Building firmware without SSL

All ESP8266 boards running MicroPython.
Official boards are the Adafruit Huzzah and Feather boards.
Target audience: MicroPython users with an ESP8266 board.
Post Reply
simonmcc
Posts: 12
Joined: Fri May 11, 2018 5:21 pm

Building firmware without SSL

Post by simonmcc » Mon Jul 01, 2019 8:02 am

Hi all,

I see a couple of older threads about disabling SSL, but no one seems to have exactly the same issue.

I dont need SSL, and I'm trying to build a smaller firmware as my project code is quite large; in the esp8266 port I modified the make file lines:
MICROPY_PY_USSL = 0
MICROPY_SSL_AXTLS = 0

but when I clean and build in the esp8266 directory, I get the following errors: (the only other things I've done are disable BTREE, removed some files (DHT etc) from the modules directory, and changed my heap size to 44)

Code: Select all

CC ../../extmod/moducryptolib.c
../../extmod/moducryptolib.c:84:5: error: unknown type name 'AES_CTX_IMPL'
     AES_CTX_IMPL ctx;
     ^
CC ../../extmod/modubinascii.c
../../extmod/moducryptolib.c: In function 'ucryptolib_aes_make_new':
../../extmod/moducryptolib.c:259:5: error: implicit declaration of function 'aes_initial_set_key_impl' [-Werror=implicit-function-declaration]
     aes_initial_set_key_impl(&o->ctx, keyinfo.buf, keyinfo.len, ivinfo.buf);
     ^
../../extmod/moducryptolib.c: In function 'aes_process':
../../extmod/moducryptolib.c:298:9: error: implicit declaration of function 'aes_final_set_key_impl' [-Werror=implicit-function-declaration]
         aes_final_set_key_impl(&self->ctx, encrypt_mode);
         ^
../../extmod/moducryptolib.c:313:17: error: implicit declaration of function 'aes_process_ecb_impl' [-Werror=implicit-function-declaration]
                 aes_process_ecb_impl(&self->ctx, in, out, encrypt);
                 ^
../../extmod/moducryptolib.c:319:13: error: implicit declaration of function 'aes_process_cbc_impl' [-Werror=implicit-function-declaration]
             aes_process_cbc_impl(&self->ctx, in_bufinfo.buf, out_buf_ptr, in_bufinfo.len, encrypt);
             ^
cc1: all warnings being treated as errors
CC ../../extmod/virtpin.c
../../py/mkrules.mk:47: recipe for target 'build/extmod/moducryptolib.o' failed
make: *** [build/extmod/moducryptolib.o] Error 1
make: *** Waiting for unfinished jobs....
make: *** wait: No child processes.  Stop.
I'm not sure if I'm doing something wrong, any pointers welcome

User avatar
jimmo
Posts: 791
Joined: Tue Aug 08, 2017 1:57 am
Location: Sydney, Australia

Re: Building firmware without SSL

Post by jimmo » Wed Jul 03, 2019 6:18 am

Try also setting

Code: Select all

#define MICROPY_PY_UCRYPTOLIB           (0)
Have a look at the 512k ESP8266 build. (ports/esp8266/mpconfigport_512k.h)

simonmcc
Posts: 12
Joined: Fri May 11, 2018 5:21 pm

Re: Building firmware without SSL

Post by simonmcc » Wed Jul 03, 2019 8:16 am

Thanks for that! It almost got me there, I then got this:

Code: Select all

CC build/frozen_mpy.c
LINK build/firmware.elf
build/py/objmodule.o:(.rodata.mp_builtin_module_weak_links_table+0x5c): undefined reference to `mp_module_ussl'
Makefile:191: recipe for target 'build/firmware.elf' failed
make: *** [build/firmware.elf] Error 1
So, I edited mpconfigport.h again and removed the line:

Code: Select all

{ MP_ROM_QSTR(MP_QSTR_ssl), MP_ROM_PTR(&mp_module_ussl) }, \
and then it built fine.

Thanks for the pointers, and the extra free memory :)

User avatar
ta1db
Posts: 35
Joined: Mon Sep 02, 2019 12:05 pm
Contact:

Re: Building firmware without SSL

Post by ta1db » Wed Sep 18, 2019 12:35 pm

I need the reverse !
I try to import necessary files and try upip with the hope upip also works on my boards :lol:
Loaded upip.py and upip_utarfile.py but this didn't work because of missing ussl module
My builds for NucleoF401re and Stm32F7DISC both doesn't have ussl.
I made my build by myself; how can I add the ussl if I build again?

User avatar
jimmo
Posts: 791
Joined: Tue Aug 08, 2017 1:57 am
Location: Sydney, Australia

Re: Building firmware without SSL

Post by jimmo » Wed Sep 18, 2019 1:19 pm

That's surprising - MICROPY_PY_USSL should be enabled in ports/stm32/boards/STM32F7DISC

The Nucleo F401RE doesn't have ethernet or wifi so it isn't enabled there.

User avatar
ta1db
Posts: 35
Joined: Mon Sep 02, 2019 12:05 pm
Contact:

Re: Building firmware without SSL

Post by ta1db » Fri Sep 20, 2019 11:42 am

jimmo wrote:
Wed Sep 18, 2019 1:19 pm
MICROPY_PY_USSL should be enabled in ports/stm32/boards/STM32F7DISC
Correct, when I built "v1.11-328-gd96391a on 2019-09-20; F7DISC with STM32F746" from micropython github ssl, ussl as well as webrepl and ucryptolib included.

However now lcdF7D and tchF7D don't exist; I try to learn how to include them at build phase. I appreciate hints and advise :lol:

User avatar
jimmo
Posts: 791
Joined: Tue Aug 08, 2017 1:57 am
Location: Sydney, Australia

Re: Building firmware without SSL

Post by jimmo » Fri Sep 20, 2019 12:18 pm

The lcd driver only exists in that other fork from forester3. Doesn't look like any of their changes to support the LCD were sent upstream.

I found this other thread relevant to the same thing and replied there -- viewtopic.php?f=3&t=4718&p=39582#p39582

Perhaps the easiest thing to do is to rebase forester3's fork onto micropython/micropython. That way you'll have all the latest micropython features, but also with forester3's changes (including the LCD driver).

(As I mentioned in the other thread, let me know if you want more detailed instructions on the rebase).

User avatar
ta1db
Posts: 35
Joined: Mon Sep 02, 2019 12:05 pm
Contact:

Re: Building firmware without SSL

Post by ta1db » Fri Sep 20, 2019 12:51 pm

@jimmo thank you very much for your advise, I am rather hardware origin, new to repository management with github, but learning.. I will try..

By the way upip worked flawlessly on STM32F7DISC , I tested the code here viewtopic.php?f=2&t=6970&p=39543&hilit=upip#p39543 with success.

manseekingknowledge
Posts: 60
Joined: Sun Oct 29, 2017 5:14 pm

Re: Building firmware without SSL

Post by manseekingknowledge » Tue Sep 24, 2019 8:35 pm

Using this post by @jimmo as guidance I did a bit of experimentation to see which flags could be disabled to reclaim some heap. This isn't an exhaustive list, but these were the only things I was able to disable to keep my program running as desired. Note the large bbs savings when MICROPY_PY_WEBREPL is set to 0:

Code: Select all

#define MICROPY_ENABLE_EMERGENCY_EXCEPTION_BUF (0) // Set to 0 to save 8 bytes bbs
#define MICROPY_PY_UCRYPTOLIB                  (1) // In Makefile set MICROPY_PY_USSL and MICROPY_SSL_AXTLS to 0 and in mpconfigport.h set MICROPY_PY_UCRYPTOLIB to 0 and also remove the line defining MP_QSTR_ssl from MICROPY_PORT_BUILTIN_MODULE_WEAK_LINKS to save 8 bytes bbs
#define MICROPY_PY_WEBREPL                     (0) // Set to 0 to save 520 bytes bbs
#define MICROPY_PY_OS_DUPTERM                  (1) // Set to 1 to save 8 bytes bbs

Post Reply