diff --git a/boards.txt b/boards.txt index db90994b33..083b5e740a 100644 --- a/boards.txt +++ b/boards.txt @@ -21,6 +21,7 @@ menu.exception=Exceptions menu.led=Builtin Led menu.wipe=Erase Flash menu.sdk=Espressif FW +menu.ssl=SSL Support ############################################################## generic.name=Generic ESP8266 Module @@ -53,6 +54,10 @@ generic.menu.exception.disabled.build.stdcpp_lib=-lstdc++ generic.menu.exception.enabled=Enabled generic.menu.exception.enabled.build.exception_flags=-fexceptions generic.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +generic.menu.ssl.all=All SSL ciphers (most compatible) +generic.menu.ssl.all.build.sslflags= +generic.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +generic.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC generic.menu.ResetMethod.ck=ck generic.menu.ResetMethod.ck.upload.resetmethod=ck generic.menu.ResetMethod.nodemcu=nodemcu @@ -499,6 +504,10 @@ esp8285.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp8285.menu.exception.enabled=Enabled esp8285.menu.exception.enabled.build.exception_flags=-fexceptions esp8285.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +esp8285.menu.ssl.all=All SSL ciphers (most compatible) +esp8285.menu.ssl.all.build.sslflags= +esp8285.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +esp8285.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp8285.menu.ResetMethod.ck=ck esp8285.menu.ResetMethod.ck.upload.resetmethod=ck esp8285.menu.ResetMethod.nodemcu=nodemcu @@ -774,6 +783,10 @@ espduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espduino.menu.exception.enabled=Enabled espduino.menu.exception.enabled.build.exception_flags=-fexceptions espduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espduino.menu.ssl.all=All SSL ciphers (most compatible) +espduino.menu.ssl.all.build.sslflags= +espduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espduino.build.flash_mode=dio espduino.build.flash_flags=-DFLASHMODE_DIO espduino.build.flash_freq=40 @@ -957,6 +970,10 @@ huzzah.menu.exception.disabled.build.stdcpp_lib=-lstdc++ huzzah.menu.exception.enabled=Enabled huzzah.menu.exception.enabled.build.exception_flags=-fexceptions huzzah.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +huzzah.menu.ssl.all=All SSL ciphers (most compatible) +huzzah.menu.ssl.all.build.sslflags= +huzzah.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +huzzah.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC huzzah.upload.resetmethod=nodemcu huzzah.build.flash_mode=qio huzzah.build.flash_flags=-DFLASHMODE_QIO @@ -1141,6 +1158,10 @@ inventone.menu.exception.disabled.build.stdcpp_lib=-lstdc++ inventone.menu.exception.enabled=Enabled inventone.menu.exception.enabled.build.exception_flags=-fexceptions inventone.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +inventone.menu.ssl.all=All SSL ciphers (most compatible) +inventone.menu.ssl.all.build.sslflags= +inventone.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +inventone.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC inventone.upload.resetmethod=nodemcu inventone.build.flash_mode=dio inventone.build.flash_flags=-DFLASHMODE_DIO @@ -1325,6 +1346,10 @@ cw01.menu.exception.disabled.build.stdcpp_lib=-lstdc++ cw01.menu.exception.enabled=Enabled cw01.menu.exception.enabled.build.exception_flags=-fexceptions cw01.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +cw01.menu.ssl.all=All SSL ciphers (most compatible) +cw01.menu.ssl.all.build.sslflags= +cw01.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +cw01.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC cw01.upload.resetmethod=nodemcu cw01.menu.CrystalFreq.26=26 MHz cw01.menu.CrystalFreq.40=40 MHz @@ -1512,6 +1537,10 @@ espresso_lite_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v1.menu.exception.enabled=Enabled espresso_lite_v1.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espresso_lite_v1.menu.ssl.all=All SSL ciphers (most compatible) +espresso_lite_v1.menu.ssl.all.build.sslflags= +espresso_lite_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espresso_lite_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v1.build.flash_mode=dio espresso_lite_v1.build.flash_flags=-DFLASHMODE_DIO espresso_lite_v1.build.flash_freq=40 @@ -1699,6 +1728,10 @@ espresso_lite_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espresso_lite_v2.menu.exception.enabled=Enabled espresso_lite_v2.menu.exception.enabled.build.exception_flags=-fexceptions espresso_lite_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espresso_lite_v2.menu.ssl.all=All SSL ciphers (most compatible) +espresso_lite_v2.menu.ssl.all.build.sslflags= +espresso_lite_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espresso_lite_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espresso_lite_v2.build.flash_mode=dio espresso_lite_v2.build.flash_flags=-DFLASHMODE_DIO espresso_lite_v2.build.flash_freq=40 @@ -1886,6 +1919,10 @@ phoenix_v1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v1.menu.exception.enabled=Enabled phoenix_v1.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +phoenix_v1.menu.ssl.all=All SSL ciphers (most compatible) +phoenix_v1.menu.ssl.all.build.sslflags= +phoenix_v1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +phoenix_v1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v1.build.flash_mode=dio phoenix_v1.build.flash_flags=-DFLASHMODE_DIO phoenix_v1.build.flash_freq=40 @@ -2073,6 +2110,10 @@ phoenix_v2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ phoenix_v2.menu.exception.enabled=Enabled phoenix_v2.menu.exception.enabled.build.exception_flags=-fexceptions phoenix_v2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +phoenix_v2.menu.ssl.all=All SSL ciphers (most compatible) +phoenix_v2.menu.ssl.all.build.sslflags= +phoenix_v2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +phoenix_v2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC phoenix_v2.build.flash_mode=dio phoenix_v2.build.flash_flags=-DFLASHMODE_DIO phoenix_v2.build.flash_freq=40 @@ -2260,6 +2301,10 @@ nodemcu.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcu.menu.exception.enabled=Enabled nodemcu.menu.exception.enabled.build.exception_flags=-fexceptions nodemcu.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +nodemcu.menu.ssl.all=All SSL ciphers (most compatible) +nodemcu.menu.ssl.all.build.sslflags= +nodemcu.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +nodemcu.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcu.upload.resetmethod=nodemcu nodemcu.build.flash_mode=qio nodemcu.build.flash_flags=-DFLASHMODE_QIO @@ -2444,6 +2489,10 @@ nodemcuv2.menu.exception.disabled.build.stdcpp_lib=-lstdc++ nodemcuv2.menu.exception.enabled=Enabled nodemcuv2.menu.exception.enabled.build.exception_flags=-fexceptions nodemcuv2.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +nodemcuv2.menu.ssl.all=All SSL ciphers (most compatible) +nodemcuv2.menu.ssl.all.build.sslflags= +nodemcuv2.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +nodemcuv2.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC nodemcuv2.upload.resetmethod=nodemcu nodemcuv2.build.flash_mode=dio nodemcuv2.build.flash_flags=-DFLASHMODE_DIO @@ -2628,6 +2677,10 @@ modwifi.menu.exception.disabled.build.stdcpp_lib=-lstdc++ modwifi.menu.exception.enabled=Enabled modwifi.menu.exception.enabled.build.exception_flags=-fexceptions modwifi.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +modwifi.menu.ssl.all=All SSL ciphers (most compatible) +modwifi.menu.ssl.all.build.sslflags= +modwifi.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +modwifi.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC modwifi.upload.resetmethod=ck modwifi.build.flash_mode=qio modwifi.build.flash_flags=-DFLASHMODE_QIO @@ -2822,6 +2875,10 @@ thing.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thing.menu.exception.enabled=Enabled thing.menu.exception.enabled.build.exception_flags=-fexceptions thing.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +thing.menu.ssl.all=All SSL ciphers (most compatible) +thing.menu.ssl.all.build.sslflags= +thing.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +thing.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thing.upload.resetmethod=ck thing.build.flash_mode=qio thing.build.flash_flags=-DFLASHMODE_QIO @@ -3006,6 +3063,10 @@ thingdev.menu.exception.disabled.build.stdcpp_lib=-lstdc++ thingdev.menu.exception.enabled=Enabled thingdev.menu.exception.enabled.build.exception_flags=-fexceptions thingdev.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +thingdev.menu.ssl.all=All SSL ciphers (most compatible) +thingdev.menu.ssl.all.build.sslflags= +thingdev.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +thingdev.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC thingdev.upload.resetmethod=nodemcu thingdev.build.flash_mode=dio thingdev.build.flash_flags=-DFLASHMODE_DIO @@ -3190,6 +3251,10 @@ esp210.menu.exception.disabled.build.stdcpp_lib=-lstdc++ esp210.menu.exception.enabled=Enabled esp210.menu.exception.enabled.build.exception_flags=-fexceptions esp210.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +esp210.menu.ssl.all=All SSL ciphers (most compatible) +esp210.menu.ssl.all.build.sslflags= +esp210.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +esp210.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC esp210.upload.resetmethod=ck esp210.build.flash_mode=qio esp210.build.flash_flags=-DFLASHMODE_QIO @@ -3374,6 +3439,10 @@ d1_mini.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini.menu.exception.enabled=Enabled d1_mini.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini.menu.ssl.all=All SSL ciphers (most compatible) +d1_mini.menu.ssl.all.build.sslflags= +d1_mini.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +d1_mini.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini.upload.resetmethod=nodemcu d1_mini.build.flash_mode=dio d1_mini.build.flash_flags=-DFLASHMODE_DIO @@ -3558,6 +3627,10 @@ d1_mini_pro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_pro.menu.exception.enabled=Enabled d1_mini_pro.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_pro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini_pro.menu.ssl.all=All SSL ciphers (most compatible) +d1_mini_pro.menu.ssl.all.build.sslflags= +d1_mini_pro.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +d1_mini_pro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_pro.upload.resetmethod=nodemcu d1_mini_pro.build.flash_mode=dio d1_mini_pro.build.flash_flags=-DFLASHMODE_DIO @@ -3725,6 +3798,10 @@ d1_mini_lite.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1_mini_lite.menu.exception.enabled=Enabled d1_mini_lite.menu.exception.enabled.build.exception_flags=-fexceptions d1_mini_lite.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1_mini_lite.menu.ssl.all=All SSL ciphers (most compatible) +d1_mini_lite.menu.ssl.all.build.sslflags= +d1_mini_lite.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +d1_mini_lite.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1_mini_lite.upload.resetmethod=nodemcu d1_mini_lite.build.flash_mode=dout d1_mini_lite.build.flash_flags=-DFLASHMODE_DOUT @@ -3949,6 +4026,10 @@ d1.menu.exception.disabled.build.stdcpp_lib=-lstdc++ d1.menu.exception.enabled=Enabled d1.menu.exception.enabled.build.exception_flags=-fexceptions d1.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +d1.menu.ssl.all=All SSL ciphers (most compatible) +d1.menu.ssl.all.build.sslflags= +d1.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +d1.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC d1.upload.resetmethod=nodemcu d1.build.flash_mode=dio d1.build.flash_flags=-DFLASHMODE_DIO @@ -4133,6 +4214,10 @@ espino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espino.menu.exception.enabled=Enabled espino.menu.exception.enabled.build.exception_flags=-fexceptions espino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espino.menu.ssl.all=All SSL ciphers (most compatible) +espino.menu.ssl.all.build.sslflags= +espino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espino.menu.ResetMethod.ck=ck espino.menu.ResetMethod.ck.upload.resetmethod=ck espino.menu.ResetMethod.nodemcu=nodemcu @@ -4320,6 +4405,10 @@ espinotee.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espinotee.menu.exception.enabled=Enabled espinotee.menu.exception.enabled.build.exception_flags=-fexceptions espinotee.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espinotee.menu.ssl.all=All SSL ciphers (most compatible) +espinotee.menu.ssl.all.build.sslflags= +espinotee.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espinotee.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espinotee.upload.resetmethod=nodemcu espinotee.build.flash_mode=qio espinotee.build.flash_flags=-DFLASHMODE_QIO @@ -4521,6 +4610,10 @@ wifinfo.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifinfo.menu.exception.enabled=Enabled wifinfo.menu.exception.enabled.build.exception_flags=-fexceptions wifinfo.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifinfo.menu.ssl.all=All SSL ciphers (most compatible) +wifinfo.menu.ssl.all.build.sslflags= +wifinfo.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +wifinfo.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifinfo.upload.resetmethod=nodemcu wifinfo.build.flash_mode=qio wifinfo.build.flash_flags=-DFLASHMODE_QIO @@ -4760,6 +4853,10 @@ arduino-esp8266.menu.exception.disabled.build.stdcpp_lib=-lstdc++ arduino-esp8266.menu.exception.enabled=Enabled arduino-esp8266.menu.exception.enabled.build.exception_flags=-fexceptions arduino-esp8266.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +arduino-esp8266.menu.ssl.all=All SSL ciphers (most compatible) +arduino-esp8266.menu.ssl.all.build.sslflags= +arduino-esp8266.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +arduino-esp8266.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC arduino-esp8266.upload.resetmethod=ck arduino-esp8266.build.flash_mode=qio arduino-esp8266.build.flash_flags=-DFLASHMODE_QIO @@ -4945,6 +5042,10 @@ gen4iod.menu.exception.disabled.build.stdcpp_lib=-lstdc++ gen4iod.menu.exception.enabled=Enabled gen4iod.menu.exception.enabled.build.exception_flags=-fexceptions gen4iod.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +gen4iod.menu.ssl.all=All SSL ciphers (most compatible) +gen4iod.menu.ssl.all.build.sslflags= +gen4iod.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +gen4iod.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC gen4iod.upload.resetmethod=nodemcu gen4iod.build.flash_mode=dio gen4iod.build.flash_flags=-DFLASHMODE_DIO @@ -5130,6 +5231,10 @@ oak.menu.exception.disabled.build.stdcpp_lib=-lstdc++ oak.menu.exception.enabled=Enabled oak.menu.exception.enabled.build.exception_flags=-fexceptions oak.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +oak.menu.ssl.all=All SSL ciphers (most compatible) +oak.menu.ssl.all.build.sslflags= +oak.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +oak.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC oak.upload.resetmethod=none oak.build.flash_mode=dio oak.build.flash_flags=-DFLASHMODE_DIO @@ -5314,6 +5419,10 @@ wifiduino.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifiduino.menu.exception.enabled=Enabled wifiduino.menu.exception.enabled.build.exception_flags=-fexceptions wifiduino.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifiduino.menu.ssl.all=All SSL ciphers (most compatible) +wifiduino.menu.ssl.all.build.sslflags= +wifiduino.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +wifiduino.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifiduino.upload.resetmethod=nodemcu wifiduino.build.flash_mode=dio wifiduino.build.flash_flags=-DFLASHMODE_DIO @@ -5498,6 +5607,10 @@ wifi_slot.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wifi_slot.menu.exception.enabled=Enabled wifi_slot.menu.exception.enabled.build.exception_flags=-fexceptions wifi_slot.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wifi_slot.menu.ssl.all=All SSL ciphers (most compatible) +wifi_slot.menu.ssl.all.build.sslflags= +wifi_slot.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +wifi_slot.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wifi_slot.upload.resetmethod=nodemcu wifi_slot.menu.FlashFreq.40=40MHz wifi_slot.menu.FlashFreq.40.build.flash_freq=40 @@ -5782,6 +5895,10 @@ wiolink.menu.exception.disabled.build.stdcpp_lib=-lstdc++ wiolink.menu.exception.enabled=Enabled wiolink.menu.exception.enabled.build.exception_flags=-fexceptions wiolink.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +wiolink.menu.ssl.all=All SSL ciphers (most compatible) +wiolink.menu.ssl.all.build.sslflags= +wiolink.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +wiolink.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC wiolink.upload.resetmethod=nodemcu wiolink.build.flash_mode=qio wiolink.build.flash_flags=-DFLASHMODE_QIO @@ -5966,6 +6083,10 @@ espectro.menu.exception.disabled.build.stdcpp_lib=-lstdc++ espectro.menu.exception.enabled=Enabled espectro.menu.exception.enabled.build.exception_flags=-fexceptions espectro.menu.exception.enabled.build.stdcpp_lib=-lstdc++-exc +espectro.menu.ssl.all=All SSL ciphers (most compatible) +espectro.menu.ssl.all.build.sslflags= +espectro.menu.ssl.basic=Basic SSL ciphers (lower ROM use) +espectro.menu.ssl.basic.build.sslflags=-DBEARSSL_SSL_BASIC espectro.upload.resetmethod=nodemcu espectro.build.flash_mode=dio espectro.build.flash_flags=-DFLASHMODE_DIO diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp index 4a2a68363f..e2f35b51ed 100644 --- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp +++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp @@ -744,6 +744,7 @@ extern "C" { * strong enough, and AES-256 is 40% more expensive). */ static const uint16_t suites_P[] PROGMEM = { +#ifndef BEARSSL_SSL_BASIC BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -780,15 +781,18 @@ extern "C" { BR_TLS_RSA_WITH_AES_256_CCM, BR_TLS_RSA_WITH_AES_128_CCM_8, BR_TLS_RSA_WITH_AES_256_CCM_8, +#endif BR_TLS_RSA_WITH_AES_128_CBC_SHA256, BR_TLS_RSA_WITH_AES_256_CBC_SHA256, BR_TLS_RSA_WITH_AES_128_CBC_SHA, BR_TLS_RSA_WITH_AES_256_CBC_SHA, +#ifndef BEARSSL_SSL_BASIC BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA +#endif }; // For apps which want to use less secure but faster ciphers, only @@ -826,16 +830,20 @@ extern "C" { br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0])); br_ssl_client_set_default_rsapub(cc); br_ssl_engine_set_default_rsavrfy(&cc->eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_ecdsa(&cc->eng); +#endif br_ssl_client_install_hashes(&cc->eng); br_ssl_engine_set_prf10(&cc->eng, &br_tls10_prf); br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); br_ssl_engine_set_prf_sha384(&cc->eng, &br_tls12_sha384_prf); br_ssl_engine_set_default_aes_cbc(&cc->eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_aes_gcm(&cc->eng); br_ssl_engine_set_default_aes_ccm(&cc->eng); br_ssl_engine_set_default_des_cbc(&cc->eng); br_ssl_engine_set_default_chapol(&cc->eng); +#endif } } @@ -882,7 +890,14 @@ bool WiFiClientSecure::_installClientX509Validator() { if (_knownkey->isRSA()) { br_x509_knownkey_init_rsa(_x509_knownkey.get(), _knownkey->getRSA(), _knownkey_usages); } else if (_knownkey->isEC()) { +#ifndef BEARSSL_SSL_BASIC br_x509_knownkey_init_ec(_x509_knownkey.get(), _knownkey->getEC(), _knownkey_usages); +#else + (void) _knownkey; + (void) _knownkey_usages; + DEBUG_BSSL("_installClientX509Validator: Attempting to use EC keys in minimal cipher mode (no EC)\n"); + return false; +#endif } br_ssl_engine_set_x509(_eng, &_x509_knownkey->vtable); } else { @@ -894,7 +909,9 @@ bool WiFiClientSecure::_installClientX509Validator() { } br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta ? _ta->getTrustAnchors() : nullptr, _ta ? _ta->getCount() : 0); br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); +#ifndef BEARSSL_SSL_BASIC br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); +#endif br_x509_minimal_install_hashes(_x509_minimal.get()); if (_now) { // Magic constants convert to x509 times @@ -953,9 +970,15 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) { br_ssl_client_set_single_rsa(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, _sk->getRSA(), br_rsa_pkcs1_sign_get_default()); } else if (_sk && _sk->isEC()) { +#ifndef BEARSSL_SSL_BASIC br_ssl_client_set_single_ec(_sc.get(), _chain ? _chain->getX509Certs() : nullptr, _chain ? _chain->getCount() : 0, _sk->getEC(), _allowed_usages, _cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default()); +#else + _freeSSL(); + DEBUG_BSSL("_connectSSL: Attempting to use EC cert in minimal cipher mode (no EC)\n"); + return false; +#endif } // Restore session from the storage spot, if present @@ -997,9 +1020,13 @@ bool WiFiClientSecure::_installServerX509Validator(const X509List *client_CA_ta) } br_x509_minimal_init(_x509_minimal.get(), &br_sha256_vtable, _ta->getTrustAnchors(), _ta->getCount()); br_ssl_engine_set_default_rsavrfy(_eng); +#ifndef BEARSSL_SSL_BASIC br_ssl_engine_set_default_ecdsa(_eng); +#endif br_x509_minimal_set_rsa(_x509_minimal.get(), br_ssl_engine_get_rsavrfy(_eng)); +#ifndef BEARSSL_SSL_BASIC br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); +#endif br_x509_minimal_install_hashes(_x509_minimal.get()); if (_now) { // Magic constants convert to x509 times @@ -1048,6 +1075,7 @@ bool WiFiClientSecure::_connectSSLServerRSA(const X509List *chain, bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk, const X509List *client_CA_ta) { +#ifndef BEARSSL_SSL_BASIC _freeSSL(); _oom_err = false; _sc_svr = std::make_shared(); @@ -1076,6 +1104,14 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain, } return _wait_for_handshake(); +#else + (void) chain; + (void) cert_issuer_key_type; + (void) sk; + (void) client_CA_ta; + DEBUG_BSSL("_connectSSLServerEC: Attempting to use EC cert in minimal cipher mode (no EC)\n"); + return false; +#endif } // Returns an error ID and possibly a string (if dest != null) of the last diff --git a/package/package_esp8266com_index.template.json b/package/package_esp8266com_index.template.json index 387f636c17..ec2314f7e1 100644 --- a/package/package_esp8266com_index.template.json +++ b/package/package_esp8266com_index.template.json @@ -299,4 +299,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/platform.txt b/platform.txt index 706d5b9c86..2ba6dfefa0 100644 --- a/platform.txt +++ b/platform.txt @@ -30,6 +30,8 @@ build.lwip_flags=-DLWIP_OPEN_SRC build.vtable_flags=-DVTABLES_IN_FLASH +build.sslflags= + build.exception_flags=-fno-exceptions build.stdcpp_lib=-lstdc++ @@ -44,7 +46,7 @@ compiler.libc.path={runtime.platform.path}/tools/sdk/libc/xtensa-lx106-elf compiler.cpreprocessor.flags=-D__ets__ -DICACHE_FLASH -U__STRICT_ANSI__ "-I{compiler.sdk.path}/include" "-I{compiler.sdk.path}/{build.lwip_include}" "-I{compiler.libc.path}/include" "-I{build.path}/core" compiler.c.cmd=xtensa-lx106-elf-gcc -compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} +compiler.c.flags=-c {compiler.warning_flags} -Os -g -Wpointer-arith -Wno-implicit-function-declaration -Wl,-EL -fno-inline-functions -nostdlib -mlongcalls -mtext-section-literals -falign-functions=4 -MMD -std=gnu99 -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags} compiler.S.cmd=xtensa-lx106-elf-gcc compiler.S.flags=-c -g -x assembler-with-cpp -MMD -mlongcalls @@ -55,7 +57,7 @@ compiler.c.elf.cmd=xtensa-lx106-elf-gcc compiler.c.elf.libs=-lhal -lphy -lpp -lnet80211 {build.lwip_lib} -lwpa -lcrypto -lmain -lwps -lbearssl -laxtls -lespnow -lsmartconfig -lairkiss -lwpa2 {build.stdcpp_lib} -lm -lc -lgcc compiler.cpp.cmd=xtensa-lx106-elf-g++ -compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} +compiler.cpp.flags=-c {compiler.warning_flags} -Os -g -mlongcalls -mtext-section-literals -fno-rtti -falign-functions=4 -std=c++11 -MMD -ffunction-sections -fdata-sections {build.exception_flags} {build.sslflags} compiler.as.cmd=xtensa-lx106-elf-as diff --git a/tools/boards.txt.py b/tools/boards.txt.py index fd9605116a..3338330f27 100755 --- a/tools/boards.txt.py +++ b/tools/boards.txt.py @@ -1074,6 +1074,15 @@ ( '.menu.wipe.all.upload.erase_cmd', 'erase_flash' ), ]), + ######################## SSL supported protocols + + 'ssl_cipher_menu': collections.OrderedDict([ + ( '.menu.ssl.all', 'All SSL ciphers (most compatible)' ), + ( '.menu.ssl.all.build.sslflags', ''), + ( '.menu.ssl.basic', 'Basic SSL ciphers (lower ROM use)' ), + ( '.menu.ssl.basic.build.sslflags', '-DBEARSSL_SSL_BASIC'), + ]), + } ################################################################ @@ -1384,6 +1393,7 @@ def all_boards (): print('menu.led=Builtin Led') print('menu.wipe=Erase Flash') print('menu.sdk=Espressif FW') + print('menu.ssl=SSL Support') print('') for id in boards: @@ -1397,7 +1407,7 @@ def all_boards (): print(id + optname + '=' + board['opts'][optname]) # macros - macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu' ] + macrolist = [ 'defaults', 'cpufreq_menu', 'vtable_menu', 'exception_menu', 'ssl_cipher_menu' ] if 'macro' in board: macrolist += board['macro'] if lwip == 2: