From 0f1b7ce57ea2dbcb8ad37d8d233e54ec4a247f13 Mon Sep 17 00:00:00 2001 From: "Dirk O. Kaar" Date: Thu, 8 Aug 2019 08:21:48 +0200 Subject: [PATCH 1/4] Per @earlephilhower suggestion --- cores/esp8266/Updater.cpp | 7 ++----- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 10 ++++++++++ 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index 2992d3c954..dd57b0f0d5 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -1,5 +1,4 @@ #include "Updater.h" -#include "Arduino.h" #include "eboot_command.h" #include @@ -11,10 +10,8 @@ #endif #if ARDUINO_SIGNING - #include "../../libraries/ESP8266WiFi/src/BearSSLHelpers.h" - static BearSSL::PublicKey signPubKey(signing_pubkey); - static BearSSL::HashSHA256 hash; - static BearSSL::SigningVerifier sign(&signPubKey); + extern UpdaterHashClass& hash; + extern UpdaterVerifyClass& sign; #endif extern "C" { diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index 6dcf0b384d..3afcc57011 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -900,4 +900,14 @@ make_stack_thunk(br_ssl_engine_sendrec_buf); #endif +#if ARDUINO_SIGNING +namespace { + static PublicKey signPubKey(signing_pubkey); + static HashSHA256 __hash; + static SigningVerifier __sign(&signPubKey); +} +extern UpdaterHashClass& hash = __hash; +extern UpdaterVerifyClass& sign = __sign; +#endif + }; From a1843c89be3fedf3a48cedc577398574717f1ef8 Mon Sep 17 00:00:00 2001 From: "Dirk O. Kaar" Date: Thu, 8 Aug 2019 10:31:24 +0200 Subject: [PATCH 2/4] Hints from @earlephilhower --- cores/esp8266/Updater.cpp | 4 +++- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 19 +++++++++++-------- libraries/ESP8266WiFi/src/BearSSLHelpers.h | 1 - 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index dd57b0f0d5..997d235b43 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -10,8 +10,10 @@ #endif #if ARDUINO_SIGNING +namespace BearSSL { extern UpdaterHashClass& hash; extern UpdaterVerifyClass& sign; +} #endif extern "C" { @@ -36,7 +38,7 @@ UpdaterClass::UpdaterClass() , _progress_callback(nullptr) { #if ARDUINO_SIGNING - installSignature(&hash, &sign); + installSignature(&BearSSL::hash, &BearSSL::sign); #endif } diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index 3afcc57011..53c7f8a495 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -20,6 +20,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#include "BearSSLHelpers.h" #include #include #include @@ -28,7 +29,10 @@ #include #include #include -#include "BearSSLHelpers.h" +#include +#ifndef ARDUINO_SIGNING + #define ARDUINO_SIGNING 0 +#endif namespace brssl { // Code here is pulled from brssl sources, with the copyright and license @@ -901,13 +905,12 @@ make_stack_thunk(br_ssl_engine_sendrec_buf); #endif #if ARDUINO_SIGNING -namespace { - static PublicKey signPubKey(signing_pubkey); - static HashSHA256 __hash; - static SigningVerifier __sign(&signPubKey); -} -extern UpdaterHashClass& hash = __hash; -extern UpdaterVerifyClass& sign = __sign; +static PublicKey signPubKey(signing_pubkey); +static HashSHA256 __hash; +static SigningVerifier __sign(&signPubKey); + +UpdaterHashClass& hash = __hash; +UpdaterVerifyClass& sign = __sign; #endif }; diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.h b/libraries/ESP8266WiFi/src/BearSSLHelpers.h index 2f6eb8e84e..282bab9cfb 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.h +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.h @@ -26,7 +26,6 @@ #include #include - // Internal opaque structures, not needed by user applications namespace brssl { class public_key; From f3565263ea0163f729384042f26eb97326ec86b1 Mon Sep 17 00:00:00 2001 From: "Dirk O. Kaar" Date: Thu, 8 Aug 2019 11:33:36 +0200 Subject: [PATCH 3/4] Namespace BearSSL in core "feels" wrong - using catch-all esp8266 instead. --- cores/esp8266/Updater.cpp | 4 ++-- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 17 +++++++++++------ 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index 997d235b43..152b183ef2 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -10,7 +10,7 @@ #endif #if ARDUINO_SIGNING -namespace BearSSL { +namespace esp8266 { extern UpdaterHashClass& hash; extern UpdaterVerifyClass& sign; } @@ -38,7 +38,7 @@ UpdaterClass::UpdaterClass() , _progress_callback(nullptr) { #if ARDUINO_SIGNING - installSignature(&BearSSL::hash, &BearSSL::sign); + installSignature(&esp8266::hash, &esp8266::sign); #endif } diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index 53c7f8a495..4c46af6af6 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -904,13 +904,18 @@ make_stack_thunk(br_ssl_engine_sendrec_buf); #endif +}; + #if ARDUINO_SIGNING -static PublicKey signPubKey(signing_pubkey); -static HashSHA256 __hash; -static SigningVerifier __sign(&signPubKey); +namespace { + static BearSSL::PublicKey signPubKey(signing_pubkey); + static BearSSL::HashSHA256 __hash; + static BearSSL::SigningVerifier __sign(&signPubKey); +}; -UpdaterHashClass& hash = __hash; -UpdaterVerifyClass& sign = __sign; +namespace esp8266 { + UpdaterHashClass& hash = __hash; + UpdaterVerifyClass& sign = __sign; +}; #endif -}; From e7232da7a6593a42cbed68c98de7e9aceb474489 Mon Sep 17 00:00:00 2001 From: "Dirk O. Kaar" Date: Sat, 17 Aug 2019 10:09:52 +0200 Subject: [PATCH 4/4] After review remarks by @earlephilhower --- cores/esp8266/Updater.cpp | 6 +++--- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cores/esp8266/Updater.cpp b/cores/esp8266/Updater.cpp index 152b183ef2..d6b6b621f5 100644 --- a/cores/esp8266/Updater.cpp +++ b/cores/esp8266/Updater.cpp @@ -11,8 +11,8 @@ #if ARDUINO_SIGNING namespace esp8266 { - extern UpdaterHashClass& hash; - extern UpdaterVerifyClass& sign; + extern UpdaterHashClass& updaterSigningHash; + extern UpdaterVerifyClass& updaterSigningVerifier; } #endif @@ -38,7 +38,7 @@ UpdaterClass::UpdaterClass() , _progress_callback(nullptr) { #if ARDUINO_SIGNING - installSignature(&esp8266::hash, &esp8266::sign); + installSignature(&esp8266::updaterSigningHash, &esp8266::updaterSigningVerifier); #endif } diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index 4c46af6af6..ffce2b00e4 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -908,14 +908,14 @@ make_stack_thunk(br_ssl_engine_sendrec_buf); #if ARDUINO_SIGNING namespace { - static BearSSL::PublicKey signPubKey(signing_pubkey); - static BearSSL::HashSHA256 __hash; - static BearSSL::SigningVerifier __sign(&signPubKey); + static BearSSL::PublicKey signingPubKey(signing_pubkey); + static BearSSL::HashSHA256 __signingHash; + static BearSSL::SigningVerifier __signingVerifier(&signingPubKey); }; namespace esp8266 { - UpdaterHashClass& hash = __hash; - UpdaterVerifyClass& sign = __sign; + UpdaterHashClass& updaterSigningHash = __signingHash; + UpdaterVerifyClass& updaterSigningVerifier = __signingVerifier; }; #endif