Updated wolfSSL to v5.7.2

CMakeLists.txt

@@ -1,37 +1,156 @@
-set(COMPONENT_SRCDIRS "wolfssl/src/"
-                      "wolfssl/wolfcrypt/src"
-                      "wolfssl/wolfcrypt/src/port/Espressif/"
-                      "wolfssl/wolfcrypt/src/port/atmel/"
-                      )
-
-set(COMPONENT_REQUIRES lwip)
-
-set(COMPONENT_ADD_INCLUDEDIRS
-    "port"
-    "wolfssl"
-    )
-
-set(COMPONENT_SRCEXCLUDE_1
-    "wolfssl/wolfcrypt/src/aes_asm.S"
-    "wolfssl/wolfcrypt/src/evp.c"
-    "wolfssl/wolfcrypt/src/misc.c"
-    "wolfssl/src/bio.c"
-    "wolfssl/wolfcrypt/src/sp_x86_64_asm.S"
-    "wolfssl/wolfcrypt/src/sha512_asm.S"
-    "wolfssl/wolfcrypt/src/sha256_asm.S"
-    "wolfssl/wolfcrypt/src/chacha_asm.S"
-    "wolfssl/wolfcrypt/src/aes_gcm_asm.S"
-    "wolfssl/wolfcrypt/src/poly1305_asm.S"
-    "wolfssl/wolfcrypt/src/fe_x25519_asm.S"
-    )
-
-idf_component_register(SRC_DIRS "${COMPONENT_SRCDIRS}"
-                        INCLUDE_DIRS "${COMPONENT_ADD_INCLUDEDIRS}"
-                        REQUIRES "${COMPONENT_REQUIRES}"
-                        EXCLUDE_SRCS "${COMPONENT_SRCEXCLUDE_1}"
-                        )
-target_compile_options(${COMPONENT_LIB} PRIVATE -Wno-cpp -Wno-maybe-uninitialized)
-set_source_files_properties(wolfssl/src/ssl.c PROPERTIES COMPILE_FLAGS "-Wno-format-truncation -Wno-char-subscripts")
-set_source_files_properties(wolfssl/wolfcrypt/src/random.c PROPERTIES COMPILE_FLAGS "-Wno-implicit-function-declaration")
-set_source_files_properties(wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c PROPERTIES COMPILE_FLAGS "-Wno-incompatible-pointer-types")
+idf_component_register(
+    COMPONENT_NAME
+        "esp-wolfssl"
+
+    SRCS
+        # "wolfssl/src/bio.c"
+        # "wolfssl/src/conf.c"
+        "wolfssl/src/crl.c"
+        "wolfssl/src/dtls13.c"
+        "wolfssl/src/dtls.c"
+        "wolfssl/src/internal.c"
+        "wolfssl/src/keys.c"
+        "wolfssl/src/ocsp.c"
+        # "wolfssl/src/pk.c"
+        "wolfssl/src/quic.c"
+        "wolfssl/src/sniffer.c"
+        # "wolfssl/src/ssl_asn1.c"
+        # "wolfssl/src/ssl_bn.c"
+        "wolfssl/src/ssl.c"
+        # "wolfssl/src/ssl_certman.c"
+        # "wolfssl/src/ssl_crypto.c"
+        # "wolfssl/src/ssl_load.c"
+        # "wolfssl/src/ssl_misc.c"
+        # "wolfssl/src/ssl_p7p12.c"
+        # "wolfssl/src/ssl_sess.c"
+        "wolfssl/src/tls13.c"
+        "wolfssl/src/tls.c"
+        "wolfssl/src/wolfio.c"
+        # "wolfssl/src/x509.c"
+        # "wolfssl/src/x509_str.c"
+
+        "wolfssl/wolfcrypt/src/aes.c"
+        "wolfssl/wolfcrypt/src/arc4.c"
+        "wolfssl/wolfcrypt/src/asm.c"
+        "wolfssl/wolfcrypt/src/asn.c"
+        "wolfssl/wolfcrypt/src/blake2b.c"
+        "wolfssl/wolfcrypt/src/blake2s.c"
+        "wolfssl/wolfcrypt/src/camellia.c"
+        "wolfssl/wolfcrypt/src/chacha20_poly1305.c"
+        "wolfssl/wolfcrypt/src/chacha.c"
+        "wolfssl/wolfcrypt/src/cmac.c"
+        "wolfssl/wolfcrypt/src/coding.c"
+        "wolfssl/wolfcrypt/src/compress.c"
+        "wolfssl/wolfcrypt/src/cpuid.c"
+        "wolfssl/wolfcrypt/src/cryptocb.c"
+        "wolfssl/wolfcrypt/src/curve25519.c"
+        "wolfssl/wolfcrypt/src/curve448.c"
+        "wolfssl/wolfcrypt/src/des3.c"
+        "wolfssl/wolfcrypt/src/dh.c"
+        "wolfssl/wolfcrypt/src/dilithium.c"
+        "wolfssl/wolfcrypt/src/dsa.c"
+        "wolfssl/wolfcrypt/src/ecc.c"
+        "wolfssl/wolfcrypt/src/ecc_fp.c"
+        "wolfssl/wolfcrypt/src/eccsi.c"
+        "wolfssl/wolfcrypt/src/ed25519.c"
+        "wolfssl/wolfcrypt/src/ed448.c"
+        "wolfssl/wolfcrypt/src/error.c"
+        # "wolfssl/wolfcrypt/src/evp.c"
+        "wolfssl/wolfcrypt/src/ext_kyber.c"
+        "wolfssl/wolfcrypt/src/ext_lms.c"
+        "wolfssl/wolfcrypt/src/ext_xmss.c"
+        "wolfssl/wolfcrypt/src/falcon.c"
+        "wolfssl/wolfcrypt/src/fe_448.c"
+        "wolfssl/wolfcrypt/src/fe_low_mem.c"
+        "wolfssl/wolfcrypt/src/fe_operations.c"
+        "wolfssl/wolfcrypt/src/ge_448.c"
+        "wolfssl/wolfcrypt/src/ge_low_mem.c"
+        "wolfssl/wolfcrypt/src/ge_operations.c"
+        "wolfssl/wolfcrypt/src/hash.c"
+        "wolfssl/wolfcrypt/src/hmac.c"
+        "wolfssl/wolfcrypt/src/hpke.c"
+        "wolfssl/wolfcrypt/src/integer.c"
+        "wolfssl/wolfcrypt/src/kdf.c"
+        "wolfssl/wolfcrypt/src/logging.c"
+        "wolfssl/wolfcrypt/src/md2.c"
+        "wolfssl/wolfcrypt/src/md4.c"
+        "wolfssl/wolfcrypt/src/md5.c"
+        "wolfssl/wolfcrypt/src/memory.c"
+        # "wolfssl/wolfcrypt/src/misc.c"
+        "wolfssl/wolfcrypt/src/pkcs12.c"
+        "wolfssl/wolfcrypt/src/pkcs7.c"
+        "wolfssl/wolfcrypt/src/poly1305.c"
+        "wolfssl/wolfcrypt/src/pwdbased.c"
+        "wolfssl/wolfcrypt/src/random.c"
+        "wolfssl/wolfcrypt/src/rc2.c"
+        "wolfssl/wolfcrypt/src/ripemd.c"
+        "wolfssl/wolfcrypt/src/rsa.c"
+        "wolfssl/wolfcrypt/src/sakke.c"
+        "wolfssl/wolfcrypt/src/sha256.c"
+        "wolfssl/wolfcrypt/src/sha3.c"
+        "wolfssl/wolfcrypt/src/sha512.c"
+        "wolfssl/wolfcrypt/src/sha.c"
+        "wolfssl/wolfcrypt/src/signature.c"
+        "wolfssl/wolfcrypt/src/siphash.c"
+        "wolfssl/wolfcrypt/src/sm2.c"
+        "wolfssl/wolfcrypt/src/sm3.c"
+        "wolfssl/wolfcrypt/src/sm4.c"
+        "wolfssl/wolfcrypt/src/sp_arm32.c"
+        "wolfssl/wolfcrypt/src/sp_arm64.c"
+        "wolfssl/wolfcrypt/src/sp_armthumb.c"
+        "wolfssl/wolfcrypt/src/sp_c32.c"
+        "wolfssl/wolfcrypt/src/sp_c64.c"
+        "wolfssl/wolfcrypt/src/sp_cortexm.c"
+        "wolfssl/wolfcrypt/src/sp_dsp32.c"
+        "wolfssl/wolfcrypt/src/sphincs.c"
+        "wolfssl/wolfcrypt/src/sp_int.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_arm32.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_arm64.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_armthumb.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_c32.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_c64.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_cortexm.c"
+        # "wolfssl/wolfcrypt/src/sp_sm2_x86_64.c"
+        "wolfssl/wolfcrypt/src/sp_x86_64.c"
+        "wolfssl/wolfcrypt/src/srp.c"
+        "wolfssl/wolfcrypt/src/tfm.c"
+        "wolfssl/wolfcrypt/src/wc_dsp.c"
+        "wolfssl/wolfcrypt/src/wc_encrypt.c"
+        "wolfssl/wolfcrypt/src/wc_kyber.c"
+        "wolfssl/wolfcrypt/src/wc_kyber_poly.c"
+        "wolfssl/wolfcrypt/src/wc_lms.c"
+        "wolfssl/wolfcrypt/src/wc_lms_impl.c"
+        "wolfssl/wolfcrypt/src/wc_pkcs11.c"
+        "wolfssl/wolfcrypt/src/wc_port.c"
+        "wolfssl/wolfcrypt/src/wc_xmss.c"
+        "wolfssl/wolfcrypt/src/wc_xmss_impl.c"
+        "wolfssl/wolfcrypt/src/wolfevent.c"
+        "wolfssl/wolfcrypt/src/wolfmath.c"
+
+        "wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c"
+        "wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c"
+
+        "wolfssl/wolfcrypt/test/test.c"
+        "wolfssl/wolfcrypt/benchmark/benchmark.c"
+
+    INCLUDE_DIRS
+        "${CMAKE_CURRENT_LIST_DIR}/port"
+        "${CMAKE_CURRENT_SOURCE_DIR}"
+        "${CMAKE_CURRENT_SOURCE_DIR}/wolfssl"
+        "$ENV{IDF_PATH}/components/freertos/FreeRTOS-Kernel/include/freertos"
+
+    PRIV_REQUIRES
+        "lwip"
+        "esp_driver_gptimer"
+)
+
 target_compile_definitions(${COMPONENT_LIB} PUBLIC WOLFSSL_USER_SETTINGS)
+
+if(CONFIG_WOLFSSL_DEBUGGING)
+    target_compile_definitions(${COMPONENT_LIB} PUBLIC DEBUG_WOLFSSL)
+endif()

Kconfig

@@ -20,6 +20,39 @@ menu "wolfSSL"
             indicate support for OCSP when connecting as a TLS client. Server that support OCSP will forward the
             certificate's revocation status to the client and the client will automatically verify the servers certificate
             status based on the OCSP response forwarded to it.
-            Note: This option enables the OCSP in stapling (v1) mode for the client hence the TLS server needs to support OCSP stapling v1 .
+            Note: This option enables mandatory OCSP certificate status checking using OCSP stapling version 1 or 2.
+            The TLS server the client is connecting to must support either of the two TLS extensions.
+
+    config WOLFSSL_HAVE_TLS_13
+        bool "Enable TLS 1.3 in wolfSSL"
+        default n
+        help
+            Enable support for TLS version 1.3 in wolfSSL.
+
+    config WOLFSSL_HAVE_RSA
+        bool "Enable RSA in wolfSSL"
+        default "y"
+        help
+            Enables support for key exchange algorithms based on RSA.
+
+    config WOLFSSL_DEBUGGING
+        bool "Enable wolfSSL debugging"
+        default n
+        help
+            Enable wolfSSL debugging. Once debugging is enabled sections of code between wolfSSL_Debugging_ON() and
+            wolfSSL_Debugging_OFF() will generate detailed debug messages.
+
+    config CONFIG_WOLFSSL_HAVE_CRYPT_BENCHMARK
+        bool "Enable wolfSSL benchmark module"
+        default n
+        help
+            Enable wolfSSL cryptography benchmark.
+
+    config CONFIG_WOLFSSL_HAVE_CRYPT_TEST
+        bool "Enable wolfSSL test mobule"
+        default n
+        help
+            Enable wolfSSL cryptography benchmark.
+
 
 endmenu # wolfSSL

README.md

@@ -1,74 +1,73 @@
-ESP-WOLFSSL
-===========
-
-# Licensing
-
-
----
-**IMPORTANT NOTE**
-
-Until March 2021, this repository contained binary distribution of wolfSSL libraries, which could be used royalty-free on all Espressif MCU products. This royalty-free binary distribution is not available anymore.
-
-This repository now uses upstream wolfSSL GitHub pointer as submodule and can still be used as ESP-IDF component. Please follow licensing requirements per [wolfssl/LICENSING](https://github.com/wolfSSL/wolfssl/blob/master/LICENSING)
-
----
-
-# Requirements
-- ESP_IDF
- - To run the examples user must have installed ESP-IDF version v4.1 (minimum supported) from https://github.com/espressif/esp-idf.git
- - The IDF_PATH should be set as an environment variable
-
-# Getting Started
-
-- Please clone this repository using,
- ```
- git clone --recursive https://github.com/espressif/esp-wolfssl
- ```
-- Please refer to https://docs.espressif.com/projects/esp-idf/en/latest/get-started/index.html for setting ESP-IDF
- - ESP-IDF can be downloaded from https://github.com/espressif/esp-idf/
- - ESP-IDF v4.1 and above is recommended version
-- Please refer to [example README](examples/README.md) for more information on setting up examples
-
-# Options (Debugging and more)
-- `esp-wolfssl` esp-tls related options can be obtained by choosing SSL library as `wolfSSL` in `idf.py/make menuconfig -> Component Config -> ESP-TLS -> choose SSL Library `.
-It shows following options
-
-    - Enable SMALL_CERT_VERIFY
-        - This is a flag used in wolfSSL component and is enabled by default in `esp-wolfssl`.
-        - Enabling this flag allows user to authenticate the server by providing the Intermediate CA certificate of the server, for a more strict check disable this flag after which you will have to provide the root certificate at top of the hierarchy of certificate chain which will have `Common Name = Issuer Name`, Such a strict check is not compulsary in most cases hence by default the flag is enabled but the option is provided for the user.
-
-    - Enable Debug Logs for wolfSSL
-        - This option prints detailed logs of all the internal operations, highly useful when debugging an error.
-
-- `esp-wolfssl` specific options (see NOTE) are available under `idf.py/make menuconfig -> Component Config -> wolfSSL`.
-
-    - Enable ALPN ( Application Layer Protocol Negotiation ) in wolfSSL
-        - This option is enabled by default for wolfSSL, and can be disabled if not required.
-
-    - Enable OCSP (Online Certificate Status Protocol) in wolfSSL
-        - This options is disabled by default. Enabling it adds support for checking the host's certificate revocation status
-          during the TLS handshake.
----
-**NOTE**
- These options are valid for `esp-tls` only if `wolfSSL` is selected as its SSL/TLS Library.
----
-# Comparison of wolfSSL and mbedTLS
-
-The following table shows a typical comparison between wolfSSL and mbedtls when `https_request` (which has server authentication) was run with both
-SSL/TLS libraries and with all respective configurations set to default.
-_(mbedtls IN_CONTENT length and OUT_CONTENT length were set to 16384 bytes and 4096 bytes respectively)_
-
-| Property | wolfSSL | mbedTLS |
-|--------------------|----------|----------|
-| Total Heap Consumed| ~19 Kb | ~37 Kb |
-| Task Stack Used | ~2.2 Kb | ~3.6 Kb |
-| Bin size | ~858 Kb | ~736 Kb |
-
-# Additional Pointers
-
-In general, these are links which will be useful for using both wolfSSL, as well as networked and secure applications in general. Furthermore, there is a more comprehensive tutorial that can be found in Chapter 11 of the official wolfSSL manual. The examples in the wolfSSL package and Chapter 11 do appropriate error checking, which is worth taking a look at. For a more comprehensive API, check out chapter 17 of the official manual.
-
-- wolfSSL Manual [https://www.wolfssl.com/docs/wolfssl-manual/]()
-- wolfSSL GitHub
- [https://github.com/wolfssl/wolfssl]()
-
+ESP-WOLFSSL
+===========
+
+# Licensing
+
+
+---
+**IMPORTANT NOTE**
+
+Until March 2021, this repository contained binary distribution of wolfSSL libraries, which could be used royalty-free on all Espressif MCU products. This royalty-free binary distribution is not available anymore.
+
+This repository now uses upstream wolfSSL GitHub pointer as submodule and can still be used as ESP-IDF component. Please follow licensing requirements per [wolfssl/LICENSING](https://github.com/wolfSSL/wolfssl/blob/master/LICENSING)
+
+---
+
+# Requirements
+- ESP_IDF
+ - To run the examples user must have installed ESP-IDF version v5.3 (minimum supported) from https://github.com/espressif/esp-idf.git
+ - The IDF_PATH should be set as an environment variable
+
+# Getting Started
+
+- Please clone this repository using,
+ ```
+ git clone --recursive https://github.com/espressif/esp-wolfssl
+ ```
+- Please refer to https://docs.espressif.com/projects/esp-idf/en/latest/get-started/index.html for setting ESP-IDF
+ - ESP-IDF can be downloaded from https://github.com/espressif/esp-idf/
+ - ESP-IDF v4.1 and above is recommended version
+- Please refer to [example README](examples/README.md) for more information on setting up examples
+
+# Options (Debugging and more)
+- `esp-wolfssl` esp-tls related options can be obtained by choosing SSL library as `wolfSSL` in `idf.py/make menuconfig -> Component Config -> ESP-TLS -> choose SSL Library `.
+It shows following options
+
+    - Enable SMALL_CERT_VERIFY
+        - This is a flag used in wolfSSL component and is enabled by default in `esp-wolfssl`.
+        - Enabling this flag allows user to authenticate the server by providing the Intermediate CA certificate of the server, for a more strict check disable this flag after which you will have to provide the root certificate at top of the hierarchy of certificate chain which will have `Common Name = Issuer Name`, Such a strict check is not compulsary in most cases hence by default the flag is enabled but the option is provided for the user.
+
+    - Enable Debug Logs for wolfSSL
+        - This option prints detailed logs of all the internal operations, highly useful when debugging an error.
+
+- `esp-wolfssl` specific options (see NOTE) are available under `idf.py/make menuconfig -> Component Config -> wolfSSL`.
+
+    - Enable ALPN ( Application Layer Protocol Negotiation ) in wolfSSL
+        - This option is enabled by default for wolfSSL, and can be disabled if not required.
+
+    - Enable OCSP (Online Certificate Status Protocol) in wolfSSL
+        - This options is disabled by default. Enabling it adds support for checking the host's certificate revocation status
+          during the TLS handshake.
+---
+**NOTE**
+ These options are valid for `esp-tls` only if `wolfSSL` is selected as its SSL/TLS Library.
+---
+# Comparison of wolfSSL and mbedTLS
+
+The following table shows a typical comparison between wolfSSL and mbedtls when `https_request` (which has server authentication) was run with both
+SSL/TLS libraries and with all respective configurations set to default.
+_(mbedtls IN_CONTENT length and OUT_CONTENT length were set to 16384 bytes and 4096 bytes respectively)_
+
+| Property | wolfSSL | mbedTLS |
+|--------------------|----------|----------|
+| Total Heap Consumed| ~19 Kb | ~37 Kb |
+| Task Stack Used | ~2.2 Kb | ~3.6 Kb |
+| Bin size | ~858 Kb | ~736 Kb |
+
+# Additional Pointers
+
+In general, these are links which will be useful for using both wolfSSL, as well as networked and secure applications in general. Furthermore, there is a more comprehensive tutorial that can be found in Chapter 11 of the official wolfSSL manual. The examples in the wolfSSL package and Chapter 11 do appropriate error checking, which is worth taking a look at. For a more comprehensive API, check out chapter 17 of the official manual.
+
+- wolfSSL Manual [https://www.wolfssl.com/docs/wolfssl-manual/]()
+- wolfSSL GitHub
+ [https://github.com/wolfssl/wolfssl]()