BearSSL panic on ESP8266 in rare conditions (#22017)

CHANGELOG.md

@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
 - Matter fixed UI bug when no endpoints configured
 - Zigbee extend timeout for MCU reboot from 5s to 10s
 - Matter fix when Rules are disabled
+- BearSSL panic on ESP8266 in rare conditions
 
 ### Removed
 

lib/lib_ssl/bearssl-esp8266/src/ec/ec_prime_i15.c

@@ -465,7 +465,7 @@ run_code(jacobian *P1, const jacobian *P2,
 	memcpy(t[P1x], P1->c, 3 * I15_LEN * sizeof(uint16_t));
 	memcpy(t[P2x], P2->c, 3 * I15_LEN * sizeof(uint16_t));
 
-	optimistic_yield(10000);
+	stack_thunk_yield();
 
 	/*
 	 * Run formulas.

lib/lib_ssl/bearssl-esp8266/src/rsa/rsa_i15_priv.c

@@ -141,7 +141,7 @@ br_rsa_i15_private(unsigned char *x, const br_rsa_private_key *sk)
 	mp = mq + 2 * fwlen;
 	memmove(mp, t1, fwlen * sizeof *t1);
 
-	optimistic_yield(10000);
+	stack_thunk_yield();
 
 	/*
 	 * Compute s2 = x^dq mod q.
@@ -152,7 +152,7 @@ br_rsa_i15_private(unsigned char *x, const br_rsa_private_key *sk)
 	r &= br_i15_modpow_opt(s2, sk->dq, sk->dqlen, mq, q0i,
 		mq + 3 * fwlen, TLEN - 3 * fwlen);
 
-	optimistic_yield(10000);
+	stack_thunk_yield();
 
 	/*
 	 * Compute s1 = x^dq mod q.
@@ -184,7 +184,7 @@ br_rsa_i15_private(unsigned char *x, const br_rsa_private_key *sk)
 	br_i15_decode_reduce(t1, sk->iq, sk->iqlen, mp);
 	br_i15_montymul(t2, s1, t1, mp, p0i);
 
-	optimistic_yield(10000);
+	stack_thunk_yield();
 
 	/*
 	 * h is now in t2. We compute the final result:

lib/lib_ssl/bearssl-esp8266/src/t_inner.h

@@ -2598,16 +2598,16 @@ br_cpuid(uint32_t mask_eax, uint32_t mask_ebx,
 
   #define _debugBearSSL (0)
   #ifdef ESP8266
-    extern void optimistic_yield(uint32_t);
+    extern void stack_thunk_yield(void);
   #else
-    #define optimistic_yield(ignored)
+    #define stack_thunk_yield(ignored)
   #endif
   #ifdef __cplusplus
   }
   #endif
 
 #else
-  #define optimistic_yield(ignored)
+  #define stack_thunk_yield(ignored)
 #endif
 
 #ifdef ESP32

lib/lib_ssl/tls_mini/src/StackThunk_light.cpp

@@ -35,6 +35,9 @@
 
 extern "C" {
 
+extern void yield();
+extern bool can_yield();
+
 uint32_t *stack_thunk_light_ptr = NULL;
 uint32_t *stack_thunk_light_top = NULL;
 uint32_t *stack_thunk_light_save = NULL;  /* Saved A1 while in BearSSL */
@@ -48,6 +51,25 @@ uint32_t stack_thunk_light_refcnt = 0;
 #endif
 #define _stackPaint 0xdeadbeef
 
+void stack_thunk_yield()
+{
+    if (can_yield()) {
+        uint32_t tmp;
+        register uint32_t* save __asm__("a3") = stack_thunk_light_save;
+
+        __asm__ __volatile__ (
+            "mov.n %0, a1\n\t"
+            "mov.n a1, %1\n\t"
+        : "=r"(tmp) : "r"(save) : "memory");
+
+        yield();
+
+        __asm__ __volatile__ (
+            "mov.n a1, %0\n\t"
+        :: "r"(tmp) : "memory");
+    }
+}
+
 /* Add a reference, and allocate the stack if necessary */
 void stack_thunk_light_add_ref()
 {

lib/lib_ssl/tls_mini/src/StackThunk_light.h

@@ -32,6 +32,8 @@
 extern "C" {
 #endif
 
+extern void stack_thunk_yield();
+
 extern void stack_thunk_light_add_ref();
 extern void stack_thunk_light_del_ref();
 extern void stack_thunk_light_repaint();