Commit Graph

30 Commits

Author SHA1 Message Date
Thorsten von Eicken 9aa214077e extmod/modussl: Improve exception error messages.
This commit adds human readable error messages when mbedtls or axtls raise
an exception.  Currently often just an EIO error is raised so the user is
lost and can't tell whether it's a cert error, buffer overrun, connecting
to a non-ssl port, etc.  The axtls and mbedtls error raising in the ussl
module is modified to raise:

    OSError(-err_num, "error string")

For axtls a small error table of strings is added and used for the second
argument of the OSErrer.  For mbedtls the code uses mbedtls' built-in
strerror function, and if there is an out of memory condition it just
produces OSError(-err_num).  Producing the error string for mbedtls is
conditional on them being included in the mbedtls build, via
MBEDTLS_ERROR_C.
2020-07-20 23:41:45 +10:00
Jim Mussared def76fe4d9 all: Use MP_ERROR_TEXT for all error messages. 2020-04-05 15:02:06 +10:00
Damien George 69661f3343 all: Reformat C and Python source code with tools/codeformat.py.
This is run with uncrustify 0.70.1, and black 19.10b0.
2020-02-28 10:33:03 +11:00
Damien George 09376f0e47 py: Introduce MP_ROM_NONE macro for ROM to refer to None object.
This helps to prevent mistakes, and allows easily changing the ROM value of
None if needed.
2019-12-27 22:51:17 +11:00
Damien George 0cc8910bc5 extmod: Give vars/funcs unique names so STATIC can be set to nothing.
Fixes issue #5018.
2019-08-20 15:21:09 +10:00
Paul Sokolovsky c76445315f extmod/modussl_axtls: Add non-blocking mode support.
It consists of:

1. "do_handhake" param (default True) to wrap_socket(). If it's False,
handshake won't be performed by wrap_socket(), as it would be done in
blocking way normally. Instead, SSL socket can be set to non-blocking mode,
and handshake would be performed before the first read/write request (by
just returning EAGAIN to these requests, while instead reading/writing/
processing handshake over the connection). Unfortunately, axTLS doesn't
really support non-blocking handshake correctly. So, while framework for
this is implemented on MicroPython's module side, in case of axTLS, it
won't work reliably.

2. Implementation of .setblocking() method. It must be called on SSL socket
for blocking vs non-blocking operation to be handled correctly (for
example, it's not enough to wrap non-blocking socket with wrap_socket()
call - resulting SSL socket won't be itself non-blocking).  Note that
.setblocking() propagates call to the underlying socket object, as
expected.
2019-04-30 17:26:37 +10:00
Damien George 206c65f22c extmod/modussl_axtls: Use MP_ROM_PTR for objects in allowed args array. 2018-08-14 21:47:07 +10:00
Damien George 7a67f057d7 extmod/modussl: Support polling in ussl objects by passing through ioctl
The underlying socket can handling polling, and any other transparent ioctl
requests.  Note that CPython handles the case of polling an ssl object by
polling the file descriptor of the underlying socket file, and that
behaviour is emulated here.
2018-07-20 13:05:04 +10:00
Damien George d11fb09333 extmod/modussl_axtls: Fix __del__ to point to mp_stream_close_obj. 2018-06-13 13:16:21 +10:00
Damien George cf31d384f1 py/stream: Switch stream close operation from method to ioctl.
This patch moves the implementation of stream closure from a dedicated
method to the ioctl of the stream protocol, for each type that implements
closing.  The benefits of this are:

1. Rounds out the stream ioctl function, which already includes flush,
   seek and poll (among other things).

2. Makes calling mp_stream_close() on an object slightly more efficient
   because it now no longer needs to lookup the close method and call it,
   rather it just delegates straight to the ioctl function (if it exists).

3. Reduces code size and allows future types that implement the stream
   protocol to be smaller because they don't need a dedicated close method.

Code size reduction is around 200 bytes smaller for x86 archs and around
30 bytes smaller for the bare-metal archs.
2018-04-10 13:41:32 +10:00
Damien George e511f24ddd extmod/modussl_axtls: Implement key and cert kw args to wrap_socket.
The key and cert must both be a str/bytes object in DER format.
2017-11-24 15:50:40 +11:00
Paul Sokolovsky 1cf6d488b3 extmod/modussl_axtls: Typo fix in comment. 2017-11-02 00:16:03 +02:00
Paul Sokolovsky 0719c936fb extmod/modussl_axtls: socket_read: Handle EAGAIN.
If SSL_EAGAIN is returned (which is a feature of MicroPython's axTLS fork),
return EAGAIN.

Original axTLS returns SSL_OK both when there's no data to return to user
yet and when the underlying stream returns EAGAIN. That's not distinctive
enough, for example, original module code works well for blocking stream,
but will infinite-loop for non-blocking socket with EAGAIN. But if we fix
non-blocking case, blocking calls to .read() will return few None's initially
(while axTLS progresses thru handshake).

Using SSL_EAGAIN allows to fix non-blocking case without regressing the
blocking one.

Note that this only handles case of non-blocking reads of application data.
Initial handshake and writes still don't support non-blocking mode and must
be done in the blocking way.
2017-11-02 00:14:11 +02:00
Eric Poulsen 74ec52d857 extmod/modussl: Add finaliser support for ussl objects.
Per the comment found here
https://github.com/micropython/micropython-esp32/issues/209#issuecomment-339855157,
this patch adds finaliser code to prevent memory leaks from ussl objects,
which is especially useful when memory for a ussl context is allocated
outside the uPy heap.  This patch is in-line with the finaliser code found
in many modsocket implementations for various ports.

This feature is configured via MICROPY_PY_USSL_FINALISER and is disabled by
default because there may be issues using it when the ussl state *is*
allocated on the uPy heap, rather than externally.
2017-10-30 15:25:32 +11:00
Damien George f4059dcc0c all: Use NULL instead of "" when calling mp_raise exception helpers.
This is the established way of doing it and reduces code size by a little
bit.
2017-10-24 22:39:36 +11:00
Damien George a3dc1b1957 all: Remove inclusion of internal py header files.
Header files that are considered internal to the py core and should not
normally be included directly are:
    py/nlr.h - internal nlr configuration and declarations
    py/bc0.h - contains bytecode macro definitions
    py/runtime0.h - contains basic runtime enums

Instead, the top-level header files to include are one of:
    py/obj.h - includes runtime0.h and defines everything to use the
        mp_obj_t type
    py/runtime.h - includes mpstate.h and hence nlr.h, obj.h, runtime0.h,
        and defines everything to use the general runtime support functions

Additional, specific headers (eg py/objlist.h) can be included if needed.
2017-10-04 12:37:50 +11:00
Javier Candeira 35a1fea90b all: Raise exceptions via mp_raise_XXX
- Changed: ValueError, TypeError, NotImplementedError
  - OSError invocations unchanged, because the corresponding utility
    function takes ints, not strings like the long form invocation.
  - OverflowError, IndexError and RuntimeError etc. not changed for now
    until we decide whether to add new utility functions.
2017-08-13 22:52:33 +10:00
Alexander Steffen 55f33240f3 all: Use the name MicroPython consistently in comments
There were several different spellings of MicroPython present in comments,
when there should be only one.
2017-07-31 18:35:40 +10:00
Damien George aa7be82a4d all: Don't include system errno.h when it's not needed. 2017-07-24 18:43:14 +10:00
Paul Sokolovsky 4368ae3142 extmod/modussl_axtls: Allow to close ssl stream multiple times.
Make sure that 2nd close has no effect and operations on closed streams
are handled properly.
2017-07-20 00:20:53 +03:00
Paul Sokolovsky 82b9915b34 extmod/modussl_axtls: Implement server_hostname arg to wrap_socket().
As enabled by SNI support in axTLS v2+.
2017-06-14 01:01:12 +03:00
Paul Sokolovsky 75c3f2a7ab extmod/modussl_axtls: Update for axTLS 2.1.3.
ssl_client_new() accepts new SSL_EXTENSIONS* argument.
2017-06-13 17:41:46 +03:00
Paul Sokolovsky 59a1201da9 all: Remove readall() method, which is equivalent to read() w/o args.
Its addition was due to an early exploration on how to add CPython-like
stream interface. It's clear that it's not needed and just takes up
bytes in all ports.
2016-11-14 00:24:22 +03:00
Damien George 75af908c0e extmod: Use mp_raise_OSError helper function. 2016-10-07 13:52:14 +11:00
Damien George 93c4a6a3f7 all: Remove 'name' member from mp_obj_module_t struct.
One can instead lookup __name__ in the modules dict to get the value.
2016-09-22 00:23:16 +10:00
Paul Sokolovsky 4f1b0292db py/stream: Add adapter methods with POSIX-compatible signatures.
Previoussly such read() and write() methods were used by modussl_axtls,
move to py/stream for reuse.
2016-07-30 00:25:06 +03:00
Paul Sokolovsky a53e0e59f3 extmod/modussl_axtls: Use mp_stream_close() method. 2016-07-23 00:38:56 +03:00
Paul Sokolovsky 780114e398 extmod/modussl_axtls: Add dummy setblocking() method.
Accepts only value of True.
2016-07-15 01:05:06 +03:00
Paul Sokolovsky 20283aec10 extmod/modussl_axtls: Further changes to allow alternative SSL modules.
Make variable MICROPY_SSL_AXTLS=1 should be defined to activate modussl_axtls
and link with -laxtls.
2016-07-13 01:49:38 +03:00
Paul Sokolovsky e32d1e17bb extmod/modussl: Rename to modussl_axtls.c, to allow impl using other SSL libs. 2016-07-13 01:35:59 +03:00