1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-06-10 14:42:08 +03:00
Commit Graph

168 Commits

Author SHA1 Message Date
85e68093e9 Automatic stack location selection (SYS or HEAP), enable per library AR-chive in arduino build system (#5018)
Automatic stack location selection (SYS or HEAP), enable per library AR-chive in arduino build system 

* enable dot_a_linkage on internal libraries
* add device tests
* boards generator: deprecate --noextra4k/--allowWPS and fix documentation
2018-08-20 14:35:52 +02:00
56b98fd4df Move all PROGMEM to their own section (#5048)
According to the GCC man page, __section__ attributes should only be used
for global variables.  However, the PROGMEM and ICACHE_RODATA macros use
this variable decorator even for local variables.  Most of the time it works,
but when a static or inlined function tries to use a PROGMEM/PSTR/etc.
variable the compiler can throw an error like:
  error: XXX causes a section type conflict with YYY

Change the PROGMEM macro to emit a section name that is unique (a combo
of the file, line, and counter variables to ensure uniqueness).  The
standard linker script will place them properly in .IROM without
any changes.

Fixes #5036 and others.
2018-08-15 11:46:13 -03:00
e3c970210f Add BearSSL client and server, support true bidir, lower memory, modern SSL (#4273)
BearSSL (https://www.bearssl.org) is a TLS(SSL) library written by
Thomas Pornin that is optimized for lower-memory embedded systems
like the ESP8266. It supports a wide variety of modern ciphers and
is unique in that it doesn't perform any memory allocations during
operation (which is the unfortunate bane of the current axTLS).

BearSSL is also absolutely focused on security and by default performs
all its security checks on x.509 certificates during the connection
phase (but if you want to be insecure and dangerous, that's possible
too).

While it does support unidirectional SSL buffers, like axTLS,
as implemented the ESP8266 wrappers only support bidirectional
buffers. These bidirectional buffers avoid deadlocks in protocols
which don't have well separated receive and transmit periods.

This patch adds several classes which allow connecting to TLS servers
using this library in almost the same way as axTLS:
BearSSL::WiFiClientSecure - WiFiClient that supports TLS
BearSSL::WiFiServerSecure - WiFiServer supporting TLS and client certs

It also introduces objects for PEM/DER encoded keys and certificates:
BearSSLX509List - x.509 Certificate (list) for general use
BearSSLPrivateKey - RSA or EC private key
BearSSLPublicKey - RSA or EC public key (i.e. from a public website)

Finally, it adds a Certificate Authority store object which lets
BearSSL access a set of trusted CA certificates on SPIFFS to allow it
to verify the identity of any remote site on the Internet, without
requiring RAM except for the single matching certificate.
CertStoreSPIFFSBearSSL - Certificate store utility

Client certificates are supported for the BearSSL::WiFiClientSecure, and
what's more the BearSSL::WiFiServerSecure can also *require* remote clients
to have a trusted certificate signed by a specific CA (or yourself with
self-signing CAs).

Maximum Fragment Length Negotiation probing and usage are supported, but
be aware that most sites on the Internet don't support it yet.  When
available, you can reduce the memory footprint of the SSL client or server
dramatically (i.e. down to 2-8KB vs. the ~22KB required for a full 16K
receive fragment and 512b send fragment).  You can also manually set a
smaller fragment size and guarantee at your protocol level all data will
fit within it.

Examples are included to show the usage of these new features.

axTLS has been moved to its own namespace, "axtls".  A default "using"
clause allows existing apps to run using axTLS without any changes.

The BearSSL::WiFi{client,server}Secure implements the axTLS
client/server API which lets many end user applications take advantage
of BearSSL with few or no changes.

The BearSSL static library used presently is stored at
https://github.com/earlephilhower/bearssl-esp8266 and can be built
using the standard ESP8266 toolchain.
2018-05-14 20:46:47 -07:00
42f824b2e4 Fix WebServerSecure streamFile() (#4545)
* Fix WebServerSecure streamFile()

ESP8266WebServerSecure's streamFile was using the base class' method
which did not use SSL encrypt before transmitting, leading to failure.

Add a new template method and required support for
WiFiClientSecure::write(Stream&) (using a local temp buffer since the
SSL libs do not grok Arduino Streams at all).

Fixes #4544

* Match ClientContext buffer and yield() behavior

ClientContext sends out 256 bytes at a time and gives a yield after
each chunk to ensure the WDT doesn't fire.  Mimic that behavior in
WiFiClientSecure::write(Stream&).
2018-03-22 00:53:37 -03:00
61cd8d8385 examples: format all .ino files
This formats all the example source files using Arduino style rules.
2018-03-08 14:32:06 +08:00
f9ac524b13 Add -Werror to acceptance builds for C and CPP (#4369)
Use platform.local.txt to add -Werror to GCC for the build of all
code.  Any warnings on a submitted patch will cause an error.

Several examples and libraries had warnings/errors (missing returns
on functions, types, etc.).  Clean those up with this commit as well.
2018-02-17 18:47:10 -08:00
5328a8b91e additional mimetable fixes, additional string moves to progmem (#4371) 2018-02-16 16:56:33 -03:00
bb90e12ea0 Fix double-free in ESP8266WebServer (#4365)
In issue #4350, @mongozmaki found that the web server was accessing a
deleted variable in the destructor.  Implement his suggested change
and move the close() before any freeing.  Could also have simply
NULL'd out the _currentHeaders member after freeing as well.

Fixes issue #4350
2018-02-14 07:50:26 -08:00
291bc6bca5 Wrap mimetype strings in FSPTR()s (#4338)
Mimetype is now in progmem, so any accesses to it need to be using FPSTR()
wrapped Strings.

Fixes #4329
2018-02-10 08:12:38 -08:00
bcbd5961c0 add begin(port) to esp8266webserver, move some strings to flash, some refactoring (#4148)
* add begin(port) to esp8266webserver, move some strings to flash, some refactoring

* Moved more strings to flash, unified some strings

* move mimetable strings into a standalone file

* more string moves to flash, remove duplicates, refactor of template method, minor styling

* Reverted moving small string to flash (no heap advantage, reduces bin size)
2018-02-07 00:30:07 -03:00
4c23e66bba SSL server DEBUG, code cleanup fixes (#4280)
The server needs to load an X509 and RSA key, but instead of using
the existing loadObject() calls implemented its own.  Remove them and
use the standard ones instead.

The DEBUG_OUTPUT macro was undefined in the SSL Web server.  Add it
in do that when you compile with DEBUG=HTTP_SERVER it actually compiles.
2018-02-06 07:33:26 -08:00
bd1c7ce1dc Add SSL enabled WiFiServer, Updater, WebServer
Adds SSL server mode for WiFiServerSecure, for plain SSL connections,
ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for
encrypted OTA updates.

Example code is provided for all new options, as well as a BASH script for
generating their own, self-signed certificates.

Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure
password-based authentication.  HTTP Basic Authentication, the only supported
model presently, sends the username and password in *cleartext* and therefore
should *never* be used in any un-SSL encrypted channel unless you don't mind
sharing your login and password with anyone else on the internet.  Even if the
ESP8266 is not safety critical, this cleartext broadcast could expose you should
you reuse this password elsewhere on your network or the internet.
2018-01-10 11:56:32 +08:00
b4653f4d44 Fix URL parameter decoding in web server (#3313)
* Make HTTP server test data easier to examine

* Add HTTP server parameter tests containing & and =

* Fix URL parameter decoding in web server

The parameters string needs to be first split on & and =, and URL
decoding on parts done after that. Otherwise URL encoded & and = within
parameter names and values cause incorrect splitting.
2017-12-30 14:24:37 -03:00
1cd4a00cff Remove compiler warnings (#4043) 2017-12-29 13:14:56 -03:00
4c08389961 ESP8266WebServer: send empty chunk when done sending chunked response
Fixes https://github.com/esp8266/Arduino/issues/3225
2017-12-26 19:13:19 +01:00
9b3583d227 ESP8266WebServer: add CONTENT_LENGTH_UNKNOWN keyword 2017-12-26 19:13:19 +01:00
d0a4900e2d * extra validation breaking POST/DELETE rest calls (#4003) 2017-12-20 22:28:37 -03:00
89e5a481a7 increase HTTP SEND/POST timeout to 5s (#3971) 2017-12-16 00:01:43 -03:00
58937dd489 check nullptr in ESP8266WebServer (#3958) 2017-12-14 14:38:44 +08:00
03f1a540ca Added constant time string comparison to avoid possible time-based attacks. (#3836)
* Added constant time strings comparison to avoid possible time-based attacks

* Fixed data types

* Fixed indentation

* Moved string comnparison in constant time to String class; modified function body to assure constant time comparison despite compiler optimizations

* Removed wrong code

* Fixed error and prevented compiler optimization to delete u1 local variable

* Avoid timing attacks on string comparison

* Minor

* changed counter names, removed else
2017-11-21 01:56:05 -03:00
e71ec77a00 minimize number of exit paths in ESP8266WebServer::handleClient (#2557) 2017-10-22 13:58:53 +08:00
2fbc619569 allocate HTTPUpload struct on demand (#2557) 2017-10-22 13:58:53 +08:00
2abbc36da4 Put WiFi into station mode in examples (#3731) 2017-10-22 13:53:01 +08:00
eebc5ec593 Digest Authentication in Webserver Library (#3053)
* Add Digest Auth

* Check for Opaque and Nonce

* Remove Serial Debug and fix Indentation

* Added example sketch with documentation,Fixed indentation and Defaults

* Digest Authentication minor changes + new padded 32 digit random function

* update license to public domain

* renaming functions
2017-09-18 05:31:32 -05:00
1843030b8a Allow for double quotes in boundary (#3455)
as per https://tools.ietf.org/html/rfc2046#section-5.1.1
2017-09-12 07:41:54 -05:00
3b60f75635 Fix to parse parameters in the URL of a POST with empty content. (#3398) 2017-08-07 19:04:03 +03:00
85be0f300a Move MIME type table into PROGMEM to save RAM (#3475)
The extension -> MIME type routine uses lots of constant strings which end
up in the RODATA segment of RAM.  Refactor the comparison to use a table of
strings stored in PMMEM instead, freeing ~370 bytes for the heap.
2017-08-07 15:44:30 +03:00
f5b6e16474 Fixed: urlDecode done before parsing args (#2956) 2017-08-01 12:54:31 +03:00
0fa34430e6 ESP8266WebServer: add application/json content type 2017-05-15 18:38:24 +08:00
72ed29ad5f allow for overridable value for HTTP_UPLOAD_BUFLEN 2017-05-01 05:33:20 -05:00
2126146e20 Fix warnings (#2881)
* Suppressed -Wunused-parameter and -Wunused-function by casting to void unused identifiers.

* Explicit initialization of all fields to suppress -Wmissing-field-initializers.

* Fixed signed/unsigned integer comparison.

* memset initialization of structs.

* More -Wunused-parameter fixes.
2017-01-31 10:07:59 +03:00
4897e0006b match headers using equalsIgnoreCase (#2474)
Should fix: https://github.com/esp8266/Arduino/issues/2131
2016-09-02 11:49:14 +03:00
4dc4e75216 allow F() to be used for uri parameter (#2319) 2016-07-26 18:23:14 +08:00
0d996ab75e fix plain post content containing special chars being parsed as arguments (#2241)
this solution actually keeps the content as is, as long as it's text
(does not contain zeroes)
2016-07-07 00:59:26 +03:00
e7a529eb45 Fix missing separator between get and post arguments (#2222)
* fix urlDecode points

Fixes:

https://github.com/esp8266/Arduino/issues/1989
https://github.com/esp8266/Arduino/issues/2198

* Add missing separator between get and plain post arguments
2016-07-04 09:08:31 +03:00
af06847f4a fix urlDecode points (#2212)
Fixes:
https://github.com/esp8266/Arduino/issues/1989
https://github.com/esp8266/Arduino/issues/2198
2016-07-01 02:37:15 +03:00
6390cf6bd6 Chunked encoding (#2199)
* Add chunked encoding

example:
```cpp
  server.on("/chunked", HTTP_GET, [](){
    server.send(200, "text/html", String());
    server.sendContent("<!DOCTYPE html><html><head><title>Chunked
Test</title></head><body>");
    server.sendContent("<p>Chunk 1</p>");
    server.sendContent("<p>Chunk 2</p>");
    server.sendContent("<p>Chunk 3</p>");
    server.sendContent("<p>Chunk 4</p>");
    server.sendContent("<p>Chunk 5</p>");
    server.sendContent("<p>Chunk 6</p>");
    server.sendContent("</html>");
    server.sendContent("");//end of chunked
  });
```

* update examples, keep setContentLength and add bool _chunked

* fix wrong session id

* set _chunked to false earlier for cases where users use only sendContent
2016-06-28 14:35:12 +08:00
8db4dcea42 WifiClient::write refactoring (second attempt) (#2177)
* WiFiClient: use DataSource for writes

* ESP8266WebServer: delegate writing to WiFiClient

* ESP8266WebServer: set write timeout before sending content
2016-06-23 17:47:18 +08:00
35fd2ccd52 Make ESP8266WebServer::urlDecode public (#1419) 2016-06-13 15:17:17 +08:00
dbef28d394 add "include <ESP8266WiFi.h>" to ESP8266WebServer.h (#2094) 2016-06-06 12:21:01 +08:00
7450dd39ca ESP8266WebServer: save RAM by moving response strings to flash (#1732) 2016-04-18 10:43:00 +03:00
f6516b004f ESP8266WebServer: fix handling of empty POST
Fix handling of case when Content-Length is 0.
Change do {} while() loop into while(){} so that we don't wait 1000ms for data in case Content-Length is 0.
Also fix handling of cases when malloc or realloc return null.
2016-04-18 10:33:10 +03:00
b72cf2cdcf if data loss, exit 2016-04-13 08:20:07 +02:00
41bd7af07e slow client/network read fix 2016-04-11 16:36:37 +02:00
502c45c157 Update Parsing.cpp 2016-04-08 04:40:51 +02:00
3a95fb5a94 Update Parsing.cpp 2016-04-07 23:32:04 +02:00
8c675236c7 Update Parsing.cpp
Complete read POST/GET request.
2016-04-07 22:22:16 +02:00
00429e833d Merge pull request #1772 from gmag11/patch-2
Add more file types handling
2016-03-24 00:59:49 +03:00
67107ba19f Merge pull request #1771 from gmag11/patch-1
Update index.html
2016-03-24 00:59:27 +03:00
a14ae347e4 Fix buffer overflow in ESP8266WebServer::authenticate (#1790) 2016-03-18 23:33:35 +03:00