Add `load_cert_chain`, `load_verify_locations`, `get_ciphers` and
`set_ciphers` SSLContext methods in ssl library, and update asyncio
`open_connection` and `start_server` methods with ssl support.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
This adds asyncio ssl support with SSLContext and the corresponding
tests in `tests/net_inet` and `tests/multi_net`.
Note that not doing the handshake on connect will delegate the handshake to
the following `mbedtls_ssl_read/write` calls. However if the handshake
fails when a client certificate is required and not presented by the peer,
it needs to be notified of this handshake error (otherwise it will hang
until timeout if any). Finally at MicroPython side raise the proper
mbedtls error code and message.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Fixes two issues:
- None should not be allowed in the list, otherwise the corresponding entry
in ciphersuites[i] will have an undefined value.
- The terminating 0 needs to be put in ciphersuites[len].
Signed-off-by: Damien George <damien@micropython.org>
Changes are:
- use ssl.SSLContext.wrap_socket instead of ssl.wrap_socket
- disable check_hostname and call load_default_certs() where appropriate,
to get CPython to run the tests correctly
- pass socket.AF_INET to getaddrinfo and socket.socket(), to force IPv4
- change tests to use github.com instead of google.com, because certificate
validation was failing with google.com
Signed-off-by: Damien George <damien@micropython.org>
And only enable this method when the relevant feature is available in
mbedtls. Otherwise, if mbedtls doesn't support getting the peer
certificate, this method always returns None and it's confusing why it does
that. It's better to remove the method altogether, so the error trying to
use it is more obvious.
Signed-off-by: Damien George <damien@micropython.org>
This commit adds:
1) Methods to SSLContext class that match CPython signature:
- `SSLContext.load_cert_chain(certfile, keyfile)`
- `SSLContext.load_verify_locations(cafile=, cadata=)`
- `SSLContext.get_ciphers()` --> ["CIPHERSUITE"]
- `SSLContext.set_ciphers(["CIPHERSUITE"])`
2) `sslsocket.cipher()` to get current ciphersuite and protocol
version.
3) `ssl.MBEDTLS_VERSION` string constant.
4) Certificate verification errors info instead of
`MBEDTLS_ERR_X509_CERT_VERIFY_FAILED`.
5) Tests in `net_inet` and `multi_net` to test these new methods.
`SSLContext.load_cert_chain` method allows loading key and cert from disk
passing a filepath in `certfile` or `keyfile` options.
`SSLContext.load_verify_locations`'s `cafile` option enables the same
functionality for ca files.
Signed-off-by: Carlos Gil <carlosgilglez@gmail.com>
Also, IDF v5.1.2 is now supported, just not used by default.
IDF v5.0.2 still builds but we cannot guarantee continued support for this
version moving forward.
Signed-off-by: IhorNehrutsa <IhorNehrutsa@gmail.com>
Disable unused EC curves and default certificate bundle which is not
implemented in MicroPython. This reduces the firmware size significantly.
This follows commit 68f166dae9.
Signed-off-by: Carlos Gil Gonzalez <carlosgilglez@gmail.com>
So that ports don't need to specify each of these files, they can simply
refer to the appropriate make/cmake variable.
Signed-off-by: Damien George <damien@micropython.org>
Necessary to get coverage of the new event functions.
Deletes the case that called usleep(delay) for mp_hal_delay_ms(), it seems
like this wouldn't have ever happened anyhow (MICROPY_EVENT_POOL_HOOK is
always defined for the unix port).
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This is necessary to avoid watchdog timeout in long i2c.scan(), as
previously machine_i2c.c would call MICROPY_EVENT_POLL_HOOK if
MICROPY_EVENT_POLL_HOOK_FAST was not available.
Compared to previous implementation, this implementation removes the
ets_event_poll() function and calls the SDK function ets_loop_iter() from
MICROPY_INTERNAL_EVENT_HOOK instead. This allows using the port-agnostic
functions in more places.
There is a small behaviour change, which is that the event loop gets
iterated in a few more places (i.e. anywhere that mp_event_handle_nowait()
is called). However, this looks like maybe only modselect.c - and is
probably good to process Wi-Fi events in that polling loop.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This should be the equivalent of the previous event poll hook macro.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Previously this was not set, so potential for race conditions in interrupt
handlers this didn't issue SEV. (Which is currently all of them, as far as
I can see.)
Eventually we might be able to augment the interrupt handlers that wake the
main thread to call SEV, and leave the others as-is to suspend the CPU
slightly faster, but this will solve the issue for now.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This commit changes all uses in the rp2 port, and drivers that are
optionally supported by that port.
The old MICROPY_EVENT_POLL_HOOK and MICROPY_EVENT_POLL_HOOK_FAST macros are
no longer used for rp2 builds and are removed (C user code will need to be
changed to suit).
Also take the opportunity to change some timeouts that used 64-bit
arithmetic to 32-bit, to hopefully claw back a little code size.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
See previous commit for details of these functions. As of this commit,
these still call the old hook macros on all ports.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
These are intended to replace MICROPY_EVENT_POLL_HOOK and
MICROPY_EVENT_POLL_HOOK_FAST, which are insufficient for tickless ports.
This implementation is along the lines suggested here:
https://github.com/micropython/micropython/issues/12925#issuecomment-1803038430
Currently any usage of these functions expands to use the existing hook
macros, but this can be switched over port by port.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This header has no include guards and is apparently only supposed to be
included from py/mphal.h.
This work was funded through GitHub Sponsors.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
This patch simplifies the connection and sockets polling code, by switching
to a soft-timer to schedule polling code, and by using one node for
scheduling. This also fixes any issues that could result from using a heap
allocated machine_timer, and includes better handling of the sockets poll
list.
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
This is usually called on soft-reboot, a NIC can implement this to do any
necessary cleaning up (such as invalidating root pointers).
Signed-off-by: iabdalkader <i.abdalkader@gmail.com>
This commit fixes all known floating-point bugs with the pico-sdk. There
are two things going on here:
- Use a custom pico float component so that the pico-sdk doesn't include
its math functions, and then provide our own from lib/libm.
- Provide a wrapper for __aeabi_fadd to fix the infinity addition bug.
Prior to this commit, the following tests failed on the rp2 port: cmath_fun
float_parse math_domain math_domain_special math_fun_special. With this
commit, all these tests pass.
Thanks to @projectgus for how to approach this fix.
Signed-off-by: Damien George <damien@micropython.org>
The installation instructions for ESP32 TinyPICO board contained a typo
that used a non-standard baud rate 912600 instead of 921600. This made the
upload command fail on some Windows computers.
Signed-off-by: Scott Zhao <zhaomh1998@outlook.com>
The user memory area - accessible by machine.RTC.memory() -- will now
survive most reboot causes. A power-on reset (also caused by the EN pin on
some boards) will clean the memory. When this happens, the magic number
not found in the user memory will cause initialization.
After other resets (triggered by watchdogs, machine.reset(), ...), the user
is responsible to check and validate the contents of the user area.
This new behaviour can be changed by enabling
MICROPY_HW_RTC_MEM_INIT_ALWAYS: in that case the RTC memory is always
cleared on boot.
Signed-off-by: Thomas Wenrich <twenrich@gmail.com>
The amount of free IRAM in ESP32 SPIRAM builds is very small and went over
the limit due to commit 30b0ee34d3. This
commit enables further optimisations to reduce IRAM usage.
Signed-off-by: Damien George <damien@micropython.org>
CCaches are scoped per-job.
Uses https://github.com/hendrikmuhs/ccache-action to get desired behaviour
(updating the cache on each run).
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Allows splitting the esp32 job into multiple parts without too much
boilerplate. The matrix is parameterised using the name of the function to
call in tools/ci.sh, to minimise the dependency on GitHub Actions.
This can get esp32 build times down around 3m if IDF is cached already.
If the cache is cold, the cache preparation step on each job can double up
against each other. However, restructuring the workflow to not do this
seems either complex or requires copy-pasting the entire cache step.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Cache is keyed on the ESP-IDF version used in CI, so there shouldn't be any
cache invalidation issues when ESP-IDF version changes.
Restoring from cache takes approx 15s, compared to 2-3m to perform these
steps (ESP-IDF tools install, ESP-IDF clone, ESP-IDF submodule clone) the
first time.
Cache size is approx 1.6GB, the git clone is tweaked as much as possible to
keep the size down.
Signed-off-by: Angus Gratton <angus@redyak.com.au>
Configures the I2S PLL to produce a frequency that the I2S clock generator
can use to create an optimal SCK frequency. The I2S PLL configuration
table is automatically generated at build time.
Fixes issue #10280.
Signed-off-by: Mike Teachman <mike.teachman@gmail.com>
This board has MICROPY_VFS enabled, which should take precedence over
MICROPY_MBFS (and did prior to 22d9116c8c).
Signed-off-by: Damien George <damien@micropython.org>
All ports using this common configuration already enable time/date
validation, so this commit is a no-op change.
Signed-off-by: Damien George <damien@micropython.org>
Also move MICROPY_PY_PENDSV_ENTER/REENTER/EXIT to mphalport.h, for ports
where these are not already there.
This helps separate the hardware implementation of these macros from the
MicroPython configuration (eg for renesas-ra and stm32, the IRQ static
inline helper functions can now be moved to irq.h).
Signed-off-by: Damien George <damien@micropython.org>
MICROPY_BEGIN_ATOMIC_SECTION/MICROPY_END_ATOMIC_SECTION belong more to the
MicroPython HAL rather than build configuration settings, so move their
default configuration to py/mphal.h, and require all users of these macros
to include py/mphal.h (here, py/objexcept.c and py/scheduler.c).
This helps ports separate configuration from their HAL implementations, and
can improve build times (because mpconfig.h is included everywhere, whereas
mphal.h is not).
Signed-off-by: Damien George <damien@micropython.org>