diff --git a/wolfcrypt/src/port/Espressif/esp32_aes.c b/wolfcrypt/src/port/Espressif/esp32_aes.c index b1479de33..45a1b284b 100644 --- a/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -474,16 +474,26 @@ int wc_esp32AesDecrypt(Aes *aes, const byte* in, byte* out) int ret; ESP_LOGV(TAG, "enter wc_esp32AesDecrypt"); - /* lock the hw engine */ - esp_aes_hw_InUse(); - /* load the key into the register */ + + /* Validate parameters */ + if (aes == NULL || in == NULL || out == NULL) { + ESP_LOGE(TAG, "Invalid parameters"); + return BAD_FUNC_ARG; + } + + /* Lock the hw engine */ + ret = esp_aes_hw_InUse(); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed to acquire HW lock"); + return ret; + } + + /* Load the key into the register */ ret = esp_aes_hw_Set_KeyMode(aes, ESP32_AES_UPDATEKEY_DECRYPT); if (ret != ESP_OK) { - ESP_LOGE(TAG, "wc_esp32AesDecrypt failed " - "during esp_aes_hw_Set_KeyMode"); - /* release hw */ + ESP_LOGE(TAG, "Failed during esp_aes_hw_Set_KeyMode"); esp_aes_hw_Leave(); - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } if (ret == ESP_OK) { @@ -514,13 +524,27 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int ret; int i; int offset = 0; - word32 blocks = (sz / WC_AES_BLOCK_SIZE); + word32 blocks; byte *iv; byte temp_block[WC_AES_BLOCK_SIZE]; ESP_LOGV(TAG, "enter wc_esp32AesCbcEncrypt"); + /* Validate parameters */ + if (aes == NULL || out == NULL || in == NULL) { + ESP_LOGE(TAG, "Invalid parameters"); + return BAD_FUNC_ARG; + } + + /* Validate size */ + if (sz == 0 || (sz % WC_AES_BLOCK_SIZE) != 0) { + ESP_LOGE(TAG, "Invalid size: must be multiple of block size"); + return BAD_FUNC_ARG; + } + + blocks = sz / WC_AES_BLOCK_SIZE; iv = (byte*)aes->reg; + XMEMSET(temp_block, 0, WC_AES_BLOCK_SIZE); ret = esp_aes_hw_InUse(); @@ -570,16 +594,29 @@ int wc_esp32AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) int wc_esp32AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int ret; - int i; int offset = 0; - word32 blocks = (sz / WC_AES_BLOCK_SIZE); + word32 blocks; byte* iv; byte temp_block[WC_AES_BLOCK_SIZE]; ESP_LOGV(TAG, "enter wc_esp32AesCbcDecrypt"); + /* Validate parameters */ + if (aes == NULL || out == NULL || in == NULL) { + ESP_LOGE(TAG, "Invalid parameters"); + return BAD_FUNC_ARG; + } + + /* Validate size */ + if (sz == 0 || (sz % WC_AES_BLOCK_SIZE) != 0) { + ESP_LOGE(TAG, "Invalid size: must be multiple of block size"); + return BAD_FUNC_ARG; + } + + blocks = sz / WC_AES_BLOCK_SIZE; iv = (byte*)aes->reg; + XMEMSET(temp_block, 0, WC_AES_BLOCK_SIZE); ret = esp_aes_hw_InUse(); diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index f9f8d9095..9af20852a 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -1273,39 +1273,53 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) if (sha_mutex == NULL) { ESP_LOGV(TAG, "Initializing sha_mutex"); - /* created, but not yet locked */ - ret = esp_CryptHwMutexInit(&sha_mutex); - if (ret == 0) { + /* Atomic mutex initialization */ + taskENTER_CRITICAL(&sha_crit_sect); + if (sha_mutex == NULL) { + /* created, but not yet locked */ + ret = esp_CryptHwMutexInit(&sha_mutex); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed to initialize sha_mutex"); + taskEXIT_CRITICAL(&sha_crit_sect); + ctx->mode = ESP32_SHA_SW; + return ESP_OK; /* Success but revert to SW */ + } + ESP_LOGV(TAG, "esp_CryptHwMutexInit sha_mutex init success."); esp_sha_mutex_ctx_owner_clear(); /* No one has the mutex yet. */ - #ifdef WOLFSSL_DEBUG_MUTEX - { - /* Take mutex for lock/unlock test drive to ensure it works: */ - ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0); - if (ret == ESP_OK) { - ret = esp_CryptHwMutexUnLock(&sha_mutex); - if (ret != ESP_OK) { - ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init lock."); - } - } - else { - ESP_LOGE(TAG, "esp_CryptHwMutexInit fail init unlock."); - } + + /* Verify mutex works properly */ + ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed initial mutex lock test"); + esp_CryptHwMutexDestroy(&sha_mutex); + sha_mutex = NULL; + taskEXIT_CRITICAL(&sha_crit_sect); + ctx->mode = ESP32_SHA_SW; + return ESP_OK; /* Success but revert to SW */ } - #endif - } /* ret == 0 for esp_CryptHwMutexInit */ - else { + + ret = esp_CryptHwMutexUnLock(&sha_mutex); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "Failed initial mutex unlock test"); + esp_CryptHwMutexDestroy(&sha_mutex); + sha_mutex = NULL; + taskEXIT_CRITICAL(&sha_crit_sect); + ctx->mode = ESP32_SHA_SW; + return ESP_OK; /* Success but revert to SW */ + } + } + taskEXIT_CRITICAL(&sha_crit_sect); + + if (ret != ESP_OK) { ESP_LOGE(TAG, "esp_CryptHwMutexInit sha_mutex failed."); #ifdef WOLFSSL_DEBUG_MUTEX { - ESP_LOGV(TAG, "Current mutext owner = %x", this_mutex_owner); + ESP_LOGV(TAG, "Current mutex owner = %x", this_mutex_owner); } #endif sha_mutex = NULL; - - ESP_LOGV(TAG, "Revert to ctx->mode = ESP32_SHA_SW."); - ctx->mode = ESP32_SHA_SW; return ESP_OK; /* success, just not using HW */ } @@ -1375,12 +1389,18 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx) * TODO: allow for SHA interleave on chips that support it. */ - if ((mutex_ctx_owner == NULLPTR) && - esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0) == ESP_OK) { - /* we've successfully locked */ - this_mutex_owner = (uintptr_t)ctx; - esp_sha_mutex_ctx_owner_set(this_mutex_owner); - ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner); + /* Atomic check and lock */ + taskENTER_CRITICAL(&sha_crit_sect); + if (mutex_ctx_owner == NULLPTR) { + ret = esp_CryptHwMutexLock(&sha_mutex, (TickType_t)0); + if (ret == ESP_OK) { + /* Successfully locked */ + this_mutex_owner = (uintptr_t)ctx; + esp_sha_mutex_ctx_owner_set(this_mutex_owner); + ESP_LOGV(TAG, "Assigned mutex_ctx_owner to 0x%x", this_mutex_owner); + } + } + taskEXIT_CRITICAL(&sha_crit_sect); #ifdef ESP_MONITOR_HW_TASK_LOCK mutex_ctx_task = xTaskGetCurrentTaskHandle(); #endif @@ -1568,17 +1588,26 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) #endif + taskENTER_CRITICAL(&sha_crit_sect); if (ctx->lockDepth > 0) { - #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ - defined(CONFIG_IDF_TARGET_ESP8684) || \ - defined(CONFIG_IDF_TARGET_ESP32C3) || \ - defined(CONFIG_IDF_TARGET_ESP32C6) - ets_sha_disable(); /* disable also resets active, ongoing hash */ - ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()"); - #else - periph_module_disable(PERIPH_SHA_MODULE); - #endif + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + ets_sha_disable(); /* disable also resets active, ongoing hash */ + ESP_LOGV(TAG, "ets_sha_disable in esp_sha_hw_unlock()"); + #else + periph_module_disable(PERIPH_SHA_MODULE); + #endif ctx->lockDepth--; + + /* Clean up any remaining locks if we're at zero */ + if (ctx->lockDepth == 0) { + esp_CryptHwMutexUnLock(&sha_mutex); + #ifdef ESP_MONITOR_HW_TASK_LOCK + mutex_ctx_task = 0; + #endif + } } else { ESP_LOGW(TAG, "lockDepth <= 0; Disable SHA module skipped for %x", @@ -1586,16 +1615,24 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) ctx->lockDepth = 0; } -#if defined(ESP_MONITOR_HW_TASK_LOCK) && defined(WOLFSSL_ESP32_HW_LOCK_DEBUG) - ESP_LOGI(TAG, "3) esp_sha_hw_unlock Lock depth @ %d = %d " - "for WC_ESP32SHA @ %0x\n", - __LINE__, ctx->lockDepth, (uintptr_t)ctx); -#endif - - if (0 != ctx->lockDepth) { - /* If the lockdepth is not zero, unlock success unknown. */ + /* Handle stray locks if any remain */ + if (ctx->lockDepth > 0) { ESP_LOGE(TAG, "ERROR Non-zero lockDepth. Stray code lock?"); ret = ESP_FAIL; + + /* Force cleanup of stray locks */ + while (ctx->lockDepth > 0) { + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + ets_sha_disable(); + #else + periph_module_disable(PERIPH_SHA_MODULE); + #endif + ctx->lockDepth--; + } + esp_CryptHwMutexUnLock(&sha_mutex); } else { #if defined(SINGLE_THREADED) @@ -1615,25 +1652,12 @@ int esp_sha_hw_unlock(WC_ESP32SHA* ctx) } #endif /* WOLFSSL_ESP32_HW_LOCK_DEBUG */ - /* There should be exactly 1 instance of SHA unlock, and it's here: */ - esp_CryptHwMutexUnLock(&sha_mutex); - /* We don't set owner to zero here. The HW is not in use, - * but there may be a WIP hash calc (e.g. sha update). - * NO: mutex_ctx_owner = NULLPTR; */ - - #ifdef ESP_MONITOR_HW_TASK_LOCK - mutex_ctx_task = 0; - #endif - #endif #ifdef WOLFSSL_DEBUG_MUTEX - taskENTER_CRITICAL(&sha_crit_sect); - { - mutex_ctx_owner = 0; - } - taskEXIT_CRITICAL(&sha_crit_sect); + mutex_ctx_owner = 0; #endif + taskEXIT_CRITICAL(&sha_crit_sect); } #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG @@ -2164,14 +2188,19 @@ int wc_esp_digest_state(WC_ESP32SHA* ctx, byte* hash) #ifdef WOLFSSL_ESP32_CRYPT_DEBUG ESP_LOGW(TAG, "SHA HW read..."); #endif - esp_dport_access_read_buffer( + + /* Handle different hash pointer types based on ESP-IDF version */ + void* hashPtr; #if ESP_IDF_VERSION_MAJOR >= 4 - (uint32_t*)(hash), /* the result will be found in hash upon exit */ + hashPtr = (uint32_t*)(hash); #else - (word32*)(hash), /* the result will be found in hash upon exit */ + hashPtr = (word32*)(hash); #endif - SHA_TEXT_BASE, /* there's a fixed reg addr for all SHA */ - digestSz / sizeof(word32) /* # 4-byte */ + + esp_dport_access_read_buffer( + hashPtr, /* the result will be found in hash upon exit */ + SHA_TEXT_BASE, /* there's a fixed reg addr for all SHA */ + digestSz / sizeof(word32) /* # 4-byte */ ); #endif diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index 6e7b625c4..c0140760d 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -1333,6 +1333,7 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, ESP_LOGE(TAG, "Unable to allocate memory for bundle pointers"); _esp_crt_bundle_is_valid = ESP_FAIL; ret = ESP_ERR_NO_MEM; + goto cleanup; } } /* ret == ESP_OK */ @@ -1387,29 +1388,38 @@ static esp_err_t wolfssl_esp_crt_bundle_init(const uint8_t *x509_bundle, ret = ESP_ERR_INVALID_ARG; } - if (_esp_crt_bundle_is_valid == ESP_FAIL) { - if (crts == NULL) { -#ifdef DEBUG_WOLFSSL_MALLOC - ESP_LOGW(TAG, "Free certs after invalid bundle"); -#endif - free(crts); - crts = NULL; - s_crt_bundle.num_certs = 0; - s_crt_bundle.crts = NULL; - } - } - else { - /* The previous crt bundle is only updated when initialization of the - * current crt_bundle is successful */ - /* Free previous crt_bundle */ + if (ret == ESP_OK) { + /* Free previous bundle before assigning new one */ if (s_crt_bundle.crts != NULL) { #ifdef DEBUG_WOLFSSL_MALLOC - ESP_LOGI(TAG, "Free crts"); + ESP_LOGI(TAG, "Free previous crt bundle"); #endif - free(s_crt_bundle.crts); + free((void*)s_crt_bundle.crts); } - s_crt_bundle.num_certs = num_certs; s_crt_bundle.crts = crts; + s_crt_bundle.num_certs = num_certs; + s_crt_bundle.x509_crt_bundle_wolfssl_len = bundle_size; + _esp_crt_bundle_is_valid = ESP_OK; + } + +cleanup: + if (ret != ESP_OK) { + /* Cleanup on error */ + if (crts != NULL) { +#ifdef DEBUG_WOLFSSL_MALLOC + ESP_LOGW(TAG, "Free certs after error"); +#endif + free((void*)crts); + crts = NULL; + } + s_crt_bundle.crts = NULL; + s_crt_bundle.num_certs = 0; + s_crt_bundle.x509_crt_bundle_wolfssl_len = 0; + _esp_crt_bundle_is_valid = ESP_FAIL; + _cert_bundle_loaded = 0; + _crt_found = 0; + _added_cert = 0; + _need_bundle_cert = 0; } /* Consider using WOLFSSL_ASN_ALLOW_0_SERIAL or WOLFSSL_NO_ASN_STRICT diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index a74d796f1..01fb4540a 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -33,6 +33,19 @@ #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targets" #endif +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward declarations */ +struct wolfSSL_Mutex; +struct Aes; +struct wc_Sha; +struct wc_Sha256; +struct wc_Sha512; + +/* Function declarations */ + #include "sdkconfig.h" /* ensure ESP-IDF settings are available everywhere */ /* wolfSSL */ @@ -658,65 +671,32 @@ enum { ****************************************************************************** */ -#ifdef __cplusplus -extern "C" -{ -#endif - /* ****************************************************************************** -** Some common esp utilities +** Function Declarations ****************************************************************************** */ - WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void); +/* System utilities */ +WOLFSSL_LOCAL int esp_ShowExtendedSystemInfo(void); +WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void); +WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void); - WOLFSSL_LOCAL esp_err_t esp_DisableWatchdog(void); +/* Math operations */ +WOLFSSL_LOCAL int esp_mp_cmp(char* name_A, MATH_INT_T* A, char* name_B, MATH_INT_T* B); +WOLFSSL_LOCAL int esp_show_mp_attributes(char* c, MATH_INT_T* X); +WOLFSSL_LOCAL int esp_show_mp(char* name_X, MATH_INT_T* X); - WOLFSSL_LOCAL esp_err_t esp_EnableWatchdog(void); - - /* Compare MATH_INT_T A to MATH_INT_T B - * During debug, the strings name_A and name_B can help - * identify variable name. */ - WOLFSSL_LOCAL int esp_mp_cmp(char* name_A, MATH_INT_T* A, - char* name_B, MATH_INT_T* B); - - /* Show MATH_INT_T value attributes. */ - WOLFSSL_LOCAL int esp_show_mp_attributes(char* c, MATH_INT_T* X); - - /* Show MATH_INT_T value. - * - * Calls esp_show_mp_attributes(). - * - * During debug, the string name_A can help - * identify variable name. */ - WOLFSSL_LOCAL int esp_show_mp(char* name_X, MATH_INT_T* X); - - /* To use a Mutex, it must first be initialized. */ - WOLFSSL_LOCAL int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex); - - /* Take the mutex to indicate the HW is in use. Wait up to [block_time]. - * When the HW in use the mutex will be locked. */ - WOLFSSL_LOCAL int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, - TickType_t block_time); - - /* Release the mutex to indicate the HW is no longer in use. */ - WOLFSSL_LOCAL int esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex); - - /* Validation active check. When active, we'll fall back to SW. */ - WOLFSSL_LOCAL int esp_hw_validation_active(void); - -/* -******************************************************************************* -** AES features: -******************************************************************************* -*/ +/* Mutex operations */ +WOLFSSL_LOCAL int esp_CryptHwMutexInit(struct wolfSSL_Mutex* mutex); +WOLFSSL_LOCAL int esp_CryptHwMutexLock(struct wolfSSL_Mutex* mutex, TickType_t block_time); +WOLFSSL_LOCAL int esp_CryptHwMutexUnLock(struct wolfSSL_Mutex* mutex); +WOLFSSL_LOCAL int esp_hw_validation_active(void); #ifndef NO_AES - /* wolfSSL does not use Espressif rom/aes.h */ - struct Aes; /* see wolcrypt/aes.h */ +struct Aes; /* see wolcrypt/aes.h */ - typedef enum tagES32_AES_PROCESS +typedef enum tagES32_AES_PROCESS { ESP32_AES_LOCKHW = 1, ESP32_AES_UPDATEKEY_ENCRYPT = 2, @@ -730,20 +710,10 @@ extern "C" WOLFSSL_LOCAL int wc_esp32AesSupportedKeyLenValue(int keylen); WOLFSSL_LOCAL int wc_esp32AesSupportedKeyLen(struct Aes* aes); - WOLFSSL_LOCAL int wc_esp32AesCbcEncrypt(struct Aes* aes, - byte* out, - const byte* in, - word32 sz); - WOLFSSL_LOCAL int wc_esp32AesCbcDecrypt(struct Aes* aes, - byte* out, - const byte* in, - word32 sz); - WOLFSSL_LOCAL int wc_esp32AesEncrypt( struct Aes* aes, - const byte* in, - byte* out); - WOLFSSL_LOCAL int wc_esp32AesDecrypt( struct Aes* aes, - const byte* in, - byte* out); + WOLFSSL_LOCAL int wc_esp32AesCbcEncrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + WOLFSSL_LOCAL int wc_esp32AesCbcDecrypt(struct Aes* aes, byte* out, const byte* in, word32 sz); + WOLFSSL_LOCAL int wc_esp32AesEncrypt(struct Aes* aes, const byte* in, byte* out); + WOLFSSL_LOCAL int wc_esp32AesDecrypt(struct Aes* aes, const byte* in, byte* out); #endif /* ! NO_AES */ #ifdef WOLFSSL_ESP32_CRYPT_DEBUG @@ -753,11 +723,7 @@ extern "C" #endif /* WOLFSSL_ESP32_CRYPT_DEBUG */ -/* -******************************************************************************* -** Cryptographic hash algorithms (e.g. SHA[x]): -******************************************************************************* -*/ +/* Cryptographic hash algorithms (e.g. SHA[x]) */ #if !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) && \ (!defined(NO_SHA) || !defined(NO_SHA256) || \ @@ -914,12 +880,6 @@ extern "C" #endif /* NO_SHA && etc */ -/* -******************************************************************************* -** RSA Big Math -******************************************************************************* -*/ - #if !defined(NO_RSA) || defined(HAVE_ECC) #if !defined(ESP_RSA_TIMEOUT_CNT) @@ -927,20 +887,8 @@ extern "C" #endif #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD - /* - * The parameter names in the Espressif implementation are arbitrary. - * - * The wolfSSL names come from DH: Y=G^x mod M (see wolfcrypt/tfm.h) - * - * G=base, X is the private exponent, Y is the public value w - **/ - /* Z = (X ^ Y) mod M : Espressif generic notation */ - /* Y = (G ^ X) mod P : wolfSSL DH reference notation */ - WOLFSSL_LOCAL int esp_mp_exptmod(MATH_INT_T* X, /* G */ - MATH_INT_T* Y, /* X */ - MATH_INT_T* M, /* P */ - MATH_INT_T* Z); /* Y */ + WOLFSSL_LOCAL int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z); /* HW_MATH_ENABLED is typically used in wolfcrypt tests */ #undef HW_MATH_ENABLED @@ -948,21 +896,14 @@ extern "C" #endif /* ! NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL - /* Z = X * Y */ - WOLFSSL_LOCAL int esp_mp_mul(MATH_INT_T* X, - MATH_INT_T* Y, - MATH_INT_T* Z); + WOLFSSL_LOCAL int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z); /* HW_MATH_ENABLED is typically used in wolfcrypt tests */ #undef HW_MATH_ENABLED #define HW_MATH_ENABLED #endif /* ! NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD - /* Z = X * Y (mod M) */ - WOLFSSL_LOCAL int esp_mp_mulmod(MATH_INT_T* X, - MATH_INT_T* Y, - MATH_INT_T* M, - MATH_INT_T* Z); + WOLFSSL_LOCAL int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z); /* HW_MATH_ENABLED is typically used in wolfcrypt tests */ #undef HW_MATH_ENABLED #define HW_MATH_ENABLED @@ -971,25 +912,11 @@ extern "C" #endif /* !NO_RSA || HAVE_ECC*/ -/* Optionally enable some metrics to count interesting usage */ -/* -******************************************************************************* -** Usage metrics -******************************************************************************* -*/ #ifdef WOLFSSL_HW_METRICS #define WOLFSSL_HAS_METRICS - - /* Allow sha256 code to keep track of SW fallback during active HW */ WOLFSSL_LOCAL int esp_sw_sha256_count_add(void); - - /* show MP HW Metrics*/ WOLFSSL_LOCAL int esp_hw_show_mp_metrics(void); - - /* show SHA HW Metrics*/ WOLFSSL_LOCAL int esp_hw_show_sha_metrics(void); - - /* show all HW Metrics*/ WOLFSSL_LOCAL int esp_hw_show_metrics(void); #endif @@ -1000,12 +927,7 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); #endif /* WOLFSSL_STACK_CHECK */ -/* - * Errata Mitigation. See - * esp32_errata_en.pdf - * esp32-c3_errata_en.pdf - * esp32-s3_errata_en.pdf - */ +/* Errata Mitigation */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL #if defined(CONFIG_IDF_TARGET_ESP32) && !defined(ESP_NO_ERRATA_MITIGATION) @@ -1104,6 +1026,10 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" #endif +#ifdef __cplusplus +} +#endif + #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */ #endif /* __ESP32_CRYPT_H__ */