lmoskala/SSLClient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

reduced memory usage, at the cost of performance

Browse source
This commit is contained in:
Noah Laptop 2019-07-22 17:07:54 -07:00
parent 5d1c32d3c3
commit 0538c30081
4 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -1,6 +1,6 @@
# SSLClient - Arduino Library For SSL # SSLClient - Arduino Library For SSL
**SSLClient requires at least 110kb flash and 8kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.** **SSLClient requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.**
You can also view this README in [doxygen](https://openslab-osu.github.io/SSLClient/html/index.html). You can also view this README in [doxygen](https://openslab-osu.github.io/SSLClient/html/index.html).
@ -10,7 +10,7 @@ SSLClient is a simple library to add [TLS 1.2](https://www.websecurity.symantec.
Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient). There are a few extra things, however, that you will need to get started: Using SSLClient should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient). There are a few extra things, however, that you will need to get started:
1. A board with a lot of resources (>110kb flash and >8kb RAM), and a network peripheral with a large internal buffer (>8kb). This library was tested with the [Adafruit Feather M0](https://www.adafruit.com/product/2772) (256K flash, 32K RAM) and the [Adafruit Ethernet Featherwing](https://www.adafruit.com/product/3201) (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the [Implementation Gotchas](#sslclient-with-ethernet)). 1. A board with a lot of resources (>110kb flash and >7kb RAM), and a network peripheral with a large internal buffer (>7kb). This library was tested with the [Adafruit Feather M0](https://www.adafruit.com/product/2772) (256K flash, 32K RAM) and the [Adafruit Ethernet Featherwing](https://www.adafruit.com/product/3201) (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the [Implementation Gotchas](#sslclient-with-ethernet)).
2. A header containing array of trust anchors, which will look like [this file](./readme/cert.h). These are used to verify the SSL connection later on, and without them you will be unable to use this library. Check out [this document](./TrustAnchors.md) on how to generate this file for your project, and for more information about what a trust anchor is. 2. A header containing array of trust anchors, which will look like [this file](./readme/cert.h). These are used to verify the SSL connection later on, and without them you will be unable to use this library. Check out [this document](./TrustAnchors.md) on how to generate this file for your project, and for more information about what a trust anchor is.
3. A Client class associated with a network interface. We tested this library using [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient), however in theory it will work for any class implementing Client. 3. A Client class associated with a network interface. We tested this library using [EthernetClient](https://www.arduino.cc/en/Reference/EthernetClient), however in theory it will work for any class implementing Client.
4. An analog pin, used for generating random data at the start of the connection (see the [Implementation Gotchas](#implementation-gotchas)). 4. An analog pin, used for generating random data at the start of the connection (see the [Implementation Gotchas](#implementation-gotchas)).

2
library.properties
View file

@ -1,5 +1,5 @@
name=SSLClient name=SSLClient
version=1.1.1 version=1.1.2
author=Noah Koontz <koontzn@oregonstate.edu> author=Noah Koontz <koontzn@oregonstate.edu>
maintainer=OPEnS Lab maintainer=OPEnS Lab
sentence=Arduino library to add SSL functionality to any Client class sentence=Arduino library to add SSL functionality to any Client class

4
src/SSLClientImpl.cpp
View file

@ -575,9 +575,9 @@ unsigned SSLClientImpl::m_update_engine() {
m_info(mem, func_name); m_info(mem, func_name);
// free memory check // free memory check
// BearSSL takes up so much memory on the stack it tends // BearSSL takes up so much memory on the stack it tends
// to overflow if there isn't at least 8000 bytes available // to overflow if there isn't at least 7000 bytes available
// when it starts // when it starts
if(mem < 8000) { if(mem < 7000) {
m_error("Out of memory! Decrease the number of sessions or the size of m_iobuf", func_name); m_error("Out of memory! Decrease the number of sessions or the size of m_iobuf", func_name);
setWriteError(SSL_OUT_OF_MEMORY); setWriteError(SSL_OUT_OF_MEMORY);
stop_impl(); stop_impl();

2
src/SSLClientImpl.h
View file

@ -199,7 +199,7 @@ private:
* As a rule of thumb SSLClient will fail if it does not have at least 8000 bytes when starting a * As a rule of thumb SSLClient will fail if it does not have at least 8000 bytes when starting a
* connection. * connection.
*/ */
unsigned char m_iobuf[BR_SSL_BUFSIZE_MONO / 8]; unsigned char m_iobuf[1536];
static_assert(sizeof m_iobuf <= BR_SSL_BUFSIZE_BIDI, "m_iobuf must be below maximum buffer size"); static_assert(sizeof m_iobuf <= BR_SSL_BUFSIZE_BIDI, "m_iobuf must be below maximum buffer size");
// store the index of where we are writing in the buffer // store the index of where we are writing in the buffer
// so we can send our records all at once to prevent // so we can send our records all at once to prevent