Improve user settings detection

gojimmypi · gojimmypi · commit 11673166ace8 · 2025-11-08T12:39:07.000-08:00
diff --git a/include/user_settings.h b/include/user_settings.h
@@ -22,13 +22,52 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
-#ifndef _WOLFBOOT_USER_SETTINGS_H_
-#define _WOLFBOOT_USER_SETTINGS_H_
+#ifndef WOLFBOOT_USER_SETTINGS_H
+#define WOLFBOOT_USER_SETTINGS_H
+
+/* This is the wolfBoot embedded target user settings.
+ *
+ * See also settings in [WOLFBOOT_ROOT]/tools/keytools
+ *
+ * When in question, define WOLFBOOT_SHOW_INCLUDE
+ */
+
+#ifdef WOLFBOOT_SHOW_INCLUDE
+    #ifdef __GNUC__  /* GCC compiler */
+        #pragma message "===============include/user_settings.h"
+    #elif defined(_MSC_VER) /* Microsoft Visual C++ compiler */
+        #pragma message("===============include/user_settings.h")
+    #else
+        #warning "===============include/user_settings.h"
+    #endif
+#endif
+
+//#define DEBUG_SIGNTOOL
+//#define WOLFSSL_USE_ALIGN
+
+#if defined(_MSC_VER)
+    /* MSVC and clang-cl both define _MSC_VER */
+    #ifndef WOLFSSL_HAVE_MIN
+        #define WOLFSSL_HAVE_MIN
+    #endif
+    #ifndef WOLFSSL_HAVE_MAX
+        #define WOLFSSL_HAVE_MAX
+    #endif
+
+    /* Really keep Windows headers from redefining min/max */
+    #ifndef NOMINMAX
+        #define NOMINMAX 1
+    #endif
+#endif
 
 #ifdef WOLFBOOT_PKCS11_APP
 # include "test-app/wcs/user_settings.h"
 #else
 
+/* The target.h is a device-specific, typically a generated file.
+ * CMake configures from `include/target.h.in` into ${CMAKE_CURRENT_BINARY_DIR}
+ *
+ * See also the sample in [WOLFBOOT_ROOT]/tools/unit-tests/target.h */
 #include <target.h>
 
 /* System */
@@ -330,7 +369,9 @@ extern int tolower(int c);
 
     /* SP Math needs to understand long long */
 #   ifndef ULLONG_MAX
-#       define ULLONG_MAX 18446744073709551615ULL
+#       ifndef _MSC_VER
+#           define ULLONG_MAX 18446744073709551615ULL
+#       endif
 #   endif
 #endif
 
@@ -495,7 +536,6 @@ extern int tolower(int c);
 #   define WOLFSSL_HAVE_MAX
 #endif
 
-
 /* Memory model */
 #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
     /* Disable VLAs */
@@ -586,4 +626,4 @@ extern int tolower(int c);
 #   define WOLFSSL_PEM_TO_DER
 #endif
 
-#endif /* !_WOLFBOOT_USER_SETTINGS_H_ */
+#endif /* !WOLFBOOT_USER_SETTINGS_H */
diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h
@@ -163,6 +163,13 @@ extern "C" {
 #if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH)
 
 #include "wolfssl/wolfcrypt/settings.h"
+#ifdef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+    /* Encountered the user settings in  [WOLFBOOT_ROOT]/tools/keytools/user_settings.h */
+    #error "wolfBoot expects user settings from [WOLFBOOT_ROOT]/tools/keygen/user_settings.h"
+#endif
+#ifndef WOLFBOOT_USER_SETTINGS_H
+    #error "wolfBoot expected user settings from [WOLFBOOT_ROOT]/include/user_settings.h"
+#endif
 #include "wolfssl/wolfcrypt/visibility.h"
 #include "wolfssl/wolfcrypt/wc_port.h"
 #include "wolfssl/wolfcrypt/types.h"
@@ -178,6 +185,7 @@ extern "C" {
 
 /* Hashing configuration */
 #if defined(WOLFBOOT_HASH_SHA256)
+    #define WOLFBOOT_KEYHASH_HAS_RESULT
     #include "wolfssl/wolfcrypt/sha256.h"
 #   ifndef WOLFBOOT_SHA_BLOCK_SIZE
 #     define WOLFBOOT_SHA_BLOCK_SIZE (256)
diff --git a/src/image.c b/src/image.c
@@ -31,7 +31,8 @@
 #endif
 #include <wolfssl/wolfcrypt/settings.h> /* for wolfCrypt hash/sign routines */
 #ifdef WOLFBOOT_KEYTOOLS
-    /* this code needs to use the Use ./include/user_settings.h, not keytools */
+    /* this code needs to use the local tools/keytools/user_settings.h
+     *                    not [WOLFBOOT_ROOT]/include/user_settings.h  */
     #error "The wrong user_settings.h has been included."
 #endif
 
diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c
@@ -27,8 +27,10 @@
 //#define DEBUG_SIGNTOOL
 
 #ifdef _WIN32
-#define _CRT_SECURE_NO_WARNINGS
-#define _CRT_NONSTDC_NO_DEPRECATE /* unlink */
+    #define _CRT_SECURE_NO_WARNINGS
+    #define _CRT_NONSTDC_NO_DEPRECATE /* unlink */
+#else
+    #include <unistd.h>
 #endif
 #include <stdio.h>
 #include <stdint.h>
@@ -40,21 +42,32 @@
 #include <sys/types.h>
 #include <errno.h>
 #include <fcntl.h>
-#ifndef _WIN32
-    #include <unistd.h>
+
+/* wolfSSL */
+/* Always include wolfcrypt/settings.h before any other wolfSSL file.    */
+/* Reminder: settings.h pulls in user_settings.h; don't include it here. */
+#include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFBOOT_USER_SETTINGS_H
+    #error "Keygen encountered unexpected user settings from [WOLFBOOT_ROOT]/include/user_settings.h"
+#endif
+#ifdef __WOLFBOOT
+    /* wolfBoot otherwise uses a user_se*/
+#error "Keygen unexpectedly encountered __WOLFBOOT. Check your config"
+#endif
+#ifndef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+    #error "Keygen expects settings from [WOLFBOOT_ROOT]/tools/keygen/user_settings.h"
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
 #ifndef NO_RSA
-#include <wolfssl/wolfcrypt/rsa.h>
+    #include <wolfssl/wolfcrypt/rsa.h>
 #endif
 #ifdef HAVE_ECC
-#include <wolfssl/wolfcrypt/ecc.h>
-#include <wolfssl/wolfcrypt/asn.h>
-
+    #include <wolfssl/wolfcrypt/ecc.h>
+    #include <wolfssl/wolfcrypt/asn.h>
 #endif
 #ifdef HAVE_ED25519
-#include <wolfssl/wolfcrypt/ed25519.h>
+    #include <wolfssl/wolfcrypt/ed25519.h>
 #endif
 
 #ifdef HAVE_ED448
@@ -86,11 +99,11 @@
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef DEBUG_SIGNTOOL
-#include <wolfssl/wolfcrypt/logging.h>
+    #include <wolfssl/wolfcrypt/logging.h>
 #endif
 
 #if !defined(PATH_MAX)
-#define PATH_MAX 256
+    #define PATH_MAX 256
 #endif
 
 #include "wolfboot/wolfboot.h"
diff --git a/tools/keytools/otp/otp-keystore-gen.c b/tools/keytools/otp/otp-keystore-gen.c
@@ -36,6 +36,22 @@
 #endif
 
 #include "wolfboot/wolfboot.h"
+#ifdef __WOLFBOOT
+    #ifndef WOLFBOOT_USER_SETTINGS_H
+        #error "otp-keystore-gen encountered unexpected user settings, expected [WOLFBOOT_ROOT]/include/user_settings.h"
+    #endif
+    #ifdef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+        #error "Detected keytools user settings, expected [WOLFBOOT_ROOT]/include/user_settings.hh"
+    #endif
+#else
+    #ifdef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+        #error "Detected keytools user settings, otp-keystore-gen does not expect any user_settings.h"
+    #endif
+    #ifdef WOLFBOOT_USER_SETTINGS_H
+        #error "Detected wolfboot user settings, otp-keystore-gen does not expect any user_settings.h"
+    #endif
+#endif
+
 #include "keystore.h"
 #include "otp_keystore.h"
 
diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
@@ -22,8 +22,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* Beware of wolfCrypt user settings in [WOLFBOOT_ROOT]/include/user_settings.h */
+
 /* Option to enable sign tool debugging */
-/* Must also define DEBUG_WOLFSSL in user_settings.h */
+/* Must also define DEBUG_WOLFSSL in /tools/keytools/user_settings.h */
 //#define DEBUG_SIGNTOOL
 
 #ifdef _WIN32
@@ -79,11 +81,22 @@ static inline int fp_truncate(FILE *f, size_t len)
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+#ifdef WOLFBOOT_USER_SETTINGS_H
+    #error "signing tool encountered unexpected user settings from [WOLFBOOT_ROOT]/include/user_settings.h"
+#endif
+#ifdef __WOLFBOOT
+    /* wolfBoot otherwise uses a different user_settings */
+    #error "signing tool unexpectedly encountered __WOLFBOOT. Check your config"
+#endif
+#ifndef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+    #error "signing tool expects settings from [WOLFBOOT_ROOT]/tools/keygen/user_settings.h"
+#endif
+
 #include <wolfssl/wolfcrypt/asn.h>
 #include <wolfssl/wolfcrypt/aes.h>
 
 #ifdef HAVE_CHACHA
-#include <wolfssl/wolfcrypt/chacha.h>
+    #include <wolfssl/wolfcrypt/chacha.h>
 #endif
 
 
diff --git a/tools/keytools/user_settings.h b/tools/keytools/user_settings.h
@@ -23,11 +23,45 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef H_USER_SETTINGS_
-#define H_USER_SETTINGS_
+#ifndef WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+#define WOLFBOOT_KEYTOOLS_USER_SETTINGS_H
+
+/* This is the keytools user settings.
+ *
+ * See also settings in [WOLFBOOT_ROOT]/include/user_settings.h
+ *
+ * When in question, define WOLFBOOT_SHOW_INCLUDE
+ */
+
+#ifdef WOLFBOOT_SHOW_INCLUDE
+    #ifdef __GNUC__  /* GCC compiler */
+        #pragma message "============= keytools/user_settings.h"
+    #elif defined(_MSC_VER) /* Microsoft Visual C++ compiler */
+        #pragma message("============= keytools/user_settings.h")
+    #else
+        #warning "============= keytools/user_settings"
+    #endif
+#endif
 
 #include <stdint.h>
 
+/* #define DEBUG_SIGNTOOL */
+
+/* #define WOLFBOOT_HASH_SHA256 */
+/* #define WOLFBOOT_SIGN_ECC256 */
+
+/* Only the lib-test needs some image size macros in Visual Studio. */
+/* See project file to identify IS_TEST_LIB_APP */
+#if defined(_MSC_VER) && defined(IS_TEST_LIB_APP)
+    /* These should be defined in preprocessor section, here for backup: */
+    #ifndef LMS_IMAGE_SIGNATURE_SIZE
+        #define LMS_IMAGE_SIGNATURE_SIZE 4096
+    #endif
+    #ifndef XMSS_IMAGE_SIGNATURE_SIZE
+        #define XMSS_IMAGE_SIGNATURE_SIZE 4096
+    #endif
+#endif
+
 /* System */
 #ifndef WOLFBOOT_KEYTOOLS
     #define WOLFBOOT_KEYTOOLS
