2f4380777e
* Update to BearSSL 0.6+ release, add AES_CCM modes Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM modes to the encryption options. * Enable the aes_ccm initialization in client/server * Initial attempt * Working code with second stack thunking * Remove #ifdefs in .S file, not needed. * Clean up thunks and remove separate stack flag * Fix PIO assembler errors * Remove #ifdef code changes, ensure same code as PC Remove "#ifdef ESP8266;...;#else;...;#endif" brackets in BearSSL to ensure the host-tested code is the same as the ESP8266-run code. * Move to latest BearSSL w/EC progmem savings * Merge with master * Add br_thunk_* calls to do ref counting, painting Add reference counting br_thunk_add/del_ref() to replace stack handling code in the class. Add in stack painting and max usage calculation. * Add in postmortem stack dump hooks When a crash occurs while in the second stack, dump the BSSL stack and then also the stack that it was called from (either cont or sys). * Update stack dump to match decoder expectations * Move thunk to code core for linkiage The thunk code needs to be visible to the core routines, so move it to the cores/esp8266 directory. Probably need to refactor the stack setup and the bearssl portion to avoid dependency on bearssl libs in cores/esp8266 * Add 2nd stack dump utility routine * Refactor once more, update stack size, add stress Make stack_thunks generic, remove bearssl include inside of cores/esp8266. Allocate the stack on a WiFiServerSecure object creation to avoid fragmentation since we will need to allocate the stack to do any connected work, anyway. A stress test is now included which checks the total BearSSL second stack usage for a variety of TLS handshake and certificate options from badssl.org. * Update to latest to-thunks branch * Add BearSSL device test using stack stress Run a series of SSL connection and transmission tests that stress BearSSL and its stack usage to the device tests. Modify device tests to include a possible SPIFFS generation and upload when a make_spiffs.py file is present in a test directory. * Use bearssl/master branch, not /to-thunks branch Update to use the merged master branch of bearssl. Should have no code changes.
BearSSL ESP8266 builder
This directory contains the git submodule for the ESP8266 ported bearssl low-level library, a port of BearSSL
If you are only working on the BearSSL:: namespace functions in the
Arduino ESP8266WiFi library (BearSSL::WiFiClientSecure,
BearSSL::WiFiServerSecure, etc.) you do NOT need to work in this
directory.
Normal users can simply use the libbearssl.a file already included in
the Arduino repo. Experienced users looking to work on the underlying
BearSSL-ESP8266 ported library can use this directory to automate the
build flow.
Prerequisites
The tools directory needs to be populated (i.e. Arduino IDE should be able
to compile an executable probect. get.py should ensure this).
UNIX-like system (Linux, Mac):
If you need to change the *.t0 (Forth-like language) you will need a
.NET-compatible runtime (such as mono under Linux) to rebuild the
resulant .c files.
For Windows (untested)
Microsoft's .NET runtime must be installed to run the .t0->.c workflow.
Building
make all: Init the submodule, if needed, then build but do not install the librarymake install: Init the submodule, if needed, then build and copy the library to the standard location intools/sdk/lib
Editing the library
https://github.com/earlephilhower/bearssl-esp8266 is the current repository
for this library. A git remote to the original BearSSL sources from
https://bearssl.org/git/BearSSL is added on submodule init. You can either
manually do pulls, or make merge-upstream to bring in any BearSSL upstream
changes.
Documentation in the library README-esp8266 and git log describes the changes done.
Feel free to drop me a line at earlephilhower@yahoo.com if you have questions.
-Earle F. Philhower, III