The latest commit for moving all EC in PROGMEM generates a crash (exception 3) when using a Private Key with P256r1 curve.

Doing trial and error, I narrowed down the issue to ec_secp256r1.c, only on the P256_N[] array. The crash disappears when I remove the PROGMEM attribute to P256_N[].

Found! Analysing the call stack, I found the problem.

File: ecdsa_i15_sign_raw.c, line 150: (change memcpy to memcy_P):

memcpy_P(tt, cd->order, nlen);

By the way there is a problem in the stack dump, maybe linked to ThunkStack. The caller was hidden by the offset, it seems the right offset in core_esp8266_postmortem.cpp should be 0xA0 instead of 0x1A0

    else if (rst_info.reason == REASON_EXCEPTION_RST) {
        offset = 0xa0;

Thanks, @s-hadinger ! I've merged both your changes and will update BearSSL on the Arduino after more testing.

As for the stack decode, I'll need to look at it some more. The bearssl stack is nothing special so I think it should not have any difference in offsets vs. the main CONT stack so while I see you point, there may be something more subtle afoot...