1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-24 07:13:45 +03:00
Commit Graph

7 Commits

Author SHA1 Message Date
Zakary Kamal Ismail
032db6fc81 WiFiServerSecure: Cache SSL sessions (#7774)
* WiFiServerSecure: Cache the SSL sessions

* Add SSL session caching to HTTPS server examples

* Document server SSL session caching

* Fix an incomplete sentence in the documentation

* Document BearSSL::Session

* Use the number of sessions instead of the buffer size in ServerSessions' constructors
2020-12-21 21:13:43 -08:00
M Hightower
8b662ed3b3 PoC cache configuration control (#7060)
* PoC cache configuration control

Expaned boards.txt.py to allow new MMU options and create revised .ld's
Updated eboot to pass 48K IRAM segments.
Added Cache_Read_Enable intercept to modify call for 16K ICACHE
Update platform.txt to pass new mmu options through to compiler and linker preprocessor.
Added quick example: esp8266/MMU48K

* Style corrections
Added MMU_ qualifier to new defines.
Moved changes into their own file.
Don't know how to fix platformio issue.

* Added detailed description for Cache_Read_Enable.
Updated tools/sizes.py to report correct IRAM size and indicate ICACHE size.
Merged in earlephilhower's work on unaligned exception. Refactored and added
support for store operations and changed the name to be more closely aligned
with its function. Improved crash reporting path.

* Style and MMU_SEC_HEAP corrections.

* Improved asm register usage.
Added some inline functions to aid in byte and short access to iRAM.
 * only byte read has been tested
Updated .ld file to work better with platform.io; however, I am still
missing some steps, so platformio will still fail.

* Interesting glitch in boards.txt after github merge. A new board in
master was missing new additions added by boards.txt.py in the PR.
Which the CI flags when it rebuilds boards.txt.

* Support for 2nd Heap, excess IRAM, through umm_malloc.

Adapted changes to umm_malloc, Esp.cpp, StackThunk.cpp,
WiFiClientSecureBearSSL.cpp, and virtualmem.ino to irammem.ino from
@earlephilhower PR #6994.

Reworked umm_malloc to use context pointers instead of copy context.
umm_malloc now supports allocations from IRAM. Added class
HeapSelectIram, ... to aid in selecting alternate heaps,
modeled after class InterruptLock.
Restrict alloc request from ISRs to DRAM.

Never ending improvements to debug printing.

Sec Heap option now pulls in free IRAM left over in the 1st 32K block.
Managed through umm_malloc with HeapSelectIram.

Updated examples.

* Post push CI cleanup.

* Cleanup part II

* Cleanup part III

* Updates to support platformio, maybe.

* Added exception C wrapper replacement.

* CI Cleanup

* CI Cleanup II

Don't know what to do with platformio it doesn't like my .S file.
ifdef out USE_ISR_SAFE_EXC_WRAPPER to block the new assemlby module
from building on platformio only.

* Changes to exc-c-wrapper-handler.S to assemble under platformio.

* For platformio, Correction to toolchain-xtensa include path.
@mcspr, Thankyou!

* Temporarily added --print-memory-usage to ld parameters for cross-checking IRAM size.

* undo change to platform.txt

* correct merge conflict. take 1

* Fixed #if... for building umm_get_oom_count. It was not building when UMM_STATS_FULL was used.

* Commented out XMC support. Compatibility issues with PoC when using 16K ICACHE.

* Corrected size.py, DRAM bracketing changed to not include ICACHE with DRAM total.

* Added additional _context for support of use of UMM_INLINE_METRICS.
Corrected some UMM_POSION missed edits.

* Changes to clear errors and warnings from toolchain 10.1

Several fixes and improvements to example MMU48K.

With the improved optimization in toolchain 10.1 The example divide by 0
exception was failing with a HWDT event instead of its exception handler.
The compiler saw the obscured divide by 0 and replaced it with a break point.

* Isolated incompatable definitions related to _xtos_set_exception_handler.
GDBSTUB definitions are different from the BootROM's.

* Update tools/platformio-build.py

Co-authored-by: Max Prokhorov <prokhorov.max@outlook.com>

* Requested changes

Changed mmu related usages of ETS_... defines to DBG_MMU_...

Cleanup in example MMU48K.ino. Removed stale memory reference macro
and mmu_status print statement. Cleanup printf '\n' to be '\r\n'.

Improved issolation of development debug prints from the rest of the debug prints.

* Corrected comment. And added missing include.

* Improve comment.

* style and comment correction

* Added draft mmu.rst file and updated index.
Updated example HeapMetric.ino to also illustrate use of IRAM
Improved comments in exc-c-wrapper-handler.S. Added insurance IRQ disable.

* Updated mmu.rst

Improved function name uniqueness for is_iram, is_dram, and is_icache by
adding prefix mmu_. Also, made them available outside of a debug build.
Made pointer precision width more specific.

Made some of the static inline functions in mmu_irm.h safe for ISRs by
setting then for always inline.

* Add a default MMU_IRAM_SIZE value for a new CI test to pass.

Extended use 'umm_heap_context_t *_context' argument in ..._core functions
and expanded its usage to reduce unnecessary repeated calls to
umm_info(NULL, false), also removed recursion from umm_info(NULL, true).

Fixed stack buffer length in umm_info_safe_printf_P and heap.cpp.

Added example for creating an IRAM reserve section.

Updated mmu.rst. Grammar and spelling corrections.

* CI appeasement

* CI appeasement with comment correction.

* Ensure SYS always runs with DRAM Heap selected.

* Add/move heap stack overflow/underflow check to Esp.cpp where the event was discarded.

* Improved comment clarity of purpose for IramReserve.ino. Clean up MMU48K.ino

* Added missing #include

* Corrected usage of warning

* CI appeasement and use #message not #pragma message

* Updated git version of eboot.elf to match build version.
Good test catch.

* Remove conditional build option USE_ISR_SAFE_EXC_WRAPPER, always install.

Use the replacement wrapper on non32xfer_exception_handler install.

Added comments to code describing some exception handling issues.

* Updated mmu.rst

* Expanded and clarified comments.

Limited access to some detailed typdefs/prototypes to .cpp
modules, to avoid future build conflicts.

Completed TODO for verifing that the "C" structure struct __exception_frame
matches the ASM version.

Fixed some typo's, code rot, and added some more cases in examaple irammem.ino.
Refactored a little and reordered printing to ease comparison between methods.

Corrected `#ifdef __cplusplus` coverage area. Cleaned up `extern "C" ...` usage.
Fixes issues with including mmu_iram.h or esp8266_undocumented.h in .c files.

* Style fixes and more cleanup

* Style fix

* Remove unnessasary IRAM_ATTR from install_non32xfer_exception_handler

Some comment tuning.

In the context of _xtos_set_exception_handler and the functions it registers,
changed to type int for exception cause type. This is also the type used by gdbstub
and some other Xtensa files I found.
2020-12-06 14:15:42 +01:00
Earle F. Philhower, III
7036297920 Convert ESP8266WebServer* into templatized model (#5982)
* Convert ESP8266WebServer* into templatized model

Supercedes #4912

Refactor the three versions of ESP8266WebServer and *WebServerSecure to a
single templated class. Use "using" to enable old, non-templated names to b
used (so no user changes required to compile or run).

Fixes #4908 and clean up the code base a lot.

Basic tests run (the ones in the example code).

No code changes are required in userland except for setting the SSL
certificates which now use a cleaner "getServer()" accessor and lets the
app use the native BearSSL calls on the WiFiClientSecure object.

@devyte should be proud, it removes virtuals and even has template specialization...

* Fix HTTPUpdate templates and examples

* Fix HTTPUpdateServer library build

Need to remove dot-a linkage since there are no .cpp files in the
directory anymore due to templates.

* Provide backward-compat names for updt template

Allow existing code to use the same well known names for
HTTPUpdateSecure.

* Remove ClientType from all templates, auto-infer

Remove the ClientType template parameter from all objects.  Simplifies
the code and makes it more foolproof.

Add a "using" in each server to define the type of connection returned
by all servers, which is then used in the above templates automatically.

* Can safely include FS.h now that SD/SPIFFS unified

* Move the templates/objects to their own namespaces

* Fix merge issues with untemplated methods

* Address review comments

* Fix mock test, remove warnings inside test dir

Make the simple mock test CI job pass and clean up
any spurious warnings in the test directory.

There still are warnings in the libraries and core, but they
should be addressed in a separate PR.
2019-07-04 10:58:22 +02:00
Develo
e9d052c621 WIP - Update ArduinoOTA and examples with MDNS.update() calls (#5494)
* ArduinoOTA: allow use without MDNS, add MDNS.update() in handle()

* Update examples with MDNS.update() in loop

* Update CaptivePortalAdvanced.ino

Fix typo

* Update CaptivePortalAdvanced.ino

astyle

* Update Arduino_Wifi_AVRISP.ino

astyle
2018-12-14 03:29:32 -03:00
david gauchard
92373a9837 Deprecate axTLS, update examples (#5366)
* update examples

* fix serial<->tcp example, use STASSID instead of SSID (name collision)

* fix HTTPSRequest.ino

* update AxTLS HTTPS examples, update AxTLS API to deprecated

* fixes

* fixes + fix astyle (no preproc directives) + restyling script

* fix HTTPClient library

* fixes

* common.sh: do not reload arduino when already present (for locally CI testing)

* common.sh: do not reload ArduinoJson when already present (for locally CI testing)

* fix

* fix

* fix deprecated example

* fix WiFiHTTPSServer.ino

* reduce footprint

* wipfix

* fix led builtin

* fix example

* finished updating APSSID on all examples

* style

* restyle examples

* helper to run CI test locally

* local CI runner more verbose

* +const

* deprecation deprecation

* deprecation

* Update NTPClient.ino

const char[] => const char *

* Update interactive.ino

const char[] => const char *
2018-11-29 20:49:27 -08:00
Earle F. Philhower, III
233d3e3b5e Move BearSSLHelpers into BearSSL namespace (#5315)
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created.  Move them to the proper
namespace with the following mapping:
    BearSSLX509List => BearSSL::X509List
    BearSSLSession => BearSSL::Session
    BearSSLPublicKey => BearSSL::PublicKey
    BearSSLPrivateKey => BearSSL::PrivateKey
2018-11-06 19:27:40 -08:00
Earle F. Philhower, III
e3c970210f Add BearSSL client and server, support true bidir, lower memory, modern SSL (#4273)
BearSSL (https://www.bearssl.org) is a TLS(SSL) library written by
Thomas Pornin that is optimized for lower-memory embedded systems
like the ESP8266. It supports a wide variety of modern ciphers and
is unique in that it doesn't perform any memory allocations during
operation (which is the unfortunate bane of the current axTLS).

BearSSL is also absolutely focused on security and by default performs
all its security checks on x.509 certificates during the connection
phase (but if you want to be insecure and dangerous, that's possible
too).

While it does support unidirectional SSL buffers, like axTLS,
as implemented the ESP8266 wrappers only support bidirectional
buffers. These bidirectional buffers avoid deadlocks in protocols
which don't have well separated receive and transmit periods.

This patch adds several classes which allow connecting to TLS servers
using this library in almost the same way as axTLS:
BearSSL::WiFiClientSecure - WiFiClient that supports TLS
BearSSL::WiFiServerSecure - WiFiServer supporting TLS and client certs

It also introduces objects for PEM/DER encoded keys and certificates:
BearSSLX509List - x.509 Certificate (list) for general use
BearSSLPrivateKey - RSA or EC private key
BearSSLPublicKey - RSA or EC public key (i.e. from a public website)

Finally, it adds a Certificate Authority store object which lets
BearSSL access a set of trusted CA certificates on SPIFFS to allow it
to verify the identity of any remote site on the Internet, without
requiring RAM except for the single matching certificate.
CertStoreSPIFFSBearSSL - Certificate store utility

Client certificates are supported for the BearSSL::WiFiClientSecure, and
what's more the BearSSL::WiFiServerSecure can also *require* remote clients
to have a trusted certificate signed by a specific CA (or yourself with
self-signing CAs).

Maximum Fragment Length Negotiation probing and usage are supported, but
be aware that most sites on the Internet don't support it yet.  When
available, you can reduce the memory footprint of the SSL client or server
dramatically (i.e. down to 2-8KB vs. the ~22KB required for a full 16K
receive fragment and 512b send fragment).  You can also manually set a
smaller fragment size and guarantee at your protocol level all data will
fit within it.

Examples are included to show the usage of these new features.

axTLS has been moved to its own namespace, "axtls".  A default "using"
clause allows existing apps to run using axTLS without any changes.

The BearSSL::WiFi{client,server}Secure implements the axTLS
client/server API which lets many end user applications take advantage
of BearSSL with few or no changes.

The BearSSL static library used presently is stored at
https://github.com/earlephilhower/bearssl-esp8266 and can be built
using the standard ESP8266 toolchain.
2018-05-14 20:46:47 -07:00