component file sync

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt

@@ -28,6 +28,9 @@ cmake_minimum_required(VERSION 3.16)
 
 set(VERBOSE_COMPONENT_MESSAGES 1)
 
+# Optional requires include:
+# set(THIS_ESP_TLS "esp-tls")
+set(THIS_ESP_TLS "")
 
 # function: IS_ESP_IDF_COMPONENT
 #  output:    RESULT = 1 (true) if this component is located in the ESP-IDF components
@@ -153,7 +156,7 @@ if( ("${CMAKE_PROJECT_NAME}" STREQUAL "wolfssl_benchmark") OR ("${CMAKE_PROJECT_
     message(STATUS "Not including lwip for ${CMAKE_PROJECT_NAME}")
 else()
     # benchmark and test do not need wifi, everything else probably does:
-    set(COMPONENT_REQUIRES lwip) # we typically don't need lwip directly in wolfssl component
+    set(COMPONENT_REQUIRES lwip "${THIS_ESP_TLS}") # we typically don't need lwip directly in wolfssl component
 endif()
 
 # find the user name to search for possible "wolfssl-username"
@@ -404,22 +407,28 @@ endif()
 
 if ( ("${CONFIG_TARGET_PLATFORM}" STREQUAL "esp8266") OR ("${IDF_TARGET}" STREQUAL "esp8266") )
     # There's no esp_timer, no driver components for the ESP8266
-    message(STATUS "Early expansion EXCLUDES esp_timer: ${THIS_INCLUDE_TIMER}")
-    message(STATUS "Early expansion EXCLUDES driver: ${THIS_INCLUDE_DRIVER}")
+    message(STATUS "Early expansion EXCLUDES esp_timer for esp8266: ${THIS_INCLUDE_TIMER}")
+    message(STATUS "Early expansion EXCLUDES driver for esp8266: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "")
     set(THIS_INCLUDE_DRIVER "")
+    set(THIS_ESP_TLS "")
 else()
     message(STATUS "Early expansion includes esp_timer: ${THIS_INCLUDE_TIMER}")
     message(STATUS "Early expansion includes driver: ${THIS_INCLUDE_DRIVER}")
     set(THIS_INCLUDE_TIMER "esp_timer")
     set(THIS_INCLUDE_DRIVER "driver")
+    set(THIS_ESP_TLS "esp-tls")
+    # Let the app know that we've included the esp-tls component requirement.
+    # This is critical for use the the esp-tls component. See wolfssl esp_crt_bundle.c file.
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_CMAKE_REQUIRED_ESP_TLS=1")
 endif()
 
 if(CMAKE_BUILD_EARLY_EXPANSION)
     message(STATUS "wolfssl component CMAKE_BUILD_EARLY_EXPANSION:")
     idf_component_register(
                             REQUIRES "${COMPONENT_REQUIRES}"
                             PRIV_REQUIRES # esp_hw_support
+                                          "${THIS_ESP_TLS}"
                                           "${THIS_INCLUDE_TIMER}"
                                           "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                            )
@@ -757,6 +766,7 @@ else()
                                 REQUIRES "${COMPONENT_REQUIRES}"
                                 EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE}"
                                 PRIV_REQUIRES
+                                  "${THIS_ESP_TLS}"
                                   "${THIS_INCLUDE_TIMER}"
                                   "${THIS_INCLUDE_DRIVER}" # this will typically only be needed for wolfSSL benchmark
                                )

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig

@@ -382,6 +382,24 @@ menu "wolfSSL"
                 Hardware acceleration enabled by default.
                 Select this option to force disable: NO_HW_RSA_PRI_EXPTMOD
 
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
+            bool "Enable debugging of RSA Multiplication operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                multiplication operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
+        config ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+            bool "Enable debugging of RSA Modular operand length"
+            default n
+            help
+                Prints an esp log warning to the default console UART when one of the
+                modular math operands exceeds the maximum size supported by hardware,
+                requiring fallback to software. This can be helpful to pick key sizes
+                when performance is critical. See also metrics for counting instances.
+
     endmenu # wolfSSL Hardware Acceleration
     # -----------------------------------------------------------------------------------------------------------------
 
@@ -410,6 +428,13 @@ menu "wolfSSL"
             default n
             help
                 Enable debugging messages for wolfSSL. See user_settings.h for additional debug options.
+
+        config ESP_WOLFSSL_TEST_LOOP
+            bool "Run test apps in a loop until failure"
+            default y
+            help
+                Enable a loop wrapper for benchmark, http_client, and wolfssl test apps.
+
     endmenu # wolfSSL Debug Options
     # -----------------------------------------------------------------------------------------------------------------
 

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk

@@ -1,7 +1,7 @@
 #
 # Copyright (C) 2006-2024 wolfSSL Inc.
 #
-# This file is part of wolfSSL for the Espressif ESP-IDF.
+# This file is part of wolfSSL.
 #
 # wolfSSL is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@
 
 $(info ***********  wolfssl component ************)
 
- #
+#
 # Component Makefile
 #
 #

IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h

@@ -85,6 +85,9 @@
 /* Turn on messages that are useful to see only in examples. */
 #define WOLFSSL_EXAMPLE_VERBOSITY
 
+/* Paths can be long, ensure the entire value printed during debug */
+#define WOLFSSL_MAX_ERROR_SZ 500
+
 /* wolfSSL Examples: set macros used in example applications.
  *
  * These Settings NOT available in ESP-IDF (e.g. esp-tls)
@@ -153,8 +156,13 @@
 
 /* Other applications detected by cmake */
 #elif defined(APP_ESP_HTTP_CLIENT_EXAMPLE)
-    /* The wolfSSL Version */
-    #define FP_MAX_BITS (8192 * 2)
+    /* The wolfSSL Version of the client example */
+    #if defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32C2)
+        /* Less memory available, so smaller key sizes: */
+        #define FP_MAX_BITS (4096 * 2)
+    #else
+        #define FP_MAX_BITS (8192 * 2)
+    #endif
     #define HAVE_ALPN
     #define HAVE_SNI
     #define OPENSSL_EXTRA_X509_SMALL
@@ -240,7 +248,16 @@
 /* Used by ESP-IDF components: */
 #if defined(CONFIG_ESP_TLS_USING_WOLFSSL)
     /* The ESP-TLS */
-    #define FP_MAX_BITS (8192 * 2)
+    #ifndef FP_MAX_BITS
+        #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+            defined(CONFIG_IDF_TARGET_ESP8684) || \
+            defined(CONFIG_IDF_TARGET_ESP8266)
+            /* Optionally set smaller size here */
+            #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+        #else
+            #define FP_MAX_BITS (4096 * 2)
+        #endif
+    #endif
     #define HAVE_ALPN
     #define HAVE_SNI
     #define OPENSSL_EXTRA_X509_SMALL
@@ -349,18 +366,25 @@
     /* Required for RSA */
     #define WC_RSA_PSS
 
-    /* TLS 1.3 normally requires HAVE_FFDHE. For now just syntax highlight: */
+    /* TLS 1.3 normally requires HAVE_FFDHE */
     #if defined(HAVE_FFDHE_2048) || \
         defined(HAVE_FFDHE_3072) || \
         defined(HAVE_FFDHE_4096) || \
         defined(HAVE_FFDHE_6144) || \
         defined(HAVE_FFDHE_8192)
     #else
+        #define HAVE_FFDHE_2048
         /* #error "TLS 1.3 requires HAVE_FFDHE_[nnnn]" */
     #endif
 #endif
 
-
+#if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+    defined(CONFIG_IDF_TARGET_ESP8684)
+    /* Optionally set smaller size here */
+    #define HAVE_FFDHE_4096
+#else
+    #define HAVE_FFDHE_4096
+#endif
 
 #define NO_FILESYSTEM
 
@@ -477,8 +501,11 @@
 /* #define XTIME time */
 
 
-/* adjust wait-timeout count if you see timeout in RSA HW acceleration */
-#define ESP_RSA_TIMEOUT_CNT    0x349F00
+/* Adjust wait-timeout count if you see timeout in RSA HW acceleration.
+ * Set to very large number and enable WOLFSSL_HW_METRICS to determine max. */
+#ifndef ESP_RSA_TIMEOUT_CNT
+	#define ESP_RSA_TIMEOUT_CNT 0xFF0000
+#endif
 
 /* hash limit for test.c */
 #define HASH_SIZE_LIMIT
@@ -739,6 +766,11 @@
     #define NO_WOLFSSL_ESP32_CRYPT_HASH
     #define NO_WOLFSSL_ESP32_CRYPT_AES
     #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI
+    #ifndef FP_MAX_BITS
+        /* FP_MAX_BITS matters in wolfssl_test, not just TLS setting.   */
+        /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */
+        #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS
+    #endif
     /***** END CONFIG_IDF_TARGET_ESP266 *****/
 
 #elif defined(CONFIG_IDF_TARGET_ESP8684)
@@ -791,7 +823,7 @@ See wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h for details on debug options
 optionally increase error message size for very long paths.
 #define WOLFSSL_MAX_ERROR_SZ 500
 
-Turn debugging on/off:
+Turn wolfSSL debugging on/off:
     wolfSSL_Debugging_ON();
     wolfSSL_Debugging_OFF();
 
@@ -801,6 +833,7 @@ Turn debugging on/off:
 #define DEBUG_WOLFSSL_SHA_MUTEX
 #define WOLFSSL_DEBUG_IGNORE_ASN_TIME
 #define WOLFSSL_DEBUG_CERT_BUNDLE
+#define WOLFSSL_DEBUG_CERT_BUNDLE_NAME
 #define WOLFSSL_ESP32_CRYPT_DEBUG
 #define WOLFSSL_ESP32_CRYPT_HASH_SHA224_DEBUG
 #define NO_RECOVER_SOFTWARE_CALC
@@ -809,6 +842,8 @@ Turn debugging on/off:
 #define WOLFSSL_ESP32_HW_LOCK_DEBUG
 #define WOLFSSL_DEBUG_MUTEX
 #define WOLFSSL_DEBUG_ESP_RSA_MULM_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS
+#define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS
 #define ESP_DISABLE_HW_TASK_LOCK
 #define ESP_MONITOR_HW_TASK_LOCK
 #define USE_ESP_DPORT_ACCESS_READ_BUFFER