Commit Graph

22 Commits

Author SHA1 Message Date
Damien George
ea22406f76 extmod/modussl_mbedtls: Use mbedtls_entropy_func for CTR-DRBG entropy.
If mbedtls_ctr_drbg_seed() is available in the mbedtls bulid then so should
be mbedtls_entropy_func().  Then it's up to the port to configure a valid
entropy source, eg via MBEDTLS_ENTROPY_HARDWARE_ALT.
2018-05-31 21:52:29 +10:00
Damien George
98b9f0fc9d extmod/modussl_mbedtls: Populate sock member right away in wrap_socket.
Otherwise the "sock" member may have an undefined value if wrap_socket
fails with an exception and exits early, and then if the finaliser runs it
will try to close an invalid stream object.

Fixes issue #3828.
2018-05-31 21:47:26 +10:00
Damien George
cf31d384f1 py/stream: Switch stream close operation from method to ioctl.
This patch moves the implementation of stream closure from a dedicated
method to the ioctl of the stream protocol, for each type that implements
closing.  The benefits of this are:

1. Rounds out the stream ioctl function, which already includes flush,
   seek and poll (among other things).

2. Makes calling mp_stream_close() on an object slightly more efficient
   because it now no longer needs to lookup the close method and call it,
   rather it just delegates straight to the ioctl function (if it exists).

3. Reduces code size and allows future types that implement the stream
   protocol to be smaller because they don't need a dedicated close method.

Code size reduction is around 200 bytes smaller for x86 archs and around
30 bytes smaller for the bare-metal archs.
2018-04-10 13:41:32 +10:00
Damien George
7df2ebbfea extmod/modussl_mbedtls: Clean up mbedtls state when error during setup.
Without this patch, if the SSL handshake fails (eg the connection was lost)
then the mbedtls state (memory) will never be freed.
2017-12-13 14:48:53 +11:00
Damien George
10b76a9620 extmod/modussl_mbedtls: Allow to compile with unix coverage build.
Fixes a few C warnings.  No functional changes.
2017-10-30 15:41:37 +11:00
Eric Poulsen
74ec52d857 extmod/modussl: Add finaliser support for ussl objects.
Per the comment found here
https://github.com/micropython/micropython-esp32/issues/209#issuecomment-339855157,
this patch adds finaliser code to prevent memory leaks from ussl objects,
which is especially useful when memory for a ussl context is allocated
outside the uPy heap.  This patch is in-line with the finaliser code found
in many modsocket implementations for various ports.

This feature is configured via MICROPY_PY_USSL_FINALISER and is disabled by
default because there may be issues using it when the ussl state *is*
allocated on the uPy heap, rather than externally.
2017-10-30 15:25:32 +11:00
Damien George
a3dc1b1957 all: Remove inclusion of internal py header files.
Header files that are considered internal to the py core and should not
normally be included directly are:
    py/nlr.h - internal nlr configuration and declarations
    py/bc0.h - contains bytecode macro definitions
    py/runtime0.h - contains basic runtime enums

Instead, the top-level header files to include are one of:
    py/obj.h - includes runtime0.h and defines everything to use the
        mp_obj_t type
    py/runtime.h - includes mpstate.h and hence nlr.h, obj.h, runtime0.h,
        and defines everything to use the general runtime support functions

Additional, specific headers (eg py/objlist.h) can be included if needed.
2017-10-04 12:37:50 +11:00
Damien George
beeb7483d8 extmod/modussl_mbedtls: Allow to compile with MBEDTLS_DEBUG_C disabled.
With MBEDTLS_DEBUG_C disabled the function mbedtls_debug_set_threshold()
doesn't exist.  There's also no need to call mbedtls_ssl_conf_dbg() so a
few bytes can be saved on disabling that and not needing the mbedtls_debug
callback.
2017-09-06 17:34:45 +10:00
Eric Poulsen
d5191edf7f extmod/modussl_mbedtls.c: Add ussl.getpeercert() method.
Behaviour is as per CPython but only the binary form is implemented here.
A test is included.
2017-08-16 15:01:00 +10:00
Eric Poulsen
6b4d4a25ce extmod/modussl_mbedtls: Implement non-blocking SSL sockets. 2017-07-26 11:34:33 +10:00
Damien George
0893b273b9 extmod/modussl_mbedtls: Make socket.close() free all TLS resources.
Also, use mp_stream_close() helper to close the underlying socket.
2017-07-25 14:00:45 +10:00
Damien George
a10467b58a extmod/modussl_mbedtls: When reading and peer wants to close, return 0.
If this particular code is returned then there's no more data, it's not
really an error.
2017-07-25 11:53:26 +10:00
Damien George
aa7be82a4d all: Don't include system errno.h when it's not needed. 2017-07-24 18:43:14 +10:00
Damien George
513dfcf4fe extmod/modussl_mbedtls: Support server_side mode.
To use server_side mode one must pass valid values in the "key" and "cert"
parameters.
2017-07-24 15:08:59 +10:00
Damien George
204ded848e extmod: Update for changes to mp_obj_str_get_data. 2017-03-29 12:56:45 +11:00
Paul Sokolovsky
59a1201da9 all: Remove readall() method, which is equivalent to read() w/o args.
Its addition was due to an early exploration on how to add CPython-like
stream interface. It's clear that it's not needed and just takes up
bytes in all ports.
2016-11-14 00:24:22 +03:00
Paul Sokolovsky
06234a6115 extmod/modussl_mbedtls: Add dummy setblocking() method.
Accepts only value of True.
2016-10-15 23:46:13 +03:00
Damien George
75af908c0e extmod: Use mp_raise_OSError helper function. 2016-10-07 13:52:14 +11:00
Paul Sokolovsky
46ab042230 extmod/modussl_mbedtls: Add server_hostname param for wrap_socket().
In CPython, module-level .wrap_socket() function actually doesn't accept
(or document) this param, only SSLContext.wrap_socket() has.
2016-09-23 01:44:23 +03:00
Paul Sokolovsky
080e4d44f3 extmod/modussl_mbedtls: Use 2-component include paths.
This is required to use mbedTLS versions from various sources, e.g.
mainline vs embedded into Zephyr RTOS.
2016-09-22 01:30:48 +03:00
Paul Sokolovsky
5f0ecb72c2 extmod/modussl_mbedtls: Implement key= and cert= args to wrap_socket().
Unlike standard keyfile= and certfile=, these accept byte buffer objects
(to not depend on FS implementation).
2016-09-22 00:17:44 +03:00
Paul Sokolovsky
9ea2882317 extmod/modussl_mbedtls: Initial implementation of mbedTLS ussl module. 2016-09-21 21:25:33 +03:00