Add SSL Session capability to speed reconnections (#5160)

SSL Sessions enable most of the SSL handshake to be skipped when both
client and server agree to use them.  Add a BearSSLSession class and
an optional setting to the SSL client to enable this.

Note that SSL sessions are unrelated to HTTP sessions.  They are
ephemeral and only relate to the SSL parameters, not anything at
the HTTP protocol level.

libraries/ESP8266WiFi/src/BearSSLHelpers.h

@@ -119,4 +119,21 @@ class BearSSLX509List {
     br_x509_trust_anchor *_ta;
 };
 
+// Opaque object which wraps the BearSSL SSL session to make repeated connections
+// significantly faster.  Completely optional.
+namespace BearSSL {
+  class WiFiClientSecure;
+};
+
+class BearSSLSession {
+  friend class BearSSL::WiFiClientSecure;
+
+  public:
+    BearSSLSession() { memset(&_session, 0, sizeof(_session)); }
+  private:
+    br_ssl_session_parameters *getSession() { return &_session; }
+    // The actual BearSSL ession information
+    br_ssl_session_parameters _session;
+};
+
 #endif

libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp

@@ -72,6 +72,7 @@ void WiFiClientSecure::_clear() {
   _recvapp_len = 0;
   _oom_err = false;
   _deleteChainKeyTA = false;
+  _session = nullptr;
   _cipher_list = NULL;
   _cipher_cnt = 0;
 }
@@ -177,8 +178,11 @@ void WiFiClientSecure::setBufferSizes(int recv, int xmit) {
 
 bool WiFiClientSecure::stop(unsigned int maxWaitMs) {
   bool ret = WiFiClient::stop(maxWaitMs); // calls our virtual flush()
-  // Only if we've already connected, clear the connection options
+  // Only if we've already connected, store session params and clear the connection options
   if (_handshake_done) {
+    if (_session) {
+      br_ssl_engine_get_session_parameters(_eng, _session->getSession());
+    }
     _clearAuthenticationSettings();
   }
   _freeSSL();
@@ -865,7 +869,12 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
                                 _cert_issuer_key_type, br_ec_get_default(), br_ecdsa_sign_asn1_get_default());
   }
 
-  if (!br_ssl_client_reset(_sc.get(), hostName, 0)) {
+  // Restore session from the storage spot, if present
+  if (_session) {
+    br_ssl_engine_set_session_parameters(_eng, _session->getSession());
+  }
+
+  if (!br_ssl_client_reset(_sc.get(), hostName, _session?1:0)) {
     _freeSSL();
     return false;
   }

libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h

@@ -58,6 +58,9 @@ class WiFiClientSecure : public WiFiClient {
     bool flush(unsigned int maxWaitMs = 0) override;
     bool stop(unsigned int maxWaitMs = 0) override;
 
+    // Allow sessions to be saved/restored automatically to a memory area
+    void setSession(BearSSLSession *session) { _session = session; }
+
     // Don't validate the chain, just accept whatever is given.  VERY INSECURE!
     void setInsecure() {
       _clearAuthenticationSettings();
@@ -170,6 +173,10 @@ class WiFiClientSecure : public WiFiClient {
     bool _handshake_done;
     bool _oom_err;
 
+    // Optional storage space pointer for session parameters
+    // Will be used on connect and updated on close
+    BearSSLSession *_session;
+
     bool _use_insecure;
     bool _use_fingerprint;
     uint8_t _fingerprint[20];