* WIP compile examples on host with 'make examples'
* WIP bufferize tcp input
* WIP Makefile
* WIP network to rework, tcp/udp to factorize, udp addresses broken
* minor changes to the core
* WIP basic udp working
* WIP mdns
* WIP mcast receiving, not sending
* WIP mdns OK
* beta version
* SSL + doc
* update travis host test command
* licenses
* typo
* doc: arduino builder is not around: declare functions before calling them
* fix with latest SSL PR, compile in 32 bits mode
* fix make clean
* make -m32 optional
* 32bits compiler ability tester
* WIP
* WIP (fix 1 vtable error, still another one to hunt with using spiffs)
* example astyle
* fix os_printf_plus
* load / save mock spiffs
* fix style
* fix using spiffs/mock
* don't mess ram
* update doc
* remove leftover
* optimization -Os except for CI, rename ARCH32 to FORCE32
* revert useless cast (not even compiled)
* remove unused function
* use proper type for pointer arithmetics
* makefile: sketch object and cpp file moved to bin/ directories
easier to clean, and IDE don't like them
* changes for review
* make use of %zd
* less verbose makefile by default (option)
* update readme
* Update to BearSSL 0.6+ release, add AES_CCM modes
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options.
* Enable the aes_ccm initialization in client/server
* Initial attempt
* Working code with second stack thunking
* Remove #ifdefs in .S file, not needed.
* Clean up thunks and remove separate stack flag
* Fix PIO assembler errors
* Remove #ifdef code changes, ensure same code as PC
Remove "#ifdef ESP8266;...;#else;...;#endif" brackets in BearSSL to
ensure the host-tested code is the same as the ESP8266-run code.
* Move to latest BearSSL w/EC progmem savings
* Merge with master
* Add br_thunk_* calls to do ref counting, painting
Add reference counting br_thunk_add/del_ref() to replace stack handling code
in the class.
Add in stack painting and max usage calculation.
* Add in postmortem stack dump hooks
When a crash occurs while in the second stack, dump the BSSL stack and
then also the stack that it was called from (either cont or sys).
* Update stack dump to match decoder expectations
* Move thunk to code core for linkiage
The thunk code needs to be visible to the core routines, so move it to the
cores/esp8266 directory. Probably need to refactor the stack setup and the
bearssl portion to avoid dependency on bearssl libs in cores/esp8266
* Add 2nd stack dump utility routine
* Refactor once more, update stack size, add stress
Make stack_thunks generic, remove bearssl include inside of cores/esp8266.
Allocate the stack on a WiFiServerSecure object creation to avoid
fragmentation since we will need to allocate the stack to do any
connected work, anyway.
A stress test is now included which checks the total BearSSL second
stack usage for a variety of TLS handshake and certificate options
from badssl.org.
* Update to latest to-thunks branch
* Add BearSSL device test using stack stress
Run a series of SSL connection and transmission tests that stress
BearSSL and its stack usage to the device tests.
Modify device tests to include a possible SPIFFS generation and
upload when a make_spiffs.py file is present in a test directory.
* Use bearssl/master branch, not /to-thunks branch
Update to use the merged master branch of bearssl. Should have no code
changes.
Fix link to WiFiEvents
Add note about WiFiClients and WiFiServers going down when a WiFi interface goes down, and that it's the user's responsibility to bring them back up.
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
* update HTTPClient API usage
skip the second POST as end() has different semantics and nulls the client pointer
use bearssl in ssl tests
add delay in python side when shutting down http web server so MacOS does not complain about address already in use
* fix crash if GET/POST was called after end() without a new begin()
update double POST test to insure no crash if POST called after end()
test now are for both AxTLS and BearSSL
* fix small comment typo
The ISR could end up writing a 0 to a GPIO that had previously been
stopped, effectively overwriting user writes to those pins. Fix to
only actually disable and write when a pin was enabled and times out.
Fixes#5306
Apply patches developed by Sze Yiu Chau <schau@purdue.edu> which
correct a vulnerability in X509 parsing.
See CVE-2018-16150 and CVE-2018-16149 for more info.
CA certification validation was broken by a change put in during warning
cleanup a long time ago. This binary now includes the 1-line correction
and HTTPSRequestCACert now works again (before was failing
because the key usages in certs were not properly read).
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
* Removed unnecessary code
* Correcting bad fix for #5216
* Minor formatting to pass Travis tests
* Changed client * to std::unique_ptr<> client
* Updated example
Fix bug introduced by #5167 which replaced delay() by yield().
That should have been esp_yield() which is the one delay()
calls and is safe from either SYS or CONT contexts.
Fixes#5237.
* fix parseArgument
* remove recursion
* keep variable naming style consistent
* inviting Alexa
* fix alexa fix (well, trying...)
* fix pos substrings
key_end_pos--;
dont count down here, it will cut of every key by -1 ("save" will be "sav") (substring (end = up to, but not including, so no need to -1)
Parsing cpp L329
arg.value = urlDecode(data.substring(equal_index + 1, next_index - 1));
=> -1 is too less for substring (substring (end = up to, but not including, so no need to -1)
* alexa invite: add workaround for malformed x-www-form-urlencoded
* when !form, alway add content in key "plain"
* fix memleak
* parse arguments: use functors
* cleaning
* Make stopWaveform call interrupt callable
Match the behavior of pre-2.4.2 PWM by allowing stopWaveform to be
called from an interrupt.
Fixes#5247
* Move to O2, save ~500 bytes of code
The actual runtime difference of -O2 vs -O3 is quite small, but -O3
takes ~500 more bytes of code (~300 more in IRAM, ~200 more in PMEM).
* Update debugging.rst
PLEASE REVIEW
The current link definitely points to the wrong line, where there's nothing remotely resembling a list of DEBUG_ESP_* definitions. There's not an actual "full list" in the whole boards.txt really, but this is the closest thing that can be found in that file.
Some additional explanation is needed though, unless there is an actual list somewhere else.
* Update debugging.rst
requested change
* Removed _client->stop() from destructor; some minor changes
* Changed BasicHttpsClient.ino to allocate BearSSL::WiFiClientSecure object on the heap in stead of stack
Allow the unused stack to be reset to the check value at any time in
the application, allowing for delta-stack calculations to be done.
Add ESP.resetFreeContStack() class method for general use.
Add in some dumping in the BearSSL_Validation example to show the
usage for those that care.
* update to lwIP-2.1.0rc1: partial SACK support
fix#4176
* hash fix
* get some flash back due to mistake in conf (fragmentation & reassembly was incorrectly enabled)
(ahah I scared you)
* add missing include files
* update to lwip-2.1.0(release) + remove unused lwIP's include files
* lwIP release 2.1.0, SACK is now default, bigger, no-SACK is selectable
* fix ldscript
* pio
* rename 'sack' option to 'feat'ure option, + IP fragmentation/reassembly
* merge, fix pio
* change internal/hidden string
* pio: more lwip2 configuration: + without sack for no change in flash footprint
* fwupdate
* fw update to latest version:
WPA working, WEP+Open disabled by default. Need API change.
* helpers to follow sdk updates
* remove compare scripts - made a separate PR for them
* add wep api, restore original espressif comment (wep enabled does not prevent wpa)
* libmain was not up to date
* experimental: DTIM setting in WiFi.setSleepMode(WIFI_LIGHT/MODEM_SLEEP, DTIM-value)
with new getter: .getListenInterval() / .isSleepLevelMax()
* fixes
* fix debug message
* when not using listenInterval, set wifi sleep level to min
* update documentation
* update doc
Make HTTPClient take a WiFiClient parameter, allowing you to pass in a
simple HTTP WiFiClient or a BearSSL or axTLS WiFiClientSecure with
any desired verification options. Deprecate the older, TLSTraits methods.
Add basic HttpsClient example.
Add optional LED feedback to the Update class
This speeds up the ESP8266WebServer::streamFile more than 3 times. Tested on streaming the 800+ Kb file from SD (FAT32), average time without a fix was 9000 ms, with the fix is 2600 ms (maximal possible SPI speed used), which is as fast as streaming the same file from internal SPIFFS. Hardware: WeMos D1 mini.
If the server returns several headers of the same key (e.g Set-Cookie) only the last one is returned, causing issues in communicating with some servers where cookies are required.
This change concatenates the headers of the same key separated by "," to alleviate this issue.
Print a warning when in debug mode when a BearSSL connection tries to
connect without having any defined authentication methods, since it will
fail.
Completely remove the empty axTLS compatibilty method
"::verify(char *fp, char *name)" because it can't be done w/BearSSL w/o
user code changes, and always failed. Better to have a compile failure
when we know at compile time the app won't do what is expected.
Completes the changes started by @d-a-v in PR #4833
