USE_ESP_DPORT_ACCESS_READ_BUFFER
#define WOLFSSL_ESP32_HW_LOCK_DEBUG
#define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
#define ESP_DISABLE_HW_TASK_LOCK
*/

#define WOLFSSL_ESPIDF_ERROR_PAUSE /* Pause in a loop rather than exit. */
#define WOLFSSL_HW_METRICS

/* #define HASH_SIZE_LIMIT */ /* for test.c */

/* #define NO_HW_MATH_TEST */ /* Optionall turn off HW math checks */

/* Optionally include alternate HW test library: alt_hw_test.h */
/* When enabling, the ./components/wolfssl/CMakeLists.txt file
 * will need the name of the library in the idf_component_register
 * for the PRIV_REQUIRES list. */
/* #define INCLUDE_ALT_HW_TEST */

/* optionally turn off individual math HW acceleration features */

/* Turn off Large Number ESP32 HW Multiplication:
** [Z = X * Y] in esp_mp_mul()                                  */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL                */

/* Turn off Large Number ESP32 HW Modular Exponentiation:
** [Z = X^Y mod M] in esp_mp_exptmod()                          */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD               */

/* Turn off Large Number ESP32 HW Modular Multiplication
** [Z = X * Y mod M] in esp_mp_mulmod()                         */
/* #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD                */


#define WOLFSSL_PUBLIC_MP /* used by benchmark */
#define USE_CERT_BUFFERS_2048

/* when turning on ECC508 / ECC608 support
#define WOLFSSL_ESPWROOM32SE
#define HAVE_PK_CALLBACKS
#define WOLFSSL_ATECC508A
#define ATCA_WOLFSSL
*/

/* optional SM4 Ciphers. See [url]https://github.com/wolfSSL/wolfsm[/url]
#define WOLFSSL_SM2
#define WOLFSSL_SM3
#define WOLFSSL_SM4
*/

#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
    #include <wolfssl/certs_test_sm.h>
    #define CTX_CA_CERT          root_sm2
    #define CTX_CA_CERT_SIZE     sizeof_root_sm2
    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_PEM
    #define CTX_SERVER_CERT      server_sm2
    #define CTX_SERVER_CERT_SIZE sizeof_server_sm2
    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_PEM
    #define CTX_SERVER_KEY       server_sm2_priv
    #define CTX_SERVER_KEY_SIZE  sizeof_server_sm2_priv
    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_PEM

    #undef  WOLFSSL_BASE16
    #define WOLFSSL_BASE16
#else
    #define USE_CERT_BUFFERS_2048
    #define USE_CERT_BUFFERS_256
    #define CTX_CA_CERT          ca_cert_der_2048
    #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
    #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
    #define CTX_SERVER_CERT      server_cert_der_2048
    #define CTX_SERVER_CERT_SIZE sizeof_server_cert_der_2048
    #define CTX_SERVER_CERT_TYPE WOLFSSL_FILETYPE_ASN1
    #define CTX_SERVER_KEY       server_key_der_2048
    #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_2048
    #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
#endif

Any ideas?

I added #define HAVE_EX_DATA to try and get it to build, but we have no need for it and it doesn't make a difference.

Cheers

Adam

Go to forum: wolfSSL

4 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thank you, it is now able to open the project however I am not 100% sure the defines in user_settings.h are being taken into account as I have 265 build errors for things like, unable to find any EC curves.

        static const int s_ec_curves_nids[] = {
            NID_X9_62_prime256v1,
            NID_secp256k1,
            NID_secp384r1,
            NID_secp521r1,
            NID_brainpoolP256r1,
            NID_brainpoolP384r1,
            NID_brainpoolP512r1 
        };

However I have the define HAVE_ECC, will investigate further as this may very well be a namespace or porting problem from openssl.

Thanks again for your support

Cheers

Adam

Go to forum: wolfSSL

5 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

I have updated line 85 and reloaded the project. I now get the following error, there is no spaces in the path?

-

- USERNAME = AdamHeavens
-- THIS_USER = AdamHeavens
-- ************************************************************************************************
-- wolfssl component config:
-- ************************************************************************************************
-- Starting FIND_WOLFSSL_DIRECTORY
-- Found WOLFSSL_ROOT via Environment Variable:
-- CMAKE_CURRENT_SOURCE_DIR = .
-- CURRENT_SEARCH_DIR = D:/Projects/<PROJECTNAME>/components/wolfssl
-- Looking in D:/Projects/<PROJECTNAME>/components/wolfssl
-- Next CURRENT_SEARCH_DIR = D:/Projects/<PROJECTNAME>/components
-- Looking in D:/Projects/<PROJECTNAME>/components
-- Next CURRENT_SEARCH_DIR = D:/Projects/<PROJECTNAME>
-- Looking in D:/Projects/<PROJECTNAME>
-- Next CURRENT_SEARCH_DIR = D:/Projects
-- Looking in D:/Projects
-- Next CURRENT_SEARCH_DIR = D:/
-- Looking in D:/
-- Next CURRENT_SEARCH_DIR = D:/
-- NEW wolfssl directory not found.
CMake Error at components/wolfssl/CMakeLists.txt:176 (message):
  Could not find wolfssl in .

  Try setting WOLFSSL_ROOT environment variable or git clone.

Cheers

Adam

Go to forum: wolfSSL

6 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thanks,

I have removed the wolfSSL folder from the components folder under ESP-IDF, and copied wolfSSL to the components folder within my project. I have also set an Environment variable for WOLFSSL_ROOT as below:

WOLFSSL_ROOT = d:\ThirdParty\wolfssl

Which is where I have the cloned version. I have also tried with 

WOLFSSL_ROOT = "d:\ThirdParty\wolfssl"
WOLFSSL_ROOT = d:/ThirdParty/wolfssl

But get the following is VS now

Error    
WOLFSSL_ROOT Environment Variable defined, but path not found: <PROJECTNAME> D:\Projects\<PROJECTNAME>\components\wolfssl\CMakeLists.txt 88

Cheers

Adam

Go to forum: wolfSSL

7 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Hi Jim,

Can I check if I am missing any steps here, I have now imported the project to VS with VisualGDB. However I can't get the build to complete due to wolfSSL dependencies.

I have completed the following

Git clone wolfSSL to local folder
Ran the following wolfssl\IDE\Espressif\ESP-IDF> .\setup_win.bat C:\SysGCC\esp32\esp-idf\v5.1 which copies the files into the component directory in the ESP-IDF framework. This creates a user_seetings.h file in \wolfssl\IDE\Espressif\ESP-IDF>

Edited user_settings.h to include 
 
#define SINGLE_THREADED
#define HAVE_ECC
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_ESPIDF
#define WOLFSSL_ESP32
#define OPENSSL_EXTRA
#define OPENSSL_ALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_AESGCM

I then try to build the project in VS. Do I need to complete any other steps to get wolfSSL to build

Cheers

Adam

Go to forum: wolfSSL

8 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thank you, I didn't realize VisualGDB had embedded support. I will look at moving to VS and VisualGDB now we are using ESP-IDF as documentation and control appears to be much better and we have a heavy TLS requirement with the ISO15118 (V2G) integrations so would benefit later on I think.

Thank you for your support and sharing your experience, much appreciated.

Cheers

Adam

Go to forum: wolfSSL

9 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Hi,

We have moved the project to use the esp-idf framework rather then Arduino, have to say it was a great recommendation as the there is far greater control.

Is there any instructions for integrating wolfSSL into VSCode / PlatformIO with esp-idf or is it simply a matter of copying the same user-settings.h into the managed_components/wolfssl__wolfssl folder?

idf.py add-dependency "wolfssl/wolfssl^5.6.6-stable-update2-esp32"

Cheers

Adam

Go to forum: wolfSSL

10 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thanks Jim,

gojimmypi wrote:

Hi Adam -

Is there a serious and compelling reason to use the Arduino platform? I'd like to again emphasize the robustness of the Espressif ESP-IDF. I noticed at project creation time that PlatformIO will use either Arduino or ESP-IDF. If you use the ESP-IDF, we'd be able to help you much more. I'll be working on improving Arduino integration, that's admittedly not great at the moment.

I will look at how much work it would be for us to move to ESP-IDF as I can't think of a reason off hand why we can't migrate to it. As I think we are seeing limitations of the Arduino Framework.

Cheers

Adam

Go to forum: wolfSSL

11 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Hi gojimmypi,

Thanks for checking in, yes we certainly will. One of the reasons I am looking at wolfSSL is that we can tailor the SSL/TLS requirements per geographic region or client base.

That is great news and look I forward to using a later build as we keep getting some weird random build issues which is slowing down integration/testing.

For example 

wolfssl/openssl/sha.h:73:25: error: conflicting declaration 'typedef WOLFSSL_SHA_CTX SHA_CTX'

Also had to implement custom rand generate block as the #error "you need to write an os specific wc_GenerateSeed() here" error returned. This is with the same user_settings.h as before. 

    -DCUSTOM_RAND_GENERATE_BLOCK=custom_rand_generate_block
#include "helper/custom_rand.h"

#include <esp_system.h>

int custom_rand_generate_block(byte *output, word32 sz, WC_RNG *rng)
{

    word32 rand;
    while (sz > 0)
    {
        word32 len = sizeof(rand);
        if (sz < len)
            len = sz;
        /* Get one random 32-bit word from hw RNG */
        rand = esp_random();
        XMEMCPY(output, &rand, len);
        output += len;
        sz -= len;
    }

    return 0; // Return success (0) or appropriate error code
}

Admittedly we are in the process of porting from openssl to wolfSSL so may be us, but some of the weird build issues have been resolved by simply closing the IDE and re-opening.

So hopefully the latest supported version of wolfSSL will help resolve some of these integration issues.

Cheers

Adam

Go to forum: wolfSSL

12 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

gojimmypi wrote:
AdamHeavens wrote:

Hi gojimmypi,

Are there any plans to have an official version published by wolfSSL in the PlatformIO registry?

I'd personally like to see an official version. So far, there's been relatively little demand, particularly considering how well documented and polished the ESP-IDF is these days. The best way is to voice the desire:  support@wolfssl.com

Cheers

Will do that now, thanks again

Cheers

Adam

Go to forum: wolfSSL

13 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

gojimmypi wrote:

Hi Adam -

That's excellent you've made progress!

I have added the following to platformio.ini build flags

I suggest putting them in the `user_settings.h` instead:

#define SINGLE_THREADED
#define HAVE_ECC
#define WOLFSSL_SMALL_STACK
#define WOLFSSL_ESPIDF
#define WOLFSSL_ESP32
#define OPENSSL_EXTRA
#define OPENSSL_ALL
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES

I've updated my sample `user_settings.h` here:

https://github.com/gojimmypi/wolfssl/bl … ings.h#L39

I get the following error when building
#error directive: "No encryption algorithm available for default ticket encryption."


The library for wolfSSL is highly tunable. See the documentation for details on the options available:

https://www.wolfssl.com/documentation/m … ave_aesgcm

One possible solution to the error you are seeing is to turn on AESGCM in `user_settings.h` like this:

#define HAVE_AESGCM

Please let me know if that works for you.

Cheers!

Thank you, I have updated the user_settings.h and added HAVE_AESGCM and this has enabled me to build the project. I can now proceed with testing the implementation.

Many thanks for your support

Cheers

Adam

Go to forum: wolfSSL

14 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

After putting my class' back to utilise the newly integrated wolfSSL, I get the following error when building

#error directive: "No encryption algorithm available for default ticket encryption."

I have added the following to platformio.ini build flags

build_flags = 
        ...
    -DSINGLE_THREADED
    -DHAVE_ECC
    -DWOLFSSL_SMALL_STACK
    -DWOLFSSL_ESPIDF
    -DWOLFSSL_ESP32
    -DOPENSSL_EXTRA
    -DOPENSSL_ALL
    -DHAVE_TLS_EXTENSIONS
    -DHAVE_SUPPORTED_CURVES

Cheers

Adam

Go to forum: wolfSSL

15 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Hi gojimmypi,

Thank you for taking the time to do this, very much appreciate the support. wolfSSL 5.5.4 now builds correctly in my project. That was just the steps I needed and gives me more of an insight into wolfSSL configuration.

Are there any plans to have an official version published by wolfSSL in the PlatformIO registry? Happy to help with that if I can.

If not I can directly integrate from the GitHub repo will just need to figure out how to build but I expect that is easier now I have the correct user_settings.h to use.

Looks like it would be worth the time as I can see some of the newer commits include enhanced support on the ESP32-S3.

Cheers

Adam

Go to forum: wolfSSL

16 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thank you, that make sense.

I think I may be skipping a basic compilation step as this is installed using the Platform IO registry and there is no 'build' I am specifying build flags as part of the platformio.ini file but not sure this is correct or complete

[env:esp32-s3-devkitc-1]
platform = espressif32
framework = arduino
board_build.filesystem = littlefs
board_upload.flash_size = 8MB
board_build.partitions = default_8MB.csv
board_build.f_flash = 80000000L
board_build.arduino.memory_type = qio_opi
monitor_speed = 115200
board = esp32-s3-devkitc-1
lib_deps = 
    onelife/wolfssl@^5.5.4
build_type = release
build_flags = 
    -DBOARD_HAS_PSRAM
    -DCONFIG_SPIRAM=y
    -DCONFIG_BT_ALLOCATION_FROM_SPIRAM_FIRST=y
    -DCONFIG_SPIRAM_TRY_ALLOCATE_WIFI_LWIP=y
    -DCONFIG_BT_BLE_DYNAMIC_ENV_MEMORY=y
    -DCONFIG_SPIRAM_CACHE_WORKAROUND=y
    -DCONFIG_SPIRAM_USE_MALLOC=y
    -DCONFIG_MBEDTLS_DYNAMIC_BUFFER=1
    -std=c++17
    -std=gnu++17
    -DDOPENSSL_EXTRA
    -DOPENSSL_ALL
build_unflags = -std=gnu++11

There are no makefiles as such with VS Code / PlatformIO

I am not using a user_settings.h preference file as again not sure how this fits with the PlatformIO model or what needs to be included.

Happy to figure out from an Example project or Docs but so far not been successful with locating ether.

Thanks for your time

Cheers

Adam

Go to forum: wolfSSL

17 Reply by AdamHeavens

(27 replies, posted in wolfSSL)

Thanks Eric,

Much appreciated.

We are in the process of porting some Certificate Management class' from openssl to wolfSSL due to the limited openssl support on the ESP32. This is being used to handle certificates as part of an EV Charge Point product. So we can implement Vehicle to Grid (V2G) support.

Cheers

Adam

Go to forum: wolfSSL

18 Topic by AdamHeavens

(27 replies, posted in wolfSSL)

Hello,

Are there any instructions available for using wolfSSL with Visual Studio Code, PlatformIO and ESP32-S3 utilizing the Arduino framework?

I can see instructions for building for Visual Studio, but nothing for Visual Studio Code or ESP32-S3 specific without using the ESP-IDF

Tried to install wolfSSL using the platformio registry which pulls in version 5.5.4 but get the following errors when trying to build.

unknown register name 'r8' in 'asm'
#error "you need to write an os specific wc_GenerateSeed() here"

I am including a wc_GenerateSeed function

// custom_entropy.cpp
#include <wolfssl/wolfcrypt/types.h>
#include <string.h>  // for memcpy

extern "C" {
#include <esp_system.h>
}

// Define the OS_Seed type
typedef struct {
    byte* seed;   // Pointer to the seed buffer
    word32 size;  // Size of the seed buffer
    word32 idx;   // Index to keep track of the position in the seed buffer
} OS_Seed;

// Declaration of the custom wc_GenerateSeed function
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);

// Implementation of the custom wc_GenerateSeed function
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
{
    // Gather entropy using ESP32 SDK functions
    for (word32 i = 0; i < sz; i += sizeof(uint32_t)) {
        uint32_t randomValue = esp_random();
        memcpy(seed + i, &randomValue, sizeof(uint32_t));
    }

    return 0; // Success
}

Any help appreciated!

Thanks

Adam

Go to forum: wolfSSL