mirror of
https://github.com/esp8266/Arduino.git
synced 2025-04-21 10:26:06 +03:00
New menu option to minimize BSSL ROM with only RSA (#6006)
* New menu option to minimize BSSL ROM with only RSA Adds a menu option and define to limit BearSSL to older RSA connection options. This saves ~45K program memory and can speed up connections since EC, while more secure, is significantly slower on the chip. The supported ciphers are identical to the ones that axTLS supported. Fixes #6005 * Add default SSLFLAGS(blank) to platform.txt * Fix unused variable warning * Add clarifying comment to menu items
This commit is contained in:
Earle F. Philhower, III
GitHub
parent
72c21feff6
commit
d9b0480f09
121
boards.txt
121
boards.txt
@ -21,6 +21,7 @@ menu.exception=Exceptions
|
||||
menu.led=Builtin Led
|
||||
menu.wipe=Erase Flash
|
||||
menu.sdk=Espressif FW
|
||||
menu.ssl=SSL Support
|
||||
|
||||
##############################################################
|
||||
generic.name=Generic ESP8266 Module
|
||||
@ -53,6 +54,10 @@ generic.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
generic.menu.exception.enabled=Enabled
|
||||
generic.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
generic.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
generic.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
generic.menu.ssl.all.build.sslflags=
|
||||
generic.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
generic.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
generic.menu.ResetMethod.ck=ck
|
||||
generic.menu.ResetMethod.ck.upload.resetmethod=ck
|
||||
generic.menu.ResetMethod.nodemcu=nodemcu
|
||||
@ -499,6 +504,10 @@ esp8285.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
esp8285.menu.exception.enabled=Enabled
|
||||
esp8285.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
esp8285.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
esp8285.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
esp8285.menu.ssl.all.build.sslflags=
|
||||
esp8285.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
esp8285.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
esp8285.menu.ResetMethod.ck=ck
|
||||
esp8285.menu.ResetMethod.ck.upload.resetmethod=ck
|
||||
esp8285.menu.ResetMethod.nodemcu=nodemcu
|
||||
@ -774,6 +783,10 @@ espduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espduino.menu.exception.enabled=Enabled
|
||||
espduino.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espduino.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espduino.menu.ssl.all.build.sslflags=
|
||||
espduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espduino.build.flash_mode=dio
|
||||
espduino.build.flash_flags=-DFLASHMODE_DIO
|
||||
espduino.build.flash_freq=40
|
||||
@ -957,6 +970,10 @@ huzzah.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
huzzah.menu.exception.enabled=Enabled
|
||||
huzzah.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
huzzah.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
huzzah.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
huzzah.menu.ssl.all.build.sslflags=
|
||||
huzzah.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
huzzah.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
huzzah.upload.resetmethod=nodemcu
|
||||
huzzah.build.flash_mode=qio
|
||||
huzzah.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -1141,6 +1158,10 @@ inventone.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
inventone.menu.exception.enabled=Enabled
|
||||
inventone.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
inventone.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
inventone.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
inventone.menu.ssl.all.build.sslflags=
|
||||
inventone.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
inventone.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
inventone.upload.resetmethod=nodemcu
|
||||
inventone.build.flash_mode=dio
|
||||
inventone.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -1325,6 +1346,10 @@ cw01.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
cw01.menu.exception.enabled=Enabled
|
||||
cw01.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
cw01.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
cw01.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
cw01.menu.ssl.all.build.sslflags=
|
||||
cw01.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
cw01.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
cw01.upload.resetmethod=nodemcu
|
||||
cw01.menu.CrystalFreq.26=26 MHz
|
||||
cw01.menu.CrystalFreq.40=40 MHz
|
||||
@ -1512,6 +1537,10 @@ espresso_lite_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espresso_lite_v1.menu.exception.enabled=Enabled
|
||||
espresso_lite_v1.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espresso_lite_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espresso_lite_v1.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espresso_lite_v1.menu.ssl.all.build.sslflags=
|
||||
espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espresso_lite_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espresso_lite_v1.build.flash_mode=dio
|
||||
espresso_lite_v1.build.flash_flags=-DFLASHMODE_DIO
|
||||
espresso_lite_v1.build.flash_freq=40
|
||||
@ -1699,6 +1728,10 @@ espresso_lite_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espresso_lite_v2.menu.exception.enabled=Enabled
|
||||
espresso_lite_v2.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espresso_lite_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espresso_lite_v2.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espresso_lite_v2.menu.ssl.all.build.sslflags=
|
||||
espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espresso_lite_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espresso_lite_v2.build.flash_mode=dio
|
||||
espresso_lite_v2.build.flash_flags=-DFLASHMODE_DIO
|
||||
espresso_lite_v2.build.flash_freq=40
|
||||
@ -1886,6 +1919,10 @@ phoenix_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
phoenix_v1.menu.exception.enabled=Enabled
|
||||
phoenix_v1.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
phoenix_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
phoenix_v1.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
phoenix_v1.menu.ssl.all.build.sslflags=
|
||||
phoenix_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
phoenix_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
phoenix_v1.build.flash_mode=dio
|
||||
phoenix_v1.build.flash_flags=-DFLASHMODE_DIO
|
||||
phoenix_v1.build.flash_freq=40
|
||||
@ -2073,6 +2110,10 @@ phoenix_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
phoenix_v2.menu.exception.enabled=Enabled
|
||||
phoenix_v2.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
phoenix_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
phoenix_v2.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
phoenix_v2.menu.ssl.all.build.sslflags=
|
||||
phoenix_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
phoenix_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
phoenix_v2.build.flash_mode=dio
|
||||
phoenix_v2.build.flash_flags=-DFLASHMODE_DIO
|
||||
phoenix_v2.build.flash_freq=40
|
||||
@ -2260,6 +2301,10 @@ nodemcu.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
nodemcu.menu.exception.enabled=Enabled
|
||||
nodemcu.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
nodemcu.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
nodemcu.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
nodemcu.menu.ssl.all.build.sslflags=
|
||||
nodemcu.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
nodemcu.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
nodemcu.upload.resetmethod=nodemcu
|
||||
nodemcu.build.flash_mode=qio
|
||||
nodemcu.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -2444,6 +2489,10 @@ nodemcuv2.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
nodemcuv2.menu.exception.enabled=Enabled
|
||||
nodemcuv2.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
nodemcuv2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
nodemcuv2.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
nodemcuv2.menu.ssl.all.build.sslflags=
|
||||
nodemcuv2.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
nodemcuv2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
nodemcuv2.upload.resetmethod=nodemcu
|
||||
nodemcuv2.build.flash_mode=dio
|
||||
nodemcuv2.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -2628,6 +2677,10 @@ modwifi.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
modwifi.menu.exception.enabled=Enabled
|
||||
modwifi.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
modwifi.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
modwifi.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
modwifi.menu.ssl.all.build.sslflags=
|
||||
modwifi.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
modwifi.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
modwifi.upload.resetmethod=ck
|
||||
modwifi.build.flash_mode=qio
|
||||
modwifi.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -2822,6 +2875,10 @@ thing.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
thing.menu.exception.enabled=Enabled
|
||||
thing.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
thing.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
thing.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
thing.menu.ssl.all.build.sslflags=
|
||||
thing.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
thing.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
thing.upload.resetmethod=ck
|
||||
thing.build.flash_mode=qio
|
||||
thing.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -3006,6 +3063,10 @@ thingdev.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
thingdev.menu.exception.enabled=Enabled
|
||||
thingdev.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
thingdev.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
thingdev.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
thingdev.menu.ssl.all.build.sslflags=
|
||||
thingdev.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
thingdev.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
thingdev.upload.resetmethod=nodemcu
|
||||
thingdev.build.flash_mode=dio
|
||||
thingdev.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -3190,6 +3251,10 @@ esp210.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
esp210.menu.exception.enabled=Enabled
|
||||
esp210.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
esp210.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
esp210.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
esp210.menu.ssl.all.build.sslflags=
|
||||
esp210.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
esp210.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
esp210.upload.resetmethod=ck
|
||||
esp210.build.flash_mode=qio
|
||||
esp210.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -3374,6 +3439,10 @@ d1_mini.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
d1_mini.menu.exception.enabled=Enabled
|
||||
d1_mini.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
d1_mini.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
d1_mini.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
d1_mini.menu.ssl.all.build.sslflags=
|
||||
d1_mini.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
d1_mini.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
d1_mini.upload.resetmethod=nodemcu
|
||||
d1_mini.build.flash_mode=dio
|
||||
d1_mini.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -3558,6 +3627,10 @@ d1_mini_pro.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
d1_mini_pro.menu.exception.enabled=Enabled
|
||||
d1_mini_pro.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
d1_mini_pro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
d1_mini_pro.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
d1_mini_pro.menu.ssl.all.build.sslflags=
|
||||
d1_mini_pro.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
d1_mini_pro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
d1_mini_pro.upload.resetmethod=nodemcu
|
||||
d1_mini_pro.build.flash_mode=dio
|
||||
d1_mini_pro.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -3725,6 +3798,10 @@ d1_mini_lite.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
d1_mini_lite.menu.exception.enabled=Enabled
|
||||
d1_mini_lite.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
d1_mini_lite.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
d1_mini_lite.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
d1_mini_lite.menu.ssl.all.build.sslflags=
|
||||
d1_mini_lite.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
d1_mini_lite.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
d1_mini_lite.upload.resetmethod=nodemcu
|
||||
d1_mini_lite.build.flash_mode=dout
|
||||
d1_mini_lite.build.flash_flags=-DFLASHMODE_DOUT
|
||||
@ -3949,6 +4026,10 @@ d1.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
d1.menu.exception.enabled=Enabled
|
||||
d1.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
d1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
d1.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
d1.menu.ssl.all.build.sslflags=
|
||||
d1.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
d1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
d1.upload.resetmethod=nodemcu
|
||||
d1.build.flash_mode=dio
|
||||
d1.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -4133,6 +4214,10 @@ espino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espino.menu.exception.enabled=Enabled
|
||||
espino.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espino.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espino.menu.ssl.all.build.sslflags=
|
||||
espino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espino.menu.ResetMethod.ck=ck
|
||||
espino.menu.ResetMethod.ck.upload.resetmethod=ck
|
||||
espino.menu.ResetMethod.nodemcu=nodemcu
|
||||
@ -4320,6 +4405,10 @@ espinotee.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espinotee.menu.exception.enabled=Enabled
|
||||
espinotee.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espinotee.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espinotee.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espinotee.menu.ssl.all.build.sslflags=
|
||||
espinotee.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espinotee.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espinotee.upload.resetmethod=nodemcu
|
||||
espinotee.build.flash_mode=qio
|
||||
espinotee.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -4521,6 +4610,10 @@ wifinfo.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
wifinfo.menu.exception.enabled=Enabled
|
||||
wifinfo.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
wifinfo.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
wifinfo.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
wifinfo.menu.ssl.all.build.sslflags=
|
||||
wifinfo.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
wifinfo.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
wifinfo.upload.resetmethod=nodemcu
|
||||
wifinfo.build.flash_mode=qio
|
||||
wifinfo.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -4760,6 +4853,10 @@ arduino-esp8266.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
arduino-esp8266.menu.exception.enabled=Enabled
|
||||
arduino-esp8266.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
arduino-esp8266.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
arduino-esp8266.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
arduino-esp8266.menu.ssl.all.build.sslflags=
|
||||
arduino-esp8266.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
arduino-esp8266.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
arduino-esp8266.upload.resetmethod=ck
|
||||
arduino-esp8266.build.flash_mode=qio
|
||||
arduino-esp8266.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -4945,6 +5042,10 @@ gen4iod.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
gen4iod.menu.exception.enabled=Enabled
|
||||
gen4iod.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
gen4iod.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
gen4iod.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
gen4iod.menu.ssl.all.build.sslflags=
|
||||
gen4iod.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
gen4iod.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
gen4iod.upload.resetmethod=nodemcu
|
||||
gen4iod.build.flash_mode=dio
|
||||
gen4iod.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -5130,6 +5231,10 @@ oak.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
oak.menu.exception.enabled=Enabled
|
||||
oak.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
oak.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
oak.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
oak.menu.ssl.all.build.sslflags=
|
||||
oak.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
oak.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
oak.upload.resetmethod=none
|
||||
oak.build.flash_mode=dio
|
||||
oak.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -5314,6 +5419,10 @@ wifiduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
wifiduino.menu.exception.enabled=Enabled
|
||||
wifiduino.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
wifiduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
wifiduino.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
wifiduino.menu.ssl.all.build.sslflags=
|
||||
wifiduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
wifiduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
wifiduino.upload.resetmethod=nodemcu
|
||||
wifiduino.build.flash_mode=dio
|
||||
wifiduino.build.flash_flags=-DFLASHMODE_DIO
|
||||
@ -5498,6 +5607,10 @@ wifi_slot.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
wifi_slot.menu.exception.enabled=Enabled
|
||||
wifi_slot.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
wifi_slot.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
wifi_slot.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
wifi_slot.menu.ssl.all.build.sslflags=
|
||||
wifi_slot.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
wifi_slot.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
wifi_slot.upload.resetmethod=nodemcu
|
||||
wifi_slot.menu.FlashFreq.40=40MHz
|
||||
wifi_slot.menu.FlashFreq.40.build.flash_freq=40
|
||||
@ -5782,6 +5895,10 @@ wiolink.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
wiolink.menu.exception.enabled=Enabled
|
||||
wiolink.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
wiolink.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
wiolink.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
wiolink.menu.ssl.all.build.sslflags=
|
||||
wiolink.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
wiolink.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
wiolink.upload.resetmethod=nodemcu
|
||||
wiolink.build.flash_mode=qio
|
||||
wiolink.build.flash_flags=-DFLASHMODE_QIO
|
||||
@ -5966,6 +6083,10 @@ espectro.menu.exception.disabled.build.stdcpp_lib=-lstdc++
|
||||
espectro.menu.exception.enabled=Enabled
|
||||
espectro.menu.exception.enabled.build.exception_flags=-fexceptions
|
||||
espectro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc
|
||||
espectro.menu.ssl.all=All SSL ciphers (most compatible)
|
||||
espectro.menu.ssl.all.build.sslflags=
|
||||
espectro.menu.ssl.basic=Basic SSL ciphers (lower ROM use)
|
||||
espectro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC
|
||||
espectro.upload.resetmethod=nodemcu
|
||||
espectro.build.flash_mode=dio
|
||||
espectro.build.flash_flags=-DFLASHMODE_DIO
|
||||
|
||||
@ -744,6 +744,7 @@ extern "C" {
|
||||
* strong enough, and AES-256 is 40% more expensive).
|
||||
*/
|
||||
static const uint16_t suites_P[] PROGMEM = {
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
@ -780,15 +781,18 @@ extern "C" {
|
||||
BR_TLS_RSA_WITH_AES_256_CCM,
|
||||
BR_TLS_RSA_WITH_AES_128_CCM_8,
|
||||
BR_TLS_RSA_WITH_AES_256_CCM_8,
|
||||
#endif
|
||||
BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
BR_TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
BR_TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||
#endif
|
||||
};
|
||||
|
||||
// For apps which want to use less secure but faster ciphers, only
|
||||
@ -826,16 +830,20 @@ extern "C" {
|
||||
br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
|
||||
br_ssl_client_set_default_rsapub(cc);
|
||||
br_ssl_engine_set_default_rsavrfy(&cc->eng);
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_ssl_engine_set_default_ecdsa(&cc->eng);
|
||||
#endif
|
||||
br_ssl_client_install_hashes(&cc->eng);
|
||||
br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf);
|
||||
br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf);
|
||||
br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf);
|
||||
br_ssl_engine_set_default_aes_cbc(&cc->eng);
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_ssl_engine_set_default_aes_gcm(&cc->eng);
|
||||
br_ssl_engine_set_default_aes_ccm(&cc->eng);
|
||||
br_ssl_engine_set_default_des_cbc(&cc->eng);
|
||||
br_ssl_engine_set_default_chapol(&cc->eng);
|
||||
#endif
|
||||
}
|
||||
|
||||
}
|
||||
@ -882,7 +890,14 @@ bool WiFiClientSecure::_installClientX509Validator() {
|
||||
if (_knownkey->isRSA()) {
|
||||
br_x509_knownkey_init_rsa(_x509_knownkey.get(), _knownkey->getRSA(), _knownkey_usages);
|
||||
} else if (_knownkey->isEC()) {
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_x509_knownkey_init_ec(_x509_knownkey.get(), _knownkey->getEC(), _knownkey_usages);
|
||||
#else
|
||||
(void) _knownkey;
|
||||
(void) _knownkey_usages;
|
||||
DEBUG_BSSL("_installClientX509Validator: Attempting to use EC keys in minimal cipher mode (no EC)\n");
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
br_ssl_engine_set_x509(_eng, &_x509_knownkey->vtable);
|
||||
} else {
|
||||
@ -894,7 +909,9 @@ bool WiFiClientSecure::_installClientX509Validator() {
|
||||
}
|
||||
br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta ? _ta->getTrustAnchors() : nullptr, _ta ? _ta->getCount() : 0);
|
||||
br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng));
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng));
|
||||
#endif
|
||||
br_x509_minimal_install_hashes(_x509_minimal.get());
|
||||
if (_now) {
|
||||
// Magic constants convert to x509 times
|
||||
@ -953,9 +970,15 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
|
||||
br_ssl_client_set_single_rsa(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0,
|
||||
_sk->getRSA(), br_rsa_pkcs1_sign_get_default());
|
||||
} else if (_sk && _sk->isEC()) {
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_ssl_client_set_single_ec(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0,
|
||||
_sk->getEC(), _allowed_usages,
|
||||
_cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default());
|
||||
#else
|
||||
_freeSSL();
|
||||
DEBUG_BSSL("_connectSSL: Attempting to use EC cert in minimal cipher mode (no EC)\n");
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
// Restore session from the storage spot, if present
|
||||
@ -997,9 +1020,13 @@ bool WiFiClientSecure::_installServerX509Validator(const X509List *client_CA_ta)
|
||||
}
|
||||
br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta->getTrustAnchors(), _ta->getCount());
|
||||
br_ssl_engine_set_default_rsavrfy(_eng);
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_ssl_engine_set_default_ecdsa(_eng);
|
||||
#endif
|
||||
br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng));
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng));
|
||||
#endif
|
||||
br_x509_minimal_install_hashes(_x509_minimal.get());
|
||||
if (_now) {
|
||||
// Magic constants convert to x509 times
|
||||
@ -1048,6 +1075,7 @@ bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain,
|
||||
bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
|
||||
unsigned cert_issuer_key_type, const PrivateKey *sk,
|
||||
const X509List *client_CA_ta) {
|
||||
#ifndef BEARSSL_SSL_BASIC
|
||||
_freeSSL();
|
||||
_oom_err = false;
|
||||
_sc_svr = std::make_shared<br_ssl_server_context>();
|
||||
@ -1076,6 +1104,14 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
|
||||
}
|
||||
|
||||
return _wait_for_handshake();
|
||||
#else
|
||||
(void) chain;
|
||||
(void) cert_issuer_key_type;
|
||||
(void) sk;
|
||||
(void) client_CA_ta;
|
||||
DEBUG_BSSL("_connectSSLServerEC: Attempting to use EC cert in minimal cipher mode (no EC)\n");
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
// Returns an error ID and possibly a string (if dest != null) of the last
|
||||
|
||||
@ -30,6 +30,8 @@ build.lwip_flags=-DLWIP_OPEN_SRC
|
||||
|
||||
build.vtable_flags=-DVTABLES_IN_FLASH
|
||||
|
||||
build.sslflags=
|
||||
|
||||
build.exception_flags=-fno-exceptions
|
||||
build.stdcpp_lib=-lstdc++
|
||||
|
||||
@ -44,7 +46,7 @@ compiler.libc.path={runtime.platform.path}/tools/sdk/libc/xtensa-lx106-elf
|
||||
compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/{build.lwip_include}" "-I{compiler.libc.path}/include" "-I{build.path}/core"
|
||||
|
||||
compiler.c.cmd=xtensa-lx106-elf-gcc
|
||||
compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags}
|
||||
compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags}
|
||||
|
||||
compiler.S.cmd=xtensa-lx106-elf-gcc
|
||||
compiler.S.flags=-c -g -x assembler-with-cpp -MMD -mlongcalls
|
||||
@ -55,7 +57,7 @@ compiler.c.elf.cmd=xtensa-lx106-elf-gcc
|
||||
compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -lbearssl -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 {build.stdcpp_lib} -lm -lc -lgcc
|
||||
|
||||
compiler.cpp.cmd=xtensa-lx106-elf-g++
|
||||
compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags}
|
||||
compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags}
|
||||
|
||||
compiler.as.cmd=xtensa-lx106-elf-as
|
||||
|
||||
|
||||
@ -1074,6 +1074,15 @@ macros = {
|
||||
( '.menu.wipe.all.upload.erase_cmd', 'erase_flash' ),
|
||||
]),
|
||||
|
||||
######################## SSL supported protocols
|
||||
|
||||
'ssl_cipher_menu': collections.OrderedDict([
|
||||
( '.menu.ssl.all', 'All SSL ciphers (most compatible)' ),
|
||||
( '.menu.ssl.all.build.sslflags', ''),
|
||||
( '.menu.ssl.basic', 'Basic SSL ciphers (lower ROM use)' ),
|
||||
( '.menu.ssl.basic.build.sslflags', '-DBEARSSL_SSL_BASIC'),
|
||||
]),
|
||||
|
||||
}
|
||||
|
||||
################################################################
|
||||
@ -1384,6 +1393,7 @@ def all_boards ():
|
||||
print('menu.led=Builtin Led')
|
||||
print('menu.wipe=Erase Flash')
|
||||
print('menu.sdk=Espressif FW')
|
||||
print('menu.ssl=SSL Support')
|
||||
print('')
|
||||
|
||||
for id in boards:
|
||||
@ -1397,7 +1407,7 @@ def all_boards ():
|
||||
print(id + optname + '=' + board['opts'][optname])
|
||||
|
||||
# macros
|
||||
macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu' ]
|
||||
macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu', 'ssl_cipher_menu' ]
|
||||
if 'macro' in board:
|
||||
macrolist += board['macro']
|
||||
if lwip == 2:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user