Only minor updates to headers and no functionality change on the
portions that we use in the ESP8266.
@Teddyz reported random crashes while running against a local MQTT
server and was able to report stack usages of up to 6136 bytes.
Increase the SSL stack to a little more than that, once again.
* Upgrade to 2.5.0-4 toolchain w/improved pgm_read_x
Rebuild the entire toolchain (including standard libraries) with the
latest pgm_read_xxx headers included (which fix unaligned dword reads
from progmem and run faster/smaller, and a pgm_read_byte change which
removes an instruction on each read saving flash).
Pull in latest bearssl while we're at it, too, which speeds up EC
handshakes and reduced ROM usage, too.
* Fix C++ exceptions
Exception code now only does 32b aligned reads from progmem to access
the eh_table (some via -mforce-l32, some via hand-inserted pgm_read_x
macros).
Fixes#6151Fixes#6305Fixes#6198
Undo the BearSSL RODATA->PROGMEM changes because there are some bad
performance regressions in EC server operations which can result in
timeouts and WDTs.
Keep the shrunked bearssl.a library as that is orthogonal to the PROGMEM
changes.
Rewrite all the integer math operations with const input parameters to
use PROGMEM properly (pgm_read_xx or memcpy_P), and move all the EC
order and generators and SHA OIDs to PROGMEM.
This frees around 1.2KB of heap for any SSL applications.
Also delete unneeded objects from the bearssl.a library to shrink the
GIT repo size.
Move additional constants to flash and use _P/pgm_read routines to
access them. Minimal runtime impact, but remove variables from RODATA
and gives addition 484 bytes of heap to SSL applications.
Fixes#6005
Fixes#5996
* Add extensions to probe message for EC, others
probeMFLN was failing on some connection attempts to servers which only
supported EC based ciphers because it did not include the proper TLS
handshake extensions to list what kinds of ECs it supported.
Add those to the probeMFLN ClientHello message to make probes pass.
* Add client.getMFLNStatus method, returns MFLN state
After a connection it is useful to check whether MFLN negotiation
succeeded. getMFLNStatus returns a bool (valid only after
client.connect() succeeds, of course) indicating whether the requested
buffer sizes were negotiated successfully.
There is a bug in the BearSSL PEM decoder when Windows EOLs (\r\n) are
passed in. Avoid the issue by silenly discarding \rs as they are read
from the PEM source in the C code, to keep my sanity by avoiding reworking
the pseudo-Forth parser code.
Fixes#5591
Remove the -fno-jump-tables since the new toolchain places these tables
in ROM now. Rebuild using the toolchain. Saves 1-3KB of flash and
has 0 RAM impact plus may make certain bits marginally faster by using
a LUT instead of a if-else-else chain.
* WIP compile examples on host with 'make examples'
* WIP bufferize tcp input
* WIP Makefile
* WIP network to rework, tcp/udp to factorize, udp addresses broken
* minor changes to the core
* WIP basic udp working
* WIP mdns
* WIP mcast receiving, not sending
* WIP mdns OK
* beta version
* SSL + doc
* update travis host test command
* licenses
* typo
* doc: arduino builder is not around: declare functions before calling them
* fix with latest SSL PR, compile in 32 bits mode
* fix make clean
* make -m32 optional
* 32bits compiler ability tester
* WIP
* WIP (fix 1 vtable error, still another one to hunt with using spiffs)
* example astyle
* fix os_printf_plus
* load / save mock spiffs
* fix style
* fix using spiffs/mock
* don't mess ram
* update doc
* remove leftover
* optimization -Os except for CI, rename ARCH32 to FORCE32
* revert useless cast (not even compiled)
* remove unused function
* use proper type for pointer arithmetics
* makefile: sketch object and cpp file moved to bin/ directories
easier to clean, and IDE don't like them
* changes for review
* make use of %zd
* less verbose makefile by default (option)
* update readme
* Update to BearSSL 0.6+ release, add AES_CCM modes
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options.
* Enable the aes_ccm initialization in client/server
* Initial attempt
* Working code with second stack thunking
* Remove #ifdefs in .S file, not needed.
* Clean up thunks and remove separate stack flag
* Fix PIO assembler errors
* Remove #ifdef code changes, ensure same code as PC
Remove "#ifdef ESP8266;...;#else;...;#endif" brackets in BearSSL to
ensure the host-tested code is the same as the ESP8266-run code.
* Move to latest BearSSL w/EC progmem savings
* Merge with master
* Add br_thunk_* calls to do ref counting, painting
Add reference counting br_thunk_add/del_ref() to replace stack handling code
in the class.
Add in stack painting and max usage calculation.
* Add in postmortem stack dump hooks
When a crash occurs while in the second stack, dump the BSSL stack and
then also the stack that it was called from (either cont or sys).
* Update stack dump to match decoder expectations
* Move thunk to code core for linkiage
The thunk code needs to be visible to the core routines, so move it to the
cores/esp8266 directory. Probably need to refactor the stack setup and the
bearssl portion to avoid dependency on bearssl libs in cores/esp8266
* Add 2nd stack dump utility routine
* Refactor once more, update stack size, add stress
Make stack_thunks generic, remove bearssl include inside of cores/esp8266.
Allocate the stack on a WiFiServerSecure object creation to avoid
fragmentation since we will need to allocate the stack to do any
connected work, anyway.
A stress test is now included which checks the total BearSSL second
stack usage for a variety of TLS handshake and certificate options
from badssl.org.
* Update to latest to-thunks branch
* Add BearSSL device test using stack stress
Run a series of SSL connection and transmission tests that stress
BearSSL and its stack usage to the device tests.
Modify device tests to include a possible SPIFFS generation and
upload when a make_spiffs.py file is present in a test directory.
* Use bearssl/master branch, not /to-thunks branch
Update to use the merged master branch of bearssl. Should have no code
changes.
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options. Enable the aes_ccm initialization in client/server
The EC mul20 and square20 code was identical in two different files,
but because these copies were static, we ended up with an extra 6k of
duplicated code. Updated BearSSL to make them shared, saving 6KB.
