Restore support for ESP-IDF (#100)

Author: ivmarkov

.github/workflows/ci.yml

@@ -212,7 +212,7 @@ jobs:
         uses: esp-rs/[email protected]
         with:
           default: true
-          ldproxy: false
+          ldproxy: true
 
       # TODO: Double-check and uncomment
       # - uses: Swatinem/rust-cache@v2
@@ -236,14 +236,73 @@ jobs:
       - name: Build - Examples
         run: export WIFI_SSID=ssid; export WIFI_PASS=pass; cd examples/${{ matrix.mcu[0] }}; cargo build --no-default-features --features ${{ matrix.mcu[1] }} --target ${{ matrix.mcu[2] }} -Zbuild-std=core,alloc,panic_abort
 
+  build-esp-idf:
+    name: Build-ESP-IDF
+    runs-on: ubuntu-latest
+    permissions: read-all
+    needs: build-mcu
+    strategy:
+      fail-fast: false
+      matrix:
+        mcu:
+          - [std, esp32, xtensa-esp32-espidf]
+#          - [std, esp32s2, xtensa-esp32s2-espidf]
+          - [std, esp32s3, xtensa-esp32s3-espidf]
+#          - [std, esp32c2, riscv32imc-esp-espidf]
+#          - [std, esp32c3, riscv32imc-esp-espidf]
+#          - [std, esp32c6, riscv32imac-esp-espidf]
+# No Wifi support on esp32h2
+#          - [std, esp32h2, riscv32imac-esp-espidf]
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: dtolnay/rust-toolchain@v1
+        with:
+          target: x86_64-unknown-linux-gnu
+          toolchain: nightly
+          components: rust-src,rustfmt,clippy
+
+      - name: Install MCU target
+        if: startsWith(matrix.mcu[2], 'riscv32')
+        run: rustup target add ${{ matrix.mcu[2] }}
+
+      - name: Install Rust for Xtensa
+        if: startsWith(matrix.mcu[2], 'xtensa-')
+        uses: esp-rs/[email protected]
+        with:
+          default: true
+          ldproxy: true
+
+      # TODO: Double-check and uncomment
+      # - uses: Swatinem/rust-cache@v2
+      #   with:
+      #     workspaces: |
+      #       ./
+      #       xtask
+
+      - name: Clippy
+        run: cargo clippy --target ${{ matrix.mcu[2] }} -Zbuild-std=std,panic_abort -- -D warnings
+
+      - name: Build
+        run: cargo build --target ${{ matrix.mcu[2] }} -Zbuild-std=std,panic_abort
+
+      - name: Fmt Check - Examples
+        run: cd examples/${{ matrix.mcu[0] }}; cargo fmt -- --check
+
+      - name: Clippy - Examples
+        run: export WIFI_SSID=ssid; export WIFI_PASS=pass; cd examples/${{ matrix.mcu[0] }}; cargo clippy --target ${{ matrix.mcu[2] }} -Zbuild-std=std,panic_abort -- -D warnings
+
+      - name: Build - Examples
+        run: export WIFI_SSID=ssid; export WIFI_PASS=pass; cd examples/${{ matrix.mcu[0] }}; cargo build --target ${{ matrix.mcu[2] }} -Zbuild-std=std,panic_abort
+
   # If libraries are rebuilt and tests are successful, we upload them in a specific job
   # that has write access to prevent security breaches, and unwanted use of the token
   commit-libs:
     name: Commit MbedTLS libs
     runs-on: ubuntu-latest
     permissions:
       contents: write
-    needs: build-mcu
+    needs: build-esp-idf
     # TODO: Currently GitHub doesn't allow pushing to a forked repo's branch when running an action on a PR to upstream.
     if: |
       github.event.pull_request.head.repo.full_name == github.repository &&

esp-mbedtls-sys/src/hook/digest/sha1.rs

@@ -21,9 +21,9 @@ pub unsafe fn hook_sha1(sha1: Option<&'static (dyn MbedtlsSha1 + Send + Sync)>)
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if sha1.is_some() {
-            info!("SHA-1 hook: added custom/HW accelerated impl");
+            debug!("SHA-1 hook: added custom/HW accelerated impl");
         } else {
-            info!("SHA-1 hook: removed");
+            debug!("SHA-1 hook: removed");
         }
 
         alt::SHA1.borrow(cs).set(sha1);

esp-mbedtls-sys/src/hook/digest/sha256.rs

@@ -22,9 +22,9 @@ pub unsafe fn hook_sha256(sha256: Option<&'static (dyn MbedtlsSha256 + Send + Sy
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if sha256.is_some() {
-            info!("SHA-256 hook: added custom/HW accelerated impl");
+            debug!("SHA-256 hook: added custom/HW accelerated impl");
         } else {
-            info!("SHA-256 hook: removed");
+            debug!("SHA-256 hook: removed");
         }
 
         alt::SHA256.borrow(cs).set(sha256);
@@ -43,9 +43,9 @@ pub unsafe fn hook_sha224(sha224: Option<&'static (dyn MbedtlsSha224 + Send + Sy
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if sha224.is_some() {
-            info!("SHA-224 hook: added custom/HW accelerated impl");
+            debug!("SHA-224 hook: added custom/HW accelerated impl");
         } else {
-            info!("SHA-224 hook: removed");
+            debug!("SHA-224 hook: removed");
         }
 
         alt::SHA224.borrow(cs).set(sha224);

esp-mbedtls-sys/src/hook/digest/sha512.rs

@@ -22,9 +22,9 @@ pub unsafe fn hook_sha512(sha512: Option<&'static (dyn MbedtlsSha512 + Send + Sy
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if sha512.is_some() {
-            info!("SHA-512 hook: added custom/HW accelerated impl");
+            debug!("SHA-512 hook: added custom/HW accelerated impl");
         } else {
-            info!("SHA-512 hook: removed");
+            debug!("SHA-512 hook: removed");
         }
 
         alt::SHA512.borrow(cs).set(sha512);
@@ -43,9 +43,9 @@ pub unsafe fn hook_sha384(sha384: Option<&'static (dyn MbedtlsSha384 + Send + Sy
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if sha384.is_some() {
-            info!("SHA-384 hook: added custom/HW accelerated impl");
+            debug!("SHA-384 hook: added custom/HW accelerated impl");
         } else {
-            info!("SHA-384 hook: removed");
+            debug!("SHA-384 hook: removed");
         }
 
         alt::SHA384.borrow(cs).set(sha384);

esp-mbedtls-sys/src/hook/exp_mod.rs

@@ -57,9 +57,9 @@ pub unsafe fn hook_exp_mod(exp_mod: Option<&'static (dyn MbedtlsMpiExpMod + Send
     critical_section::with(|cs| {
         #[allow(clippy::if_same_then_else)]
         if exp_mod.is_some() {
-            info!("RSA-EXP-MOD hook: added custom/HW accelerated impl");
+            debug!("RSA-EXP-MOD hook: added custom/HW accelerated impl");
         } else {
-            info!("RSA-EXP-MOD hook: removed");
+            debug!("RSA-EXP-MOD hook: removed");
         }
 
         alt::EXP_MOD.borrow(cs).set(exp_mod);

esp-mbedtls-sys/src/lib.rs

@@ -10,6 +10,7 @@ pub use error::*;
 pub(crate) mod fmt;
 
 mod error;
+#[cfg(not(target_os = "espidf"))]
 mod extra_impls; // TODO: Figure out if we still need this
 
 #[cfg(not(target_os = "espidf"))]

esp-mbedtls/src/cert.rs

@@ -1,9 +1,8 @@
 use core::ffi::CStr;
 use core::marker::PhantomData;
 
-use esp_mbedtls_sys::*;
-
-use super::{merr, MRc, SessionError};
+use super::sys::*;
+use super::{MRc, SessionError};
 
 /// Holds a reference to a PEM or DER-encoded X509 certificate or private key.
 ///

esp-mbedtls/src/lib.rs

@@ -10,7 +10,14 @@ use core::ptr::NonNull;
 
 use critical_section::Mutex;
 
-use esp_mbedtls_sys::*;
+#[cfg(not(target_os = "espidf"))]
+use crate::sys::{mbedtls_calloc, mbedtls_free};
+use crate::sys::{
+    mbedtls_ctr_drbg_context, mbedtls_ctr_drbg_free, mbedtls_ctr_drbg_init, mbedtls_pk_context,
+    mbedtls_pk_free, mbedtls_pk_init, mbedtls_ssl_conf_dbg, mbedtls_ssl_config,
+    mbedtls_ssl_config_free, mbedtls_ssl_config_init, mbedtls_ssl_context, mbedtls_ssl_free,
+    mbedtls_ssl_init, mbedtls_x509_crt, mbedtls_x509_crt_free, mbedtls_x509_crt_init,
+};
 
 use rand_core::CryptoRng;
 
@@ -82,6 +89,8 @@ impl<'d> Tls<'d> {
     pub fn set_debug(&mut self, level: u32) {
         #[cfg(not(target_os = "espidf"))]
         unsafe {
+            use crate::sys::mbedtls_debug_set_threshold;
+
             mbedtls_debug_set_threshold(level as c_int);
         }
     }
@@ -423,3 +432,11 @@ unsafe extern "C" fn mbedtls_platform_zeroize(dst: *mut c_uchar, len: u32) {
         dst.offset(i).write_volatile(0);
     }
 }
+
+#[cfg(target_os = "espidf")]
+extern "C" {
+    #[link_name = "calloc"]
+    fn mbedtls_calloc(num: usize, size: usize) -> *mut c_void;
+    #[link_name = "free"]
+    fn mbedtls_free(ptr: *mut c_void);
+}

esp-mbedtls/src/session.rs

@@ -2,9 +2,8 @@ use core::ffi::{c_int, c_void, CStr};
 
 use embedded_io::{Error, ErrorKind};
 
-use esp_mbedtls_sys::*;
-
-use super::{mbedtls_rng, merr, Certificate, MBox, PrivateKey, Tls, TlsReference, TlsVersion};
+use super::sys::*;
+use super::{mbedtls_rng, Certificate, MBox, PrivateKey, Tls, TlsReference, TlsVersion};
 
 pub use asynch::*;
 

esp-mbedtls/src/session/asynch.rs

@@ -5,11 +5,10 @@ use core::task::{Context, Poll};
 
 use embedded_io::ErrorKind;
 
-use esp_mbedtls_sys::*;
-
 use io::{ErrorType, Read, Write};
 
-use crate::{merr, SessionError, TlsReference};
+use crate::sys::*;
+use crate::{SessionError, TlsReference};
 
 use super::{SessionConfig, SessionState};