* Add setSSLVersion call to SSL object
Allow users to only allow specific TLS versions for connections with an
additional call in their app, similar to the setCiphers call.
Fixes#7918
* Add SSL level options to WiFiServerSecure
* WiFiServerSecure: Cache the SSL sessions
* Add SSL session caching to HTTPS server examples
* Document server SSL session caching
* Fix an incomplete sentence in the documentation
* Document BearSSL::Session
* Use the number of sessions instead of the buffer size in ServerSessions' constructors
* PoC cache configuration control
Expaned boards.txt.py to allow new MMU options and create revised .ld's
Updated eboot to pass 48K IRAM segments.
Added Cache_Read_Enable intercept to modify call for 16K ICACHE
Update platform.txt to pass new mmu options through to compiler and linker preprocessor.
Added quick example: esp8266/MMU48K
* Style corrections
Added MMU_ qualifier to new defines.
Moved changes into their own file.
Don't know how to fix platformio issue.
* Added detailed description for Cache_Read_Enable.
Updated tools/sizes.py to report correct IRAM size and indicate ICACHE size.
Merged in earlephilhower's work on unaligned exception. Refactored and added
support for store operations and changed the name to be more closely aligned
with its function. Improved crash reporting path.
* Style and MMU_SEC_HEAP corrections.
* Improved asm register usage.
Added some inline functions to aid in byte and short access to iRAM.
* only byte read has been tested
Updated .ld file to work better with platform.io; however, I am still
missing some steps, so platformio will still fail.
* Interesting glitch in boards.txt after github merge. A new board in
master was missing new additions added by boards.txt.py in the PR.
Which the CI flags when it rebuilds boards.txt.
* Support for 2nd Heap, excess IRAM, through umm_malloc.
Adapted changes to umm_malloc, Esp.cpp, StackThunk.cpp,
WiFiClientSecureBearSSL.cpp, and virtualmem.ino to irammem.ino from
@earlephilhower PR #6994.
Reworked umm_malloc to use context pointers instead of copy context.
umm_malloc now supports allocations from IRAM. Added class
HeapSelectIram, ... to aid in selecting alternate heaps,
modeled after class InterruptLock.
Restrict alloc request from ISRs to DRAM.
Never ending improvements to debug printing.
Sec Heap option now pulls in free IRAM left over in the 1st 32K block.
Managed through umm_malloc with HeapSelectIram.
Updated examples.
* Post push CI cleanup.
* Cleanup part II
* Cleanup part III
* Updates to support platformio, maybe.
* Added exception C wrapper replacement.
* CI Cleanup
* CI Cleanup II
Don't know what to do with platformio it doesn't like my .S file.
ifdef out USE_ISR_SAFE_EXC_WRAPPER to block the new assemlby module
from building on platformio only.
* Changes to exc-c-wrapper-handler.S to assemble under platformio.
* For platformio, Correction to toolchain-xtensa include path.
@mcspr, Thankyou!
* Temporarily added --print-memory-usage to ld parameters for cross-checking IRAM size.
* undo change to platform.txt
* correct merge conflict. take 1
* Fixed #if... for building umm_get_oom_count. It was not building when UMM_STATS_FULL was used.
* Commented out XMC support. Compatibility issues with PoC when using 16K ICACHE.
* Corrected size.py, DRAM bracketing changed to not include ICACHE with DRAM total.
* Added additional _context for support of use of UMM_INLINE_METRICS.
Corrected some UMM_POSION missed edits.
* Changes to clear errors and warnings from toolchain 10.1
Several fixes and improvements to example MMU48K.
With the improved optimization in toolchain 10.1 The example divide by 0
exception was failing with a HWDT event instead of its exception handler.
The compiler saw the obscured divide by 0 and replaced it with a break point.
* Isolated incompatable definitions related to _xtos_set_exception_handler.
GDBSTUB definitions are different from the BootROM's.
* Update tools/platformio-build.py
Co-authored-by: Max Prokhorov <prokhorov.max@outlook.com>
* Requested changes
Changed mmu related usages of ETS_... defines to DBG_MMU_...
Cleanup in example MMU48K.ino. Removed stale memory reference macro
and mmu_status print statement. Cleanup printf '\n' to be '\r\n'.
Improved issolation of development debug prints from the rest of the debug prints.
* Corrected comment. And added missing include.
* Improve comment.
* style and comment correction
* Added draft mmu.rst file and updated index.
Updated example HeapMetric.ino to also illustrate use of IRAM
Improved comments in exc-c-wrapper-handler.S. Added insurance IRQ disable.
* Updated mmu.rst
Improved function name uniqueness for is_iram, is_dram, and is_icache by
adding prefix mmu_. Also, made them available outside of a debug build.
Made pointer precision width more specific.
Made some of the static inline functions in mmu_irm.h safe for ISRs by
setting then for always inline.
* Add a default MMU_IRAM_SIZE value for a new CI test to pass.
Extended use 'umm_heap_context_t *_context' argument in ..._core functions
and expanded its usage to reduce unnecessary repeated calls to
umm_info(NULL, false), also removed recursion from umm_info(NULL, true).
Fixed stack buffer length in umm_info_safe_printf_P and heap.cpp.
Added example for creating an IRAM reserve section.
Updated mmu.rst. Grammar and spelling corrections.
* CI appeasement
* CI appeasement with comment correction.
* Ensure SYS always runs with DRAM Heap selected.
* Add/move heap stack overflow/underflow check to Esp.cpp where the event was discarded.
* Improved comment clarity of purpose for IramReserve.ino. Clean up MMU48K.ino
* Added missing #include
* Corrected usage of warning
* CI appeasement and use #message not #pragma message
* Updated git version of eboot.elf to match build version.
Good test catch.
* Remove conditional build option USE_ISR_SAFE_EXC_WRAPPER, always install.
Use the replacement wrapper on non32xfer_exception_handler install.
Added comments to code describing some exception handling issues.
* Updated mmu.rst
* Expanded and clarified comments.
Limited access to some detailed typdefs/prototypes to .cpp
modules, to avoid future build conflicts.
Completed TODO for verifing that the "C" structure struct __exception_frame
matches the ASM version.
Fixed some typo's, code rot, and added some more cases in examaple irammem.ino.
Refactored a little and reordered printing to ease comparison between methods.
Corrected `#ifdef __cplusplus` coverage area. Cleaned up `extern "C" ...` usage.
Fixes issues with including mmu_iram.h or esp8266_undocumented.h in .c files.
* Style fixes and more cleanup
* Style fix
* Remove unnessasary IRAM_ATTR from install_non32xfer_exception_handler
Some comment tuning.
In the context of _xtos_set_exception_handler and the functions it registers,
changed to type int for exception cause type. This is also the type used by gdbstub
and some other Xtensa files I found.
* move WiFiClientSecure to WiFiClientSecureCtx and add WiFiClientSecure wrapper to handle the context
* explicitely disable context copy constructor (similar to operator=)
* move (static) probeMaxFragmentLength back from ctx to WiFiClientSecure
* route sslclient::status() to context's ::status()
PR #7464 removed the reset of client authentication settings when server
authentication settings were changed, however it never did initialize
the client authentication information to nullptr in the constructor.
This can result in crashes during connections when client certs are not
applied.
Fix by resetting the client authenticaion variables on object
construction.
WiFiClientSecure.setInsecure() was clearing the secret key (but not the
_chain public client cert) incorrectly. The other server authentication
modes also had the same effect.
The only way for it to work would be if the app first set the server
authentication method and then the client keys. There's no good reason
for this.
Adjust the connection to only clear the server id methods and leave the
client ID untouched.
Fixes#7455
* Fix WiFiClientSecure::available blocking
Added a check of WiFiClient::availableForWrite to prevent blocking writes when the _run_until blocking flag is false
* change availForWrite from int to size_t
* add timeout to _run_until loop
fixes#6464
* use polledTimeout with _timeout millis
A typo was present in several ifdefs which would allow a server to negotiate
an EC connection even when in basic SSL mode. When this happened, a crash
would occur (since there were no EC or advanced AES modes installed).
Fix the typo, fixes#6397
* Add a dump of received FP and CERT when in debug mode
To simplify BearSSL debugging, print the received FP (when it doesn't
match the expected) and the binary certificate (always), when in debug
mode.
* Add documentation section on FP mismatch in rare instances.
When in basic SSL mode, don't include ciphers for EC for the server by
replacinf the BearSSL "support everything" init call with our own
version which obeys the requested BASIC_SSL.
Saves ~46KB on TLS servers, about the same as basic SSL saves for
clients.
* Use bounded waiting instead of infinite one to avoid deadlock
* Reduce timeout to fail much sooner if server is not acking our data
* Return timeout to 15 seconds on every disconnect
* Add comment to introduced delay to make it super clear
* Drop X509 context after successful server verification to save heap space
After completing handshake in BSSL, server is already verified and X509 context is no longer needed. Depending on verification method it save more or less heap space.
* Bugfix: Report not connected if there is no ready data and TLS connection is broken
Added the change for reporting not connected if TLS session is broken and there is no more buffered decrypted data. TLS can be broken if message authentication (MAC) cannot be verified. BearSSL enters BR_SSL_CLOSED state when processing invalid encrypted application data fragment. In such situation the current implementation get stuck forever unless user has own timeout mechanism build on top of WiFiClientSecureBearSSL. This change introduce fail fast via connected() returning false. Further it imply return -1 from read methods indicating broken channel upon which user should perform reconnect if needed.
Fixes#6005
Fixes#5996
* Add extensions to probe message for EC, others
probeMFLN was failing on some connection attempts to servers which only
supported EC based ciphers because it did not include the proper TLS
handshake extensions to list what kinds of ECs it supported.
Add those to the probeMFLN ClientHello message to make probes pass.
* Add client.getMFLNStatus method, returns MFLN state
After a connection it is useful to check whether MFLN negotiation
succeeded. getMFLNStatus returns a bool (valid only after
client.connect() succeeds, of course) indicating whether the requested
buffer sizes were negotiated successfully.
* New menu option to minimize BSSL ROM with only RSA
Adds a menu option and define to limit BearSSL to older RSA connection
options. This saves ~45K program memory and can speed up connections
since EC, while more secure, is significantly slower on the chip.
The supported ciphers are identical to the ones that axTLS supported.
Fixes#6005
* Add default SSLFLAGS(blank) to platform.txt
* Fix unused variable warning
* Add clarifying comment to menu items
Because the constructors of the BSSL client and server add a reference
count to the stack_thunk, if there is no copy constructor defined then
the stack thunk reference count can get out of sync causing the stack
thunk memory to be freed while still in use. That could cause random
crashes or hangs.
Add a very basic copy constructor to the WiFiClientSecure and
WiFiServerSecure objects, using the default operator= to duplicate
simple types and shared_ptr classes.
The _cipher_list element (used only w/custom ciphers) could be freed
while still in use if copies of the WiFiClientSecure object were made.
Use a shared_ptr which will only free when the last reference is
deleted.
The axTLS compatibility mode calls allocate and store elements needed
for SSL connections (unlike normal BearSSL calls). These elements could
be freed mistakenly while still in use if copies of the WiFiClientSecure
were made by the app.
Convert to a separately managed shared_ptr to ensure they live as long
as any referencing objects before deletion.
Same done for the axTLS compatability for WiFiServerSecure.
Many objects now expect a WiFiClient* object to be passed to them and
potentially re-used multiple times (HTTPClient, others). Clearing the
authentication options on a ::stop means they can never reconnect.
Remove the option clearing in ::stop
Fixes#5379
* WIP compile examples on host with 'make examples'
* WIP bufferize tcp input
* WIP Makefile
* WIP network to rework, tcp/udp to factorize, udp addresses broken
* minor changes to the core
* WIP basic udp working
* WIP mdns
* WIP mcast receiving, not sending
* WIP mdns OK
* beta version
* SSL + doc
* update travis host test command
* licenses
* typo
* doc: arduino builder is not around: declare functions before calling them
* fix with latest SSL PR, compile in 32 bits mode
* fix make clean
* make -m32 optional
* 32bits compiler ability tester
* WIP
* WIP (fix 1 vtable error, still another one to hunt with using spiffs)
* example astyle
* fix os_printf_plus
* load / save mock spiffs
* fix style
* fix using spiffs/mock
* don't mess ram
* update doc
* remove leftover
* optimization -Os except for CI, rename ARCH32 to FORCE32
* revert useless cast (not even compiled)
* remove unused function
* use proper type for pointer arithmetics
* makefile: sketch object and cpp file moved to bin/ directories
easier to clean, and IDE don't like them
* changes for review
* make use of %zd
* less verbose makefile by default (option)
* update readme
* Update to BearSSL 0.6+ release, add AES_CCM modes
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options.
* Enable the aes_ccm initialization in client/server
* Initial attempt
* Working code with second stack thunking
* Remove #ifdefs in .S file, not needed.
* Clean up thunks and remove separate stack flag
* Fix PIO assembler errors
* Remove #ifdef code changes, ensure same code as PC
Remove "#ifdef ESP8266;...;#else;...;#endif" brackets in BearSSL to
ensure the host-tested code is the same as the ESP8266-run code.
* Move to latest BearSSL w/EC progmem savings
* Merge with master
* Add br_thunk_* calls to do ref counting, painting
Add reference counting br_thunk_add/del_ref() to replace stack handling code
in the class.
Add in stack painting and max usage calculation.
* Add in postmortem stack dump hooks
When a crash occurs while in the second stack, dump the BSSL stack and
then also the stack that it was called from (either cont or sys).
* Update stack dump to match decoder expectations
* Move thunk to code core for linkiage
The thunk code needs to be visible to the core routines, so move it to the
cores/esp8266 directory. Probably need to refactor the stack setup and the
bearssl portion to avoid dependency on bearssl libs in cores/esp8266
* Add 2nd stack dump utility routine
* Refactor once more, update stack size, add stress
Make stack_thunks generic, remove bearssl include inside of cores/esp8266.
Allocate the stack on a WiFiServerSecure object creation to avoid
fragmentation since we will need to allocate the stack to do any
connected work, anyway.
A stress test is now included which checks the total BearSSL second
stack usage for a variety of TLS handshake and certificate options
from badssl.org.
* Update to latest to-thunks branch
* Add BearSSL device test using stack stress
Run a series of SSL connection and transmission tests that stress
BearSSL and its stack usage to the device tests.
Modify device tests to include a possible SPIFFS generation and
upload when a make_spiffs.py file is present in a test directory.
* Use bearssl/master branch, not /to-thunks branch
Update to use the merged master branch of bearssl. Should have no code
changes.
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
Print a warning when in debug mode when a BearSSL connection tries to
connect without having any defined authentication methods, since it will
fail.
Completely remove the empty axTLS compatibilty method
"::verify(char *fp, char *name)" because it can't be done w/BearSSL w/o
user code changes, and always failed. Better to have a compile failure
when we know at compile time the app won't do what is expected.
Completes the changes started by @d-a-v in PR #4833
Add a method allowing a user to send in a character string for the
fingerprint, like axTLS supported.
Implements part of PR #4833 from @d-a-v with changes requested in
discussion.
The BearSSL second stack, once allocated, was never deallocated. The
reference count of the stack pointer never hit 0 due to the initial
creation counting as one. Now, check to see if there is only one use_count
and if so then delete the stack.
SSL Sessions enable most of the SSL handshake to be skipped when both
client and server agree to use them. Add a BearSSLSession class and
an optional setting to the SSL client to enable this.
Note that SSL sessions are unrelated to HTTP sessions. They are
ephemeral and only relate to the SSL parameters, not anything at
the HTTP protocol level.
The cipher list count/pointer was cleared separately in the three
constructors available. Move this reset to _clear() to reduce code
duplication and keep the semantics.
Pull in latest BearSSL head (0.6 + minor additions) release and add AES_CCM
modes to the encryption options. Enable the aes_ccm initialization in client/server
The EC mul20 and square20 code was identical in two different files,
but because these copies were static, we ended up with an extra 6k of
duplicated code. Updated BearSSL to make them shared, saving 6KB.
The cipher list values were not initialized to NULL appropriately for the
BearSSL::WiFiClientSecure() constructor called by the Server object.
This caused a crash as a random value was free'd when conecting to the
SSL server object.
* Allow cipher specification for BearSSL
BearSSL has many more ciphers than axTLS, but they are more compute intensive
and slower. Add an option to use only the same, limited security, axTLS ciphers
as well as allow users to specify any suite of ciphers they want using standard
BearSSL formats.
Fixes#5110
* Rename methods to avoid axtls references.
* Allow std::vector to set a list of allowed ciphers
For C++ afficionados, allow std::vectors to be passed in to the setCipher()
routine.
The BearSSL object will now keep a copy of any set ciphers and free on object
destruction. These custom lists should normally only be 1-4 entries long, so it
is not expected to be a memory hog having this extra copy.
As part of the "clear connection configuration for reused objects"
patch, a ::stop would reset the self-signed, trust anchors, etc.
WiFiClient, unfortunately, calls ::stop as part of the connection
process, so all of these settings were lost.
Now only clear the connection settings on ::stop if we've already
been connected.
Also update the github public key which changed yet again.
Fixes#5086
