Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated wolfSSL to v5.7.2 #26

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Conversation

frankencode
Copy link
Contributor

Change summary:

  • Updated the git submodule of wolfSSL to the latest version
  • Copied over benchmark and test code from wolfssl/wolfssl package of ESP-IDF app store
  • Copied and extended user_config.h from wolfssl/wolfssl package of ESP-IDF app store
    • Disabled ASN_TIME (because system time is uncertain on an ESP32)
    • Added options to enable BER based certificates
    • Enabled multi-threading
    • Disabled SHA hardware acceleration for stability reason
  • I ran tests and benchmarks to verify correctness on an ESP32S3

@gojimmypi
Copy link

wolfSSL is also supported as a Managed Component: https://components.espressif.com/components/wolfssl/wolfssl

There's an example of a flexible CMakeLists.txt for wolfSSL in the template example, including a user_settings.h file.

See espressif/esp-idf#13966

@gojimmypi
Copy link

@frankencode check out my latest components/wolfssl/Kconfig that you may be interested in using.

@frankencode
Copy link
Contributor Author

Thanks Jim! That's a lot of configure flags! I'll try to merge some from your user_settings/Kconfig when time allows. Another thing I wanted to do is to port the tests to pytest as used by other esp-idf components.. Furthermore I had to do some workarounds in the user_settings when removing "SINGLE_THREADED". You might want to check this out at the end of my user_settings.

@gojimmypi
Copy link

Hi @frankencode - that's interesting. I recall some time ago there was a problem with pthread.h. I thought that was resolved and addressed in settings.h but I don't see anything there.

I've not personally encountered that recently. I'll take a look. Thanks for the heads up.

In the meantime, you may also be interested in wolfSSL/wolfssl#7953; There I've moved some of the common config user_settings.h detection to the common settings.h

@gojimmypi
Copy link

@frankencode I've not been able to reproduce any compiler errors related to the #include <pthread.h> and wolfSSL SINGLE_THREADED topic. What version of the ESP-IDF are you using? What, exactly, is the error you are seeing?

Other areas of interest:

@frankencode
Copy link
Contributor Author

frankencode commented Sep 15, 2024

@gojimmypi Yes, I moved last week to latest ESP-IDF 5.4 and it compiles now without further issues when I comment out SINGLE_THREADED. A workaround in user_settings.h is not needed anymore.

Checking for memory allocation failures is essential and should never
be disabled. This increases the binary size only minimally.

E.g. performance impact on the C6:
 * binary size increases by 14864 bytes
 * free heap is reduced by 8 bytes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants