arduino-libraries / arduinobearssl Goto Github PK

View Code? Open in Web Editor NEW

82.0 82.0 47.0 802 KB

Port of BearSSL to Arduino

License: MIT License

C 97.57% C++ 2.43%

arduinobearssl's People

Contributors

Stargazers

Watchers

Forkers

sandeepmistry namezis clpopescu-1999-02 rsora rxxxp arduinolibrariesforks dniprox ilcato soapwood ravelab gypsybud rocketct sitase home-pi manchoz jamshid-alinejad pascualy artronshop mpfeil orange-opensource jiazzz giulcioffi wilvk seaniefs cbiscuitsurprise 530tatted530 tumtum23 harringaymakerspace arduino-collections buoys-dev zengyili tzzee etakata jackrobotics vitomir2 alexxmos rleclair pennam megareyka richard26a techsd dev-oni martinxbcn vienthonglelam imatrisciano

arduinobearssl's Issues

Missing data at the end of a read

Here the connection might already by closed but there may still be data available in the client's buffer. To work correctly, it should be changed to

return c->read(buf, len);

`ArduinoBearSSLConfig.h` in sketch folders not accessible to library

I installed the BearSSL library latest version. I put the ArduinoBearSSLConfig.h file in the same directory as my sketch, and modified it to uncomment the line:

#define ARDUINO_DISABLE_ECCX08

In my sketch I have

#include "ArduinoBearSSLConfig.h"
#include <ArduinoBearSSL.h>

But I get a compile error:

Error compiling for board Arduino/Genuino MKR1000

I also tried adding the #define at the top of my sketch, but still get the compile error.

I thought I saw someone else using this library with MKR1000, so I must be missing something.

AES128 runEnc() cause RP2040 to hard lock

            } else if (command == "9") {
              AES128Class AES128;
              int inputMessageIndex = receivedMessage.indexOf("$", commandIndex + 1);
              String inputMessage = receivedMessage.substring(commandIndex + 1, inputMessageIndex);
              int length = inputMessage.length();
              char input[length + 1];
              uint8_t UInput[length + 1];
              inputMessage.toCharArray(input, length + 1);
              convertCharToUint8(input, UInput, length);
              AES128.runEnc(UApplicationKey, sizeof(UApplicationKey), UInput, length, UApplicationIV); 
              printHex(UInput, length);
            } else if (command == "10") {

When attempting to run AES128 encryption the device will hard lock without crashing or panicking

Upgrade to latest GitHub Action based CI

https://www.arduino.cc/en/Reference/ArduinoBearSSL link in README gives a 404

ArduinoBearSsl without eec

How do you use Bearssl without using a crypto chip. How do you atrach the private, public, and certificate?

Thanks

How to shrink the library to a minimal IoT version

Hello,

First of all Thanks for your work!
As this is my first ever comment on GitHub I'm not quite sure whether I am right here but anyways..

I do need to make my UNO WiFi Rev 2 an AWS "Thing". So I followed the instructions given here:
https://create.arduino.cc/projecthub/Arduino_Genuino/securely-connecting-an-arduino-mkr-wifi-1010-to-aws-iot-core-a9f365
Which went fine until compiling, as the Flash of the UNO is only 48kB which I overshot by 400%.

Searching the internet gave me no solution, only other people with the same problem. On https://www.bearssl.org/sizes.html I found a size calculator and some information making me guess, that it should be possible to shrink the library for that specific use case to a compiled size of less than 20kB. Alone - I don't know how and commenting out section by section is not .... efficient.

So: Is there a way to have that exact functionality as given in the first link but with no more than 30kB of compiled size? And if so, how would I do that?

Thank you!
Chris

P.S. Reducing the buffer size helped, but still > 100% of the available memory blocked and I can't assess how low I can go

undefined reference to `_gettimeofday' when compiling on a Teensy4.0

I keep getting undefined reference to `_gettimeofday issue when importing the ArduinoBearSSL library.

undefined reference to `_gettimeofday'

Linking .pio\build\teensy40\firmware.elf
c:/users/ganna/.platformio/packages/toolchain-gccarmnoneeabi/bin/../lib/gcc/arm-none-eabi/5.4.1/../../../../arm-none-eabi/lib/armv7e-m/fpu/fpv5-d16\libc.a(lib_a-gettimeofdayr.o): In function `_gettimeofday_r':
gettimeofdayr.c:(.text._gettimeofday_r+0x10): undefined reference to `_gettimeofday'
collect2.exe: error: ld returned 1 exit status
*** [.pio\build\teensy40\firmware.elf] Error 1

the fix mentioned arduino/Arduino#9413 seems to solve it.

But wanted to understand the reason for this issue? any help is appreciated.

Thanks

RSA support

Digital Signatures are a very big need and they usually rely in PKCS1.5 algorithm.
Currently BearSSL provides the algorithmic implementation but it cannot be accessed through the ArduinoBearSSL library since the object layer is missing.
It would be great if this could be made and shared.

Handshake SSL Certificate

hello friend
how can I use this function so that it recevies Auto handshake without certificate???
exp : when using class esp8266secure can get data handshake & its dosent need cert.h class or function & gets the certificate automaticaly the same as chrome browser when searching the web site
thx

Add CI badges to repository README

Good morning @per1234 👋
After you've already successfully added CI to this repository may I ask you to add the corresponding CI badges to the README of this repository?

Support for ATECC608A-TNGTLS thumbprint certificate

Hello Team,

The ATECC608B-TNGTLS comes pre-configured and pre-provisioned with default thumbprint certificates and keys which can be used the cloud infrastructure would not require verification of the thumbprint certificate by a certificate authority. Can ArduinoBearSSL along with ArduinoECCX08 leverage this functionality eliminating the need to create a CSR ( coming from this tutorial ) and register it with AWS using Multi-Account Registration?

Add DSTRootCAX3.crt to BearSSLTrustAnchors

This is needed for seamless access to Let'sEncrypt-enabled websites

Error "SHA1Class SHA1" on an ESP32 when including HTTPClient.h

I am trying to use the HMACSHA256 signing capability on an ESP32 but I also need the HTTPClient.

When I include the HTTPClient.h, which depends on WiFiClientSecure.h in your sample, I get a redeclaration issue.

Sample code:

  /*
    ArduinoBearSSL SHA256
  
    This sketch demonstrates how to create a SHA256 hash and HMAC
    for an input string.
  
    This example code is in the public domain.
  */
  
  #include <HTTPClient.h>
  #include <ArduinoBearSSL.h>
  #include "SHA256.h"
  
  #ifdef ARDUINO_ARCH_MEGAAVR
  // Create the object
  SHA256Class SHA256;
  #endif
  
  void setup() {
    Serial.begin(9600);
    while (!Serial);
  
    // expect 0xE3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
    printSHA256("");
  
    // expect 0xD7A8FBB307D7809469CA9ABCB0082E4F8D5651E46D3CDB762D02D0BF37C9E592
    printSHA256("The quick brown fox jumps over the lazy dog");
  
    // expect 0xB613679A0814D9EC772F95D778C35FC5FF1697C493715653C6C712144292C5AD
    printHMACSHA256("", "");
  
    // expect 0xF7BC83F430538424B13298E6AA6FB143EF4D59A14946175997479DBC2D1A3CD8
    printHMACSHA256("key", "The quick brown fox jumps over the lazy dog");
  }
  
  void loop() {
  }
  
  void printSHA256(const char* str) {
    Serial.print("SHA256 of '");
    Serial.print(str);
    Serial.print("' is 0x");
  
    SHA256.beginHash();
    SHA256.print(str);
    SHA256.endHash();
  
    printResult();
  }
  
  void printHMACSHA256(const char* secret, const char* str) {
    Serial.print("HMAC-SHA256 of '");
    Serial.print(str);
    Serial.print("' with secret '");
    Serial.print(secret);
    Serial.print("' is 0x");
  
    SHA256.beginHmac(secret);
    SHA256.print(str);
    SHA256.endHmac();
  
    printResult();
  }
  
  void printResult()
  {
    while (SHA256.available()) {
      byte b = SHA256.read();
  
      if (b < 16) {
        Serial.print("0");
      }
  
      Serial.print(b, HEX);
    }
    Serial.println();
  }

Error:

  In file included from d:\Onedrive - Microsoft\Documents\Arduino\libraries\ArduinoBearSSL\src/ArduinoBearSSL.h:35,
                   from C:\Users\kevinsay\AppData\Local\Temp\.arduinoIDE-unsaved2023911-24336-1vv5l1k.d1vj\SHA256\SHA256.ino:11:
  d:\Onedrive - Microsoft\Documents\Arduino\libraries\ArduinoBearSSL\src/SHA1.h:50:18: error: 'SHA1Class SHA1' redeclared as different kind of symbol
   extern SHA1Class SHA1;
                    ^~~~
  In file included from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11/tools/sdk/esp32s3/include/hal/include/hal/sha_types.h:25,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11/tools/sdk/esp32s3/include/mbedtls/port/include/sha512_alt.h:28,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/sha512.h:69,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11/tools/sdk/esp32s3/include/mbedtls/mbedtls/include/mbedtls/entropy.h:34,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11\libraries\WiFiClientSecure\src/ssl_client.h:11,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11\libraries\WiFiClientSecure\src/WiFiClientSecure.h:26,
                   from C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11\libraries\HTTPClient\src/HTTPClient.h:37,
                   from C:\Users\kevinsay\AppData\Local\Temp\.arduinoIDE-unsaved2023911-24336-1vv5l1k.d1vj\SHA256\SHA256.ino:10:
  C:\Users\kevinsay\AppData\Local\Arduino15\packages\esp32\hardware\esp32\2.0.11/tools/sdk/esp32s3/include/esp_rom/include/esp32s3/rom/sha.h:25:5: note: previous declaration 'SHA_TYPE SHA1'
       SHA1 = 0,
       ^~~~
  
  exit status 1
  
  Compilation error: exit status 1

Works with 1.5.0, not with 1.6.0

I'm using ArduinoBearSSL to connect to server with TLS and its works with the 1.5.0 release butnot with the 1.6.0 release. Going back through the commits trying each it breaks with this change: #31

The server does have a certificate with an ECDSA key.

Is there some bug, or am I suppose to explicitly call setEccVrfy/setEccSign now? And if so what would the arg be?

Making ArduinoECCX08 optional ?

I'm opening this issue to know if it would be possible to make ArduinoECCX08 optional?

Indeed, I'm currently using ArduinoBearSSL on an Arduino MKR NB 1500 but without using the ArduinoECCX08 (thanks to setEccVrfy, setEccSign, etc.).
I'm planning to continue to use ArduinoBearSSL on a STM32 board so I made some modifications to protect all the ArduinoECC08 specific code by ifndef ARDUINO_DISABLE_ECCX08.
Ideally, I would like to upstream this modification but I'm not sure if it makes sense for you and I don't know if there is a standard way to declare or manage optional dependency in the Arduino world (i.e. if Arduino was autotools/cmake/meson based, I would declare an option such as --disable-eccx08).

Root certificates work for port 443, but not for port 8883 (MQTTS)

uploading root certificate of www.google.com:443 on an Arduino MKR Wifi 1010 and connecting afterwards to it with the example WifiSSLClient works perfectly.
But all my trials to connect via port 8883 TLS encrypted with a ca_certificate failed. I tried a local MQTTS-Broker and also the test.mosquitto.org broker. Uploading certificates onto the board for the domains

test.mosquitto.org:443
test.mosquitt.org:8883
mosquitto.org (which defaults to mosquitto.org:443)

finished with no errors, but the connection fails. It shows a -2 error code when asking with MqttClient.connectError() for it. The MqttClient object is derived from BearSSLClient.

I also posted this issue in the arduino.cc forum:
https://forum.arduino.cc/t/mqtts-with-arduino-mkr-wifi-1010/1094414

Custom CA certificate

I'm trying to use ArduinoBearSSL on an Arduino Nano 33 IoT board to talk to a server that requires mutual TLS, but can't get it to work. I'm guessing its because the server is using a custom certificate which ArduinoBearSSL doesn't know about.

I've tried using setInsecure(BearSSLClient::SNI::Insecure) but that I think must also disables presenting the client certificate thats set with sslClient.setEccSlot call, so the TLS connection still fails.

How can I set a custom CA certificate? Is there any API to do that?

TIA!

BSSL:Couldn't connect. Error = 'Unknown error code. when using different router

I am having a weird problem: everything works fine when my eps8266ex (esp-01s) is connected to my ASUS Router that connects to my modem. However, when I try to connect to an old Access Point, the bot connection stops working and apparently it jam's the entire connection to that Access Point. This access point is connected to the Asus Router.

The Router seems to be working fine with my laptop, I use it daily and the performance is OK. I have tried many different versions of the esp8266 core (from 2.4.2 onwards) with no success.

The error I am getting is this:

20:30:59.796 -> connected with Coxinha-Sala, channel 3 
20:30:59.796 -> dhcp client start... 
20:30:59.831 -> ip:192.168.20.28,mask:255.255.255.0,gw:192.168.20.1 
20:31:00.043 -> BSSL:_connectSSL: start connection 
20:31:00.315 -> BSSL:_wait_for_handshake: failed 
20:31:00.315 -> BSSL:Couldn't connect. Error = 'Unknown error code.' 
20:31:00.315 -> numNewMessages: 0 
20:31:01.539 -> BSSL:_connectSSL: start connection 
20:31:01.810 -> BSSL:_wait_for_handshake: failed 
20:31:01.810 -> BSSL:Couldn't connect. Error = 'Unknown error code.' 
20:31:01.810 -> numNewMessages: 0 
20:31:03.039 -> BSSL:_connectSSL: start connection 
20:31:03.313 -> BSSL:_wait_for_handshake: failed 
20:31:03.313 -> BSSL:Couldn't connect. Error = 'Unknown error code.' 
20:31:03.313 -> numNewMessages: 0 
20:31:04.546 -> BSSL:_connectSSL: start connection 
20:31:04.784 -> BSSL:_wait_for_handshake: failed 
20:31:04.784 -> BSSL:Couldn't connect. Error = 'Unknown error code.' 
20:31:04.784 -> numNewMessages: 0 
20:31:05.783 -> state: 5 -> 2 (3c0) 
20:31:05.783 -> rm 0 
20:31:05.783 -> BSSL:connect: Unable to connect TCP socket 
20:31:05.783 -> numNewMessages: 0 
20:31:06.793 -> reconnect 
20:31:06.793 -> state: 2 -> 0 (0) 
20:31:06.793 -> BSSL:connect: Unable to connect TCP socket 
20:31:06.793 -> numNewMessages: 0 
20:31:06.929 -> scandone 
20:31:06.929 -> state: 0 -> 2 (b0) 20:31:06.929 -> state: 2 -> 3 (0) 
20:31:06.929 -> state: 3 -> 5 (10) 20:31:06.929 -> add 0 
20:31:06.929 -> aid 2 20:31:06.929 -> cnt 
20:31:07.794 -> BSSL:connect: Unable to connect TCP socket 
20:31:07.794 -> numNewMessages: 0 
20:31:07.827 ->

and my source code (very simple):

#include <ESP8266WiFi.h>
#include <WiFiClientSecure.h>

#include <ESP8266WebServer.h>
#include <ESP8266mDNS.h>
#include <UniversalTelegramBot.h>

#ifndef STASSID
#define STASSID "Coxinha-Sala"
#define STAPSK "mercadolivrez"
#define BOTTOKEN "1041453184:AAH4WVWmWLyQ62btyxV5-gWqetUZB_306GY"
#endif

const char* ssid = STASSID;
const char* password = STAPSK;
const char* bot_token = BOTTOKEN;

ESP8266WebServer server(80);

const int ledPin = 2;
WiFiClientSecure client;
UniversalTelegramBot *bot;
const int Bot_mtbs = 1000; //mean time between scan messages
long Bot_lasttime; //last time messages' scan has been done

void handleRoot() {
digitalWrite(ledPin, LOW);
server.send(200, "text/plain", "hello from esp8266!");
delay(300);
digitalWrite(ledPin, HIGH);
}

void setup(void) {
pinMode(ledPin, OUTPUT);
digitalWrite(ledPin, 0);
Serial.begin(115200);

startLedSequence();

WiFi.mode(WIFI_STA);
WiFi.begin(ssid, password);
Serial.println("");

// Wait for connection
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("");
Serial.print("Connected to ");
Serial.println(ssid);
Serial.print("IP address: ");
Serial.println(WiFi.localIP());

if (MDNS.begin("esp8266")) {
Serial.println("MDNS responder started");
}

server.on("/", handleRoot);

server.on("/inline", {
server.send(200, "text/plain", "this works as well");
});

server.onNotFound(handleNotFound);

server.begin();
Serial.println("HTTP server started");

client.setInsecure();

bot = new UniversalTelegramBot(bot_token, client);

Serial.println(ESP.getFullVersion());
}

void loop(void) {
server.handleClient();
MDNS.update();

if (millis() > Bot_lasttime + Bot_mtbs) {
int numNewMessages = bot->getUpdates(bot->last_message_received + 1) + 0;
Serial.println("numNewMessages: " + (String)numNewMessages);
while (numNewMessages) {
Serial.println("Message received from: " + bot->messages[0].from_id);
// handleNewMessages(numNewMessages);
numNewMessages = bot->getUpdates(bot->last_message_received + 1);
}
Bot_lasttime = millis();
}
}

void startLedSequence() {
Serial.println("Starting...");

digitalWrite(ledPin, HIGH); // Turn the LED off by making the voltage HIGH
Serial.println("ledPin off");

Serial.println("Starting led sequence completed.");

}

void handleNewMessages(int numNewMessages) {

Serial.println("Received " + String(numNewMessages) + " new request(s)...");

}

failed to send a long data ( > 512bytes )

Hello team,

I failed to send a long data(> 512bytes), using BearSSLClient::write(const uint8_t *buf, size_t size)

Suppose that buf stored 600 bytes data and br_sslio_write() could send 512 bytes at maximum each call.

Call write(buf, 600)

Expected behavior
write() sends 600 bytes and returns 600

Current behavior
write() sends 1024 bytes and returns 1024

Detail:

User calls write(buf, 600)
First time execution in the while loop
- br_sslio_write() sends 512 bytes from &buf[0] and returns 512, buf points at &buf[512], written = 512
written < size is true
Second time execution in the while loop
- br_sslio_write() sends 512 bytes from &buf[512] and returns 512, buf points at &buf[1024], written = 1024
written < size is false and escaping from the loop
write() returns 1024

To fix this issue, I'd like to change here
from:
int result = br_sslio_write(&_ioc, buf, size);
to:
int result = br_sslio_write(&_ioc, buf, size - written);

sslClient.setInsecure(BearSSLClient::SNI::Insecure);

Good day,

We are developing an Arduino based device that sends an https post to a server. We use the Arduino MKR Zero and an ethernet shield. When we use this function:

sslClient.setInsecure(BearSSLClient::SNI::Insecure);

We get this error when the compilation is done:

'class BearSSLClient' has no member named 'setInsecure'

Do you know what could be the origin of this error?

A bad connection causes an inifinite loop (at least on an ESP32 but I think also on an Arduino)

The problem of #56 is even bigger: ::ClientRead() and ::ClientWrite() are called in bearssl ssl_io.c. If the socket client connection (Client *c) is lost or reset by the peer, both c->read(buf, len) and c->write(buf, len) will return a 0 (at least on the ESP32 but I think this is standard behavior also on an Arduino) thus causing an infinite loop in static int run_until(br_sslio_context *ctx, unsigned target) in ssl_io.c.

In my situation this problem occurs on a bad WiFi connection, but I think it may also occur on a bad tcp/ip connection or if the peer closes the connection.

One solution would be to add a timeout in the run_until() function, but I think it is better not to touch the original library. So I made adaptations to ::ClientRead() and ::ClientWrite() that involve static variables, which I think is a bad programming habit, but this is the only way to record a state between calls to these functions.
I did not introduce a new timeout value, but use the value of the socket client c->getTimeout().

int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len)
{
  static bool notAvailableFlag = false;
  static uint32_t lastNotAvailableMillis;

  Client* c = (Client*)ctx;

  if (!c->connected() && !c->available()) {

    return -1;			// connection lost or closed by peer (in ssl_io.c low_read, which points to this function, fails on a -1. which it should if a connection is lost)
  }

  int result = c->read(buf, len);
  if (result == 0) {
    if(notAvailableFlag) {
      if(millis() - lastNotAvailableMillis > c->getTimeout()) {
        notAvailableFlag = false;  // for the next round

        return -1;		// timout read (in ssl_io.c low_read, which points to this function, fails on a -1. which it should if a connection is lost or closed by peer)
      }
    } else {
      notAvailableFlag = true; // First time no data available
      lastNotAvailableMillis = millis();
    }
  
    delay(10);			// Needed?
  } else {
    notAvailableFlag = false; // This flag was set but new data is available, so start again
  }

#ifdef DEBUGSERIAL
  DEBUGSERIAL.print("BearSSLClient::clientRead - ");
  DEBUGSERIAL.print(result);
  DEBUGSERIAL.print(" - ");  
  for (size_t i = 0; i < result; i++) {
    byte b = buf[i];

    if (b < 16) {
      DEBUGSERIAL.print("0");
    }
    DEBUGSERIAL.print(b, HEX);
  }
  DEBUGSERIAL.println();
#endif

  return result;
}

int BearSSLClient::clientWrite(void *ctx, const unsigned char *buf, size_t len)
{
  static bool notAvailableForWriteFlag = false;
  static uint32_t lastNotAvailableForWriteMillis;

  Client* c = (Client*)ctx;

  if (!c->connected()) {

    return -1;			// connection lost or closed by peer (in ssl_io.c low_write, which points to this function, fails on a -1. which it should if a connection is lost)
  }

  int result = c->write(buf, len);
  if (result == 0) {

    if(notAvailableForWriteFlag) {
      if(millis() - lastNotAvailableForWriteMillis > c->getTimeout()) {
        notAvailableForWriteFlag = false;  // for the next round

        return -1;		// timout write (in ssl_io.c low_write, which points to this function, fails on a -1. which it should if a connection is lost or closed by peer)
      }
    } else {
      notAvailableForWriteFlag = true; // First time impossible to write data to peer
      lastNotAvailableForWriteMillis = millis();
    }

    delay(10);			// Needed?
  } else {
    notAvailableForWriteFlag = false; // This flag was set but new data was written, so start again
  }

#ifdef DEBUGSERIAL
  DEBUGSERIAL.print("BearSSLClient::clientWrite - ");
  DEBUGSERIAL.print(len);
  DEBUGSERIAL.print(" - ");
  for (size_t i = 0; i < len; i++) {
    byte b = buf[i];

    if (b < 16) {
      DEBUGSERIAL.print("0");
    }
    DEBUGSERIAL.print(b, HEX);
  }
  DEBUGSERIAL.println();
#endif

  return result;
}

RAM usage

Thank you for this great library. It works great but is using more than 60% of my available RAM. Is there any way to reduce the BearSSL memory usage (with compilation or linking options, removing some BearSSL source code ...etc)?

Add CI support

Hi @per1234 👋 I was wondering if you could add the usual Arduino CI support package for this repository? I just noticed that we don't have any CI in place here.

ALPN support would be nice

Needed for MQTT to AWS IoT per https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html (if you have the default MQTTs port filtered out).

Support is in BearSSL, so it should just be a matter of exposing the possibility to configure.

Handshake SSL certificate

Add GitHub Actions workflow to synchronise with shared repository labels

Possible error in BEAR_SSL_CLIENT_IBUF_SIZE calculation

In BearSSLClient.h line 40-45 the values for BEAR_SSL_CLIENT_OBUF_SIZE and BEAR_SSL_CLIENT_IBUF_SIZE are calculated.

ArduinoBearSSL/src/BearSSLClient.h

Lines 40 to 46 in 5c27869

    
           #ifndef BEAR_SSL_CLIENT_OBUF_SIZE 
        
           #define BEAR_SSL_CLIENT_OBUF_SIZE 512 + 85 
        
           #endif 
        
           #ifndef BEAR_SSL_CLIENT_IBUF_SIZE 
        
           #define BEAR_SSL_CLIENT_IBUF_SIZE 8192 + 85 + 325 - BEAR_SSL_CLIENT_OBUF_SIZE 
        
           #endif

By writing so, BEAR_SSL_CLIENT_OBUF_SIZE will be computed to be 512+85 = 597.
I would expect BEAR_SSL_CLIENT_IBUF_SIZE to be 8192 + 85 + 325 - 597 = 8005
But by using defines the code for BEAR_SSL_CLIENT_IBUF_SIZE actually compiles to 8192 + 85 + 325 - 512 + 85 = 8175

I don't know if this is intended behaviour. If it's not, things can be fixed by just adding some parenthesis

#ifndef BEAR_SSL_CLIENT_OBUF_SIZE
#define BEAR_SSL_CLIENT_OBUF_SIZE (512 + 85)
#endif

#ifndef BEAR_SSL_CLIENT_IBUF_SIZE
#define BEAR_SSL_CLIENT_IBUF_SIZE (8192 + 85 + 325 - BEAR_SSL_CLIENT_OBUF_SIZE)
#endif

No Documentation or Forum Support for libary

Besides the canned examples (in another libary) there is no documentation how to use the library or support in the forum.

BearSSL reference is not a 1 for 1 match for the functions in this library so it can not be readily referenced.

Some basic documentation or usable references would be helpful.

Thanks

Bruce

New release?

Do you plan on making a new release any time soon?

	#ifndef BEAR_SSL_CLIENT_OBUF_SIZE
	#define BEAR_SSL_CLIENT_OBUF_SIZE 512 + 85
	#endif

	#ifndef BEAR_SSL_CLIENT_IBUF_SIZE
	#define BEAR_SSL_CLIENT_IBUF_SIZE 8192 + 85 + 325 - BEAR_SSL_CLIENT_OBUF_SIZE
	#endif

arduino-libraries / arduinobearssl Goto Github PK

arduinobearssl's People

Contributors

Stargazers

Watchers

Forkers

arduinobearssl's Issues

Recommend Projects

Recommend Topics

Recommend Org